95 lines
2.7 KiB
Python
95 lines
2.7 KiB
Python
# -*- coding: utf-8 -*-
|
|
#
|
|
# This file is part of Radicale Server - Calendar Server
|
|
# Copyright © 2012-2013 Guillaume Ayoub
|
|
#
|
|
# This library is free software: you can redistribute it and/or modify
|
|
# it under the terms of the GNU General Public License as published by
|
|
# the Free Software Foundation, either version 3 of the License, or
|
|
# (at your option) any later version.
|
|
#
|
|
# This library is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with Radicale. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
"""
|
|
File-based rights.
|
|
|
|
The owner is implied to have all rights on their collections.
|
|
|
|
Rights are read from a file whose name is specified in the config (section
|
|
"right", key "file").
|
|
|
|
Example:
|
|
|
|
# This means user1 may read, user2 may write, user3 has full access
|
|
[/user0/calendar]
|
|
user1: r
|
|
user2: w
|
|
user3: rw
|
|
|
|
# user0 can read /user1/cal
|
|
[/user1/cal]
|
|
user0: r
|
|
|
|
# If a collection /a/b is shared and other users than the owner are supposed to
|
|
# find the collection in a propfind request, an additional line for /a has to
|
|
# be in the defintions. E.g.:
|
|
|
|
[/user0]
|
|
user1: r
|
|
|
|
"""
|
|
|
|
from radicale import config, log
|
|
from radicale.rights import owner_only
|
|
# Manage Python2/3 different modules
|
|
# pylint: disable=F0401
|
|
try:
|
|
from configparser import (
|
|
RawConfigParser as ConfigParser, NoSectionError, NoOptionError)
|
|
except ImportError:
|
|
from ConfigParser import (
|
|
RawConfigParser as ConfigParser, NoSectionError, NoOptionError)
|
|
# pylint: enable=F0401
|
|
|
|
|
|
FILENAME = config.get("rights", "file")
|
|
if FILENAME:
|
|
log.LOGGER.debug("Reading rights from file %s" % FILENAME)
|
|
RIGHTS = ConfigParser()
|
|
RIGHTS.read(FILENAME)
|
|
else:
|
|
log.LOGGER.error("No file name configured for rights type 'from_file'")
|
|
RIGHTS = None
|
|
|
|
|
|
def read_authorized(user, collection):
|
|
"""Check if the user is allowed to read the collection."""
|
|
if user is None:
|
|
return False
|
|
elif owner_only.read_authorized(user, collection):
|
|
return True
|
|
else:
|
|
try:
|
|
return "r" in RIGHTS.get(collection.url.rstrip("/") or "/", user)
|
|
except (NoSectionError, NoOptionError):
|
|
return False
|
|
|
|
|
|
def write_authorized(user, collection):
|
|
"""Check if the user is allowed to write the collection."""
|
|
if user is None:
|
|
return False
|
|
elif owner_only.read_authorized(user, collection):
|
|
return True
|
|
else:
|
|
try:
|
|
return "w" in RIGHTS.get(collection.url.rstrip("/") or "/", user)
|
|
except (NoSectionError, NoOptionError):
|
|
return False
|