[CalendarServer-changes] [5887] CalendarServer/branches/new-store/twistedcaldav/storebridge.py
source_changes at macosforge.org
source_changes at macosforge.org
Tue Jul 13 21:50:42 PDT 2010
Revision: 5887
http://trac.macosforge.org/projects/calendarserver/changeset/5887
Author: glyph at apple.com
Date: 2010-07-13 21:50:41 -0700 (Tue, 13 Jul 2010)
Log Message:
-----------
Make CalDAV/dropbox.xml pass
Modified Paths:
--------------
CalendarServer/branches/new-store/twistedcaldav/storebridge.py
Modified: CalendarServer/branches/new-store/twistedcaldav/storebridge.py
===================================================================
--- CalendarServer/branches/new-store/twistedcaldav/storebridge.py 2010-07-14 03:13:18 UTC (rev 5886)
+++ CalendarServer/branches/new-store/twistedcaldav/storebridge.py 2010-07-14 04:50:41 UTC (rev 5887)
@@ -40,7 +40,8 @@
BAD_REQUEST, OK, NOT_IMPLEMENTED, NOT_ALLOWED)
from twext.web2.dav import davxml
from twext.web2.dav.resource import TwistedGETContentMD5, TwistedACLInheritable
-from twext.web2.dav.util import parentForURL, allDataFromStream, joinURL
+from twext.web2.dav.util import parentForURL, allDataFromStream, joinURL, \
+ davXMLFromStream
from twext.web2.http import HTTPError, StatusResponse, Response
from twext.web2.stream import ProducerStream, readStream
@@ -263,6 +264,7 @@
class _GetChildHelper(CalDAVResource):
+
def locateChild(self, request, segments):
if segments[0] == '':
return self, segments[1:]
@@ -345,8 +347,6 @@
-
-
class NoDropboxHere(_GetChildHelper):
def isCollection(self):
@@ -399,15 +399,48 @@
return result
+ @inlineCallbacks
def http_ACL(self, request):
- # Sure, whatevs.
- return OK
+ """
+ Don't ever actually make changes, but attempt to deny any ACL requests
+ that refer to permissions not referenced by attendees in the iCalendar
+ data.
+ """
+ attendees = self._newStoreCalendarObject.component().getAttendees()
+ attendees = [attendee.split("urn:uuid:")[-1] for attendee in attendees]
+ document = yield davXMLFromStream(request.stream)
+ for ace in document.root_element.children:
+ for element in ace.children:
+ if isinstance(element, davxml.Principal):
+ for href in element.children:
+ principalURI = href.children[0].data
+ uidsPrefix = '/principals/__uids__/'
+ if not principalURI.startswith(uidsPrefix):
+ # Unknown principal.
+ returnValue(FORBIDDEN)
+ principalElements = principalURI[
+ len(uidsPrefix):].split("/")
+ if principalElements[-1] == '':
+ principalElements.pop()
+ if principalElements[-1] in ('calendar-proxy-read',
+ 'calendar-proxy-write'):
+ principalElements.pop()
+ if len(principalElements) != 1:
+ returnValue(FORBIDDEN)
+ principalUID = principalElements[0]
+ if principalUID not in attendees:
+ returnValue(FORBIDDEN)
+ returnValue(OK)
def http_MKCOL(self, request):
return CREATED
+ def http_DELETE(self, request):
+ return NO_CONTENT
+
+
def listChildren(self):
l = []
for attachment in self._newStoreCalendarObject.attachments():
@@ -441,9 +474,9 @@
return d
+
class ProtoCalendarAttachment(_GetChildHelper, CalDAVResource):
-
def __init__(self, calendarObject, attachmentName, **kw):
super(ProtoCalendarAttachment, self).__init__(**kw)
self.calendarObject = calendarObject
@@ -454,6 +487,10 @@
return False
+ def http_DELETE(self, request):
+ return NO_CONTENT
+
+
def http_PUT(self, request):
# FIXME: MIME-Type from header
# FIXME: direct test
@@ -552,6 +589,7 @@
return True
+ # FIXME: @requiresPermissions(fromParent=[Bind()])
@inlineCallbacks
def http_DELETE(self, request):
"""
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20100713/885bdcd5/attachment.html>
More information about the calendarserver-changes
mailing list