[CalendarServer-changes] [3686] CalendarServer/trunk/twistedcaldav/directory
source_changes at macosforge.org
source_changes at macosforge.org
Thu Feb 19 11:37:53 PST 2009
Revision: 3686
http://trac.macosforge.org/projects/calendarserver/changeset/3686
Author: wsanchez at apple.com
Date: 2009-02-19 11:37:52 -0800 (Thu, 19 Feb 2009)
Log Message:
-----------
Disable provisioning for groups.
Modified Paths:
--------------
CalendarServer/trunk/twistedcaldav/directory/appleopendirectory.py
CalendarServer/trunk/twistedcaldav/directory/directory.py
CalendarServer/trunk/twistedcaldav/directory/xmlaccountsparser.py
Modified: CalendarServer/trunk/twistedcaldav/directory/appleopendirectory.py
===================================================================
--- CalendarServer/trunk/twistedcaldav/directory/appleopendirectory.py 2009-02-19 19:37:12 UTC (rev 3685)
+++ CalendarServer/trunk/twistedcaldav/directory/appleopendirectory.py 2009-02-19 19:37:52 UTC (rev 3686)
@@ -219,10 +219,10 @@
def recordTypes(self):
return (
- DirectoryService.recordType_users,
- DirectoryService.recordType_groups,
- DirectoryService.recordType_locations,
- DirectoryService.recordType_resources,
+ self.recordType_users,
+ self.recordType_groups,
+ self.recordType_locations,
+ self.recordType_resources,
)
def _storage(self, recordType):
@@ -243,7 +243,7 @@
)
# Reload the restricted access group details if reloading user records
- if recordType == DirectoryService.recordType_users:
+ if recordType == self.recordType_users:
self.restrictedGUIDs = None
d = deferToThread(self.reloadCache, recordType)
@@ -332,7 +332,7 @@
# Lookup in index
try:
- return self._storage(DirectoryService.recordType_groups)["groupsForGUID"][guid]
+ return self._storage(self.recordType_groups)["groupsForGUID"][guid]
except KeyError:
return ()
@@ -365,19 +365,6 @@
'guid' : dsattributes.kDS1AttrGeneratedUID,
}
- _toODRecordTypes = {
- DirectoryService.recordType_users :
- dsattributes.kDSStdRecordTypeUsers,
- DirectoryService.recordType_locations :
- dsattributes.kDSStdRecordTypePlaces,
- DirectoryService.recordType_groups :
- dsattributes.kDSStdRecordTypeGroups,
- DirectoryService.recordType_resources :
- dsattributes.kDSStdRecordTypeResources,
- }
-
- _fromODRecordTypes = dict([(b, a) for a, b in _toODRecordTypes.iteritems()])
-
def recordsMatchingFields(self, fields, operand="or", recordType=None):
# Note that OD applies case-sensitivity globally across the entire
@@ -413,10 +400,17 @@
expressions.append(dsquery.match(ODField, value, comparison))
+ recordTypeToODAttr = {
+ self.recordType_users: dsattributes.kDSStdRecordTypeUsers,
+ self.recordType_locations: dsattributes.kDSStdRecordTypePlaces,
+ self.recordType_groups: dsattributes.kDSStdRecordTypeGroups,
+ self.recordType_resources: dsattributes.kDSStdRecordTypeResources,
+ }
+
if recordType is None:
- recordTypes = self._toODRecordTypes.values()
+ recordTypes = self.recordTypeToODAttr.values()
else:
- recordTypes = (self._toODRecordTypes[recordType],)
+ recordTypes = (self.recordTypeToODAttr[recordType],)
self.log_info("Calling OD: Types %s, Operand %s, Caseless %s, %s" % (recordTypes, operand, caseless, fields))
deferred = deferToThread(
@@ -448,9 +442,9 @@
disabledGUIDs = set()
disabledEmails = set()
- if recordType == DirectoryService.recordType_groups:
+ if recordType == self.recordType_groups:
groupsForGUID = {}
- elif recordType in (DirectoryService.recordType_resources, DirectoryService.recordType_locations):
+ elif recordType in (self.recordType_resources, self.recordType_locations):
proxiesForGUID = {}
readOnlyProxiesForGUID = {}
else:
@@ -464,9 +458,9 @@
disabledGUIDs = storage["disabled guids"]
disabledEmails = storage["disabled emails"]
- if recordType == DirectoryService.recordType_groups:
+ if recordType == self.recordType_groups:
groupsForGUID = storage["groupsForGUID"]
- elif recordType in (DirectoryService.recordType_resources, DirectoryService.recordType_locations):
+ elif recordType in (self.recordType_resources, self.recordType_locations):
proxiesForGUID = storage["proxiesForGUID"]
readOnlyProxiesForGUID = storage["readOnlyProxiesForGUID"]
@@ -497,35 +491,34 @@
continue
# Determine enabled state
- enabledForCalendaring = True
+ if recordType == self.recordType_groups:
+ enabledForCalendaring = False
+ else:
+ if self.restrictEnabledRecords and self.restrictedGUIDs is not None:
+ enabledForCalendaring = recordGUID in self.restrictedGUIDs
+ else:
+ enabledForCalendaring = True
- if self.restrictEnabledRecords and self.restrictedGUIDs is not None:
- enabledForCalendaring = recordGUID in self.restrictedGUIDs
-
- if not enabledForCalendaring:
+ if enabledForCalendaring:
+ enabled_count += 1
+ calendarUserAddresses = self._calendarUserAddresses(recordType, value)
+ else:
# Some records we want to keep even though they are not enabled for calendaring.
# Others we discard.
- if recordType in (
- DirectoryService.recordType_users,
- DirectoryService.recordType_groups,
+ if recordType not in (
+ self.recordType_users,
+ self.recordType_groups,
):
self.log_debug(
- "Record (%s) %s is not enabled for calendaring but may be used in ACLs"
- % (recordType, recordShortName)
- )
- else:
- self.log_debug(
"Record (%s) %s is not enabled for calendaring"
% (recordType, recordShortName)
)
continue
- else:
- enabled_count += 1
- # Get calendar user addresses from directory record.
- if enabledForCalendaring:
- calendarUserAddresses = self._calendarUserAddresses(recordType, value)
- else:
+ self.log_debug(
+ "Record (%s) %s is not enabled for calendaring but may be used in ACLs"
+ % (recordType, recordShortName)
+ )
calendarUserAddresses = ()
# Get email address from directory record
@@ -537,7 +530,7 @@
recordEmailAddresses.add(addr.lower())
# Special case for groups, which have members.
- if recordType == DirectoryService.recordType_groups:
+ if recordType == self.recordType_groups:
memberGUIDs = value.get(dsattributes.kDSNAttrGroupMembers)
if memberGUIDs is None:
memberGUIDs = ()
@@ -555,7 +548,7 @@
autoSchedule = False
proxyGUIDs = ()
readOnlyProxyGUIDs = ()
- if recordType in (DirectoryService.recordType_resources, DirectoryService.recordType_locations):
+ if recordType in (self.recordType_resources, self.recordType_locations):
resourceInfo = value.get(dsattributes.kDSNAttrResourceInfo)
if resourceInfo is not None:
try:
@@ -633,11 +626,11 @@
self.log_debug("Added record %s to OD record cache" % (record,))
# Do group indexing if needed
- if recordType == DirectoryService.recordType_groups:
+ if recordType == self.recordType_groups:
self._indexGroup(record, record._memberGUIDs, groupsForGUID)
# Do proxy indexing if needed
- elif recordType in (DirectoryService.recordType_resources, DirectoryService.recordType_locations):
+ elif recordType in (self.recordType_resources, self.recordType_locations):
self._indexGroup(record, record._proxyGUIDs, proxiesForGUID)
self._indexGroup(record, record._readOnlyProxyGUIDs, readOnlyProxiesForGUID)
@@ -678,11 +671,11 @@
}
# Add group indexing if needed
- if recordType == DirectoryService.recordType_groups:
+ if recordType == self.recordType_groups:
storage["groupsForGUID"] = groupsForGUID
# Add proxy indexing if needed
- elif recordType in (DirectoryService.recordType_resources, DirectoryService.recordType_locations):
+ elif recordType in (self.recordType_resources, self.recordType_locations):
storage["proxiesForGUID"] = proxiesForGUID
storage["readOnlyProxiesForGUID"] = readOnlyProxiesForGUID
@@ -722,19 +715,19 @@
dsattributes.kDSNAttrMetaNodeLocation,
]
- if recordType == DirectoryService.recordType_users:
+ if recordType == self.recordType_users:
listRecordType = dsattributes.kDSStdRecordTypeUsers
- elif recordType == DirectoryService.recordType_groups:
+ elif recordType == self.recordType_groups:
listRecordType = dsattributes.kDSStdRecordTypeGroups
attrs.append(dsattributes.kDSNAttrGroupMembers)
attrs.append(dsattributes.kDSNAttrNestedGroups)
- elif recordType == DirectoryService.recordType_locations:
+ elif recordType == self.recordType_locations:
listRecordType = dsattributes.kDSStdRecordTypePlaces
attrs.append(dsattributes.kDSNAttrResourceInfo)
- elif recordType == DirectoryService.recordType_resources:
+ elif recordType == self.recordType_resources:
listRecordType = dsattributes.kDSStdRecordTypeResources
attrs.append(dsattributes.kDSNAttrResourceInfo)
@@ -871,7 +864,7 @@
)
def members(self):
- if self.recordType != DirectoryService.recordType_groups:
+ if self.recordType != self.service.recordType_groups:
return
for guid in self._memberGUIDs:
@@ -883,7 +876,7 @@
return self.service.groupsForGUID(self.guid)
def proxies(self):
- if self.recordType not in (DirectoryService.recordType_resources, DirectoryService.recordType_locations):
+ if self.recordType not in (self.service.recordType_resources, self.service.recordType_locations):
return
for guid in self._proxyGUIDs:
@@ -899,12 +892,12 @@
def proxyFor(self):
result = set()
- result.update(self.service.proxiesForGUID(DirectoryService.recordType_resources, self.guid))
- result.update(self.service.proxiesForGUID(DirectoryService.recordType_locations, self.guid))
+ result.update(self.service.proxiesForGUID(self.service.recordType_resources, self.guid))
+ result.update(self.service.proxiesForGUID(self.service.recordType_locations, self.guid))
return result
def readOnlyProxies(self):
- if self.recordType not in (DirectoryService.recordType_resources, DirectoryService.recordType_locations):
+ if self.recordType not in (self.service.recordType_resources, self.service.recordType_locations):
return
for guid in self._readOnlyProxyGUIDs:
@@ -920,8 +913,8 @@
def readOnlyProxyFor(self):
result = set()
- result.update(self.service.readOnlyProxiesForGUID(DirectoryService.recordType_resources, self.guid))
- result.update(self.service.readOnlyProxiesForGUID(DirectoryService.recordType_locations, self.guid))
+ result.update(self.service.readOnlyProxiesForGUID(self.service.recordType_resources, self.guid))
+ result.update(self.service.readOnlyProxiesForGUID(self.service.recordType_locations, self.guid))
return result
def verifyCredentials(self, credentials):
Modified: CalendarServer/trunk/twistedcaldav/directory/directory.py
===================================================================
--- CalendarServer/trunk/twistedcaldav/directory/directory.py 2009-02-19 19:37:12 UTC (rev 3685)
+++ CalendarServer/trunk/twistedcaldav/directory/directory.py 2009-02-19 19:37:52 UTC (rev 3686)
@@ -269,7 +269,7 @@
def __init__(
self, service, recordType, guid, shortNames, fullName,
firstName, lastName, emailAddresses,
- calendarUserAddresses, autoSchedule, enabledForCalendaring=True,
+ calendarUserAddresses, autoSchedule, enabledForCalendaring=None,
uid=None,
):
assert service.realmName is not None
@@ -282,6 +282,15 @@
if uid is None:
uid = guid
+ if enabledForCalendaring is None:
+ if recordType == service.recordType_groups:
+ enabledForCalendaring = False
+ else:
+ enabledForCalendaring = True
+
+ if enabledForCalendaring and recordType == service.recordType_groups:
+ raise AssertionError("Groups may not be enabled for calendaring")
+
if enabledForCalendaring:
calendarUserAddresses = set(calendarUserAddresses)
calendarUserAddresses.add("urn:uuid:%s" % (guid,))
Modified: CalendarServer/trunk/twistedcaldav/directory/xmlaccountsparser.py
===================================================================
--- CalendarServer/trunk/twistedcaldav/directory/xmlaccountsparser.py 2009-02-19 19:37:12 UTC (rev 3685)
+++ CalendarServer/trunk/twistedcaldav/directory/xmlaccountsparser.py 2009-02-19 19:37:52 UTC (rev 3686)
@@ -173,7 +173,10 @@
self.groups = set()
self.calendarUserAddresses = set()
self.autoSchedule = False
- self.enabledForCalendaring = True
+ if recordType == DirectoryService.recordType_groups:
+ self.enabledForCalendaring = False
+ else:
+ self.enabledForCalendaring = True
self.proxies = set()
self.proxyFor = set()
self.readOnlyProxies = set()
@@ -282,19 +285,20 @@
raise ValueError("<auto-schedule> element only allowed for Resources and Locations: %s" % (child_name,))
self.autoSchedule = True
elif child_name == ELEMENT_DISABLECALENDAR:
- # Only Users or Groups
- if self.recordType not in (DirectoryService.recordType_users, DirectoryService.recordType_groups):
- raise ValueError("<disable-calendar> element only allowed for Users or Groups: %s" % (child_name,))
+ # FIXME: Not sure I see why this restriction is needed. --wsanchez
+ ## Only Users or Groups
+ #if self.recordType != DirectoryService.recordType_users:
+ # raise ValueError("<disable-calendar> element only allowed for Users: %s" % (child_name,))
self.enabledForCalendaring = False
elif child_name == ELEMENT_PROXIES:
# Only Resources & Locations
if self.recordType not in (DirectoryService.recordType_resources, DirectoryService.recordType_locations):
- raise ValueError("<auto-schedule> element only allowed for Resources and Locations: %s" % (child_name,))
+ raise ValueError("<proxies> element only allowed for Resources and Locations: %s" % (child_name,))
self._parseMembers(child, self.proxies)
elif child_name == ELEMENT_READ_ONLY_PROXIES:
# Only Resources & Locations
if self.recordType not in (DirectoryService.recordType_resources, DirectoryService.recordType_locations):
- raise ValueError("<auto-schedule> element only allowed for Resources and Locations: %s" % (child_name,))
+ raise ValueError("<read-only-proxies> element only allowed for Resources and Locations: %s" % (child_name,))
self._parseMembers(child, self.readOnlyProxies)
else:
raise RuntimeError("Unknown account attribute: %s" % (child_name,))
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20090219/2ddc73e6/attachment-0001.html>
More information about the calendarserver-changes
mailing list