Respond to all authenticated PROPFIND requests
This commit is contained in:
parent
2ddec14535
commit
83db27303f
@ -283,10 +283,14 @@ class Application(object):
|
|||||||
read_allowed_items, write_allowed_items = \
|
read_allowed_items, write_allowed_items = \
|
||||||
self.collect_allowed_items(items, user)
|
self.collect_allowed_items(items, user)
|
||||||
|
|
||||||
|
is_authenticated = auth.is_authenticated(user, password)
|
||||||
|
|
||||||
if ((read_allowed_items or write_allowed_items)
|
if ((read_allowed_items or write_allowed_items)
|
||||||
and (not user or auth.is_authenticated(user, password))) or \
|
and (not user or is_authenticated)) or \
|
||||||
|
(is_authenticated and function == self.propfind) or \
|
||||||
function == self.options or not items:
|
function == self.options or not items:
|
||||||
# Collections found, or OPTIONS request, or no items at all
|
# Collections found, or authenticated PROPFIND request,
|
||||||
|
# or OPTIONS request, or no items at all
|
||||||
status, headers, answer = function(
|
status, headers, answer = function(
|
||||||
environ, read_allowed_items, write_allowed_items, content,
|
environ, read_allowed_items, write_allowed_items, content,
|
||||||
user)
|
user)
|
||||||
@ -294,7 +298,7 @@ class Application(object):
|
|||||||
status, headers, answer = NOT_ALLOWED
|
status, headers, answer = NOT_ALLOWED
|
||||||
|
|
||||||
if ((status, headers, answer) == NOT_ALLOWED and
|
if ((status, headers, answer) == NOT_ALLOWED and
|
||||||
not auth.is_authenticated(user, password) and
|
not is_authenticated and
|
||||||
config.get("auth", "type") != "None"):
|
config.get("auth", "type") != "None"):
|
||||||
# Unknown or unauthorized user
|
# Unknown or unauthorized user
|
||||||
log.LOGGER.info("%s refused" % (user or "Anonymous user"))
|
log.LOGGER.info("%s refused" % (user or "Anonymous user"))
|
||||||
|
@ -234,9 +234,13 @@ def propfind(path, xml_request, collections, user=None):
|
|||||||
# Writing answer
|
# Writing answer
|
||||||
multistatus = ET.Element(_tag("D", "multistatus"))
|
multistatus = ET.Element(_tag("D", "multistatus"))
|
||||||
|
|
||||||
|
if collections:
|
||||||
for collection in collections:
|
for collection in collections:
|
||||||
response = _propfind_response(path, collection, props, user)
|
response = _propfind_response(path, collection, props, user)
|
||||||
multistatus.append(response)
|
multistatus.append(response)
|
||||||
|
else:
|
||||||
|
response = _propfind_response(path, None, props, user)
|
||||||
|
multistatus.append(response)
|
||||||
|
|
||||||
return _pretty_xml(multistatus)
|
return _pretty_xml(multistatus)
|
||||||
|
|
||||||
@ -251,8 +255,11 @@ def _propfind_response(path, item, props, user):
|
|||||||
response = ET.Element(_tag("D", "response"))
|
response = ET.Element(_tag("D", "response"))
|
||||||
|
|
||||||
href = ET.Element(_tag("D", "href"))
|
href = ET.Element(_tag("D", "href"))
|
||||||
|
if item:
|
||||||
uri = item.url if is_collection else "%s/%s" % (path, item.name)
|
uri = item.url if is_collection else "%s/%s" % (path, item.name)
|
||||||
href.text = _href(uri.replace("//", "/"))
|
href.text = _href(uri.replace("//", "/"))
|
||||||
|
else:
|
||||||
|
href.text = _href(path)
|
||||||
response.append(href)
|
response.append(href)
|
||||||
|
|
||||||
propstat404 = ET.Element(_tag("D", "propstat"))
|
propstat404 = ET.Element(_tag("D", "propstat"))
|
||||||
@ -268,9 +275,7 @@ def _propfind_response(path, item, props, user):
|
|||||||
for tag in props:
|
for tag in props:
|
||||||
element = ET.Element(tag)
|
element = ET.Element(tag)
|
||||||
is404 = False
|
is404 = False
|
||||||
if tag == _tag("D", "getetag"):
|
if tag in (_tag("D", "principal-URL"),
|
||||||
element.text = item.etag
|
|
||||||
elif tag in (_tag("D", "principal-URL"),
|
|
||||||
_tag("D", "current-user-principal")):
|
_tag("D", "current-user-principal")):
|
||||||
if user:
|
if user:
|
||||||
tag = ET.Element(_tag("D", "href"))
|
tag = ET.Element(_tag("D", "href"))
|
||||||
@ -317,6 +322,10 @@ def _propfind_response(path, item, props, user):
|
|||||||
report_tag.text = report_name
|
report_tag.text = report_name
|
||||||
supported.append(report_tag)
|
supported.append(report_tag)
|
||||||
element.append(supported)
|
element.append(supported)
|
||||||
|
# item related properties
|
||||||
|
elif item:
|
||||||
|
if tag == _tag("D", "getetag"):
|
||||||
|
element.text = item.etag
|
||||||
elif is_collection:
|
elif is_collection:
|
||||||
if tag == _tag("D", "getcontenttype"):
|
if tag == _tag("D", "getcontenttype"):
|
||||||
element.text = item.mimetype
|
element.text = item.mimetype
|
||||||
@ -361,6 +370,12 @@ def _propfind_response(path, item, props, user):
|
|||||||
pass
|
pass
|
||||||
else:
|
else:
|
||||||
is404 = True
|
is404 = True
|
||||||
|
# Not for items
|
||||||
|
elif tag == _tag("D", "resourcetype"):
|
||||||
|
# resourcetype must be returned empty for non-collection elements
|
||||||
|
pass
|
||||||
|
else:
|
||||||
|
is404 = True
|
||||||
|
|
||||||
if is404:
|
if is404:
|
||||||
prop404.append(element)
|
prop404.append(element)
|
||||||
|
Loading…
Reference in New Issue
Block a user