Use the same import mechanisms for auth, storage, rights

2012-08-09 15:39:01 +02:00
parent 3ddbb80674
commit 17857654b0
7 changed files with 113 additions and 134 deletions
--- a/radicale/init.py
+++ b/radicale/init.py
@@ -46,11 +46,17 @@ except ImportError:
    from urlparse import urlparse
 # pylint: enable=F0401,E0611

-from radicale import access, config, ical, log, storage, xmlutils
+from radicale import auth, config, ical, log, rights, storage, xmlutils


 VERSION = "git"

+# Standard "not allowed" response
+NOT_ALLOWED = (
+    client.FORBIDDEN,
+    {"WWW-Authenticate": "Basic realm=\"Radicale - Password Required\""},
+    None)
+

 class HTTPServer(wsgiref.simple_server.WSGIServer, object):
    """HTTP server."""
@@ -119,7 +125,8 @@ class Application(object):
    def __init__(self):
        """Initialize application."""
        super(Application, self).__init__()
-        access.load()
+        auth.load()
+        rights.load()
        storage.load()
        self.encoding = config.get("encoding", "request")
        if config.getboolean("logging", "full_environment"):
@@ -202,20 +209,21 @@ class Application(object):
        authorization = environ.get("HTTP_AUTHORIZATION", None)

        if authorization:
-            auth = authorization.lstrip("Basic").strip().encode("ascii")
+            authorization = \
+                authorization.lstrip("Basic").strip().encode("ascii")
            user, password = self.decode(
-                base64.b64decode(auth), environ).split(":")
+                base64.b64decode(authorization), environ).split(":")
        else:
            user = password = None

        if not items or function == self.options or \
-                access.is_authenticated(user, password):
+                auth.is_authenticated(user, password):
            last_collection_allowed = None
            allowed_items = []
            for item in items:
                if isinstance(item, ical.Collection):
-                    if access.read_authorized(user, item) or \
-                            access.write_authorized(user, item):
+                    if rights.read_authorized(user, item) or \
+                            rights.write_authorized(user, item):
                        log.LOGGER.info("%s has access to collection %s" % (
                            user, item.name or "/"))
                        last_collection_allowed = True
@@ -277,13 +285,6 @@ class Application(object):
        # Return response content
        return [answer] if answer else []

-    def response_not_allowed(self):
-        """Return a standard "not allowed" response."""
-        headers = {
-            "WWW-Authenticate":
-            "Basic realm=\"Radicale Server - Password Required\""}
-        return client.FORBIDDEN, headers, None
-
    # All these functions must have the same parameters, some are useless
    # pylint: disable=W0612,W0613,R0201

@@ -304,11 +305,11 @@ class Application(object):
            etag = environ.get("HTTP_IF_MATCH", item.etag).replace("\\", "")
            if etag == item.etag:
                # No ETag precondition or precondition verified, delete item
-                if access.write_authorized(user, collection):
+                if rights.write_authorized(user, collection):
                    answer = xmlutils.delete(environ["PATH_INFO"], collection)
                    return client.OK, {}, answer
                else:
-                    return self.response_not_allowed()
+                    return NOT_ALLOWED

        # No item or ETag precondition not verified, do not delete item
        return client.PRECONDITION_FAILED, {}, None
@@ -334,36 +335,35 @@ class Application(object):
            # Get collection item
            item = collection.get_item(item_name)
            if item:
-                if access.read_authorized(user, collection):
+                if rights.read_authorized(user, collection):
                    items = collection.timezones
                    items.append(item)
                    answer_text = ical.serialize(
                        collection.tag, collection.headers, items)
                    etag = item.etag
                else:
-                    return self.response_not_allowed()
+                    return NOT_ALLOWED
            else:
                return client.GONE, {}, None
        else:
            # Create the collection if it does not exist
            if not collection.exists and \
-                    access.write_authorized(user, collection):
+                    rights.write_authorized(user, collection):
                log.LOGGER.debug("Creating collection %s" % collection.name)
                collection.write()

-            if access.read_authorized(user, collection):
+            if rights.read_authorized(user, collection):
                # Get whole collection
                answer_text = collection.text
                etag = collection.etag
+                headers = {
+                    "Content-Type": collection.mimetype,
+                    "Last-Modified": collection.last_modified,
+                    "ETag": etag}
+                answer = answer_text.encode(self.encoding)
+                return client.OK, headers, answer
            else:
-                return self.response_not_allowed()
-
-        headers = {
-            "Content-Type": collection.mimetype,
-            "Last-Modified": collection.last_modified,
-            "ETag": etag}
-        answer = answer_text.encode(self.encoding)
-        return client.OK, headers, answer
+                return NOT_ALLOWED

    def head(self, environ, collections, content, user):
        """Manage HEAD request."""
@@ -373,32 +373,32 @@ class Application(object):
    def mkcalendar(self, environ, collections, content, user):
        """Manage MKCALENDAR request."""
        collection = collections[0]
-        props = xmlutils.props_from_request(content)
-        timezone = props.get("C:calendar-timezone")
-        if timezone:
-            collection.replace("", timezone)
-            del props["C:calendar-timezone"]
-        with collection.props as collection_props:
-            for key, value in props.items():
-                collection_props[key] = value
-        if access.write_authorized(user, collection):
-            collection.write()
+        if rights.write_authorized(user, collection):
+            props = xmlutils.props_from_request(content)
+            timezone = props.get("C:calendar-timezone")
+            if timezone:
+                collection.replace("", timezone)
+                del props["C:calendar-timezone"]
+            with collection.props as collection_props:
+                for key, value in props.items():
+                    collection_props[key] = value
+                collection.write()
+            return client.CREATED, {}, None
        else:
-            return self.response_not_allowed()
-        return client.CREATED, {}, None
+            return NOT_ALLOWED

    def mkcol(self, environ, collections, content, user):
        """Manage MKCOL request."""
        collection = collections[0]
-        props = xmlutils.props_from_request(content)
-        with collection.props as collection_props:
-            for key, value in props.items():
-                collection_props[key] = value
-        if access.write_authorized(user, collection):
+        if rights.write_authorized(user, collection):
+            props = xmlutils.props_from_request(content)
+            with collection.props as collection_props:
+                for key, value in props.items():
+                    collection_props[key] = value
            collection.write()
+            return client.CREATED, {}, None
        else:
-            return self.response_not_allowed()
-        return client.CREATED, {}, None
+            return NOT_ALLOWED

    def move(self, environ, collections, content, user):
        """Manage MOVE request."""
@@ -415,13 +415,13 @@ class Application(object):
                    to_path, to_name = to_url.rstrip("/").rsplit("/", 1)
                    to_collection = ical.Collection.from_path(
                        to_path, depth="0")[0]
-                    if access.write_authorized(user, to_collection) and \
-                            access.write_authorized(user.from_collection):
+                    if rights.write_authorized(user, to_collection) and \
+                            rights.write_authorized(user.from_collection):
                        to_collection.append(to_name, item.text)
                        from_collection.remove(from_name)
                        return client.CREATED, {}, None
                    else:
-                        return self.response_not_allowed()
+                        return NOT_ALLOWED
                else:
                    # Remote destination server, not supported
                    return client.BAD_GATEWAY, {}, None
@@ -442,6 +442,7 @@ class Application(object):

    def propfind(self, environ, collections, content, user):
        """Manage PROPFIND request."""
+        # Rights is handled by collection in xmlutils.propfind
        headers = {
            "DAV": "1, 2, 3, calendar-access, addressbook, extended-mkcol",
            "Content-Type": "text/xml"}
@@ -452,11 +453,15 @@ class Application(object):
    def proppatch(self, environ, collections, content, user):
        """Manage PROPPATCH request."""
        collection = collections[0]
-        answer = xmlutils.proppatch(environ["PATH_INFO"], content, collection)
-        headers = {
-            "DAV": "1, 2, 3, calendar-access, addressbook, extended-mkcol",
-            "Content-Type": "text/xml"}
-        return client.MULTI_STATUS, headers, answer
+        if rights.write_authorized(user, collection):
+            answer = xmlutils.proppatch(
+                environ["PATH_INFO"], content, collection)
+            headers = {
+                "DAV": "1, 2, 3, calendar-access, addressbook, extended-mkcol",
+                "Content-Type": "text/xml"}
+            return client.MULTI_STATUS, headers, answer
+        else:
+            return NOT_ALLOWED

    def put(self, environ, collections, content, user):
        """Manage PUT request."""
@@ -474,7 +479,7 @@ class Application(object):
            # Case 1: No item and no ETag precondition: Add new item
            # Case 2: Item and ETag precondition verified: Modify item
            # Case 3: Item and no Etag precondition: Force modifying item
-            if access.write_authorized(user, collection):
+            if rights.write_authorized(user, collection):
                xmlutils.put(environ["PATH_INFO"], content, collection)
                status = client.CREATED
                # Try to return the etag in the header.
@@ -485,7 +490,7 @@ class Application(object):
                if new_item:
                    headers["ETag"] = new_item.etag
            else:
-                return self.response_not_allowed()
+                return NOT_ALLOWED
        else:
            # PUT rejected in all other cases
            status = client.PRECONDITION_FAILED
@@ -495,10 +500,10 @@ class Application(object):
        """Manage REPORT request."""
        collection = collections[0]
        headers = {"Content-Type": "text/xml"}
-        if access.read_authorized(user, collection):
+        if rights.read_authorized(user, collection):
            answer = xmlutils.report(environ["PATH_INFO"], content, collection)
            return client.MULTI_STATUS, headers, answer
        else:
-            return self.response_not_allowed()
+            return NOT_ALLOWED

    # pylint: enable=W0612,W0613,R0201