tobias/radicale
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #140 from mike-perdide/regex_file_coherence

Browse Source 
Regex file coherence
This commit is contained in:
Guillaume Ayoub 2014-04-15 16:47:39 +02:00
commit 4b8308a3ec
1 changed files with 9 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
radicale/rights/regex.py
View File

@ -57,11 +57,11 @@ DEFINED_RIGHTS = {
"owner_only": "[rw]\nuser:.*\ncollection:^%(login)s/.+$\npermission:rw"} "owner_only": "[rw]\nuser:.*\ncollection:^%(login)s/.+$\npermission:rw"}
def _read_from_sections(user, collection, permission): def _read_from_sections(user, collection_url, permission):
"""Get regex sections.""" """Get regex sections."""
filename = os.path.expanduser(config.get("rights", "file")) filename = os.path.expanduser(config.get("rights", "file"))
rights_type = config.get("rights", "type").lower() rights_type = config.get("rights", "type").lower()
regex = ConfigParser({"login": user, "path": collection}) regex = ConfigParser({"login": user, "path": collection_url})
if rights_type in DEFINED_RIGHTS: if rights_type in DEFINED_RIGHTS:
log.LOGGER.debug("Rights type '%s'" % rights_type) log.LOGGER.debug("Rights type '%s'" % rights_type)
regex.readfp(StringIO(DEFINED_RIGHTS[rights_type])) regex.readfp(StringIO(DEFINED_RIGHTS[rights_type]))
@ -79,27 +79,28 @@ def _read_from_sections(user, collection, permission):
re_collection = regex.get(section, "collection") re_collection = regex.get(section, "collection")
log.LOGGER.debug( log.LOGGER.debug(
"Test if '%s:%s' matches against '%s:%s' from section '%s'" % ( "Test if '%s:%s' matches against '%s:%s' from section '%s'" % (
user, collection, re_user, re_collection, section)) user, collection_url, re_user, re_collection, section))
user_match = re.match(re_user, user) user_match = re.match(re_user, user)
if user_match: if user_match:
re_collection = re_collection.format(*user_match.groups()) re_collection = re_collection.format(*user_match.groups())
if re.match(re_collection, collection): if re.match(re_collection, collection_url):
log.LOGGER.debug("Section '%s' matches" % section) log.LOGGER.debug("Section '%s' matches" % section)
if permission in regex.get(section, "permission"): if permission in regex.get(section, "permission"):
return True return True
log.LOGGER.debug("Section '%s' does not match" % section) else:
log.LOGGER.debug("Section '%s' does not match" % section)
return False return False
def authorized(user, collection, right): def authorized(user, collection, permission):
"""Check if the user is allowed to read or write the collection. """Check if the user is allowed to read or write the collection.
If the user is empty it checks for anonymous rights If the user is empty it checks for anonymous rights
""" """
collection_url = collection.url.rstrip("/") or "/" collection_url = collection.url.rstrip("/") or "/"
if collection_url in (".well-known/carddav", ".well-known/caldav"): if collection_url in (".well-known/carddav", ".well-known/caldav"):
return right == "r" return permission == "r"
rights_type = config.get("rights", "type").lower() rights_type = config.get("rights", "type").lower()
return ( return (
rights_type == "none" or rights_type == "none" or
_read_from_sections(user or "", collection_url, right)) _read_from_sections(user or "", collection_url, permission))