tobias/radicale
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #474 from Unrud/patch-31

Browse Source 
PROPFIND rights checking
This commit is contained in:
Guillaume Ayoub
2016-08-11 11:44:43 +02:00
committed by GitHub
parent e66a35e996 4eb04e3526
commit d3d29802ad
1 changed files with 9 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
radicale/__init__.py
View File

@@ -28,6 +28,7 @@ should have been included in this package.
import base64 import base64
import contextlib import contextlib
import itertools
import os import os
import posixpath import posixpath
import pprint import pprint
@@ -521,9 +522,15 @@ class Application:
with self._lock_collection("r", user): with self._lock_collection("r", user):
items = self.Collection.discover( items = self.Collection.discover(
path, environ.get("HTTP_DEPTH", "0")) path, environ.get("HTTP_DEPTH", "0"))
# take root item for rights checking
item = next(items, None)
if not self._access(user, path, "r", item):
return NOT_ALLOWED
if not item:
return client.NOT_FOUND, {}, None
# put item back
items = itertools.chain([item], items)
read_items, write_items = self.collect_allowed_items(items, user) read_items, write_items = self.collect_allowed_items(items, user)
if not read_items and not write_items:
return (client.NOT_FOUND, {}, None) if user else NOT_ALLOWED
headers = {"DAV": DAV_HEADERS, "Content-Type": "text/xml"} headers = {"DAV": DAV_HEADERS, "Content-Type": "text/xml"}
answer = xmlutils.propfind( answer = xmlutils.propfind(
path, content, read_items, write_items, user) path, content, read_items, write_items, user)