[CalendarServer-changes] [7054] CalendarServer/trunk/twistedcaldav/directory
source_changes at macosforge.org
source_changes at macosforge.org
Fri Feb 18 21:50:19 PST 2011
Revision: 7054
http://trac.macosforge.org/projects/calendarserver/changeset/7054
Author: sagen at apple.com
Date: 2011-02-18 21:50:17 -0800 (Fri, 18 Feb 2011)
Log Message:
-----------
If you're not in the SACL for a given service, you will not be enabled for that service.
Modified Paths:
--------------
CalendarServer/trunk/twistedcaldav/directory/appleopendirectory.py
CalendarServer/trunk/twistedcaldav/directory/directory.py
CalendarServer/trunk/twistedcaldav/directory/ldapdirectory.py
Added Paths:
-----------
CalendarServer/trunk/twistedcaldav/directory/test/test_directory.py
Modified: CalendarServer/trunk/twistedcaldav/directory/appleopendirectory.py
===================================================================
--- CalendarServer/trunk/twistedcaldav/directory/appleopendirectory.py 2011-02-19 02:54:31 UTC (rev 7053)
+++ CalendarServer/trunk/twistedcaldav/directory/appleopendirectory.py 2011-02-19 05:50:17 UTC (rev 7054)
@@ -743,6 +743,8 @@
record.enabledForCalendaring = False
record.enabledForAddressBooks = False
+ record.applySACLs()
+
if record.enabledForCalendaring:
enabledRecords.append(record)
else:
Modified: CalendarServer/trunk/twistedcaldav/directory/directory.py
===================================================================
--- CalendarServer/trunk/twistedcaldav/directory/directory.py 2011-02-19 02:54:31 UTC (rev 7053)
+++ CalendarServer/trunk/twistedcaldav/directory/directory.py 2011-02-19 05:50:17 UTC (rev 7054)
@@ -450,6 +450,20 @@
self.hostedAt = ""
self.enabledForCalendaring = False
+
+ def applySACLs(self):
+ """
+ Disable calendaring and addressbooks as dictated by SACLs
+ """
+
+ if config.EnableSACLs and self.CheckSACL:
+ username = self.shortNames[0]
+ if self.CheckSACL(username, "calendar") != 0:
+ self.enabledForCalendaring = False
+ if self.CheckSACL(username, "addressbook") != 0:
+ self.enabledForAddressBooks = False
+
+
def members(self):
return ()
@@ -500,3 +514,13 @@
def __init__(self, recordType):
DirectoryError.__init__(self, "Invalid record type: %s" % (recordType,))
self.recordType = recordType
+
+
+# So CheckSACL will be parameterized
+# We do this after DirectoryRecord is defined
+try:
+ from calendarserver.platform.darwin._sacl import CheckSACL
+ DirectoryRecord.CheckSACL = CheckSACL
+except ImportError:
+ DirectoryRecord.CheckSACL = None
+
Modified: CalendarServer/trunk/twistedcaldav/directory/ldapdirectory.py
===================================================================
--- CalendarServer/trunk/twistedcaldav/directory/ldapdirectory.py 2011-02-19 02:54:31 UTC (rev 7053)
+++ CalendarServer/trunk/twistedcaldav/directory/ldapdirectory.py 2011-02-19 05:50:17 UTC (rev 7054)
@@ -535,6 +535,7 @@
record.enabledForCalendaring = False
record.enabledForAddressBooks = False
+ record.applySACLs()
def recordsMatchingFields(self, fields, operand="or", recordType=None):
"""
Added: CalendarServer/trunk/twistedcaldav/directory/test/test_directory.py
===================================================================
--- CalendarServer/trunk/twistedcaldav/directory/test/test_directory.py (rev 0)
+++ CalendarServer/trunk/twistedcaldav/directory/test/test_directory.py 2011-02-19 05:50:17 UTC (rev 7054)
@@ -0,0 +1,59 @@
+##
+# Copyright (c) 2011 Apple Inc. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+##
+
+from twistedcaldav.test.util import TestCase
+from twistedcaldav.config import config
+from twistedcaldav.directory.directory import DirectoryService, DirectoryRecord
+
+def StubCheckSACL(cls, username, service):
+ services = {
+ "calendar" : ["amanda", "betty"],
+ "addressbook" : ["amanda", "carlene"],
+ }
+ if username in services[service]:
+ return 0
+ return 1
+
+class SALCTests(TestCase):
+
+ def setUp(self):
+ self.patch(DirectoryRecord, "CheckSACL", StubCheckSACL)
+ self.patch(config, "EnableSACLs", True)
+ self.service = DirectoryService()
+ self.service.setRealm("test")
+ self.service.baseGUID = "0E8E6EC2-8E52-4FF3-8F62-6F398B08A498"
+
+
+ def test_applySACLs(self):
+ """
+ Users not in calendar SACL will have enabledForCalendaring set to
+ False.
+ Users not in addressbook SACL will have enabledForAddressBooks set to
+ False.
+ """
+
+ data = [
+ ("amanda", True, True,),
+ ("betty", True, False,),
+ ("carlene", False, True,),
+ ("daniel", False, False,),
+ ]
+ for username, cal, ab in data:
+ record = DirectoryRecord(self.service, "users", None, (username,),
+ enabledForCalendaring=True, enabledForAddressBooks=True)
+ record.applySACLs()
+ self.assertEquals(record.enabledForCalendaring, cal)
+ self.assertEquals(record.enabledForAddressBooks, ab)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20110218/578f7759/attachment.html>
More information about the calendarserver-changes
mailing list