[CalendarServer-changes] [9734] CalendarServer/trunk
source_changes at macosforge.org
source_changes at macosforge.org
Mon Aug 20 18:04:00 PDT 2012
Revision: 9734
http://trac.macosforge.org/projects/calendarserver/changeset/9734
Author: sagen at apple.com
Date: 2012-08-20 18:03:58 -0700 (Mon, 20 Aug 2012)
Log Message:
-----------
When asking a proxy sub-principal group whether it contains a given principal, turn the question around and ask if the principal is a proxy for the sub-principal's parent. This allows the question to be answered based on group-cacher information which is more efficient than expanding all the groups contained by the sub-principal, and invalidates as soon as the group-cacher information does.
Modified Paths:
--------------
CalendarServer/trunk/twext/web2/dav/resource.py
CalendarServer/trunk/twistedcaldav/directory/calendaruserproxy.py
CalendarServer/trunk/twistedcaldav/directory/test/test_directory.py
Modified: CalendarServer/trunk/twext/web2/dav/resource.py
===================================================================
--- CalendarServer/trunk/twext/web2/dav/resource.py 2012-08-20 18:34:52 UTC (rev 9733)
+++ CalendarServer/trunk/twext/web2/dav/resource.py 2012-08-21 01:03:58 UTC (rev 9734)
@@ -1738,10 +1738,11 @@
d.addCallback(cache)
return d
+ @inlineCallbacks
def principalIsGroupMember(self, principal1, principal2, request):
"""
Check whether one principal is a group member of another.
-
+
@param principal1: C{str} principalURL for principal to test.
@param principal2: C{str} principalURL for possible group
principal to test against.
@@ -1749,25 +1750,15 @@
@return: L{Deferred} with result C{True} if principal1 is a
member of principal2, C{False} otherwise
"""
- def gotGroup(group):
- # Get principal resource for principal2
- if group and isinstance(group, DAVPrincipalResource):
- def gotMembers(members):
- for member in members:
- if member.principalURL() == principal1:
- return True
- return False
+ resource1 = yield request.locateResource(principal1)
+ resource2 = yield request.locateResource(principal2)
- d = group.expandedGroupMembers()
- d.addCallback(gotMembers)
- return d
+ if resource2 and isinstance(resource2, DAVPrincipalResource):
+ isContained = yield resource2.containsPrincipal(resource1)
+ returnValue(isContained)
+ returnValue(False)
- return False
- d = request.locateResource(principal2)
- d.addCallback(gotGroup)
- return d
-
def validPrincipal(self, ace_principal, request):
"""
Check whether the supplied principal is valid for this resource.
@@ -2462,7 +2453,20 @@
)
return d
+ @inlineCallbacks
+ def containsPrincipal(self, principal):
+ """
+ Is the given principal contained within our expanded group membership?
+ @param principal: The principal to check
+ @type principal: L{DirectoryCalendarPrincipalResource}
+ @return: True if principal is a member, False otherwise
+ @rtype: C{boolean}
+ """
+ members = yield self.expandedGroupMembers()
+ returnValue(principal in members)
+
+
class DAVPrincipalCollectionResource (DAVResource):
"""
WebDAV principal collection resource. (RFC 3744, section 5.8)
Modified: CalendarServer/trunk/twistedcaldav/directory/calendaruserproxy.py
===================================================================
--- CalendarServer/trunk/twistedcaldav/directory/calendaruserproxy.py 2012-08-20 18:34:52 UTC (rev 9733)
+++ CalendarServer/trunk/twistedcaldav/directory/calendaruserproxy.py 2012-08-21 01:03:58 UTC (rev 9734)
@@ -404,6 +404,24 @@
])
return d
+ @inlineCallbacks
+ def containsPrincipal(self, principal):
+ """
+ Uses proxyFor information to turn the "contains principal" question around;
+ rather than expanding this principal's groups to see if the other principal
+ is a member, ask the other principal if they are a proxy for this principal's
+ parent resource, since this principal is a proxy principal.
+
+ @param principal: The principal to check
+ @type principal: L{DirectoryCalendarPrincipalResource}
+ @return: True if principal is a proxy (of the correct type) of our parent
+ @rtype: C{boolean}
+ """
+ readWrite = self.isProxyType(True) # is read-write
+ if principal and self.parent in (yield principal.proxyFor(readWrite)):
+ returnValue(True)
+ returnValue(False)
+
class ProxyDB(AbstractADBAPIDatabase, LoggingMixIn):
"""
A database to maintain calendar user proxy group memberships.
Modified: CalendarServer/trunk/twistedcaldav/directory/test/test_directory.py
===================================================================
--- CalendarServer/trunk/twistedcaldav/directory/test/test_directory.py 2012-08-20 18:34:52 UTC (rev 9733)
+++ CalendarServer/trunk/twistedcaldav/directory/test/test_directory.py 2012-08-21 01:03:58 UTC (rev 9734)
@@ -364,6 +364,13 @@
groups,
)
+ # Verify CalendarUserProxyPrincipalResource.containsPrincipal( ) works
+ delegator = self._getPrincipalByShortName(DirectoryService.recordType_locations, "mercury")
+ proxyPrincipal = delegator.getChild("calendar-proxy-write")
+ for expected, name in [(True, "wsanchez"), (False, "cdaboo")]:
+ delegate = self._getPrincipalByShortName(DirectoryService.recordType_users, name)
+ self.assertEquals(expected, (yield proxyPrincipal.containsPrincipal(delegate)))
+
# Verify that principals who were previously members of delegated-to groups but
# are no longer members have their proxyFor info cleaned out of the cache:
# Remove wsanchez from all groups in the directory, run the updater, then check
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20120820/a6a140f0/attachment.html>
More information about the calendarserver-changes
mailing list