[CalendarServer-changes] [4142] CalendarServer/trunk
source_changes at macosforge.org
source_changes at macosforge.org
Sat May 2 12:03:39 PDT 2009
Revision: 4142
http://trac.macosforge.org/projects/calendarserver/changeset/4142
Author: cdaboo at apple.com
Date: 2009-05-02 12:03:39 -0700 (Sat, 02 May 2009)
Log Message:
-----------
Make sure ORGANIZER changes are always disallowed when scheduling.
Modified Paths:
--------------
CalendarServer/trunk/run
CalendarServer/trunk/twistedcaldav/scheduling/implicit.py
Modified: CalendarServer/trunk/run
===================================================================
--- CalendarServer/trunk/run 2009-05-02 19:02:02 UTC (rev 4141)
+++ CalendarServer/trunk/run 2009-05-02 19:03:39 UTC (rev 4142)
@@ -727,7 +727,7 @@
caldavtester="${top}/CalDAVTester";
-svn_get "CalDAVTester" "${caldavtester}" "${svn_uri_base}/CalDAVTester/trunk" 4114;
+svn_get "CalDAVTester" "${caldavtester}" "${svn_uri_base}/CalDAVTester/trunk" 4141;
#
# PyFlakes
Modified: CalendarServer/trunk/twistedcaldav/scheduling/implicit.py
===================================================================
--- CalendarServer/trunk/twistedcaldav/scheduling/implicit.py 2009-05-02 19:02:02 UTC (rev 4141)
+++ CalendarServer/trunk/twistedcaldav/scheduling/implicit.py 2009-05-02 19:03:39 UTC (rev 4142)
@@ -496,7 +496,20 @@
differ = iCalDiff(self.oldcalendar, self.calendar, self.do_smart_merge)
no_change = differ.organizerDiff()
if not no_change:
- rids = set(differ.whatIsDifferent().keys())
+ # ORGANIZER change is absolutely not allowed!
+ diffs = differ.whatIsDifferent()
+ rids = set()
+ checkOrganizerValue = False
+ for rid, props in diffs.iteritems():
+ if "ORGANIZER" in props:
+ checkOrganizerValue = True
+ rids.add(rid)
+ if checkOrganizerValue:
+ oldOrganizer = self.oldcalendar.getOrganizer()
+ newOrganizer = self.calendar.getOrganizer()
+ if oldOrganizer != newOrganizer:
+ log.error("Cannot change ORGANIZER: UID:%s" % (self.uid,))
+ raise HTTPError(ErrorResponse(responsecode.FORBIDDEN, (caldav_namespace, "valid-attendee-change")))
else:
# Special case of RSVP added to attendees and no other change
rsvps = set()
@@ -697,15 +710,21 @@
yield self.scheduleCancelWithOrganizer()
else:
+ # Make sure ORGANIZER is not changed
+ if self.resource.exists():
+ self.oldcalendar = self.resource.iCalendar()
+ oldOrganizer = self.oldcalendar.getOrganizer()
+ newOrganizer = self.calendar.getOrganizer()
+ if oldOrganizer != newOrganizer:
+ log.error("Cannot change ORGANIZER: UID:%s" % (self.uid,))
+ raise HTTPError(ErrorResponse(responsecode.FORBIDDEN, (caldav_namespace, "valid-attendee-change")))
+ else:
+ self.oldcalendar = None
+
# Get the ORGANIZER's current copy of the calendar object
yield self.getOrganizersCopy()
if self.organizer_calendar:
- if self.resource.exists():
- self.oldcalendar = self.resource.iCalendar()
- else:
- self.oldcalendar = None
-
# Determine whether the current change is allowed
changeAllowed, doITipReply, _ignore_changedRids, newCalendar = self.isAttendeeChangeInsignificant()
if changeAllowed:
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20090502/be1b7b66/attachment.html>
More information about the calendarserver-changes
mailing list