Improve rights checking and request handlers

* Access rights are checked before the storage is locked and
    collections are loaded.
  * DELETE sends 410 instead of doing nothing or crashing if the target
    doesn't exist.
  * GET always returns 404 if the target doesn't exist.
  * GET doesn't crash if a collection without tag property is requested.
  * MKCOL and MKCALENDAR send 409 if the target already exists.
  * MOVE checks if the target collection of an item actually exists and
    sends 409 otherwise.
  * PUT doesn't crash if a whole collection that doesn't exist yet is
    uploaded and ``content-type`` is ``text/vcard`` or
    ``text/calendar``.
  * PUT distinguishes between simple items and whole collections by the
    following criteria: Target is a collection; Parent exists; Parent
    has the tag property set; Parent contains other items. Before only
    the first two criteria where used, which was very unrelieable. #384
  * PROPPATCH is only allowed on collections and 409 is send otherwise.
  * ``Rights.authorized`` takes a path instead of a collection.
  * ``Collection.discover`` only returns items in ``path``, that
    actually exist. #442

radicale/tests/test_base.py

@@ -133,6 +133,36 @@ class BaseRequests:
         status, headers, answer = self.request("GET", "/calendar.ics/")
         assert "VEVENT" not in answer
 
+    def test_mkcalendar(self):
+        """Make a calendar."""
+        self.request("MKCALENDAR", "/calendar.ics/")
+        status, headers, answer = self.request("GET", "/calendar.ics/")
+        assert status == 200
+
+    def test_move(self):
+        """Move a item."""
+        self.request("MKCALENDAR", "/calendar.ics/")
+        event = get_file_content("event1.ics")
+        path1 = "/calendar.ics/event1.ics"
+        path2 = "/calendar.ics/event2.ics"
+        status, headers, answer = self.request("PUT", path1, event)
+        status, headers, answer = self.request(
+            "MOVE", path1, HTTP_DESTINATION=path2, HTTP_HOST="")
+        assert status == 201
+        status, headers, answer = self.request("GET", path1)
+        assert status == 404
+        status, headers, answer = self.request("GET", path2)
+        assert status == 200
+
+    def test_head(self):
+        status, headers, answer = self.request("HEAD", "/")
+        assert status == 200
+
+    def test_options(self):
+        status, headers, answer = self.request("OPTIONS", "/")
+        assert status == 200
+        assert "DAV" in headers
+
     def test_multiple_events_with_same_uid(self):
         """Add two events with the same UID."""
         self.request("MKCOL", "/calendar.ics/")