[CalendarServer-changes] [4510] CalendarServer/branches/users/cdaboo/partition-4464/twistedcaldav

source_changes at macosforge.org source_changes at macosforge.org
Wed Aug 26 13:26:23 PDT 2009


Revision: 4510
          http://trac.macosforge.org/projects/calendarserver/changeset/4510
Author:   cdaboo at apple.com
Date:     2009-08-26 13:26:23 -0700 (Wed, 26 Aug 2009)
Log Message:
-----------
Handle proper privilege checking for a partitioned free-busy request.

Modified Paths:
--------------
    CalendarServer/branches/users/cdaboo/partition-4464/twistedcaldav/method/report_common.py
    CalendarServer/branches/users/cdaboo/partition-4464/twistedcaldav/scheduling/caldav.py
    CalendarServer/branches/users/cdaboo/partition-4464/twistedcaldav/scheduling/processing.py

Modified: CalendarServer/branches/users/cdaboo/partition-4464/twistedcaldav/method/report_common.py
===================================================================
--- CalendarServer/branches/users/cdaboo/partition-4464/twistedcaldav/method/report_common.py	2009-08-26 19:08:10 UTC (rev 4509)
+++ CalendarServer/branches/users/cdaboo/partition-4464/twistedcaldav/method/report_common.py	2009-08-26 20:26:23 UTC (rev 4510)
@@ -290,7 +290,7 @@
 
 @inlineCallbacks
 def generateFreeBusyInfo(request, calresource, fbinfo, timerange, matchtotal,
-                         excludeuid=None, organizer=None, same_calendar_user=False,
+                         excludeuid=None, organizer=None, organizerPrincipal=None, same_calendar_user=False,
                          servertoserver=False):
     """
     Run a free busy report on the specified calendar collection
@@ -313,7 +313,7 @@
     # TODO: for server-to-server we bypass this right now as we have no way to authorize external users.
     if not servertoserver:
         try:
-            yield calresource.checkPrivileges(request, (caldavxml.ReadFreeBusy(),))
+            yield calresource.checkPrivileges(request, (caldavxml.ReadFreeBusy(),), principal=organizerPrincipal)
         except AccessDeniedError:
             returnValue(matchtotal)
 
@@ -371,7 +371,7 @@
         # TODO: for server-to-server we bypass this right now as we have no way to authorize external users.
         if not servertoserver:
             try:
-                yield child.checkPrivileges(request, (caldavxml.ReadFreeBusy(),), inherited_aces=filteredaces)
+                yield child.checkPrivileges(request, (caldavxml.ReadFreeBusy(),), inherited_aces=filteredaces, principal=organizerPrincipal)
             except AccessDeniedError:
                 continue
 

Modified: CalendarServer/branches/users/cdaboo/partition-4464/twistedcaldav/scheduling/caldav.py
===================================================================
--- CalendarServer/branches/users/cdaboo/partition-4464/twistedcaldav/scheduling/caldav.py	2009-08-26 19:08:10 UTC (rev 4509)
+++ CalendarServer/branches/users/cdaboo/partition-4464/twistedcaldav/scheduling/caldav.py	2009-08-26 20:26:23 UTC (rev 4510)
@@ -38,7 +38,8 @@
 from twistedcaldav.log import Logger
 from twistedcaldav.method import report_common
 from twistedcaldav.resource import isCalendarCollectionResource
-from twistedcaldav.scheduling.cuaddress import LocalCalendarUser, RemoteCalendarUser
+from twistedcaldav.scheduling.cuaddress import LocalCalendarUser, RemoteCalendarUser,\
+    PartitionedCalendarUser
 from twistedcaldav.scheduling.delivery import DeliveryService
 from twistedcaldav.scheduling.itip import iTIPRequestStatus
 from twistedcaldav.scheduling.processing import ImplicitProcessor, ImplicitProcessorException
@@ -96,14 +97,18 @@
         organizerProp = self.scheduler.calendar.getOrganizerProperty()
         uid = self.scheduler.calendar.resourceUID()
 
+        organizerPrincipal = None
+        if type(self.scheduler.organizer) in (LocalCalendarUser, PartitionedCalendarUser,):
+            organizerPrincipal = davxml.Principal(davxml.HRef(self.scheduler.organizer.principal.principalURL()))
+
         for recipient in self.recipients:
 
             #
             # Check access controls
             #
-            if isinstance(self.scheduler.organizer, LocalCalendarUser):
+            if organizerPrincipal:
                 try:
-                    yield recipient.inbox.checkPrivileges(self.scheduler.request, (caldavxml.ScheduleDeliver(),), principal=davxml.Principal(davxml.HRef(self.scheduler.organizer.principal.principalURL())))
+                    yield recipient.inbox.checkPrivileges(self.scheduler.request, (caldavxml.ScheduleDeliver(),), principal=organizerPrincipal)
                 except AccessDeniedError:
                     log.err("Could not access Inbox for recipient: %s" % (recipient.cuaddr,))
                     err = HTTPError(ErrorResponse(responsecode.NOT_FOUND, (caldav_namespace, "recipient-permissions")))
@@ -120,7 +125,7 @@
 
             # Different behavior for free-busy vs regular invite
             if self.freebusy:
-                yield self.generateFreeBusyResponse(recipient, self.responses, organizerProp, uid)
+                yield self.generateFreeBusyResponse(recipient, self.responses, organizerProp, organizerPrincipal, uid)
             else:
                 yield self.generateResponse(recipient, self.responses)
 
@@ -137,7 +142,7 @@
         # Do implicit scheduling message processing.
         try:
             processor = ImplicitProcessor()
-            processed, autoprocessed, changes = (yield processor.doImplicitProcessing(
+            _ignore_processed, autoprocessed, changes = (yield processor.doImplicitProcessing(
                 self.scheduler.request,
                 self.scheduler.calendar,
                 self.scheduler.originator,
@@ -189,7 +194,7 @@
                 returnValue(True)
     
     @inlineCallbacks
-    def generateFreeBusyResponse(self, recipient, responses, organizerProp, uid):
+    def generateFreeBusyResponse(self, recipient, responses, organizerProp, organizerPrincipal, uid):
 
         # Extract the ATTENDEE property matching current recipient from the calendar data
         cuas = recipient.principal.calendarUserAddresses()
@@ -201,6 +206,7 @@
             fbresult = (yield self.generateAttendeeFreeBusyResponse(
                 recipient,
                 organizerProp,
+                organizerPrincipal,
                 uid,
                 attendeeProp,
                 remote,
@@ -215,7 +221,7 @@
             returnValue(True)
     
     @inlineCallbacks
-    def generateAttendeeFreeBusyResponse(self, recipient, organizerProp, uid, attendeeProp, remote):
+    def generateAttendeeFreeBusyResponse(self, recipient, organizerProp, organizerPrincipal, uid, attendeeProp, remote):
 
         # Find the current recipients calendar-free-busy-set
         fbset = (yield recipient.principal.calendarFreeBusyURIs(self.scheduler.request))
@@ -254,8 +260,9 @@
                 matchtotal,
                 excludeuid = self.scheduler.excludeUID,
                 organizer = self.scheduler.organizer.cuaddr,
+                organizerPrincipal = organizerPrincipal,
                 same_calendar_user = same_calendar_user,
-                servertoserver=remote
+                servertoserver=remote,
             ))
     
         # Build VFREEBUSY iTIP reply for this recipient

Modified: CalendarServer/branches/users/cdaboo/partition-4464/twistedcaldav/scheduling/processing.py
===================================================================
--- CalendarServer/branches/users/cdaboo/partition-4464/twistedcaldav/scheduling/processing.py	2009-08-26 19:08:10 UTC (rev 4509)
+++ CalendarServer/branches/users/cdaboo/partition-4464/twistedcaldav/scheduling/processing.py	2009-08-26 20:26:23 UTC (rev 4510)
@@ -487,7 +487,7 @@
                         tr.start = makeTimedUTC(instance.start)
                         tr.end = makeTimedUTC(instance.end)
 
-                        yield report_common.generateFreeBusyInfo(self.request, testcal, fbinfo, tr, 0, uid)
+                        yield report_common.generateFreeBusyInfo(self.request, testcal, fbinfo, tr, 0, uid, servertoserver=True)
                         
                         # If any fbinfo entries exist we have an overlap
                         if len(fbinfo[0]) or len(fbinfo[1]) or len(fbinfo[2]):
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20090826/94f2919b/attachment-0001.html>


More information about the calendarserver-changes mailing list