[CalendarServer-changes] [6392] CalendarServer/trunk/twistedcaldav/storebridge.py

source_changes at macosforge.org source_changes at macosforge.org
Thu Sep 30 09:00:30 PDT 2010 

Revision: 6392
          http://trac.macosforge.org/projects/calendarserver/changeset/6392
Author:   cdaboo at apple.com
Date:     2010-09-30 09:00:29 -0700 (Thu, 30 Sep 2010)
Log Message:
-----------
Make sure that attendee proxies can access dropbox attachments.

Modified Paths:
--------------
    CalendarServer/trunk/twistedcaldav/storebridge.py

Modified: CalendarServer/trunk/twistedcaldav/storebridge.py
===================================================================
--- CalendarServer/trunk/twistedcaldav/storebridge.py	2010-09-30 15:59:54 UTC (rev 6391)
+++ CalendarServer/trunk/twistedcaldav/storebridge.py	2010-09-30 16:00:29 UTC (rev 6392)
@@ -524,7 +524,7 @@
     def accessControlList(self, *a, **kw):
         """
         All principals identified as ATTENDEEs on the event for this dropbox
-        may read all its children.
+        may read all its children. Also include proxies of ATTENDEEs.
         """
         d = super(CalendarObjectDropbox, self).accessControlList(*a, **kw)
         def moreACLs(originalACL):
@@ -539,19 +539,35 @@
                     calendarUserAddress
                 )
                 principalURL = principal.principalURL()
-                if othersCanWrite:
-                    privileges = [davxml.Privilege(davxml.All())]
-                else:
-                    privileges = [
-                        davxml.Privilege(davxml.Read()),
-                        davxml.Privilege(davxml.ReadCurrentUserPrivilegeSet())
-                    ]
+                writePrivileges = [
+                    davxml.Privilege(davxml.Read()),
+                    davxml.Privilege(davxml.ReadCurrentUserPrivilegeSet()),
+                    davxml.Privilege(davxml.Write()),
+                ]
+                readPrivileges = [
+                    davxml.Privilege(davxml.Read()),
+                    davxml.Privilege(davxml.ReadCurrentUserPrivilegeSet()),
+                ]
+                privileges = writePrivileges if othersCanWrite else readPrivileges
                 newACEs.append(davxml.ACE(
                     davxml.Principal(davxml.HRef(principalURL)),
                     davxml.Grant(*privileges),
                     davxml.Protected(),
                     TwistedACLInheritable(),
                 ))
+                newACEs.append(davxml.ACE(
+                    davxml.Principal(davxml.HRef(joinURL(principalURL, "calendar-proxy-write/"))),
+                    davxml.Grant(*privileges),
+                    davxml.Protected(),
+                    TwistedACLInheritable(),
+                ))
+                newACEs.append(davxml.ACE(
+                    davxml.Principal(davxml.HRef(joinURL(principalURL, "calendar-proxy-read/"))),
+                    davxml.Grant(*readPrivileges),
+                    davxml.Protected(),
+                    TwistedACLInheritable(),
+                ))
+
             return davxml.ACL(*tuple(newACEs + originalACEs))
         d.addCallback(moreACLs)
         return d
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20100930/2a67302e/attachment.html>

More information about the calendarserver-changes mailing list