[CalendarServer-changes] [2964] CalendarServer/branches/release/CalendarServer-1.3-dev/twistedcaldav /static.py
source_changes at macosforge.org
source_changes at macosforge.org
Tue Sep 9 14:59:42 PDT 2008
Revision: 2964
http://trac.macosforge.org/projects/calendarserver/changeset/2964
Author: wsanchez at apple.com
Date: 2008-09-09 14:59:41 -0700 (Tue, 09 Sep 2008)
Log Message:
-----------
Don't expose private events in rolled-up iCalendar data
Modified Paths:
--------------
CalendarServer/branches/release/CalendarServer-1.3-dev/twistedcaldav/static.py
Modified: CalendarServer/branches/release/CalendarServer-1.3-dev/twistedcaldav/static.py
===================================================================
--- CalendarServer/branches/release/CalendarServer-1.3-dev/twistedcaldav/static.py 2008-09-09 21:54:14 UTC (rev 2963)
+++ CalendarServer/branches/release/CalendarServer-1.3-dev/twistedcaldav/static.py 2008-09-09 21:59:41 UTC (rev 2964)
@@ -59,6 +59,7 @@
from twistedcaldav.caldavxml import caldav_namespace
from twistedcaldav.config import config
from twistedcaldav.directory.directory import DirectoryService
+from twistedcaldav.customxml import TwistedCalendarAccessProperty
from twistedcaldav.extensions import DAVFile
from twistedcaldav.ical import Component as iComponent
from twistedcaldav.ical import Property as iProperty
@@ -183,8 +184,9 @@
yield filteredaces
filteredaces = filteredaces.getResult()
- # Must verify ACLs which means we need a request object at this point
tzids = set()
+ isowner = (yield self.isOwner(request))
+
for name, uid, type in self.index().search(None): #@UnusedVariable
try:
child = waitForDeferred(request.locateChildResource(self, name))
@@ -202,7 +204,13 @@
d.getResult()
except AccessDeniedError:
continue
- subcalendar = self.iCalendar(name)
+
+ # Get the access filtered view of the data
+ caldata = child.iCalendarTextFiltered(isowner)
+ try:
+ subcalendar = iComponent.fromString(caldata)
+ except ValueError:
+ continue
assert subcalendar.name() == "VCALENDAR"
for component in subcalendar.subcomponents():
@@ -223,6 +231,21 @@
iCalendarRolledup = deferredGenerator(iCalendarRolledup)
+ def iCalendarTextFiltered(self, isowner):
+ try:
+ access = self.readDeadProperty(TwistedCalendarAccessProperty)
+ except HTTPError:
+ access = None
+
+ if access in (iComponent.ACCESS_CONFIDENTIAL, iComponent.ACCESS_RESTRICTED):
+
+ if not isowner:
+ # Now "filter" the resource calendar data through the CALDAV:calendar-data element and apply
+ # access restrictions to the data.
+ return caldavxml.CalendarData().elementFromResourceWithAccessRestrictions(self, access).calendarData()
+
+ return self.iCalendarText()
+
def iCalendarText(self, name=None):
if self.isPseudoCalendarCollection():
if name is None:
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20080909/be7c33a0/attachment.html
More information about the calendarserver-changes
mailing list