[CalendarServer-changes] [4810] CalendarServer/branches/users/wsanchez/deployment/lib-patches/ Twisted/twisted.web2.dav.resource.patch
source_changes at macosforge.org
source_changes at macosforge.org
Mon Nov 30 13:26:19 PST 2009
Revision: 4810
http://trac.macosforge.org/projects/calendarserver/changeset/4810
Author: sagen at apple.com
Date: 2009-11-30 13:26:16 -0800 (Mon, 30 Nov 2009)
Log Message:
-----------
Ignore ACL changes from the client when it's attempting to overwrite a protected ACE
Modified Paths:
--------------
CalendarServer/branches/users/wsanchez/deployment/lib-patches/Twisted/twisted.web2.dav.resource.patch
Modified: CalendarServer/branches/users/wsanchez/deployment/lib-patches/Twisted/twisted.web2.dav.resource.patch
===================================================================
--- CalendarServer/branches/users/wsanchez/deployment/lib-patches/Twisted/twisted.web2.dav.resource.patch 2009-11-30 19:45:24 UTC (rev 4809)
+++ CalendarServer/branches/users/wsanchez/deployment/lib-patches/Twisted/twisted.web2.dav.resource.patch 2009-11-30 21:26:16 UTC (rev 4810)
@@ -398,8 +398,37 @@
# Need to get list of supported privileges
supported = []
-@@ -1038,9 +1113,9 @@
+@@ -781,14 +856,15 @@
+ # Steps 1 - 6
+ got_deny = False
++ ignore = set() # to store aces we'll be ignoring below
+ for ace in new_acl.children:
+ for old_ace in old_acl.children:
+ if (ace.principal == old_ace.principal):
+ # Step 1
+ if old_ace.protected:
+- log.err("Attempt to overwrite protected ace %r on resource %r" % (old_ace, self))
+- yield (davxml.dav_namespace, "no-protected-ace-conflict")
+- return
++ log.debug("Ignoring an attempt to overwrite protected ace %r on resource %r" % (old_ace, self))
++ ignore.add(ace)
++ break
+
+ # Step 2
+ #
+@@ -845,7 +921,8 @@
+ # Iterate through the old ones and replace any that are in the new set, or remove
+ # the non-inherited/non-protected not in the new set
+ #
+- new_aces = [ace for ace in new_acl.children]
++ # Skip any ace in the ignore set
++ new_aces = [ace for ace in new_acl.children if ace not in ignore]
+ new_set = []
+ for old_ace in old_acl.children:
+ for i, new_ace in enumerate(new_aces):
+@@ -1038,9 +1115,9 @@
+
if myURL == "/":
# If we get to the root without any ACLs, then use the default.
+ acl = self.defaultRootAccessControlList()
@@ -410,7 +439,7 @@
# Dynamically update privileges for those ace's that are inherited.
if inheritance:
-@@ -1076,7 +1151,7 @@
+@@ -1076,7 +1153,7 @@
# Adjust ACE for inherit on this resource
children = list(ace.children)
children.remove(TwistedACLInheritable())
@@ -419,7 +448,7 @@
aces.append(davxml.ACE(*children))
else:
aces.extend(inherited_aces)
-@@ -1105,8 +1180,7 @@
+@@ -1105,8 +1182,7 @@
the child resource loop and supply those to the checkPrivileges on each child.
@param request: the L{IRequest} for the request in progress.
@@ -429,7 +458,7 @@
"""
# Get the parent ACLs with inheritance and preserve the <inheritable> element.
-@@ -1128,21 +1202,9 @@
+@@ -1128,21 +1204,9 @@
# Adjust ACE for inherit on this resource
children = list(ace.children)
children.remove(TwistedACLInheritable())
@@ -453,7 +482,7 @@
inheritedACEsforChildren = deferredGenerator(inheritedACEsforChildren)
-@@ -1152,49 +1214,69 @@
+@@ -1152,49 +1216,69 @@
This implementation returns an empty set.
"""
@@ -551,7 +580,7 @@
def samePrincipal(self, principal1, principal2):
"""
Check whether the two prinicpals are exactly the same in terms of
-@@ -1219,7 +1301,6 @@
+@@ -1219,7 +1303,6 @@
return False
def matchPrincipal(self, principal1, principal2, request):
@@ -559,7 +588,7 @@
"""
Check whether the principal1 is a principal in the set defined by
principal2.
-@@ -1244,6 +1325,9 @@
+@@ -1244,6 +1327,9 @@
if isinstance(principal1, davxml.Unauthenticated):
yield False
return
@@ -569,7 +598,7 @@
else:
yield True
return
-@@ -1271,7 +1355,6 @@
+@@ -1271,7 +1357,6 @@
assert principal2 is not None, "principal2 is None"
@@ -577,7 +606,7 @@
# Compare two HRefs and do group membership test as well
if principal1 == principal2:
yield True
-@@ -1289,6 +1372,7 @@
+@@ -1289,6 +1374,7 @@
matchPrincipal = deferredGenerator(matchPrincipal)
@@ -585,7 +614,7 @@
def principalIsGroupMember(self, principal1, principal2, request):
"""
Check whether one principal is a group member of another.
-@@ -1299,18 +1383,21 @@
+@@ -1299,18 +1385,21 @@
@return: L{Deferred} with result C{True} if principal1 is a member of principal2, C{False} otherwise
"""
@@ -618,7 +647,7 @@
def validPrincipal(self, ace_principal, request):
"""
-@@ -1351,11 +1438,16 @@
+@@ -1351,11 +1440,16 @@
@return C{True} if C{href_principal} is valid, C{False} otherwise.
This implementation tests for a href element that corresponds to
@@ -638,7 +667,7 @@
return d
def resolvePrincipal(self, principal, request):
-@@ -1432,7 +1524,7 @@
+@@ -1432,7 +1526,7 @@
log.err("DAV:self ACE is set on non-principal resource %r" % (self,))
yield None
return
@@ -647,7 +676,7 @@
if isinstance(principal, davxml.HRef):
yield principal
-@@ -1517,6 +1609,270 @@
+@@ -1517,6 +1611,270 @@
return None
##
@@ -918,7 +947,7 @@
# HTTP
##
-@@ -1525,15 +1881,11 @@
+@@ -1525,15 +1883,11 @@
#litmus = request.headers.getRawHeaders("x-litmus")
#if litmus: log.msg("*** Litmus test: %s ***" % (litmus,))
@@ -936,7 +965,7 @@
def setHeaders(response):
response = IResponse(response)
-@@ -1567,7 +1919,7 @@
+@@ -1567,7 +1921,7 @@
def findChildren(self, depth, request, callback, privileges=None, inherited_aces=None):
return succeed(None)
@@ -945,7 +974,7 @@
"""
Resource representing a WebDAV principal. (RFC 3744, section 2)
"""
-@@ -1577,7 +1929,7 @@
+@@ -1577,7 +1931,7 @@
# WebDAV
##
@@ -954,7 +983,7 @@
(dav_namespace, "alternate-URI-set"),
(dav_namespace, "principal-URL" ),
(dav_namespace, "group-member-set" ),
-@@ -1585,14 +1937,11 @@
+@@ -1585,14 +1939,11 @@
)
def davComplianceClasses(self):
@@ -970,7 +999,7 @@
def readProperty(self, property, request):
def defer():
if type(property) is tuple:
-@@ -1610,10 +1959,20 @@
+@@ -1610,10 +1961,20 @@
return davxml.PrincipalURL(davxml.HRef(self.principalURL()))
if name == "group-member-set":
@@ -993,7 +1022,7 @@
if name == "resourcetype":
if self.isCollection():
-@@ -1655,7 +2014,7 @@
+@@ -1655,7 +2016,7 @@
principals. Subclasses should override this method to provide member
URLs for this resource if appropriate.
"""
@@ -1002,7 +1031,7 @@
def groupMemberships(self):
"""
-@@ -1666,6 +2025,7 @@
+@@ -1666,6 +2027,7 @@
"""
unimplemented(self)
@@ -1010,7 +1039,7 @@
def principalMatch(self, href):
"""
Check whether the supplied principal matches this principal or is a
-@@ -1675,10 +2035,33 @@
+@@ -1675,10 +2037,33 @@
"""
uri = str(href)
if self.principalURL() == uri:
@@ -1046,7 +1075,7 @@
class AccessDeniedError(Exception):
def __init__(self, errors):
"""
-@@ -1718,6 +2101,37 @@
+@@ -1718,6 +2103,37 @@
davxml.registerElement(TwistedACLInheritable)
davxml.ACE.allowed_children[(twisted_dav_namespace, "inheritable")] = (0, 1)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20091130/11c3d74c/attachment-0001.html>
More information about the calendarserver-changes
mailing list