[CalendarServer-changes] [8185] CalendarServer/trunk
source_changes at macosforge.org
source_changes at macosforge.org
Tue Oct 11 13:06:45 PDT 2011
Revision: 8185
http://trac.macosforge.org/projects/calendarserver/changeset/8185
Author: cdaboo at apple.com
Date: 2011-10-11 13:06:44 -0700 (Tue, 11 Oct 2011)
Log Message:
-----------
Support a mode where all data on the server is read-only - controlled via plist option - off by default.
Modified Paths:
--------------
CalendarServer/trunk/conf/caldavd-test.plist
CalendarServer/trunk/twistedcaldav/resource.py
CalendarServer/trunk/twistedcaldav/stdconfig.py
Modified: CalendarServer/trunk/conf/caldavd-test.plist
===================================================================
--- CalendarServer/trunk/conf/caldavd-test.plist 2011-10-11 20:01:35 UTC (rev 8184)
+++ CalendarServer/trunk/conf/caldavd-test.plist 2011-10-11 20:06:44 UTC (rev 8185)
@@ -880,6 +880,10 @@
<key>EnableSACLs</key>
<false/>
+ <!-- Make entire server read-only -->
+ <key>EnableReadOnlyServer</key>
+ <false/>
+
<!-- Web-based administration -->
<key>EnableWebAdmin</key>
<true/>
Modified: CalendarServer/trunk/twistedcaldav/resource.py
===================================================================
--- CalendarServer/trunk/twistedcaldav/resource.py 2011-10-11 20:01:35 UTC (rev 8184)
+++ CalendarServer/trunk/twistedcaldav/resource.py 2011-10-11 20:06:44 UTC (rev 8185)
@@ -2337,11 +2337,20 @@
def defaultAccessControlList(self):
myPrincipal = self.principalForRecord()
+ # Server may be read only
+ if config.EnableReadOnlyServer:
+ owner_privs = (
+ davxml.Privilege(davxml.Read()),
+ davxml.Privilege(davxml.ReadCurrentUserPrivilegeSet()),
+ )
+ else:
+ owner_privs = (davxml.Privilege(davxml.All()),)
+
aces = (
- # Inheritable DAV:all access for the resource's associated principal.
+ # Inheritable access for the resource's associated principal.
davxml.ACE(
davxml.Principal(davxml.HRef(myPrincipal.principalURL())),
- davxml.Grant(davxml.Privilege(davxml.All())),
+ davxml.Grant(*owner_privs),
davxml.Protected(),
TwistedACLInheritable(),
),
@@ -2461,11 +2470,20 @@
def defaultAccessControlList(self):
myPrincipal = self.principalForRecord()
+ # Server may be read only
+ if config.EnableReadOnlyServer:
+ owner_privs = (
+ davxml.Privilege(davxml.Read()),
+ davxml.Privilege(davxml.ReadCurrentUserPrivilegeSet()),
+ )
+ else:
+ owner_privs = (davxml.Privilege(davxml.All()),)
+
aces = (
- # Inheritable DAV:all access for the resource's associated principal.
+ # Inheritable access for the resource's associated principal.
davxml.ACE(
davxml.Principal(davxml.HRef(myPrincipal.principalURL())),
- davxml.Grant(davxml.Privilege(davxml.All())),
+ davxml.Grant(*owner_privs),
davxml.Protected(),
TwistedACLInheritable(),
),
@@ -2484,6 +2502,19 @@
aces += config.AdminACEs
if config.EnableProxyPrincipals:
+ # Server may be read only
+ if config.EnableReadOnlyServer:
+ rw_proxy_privs = (
+ davxml.Privilege(davxml.Read()),
+ davxml.Privilege(davxml.ReadCurrentUserPrivilegeSet()),
+ )
+ else:
+ rw_proxy_privs = (
+ davxml.Privilege(davxml.Read()),
+ davxml.Privilege(davxml.ReadCurrentUserPrivilegeSet()),
+ davxml.Privilege(davxml.Write()),
+ )
+
aces += (
# DAV:read/DAV:read-current-user-privilege-set access for this principal's calendar-proxy-read users.
davxml.ACE(
@@ -2498,11 +2529,7 @@
# DAV:read/DAV:read-current-user-privilege-set/DAV:write access for this principal's calendar-proxy-write users.
davxml.ACE(
davxml.Principal(davxml.HRef(joinURL(myPrincipal.principalURL(), "calendar-proxy-write/"))),
- davxml.Grant(
- davxml.Privilege(davxml.Read()),
- davxml.Privilege(davxml.ReadCurrentUserPrivilegeSet()),
- davxml.Privilege(davxml.Write()),
- ),
+ davxml.Grant(*rw_proxy_privs),
davxml.Protected(),
TwistedACLInheritable(),
),
Modified: CalendarServer/trunk/twistedcaldav/stdconfig.py
===================================================================
--- CalendarServer/trunk/twistedcaldav/stdconfig.py 2011-10-11 20:01:35 UTC (rev 8184)
+++ CalendarServer/trunk/twistedcaldav/stdconfig.py 2011-10-11 20:06:44 UTC (rev 8185)
@@ -470,6 +470,8 @@
#
"EnableSACLs": False,
+ "EnableReadOnlyServer": False, # Make all data read-only
+
#
# Standard (or draft) WebDAV extensions
#
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20111011/ceb4d6a2/attachment.html>
More information about the calendarserver-changes
mailing list