[CalendarServer-changes] [13585] CalendarServer/trunk/twistedcaldav
source_changes at macosforge.org
source_changes at macosforge.org
Fri May 30 19:16:51 PDT 2014
Revision: 13585
http://trac.calendarserver.org//changeset/13585
Author: cdaboo at apple.com
Date: 2014-05-30 19:16:51 -0700 (Fri, 30 May 2014)
Log Message:
-----------
Make sure sharing POSTs fail when sharing is off. Don't allow a missing shared collection to cause a 500 error.
Modified Paths:
--------------
CalendarServer/trunk/twistedcaldav/resource.py
CalendarServer/trunk/twistedcaldav/sharing.py
CalendarServer/trunk/twistedcaldav/storebridge.py
CalendarServer/trunk/twistedcaldav/test/test_resource.py
Modified: CalendarServer/trunk/twistedcaldav/resource.py
===================================================================
--- CalendarServer/trunk/twistedcaldav/resource.py 2014-05-31 01:24:52 UTC (rev 13584)
+++ CalendarServer/trunk/twistedcaldav/resource.py 2014-05-31 02:16:51 UTC (rev 13585)
@@ -858,7 +858,7 @@
Return the DAV:owner property value (MUST be a DAV:href or None).
"""
- if hasattr(self, "_newStoreObject"):
+ if getattr(self, "_newStoreObject", None) is not None:
if not hasattr(self._newStoreObject, "ownerHome"):
home = self._newStoreObject.parentCollection().ownerHome()
else:
Modified: CalendarServer/trunk/twistedcaldav/sharing.py
===================================================================
--- CalendarServer/trunk/twistedcaldav/sharing.py 2014-05-31 01:24:52 UTC (rev 13584)
+++ CalendarServer/trunk/twistedcaldav/sharing.py 2014-05-31 02:16:51 UTC (rev 13585)
@@ -557,6 +557,13 @@
@inlineCallbacks
def _xmlHandleInvite(self, request, docroot):
+ # Sharing must be enabled for this collection
+ if not self.canBeShared():
+ raise HTTPError(ErrorResponse(
+ responsecode.FORBIDDEN,
+ (customxml.calendarserver_namespace, "valid-request"),
+ "Sharing not supported on this resource",
+ ))
yield self.authorize(request, (element.Read(), element.Write()))
result = (yield self._handleInvite(request, docroot))
returnValue(result)
@@ -702,6 +709,13 @@
@inlineCallbacks
def _xmlHandleInviteReply(self, request, docroot):
+ # Sharing must be enabled for this collection
+ if not self.canShare():
+ raise HTTPError(ErrorResponse(
+ responsecode.FORBIDDEN,
+ (customxml.calendarserver_namespace, "valid-request"),
+ "Sharing not supported on this resource",
+ ))
yield self.authorize(request, (element.Read(), element.Write()))
result = (yield self._handleInviteReply(request, docroot))
returnValue(result)
Modified: CalendarServer/trunk/twistedcaldav/storebridge.py
===================================================================
--- CalendarServer/trunk/twistedcaldav/storebridge.py 2014-05-31 01:24:52 UTC (rev 13584)
+++ CalendarServer/trunk/twistedcaldav/storebridge.py 2014-05-31 02:16:51 UTC (rev 13585)
@@ -1318,6 +1318,10 @@
returnValue(result)
+ def canBeShared(self):
+ return config.Sharing.Enabled and config.Sharing.Calendars.Enabled
+
+
@inlineCallbacks
def storeResourceData(self, newchild, component, returnChangedData=False):
@@ -2823,6 +2827,10 @@
returnValue(response)
+ def canBeShared(self):
+ return False
+
+
@inlineCallbacks
def http_PUT(self, request):
@@ -3296,6 +3304,10 @@
return carddavxml.AddressData
+ def canBeShared(self):
+ return config.Sharing.Enabled and config.Sharing.AddressBooks.Enabled
+
+
@inlineCallbacks
def storeResourceData(self, newchild, component, returnChangedData=False):
@@ -3566,6 +3578,10 @@
returnValue(response)
+ def canBeShared(self):
+ return config.Sharing.Enabled and config.Sharing.AddressBooks.Enabled
+
+
@inlineCallbacks
def http_PUT(self, request):
Modified: CalendarServer/trunk/twistedcaldav/test/test_resource.py
===================================================================
--- CalendarServer/trunk/twistedcaldav/test/test_resource.py 2014-05-31 01:24:52 UTC (rev 13584)
+++ CalendarServer/trunk/twistedcaldav/test/test_resource.py 2014-05-31 02:16:51 UTC (rev 13585)
@@ -160,6 +160,26 @@
@inlineCallbacks
+ def test_isOwnerYes_noStoreObject(self):
+ """
+ L{CalDAVResource.isOwner} returns C{True} for authenticated requests
+ with a principal that matches the resource's owner.
+ """
+ site = None
+ request = SimpleRequest(site, "GET", "/not/a/real/url/")
+ request.authzUser = request.authnUser = StubPrincipal("/yes-i-am-the-owner/")
+ parent = CalDAVResource()
+ parent.owner = lambda igreq: HRef("/yes-i-am-the-owner/")
+ rsrc = CalDAVResource()
+ rsrc._newStoreObject = None
+
+ request._rememberResource(parent, "/not/a/real/")
+ request._rememberResource(rsrc, "/not/a/real/url/")
+
+ self.assertEquals((yield rsrc.isOwner(request)), True)
+
+
+ @inlineCallbacks
def test_isOwnerAdmin(self):
"""
L{CalDAVResource.isOwner} returns C{True} for authenticated requests
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20140530/0637982a/attachment.html>
More information about the calendarserver-changes
mailing list