[CalendarServer-changes] [2988] CalendarServer/branches/users/cdaboo/implicitauto-2947/twistedcaldav /scheduling
source_changes at macosforge.org
source_changes at macosforge.org
Fri Sep 12 08:21:13 PDT 2008
Revision: 2988
http://trac.macosforge.org/projects/calendarserver/changeset/2988
Author: cdaboo at apple.com
Date: 2008-09-12 08:21:13 -0700 (Fri, 12 Sep 2008)
Log Message:
-----------
Need to generate the proper originator value for scheduling requests. Also need to check that the authenticated
user has CALDAV:schedule privilege on the Organizer's or Attendee's Outbox to verify proxy behavior.
Modified Paths:
--------------
CalendarServer/branches/users/cdaboo/implicitauto-2947/twistedcaldav/scheduling/implicit.py
CalendarServer/branches/users/cdaboo/implicitauto-2947/twistedcaldav/scheduling/test/test_implicit.py
Modified: CalendarServer/branches/users/cdaboo/implicitauto-2947/twistedcaldav/scheduling/implicit.py
===================================================================
--- CalendarServer/branches/users/cdaboo/implicitauto-2947/twistedcaldav/scheduling/implicit.py 2008-09-12 15:19:02 UTC (rev 2987)
+++ CalendarServer/branches/users/cdaboo/implicitauto-2947/twistedcaldav/scheduling/implicit.py 2008-09-12 15:21:13 UTC (rev 2988)
@@ -25,6 +25,7 @@
from twistedcaldav.method import report_common
from twistedcaldav.scheduling.icaldiff import iCalDiff
from twistedcaldav import caldavxml
+from twisted.web2.dav import davxml
__all__ = [
"ImplicitScheduler",
@@ -77,7 +78,7 @@
assert deleting and calendar or not deleting
# Get some useful information from the calendar
- self.extractCalendarData()
+ yield self.extractCalendarData()
# Determine what type of scheduling this is: Organizer triggered or Attendee triggered
if self.isOrganizerScheduling():
@@ -89,6 +90,7 @@
returnValue(self.calendar)
+ @inlineCallbacks
def refreshAllAttendeesExceptSome(self, request, resource, calendar, attendees):
"""
@@ -109,13 +111,33 @@
self.except_attendees = attendees
# Get some useful information from the calendar
- self.extractCalendarData()
+ yield self.extractCalendarData()
self.organizerPrincipal = self.resource.principalForCalendarUserAddress(self.organizer)
- return self.processRequests()
+ result = (yield self.processRequests())
+ returnValue(result)
+
+ @inlineCallbacks
def extractCalendarData(self):
+ # Get the originator who is the authenticated user
+ self.originatorPrincipal = None
+ self.originator = ""
+ authz_principal = self.resource.currentPrincipal(self.request).children[0]
+ if isinstance(authz_principal, davxml.HRef):
+ originatorPrincipalURL = str(authz_principal)
+ if originatorPrincipalURL:
+ self.originatorPrincipal = (yield self.request.locateResource(originatorPrincipalURL))
+ if self.originatorPrincipal:
+ # Pick the first mailto cu address or the first other type
+ for item in self.originatorPrincipal.calendarUserAddresses():
+ if not self.originator:
+ self.originator = item
+ if item.startswith("mailto:"):
+ self.originator = item
+ break
+
# Get the ORGANIZER and verify it is the same for all components
organizers = self.calendar.getOrganizersByInstance()
self.organizer = None
@@ -173,8 +195,30 @@
return False
+ @inlineCallbacks
+ def doAccessControl(self, principal, is_organizer):
+ """
+ Check that the currently authorized user has the appropriate scheduling privilege
+ on the principal's Outbox.
+
+ @param principal:
+ @type principal:
+ @param is_organizer:
+ @type is_organizer:
+ """
+
+ # Find outbox
+ outboxURL = principal.scheduleOutboxURL()
+ outbox = (yield self.request.locateResource(outboxURL))
+ yield outbox.authorize(self.request, (caldavxml.Schedule(),))
+
+ @inlineCallbacks
def doImplicitOrganizer(self):
+ # Do access control
+ if not self.internal_request:
+ yield self.doAccessControl(self.organizerPrincipal, True)
+
# Check for a delete
if self.deleting:
@@ -194,7 +238,7 @@
if self.isChangeInsignificant():
# Nothing to do
log.debug("Implicit - organizer '%s' is updating UID: '%s' but change is not significant" % (self.organizer, self.uid))
- return
+ returnValue(None)
log.debug("Implicit - organizer '%s' is updating UID: '%s'" % (self.organizer, self.uid))
@@ -205,7 +249,7 @@
self.oldcalendar = None
self.cancelledAttendees = ()
- return self.scheduleWithAttendees()
+ yield self.scheduleWithAttendees()
def isChangeInsignificant(self):
@@ -324,7 +368,7 @@
# Do the PUT processing
log.info("Implicit CANCEL - organizer: '%s' to attendee: '%s', UID: '%s', RIDs: '%s'" % (self.organizer, attendee, self.uid, rids))
- response = (yield scheduler.doSchedulingViaPUT(self.organizer, (attendee,), itipmsg, self.internal_request))
+ response = (yield scheduler.doSchedulingViaPUT(self.originator, (attendee,), itipmsg, self.internal_request))
self.handleSchedulingResponse(response, True)
@inlineCallbacks
@@ -353,7 +397,7 @@
# Do the PUT processing
log.info("Implicit REQUEST - organizer: '%s' to attendee: '%s', UID: '%s'" % (self.organizer, attendee, self.uid,))
- response = (yield scheduler.doSchedulingViaPUT(self.organizer, (attendee,), itipmsg, self.internal_request))
+ response = (yield scheduler.doSchedulingViaPUT(self.originator, (attendee,), itipmsg, self.internal_request))
self.handleSchedulingResponse(response, True)
def handleSchedulingResponse(self, response, is_organizer):
@@ -376,6 +420,10 @@
@inlineCallbacks
def doImplicitAttendee(self):
+ # Do access control
+ if not self.internal_request:
+ yield self.doAccessControl(self.attendeePrincipal, False)
+
if self.deleting:
#log.error("Attendee '%s' is not allowed to delete an organized event: UID:%s" % (self.attendeePrincipal, self.uid,))
#raise HTTPError(ErrorResponse(responsecode.FORBIDDEN, (caldav_namespace, "valid-attendee-change")))
@@ -390,7 +438,7 @@
# Determine whether the current change is allowed
if self.isAttendeeChangeInsignificant():
log.debug("Implicit - attendee '%s' is updating UID: '%s' but change is not significant" % (self.attendee, self.uid))
- return
+ returnValue(None)
log.debug("Implicit - attendee '%s' is updating UID: '%s'" % (self.attendee, self.uid))
yield self.scheduleWithOrganizer()
@@ -469,6 +517,6 @@
self.handleSchedulingResponse(response, False)
log.info("Implicit %s - attendee: '%s' to organizer: '%s', UID: '%s'" % (action, self.attendee, self.organizer, self.uid,))
- d = scheduler.doSchedulingViaPUT(self.attendee, (self.organizer,), itipmsg, self.internal_request)
+ d = scheduler.doSchedulingViaPUT(self.originator, (self.organizer,), itipmsg, self.internal_request)
d.addCallback(_gotResponse)
return d
Modified: CalendarServer/branches/users/cdaboo/implicitauto-2947/twistedcaldav/scheduling/test/test_implicit.py
===================================================================
--- CalendarServer/branches/users/cdaboo/implicitauto-2947/twistedcaldav/scheduling/test/test_implicit.py 2008-09-12 15:19:02 UTC (rev 2987)
+++ CalendarServer/branches/users/cdaboo/implicitauto-2947/twistedcaldav/scheduling/test/test_implicit.py 2008-09-12 15:21:13 UTC (rev 2988)
@@ -18,6 +18,7 @@
import twistedcaldav.test.util
from twistedcaldav.scheduling.implicit import ImplicitScheduler
from dateutil.tz import tzutc
+from twisted.web2.dav import davxml
import datetime
class Implicit (twistedcaldav.test.util.TestCase):
@@ -746,8 +747,16 @@
),
)
+ class TestResource(object):
+ def currentPrincipal(self, request):
+ return davxml.Principal(davxml.Unauthenticated)
+
+ resource = TestResource()
+
for description, calendar1, calendar2, result in data:
scheduler = ImplicitScheduler()
+ scheduler.resource = resource
+ scheduler.request = None
scheduler.oldcalendar = Component.fromString(calendar1)
scheduler.calendar = Component.fromString(calendar2)
scheduler.extractCalendarData()
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20080912/cf159764/attachment-0001.html
More information about the calendarserver-changes
mailing list