From f294b1cf17c7bfe32bfd24b9190c99fc85403c86 Mon Sep 17 00:00:00 2001
From: Unrud <unrud@openaliasbox.org>
Date: Mon, 8 Aug 2016 06:59:15 +0200
Subject: [PATCH] Add access check to PROPFIND

---
 radicale/__init__.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/radicale/__init__.py b/radicale/__init__.py
index f826281..3244cb8 100644
--- a/radicale/__init__.py
+++ b/radicale/__init__.py
@@ -509,6 +509,8 @@ class Application:
 
     def do_PROPFIND(self, environ, path, content, user):
         """Manage PROPFIND request."""
+        if not self._access(user, path, "r"):
+            return NOT_ALLOWED
         with self._lock_collection("r", user):
             items = self.Collection.discover(
                 path, environ.get("HTTP_DEPTH", "0"))