Use the first matching section for getting rights

This commit is contained in:
Guillaume Ayoub 2015-12-03 15:22:12 +01:00
parent 9875db9a6c
commit e807c3d35b

View File

@ -55,8 +55,8 @@ else:
DEFINED_RIGHTS = { DEFINED_RIGHTS = {
"authenticated": "[rw]\nuser:.+\ncollection:.*\npermission:rw", "authenticated": "[rw]\nuser:.+\ncollection:.*\npermission:rw",
"owner_write": "[r]\nuser:.+\ncollection:.*\npermission:r\n" "owner_write": "[w]\nuser:.+\ncollection:^%(login)s(/.*)?$\npermission:rw"
"[w]\nuser:.+\ncollection:^%(login)s(/.*)?$\npermission:w", "[r]\nuser:.+\ncollection:.*\npermission:r\n",
"owner_only": "[rw]\nuser:.+\ncollection:^%(login)s(/.*)?$\npermission:rw", "owner_only": "[rw]\nuser:.+\ncollection:^%(login)s(/.*)?$\npermission:rw",
} }
@ -89,8 +89,7 @@ def _read_from_sections(user, collection_url, permission):
re_collection = re_collection.format(*user_match.groups()) re_collection = re_collection.format(*user_match.groups())
if re.match(re_collection, collection_url): if re.match(re_collection, collection_url):
log.LOGGER.debug("Section '%s' matches" % section) log.LOGGER.debug("Section '%s' matches" % section)
if permission in regex.get(section, "permission"): return permission in regex.get(section, "permission")
return True
else: else:
log.LOGGER.debug("Section '%s' does not match" % section) log.LOGGER.debug("Section '%s' does not match" % section)
return False return False
@ -99,7 +98,8 @@ def _read_from_sections(user, collection_url, permission):
def authorized(user, collection, permission): def authorized(user, collection, permission):
"""Check if the user is allowed to read or write the collection. """Check if the user is allowed to read or write the collection.
If the user is empty it checks for anonymous rights If the user is empty, check for anonymous rights.
""" """
collection_url = collection.url.rstrip("/") or "/" collection_url = collection.url.rstrip("/") or "/"
if collection_url in (".well-known/carddav", ".well-known/caldav"): if collection_url in (".well-known/carddav", ".well-known/caldav"):