Softly ignore /user/ PROPFIND and REPORT requests (references #181)

radicale/__init__.py

@@ -55,6 +55,11 @@ def _check(request, function):
     """Check if user has sufficient rights for performing ``request``."""
     # ``_check`` decorator can access ``request`` protected functions
     # pylint: disable=W0212
+
+    # If we have no calendar, don't check rights
+    if not request._calendar:
+        return function(request)
+
     authorization = request.headers.get("Authorization", None)
     if authorization:
         challenge = authorization.lstrip("Basic").strip().encode("ascii")

radicale/xmlutils.py

@@ -95,12 +95,15 @@ def propfind(path, xml_request, calendar, depth):
     # Writing answer
     multistatus = ET.Element(_tag("D", "multistatus"))
 
+    if calendar:
         if depth == "0":
             items = [calendar]
         else:
             # depth is 1, infinity or not specified
             # we limit ourselves to depth == 1
             items = [calendar] + calendar.events + calendar.todos
+    else:
+        items = []
 
     for item in items:
         is_calendar = isinstance(item, ical.Calendar)
@@ -191,12 +194,15 @@ def report(path, xml_request, calendar):
     prop_list = prop_element.getchildren()
     props = [prop.tag for prop in prop_list]
 
+    if calendar:
         if root.tag == _tag("C", "calendar-multiget"):
             # Read rfc4791-7.9 for info
             hreferences = set((href_element.text for href_element
                                in root.findall(_tag("D", "href"))))
         else:
             hreferences = (path,)
+    else:
+        hreferences = ()
 
     # Writing answer
     multistatus = ET.Element(_tag("D", "multistatus"))