Simplify Rights plugin interface

2020-04-09 22:02:03 +02:00
parent 8ca01a4989
commit f6a3a19680
11 changed files with 51 additions and 43 deletions
--- a/radicale/app/init.py
+++ b/radicale/app/init.py
@ -264,7 +264,7 @@ class Application(
        # Create principal collection
        if user:
            principal_path = "/%s/" % user
-            if self._rights.authorized(user, principal_path, "W"):
+            if "W" in self._rights.authorization(user, principal_path):
                with self._storage.acquire_lock("r", user):
                    principal = next(
                        self._storage.discover(principal_path, depth="1"),
@ -328,12 +328,14 @@ class Application(
        else:
            permissions = ""
            parent_permissions = permission
-        if permissions and self._rights.authorized(user, path, permissions):
+        if permissions and rights.intersect(
+                self._rights.authorization(user, path), permissions):
            return True
        if parent_permissions:
            parent_path = pathutils.unstrip_path(
                posixpath.dirname(pathutils.strip_path(path)), True)
-            if self._rights.authorized(user, parent_path, parent_permissions):
+            if rights.intersect(self._rights.authorization(user, parent_path),
+                                parent_permissions):
                return True
        return False

--- a/radicale/app/mkcalendar.py
+++ b/radicale/app/mkcalendar.py
@ -30,7 +30,7 @@ from radicale.log import logger
 class ApplicationMkcalendarMixin:
    def do_MKCALENDAR(self, environ, base_prefix, path, user):
        """Manage MKCALENDAR request."""
-        if not self._rights.authorized(user, path, "w"):
+        if "w" not in self._rights.authorization(user, path):
            return httputils.NOT_ALLOWED
        try:
            xml_content = self._read_xml_content(environ)
--- a/radicale/app/mkcol.py
+++ b/radicale/app/mkcol.py
@ -23,14 +23,15 @@ from http import client

 from radicale import httputils
 from radicale import item as radicale_item
-from radicale import pathutils, storage, xmlutils
+from radicale import pathutils, rights, storage, xmlutils
 from radicale.log import logger


 class ApplicationMkcolMixin:
    def do_MKCOL(self, environ, base_prefix, path, user):
        """Manage MKCOL request."""
-        permissions = self._rights.authorized(user, path, "Ww")
+        permissions = rights.intersect(
+            self._rights.authorization(user, path), "Ww")
        if not permissions:
            return httputils.NOT_ALLOWED
        try:
--- a/radicale/app/propfind.py
+++ b/radicale/app/propfind.py
@ -314,19 +314,22 @@ class ApplicationPropfindMixin:
            if isinstance(item, storage.BaseCollection):
                path = pathutils.unstrip_path(item.path, True)
                if item.get_meta("tag"):
-                    permissions = self._rights.authorized(user, path, "rw")
+                    permissions = rights.intersect(
+                        self._rights.authorization(user, path), "rw")
                    target = "collection with tag %r" % item.path
                else:
-                    permissions = self._rights.authorized(user, path, "RW")
+                    permissions = rights.intersect(
+                        self._rights.authorization(user, path), "RW")
                    target = "collection %r" % item.path
            else:
                path = pathutils.unstrip_path(item.collection.path, True)
-                permissions = self._rights.authorized(user, path, "rw")
+                permissions = rights.intersect(
+                    self._rights.authorization(user, path), "rw")
                target = "item %r from %r" % (item.href, item.collection.path)
-            if rights.intersect_permissions(permissions, "Ww"):
+            if rights.intersect(permissions, "Ww"):
                permission = "w"
                status = "write"
-            elif rights.intersect_permissions(permissions, "Rr"):
+            elif rights.intersect(permissions, "Rr"):
                permission = "r"
                status = "read"
            else:
--- a/radicale/app/put.py
+++ b/radicale/app/put.py
@ -27,7 +27,7 @@ import vobject

 from radicale import httputils
 from radicale import item as radicale_item
-from radicale import pathutils, storage, xmlutils
+from radicale import pathutils, rights, storage, xmlutils
 from radicale.log import logger

 MIMETYPE_TAGS = {value: key for key, value in xmlutils.MIMETYPES.items()}
@ -128,8 +128,10 @@ class ApplicationPutMixin:
        content_type = environ.get("CONTENT_TYPE", "").split(";")[0]
        parent_path = pathutils.unstrip_path(
            posixpath.dirname(pathutils.strip_path(path)), True)
-        permissions = self._rights.authorized(user, path, "Ww")
-        parent_permissions = self._rights.authorized(user, parent_path, "w")
+        permissions = rights.intersect(
+            self._rights.authorization(user, path), "Ww")
+        parent_permissions = rights.intersect(
+            self._rights.authorization(user, parent_path), "w")
        try:
            vobject_items = tuple(vobject.readComponents(content or ""))
        except Exception as e:
@ -157,10 +159,10 @@ class ApplicationPutMixin:
                tag = parent_item.get_meta("tag")

            if write_whole_collection:
-                if not self._rights.authorized(
-                        user, path, "w" if tag else "W"):
+                if ("w" if tag else "W") not in self._rights.authorization(
+                        user, path):
                    return httputils.NOT_ALLOWED
-            elif not self._rights.authorized(user, parent_path, "w"):
+            elif "w" not in self._rights.authorization(user, parent_path):
                return httputils.NOT_ALLOWED

            etag = environ.get("HTTP_IF_MATCH", "")