[CalendarServer-changes] [4799] CalendarServer/trunk/calendarserver/provision/root.py
source_changes at macosforge.org
source_changes at macosforge.org
Mon Nov 23 11:21:39 PST 2009
Revision: 4799
http://trac.macosforge.org/projects/calendarserver/changeset/4799
Author: sagen at apple.com
Date: 2009-11-23 11:21:36 -0800 (Mon, 23 Nov 2009)
Log Message:
-----------
Cleaning up the wiki code: replacing examination of request.prepath with segments
Modified Paths:
--------------
CalendarServer/trunk/calendarserver/provision/root.py
Modified: CalendarServer/trunk/calendarserver/provision/root.py
===================================================================
--- CalendarServer/trunk/calendarserver/provision/root.py 2009-11-21 21:07:21 UTC (rev 4798)
+++ CalendarServer/trunk/calendarserver/provision/root.py 2009-11-23 19:21:36 UTC (rev 4799)
@@ -162,7 +162,10 @@
for filter in self.contentFilters:
request.addResponseFilter(filter[0], atEnd=filter[1])
- # Examine cookies for wiki auth token
+ # Examine cookies for wiki auth token; if there, ask the paired wiki
+ # server for the corresponding record name. If that maps to a
+ # principal, assign that to authnuser.
+
wikiConfig = config.Authentication.Wiki
cookies = request.headers.getHeader("cookie")
if wikiConfig["Enabled"] and cookies is not None:
@@ -178,68 +181,53 @@
proxy = Proxy(wikiConfig["URL"])
try:
username = (yield proxy.callRemote(wikiConfig["UserMethod"], token))
+ except Exception, e:
+ log.error("Failed to look up wiki token (%s)" % (e,))
+ username = None
+
+ if username is not None:
log.debug("Wiki lookup returned user: %s" % (username,))
+ principal = None
directory = request.site.resource.getDirectory()
record = directory.recordWithShortName("users", username)
- if record is None:
- raise HTTPError(StatusResponse(
- responsecode.FORBIDDEN,
- "The username (%s) corresponding to your sessionID was not found by calendar server." % (username,)
- ))
- for collection in self.principalCollections():
- principal = collection.principalForRecord(record)
- if principal is not None:
- break
- else:
- # Can't find principal
- raise HTTPError(StatusResponse(
- responsecode.FORBIDDEN,
- "The principal corresponding to your username (%s) was not found by calendar server." % (username,)
- ))
+ log.debug("Wiki user record for user %s : %s" % (username, record))
+ if record:
+ # Note: record will be None if it's a /Local/Default user
+ for collection in self.principalCollections():
+ principal = collection.principalForRecord(record)
+ if principal is not None:
+ break
- request.authzUser = request.authnUser = davxml.Principal(
- davxml.HRef.fromString("/principals/__uids__/%s/" % (record.guid,))
- )
+ if principal:
+ log.debug("Found wiki principal and setting authnuser and authzuser")
+ request.authzUser = request.authnUser = davxml.Principal(
+ davxml.HRef.fromString("/principals/__uids__/%s/" % (record.guid,))
+ )
- if not isinstance(principal, DirectoryCalendarPrincipalResource):
- # Not enabled for calendaring, so use the wiki principal as authzUser if the resource is within
- # a wiki. Examining the request path to determine this:
- path = request.prepath
- if len(path) > 2 and path[0] in ("principals", "calendars"):
- wikiName = None
- if path[1] == "wikis":
- wikiName = path[2]
- elif path[1] == "__uids__" and path[2].startswith("wiki-"):
- wikiName = path[2][5:]
- if wikiName:
- log.debug("Using %s wiki as authzUser instead of %s" % (wikiName, username))
- request.authzUser = davxml.Principal(
- davxml.HRef.fromString("/principals/wikis/%s/" % (wikiName,))
- )
-
- except HTTPError:
- raise
-
- # FIXME: should catch something more specific than Exception
- except Exception, e:
- log.warn("Wiki lookup returned ERROR: %s" % (e,))
- raise HTTPError(StatusResponse(
- responsecode.FORBIDDEN,
- "Your sessionID was rejected by the authenticating wiki server."
- ))
-
-
# We don't want the /inbox resource to pay attention to SACLs because
# we just want it to use the hard-coded ACL for the imip reply user.
- # The /timezones resource is used by the wiki web calendar.
+ # The /timezones resource is used by the wiki web calendar, so open
+ # up that resource.
if segments[0] in ("inbox", "timezones"):
request.checkedSACL = True
elif (len(segments) > 2 and (segments[1] == "wikis" or
(segments[1] == "__uids__" and segments[2].startswith("wiki-")))):
- # This is a wiki-related resource
+
+ # This is a wiki-related resource. SACLs are not checked.
request.checkedSACL = True
+ # The authzuser value is set to that of the wiki principal.
+ wikiName = None
+ if segments[1] == "wikis":
+ wikiName = segments[2]
+ else:
+ wikiName = segments[2][5:]
+ if wikiName:
+ request.authzUser = davxml.Principal(
+ davxml.HRef.fromString("/principals/wikis/%s/" % (wikiName,))
+ )
+
elif self.useSacls and not hasattr(request, "checkedSACL") and not hasattr(request, "checkingSACL"):
yield self.checkSacl(request)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20091123/305feabc/attachment.html>
More information about the calendarserver-changes
mailing list