[CalendarServer-changes] [6430] CalendarServer/trunk/twistedcaldav/scheduling

source_changes at macosforge.org source_changes at macosforge.org
Fri Oct 15 19:18:58 PDT 2010


Revision: 6430
          http://trac.macosforge.org/projects/calendarserver/changeset/6430
Author:   cdaboo at apple.com
Date:     2010-10-15 19:18:57 -0700 (Fri, 15 Oct 2010)
Log Message:
-----------
Scheduling originator is now determined from the resource owner not request.authz.

Modified Paths:
--------------
    CalendarServer/trunk/twistedcaldav/scheduling/implicit.py
    CalendarServer/trunk/twistedcaldav/scheduling/processing.py
    CalendarServer/trunk/twistedcaldav/scheduling/scheduler.py
    CalendarServer/trunk/twistedcaldav/scheduling/test/test_implicit.py

Modified: CalendarServer/trunk/twistedcaldav/scheduling/implicit.py
===================================================================
--- CalendarServer/trunk/twistedcaldav/scheduling/implicit.py	2010-10-16 02:16:11 UTC (rev 6429)
+++ CalendarServer/trunk/twistedcaldav/scheduling/implicit.py	2010-10-16 02:18:57 UTC (rev 6430)
@@ -19,7 +19,6 @@
 
 from twisted.internet.defer import inlineCallbacks, returnValue
 from twext.web2 import responsecode
-from twext.web2.dav import davxml
 from twext.web2.dav.util import joinURL
 from twext.web2.dav.util import parentForURL
 from twext.web2.http import HTTPError
@@ -330,29 +329,23 @@
     @inlineCallbacks
     def extractCalendarData(self):
         
-        # Get the originator who is the authenticated user
-        # TODO: the originator actually needs to be the owner of the calendar collection not the authenticated
-        # principal, who might be a proxy or admin
+        # Get the originator who is the owner of the calendar resource being modified
         self.originatorPrincipal = None
         self.originator = ""
-        authz_principal = self.resource.currentPrincipal(self.request).children[0]
-        if isinstance(authz_principal, davxml.HRef):
-            originatorPrincipalURL = str(authz_principal)
-            if originatorPrincipalURL:
-                self.originatorPrincipal = (yield self.request.locateResource(originatorPrincipalURL))
-                if not isinstance(self.originatorPrincipal, DirectoryCalendarPrincipalResource):
-                    log.error("Originator '%s' is not enabled for calendaring" % (originatorPrincipalURL,))
-                    raise HTTPError(ErrorResponse(responsecode.FORBIDDEN, (caldav_namespace, "invalid-originator")))
+        if self.resource:
+            self.originatorPrincipal = (yield self.resource.ownerPrincipal(self.request))
+            if not isinstance(self.originatorPrincipal, DirectoryCalendarPrincipalResource):
+                log.error("Originator '%s' is not enabled for calendaring" % (self.originatorPrincipal,))
+                raise HTTPError(ErrorResponse(responsecode.FORBIDDEN, (caldav_namespace, "invalid-originator")))
+    
+            # Pick the first mailto cu address or the first other type
+            for item in self.originatorPrincipal.calendarUserAddresses():
+                if not self.originator:
+                    self.originator = item
+                if item.startswith("mailto:"):
+                    self.originator = item
+                    break
 
-                if self.originatorPrincipal:
-                    # Pick the first mailto cu address or the first other type
-                    for item in self.originatorPrincipal.calendarUserAddresses():
-                        if not self.originator:
-                            self.originator = item
-                        if item.startswith("mailto:"):
-                            self.originator = item
-                            break
-
         # Get the ORGANIZER and verify it is the same for all components
         try:
             self.organizer = self.calendar.validOrganizerForScheduling()

Modified: CalendarServer/trunk/twistedcaldav/scheduling/processing.py
===================================================================
--- CalendarServer/trunk/twistedcaldav/scheduling/processing.py	2010-10-16 02:16:11 UTC (rev 6429)
+++ CalendarServer/trunk/twistedcaldav/scheduling/processing.py	2010-10-16 02:18:57 UTC (rev 6430)
@@ -441,7 +441,12 @@
             # Just try again to get the lock
             reactor.callLater(2.0, self.sendAttendeeAutoReply, *(calendar, resource, partstat))
         else:
+            # inNewTransaction wipes out the remembered resource<-> URL mappings in the
+            # request object but we need to be able to map the actual reply resource to its
+            # URL when doing auto-processing, so we have to sneak that mapping back in here.
             txn = resource.inNewTransaction(self.request)
+            self.request._rememberResource(resource, resource._url)
+
             try:
                 # Send out a reply
                 log.debug("ImplicitProcessing - recipient '%s' processing UID: '%s' - auto-reply: %s" % (self.recipient.cuaddr, self.uid, partstat))
@@ -629,6 +634,7 @@
         # Get a resource for the new item
         newchildURL = joinURL(collURL, name)
         newchild = yield self.request.locateResource(newchildURL)
+        newchild._url = newchildURL
         
         # Now write it to the resource
         from twistedcaldav.method.put_common import StoreCalendarObjectResource

Modified: CalendarServer/trunk/twistedcaldav/scheduling/scheduler.py
===================================================================
--- CalendarServer/trunk/twistedcaldav/scheduling/scheduler.py	2010-10-16 02:16:11 UTC (rev 6429)
+++ CalendarServer/trunk/twistedcaldav/scheduling/scheduler.py	2010-10-16 02:18:57 UTC (rev 6430)
@@ -506,14 +506,6 @@
             if inboxURL is None:
                 log.err("Could not find inbox for originator: %s" % (self.originator,))
                 raise HTTPError(ErrorResponse(responsecode.FORBIDDEN, (caldav_namespace, "originator-allowed")))
-        
-            # Verify that Originator matches the authenticated user, but not if this is a server
-            # generated request
-            if not self.internal_request:
-                authn_principal = self.resource.currentPrincipal(self.request)
-                if davxml.Principal(davxml.HRef(originatorPrincipal.principalURL())) != authn_principal:
-                    log.err("Originator: %s does not match authorized user: %s" % (self.originator, authn_principal.children[0],))
-                    raise HTTPError(ErrorResponse(responsecode.FORBIDDEN, (caldav_namespace, "originator-allowed")))
 
             self.originator = LocalCalendarUser(self.originator, originatorPrincipal)
 

Modified: CalendarServer/trunk/twistedcaldav/scheduling/test/test_implicit.py
===================================================================
--- CalendarServer/trunk/twistedcaldav/scheduling/test/test_implicit.py	2010-10-16 02:16:11 UTC (rev 6429)
+++ CalendarServer/trunk/twistedcaldav/scheduling/test/test_implicit.py	2010-10-16 02:18:57 UTC (rev 6430)
@@ -18,7 +18,6 @@
 import twistedcaldav.test.util
 from twistedcaldav.scheduling.implicit import ImplicitScheduler
 from dateutil.tz import tzutc
-from twext.web2.dav import davxml
 import datetime
 
 class Implicit (twistedcaldav.test.util.TestCase):
@@ -747,15 +746,9 @@
             ),
         )
 
-        class TestResource(object):
-            def currentPrincipal(self, request):
-                return davxml.Principal(davxml.Unauthenticated)
-
-        resource = TestResource()
-
         for description, calendar1, calendar2, result in data:
             scheduler = ImplicitScheduler()
-            scheduler.resource = resource
+            scheduler.resource = None
             scheduler.request = None
             scheduler.oldcalendar = Component.fromString(calendar1)
             scheduler.calendar = Component.fromString(calendar2)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20101015/fb4e2a7f/attachment-0001.html>


More information about the calendarserver-changes mailing list