[CalendarServer-changes] [6649] CalendarServer/trunk/twistedcaldav/storebridge.py
source_changes at macosforge.org
source_changes at macosforge.org
Thu Nov 18 09:34:03 PST 2010
Revision: 6649
http://trac.macosforge.org/projects/calendarserver/changeset/6649
Author: cdaboo at apple.com
Date: 2010-11-18 09:33:59 -0800 (Thu, 18 Nov 2010)
Log Message:
-----------
Updated dropbox handling to deal with some client edge cases. Also fix up some authorization issues.
Modified Paths:
--------------
CalendarServer/trunk/twistedcaldav/storebridge.py
Modified: CalendarServer/trunk/twistedcaldav/storebridge.py
===================================================================
--- CalendarServer/trunk/twistedcaldav/storebridge.py 2010-11-18 17:32:56 UTC (rev 6648)
+++ CalendarServer/trunk/twistedcaldav/storebridge.py 2010-11-18 17:33:59 UTC (rev 6649)
@@ -42,11 +42,12 @@
from twext.web2.http_headers import ETag, MimeType
from twext.web2.responsecode import (
FORBIDDEN, NO_CONTENT, NOT_FOUND, CREATED, CONFLICT, PRECONDITION_FAILED,
- BAD_REQUEST, OK, NOT_IMPLEMENTED, NOT_ALLOWED
+ BAD_REQUEST, OK,
)
from twext.web2.stream import ProducerStream, readStream, MemoryStream
from twistedcaldav.caldavxml import caldav_namespace
+from twistedcaldav.config import config
from twistedcaldav.memcachelock import MemcacheLock, MemcacheLockTimeoutError
from twistedcaldav.notifications import NotificationCollectionResource, \
NotificationResource
@@ -761,15 +762,16 @@
def http_GET(self, request):
- return NOT_FOUND
+ return FORBIDDEN
def http_MKCALENDAR(self, request):
- return NOT_ALLOWED
+ return FORBIDDEN
+ @requiresPermissions(fromParent=[davxml.Bind()])
def http_MKCOL(self, request):
- return NOT_IMPLEMENTED
+ return CREATED
@@ -805,6 +807,7 @@
returnValue(result)
+ @requiresPermissions(davxml.WriteACL())
@inlineCallbacks
def http_ACL(self, request):
"""
@@ -812,6 +815,7 @@
that refer to permissions not referenced by attendees in the iCalendar
data.
"""
+
attendees = (yield self._newStoreCalendarObject.component()).getAttendees()
attendees = [attendee.split("urn:uuid:")[-1] for attendee in attendees]
document = yield davXMLFromStream(request.stream)
@@ -839,10 +843,12 @@
returnValue(OK)
+ @requiresPermissions(fromParent=[davxml.Bind()])
def http_MKCOL(self, request):
return CREATED
+ @requiresPermissions(fromParent=[davxml.Unbind()])
def http_DELETE(self, request):
return NO_CONTENT
@@ -856,18 +862,34 @@
@inlineCallbacks
- def accessControlList(self, *a, **kw):
+ def accessControlList(self, request, *a, **kw):
"""
All principals identified as ATTENDEEs on the event for this dropbox
may read all its children. Also include proxies of ATTENDEEs. Ignore
unknown attendees.
"""
originalACL = yield super(
- CalendarObjectDropbox, self).accessControlList(*a, **kw)
+ CalendarObjectDropbox, self).accessControlList(request, *a, **kw)
+ originalACEs = list(originalACL.children)
+
+ if config.EnableProxyPrincipals:
+ owner = (yield self.ownerPrincipal(request))
+
+ originalACEs += (
+ # DAV:write-acl access for this principal's calendar-proxy-write users.
+ davxml.ACE(
+ davxml.Principal(davxml.HRef(joinURL(owner.principalURL(), "calendar-proxy-write/"))),
+ davxml.Grant(
+ davxml.Privilege(davxml.WriteACL()),
+ ),
+ davxml.Protected(),
+ TwistedACLInheritable(),
+ ),
+ )
+
othersCanWrite = (
yield self._newStoreCalendarObject.attendeesCanManageAttachments()
)
- originalACEs = list(originalACL.children)
cuas = (yield self._newStoreCalendarObject.component()).getAttendees()
newACEs = []
for calendarUserAddress in cuas:
@@ -910,7 +932,7 @@
TwistedACLInheritable(),
))
- returnValue(davxml.ACL(*tuple(newACEs + originalACEs)))
+ returnValue(davxml.ACL(*tuple(originalACEs + newACEs)))
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20101118/290fc958/attachment.html>
More information about the calendarserver-changes
mailing list