Simplify Rights plugin interface

2020-04-09 22:02:03 +02:00
parent 8ca01a4989
commit f6a3a19680
11 changed files with 51 additions and 43 deletions
--- a/radicale/rights/init.py
+++ b/radicale/rights/init.py
@@ -40,7 +40,12 @@ def load(configuration):
    return utils.load_plugin(INTERNAL_TYPES, "rights", "Rights", configuration)


-def intersect_permissions(a, b="RrWw"):
+def intersect(a, b):
+    """Intersect two lists of rights.
+
+    Returns all rights that are both in ``a`` and ``b``.
+
+    """
    return "".join(set(a).intersection(set(b)))


@@ -55,16 +60,14 @@ class BaseRights:
        """
        self.configuration = configuration

-    def authorized(self, user, path, permissions):
-        """Check if the user is allowed to read or write the collection.
+    def authorization(self, user, path):
+        """Get granted rights of ``user`` for the collection ``path``.

        If ``user`` is empty, check for anonymous rights.

        ``path`` is sanitized.

-        ``permissions`` can include "R", "r", "W", "w"
-
-        Returns granted rights.
+        Returns granted rights (e.g. ``"RW"``).

        """
        raise NotImplementedError
--- a/radicale/rights/authenticated.py
+++ b/radicale/rights/authenticated.py
@@ -29,12 +29,12 @@ class Rights(rights.BaseRights):
        super().__init__(*args, **kwargs)
        self._verify_user = self.configuration.get("auth", "type") != "none"

-    def authorized(self, user, path, permissions):
+    def authorization(self, user, path):
        if self._verify_user and not user:
            return ""
        sane_path = pathutils.strip_path(path)
        if "/" not in sane_path:
-            return rights.intersect_permissions(permissions, "RW")
+            return "RW"
        if sane_path.count("/") == 1:
-            return rights.intersect_permissions(permissions, "rw")
+            return "rw"
        return ""
--- a/radicale/rights/from_file.py
+++ b/radicale/rights/from_file.py
@@ -45,7 +45,7 @@ class Rights(rights.BaseRights):
        super().__init__(configuration)
        self._filename = configuration.get("rights", "file")

-    def authorized(self, user, path, permissions):
+    def authorization(self, user, path):
        user = user or ""
        sane_path = pathutils.strip_path(path)
        # Prevent "regex injection"
@@ -75,8 +75,7 @@ class Rights(rights.BaseRights):
                logger.debug("Rule %r:%r matches %r:%r from section %r",
                             user, sane_path, user_pattern,
                             collection_pattern, section)
-                return rights.intersect_permissions(
-                    permissions, rights_config.get(section, "permissions"))
+                return rights_config.get(section, "permissions")
            logger.debug("Rule %r:%r doesn't match %r:%r from section %r",
                         user, sane_path, user_pattern, collection_pattern,
                         section)
--- a/radicale/rights/owner_only.py
+++ b/radicale/rights/owner_only.py
@@ -22,20 +22,20 @@ calendars and address books.
 """

 import radicale.rights.authenticated as authenticated
-from radicale import pathutils, rights
+from radicale import pathutils


 class Rights(authenticated.Rights):
-    def authorized(self, user, path, permissions):
+    def authorization(self, user, path):
        if self._verify_user and not user:
            return ""
        sane_path = pathutils.strip_path(path)
        if not sane_path:
-            return rights.intersect_permissions(permissions, "R")
+            return "R"
        if self._verify_user and user != sane_path.split("/", maxsplit=1)[0]:
            return ""
        if "/" not in sane_path:
-            return rights.intersect_permissions(permissions, "RW")
+            return "RW"
        if sane_path.count("/") == 1:
-            return rights.intersect_permissions(permissions, "rw")
+            return "rw"
        return ""
--- a/radicale/rights/owner_write.py
+++ b/radicale/rights/owner_write.py
@@ -22,24 +22,22 @@ address books but only grants write access to their own.
 """

 import radicale.rights.authenticated as authenticated
-from radicale import pathutils, rights
+from radicale import pathutils


 class Rights(authenticated.Rights):
-    def authorized(self, user, path, permissions):
+    def authorization(self, user, path):
        if self._verify_user and not user:
            return ""
        sane_path = pathutils.strip_path(path)
        if not sane_path:
-            return rights.intersect_permissions(permissions, "R")
+            return "R"
        if self._verify_user:
            owned = user == sane_path.split("/", maxsplit=1)[0]
        else:
            owned = True
        if "/" not in sane_path:
-            return rights.intersect_permissions(permissions,
-                                                "RW" if owned else "R")
+            return "RW" if owned else "R"
        if sane_path.count("/") == 1:
-            return rights.intersect_permissions(permissions,
-                                                "rw" if owned else "r")
+            return "rw" if owned else "r"
        return ""