Respond to all authenticated PROPFIND requests

This commit is contained in:
Christoph Polcin 2014-01-05 20:54:17 +01:00
parent 2ddec14535
commit 83db27303f
2 changed files with 67 additions and 48 deletions

View File

@ -283,10 +283,14 @@ class Application(object):
read_allowed_items, write_allowed_items = \ read_allowed_items, write_allowed_items = \
self.collect_allowed_items(items, user) self.collect_allowed_items(items, user)
is_authenticated = auth.is_authenticated(user, password)
if ((read_allowed_items or write_allowed_items) if ((read_allowed_items or write_allowed_items)
and (not user or auth.is_authenticated(user, password))) or \ and (not user or is_authenticated)) or \
(is_authenticated and function == self.propfind) or \
function == self.options or not items: function == self.options or not items:
# Collections found, or OPTIONS request, or no items at all # Collections found, or authenticated PROPFIND request,
# or OPTIONS request, or no items at all
status, headers, answer = function( status, headers, answer = function(
environ, read_allowed_items, write_allowed_items, content, environ, read_allowed_items, write_allowed_items, content,
user) user)
@ -294,7 +298,7 @@ class Application(object):
status, headers, answer = NOT_ALLOWED status, headers, answer = NOT_ALLOWED
if ((status, headers, answer) == NOT_ALLOWED and if ((status, headers, answer) == NOT_ALLOWED and
not auth.is_authenticated(user, password) and not is_authenticated and
config.get("auth", "type") != "None"): config.get("auth", "type") != "None"):
# Unknown or unauthorized user # Unknown or unauthorized user
log.LOGGER.info("%s refused" % (user or "Anonymous user")) log.LOGGER.info("%s refused" % (user or "Anonymous user"))

View File

@ -234,9 +234,13 @@ def propfind(path, xml_request, collections, user=None):
# Writing answer # Writing answer
multistatus = ET.Element(_tag("D", "multistatus")) multistatus = ET.Element(_tag("D", "multistatus"))
if collections:
for collection in collections: for collection in collections:
response = _propfind_response(path, collection, props, user) response = _propfind_response(path, collection, props, user)
multistatus.append(response) multistatus.append(response)
else:
response = _propfind_response(path, None, props, user)
multistatus.append(response)
return _pretty_xml(multistatus) return _pretty_xml(multistatus)
@ -251,8 +255,11 @@ def _propfind_response(path, item, props, user):
response = ET.Element(_tag("D", "response")) response = ET.Element(_tag("D", "response"))
href = ET.Element(_tag("D", "href")) href = ET.Element(_tag("D", "href"))
if item:
uri = item.url if is_collection else "%s/%s" % (path, item.name) uri = item.url if is_collection else "%s/%s" % (path, item.name)
href.text = _href(uri.replace("//", "/")) href.text = _href(uri.replace("//", "/"))
else:
href.text = _href(path)
response.append(href) response.append(href)
propstat404 = ET.Element(_tag("D", "propstat")) propstat404 = ET.Element(_tag("D", "propstat"))
@ -268,9 +275,7 @@ def _propfind_response(path, item, props, user):
for tag in props: for tag in props:
element = ET.Element(tag) element = ET.Element(tag)
is404 = False is404 = False
if tag == _tag("D", "getetag"): if tag in (_tag("D", "principal-URL"),
element.text = item.etag
elif tag in (_tag("D", "principal-URL"),
_tag("D", "current-user-principal")): _tag("D", "current-user-principal")):
if user: if user:
tag = ET.Element(_tag("D", "href")) tag = ET.Element(_tag("D", "href"))
@ -317,6 +322,10 @@ def _propfind_response(path, item, props, user):
report_tag.text = report_name report_tag.text = report_name
supported.append(report_tag) supported.append(report_tag)
element.append(supported) element.append(supported)
# item related properties
elif item:
if tag == _tag("D", "getetag"):
element.text = item.etag
elif is_collection: elif is_collection:
if tag == _tag("D", "getcontenttype"): if tag == _tag("D", "getcontenttype"):
element.text = item.mimetype element.text = item.mimetype
@ -361,6 +370,12 @@ def _propfind_response(path, item, props, user):
pass pass
else: else:
is404 = True is404 = True
# Not for items
elif tag == _tag("D", "resourcetype"):
# resourcetype must be returned empty for non-collection elements
pass
else:
is404 = True
if is404: if is404:
prop404.append(element) prop404.append(element)