[CalendarServer-changes] [8185] CalendarServer/trunk

source_changes at macosforge.org source_changes at macosforge.org
Tue Oct 11 13:06:45 PDT 2011 

Revision: 8185
          http://trac.macosforge.org/projects/calendarserver/changeset/8185
Author:   cdaboo at apple.com
Date:     2011-10-11 13:06:44 -0700 (Tue, 11 Oct 2011)
Log Message:
-----------
Support a mode where all data on the server is read-only - controlled via plist option - off by default.

Modified Paths:
--------------
    CalendarServer/trunk/conf/caldavd-test.plist
    CalendarServer/trunk/twistedcaldav/resource.py
    CalendarServer/trunk/twistedcaldav/stdconfig.py

Modified: CalendarServer/trunk/conf/caldavd-test.plist
===================================================================
--- CalendarServer/trunk/conf/caldavd-test.plist	2011-10-11 20:01:35 UTC (rev 8184)
+++ CalendarServer/trunk/conf/caldavd-test.plist	2011-10-11 20:06:44 UTC (rev 8185)
@@ -880,6 +880,10 @@
     <key>EnableSACLs</key>
     <false/>
 
+    <!-- Make entire server read-only -->
+    <key>EnableReadOnlyServer</key>
+    <false/>
+
     <!-- Web-based administration -->
     <key>EnableWebAdmin</key>
     <true/>

Modified: CalendarServer/trunk/twistedcaldav/resource.py
===================================================================
--- CalendarServer/trunk/twistedcaldav/resource.py	2011-10-11 20:01:35 UTC (rev 8184)
+++ CalendarServer/trunk/twistedcaldav/resource.py	2011-10-11 20:06:44 UTC (rev 8185)
@@ -2337,11 +2337,20 @@
     def defaultAccessControlList(self):
         myPrincipal = self.principalForRecord()
 
+        # Server may be read only
+        if config.EnableReadOnlyServer:
+            owner_privs = (
+                davxml.Privilege(davxml.Read()),
+                davxml.Privilege(davxml.ReadCurrentUserPrivilegeSet()),
+            )
+        else:
+            owner_privs = (davxml.Privilege(davxml.All()),)
+
         aces = (
-            # Inheritable DAV:all access for the resource's associated principal.
+            # Inheritable access for the resource's associated principal.
             davxml.ACE(
                 davxml.Principal(davxml.HRef(myPrincipal.principalURL())),
-                davxml.Grant(davxml.Privilege(davxml.All())),
+                davxml.Grant(*owner_privs),
                 davxml.Protected(),
                 TwistedACLInheritable(),
             ),
@@ -2461,11 +2470,20 @@
     def defaultAccessControlList(self):
         myPrincipal = self.principalForRecord()
 
+        # Server may be read only
+        if config.EnableReadOnlyServer:
+            owner_privs = (
+                davxml.Privilege(davxml.Read()),
+                davxml.Privilege(davxml.ReadCurrentUserPrivilegeSet()),
+            )
+        else:
+            owner_privs = (davxml.Privilege(davxml.All()),)
+
         aces = (
-            # Inheritable DAV:all access for the resource's associated principal.
+            # Inheritable access for the resource's associated principal.
             davxml.ACE(
                 davxml.Principal(davxml.HRef(myPrincipal.principalURL())),
-                davxml.Grant(davxml.Privilege(davxml.All())),
+                davxml.Grant(*owner_privs),
                 davxml.Protected(),
                 TwistedACLInheritable(),
             ),
@@ -2484,6 +2502,19 @@
         aces += config.AdminACEs
         
         if config.EnableProxyPrincipals:
+            # Server may be read only
+            if config.EnableReadOnlyServer:
+                rw_proxy_privs = (
+                    davxml.Privilege(davxml.Read()),
+                    davxml.Privilege(davxml.ReadCurrentUserPrivilegeSet()),
+                )
+            else:
+                rw_proxy_privs = (
+                    davxml.Privilege(davxml.Read()),
+                    davxml.Privilege(davxml.ReadCurrentUserPrivilegeSet()),
+                    davxml.Privilege(davxml.Write()),
+                )
+
             aces += (
                 # DAV:read/DAV:read-current-user-privilege-set access for this principal's calendar-proxy-read users.
                 davxml.ACE(
@@ -2498,11 +2529,7 @@
                 # DAV:read/DAV:read-current-user-privilege-set/DAV:write access for this principal's calendar-proxy-write users.
                 davxml.ACE(
                     davxml.Principal(davxml.HRef(joinURL(myPrincipal.principalURL(), "calendar-proxy-write/"))),
-                    davxml.Grant(
-                        davxml.Privilege(davxml.Read()),
-                        davxml.Privilege(davxml.ReadCurrentUserPrivilegeSet()),
-                        davxml.Privilege(davxml.Write()),
-                    ),
+                    davxml.Grant(*rw_proxy_privs),
                     davxml.Protected(),
                     TwistedACLInheritable(),
                 ),

Modified: CalendarServer/trunk/twistedcaldav/stdconfig.py
===================================================================
--- CalendarServer/trunk/twistedcaldav/stdconfig.py	2011-10-11 20:01:35 UTC (rev 8184)
+++ CalendarServer/trunk/twistedcaldav/stdconfig.py	2011-10-11 20:06:44 UTC (rev 8185)
@@ -470,6 +470,8 @@
     #
     "EnableSACLs": False,
 
+    "EnableReadOnlyServer": False, # Make all data read-only
+
     #
     # Standard (or draft) WebDAV extensions
     #
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20111011/ceb4d6a2/attachment.html>

More information about the calendarserver-changes mailing list