Monotone-Parent: 4fcee5b7d94bbc45b4fc732c402cbfa7b3009735
Monotone-Revision: d486d5e829cf0bc377649b3e2d2ecfcc08afb8e8 Monotone-Author: wsourdeau@inverse.ca Monotone-Date: 2010-07-15T14:54:03 Monotone-Branch: ca.inverse.sogomaint-2.0.2
parent
ddf66a8d10
commit
97f72faf38
18
ChangeLog
18
ChangeLog
|
@ -1,5 +1,23 @@
|
|||
2010-07-15 Wolfgang Sourdeau <wsourdeau@inverse.ca>
|
||||
|
||||
* Tests/Integration/test-davacl.py
|
||||
(DAVCalendarPublicAclTest.testCollectionAccessNormalUser): print
|
||||
the amount of received hrefs.
|
||||
|
||||
* SoObjects/Appointments/SOGoAppointmentFolders.m
|
||||
(-folderObjectKeys): we now check the "AccessObject"
|
||||
right on the returned folders to determine whether their ICS or
|
||||
XML version should be accessible.
|
||||
|
||||
* SoObjects/SOGo/SOGoParentFolder.m
|
||||
(_fetchPersonalFolders:withChannel:): we no longer check access
|
||||
rights from here as this method is too low level and prevent other
|
||||
mechanisms from working properly.
|
||||
(-lookupName:inContext:acquire:): we now check the "AccessObject"
|
||||
right from here before returning the found object. We also make
|
||||
use of the new "ignoreRights" method (see below) to that end.
|
||||
(-toManyRelationShipKeys): same as lookupName... above.
|
||||
|
||||
* SoObjects/SOGo/SOGoObject.m (-ignoreRights): new utility method
|
||||
that determines whether the current object must check access
|
||||
rights on subobjects.
|
||||
|
|
|
@ -29,6 +29,7 @@
|
|||
#import <NGObjWeb/WOContext+SoObjects.h>
|
||||
#import <NGObjWeb/WORequest+So.h>
|
||||
#import <NGObjWeb/NSException+HTTP.h>
|
||||
#import <NGObjWeb/SoSecurityManager.h>
|
||||
#import <NGExtensions/NSObject+Logs.h>
|
||||
|
||||
#import <GDLAccess/EOAdaptorChannel.h>
|
||||
|
@ -63,8 +64,16 @@
|
|||
|
||||
@end
|
||||
|
||||
static SoSecurityManager *sm = nil;
|
||||
|
||||
@implementation SOGoAppointmentFolders
|
||||
|
||||
+ (void) initialize
|
||||
{
|
||||
if (!sm)
|
||||
sm = [SoSecurityManager sharedSecurityManager];
|
||||
}
|
||||
|
||||
- (id) init
|
||||
{
|
||||
if ((self = [super init]))
|
||||
|
@ -166,9 +175,11 @@
|
|||
SOGoAppointmentFolder *folder;
|
||||
NSString *folderObjectKey;
|
||||
int count, max;
|
||||
BOOL ignoreRights;
|
||||
|
||||
if (!folderObjectKeys)
|
||||
{
|
||||
ignoreRights = [self ignoreRights];
|
||||
folders = [self subFolders];
|
||||
max = [folders count];
|
||||
folderObjectKeys = [[NSMutableArray alloc] initWithCapacity: max];
|
||||
|
@ -176,7 +187,10 @@
|
|||
{
|
||||
folder = [folders objectAtIndex: count];
|
||||
if ([folder isMemberOfClass: [SOGoAppointmentFolder class]]
|
||||
&& ![folder isSubscription])
|
||||
&& ![folder isSubscription]
|
||||
&& (ignoreRights || ![sm validatePermission: SOGoPerm_AccessObject
|
||||
onObject: folder
|
||||
inContext: context]))
|
||||
{
|
||||
folderObjectKey = [NSString stringWithFormat: @"%@.ics",
|
||||
[folder nameInContainer]];
|
||||
|
|
|
@ -175,26 +175,19 @@ static SoSecurityManager *sm = nil;
|
|||
{
|
||||
NSArray *attrs;
|
||||
NSDictionary *row;
|
||||
BOOL hasPersonal, ignoreRights;
|
||||
SOGoGCSFolder *folder;
|
||||
NSString *key, *login;
|
||||
NSException *error;
|
||||
SOGoUser *currentUser;
|
||||
SoSecurityManager *securityManager;
|
||||
|
||||
if (!subFolderClass)
|
||||
subFolderClass = [[self class] subFolderClass];
|
||||
|
||||
hasPersonal = NO;
|
||||
error = [fc evaluateExpressionX: sql];
|
||||
if (!error)
|
||||
{
|
||||
currentUser = [context activeUser];
|
||||
login = [currentUser login];
|
||||
ignoreRights = (activeUserIsOwner || [login isEqualToString: owner]
|
||||
|| [currentUser isSuperUser]);
|
||||
if (!ignoreRights)
|
||||
securityManager = [SoSecurityManager sharedSecurityManager];
|
||||
|
||||
attrs = [fc describeResults: NO];
|
||||
while ((row = [fc fetchAttributes: attrs withZone: NULL]))
|
||||
|
@ -203,19 +196,13 @@ static SoSecurityManager *sm = nil;
|
|||
if ([key isKindOfClass: [NSString class]])
|
||||
{
|
||||
folder = [subFolderClass objectWithName: key inContainer: self];
|
||||
hasPersonal = (hasPersonal
|
||||
|| [key isEqualToString: @"personal"]);
|
||||
[folder setOCSPath: [NSString stringWithFormat: @"%@/%@",
|
||||
OCSPath, key]];
|
||||
if (ignoreRights
|
||||
|| ![securityManager validatePermission: SOGoPerm_AccessObject
|
||||
onObject: folder
|
||||
inContext: context])
|
||||
[subFolders setObject: folder forKey: key];
|
||||
[subFolders setObject: folder forKey: key];
|
||||
}
|
||||
}
|
||||
|
||||
if (ignoreRights && !hasPersonal)
|
||||
if (![subFolders objectForKey: @"personal"])
|
||||
[self _createPersonalFolder];
|
||||
}
|
||||
|
||||
|
@ -413,8 +400,15 @@ static SoSecurityManager *sm = nil;
|
|||
obj = [NSException exceptionWithHTTPStatus: 503];
|
||||
}
|
||||
else
|
||||
obj = [subFolders objectForKey: name];
|
||||
|
||||
{
|
||||
obj = [subFolders objectForKey: name];
|
||||
if (obj && ![self ignoreRights]
|
||||
&& [sm validatePermission: SOGoPerm_AccessObject
|
||||
onObject: obj
|
||||
inContext: context])
|
||||
obj = nil;
|
||||
}
|
||||
|
||||
if (!obj)
|
||||
{
|
||||
// Lookup in subscribed folders
|
||||
|
@ -475,7 +469,7 @@ static SoSecurityManager *sm = nil;
|
|||
|
||||
#warning check error here
|
||||
error = [self initSubFolders];
|
||||
|
||||
|
||||
subs = [subFolders allValues];
|
||||
count = [subs count];
|
||||
for (i = 0; !rc && i < count; i++)
|
||||
|
@ -492,11 +486,20 @@ static SoSecurityManager *sm = nil;
|
|||
NSEnumerator *sortedSubFolders;
|
||||
NSMutableArray *keys;
|
||||
SOGoGCSFolder *currentFolder;
|
||||
BOOL ignoreRights;
|
||||
|
||||
ignoreRights = [self ignoreRights];
|
||||
|
||||
keys = [NSMutableArray array];
|
||||
sortedSubFolders = [[self subFolders] objectEnumerator];
|
||||
while ((currentFolder = [sortedSubFolders nextObject]))
|
||||
[keys addObject: [currentFolder nameInContainer]];
|
||||
{
|
||||
if (ignoreRights
|
||||
|| ![sm validatePermission: SOGoPerm_AccessObject
|
||||
onObject: currentFolder
|
||||
inContext: context])
|
||||
[keys addObject: [currentFolder nameInContainer]];
|
||||
}
|
||||
|
||||
return keys;
|
||||
}
|
||||
|
|
|
@ -983,12 +983,12 @@ class DAVCalendarPublicAclTest(unittest.TestCase):
|
|||
self.subscriber_client.execute(propfind)
|
||||
hrefs = propfind.response["document"] \
|
||||
.findall("{DAV:}response/{DAV:}href")
|
||||
|
||||
self.assertEquals(len(hrefs), 1,
|
||||
"expected only one href in response")
|
||||
"expected 1 href in response instead of %d" % len(hrefs))
|
||||
self.assertEquals(hrefs[0].text, parentColl,
|
||||
"the href must be the 'Calendar' parent coll.")
|
||||
|
||||
|
||||
acl_utility = utilities.TestCalendarACLUtility(self,
|
||||
self.client,
|
||||
self.createdRsrc)
|
||||
|
|
Loading…
Reference in New Issue