[CalendarServer-changes] [9386] CalendarServer/trunk/twistedcaldav/directory
source_changes at macosforge.org
source_changes at macosforge.org
Tue Jun 26 11:31:28 PDT 2012
Revision: 9386
http://trac.macosforge.org/projects/calendarserver/changeset/9386
Author: sagen at apple.com
Date: 2012-06-26 11:31:28 -0700 (Tue, 26 Jun 2012)
Log Message:
-----------
If a principal was previously in delegated-to groups but is no longer in any,
clean out their cached group info.
Modified Paths:
--------------
CalendarServer/trunk/twistedcaldav/directory/directory.py
CalendarServer/trunk/twistedcaldav/directory/test/test_directory.py
Added Paths:
-----------
CalendarServer/trunk/twistedcaldav/directory/test/accounts-modified.xml
Modified: CalendarServer/trunk/twistedcaldav/directory/directory.py
===================================================================
--- CalendarServer/trunk/twistedcaldav/directory/directory.py 2012-06-26 16:55:40 UTC (rev 9385)
+++ CalendarServer/trunk/twistedcaldav/directory/directory.py 2012-06-26 18:31:28 UTC (rev 9386)
@@ -467,6 +467,10 @@
d.addCallback(_value)
return d
+ def deleteGroupsFor(self, guid):
+ self.log_debug("delete groups-for %s" % (guid,))
+ return self.delete("groups-for:%s" % (str(guid),))
+
def setPopulatedMarker(self):
self.log_debug("set group-cacher-populated")
return self.set("group-cacher-populated", str(datetime.datetime.now()))
@@ -617,9 +621,11 @@
if not snapshotFile.exists():
self.log_info("Group membership snapshot file does not yet exist")
fast = False
+ previousMembers = {}
else:
self.log_info("Group membership snapshot file exists: %s" %
(snapshotFile.path,))
+ previousMembers = pickle.loads(snapshotFile.getContent())
if useLock:
self.log_info("Attempting to acquire group membership cache lock")
@@ -688,6 +694,13 @@
for member in groupMembers:
memberships = members.setdefault(member, set())
memberships.add(groupGUID)
+ if member in previousMembers:
+ # Remove from previousMembers; anything still left in
+ # previousMembers when this loop is done will be
+ # deleted from cache (since only members that were
+ # previously in delegated-to groups but are no longer
+ # would still be in previousMembers)
+ del previousMembers[member]
self.log_info("There are %d users delegated-to via groups" %
(len(members),))
@@ -711,6 +724,11 @@
# self.log_debug("%s is in %s" % (member, groups))
yield self.cache.setGroupsFor(member, groups)
+ # Remove entries for principals that no longer are in delegated-to
+ # groups
+ for member, groups in previousMembers.iteritems():
+ yield self.cache.deleteGroupsFor(member)
+
yield self.cache.setPopulatedMarker()
if useLock:
Added: CalendarServer/trunk/twistedcaldav/directory/test/accounts-modified.xml
===================================================================
--- CalendarServer/trunk/twistedcaldav/directory/test/accounts-modified.xml (rev 0)
+++ CalendarServer/trunk/twistedcaldav/directory/test/accounts-modified.xml 2012-06-26 18:31:28 UTC (rev 9386)
@@ -0,0 +1,269 @@
+<?xml version="1.0" encoding="utf-8"?>
+
+<!--
+Copyright (c) 2012 Apple Inc. All rights reserved.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+Description:
+
+This file is a copy of accounts.xml with wsanchez removed from
+all groups, for the purposes of test_groupMembershipCacheUpdater( ).
+ -->
+
+<!DOCTYPE accounts SYSTEM "../../../conf/auth/accounts.dtd">
+
+<accounts realm="Test">
+ <user>
+ <uid>admin</uid>
+ <guid>D11F03A0-97EA-48AF-9A6C-FAC7F3975766</guid>
+ <password>nimda</password>
+ <name>Administrators</name>
+ </user>
+ <user>
+ <uid>wsanchez</uid>
+ <guid>6423F94A-6B76-4A3A-815B-D52CFD77935D</guid>
+ <password>zehcnasw</password>
+ <name>Wilfredo Sanchez</name>
+ <email-address>wsanchez at example.com</email-address>
+ </user>
+ <user>
+ <uid>cdaboo</uid>
+ <guid>5A985493-EE2C-4665-94CF-4DFEA3A89500</guid>
+ <password>oobadc</password>
+ <name>Cyrus Daboo</name>
+ <email-address>cdaboo at example.com</email-address>
+ </user>
+ <user>
+ <uid>lecroy</uid>
+ <guid>8B4288F6-CC82-491D-8EF9-642EF4F3E7D0</guid>
+ <password>yorcel</password>
+ <name>Chris Lecroy</name>
+ <email-address>lecroy at example.com</email-address>
+ </user>
+ <user>
+ <uid>dreid</uid>
+ <guid>5FF60DAD-0BDE-4508-8C77-15F0CA5C8DD1</guid>
+ <password>dierd</password>
+ <name>David Reid</name>
+ <email-address>dreid at example.com</email-address>
+ </user>
+ <user>
+ <uid>doublequotes</uid>
+ <guid>8E04787E-336D-41ED-A70B-D233AD0DCE6F</guid>
+ <password>setouqelbuod</password>
+ <name>Double "quotey" Quotes</name>
+ <email-address>doublequotes at example.com</email-address>
+ </user>
+ <user>
+ <uid>nocalendar</uid>
+ <guid>543D28BA-F74F-4D5F-9243-B3E3A61171E5</guid>
+ <password>radnelacon</password>
+ <name>No Calendar</name>
+ <email-address>nocalendar at example.com</email-address>
+ </user>
+ <user>
+ <uid>usera</uid>
+ <guid>7423F94A-6B76-4A3A-815B-D52CFD77935D</guid>
+ <password>a</password>
+ <name>a</name>
+ <email-address>a at example.com</email-address>
+ </user>
+ <user>
+ <uid>userb</uid>
+ <guid>8A985493-EE2C-4665-94CF-4DFEA3A89500</guid>
+ <password>b</password>
+ <name>b</name>
+ <email-address>b at example.com</email-address>
+ </user>
+ <user>
+ <uid>userc</uid>
+ <guid>9FF60DAD-0BDE-4508-8C77-15F0CA5C8DD2</guid>
+ <password>c</password>
+ <name>c</name>
+ <email-address>c at example.com</email-address>
+ </user>
+ <user>
+ <uid>usercalonly</uid>
+ <guid>9E1FFAC4-3CCD-45A1-8272-D161C92D2EEE</guid>
+ <password>a</password>
+ <name>a calonly</name>
+ <email-address>a-calonly at example.com</email-address>
+ </user>
+ <user>
+ <uid>useradbkonly</uid>
+ <guid>7678EC8A-A069-4E82-9066-7279C6718507</guid>
+ <password>a</password>
+ <name>a adbkonly</name>
+ <email-address>a-adbkonly at example.com</email-address>
+ </user>
+ <user>
+ <uid>nonascii</uid>
+ <uid>nonascii佐藤</uid>
+ <guid>320B73A1-46E2-4180-9563-782DFDBE1F63</guid>
+ <password>a</password>
+ <name>佐藤佐藤佐藤</name>
+ <email-address>nonascii at example.com</email-address>
+ </user>
+ <user repeat="2">
+ <uid>user%02d</uid>
+ <guid>user%02d</guid>
+ <password>%02duser</password>
+ <name>~35 User %02d</name>
+ <first-name>~5</first-name>
+ <last-name>~9 User %02d</last-name>
+ <email-address>~10 at example.com</email-address>
+ </user>
+ <group>
+ <uid>managers</uid>
+ <guid>9FF60DAD-0BDE-4508-8C77-15F0CA5C8DD1</guid>
+ <password>managers</password>
+ <name>Managers</name>
+ <members>
+ <member type="users">lecroy</member>
+ </members>
+ </group>
+ <group>
+ <uid>admin</uid>
+ <guid>admin</guid>
+ <password>admin</password>
+ <name>Administrators</name>
+ <members>
+ <member type="groups">managers</member>
+ </members>
+ </group>
+ <group>
+ <uid>grunts</uid>
+ <guid>grunts</guid>
+ <password>grunts</password>
+ <name>We do all the work</name>
+ <members>
+ <member>cdaboo</member>
+ <member>dreid</member>
+ </members>
+ </group>
+ <group>
+ <uid>right_coast</uid>
+ <guid>right_coast</guid>
+ <password>right_coast</password>
+ <name>East Coast</name>
+ <members>
+ <member>cdaboo</member>
+ </members>
+ </group>
+ <group>
+ <uid>left_coast</uid>
+ <guid>left_coast</guid>
+ <password>left_coast</password>
+ <name>West Coast</name>
+ <members>
+ <member>lecroy</member>
+ <member>dreid</member>
+ </members>
+ </group>
+ <group>
+ <uid>both_coasts</uid>
+ <guid>both_coasts</guid>
+ <password>both_coasts</password>
+ <name>Both Coasts</name>
+ <members>
+ <member type="groups">right_coast</member>
+ <member type="groups">left_coast</member>
+ </members>
+ </group>
+ <group>
+ <uid>recursive1_coasts</uid>
+ <guid>recursive1_coasts</guid>
+ <password>recursive1_coasts</password>
+ <name>Recursive1 Coasts</name>
+ <members>
+ <member type="groups">recursive2_coasts</member>
+ </members>
+ </group>
+ <group>
+ <uid>recursive2_coasts</uid>
+ <guid>recursive2_coasts</guid>
+ <password>recursive2_coasts</password>
+ <name>Recursive2 Coasts</name>
+ <members>
+ <member type="groups">recursive1_coasts</member>
+ <member>cdaboo</member>
+ </members>
+ </group>
+ <group>
+ <uid>non_calendar_group</uid>
+ <guid>non_calendar_group</guid>
+ <password>non_calendar_group</password>
+ <name>Non-calendar group</name>
+ <members>
+ <member>cdaboo</member>
+ <member>lecroy</member>
+ </members>
+ </group>
+ <location>
+ <uid>mercury</uid>
+ <guid>mercury</guid>
+ <password>mercury</password>
+ <name>Mercury Seven</name>
+ <email-address>mercury at example.com</email-address>
+ </location>
+ <location>
+ <uid>gemini</uid>
+ <guid>gemini</guid>
+ <password>gemini</password>
+ <name>Gemini Twelve</name>
+ <email-address>gemini at example.com</email-address>
+ </location>
+ <location>
+ <uid>apollo</uid>
+ <guid>apollo</guid>
+ <password>apollo</password>
+ <name>Apollo Eleven</name>
+ <email-address>apollo at example.com</email-address>
+ </location>
+ <location>
+ <uid>orion</uid>
+ <guid>orion</guid>
+ <password>orion</password>
+ <name>Orion</name>
+ <email-address>orion at example.com</email-address>
+ </location>
+ <resource>
+ <uid>transporter</uid>
+ <guid>transporter</guid>
+ <password>transporter</password>
+ <name>Mass Transporter</name>
+ <email-address>transporter at example.com</email-address>
+ </resource>
+ <resource>
+ <uid>ftlcpu</uid>
+ <guid>ftlcpu</guid>
+ <password>ftlcpu</password>
+ <name>Faster-Than-Light Microprocessor</name>
+ <email-address>ftlcpu at example.com</email-address>
+ </resource>
+ <resource>
+ <uid>non_calendar_proxy</uid>
+ <guid>non_calendar_proxy</guid>
+ <password>non_calendar_proxy</password>
+ <name>Non-calendar proxy</name>
+ <email-address>non_calendar_proxy at example.com</email-address>
+ </resource>
+ <resource>
+ <uid>disabled</uid>
+ <guid>disabled</guid>
+ <password>disabled</password>
+ <name>Disabled Record</name>
+ <email-address>disabled at example.com</email-address>
+ </resource>
+</accounts>
Modified: CalendarServer/trunk/twistedcaldav/directory/test/test_directory.py
===================================================================
--- CalendarServer/trunk/twistedcaldav/directory/test/test_directory.py 2012-06-26 16:55:40 UTC (rev 9385)
+++ CalendarServer/trunk/twistedcaldav/directory/test/test_directory.py 2012-06-26 18:31:28 UTC (rev 9386)
@@ -19,7 +19,7 @@
from twisted.python.filepath import FilePath
from twistedcaldav.test.util import TestCase
-from twistedcaldav.test.util import xmlFile, augmentsFile, proxiesFile
+from twistedcaldav.test.util import xmlFile, augmentsFile, proxiesFile, dirTest
from twistedcaldav.config import config
from twistedcaldav.directory.directory import DirectoryService, DirectoryRecord, GroupMembershipCacherService, GroupMembershipCache, GroupMembershipCacheUpdater
from twistedcaldav.directory.xmlfile import XMLDirectoryService
@@ -355,7 +355,21 @@
groups,
)
+ # Verify that principals who were previously members of delegated-to groups but
+ # are no longer members have their proxyFor info cleaned out of the cache:
+ # Remove wsanchez from all groups in the directory, run the updater, then check
+ # that wsanchez is only a proxy for gemini (since that assignment does not involve groups)
+ self.directoryService.xmlFile = dirTest.child("accounts-modified.xml")
+ self.directoryService._alwaysStat = True
+ self.assertEquals((False, 7), (yield updater.updateCache()))
+ delegate = self._getPrincipalByShortName(DirectoryService.recordType_users, "wsanchez")
+ proxyFor = (yield delegate.proxyFor(True))
+ self.assertEquals(
+ set([p.record.guid for p in proxyFor]),
+ set(['gemini'])
+ )
+
@inlineCallbacks
def test_groupMembershipCacheUpdaterExternalProxies(self):
"""
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20120626/2cff04f2/attachment-0001.html>
More information about the calendarserver-changes
mailing list