Skip to content

Commit

Permalink
Clean rights from file and remove tests
Browse files Browse the repository at this point in the history
  • Loading branch information
@liZe
liZe committed Sep 15, 2012
1 parent 7b15832 commit 4c064bc
Show file tree
Hide file tree
Showing 7 changed files with 123 additions and 387 deletions.
152 changes: 85 additions & 67 deletions radicale/__init__.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,16 +51,12 @@

VERSION = "git"

# Standard "not allowed" response that is returned when an authenticated
# user tries to access information they don't have rights to.
NOT_ALLOWED = (
client.FORBIDDEN,
{},
None)
# Standard "not allowed" response that is returned when an authenticated user
# tries to access information they don't have rights to
NOT_ALLOWED = (client.FORBIDDEN, {}, None)

# Standard "authenticate" response that is returned when a
# user tries to access non-public information w/o submitting
# proper authentication credentials
# Standard "authenticate" response that is returned when a user tries to access
# non-public information w/o submitting proper authentication credentials
WRONG_CREDENTIALS = (
client.UNAUTHORIZED,
{"WWW-Authenticate": "Basic realm=\"Radicale - Password Required\""},
Expand Down Expand Up @@ -185,57 +181,63 @@ def sanitize_uri(uri):
trailing_slash = "" if uri == "/" else trailing_slash
return uri + trailing_slash


def collect_allowed_items(self, items, user):
""" Collect those items from the request that the user
is actually allowed to access """

"""Get items from request that user is allowed to access."""
read_last_collection_allowed = None
write_last_collection_allowed = None
read_allowed_items = []
write_allowed_items = []

for item in items:
if isinstance(item, ical.Collection):
if rights.read_authorized(user, item):
log.LOGGER.debug("%s has read access to collection %s" % (user, item.url or "/"))
log.LOGGER.debug(
"%s has read access to collection %s" %
(user or "Anonymous", item.url or "/"))
read_last_collection_allowed = True
read_allowed_items.append(item)
else:
log.LOGGER.debug("%s has NO read access to collection %s" % (user, item.url or "/"))
log.LOGGER.debug(
"%s has NO read access to collection %s" %
(user or "Anonymous", item.url or "/"))
read_last_collection_allowed = False

if rights.write_authorized(user, item):
log.LOGGER.debug("%s has write access to collection %s" % (user, item.url or "/"))
log.LOGGER.debug(
"%s has write access to collection %s" %
(user or "Anonymous", item.url or "/"))
write_last_collection_allowed = True
write_allowed_items.append(item)
else:
log.LOGGER.debug("%s has NO write access to collection %s" % (user, item.url or "/"))
log.LOGGER.debug(
"%s has NO write access to collection %s" %
(user or "Anonymous", item.url or "/"))
write_last_collection_allowed = False
else:
# item is not a collection, it's the child of the last
# collection we've met in the loop. Only add this item
# if this last collection was allowed.
else:
if read_last_collection_allowed:
log.LOGGER.debug("%s has read access to item %s" % (user, item.name or "/"))
log.LOGGER.debug(
"%s has read access to item %s" %
(user or "Anonymous", item.name))
read_allowed_items.append(item)
else:
log.LOGGER.debug(
"%s has NO read access to item %s" %
(user or "Anonymous", item.name))

if write_last_collection_allowed:
log.LOGGER.debug("%s has write access to item %s" % (user, item.name or "/"))
log.LOGGER.debug(
"%s has write access to item %s" %
(user or "Anonymous", item.name))
write_allowed_items.append(item)

if (not write_last_collection_allowed) and (not read_last_collection_allowed):
log.LOGGER.info("%s has NO access to item %s" % (user, item.name or "/"))

return read_allowed_items, write_allowed_items

else:
log.LOGGER.debug(
"%s has NO write access to item %s" %
(user or "Anonymous", item.name))

def _union(self, list1, list2):
out = []
out.extend(list1)
for thing in list2:
if not thing in list1:
list1.append(thing)
return out

return read_allowed_items, write_allowed_items

def __call__(self, environ, start_response):
"""Manage a request."""
Expand Down Expand Up @@ -280,14 +282,17 @@ def __call__(self, environ, start_response):
if not items or function == self.options or \
auth.is_authenticated(user, password):

read_allowed_items, write_allowed_items = self.collect_allowed_items(items, user)
read_allowed_items, write_allowed_items = \
self.collect_allowed_items(items, user)

if read_allowed_items or write_allowed_items or function == self.options:
if read_allowed_items or write_allowed_items or \
function == self.options:
# Collections found
status, headers, answer = function(
environ, read_allowed_items, write_allowed_items, content, user)
environ, read_allowed_items, write_allowed_items, content,
user)
else:
# Good user but has no rights to any of the given collections
# Good user but has no rights to any of the given collections
status, headers, answer = NOT_ALLOWED
else:
# Unknown or unauthorized user
Expand All @@ -312,11 +317,12 @@ def __call__(self, environ, start_response):
# All these functions must have the same parameters, some are useless
# pylint: disable=W0612,W0613,R0201

def delete(self, environ, read_collections, write_collections, content, user):
def delete(self, environ, read_collections, write_collections, content,
user):
"""Manage DELETE request."""
if not len(write_collections):
return client.PRECONDITION_FAILED, {}, None

collection = write_collections[0]

if collection.path == environ["PATH_INFO"].strip("/"):
Expand Down Expand Up @@ -354,9 +360,9 @@ def get(self, environ, read_collections, write_collections, content, user):

if not len(read_collections):
return NOT_ALLOWED

collection = read_collections[0]

item_name = xmlutils.name_from_path(environ["PATH_INFO"], collection)

if item_name:
Expand All @@ -374,10 +380,13 @@ def get(self, environ, read_collections, write_collections, content, user):
# Create the collection if it does not exist
if not collection.exists:
if collection in write_collections:
log.LOGGER.debug("Creating collection %s" % collection.name)
log.LOGGER.debug(
"Creating collection %s" % collection.name)
collection.write()
else:
log.LOGGER.debug("Collection %s not available and could not be created due to missing write rights" % collection.name)
log.LOGGER.debug(
"Collection %s not available and could not be created "
"due to missing write rights" % collection.name)
return NOT_ALLOWED

# Get whole collection
Expand All @@ -391,18 +400,21 @@ def get(self, environ, read_collections, write_collections, content, user):
answer = answer_text.encode(self.encoding)
return client.OK, headers, answer

def head(self, environ, read_collections, write_collections, content, user):
def head(self, environ, read_collections, write_collections, content,
user):
"""Manage HEAD request."""
status, headers, answer = self.get(environ, read_collections, write_collections, content, user)
status, headers, answer = self.get(
environ, read_collections, write_collections, content, user)
return status, headers, None

def mkcalendar(self, environ, read_collections, write_collections, content, user):
def mkcalendar(self, environ, read_collections, write_collections, content,
user):
"""Manage MKCALENDAR request."""
if not len(write_collections):
return NOT_ALLOWED

collection = write_collections[0]

props = xmlutils.props_from_request(content)
timezone = props.get("C:calendar-timezone")
if timezone:
Expand All @@ -414,27 +426,29 @@ def mkcalendar(self, environ, read_collections, write_collections, content, user
collection.write()
return client.CREATED, {}, None

def mkcol(self, environ, read_collections, write_collections, content, user):
def mkcol(self, environ, read_collections, write_collections, content,
user):
"""Manage MKCOL request."""
if not len(write_collections):
return NOT_ALLOWED

collection = write_collections[0]

props = xmlutils.props_from_request(content)
with collection.props as collection_props:
for key, value in props.items():
collection_props[key] = value
collection.write()
return client.CREATED, {}, None

def move(self, environ, read_collections, write_collections, content, user):
def move(self, environ, read_collections, write_collections, content,
user):
"""Manage MOVE request."""
if not len(write_collections):
return NOT_ALLOWED

from_collection = write_collections[0]

from_name = xmlutils.name_from_path(
environ["PATH_INFO"], from_collection)
if from_name:
Expand Down Expand Up @@ -463,32 +477,35 @@ def move(self, environ, read_collections, write_collections, content, user):
# Moving collections, not supported
return client.FORBIDDEN, {}, None

def options(self, environ, read_collections, write_collections, content, user):
def options(self, environ, read_collections, write_collections, content,
user):
"""Manage OPTIONS request."""
headers = {
"Allow": ("DELETE, HEAD, GET, MKCALENDAR, MKCOL, MOVE, "
"OPTIONS, PROPFIND, PROPPATCH, PUT, REPORT"),
"DAV": "1, 2, 3, calendar-access, addressbook, extended-mkcol"}
return client.OK, headers, None

def propfind(self, environ, read_collections, write_collections, content, user):
def propfind(self, environ, read_collections, write_collections, content,
user):
"""Manage PROPFIND request."""
# Rights is handled by collection in xmlutils.propfind
headers = {
"DAV": "1, 2, 3, calendar-access, addressbook, extended-mkcol",
"Content-Type": "text/xml"}
collections = self._union(read_collections, write_collections)
collections = set(read_collections + write_collections)
answer = xmlutils.propfind(
environ["PATH_INFO"], content, collections, user)
return client.MULTI_STATUS, headers, answer

def proppatch(self, environ, read_collections, write_collections, content, user):
def proppatch(self, environ, read_collections, write_collections, content,
user):
"""Manage PROPPATCH request."""
if not len(write_collections):
return NOT_ALLOWED

collection = write_collections[0]

answer = xmlutils.proppatch(
environ["PATH_INFO"], content, collection)
headers = {
Expand All @@ -500,9 +517,9 @@ def put(self, environ, read_collections, write_collections, content, user):
"""Manage PUT request."""
if not len(write_collections):
return NOT_ALLOWED

collection = write_collections[0]

collection.set_mimetype(environ.get("CONTENT_TYPE"))
headers = {}
item_name = xmlutils.name_from_path(environ["PATH_INFO"], collection)
Expand Down Expand Up @@ -531,15 +548,16 @@ def put(self, environ, read_collections, write_collections, content, user):
status = client.PRECONDITION_FAILED
return status, headers, None

def report(self, environ, read_collections, write_collections, content, user):
def report(self, environ, read_collections, write_collections, content,
user):
"""Manage REPORT request."""
if not len(read_collections):
return NOT_ALLOWED

collection = read_collections[0]

headers = {"Content-Type": "text/xml"}

answer = xmlutils.report(environ["PATH_INFO"], content, collection)
return client.MULTI_STATUS, headers, answer

Expand Down
2 changes: 1 addition & 1 deletion radicale/config.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -68,7 +68,7 @@
"courier_socket": ""},
"rights": {
"type": "None",
"file" : "None"},
"file": ""},
"storage": {
"type": "filesystem",
"filesystem_folder": os.path.expanduser(
Expand Down
Loading

0 comments on commit 4c064bc

Please sign in to comment.