[CalendarServer-changes] [13585] CalendarServer/trunk/twistedcaldav

source_changes at macosforge.org source_changes at macosforge.org
Fri May 30 19:16:51 PDT 2014


Revision: 13585
          http://trac.calendarserver.org//changeset/13585
Author:   cdaboo at apple.com
Date:     2014-05-30 19:16:51 -0700 (Fri, 30 May 2014)
Log Message:
-----------
Make sure sharing POSTs fail when sharing is off. Don't allow a missing shared collection to cause a 500 error.

Modified Paths:
--------------
    CalendarServer/trunk/twistedcaldav/resource.py
    CalendarServer/trunk/twistedcaldav/sharing.py
    CalendarServer/trunk/twistedcaldav/storebridge.py
    CalendarServer/trunk/twistedcaldav/test/test_resource.py

Modified: CalendarServer/trunk/twistedcaldav/resource.py
===================================================================
--- CalendarServer/trunk/twistedcaldav/resource.py	2014-05-31 01:24:52 UTC (rev 13584)
+++ CalendarServer/trunk/twistedcaldav/resource.py	2014-05-31 02:16:51 UTC (rev 13585)
@@ -858,7 +858,7 @@
         Return the DAV:owner property value (MUST be a DAV:href or None).
         """
 
-        if hasattr(self, "_newStoreObject"):
+        if getattr(self, "_newStoreObject", None) is not None:
             if not hasattr(self._newStoreObject, "ownerHome"):
                 home = self._newStoreObject.parentCollection().ownerHome()
             else:

Modified: CalendarServer/trunk/twistedcaldav/sharing.py
===================================================================
--- CalendarServer/trunk/twistedcaldav/sharing.py	2014-05-31 01:24:52 UTC (rev 13584)
+++ CalendarServer/trunk/twistedcaldav/sharing.py	2014-05-31 02:16:51 UTC (rev 13585)
@@ -557,6 +557,13 @@
 
     @inlineCallbacks
     def _xmlHandleInvite(self, request, docroot):
+        # Sharing must be enabled for this collection
+        if not self.canBeShared():
+            raise HTTPError(ErrorResponse(
+                responsecode.FORBIDDEN,
+                (customxml.calendarserver_namespace, "valid-request"),
+                "Sharing not supported on this resource",
+            ))
         yield self.authorize(request, (element.Read(), element.Write()))
         result = (yield self._handleInvite(request, docroot))
         returnValue(result)
@@ -702,6 +709,13 @@
 
     @inlineCallbacks
     def _xmlHandleInviteReply(self, request, docroot):
+        # Sharing must be enabled for this collection
+        if not self.canShare():
+            raise HTTPError(ErrorResponse(
+                responsecode.FORBIDDEN,
+                (customxml.calendarserver_namespace, "valid-request"),
+                "Sharing not supported on this resource",
+            ))
         yield self.authorize(request, (element.Read(), element.Write()))
         result = (yield self._handleInviteReply(request, docroot))
         returnValue(result)

Modified: CalendarServer/trunk/twistedcaldav/storebridge.py
===================================================================
--- CalendarServer/trunk/twistedcaldav/storebridge.py	2014-05-31 01:24:52 UTC (rev 13584)
+++ CalendarServer/trunk/twistedcaldav/storebridge.py	2014-05-31 02:16:51 UTC (rev 13585)
@@ -1318,6 +1318,10 @@
         returnValue(result)
 
 
+    def canBeShared(self):
+        return config.Sharing.Enabled and config.Sharing.Calendars.Enabled
+
+
     @inlineCallbacks
     def storeResourceData(self, newchild, component, returnChangedData=False):
 
@@ -2823,6 +2827,10 @@
         returnValue(response)
 
 
+    def canBeShared(self):
+        return False
+
+
     @inlineCallbacks
     def http_PUT(self, request):
 
@@ -3296,6 +3304,10 @@
         return carddavxml.AddressData
 
 
+    def canBeShared(self):
+        return config.Sharing.Enabled and config.Sharing.AddressBooks.Enabled
+
+
     @inlineCallbacks
     def storeResourceData(self, newchild, component, returnChangedData=False):
 
@@ -3566,6 +3578,10 @@
         returnValue(response)
 
 
+    def canBeShared(self):
+        return config.Sharing.Enabled and config.Sharing.AddressBooks.Enabled
+
+
     @inlineCallbacks
     def http_PUT(self, request):
 

Modified: CalendarServer/trunk/twistedcaldav/test/test_resource.py
===================================================================
--- CalendarServer/trunk/twistedcaldav/test/test_resource.py	2014-05-31 01:24:52 UTC (rev 13584)
+++ CalendarServer/trunk/twistedcaldav/test/test_resource.py	2014-05-31 02:16:51 UTC (rev 13585)
@@ -160,6 +160,26 @@
 
 
     @inlineCallbacks
+    def test_isOwnerYes_noStoreObject(self):
+        """
+        L{CalDAVResource.isOwner} returns C{True} for authenticated requests
+        with a principal that matches the resource's owner.
+        """
+        site = None
+        request = SimpleRequest(site, "GET", "/not/a/real/url/")
+        request.authzUser = request.authnUser = StubPrincipal("/yes-i-am-the-owner/")
+        parent = CalDAVResource()
+        parent.owner = lambda igreq: HRef("/yes-i-am-the-owner/")
+        rsrc = CalDAVResource()
+        rsrc._newStoreObject = None
+
+        request._rememberResource(parent, "/not/a/real/")
+        request._rememberResource(rsrc, "/not/a/real/url/")
+
+        self.assertEquals((yield rsrc.isOwner(request)), True)
+
+
+    @inlineCallbacks
     def test_isOwnerAdmin(self):
         """
         L{CalDAVResource.isOwner} returns C{True} for authenticated requests
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20140530/0637982a/attachment.html>


More information about the calendarserver-changes mailing list