Use a more simple rights manager

radicale/rights.py

@@ -0,0 +1,86 @@
+# -*- coding: utf-8 -*-
+#
+# This file is part of Radicale Server - Calendar Server
+# Copyright © 2008 Nicolas Kandel
+# Copyright © 2008 Pascal Halter
+# Copyright © 2008-2013 Guillaume Ayoub
+#
+# This library is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Radicale.  If not, see <http://www.gnu.org/licenses/>.
+
+"""
+Rights management.
+
+"""
+
+import re
+import os.path
+
+from . import config, log
+
+# Manage Python2/3 different modules
+# pylint: disable=F0401
+try:
+    from configparser import ConfigParser
+except ImportError:
+    from ConfigParser import ConfigParser
+# pylint: enable=F0401
+
+
+FILENAME = (
+    os.path.expanduser(config.get("rights", "file")) or
+    log.LOGGER.error("No file name configured for rights type 'regex'"))
+DEFINED_RIGHTS = {
+    "none": "[rw]\nuser:.*\ncollection:.*\npermission:rw",
+    "owner_write": "[r]\nuser:.*\ncollection:.*\npermission:r\n"
+                   "[w]\nuser:.*\ncollection:^%(login)s/.+$\npermission:w",
+    "owner_only": "[rw]\nuser:.\ncollection: ^%(login)s/.+$\npermission:rw"}
+
+
+def _read_from_sections(user, collection, permission):
+    """Get regex sections."""
+    regex = ConfigParser({"login": user, "path": collection})
+    rights_type = config.get("rights", "type").lower()
+    if rights_type in DEFINED_RIGHTS:
+        log.LOGGER.debug("Rights type '%s'" % rights_type)
+        regex.read_string(DEFINED_RIGHTS[rights_type])
+    elif rights_type == "from_file":
+        log.LOGGER.debug("Reading rights from file %s" % FILENAME)
+        if not regex.read(FILENAME):
+            log.LOGGER.error("File '%s' not found for rights" % FILENAME)
+            return False
+    else:
+        log.LOGGER.error("Unknown rights type '%s'" % rights_type)
+        return False
+
+    for section in regex.sections():
+        re_user = regex.get(section, "user")
+        re_collection = regex.get(section, "collection")
+        log.LOGGER.debug(
+            "Test if '%s:%s' matches against '%s:%s' from section '%s'" % (
+                user, collection, re_user, re_collection, section))
+        user_match = re.match(re_user, user)
+        if user_match:
+            re_collection = re_collection.format(*user_match.groups())
+            if re.match(re_collection, collection):
+                log.LOGGER.debug("Section '%s' matches" % section)
+                if permission in regex.get(section, "permission"):
+                    return True
+        log.LOGGER.debug("Section '%s' does not match" % section)
+    return False
+
+
+def authorized(user, collection, right):
+    """Check if the user is allowed to read or write the collection."""
+    return user and _read_from_sections(
+        user, collection.url.rstrip("/") or "/", right)