Use the first matching section for getting rights
This commit is contained in:
parent
9875db9a6c
commit
e807c3d35b
@ -55,8 +55,8 @@ else:
|
|||||||
|
|
||||||
DEFINED_RIGHTS = {
|
DEFINED_RIGHTS = {
|
||||||
"authenticated": "[rw]\nuser:.+\ncollection:.*\npermission:rw",
|
"authenticated": "[rw]\nuser:.+\ncollection:.*\npermission:rw",
|
||||||
"owner_write": "[r]\nuser:.+\ncollection:.*\npermission:r\n"
|
"owner_write": "[w]\nuser:.+\ncollection:^%(login)s(/.*)?$\npermission:rw"
|
||||||
"[w]\nuser:.+\ncollection:^%(login)s(/.*)?$\npermission:w",
|
"[r]\nuser:.+\ncollection:.*\npermission:r\n",
|
||||||
"owner_only": "[rw]\nuser:.+\ncollection:^%(login)s(/.*)?$\npermission:rw",
|
"owner_only": "[rw]\nuser:.+\ncollection:^%(login)s(/.*)?$\npermission:rw",
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -89,8 +89,7 @@ def _read_from_sections(user, collection_url, permission):
|
|||||||
re_collection = re_collection.format(*user_match.groups())
|
re_collection = re_collection.format(*user_match.groups())
|
||||||
if re.match(re_collection, collection_url):
|
if re.match(re_collection, collection_url):
|
||||||
log.LOGGER.debug("Section '%s' matches" % section)
|
log.LOGGER.debug("Section '%s' matches" % section)
|
||||||
if permission in regex.get(section, "permission"):
|
return permission in regex.get(section, "permission")
|
||||||
return True
|
|
||||||
else:
|
else:
|
||||||
log.LOGGER.debug("Section '%s' does not match" % section)
|
log.LOGGER.debug("Section '%s' does not match" % section)
|
||||||
return False
|
return False
|
||||||
@ -99,7 +98,8 @@ def _read_from_sections(user, collection_url, permission):
|
|||||||
def authorized(user, collection, permission):
|
def authorized(user, collection, permission):
|
||||||
"""Check if the user is allowed to read or write the collection.
|
"""Check if the user is allowed to read or write the collection.
|
||||||
|
|
||||||
If the user is empty it checks for anonymous rights
|
If the user is empty, check for anonymous rights.
|
||||||
|
|
||||||
"""
|
"""
|
||||||
collection_url = collection.url.rstrip("/") or "/"
|
collection_url = collection.url.rstrip("/") or "/"
|
||||||
if collection_url in (".well-known/carddav", ".well-known/caldav"):
|
if collection_url in (".well-known/carddav", ".well-known/caldav"):
|
||||||
|
Loading…
Reference in New Issue
Block a user