[CalendarServer-changes] [6810] CalendarServer/trunk/twistedcaldav/storebridge.py

Wed Jan 26 10:22:18 PST 2011

Revision: 6810
          http://trac.macosforge.org/projects/calendarserver/changeset/6810
Author:   cdaboo at apple.com
Date:     2011-01-26 10:22:17 -0800 (Wed, 26 Jan 2011)
Log Message:
-----------
Allow sharees access to dropboxes of shared resources.

Modified Paths:
--------------
    CalendarServer/trunk/twistedcaldav/storebridge.py

Modified: CalendarServer/trunk/twistedcaldav/storebridge.py
===================================================================

--- CalendarServer/trunk/twistedcaldav/storebridge.py	2011-01-26 18:21:10 UTC (rev 6809)
+++ CalendarServer/trunk/twistedcaldav/storebridge.py	2011-01-26 18:22:17 UTC (rev 6810)
@@ -959,10 +959,68 @@
                 TwistedACLInheritable(),
             ))
 
+        # Now also need invitees
+        newACEs.extend((yield self.sharedDropboxACEs()))
+
         returnValue(davxml.ACL(*tuple(originalACEs + newACEs)))
 
+    @inlineCallbacks
+    def sharedDropboxACEs(self):
 
+        aces = ()
+        records = yield self._newStoreCalendarObject._parentCollection.retrieveOldInvites().allRecords()
+        for record in records:
+            # Invite shares use access mode from the invite
+            if record.state != "ACCEPTED":
+                continue
+            
+            userprivs = [
+            ]
+            if record.access in ("read-only", "read-write", "read-write-schedule",):
+                userprivs.append(davxml.Privilege(davxml.Read()))
+                userprivs.append(davxml.Privilege(davxml.ReadACL()))
+                userprivs.append(davxml.Privilege(davxml.ReadCurrentUserPrivilegeSet()))
+            if record.access in ("read-only",):
+                userprivs.append(davxml.Privilege(davxml.WriteProperties()))
+            if record.access in ("read-write", "read-write-schedule",):
+                userprivs.append(davxml.Privilege(davxml.Write()))
+            proxyprivs = list(userprivs)
+            proxyprivs.remove(davxml.Privilege(davxml.ReadACL()))
 
+            aces += (
+                # Inheritable specific access for the resource's associated principal.
+                davxml.ACE(
+                    davxml.Principal(davxml.HRef(record.principalURL)),
+                    davxml.Grant(*userprivs),
+                    davxml.Protected(),
+                    TwistedACLInheritable(),
+                ),
+            )
+
+            if config.EnableProxyPrincipals:
+                aces += (
+                    # DAV:read/DAV:read-current-user-privilege-set access for this principal's calendar-proxy-read users.
+                    davxml.ACE(
+                        davxml.Principal(davxml.HRef(joinURL(record.principalURL, "calendar-proxy-read/"))),
+                        davxml.Grant(
+                            davxml.Privilege(davxml.Read()),
+                            davxml.Privilege(davxml.ReadCurrentUserPrivilegeSet()),
+                        ),
+                        davxml.Protected(),
+                        TwistedACLInheritable(),
+                    ),
+                    # DAV:read/DAV:read-current-user-privilege-set/DAV:write access for this principal's calendar-proxy-write users.
+                    davxml.ACE(
+                        davxml.Principal(davxml.HRef(joinURL(record.principalURL, "calendar-proxy-write/"))),
+                        davxml.Grant(*proxyprivs),
+                        davxml.Protected(),
+                        TwistedACLInheritable(),
+                    ),
+                )
+
+        returnValue(aces)
+
+
 class CalendarAttachment(_NewStoreFileMetaDataHelper, _GetChildHelper):
 
     def __init__(self, calendarObject, attachment, attachmentName, **kw):
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20110126/7f237833/attachment.html>
