[CalendarServer-changes] [14116] CalendarServer/trunk/txdav
source_changes at macosforge.org
source_changes at macosforge.org
Tue Oct 28 16:57:07 PDT 2014
Revision: 14116
http://trac.calendarserver.org//changeset/14116
Author: sagen at apple.com
Date: 2014-10-28 16:57:06 -0700 (Tue, 28 Oct 2014)
Log Message:
-----------
Fix unauthenticated access to wiki calendars
Modified Paths:
--------------
CalendarServer/trunk/txdav/dps/client.py
CalendarServer/trunk/txdav/dps/server.py
CalendarServer/trunk/txdav/who/test/test_wiki.py
CalendarServer/trunk/txdav/who/wiki.py
Modified: CalendarServer/trunk/txdav/dps/client.py
===================================================================
--- CalendarServer/trunk/txdav/dps/client.py 2014-10-28 18:08:02 UTC (rev 14115)
+++ CalendarServer/trunk/txdav/dps/client.py 2014-10-28 23:57:06 UTC (rev 14116)
@@ -573,7 +573,7 @@
WikiAccessForUIDCommand,
self._convertAccess,
wikiUID=self.uid.encode("utf-8"),
- uid=record.uid.encode("utf-8")
+ uid=record.uid.encode("utf-8") if record else ""
)
Modified: CalendarServer/trunk/txdav/dps/server.py
===================================================================
--- CalendarServer/trunk/txdav/dps/server.py 2014-10-28 18:08:02 UTC (rev 14115)
+++ CalendarServer/trunk/txdav/dps/server.py 2014-10-28 23:57:06 UTC (rev 14116)
@@ -634,8 +634,11 @@
log.debug("WikiAccessForUID: {w} {u}", w=wikiUID, u=uid)
access = WikiAccessLevel.none
wikiRecord = (yield self._directory.recordWithUID(wikiUID))
- userRecord = (yield self._directory.recordWithUID(uid))
- if wikiRecord is not None and userRecord is not None:
+ if uid:
+ userRecord = (yield self._directory.recordWithUID(uid))
+ else:
+ userRecord = None
+ if wikiRecord is not None:
access = (yield wikiRecord.accessForRecord(userRecord))
response = {
"access": access.name.encode("utf-8"),
Modified: CalendarServer/trunk/txdav/who/test/test_wiki.py
===================================================================
--- CalendarServer/trunk/txdav/who/test/test_wiki.py 2014-10-28 18:08:02 UTC (rev 14115)
+++ CalendarServer/trunk/txdav/who/test/test_wiki.py 2014-10-28 23:57:06 UTC (rev 14116)
@@ -26,7 +26,9 @@
from twisted.internet.defer import inlineCallbacks, succeed
from twistedcaldav.test.util import StoreTestCase
-from ..wiki import DirectoryService, WikiAccessLevel
+from ..wiki import (
+ DirectoryService, WikiAccessLevel, getWikiACL, RecordType, DirectoryRecord
+)
import txdav.who.wiki
@@ -95,6 +97,7 @@
return succeed(self.access)
+
@inlineCallbacks
def test_accessForRecord(self):
record = yield self.directory.recordWithUID(u"wiki-test")
@@ -114,3 +117,63 @@
self.access = "admin"
access = yield record.accessForRecord(None)
self.assertEquals(access, WikiAccessLevel.write)
+
+
+
+# Test getWikiACL()
+# Currently stubs out enough functionality to test that an unauthenticated
+# request can support read access when generating an ACL element
+# TODO: add tests which have auth'd principals in the request
+
+class FakeRequest(object):
+
+ def __init__(self):
+ self.authnUser = None
+
+
+class FakeResource(object):
+
+ def __init__(self, record):
+ self.record = record
+
+
+def stubAccessForRecord(self, record):
+ return succeed(self.access)
+
+
+class GetWikiACLTestCase(StoreTestCase):
+ """
+ Exercise getWikiACL
+ """
+
+ def configure(self):
+ """
+ Override configuration hook to turn on wiki service.
+ """
+ from twistedcaldav.config import config
+
+ super(GetWikiACLTestCase, self).configure()
+ self.patch(config.Authentication.Wiki, "Enabled", True)
+ self.patch(
+ txdav.who.wiki.DirectoryRecord,
+ "accessForRecord",
+ stubAccessForRecord
+ )
+
+ @inlineCallbacks
+ def test_getWikiACL(self):
+ fields = {
+ self.directory.fieldName.uid: u"wiki-1",
+ self.directory.fieldName.shortNames: [u"wiki-one",],
+ self.directory.fieldName.recordType: RecordType.macOSXServerWiki,
+ }
+ record = DirectoryRecord(self.directory, fields)
+ resource = FakeResource(record)
+ request = FakeRequest()
+
+ record.access = WikiAccessLevel.read
+ result = yield getWikiACL(resource, request)
+ self.assertEqual(
+ result.children[0].children[0].children[0].name,
+ "unauthenticated"
+ )
Modified: CalendarServer/trunk/txdav/who/wiki.py
===================================================================
--- CalendarServer/trunk/txdav/who/wiki.py 2014-10-28 18:08:02 UTC (rev 14115)
+++ CalendarServer/trunk/txdav/who/wiki.py 2014-10-28 23:57:06 UTC (rev 14116)
@@ -282,7 +282,11 @@
if access == WikiAccessLevel.read:
request.wikiACL = davxml.ACL(
davxml.ACE(
- request.authnUser.principalElement(),
+ (
+ request.authnUser.principalElement() if
+ request.authnUser is not None else
+ davxml.Principal(davxml.Unauthenticated())
+ ),
davxml.Grant(
davxml.Privilege(davxml.Read()),
davxml.Privilege(davxml.ReadCurrentUserPrivilegeSet()),
@@ -311,7 +315,11 @@
elif access == WikiAccessLevel.write:
request.wikiACL = davxml.ACL(
davxml.ACE(
- request.authnUser.principalElement(),
+ (
+ request.authnUser.principalElement() if
+ request.authnUser is not None else
+ davxml.Principal(davxml.Unauthenticated())
+ ),
davxml.Grant(
davxml.Privilege(davxml.Read()),
davxml.Privilege(davxml.ReadCurrentUserPrivilegeSet()),
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20141028/e887bc9e/attachment.html>
More information about the calendarserver-changes
mailing list