def doDirectoryAddressBookResponse():
directoryAddressBookLock = None
try:
# Verify that requested resources are immediate children of the request-URI
# and get vCardFilters ;similar to "normal" case below but do not call getChild()
vCardFilters = []
valid_hrefs = []
for href in resources:
resource_uri = str(href)
resource_name = unquote(resource_uri[resource_uri.rfind("/") + 1:])
if self._isChildURI(request, resource_uri) and resource_name.endswith(".vcf") and len(resource_name) > 4:
valid_hrefs.append(href)
textMatchElement = carddavxml.TextMatch.fromString(resource_name[:-4])
textMatchElement.attributes["match-type"] = "equals" # do equals compare. Default is "contains"
vCardFilters.append(carddavxml.PropertyFilter(
textMatchElement,
name="UID", # attributes
))
else:
responses.append(davxml.StatusResponse(href, davxml.Status.fromResponseCode(responsecode.NOT_FOUND)))
# exit if not valid
if not vCardFilters or not valid_hrefs:
returnValue(None)
addressBookFilter = carddavxml.Filter(*vCardFilters)
addressBookFilter = Filter(addressBookFilter)
# get vCards and filter
limit = config.DirectoryAddressBook.MaxQueryResults
results, limited = (yield self.doAddressBookDirectoryQuery(addressBookFilter, propertyreq, limit, defaultKind=None))
if limited:
log.error("Too many results in multiget report: {count}", count=len(resources))
raise HTTPError(ErrorResponse(
responsecode.FORBIDDEN,
(dav_namespace, "number-of-matches-within-limits"),
"Too many results",
))
for href in valid_hrefs:
matchingResource = None
for vCardResource in results:
if href == vCardResource.hRef(): # might need to compare urls instead - also case sens ok?
matchingResource = vCardResource
break
if matchingResource:
yield report_common.responseForHref(request, responses, href, matchingResource, propertiesForResource, propertyreq, vcard=matchingResource.vCard())
else:
responses.append(davxml.StatusResponse(href, davxml.Status.fromResponseCode(responsecode.NOT_FOUND)))
finally:
if directoryAddressBookLock:
yield directoryAddressBookLock.release()
def responseForHref(request, responses, href, resource, propertiesForResource,
propertyreq):
if propertiesForResource is not None:
properties_by_status = waitForDeferred(
propertiesForResource(request, propertyreq, resource))
yield properties_by_status
properties_by_status = properties_by_status.getResult()
propstats = []
for status in properties_by_status:
properties = properties_by_status[status]
if properties:
xml_status = element.Status.fromResponseCode(status)
xml_container = element.PropertyContainer(*properties)
xml_propstat = element.PropertyStatus(xml_container,
xml_status)
propstats.append(xml_propstat)
if propstats:
responses.append(element.PropertyStatusResponse(href, *propstats))
else:
responses.append(
element.StatusResponse(
href,
element.Status.fromResponseCode(responsecode.OK),
))
def report_urn_ietf_params_xml_ns_caldav_calendar_multiget(
self, request, multiget):
responses = [
davxml.StatusResponse(
href, davxml.Status.fromResponseCode(responsecode.NOT_FOUND))
for href in multiget.resources
]
return succeed(MultiStatusResponse((responses)))
def response(self):
"""
Generate a response from the responses contained in the queue or, if
there are no such responses, return the C{success_response} provided to
L{__init__}.
@return: a L{element.PropertyStatusResponse}.
"""
if self.propstats:
return element.PropertyStatusResponse(element.HRef(self.uri),
*self.propstats)
else:
return element.StatusResponse(
element.HRef(self.uri),
element.Status.fromResponseCode(self.success_response))
def add(self, path, what):
"""
Add a response.
@param path: a path, which must be a subpath of C{path_basename} as
provided to L{__init__}.
@param what: a status code or a L{Failure} for the given path.
"""
assert path.startswith(
self.path_basename), "%s does not start with %s" % (
path, self.path_basename)
if type(what) is int:
code = what
error = None
message = responsecode.RESPONSES[code]
elif isinstance(what, Failure):
code = statusForFailure(what)
error = errorForFailure(what)
message = messageForFailure(what)
else:
raise AssertionError("Unknown data type: %r" % (what, ))
if code > 400: # Error codes only
log.error("Error during {method} for {path}: {msg}",
method=self.method,
path=path,
msg=message)
uri = path[self.path_basename_len:]
children = []
children.append(element.HRef(uri))
children.append(element.Status.fromResponseCode(code))
if error is not None:
children.append(error)
if message is not None:
children.append(element.ResponseDescription(message))
self.responses.append(element.StatusResponse(*children))
def report_DAV__acl_principal_prop_set(self, request, acl_prinicpal_prop_set):
"""
Generate an acl-prinicpal-prop-set REPORT. (RFC 3744, section 9.2)
"""
# Verify root element
if not isinstance(acl_prinicpal_prop_set, davxml.ACLPrincipalPropSet):
raise ValueError("%s expected as root element, not %s." %
(davxml.ACLPrincipalPropSet.sname(),
acl_prinicpal_prop_set.sname()))
# Depth must be "0"
depth = request.headers.getHeader("depth", "0")
if depth != "0":
log.error("Error in prinicpal-prop-set REPORT, Depth set to %s" %
(depth, ))
raise HTTPError(
StatusResponse(responsecode.BAD_REQUEST,
"Depth %s not allowed" % (depth, )))
#
# Check authentication and access controls
#
x = waitForDeferred(self.authorize(request, (davxml.ReadACL(), )))
yield x
x.getResult()
# Get a single DAV:prop element from the REPORT request body
propertiesForResource = None
propElement = None
for child in acl_prinicpal_prop_set.children:
if child.qname() == ("DAV:", "prop"):
if propertiesForResource is not None:
log.error("Only one DAV:prop element allowed")
raise HTTPError(
StatusResponse(responsecode.BAD_REQUEST,
"Only one DAV:prop element allowed"))
propertiesForResource = prop_common.propertyListForResource
propElement = child
if propertiesForResource is None:
log.error(
"Error in acl-principal-prop-set REPORT, no DAV:prop element")
raise HTTPError(
StatusResponse(responsecode.BAD_REQUEST, "No DAV:prop element"))
# Enumerate principals on ACL in current resource
principals = []
acl = waitForDeferred(self.accessControlList(request))
yield acl
acl = acl.getResult()
for ace in acl.children:
resolved = waitForDeferred(
self.resolvePrincipal(ace.principal.children[0], request))
yield resolved
resolved = resolved.getResult()
if resolved is not None and resolved not in principals:
principals.append(resolved)
# Run report for each referenced principal
try:
responses = []
matchcount = 0
for principal in principals:
# Check size of results is within limit
matchcount += 1
if matchcount > max_number_of_matches:
raise NumberOfMatchesWithinLimits(max_number_of_matches)
resource = waitForDeferred(request.locateResource(str(principal)))
yield resource
resource = resource.getResult()
if resource is not None:
#
# Check authentication and access controls
#
x = waitForDeferred(
resource.authorize(request, (davxml.Read(), )))
yield x
try:
x.getResult()
except HTTPError:
responses.append(
davxml.StatusResponse(
principal,
davxml.Status.fromResponseCode(
responsecode.FORBIDDEN)))
else:
d = waitForDeferred(
prop_common.responseForHref(request, responses,
principal, resource,
propertiesForResource,
propElement))
yield d
d.getResult()
else:
log.error("Requested principal resource not found: %s" %
(str(principal), ))
responses.append(
davxml.StatusResponse(
principal,
davxml.Status.fromResponseCode(
responsecode.NOT_FOUND)))
except NumberOfMatchesWithinLimits:
log.error("Too many matching components")
raise HTTPError(
ErrorResponse(responsecode.FORBIDDEN,
davxml.NumberOfMatchesWithinLimits()))
yield MultiStatusResponse(responses)
class DirectoryPrincipalPropertySearchMixIn(object):
@inlineCallbacks
def report_DAV__principal_property_search(self, request,
principal_property_search):
"""
Generate a principal-property-search REPORT. (RFC 3744, section 9.4)
Overrides twisted implementation, targeting only directory-enabled
searching.
"""
# Verify root element
if not isinstance(principal_property_search,
element.PrincipalPropertySearch):
msg = "%s expected as root element, not %s." % (
element.PrincipalPropertySearch.sname(),
principal_property_search.sname())
log.warn(msg)
raise HTTPError(StatusResponse(responsecode.BAD_REQUEST, msg))
# Should we AND (the default) or OR (if test="anyof")?
testMode = principal_property_search.attributes.get("test", "allof")
if testMode not in ("allof", "anyof"):
msg = "Bad XML: unknown value for test attribute: %s" % (
testMode, )
log.warn(msg)
raise HTTPError(StatusResponse(responsecode.BAD_REQUEST, msg))
operand = Operand.AND if testMode == "allof" else Operand.OR
# Are we narrowing results down to a single CUTYPE?
cuType = principal_property_search.attributes.get("type", None)
if cuType not in ("INDIVIDUAL", "GROUP", "RESOURCE", "ROOM", None):
msg = "Bad XML: unknown value for type attribute: %s" % (cuType, )
log.warn(msg)
raise HTTPError(StatusResponse(responsecode.BAD_REQUEST, msg))
# Only handle Depth: 0
depth = request.headers.getHeader("depth", "0")
if depth != "0":
log.error(
"Error in principal-property-search REPORT, Depth set to %s" %
(depth, ))
raise HTTPError(
StatusResponse(responsecode.BAD_REQUEST,
"Depth %s not allowed" % (depth, )))
# Get any limit value from xml
clientLimit = None
# Get a single DAV:prop element from the REPORT request body
propertiesForResource = None
propElement = None
propertySearches = []
applyTo = False
for child in principal_property_search.children:
if child.qname() == (dav_namespace, "prop"):
propertiesForResource = prop_common.propertyListForResource
propElement = child
elif child.qname() == (dav_namespace,
"apply-to-principal-collection-set"):
applyTo = True
elif child.qname() == (dav_namespace, "property-search"):
props = child.childOfType(element.PropertyContainer)
props.removeWhitespaceNodes()
match = child.childOfType(element.Match)
caseless = match.attributes.get("caseless", "yes")
if caseless not in ("yes", "no"):
msg = "Bad XML: unknown value for caseless attribute: %s" % (
caseless, )
log.warn(msg)
raise HTTPError(
StatusResponse(responsecode.BAD_REQUEST, msg))
caseless = (caseless == "yes")
matchType = match.attributes.get("match-type",
u"contains").encode("utf-8")
if matchType not in ("starts-with", "contains", "equals"):
msg = "Bad XML: unknown value for match-type attribute: %s" % (
matchType, )
log.warn(msg)
raise HTTPError(
StatusResponse(responsecode.BAD_REQUEST, msg))
# Convert to twext.who.expression form
matchType = {
"starts-with": MatchType.startsWith,
"contains": MatchType.contains,
"equals": MatchType.equals
}.get(matchType)
matchFlags = MatchFlags.caseInsensitive if caseless else MatchFlags.none
# Ignore any query strings under three letters
matchText = match.toString() # gives us unicode
if len(matchText) >= 3:
propertySearches.append(
(props.children, matchText, matchFlags, matchType))
elif child.qname() == (calendarserver_namespace, "limit"):
try:
nresults = child.childOfType(customxml.NResults)
clientLimit = int(str(nresults))
except (
TypeError,
ValueError,
):
msg = "Bad XML: unknown value for <limit> element"
log.warn(msg)
raise HTTPError(
StatusResponse(responsecode.BAD_REQUEST, msg))
# Run report
resultsWereLimited = None
resources = []
if applyTo or not hasattr(self, "directory"):
for principalCollection in self.principalCollections():
uri = principalCollection.principalCollectionURL()
resource = (yield request.locateResource(uri))
if resource:
resources.append((resource, uri))
else:
resources.append((self, request.uri))
# We need to access a directory service
principalCollection = resources[0][0]
if not hasattr(principalCollection, "directory"):
# Use Twisted's implementation instead in this case
result = (yield super(DirectoryPrincipalPropertySearchMixIn,
self).report_DAV__principal_property_search(
request, principal_property_search))
returnValue(result)
dir = principalCollection.directory
# See if we can take advantage of the directory
fields = []
nonDirectorySearches = []
for props, match, matchFlags, matchType in propertySearches:
nonDirectoryProps = []
for prop in props:
try:
fieldName, match = principalCollection.propertyToField(
prop, match)
except ValueError, e:
raise HTTPError(
StatusResponse(responsecode.BAD_REQUEST, str(e)))
if fieldName:
fields.append((fieldName, match, matchFlags, matchType))
else:
nonDirectoryProps.append(prop)
if nonDirectoryProps:
nonDirectorySearches.append(
(nonDirectoryProps, match, matchFlags, matchType))
matchingResources = []
matchcount = 0
# nonDirectorySearches are ignored
if fields:
records = (yield
dir.recordsMatchingFieldsWithCUType(fields,
operand=operand,
cuType=cuType))
for record in records:
resource = yield principalCollection.principalForRecord(record)
if resource:
matchingResources.append(resource)
# We've determined this is a matching resource
matchcount += 1
if clientLimit is not None and matchcount >= clientLimit:
resultsWereLimited = ("client", matchcount)
break
if matchcount >= config.MaxPrincipalSearchReportResults:
resultsWereLimited = ("server", matchcount)
break
# Generate the response
responses = []
for resource in matchingResources:
url = resource.url()
yield prop_common.responseForHref(request, responses,
element.HRef.fromString(url),
resource, propertiesForResource,
propElement)
if resultsWereLimited is not None:
if resultsWereLimited[0] == "server":
log.error(
"Too many matching resources in principal-property-search report"
)
responses.append(
element.StatusResponse(
element.HRef.fromString(request.uri),
element.Status.fromResponseCode(
responsecode.INSUFFICIENT_STORAGE_SPACE),
element.Error(element.NumberOfMatchesWithinLimits()),
element.ResponseDescription("Results limited by %s at %d" %
resultsWereLimited),
))
returnValue(MultiStatusResponse(responses))
def report_http___calendarserver_org_ns__calendarserver_principal_search(
self, request, calendarserver_principal_search):
"""
Generate a calendarserver-principal-search REPORT.
@param request: Request object
@param calendarserver_principal_search: CalendarServerPrincipalSearch object
"""
# Verify root element
if not isinstance(calendarserver_principal_search,
customxml.CalendarServerPrincipalSearch):
msg = "%s expected as root element, not %s." % (
customxml.CalendarServerPrincipalSearch.sname(),
calendarserver_principal_search.sname())
log.warn(msg)
raise HTTPError(StatusResponse(responsecode.BAD_REQUEST, msg))
# Only handle Depth: 0
depth = request.headers.getHeader("depth", "0")
if depth != "0":
log.error(
"Error in calendarserver-principal-search REPORT, Depth set to %s"
% (depth, ))
raise HTTPError(
StatusResponse(responsecode.BAD_REQUEST,
"Depth %s not allowed" % (depth, )))
tokens, context, applyTo, clientLimit, propElement = extractCalendarServerPrincipalSearchData(
calendarserver_principal_search)
if not validateTokens(tokens):
raise HTTPError(
StatusResponse(responsecode.FORBIDDEN,
"Insufficient search token length"))
# Run report
resultsWereLimited = None
resources = []
if applyTo or not hasattr(self, "directory"):
for principalCollection in self.principalCollections():
uri = principalCollection.principalCollectionURL()
resource = (yield request.locateResource(uri))
if resource:
resources.append((resource, uri))
else:
resources.append((self, request.uri))
# We need to access a directory service
principalCollection = resources[0][0]
dir = principalCollection.directory
matchingResources = []
matchcount = 0
records = (yield dir.recordsMatchingTokens(tokens, context=context))
for record in records:
resource = yield principalCollection.principalForRecord(record)
if resource:
matchingResources.append(resource)
# We've determined this is a matching resource
matchcount += 1
if clientLimit is not None and matchcount >= clientLimit:
resultsWereLimited = ("client", matchcount)
break
if matchcount >= config.MaxPrincipalSearchReportResults:
resultsWereLimited = ("server", matchcount)
break
# Generate the response
responses = []
for resource in matchingResources:
url = resource.url()
yield prop_common.responseForHref(
request, responses, element.HRef.fromString(url), resource,
prop_common.propertyListForResource, propElement)
if resultsWereLimited is not None:
if resultsWereLimited[0] == "server":
log.error(
"Too many matching resources in calendarserver-principal-search report"
)
responses.append(
element.StatusResponse(
element.HRef.fromString(request.uri),
element.Status.fromResponseCode(
responsecode.INSUFFICIENT_STORAGE_SPACE),
element.Error(element.NumberOfMatchesWithinLimits()),
element.ResponseDescription("Results limited by %s at %d" %
resultsWereLimited),
))
returnValue(MultiStatusResponse(responses))
def report_DAV__sync_collection(self, request, sync_collection):
"""
Generate a sync-collection REPORT.
"""
# These resource support the report
if not config.EnableSyncReport or element.Report(element.SyncCollection(),) not in self.supportedReports():
log.error("sync-collection report is only allowed on calendar/inbox/addressbook/notification collection resources {s!r}", s=self)
raise HTTPError(ErrorResponse(
responsecode.FORBIDDEN,
element.SupportedReport(),
"Report not supported on this resource",
))
responses = []
# Do not support limit
if sync_collection.sync_limit is not None:
raise HTTPError(ErrorResponse(
responsecode.INSUFFICIENT_STORAGE_SPACE,
element.NumberOfMatchesWithinLimits(),
"Report limit not supported",
))
# Process Depth and sync-level for backwards compatibility
# Use sync-level if present and ignore Depth, else use Depth
if sync_collection.sync_level:
depth = sync_collection.sync_level
if depth == "infinite":
depth = "infinity"
descriptor = "DAV:sync-level"
else:
depth = request.headers.getHeader("depth", None)
descriptor = "Depth header without DAV:sync-level"
if depth not in ("1", "infinity"):
log.error("sync-collection report with invalid depth header: {d}", d=depth)
raise HTTPError(StatusResponse(responsecode.BAD_REQUEST, "Invalid %s value" % (descriptor,)))
propertyreq = sync_collection.property.children if sync_collection.property else None
# Do some optimization of access control calculation by determining any inherited ACLs outside of
# the child resource loop and supply those to the checkPrivileges on each child.
filteredaces = (yield self.inheritedACEsforChildren(request))
changed, removed, notallowed, newtoken, resourceChanged = yield self.whatchanged(sync_collection.sync_token, depth)
# Now determine which valid resources are readable and which are not
ok_resources = []
forbidden_resources = []
if changed:
yield self.findChildrenFaster(
depth,
request,
lambda x, y: ok_resources.append((x, y)),
lambda x, y: forbidden_resources.append((x, y)),
None,
None,
changed,
(element.Read(),),
inherited_aces=filteredaces
)
if resourceChanged:
ok_resources.append((self, request.uri))
for child, child_uri in ok_resources:
href = element.HRef.fromString(child_uri)
try:
if propertyreq:
yield responseForHref(
request,
responses,
href,
child,
functools.partial(_namedPropertiesForResource, dataAllowed=False, forbidden=False),
propertyreq)
else:
responses.append(element.StatusResponse(element.HRef.fromString(href), element.Status.fromResponseCode(responsecode.OK)))
except ConcurrentModification:
# This can happen because of a race-condition between the
# time we determine which resources exist and the deletion
# of one of these resources in another request. In this
# case, we ignore the now missing resource rather
# than raise an error for the entire report.
log.error("Missing resource during sync: {h}", h=href)
for child, child_uri in forbidden_resources:
href = element.HRef.fromString(child_uri)
try:
if propertyreq:
yield responseForHref(
request,
responses,
href,
child,
functools.partial(_namedPropertiesForResource, dataAllowed=False, forbidden=True),
propertyreq)
else:
responses.append(element.StatusResponse(element.HRef.fromString(href), element.Status.fromResponseCode(responsecode.OK)))
except ConcurrentModification:
# This can happen because of a race-condition between the
# time we determine which resources exist and the deletion
# of one of these resources in another request. In this
# case, we ignore the now missing resource rather
# than raise an error for the entire report.
log.error("Missing resource during sync: {h}", h=href)
for name in removed:
href = element.HRef.fromString(joinURL(request.uri, name))
responses.append(element.StatusResponse(element.HRef.fromString(href), element.Status.fromResponseCode(responsecode.NOT_FOUND)))
for name in notallowed:
href = element.HRef.fromString(joinURL(request.uri, name))
responses.append(element.StatusResponse(element.HRef.fromString(href), element.Status.fromResponseCode(responsecode.NOT_ALLOWED)))
if not hasattr(request, "extendedLogItems"):
request.extendedLogItems = {}
request.extendedLogItems["responses"] = len(responses)
responses.append(element.SyncToken.fromString(newtoken))
returnValue(MultiStatusResponse(responses))
def report_urn_ietf_params_xml_ns_carddav_addressbook_query(
self, request, addressbook_query):
"""
Generate an addressbook-query REPORT.
(CardDAV, section 8.6)
"""
# Verify root element
if addressbook_query.qname() != (carddav_namespace, "addressbook-query"):
raise ValueError(
"{CardDAV:}addressbook-query expected as root element, not {elementName}."
.format(elementName=addressbook_query.sname()))
if not self.isCollection():
parent = (yield self.locateParent(request, request.uri))
if not parent.isAddressBookCollection():
log.error(
"addressbook-query report is not allowed on a resource outside of an address book collection {parent}",
parent=self)
raise HTTPError(
StatusResponse(
responsecode.FORBIDDEN,
"Must be address book collection or address book resource")
)
responses = []
xmlfilter = addressbook_query.filter
filter = Filter(xmlfilter)
query = addressbook_query.props
limit = addressbook_query.limit
assert query is not None
if query.qname() == ("DAV:", "allprop"):
propertiesForResource = report_common.allPropertiesForResource
generate_address_data = False
elif query.qname() == ("DAV:", "propname"):
propertiesForResource = report_common.propertyNamesForResource
generate_address_data = False
elif query.qname() == ("DAV:", "prop"):
propertiesForResource = report_common.propertyListForResource
# Verify that any address-data element matches what we can handle
result, message, generate_address_data = report_common.validPropertyListAddressDataTypeVersion(
query)
if not result:
log.error(message)
raise HTTPError(
ErrorResponse(
responsecode.FORBIDDEN,
(carddav_namespace, "supported-address-data"),
"Invalid address-data",
))
else:
raise AssertionError("We shouldn't be here")
# Verify that the filter element is valid
if (filter is None) or not filter.valid():
log.error("Invalid filter element: %r" % (filter, ))
raise HTTPError(
ErrorResponse(
responsecode.FORBIDDEN,
(carddav_namespace, "valid-filter"),
"Invalid filter element",
))
matchcount = [
0,
]
max_number_of_results = [
config.MaxQueryWithDataResults if generate_address_data else None,
]
limited = [
False,
]
if limit:
clientLimit = int(str(limit.childOfType(NResults)))
if max_number_of_results[
0] is None or clientLimit < max_number_of_results[0]:
max_number_of_results[0] = clientLimit
@inlineCallbacks
def doQuery(addrresource, uri):
"""
Run a query on the specified address book collection
accumulating the query responses.
@param addrresource: the L{CalDAVResource} for an address book collection.
@param uri: the uri for the address book collecton resource.
"""
def checkMaxResults():
matchcount[0] += 1
if max_number_of_results[0] is not None and matchcount[
0] > max_number_of_results[0]:
raise NumberOfMatchesWithinLimits(max_number_of_results[0])
@inlineCallbacks
def queryAddressBookObjectResource(resource,
uri,
name,
vcard,
query_ok=False):
"""
Run a query on the specified vcard.
@param resource: the L{CalDAVResource} for the vcard.
@param uri: the uri of the resource.
@param name: the name of the resource.
@param vcard: the L{Component} vcard read from the resource.
"""
if query_ok or filter.match(vcard):
# Check size of results is within limit
checkMaxResults()
if name:
href = davxml.HRef.fromString(joinURL(uri, name))
else:
href = davxml.HRef.fromString(uri)
try:
yield report_common.responseForHref(request,
responses,
href,
resource,
propertiesForResource,
query,
vcard=vcard)
except ConcurrentModification:
# This can happen because of a race-condition between the
# time we determine which resources exist and the deletion
# of one of these resources in another request. In this
# case, we ignore the now missing resource rather
# than raise an error for the entire report.
log.error("Missing resource during sync: {href}",
href=href)
@inlineCallbacks
def queryDirectoryBackedAddressBook(directoryBackedAddressBook,
addressBookFilter):
"""
"""
results, limited[
0] = yield directoryBackedAddressBook.doAddressBookDirectoryQuery(
addressBookFilter, query, max_number_of_results[0])
for vCardResult in results:
# match against original filter if different from addressBookFilter
if addressBookFilter is filter or filter.match(
(yield vCardResult.vCard())):
# Check size of results is within limit
checkMaxResults()
try:
yield report_common.responseForHref(
request,
responses,
vCardResult.hRef(),
vCardResult,
propertiesForResource,
query,
vcard=(yield vCardResult.vCard()))
except ConcurrentModification:
# This can happen because of a race-condition between the
# time we determine which resources exist and the deletion
# of one of these resources in another request. In this
# case, we ignore the now missing resource rather
# than raise an error for the entire report.
log.error("Missing resource during sync: {href}",
href=vCardResult.hRef())
if not addrresource.isAddressBookCollection():
#do UID lookup on last part of uri
resource_name = urllib.unquote(uri[uri.rfind("/") + 1:])
if resource_name.endswith(".vcf") and len(resource_name) > 4:
# see if parent is directory backed address book
parent = (yield addrresource.locateParent(request, uri))
# Check whether supplied resource is an address book or an address book object resource
if addrresource.isAddressBookCollection():
if addrresource.isDirectoryBackedAddressBookCollection():
yield maybeDeferred(queryDirectoryBackedAddressBook,
addrresource, filter)
else:
# Do some optimisation of access control calculation by determining any inherited ACLs outside of
# the child resource loop and supply those to the checkPrivileges on each child.
filteredaces = (yield
addrresource.inheritedACEsforChildren(request))
# Check for disabled access
if filteredaces is not None:
index_query_ok = True
try:
# Get list of children that match the search and have read access
names = [
name for name, ignore_uid in (
yield addrresource.search(filter))
] #@UnusedVariable
except IndexedSearchException:
names = yield addrresource.listChildren()
index_query_ok = False
if not names:
return
# Now determine which valid resources are readable and which are not
ok_resources = []
yield addrresource.findChildrenFaster(
"1",
request,
lambda x, y: ok_resources.append((x, y)),
None,
None,
None,
names, (davxml.Read(), ),
inherited_aces=filteredaces)
for child, child_uri in ok_resources:
child_uri_name = child_uri[child_uri.rfind("/") + 1:]
if generate_address_data or not index_query_ok:
vcard = yield child.vCard()
assert vcard is not None, "vCard {name} is missing from address book collection {collection!r}".format(
name=child_uri_name, collection=self)
else:
vcard = None
yield queryAddressBookObjectResource(
child,
uri,
child_uri_name,
vcard,
query_ok=index_query_ok)
else:
handled = False
resource_name = urllib.unquote(uri[uri.rfind("/") + 1:])
if resource_name.endswith(".vcf") and len(resource_name) > 4:
# see if parent is directory backed address book
parent = (yield addrresource.locateParent(request, uri))
if parent.isDirectoryBackedAddressBookCollection():
vCardFilter = carddavxml.Filter(*[
carddavxml.PropertyFilter(
carddavxml.TextMatch.fromString(
resource_name[:-4]),
name="UID", # attributes
),
])
vCardFilter = Filter(vCardFilter)
yield maybeDeferred(queryDirectoryBackedAddressBook,
parent, vCardFilter)
handled = True
if not handled:
vcard = yield addrresource.vCard()
yield queryAddressBookObjectResource(addrresource, uri, None,
vcard)
if limited[0]:
raise NumberOfMatchesWithinLimits(matchcount[0])
# Run report taking depth into account
try:
depth = request.headers.getHeader("depth", "0")
yield report_common.applyToAddressBookCollections(
self, request, request.uri, depth, doQuery, (davxml.Read(), ))
except NumberOfMatchesWithinLimits, e:
self.log.info(
"Too many matching components in addressbook-query report. Limited to {limit} items",
limit=e.maxLimit())
responses.append(
davxml.StatusResponse(
davxml.HRef.fromString(request.uri),
davxml.Status.fromResponseCode(
responsecode.INSUFFICIENT_STORAGE_SPACE),
davxml.Error(davxml.NumberOfMatchesWithinLimits()),
davxml.ResponseDescription(
"Results limited to {limit} items".format(
limit=e.maxLimit())),
))
def report_DAV__expand_property(self, request, expand_property):
"""
Generate an expand-property REPORT. (RFC 3253, section 3.8)
TODO: for simplicity we will only support one level of expansion.
"""
# Verify root element
if not isinstance(expand_property, element.ExpandProperty):
raise ValueError(
"%s expected as root element, not %s." %
(element.ExpandProperty.sname(), expand_property.sname()))
# Only handle Depth: 0
depth = request.headers.getHeader("depth", "0")
if depth != "0":
log.error("Non-zero depth is not allowed: %s" % (depth, ))
raise HTTPError(
StatusResponse(responsecode.BAD_REQUEST,
"Depth %s not allowed" % (depth, )))
#
# Get top level properties to expand and make sure we only have one level
#
properties = {}
for property in expand_property.children:
namespace = property.attributes.get("namespace", dav_namespace)
name = property.attributes.get("name", "")
# Make sure children have no children
props_to_find = []
for child in property.children:
if child.children:
log.error(
"expand-property REPORT only supports single level expansion"
)
raise HTTPError(
StatusResponse(
responsecode.NOT_IMPLEMENTED,
"expand-property REPORT only supports single level expansion"
))
child_namespace = child.attributes.get("namespace", dav_namespace)
child_name = child.attributes.get("name", "")
props_to_find.append((child_namespace, child_name))
properties[(namespace, name)] = props_to_find
#
# Generate the expanded responses status for each top-level property
#
properties_by_status = {
responsecode.OK: [],
responsecode.NOT_FOUND: [],
}
filteredaces = None
lastParent = None
for qname in properties.iterkeys():
try:
prop = (yield self.readProperty(qname, request))
# Form the PROPFIND-style DAV:prop element we need later
props_to_return = element.PropertyContainer(*properties[qname])
# Now dereference any HRefs
responses = []
for href in prop.children:
if isinstance(href, element.HRef):
# Locate the Href resource and its parent
resource_uri = str(href)
child = (yield request.locateResource(resource_uri))
if not child or not child.exists():
responses.append(
element.StatusResponse(
href,
element.Status.fromResponseCode(
responsecode.NOT_FOUND)))
continue
parent = (yield request.locateResource(
parentForURL(resource_uri)))
# Check privileges on parent - must have at least DAV:read
try:
yield parent.checkPrivileges(request,
(element.Read(), ))
except AccessDeniedError:
responses.append(
element.StatusResponse(
href,
element.Status.fromResponseCode(
responsecode.FORBIDDEN)))
continue
# Cache the last parent's inherited aces for checkPrivileges optimization
if lastParent != parent:
lastParent = parent
# Do some optimisation of access control calculation by determining any inherited ACLs outside of
# the child resource loop and supply those to the checkPrivileges on each child.
filteredaces = (
yield parent.inheritedACEsforChildren(request))
# Check privileges - must have at least DAV:read
try:
yield child.checkPrivileges(
request, (element.Read(), ),
inherited_aces=filteredaces)
except AccessDeniedError:
responses.append(
element.StatusResponse(
href,
element.Status.fromResponseCode(
responsecode.FORBIDDEN)))
continue
# Now retrieve all the requested properties on the HRef resource
yield prop_common.responseForHref(
request,
responses,
href,
child,
prop_common.propertyListForResource,
props_to_return,
)
prop.children = responses
properties_by_status[responsecode.OK].append(prop)
except:
f = Failure()
log.error(
"Error reading property {qname} for resource {req}: {failure}",
qname=qname,
req=request.uri,
failure=f.value)
status = statusForFailure(f, "getting property: %s" % (qname, ))
if status not in properties_by_status:
properties_by_status[status] = []
properties_by_status[status].append(propertyName(qname))
# Build the overall response
propstats = [
element.PropertyStatus(
element.PropertyContainer(*properties_by_status[pstatus]),
element.Status.fromResponseCode(pstatus))
for pstatus in properties_by_status if properties_by_status[pstatus]
]
returnValue(
MultiStatusResponse(
(element.PropertyStatusResponse(element.HRef(request.uri),
*propstats), )))
def report_DAV__sync_collection(self, request, sync_collection):
"""
Generate a sync-collection REPORT.
"""
# These resource support the report
if not config.EnableSyncReport or element.Report(
element.SyncCollection(), ) not in self.supportedReports():
log.error(
"sync-collection report is only allowed on calendar/inbox/addressbook/notification collection resources %s"
% (self, ))
raise HTTPError(
ErrorResponse(
responsecode.FORBIDDEN,
element.SupportedReport(),
"Report not supported on this resource",
))
responses = []
# Do not support limit
if sync_collection.sync_limit is not None:
raise HTTPError(
ErrorResponse(
responsecode.INSUFFICIENT_STORAGE_SPACE,
element.NumberOfMatchesWithinLimits(),
"Report limit not supported",
))
# Process Depth and sync-level for backwards compatibility
# Use sync-level if present and ignore Depth, else use Depth
if sync_collection.sync_level:
depth = sync_collection.sync_level
if depth == "infinite":
depth = "infinity"
descriptor = "DAV:sync-level"
else:
depth = request.headers.getHeader("depth", None)
descriptor = "Depth header without DAV:sync-level"
if depth not in ("1", "infinity"):
log.error("sync-collection report with invalid depth header: %s" %
(depth, ))
raise HTTPError(
StatusResponse(responsecode.BAD_REQUEST,
"Invalid %s value" % (descriptor, )))
propertyreq = sync_collection.property.children if sync_collection.property else None
@inlineCallbacks
def _namedPropertiesForResource(request, props, resource, forbidden=False):
"""
Return the specified properties on the specified resource.
@param request: the L{IRequest} for the current request.
@param props: a list of property elements or qname tuples for the properties of interest.
@param resource: the L{DAVResource} for the targeted resource.
@return: a map of OK and NOT FOUND property values.
"""
properties_by_status = {
responsecode.OK: [],
responsecode.FORBIDDEN: [],
responsecode.NOT_FOUND: [],
}
for property in props:
if isinstance(property, element.WebDAVElement):
qname = property.qname()
else:
qname = property
if forbidden:
properties_by_status[responsecode.FORBIDDEN].append(
propertyName(qname))
else:
props = (yield resource.listProperties(request))
if qname in props:
try:
prop = (yield resource.readProperty(qname, request))
properties_by_status[responsecode.OK].append(prop)
except:
f = Failure()
log.error(
"Error reading property %r for resource %s: %s" %
(qname, request.uri, f.value))
status = statusForFailure(
f, "getting property: %s" % (qname, ))
if status not in properties_by_status:
properties_by_status[status] = []
properties_by_status[status].append(
propertyName(qname))
else:
properties_by_status[responsecode.NOT_FOUND].append(
propertyName(qname))
returnValue(properties_by_status)
# Do some optimization of access control calculation by determining any inherited ACLs outside of
# the child resource loop and supply those to the checkPrivileges on each child.
filteredaces = (yield self.inheritedACEsforChildren(request))
changed, removed, notallowed, newtoken = yield self.whatchanged(
sync_collection.sync_token, depth)
# Now determine which valid resources are readable and which are not
ok_resources = []
forbidden_resources = []
if changed:
yield self.findChildrenFaster(depth,
request,
lambda x, y: ok_resources.append((x, y)),
lambda x, y: forbidden_resources.append(
(x, y)),
None,
None,
changed, (element.Read(), ),
inherited_aces=filteredaces)
for child, child_uri in ok_resources:
href = element.HRef.fromString(child_uri)
try:
yield responseForHref(
request, responses, href, child,
functools.partial(_namedPropertiesForResource, forbidden=False)
if propertyreq else None, propertyreq)
except ConcurrentModification:
# This can happen because of a race-condition between the
# time we determine which resources exist and the deletion
# of one of these resources in another request. In this
# case, we ignore the now missing resource rather
# than raise an error for the entire report.
log.error("Missing resource during sync: %s" % (href, ))
for child, child_uri in forbidden_resources:
href = element.HRef.fromString(child_uri)
try:
yield responseForHref(
request, responses, href, child,
functools.partial(_namedPropertiesForResource, forbidden=True)
if propertyreq else None, propertyreq)
except ConcurrentModification:
# This can happen because of a race-condition between the
# time we determine which resources exist and the deletion
# of one of these resources in another request. In this
# case, we ignore the now missing resource rather
# than raise an error for the entire report.
log.error("Missing resource during sync: %s" % (href, ))
for name in removed:
href = element.HRef.fromString(joinURL(request.uri, name))
responses.append(
element.StatusResponse(
element.HRef.fromString(href),
element.Status.fromResponseCode(responsecode.NOT_FOUND)))
for name in notallowed:
href = element.HRef.fromString(joinURL(request.uri, name))
responses.append(
element.StatusResponse(
element.HRef.fromString(href),
element.Status.fromResponseCode(responsecode.NOT_ALLOWED)))
if not hasattr(request, "extendedLogItems"):
request.extendedLogItems = {}
request.extendedLogItems["responses"] = len(responses)
responses.append(element.SyncToken.fromString(newtoken))
returnValue(MultiStatusResponse(responses))
davxml.PropertyStatus(
davxml.PropertyContainer(),
davxml.Status.fromResponseCode(responsecode.OK)))
xml_response = davxml.PropertyStatusResponse(
davxml.HRef(uri), *propstats)
# This needed for propfind cache tracking of children changes
if depth == "1":
if resource != self:
if hasattr(resource, "owner_url"):
request.childCacheURIs.append(resource.owner_url())
elif hasattr(resource, "url"):
request.childCacheURIs.append(resource.url())
else:
xml_response = davxml.StatusResponse(
davxml.HRef(uri), davxml.Status.fromResponseCode(respcode))
xml_responses.append(xml_response)
if not hasattr(request, "extendedLogItems"):
request.extendedLogItems = {}
request.extendedLogItems["responses"] = len(xml_responses)
#
# Return response
#
returnValue(MultiStatusResponse(xml_responses))
##
# Utilities
def multiget_common(self, request, multiget, collection_type):
"""
Generate a multiget REPORT.
"""
# Make sure target resource is of the right type
if not self.isCollection():
parent = (yield self.locateParent(request, request.uri))
if collection_type == COLLECTION_TYPE_CALENDAR:
if not parent.isPseudoCalendarCollection():
log.error(
"calendar-multiget report is not allowed on a resource outside of a calendar collection {res}",
res=self)
raise HTTPError(
StatusResponse(responsecode.FORBIDDEN,
"Must be calendar resource"))
elif collection_type == COLLECTION_TYPE_ADDRESSBOOK:
if not parent.isAddressBookCollection():
log.error(
"addressbook-multiget report is not allowed on a resource outside of an address book collection {res}",
res=self)
raise HTTPError(
StatusResponse(responsecode.FORBIDDEN,
"Must be address book resource"))
responses = []
propertyreq = multiget.property
resources = multiget.resources
if not hasattr(request, "extendedLogItems"):
request.extendedLogItems = {}
request.extendedLogItems["rcount"] = len(resources)
hasData = False
if propertyreq.qname() == ("DAV:", "allprop"):
propertiesForResource = report_common.allPropertiesForResource
elif propertyreq.qname() == ("DAV:", "propname"):
propertiesForResource = report_common.propertyNamesForResource
elif propertyreq.qname() == ("DAV:", "prop"):
propertiesForResource = report_common.propertyListForResource
if collection_type == COLLECTION_TYPE_CALENDAR:
# Verify that any calendar-data element matches what we can handle
result, message, hasData = report_common.validPropertyListCalendarDataTypeVersion(
propertyreq)
precondition = (caldav_namespace, "supported-calendar-data")
elif collection_type == COLLECTION_TYPE_ADDRESSBOOK:
# Verify that any address-data element matches what we can handle
result, message, hasData = report_common.validPropertyListAddressDataTypeVersion(
propertyreq)
precondition = (carddav_namespace, "supported-address-data")
else:
result = True
if not result:
log.error(message)
raise HTTPError(
ErrorResponse(
responsecode.FORBIDDEN,
precondition,
"Invalid object data element",
))
else:
raise AssertionError("We shouldn't be here")
# Check size of results is within limit when data property requested
if hasData and len(resources) > config.MaxMultigetWithDataHrefs:
log.error("Too many resources in multiget report: {count}",
count=len(resources))
raise HTTPError(
ErrorResponse(
responsecode.FORBIDDEN,
davxml.NumberOfMatchesWithinLimits(),
"Too many resources",
))
"""
Three possibilities exist:
1. The request-uri is a calendar collection, in which case all the hrefs
MUST be one-level below that collection and must be calendar object resources.
2. The request-uri is a regular collection, in which case all the hrefs
MUST be children of that (at any depth) but MUST also be calendar object
resources (i.e. immediate child of a calendar collection).
3. The request-uri is a resource, in which case there MUST be
a single href equal to the request-uri, and MUST be a calendar
object resource.
"""
disabled = False
if self.isPseudoCalendarCollection():
requestURIis = "calendar"
# Do some optimisation of access control calculation by determining any inherited ACLs outside of
# the child resource loop and supply those to the checkPrivileges on each child.
filteredaces = (yield self.inheritedACEsforChildren(request))
# Check for disabled access
if filteredaces is None:
disabled = True
# Check private events access status
isowner = (yield self.isOwner(request))
elif self.isAddressBookCollection():
requestURIis = "addressbook"
# Do some optimisation of access control calculation by determining any inherited ACLs outside of
# the child resource loop and supply those to the checkPrivileges on each child.
filteredaces = (yield self.inheritedACEsforChildren(request))
# Check for disabled access
if filteredaces is None:
disabled = True
isowner = None
elif self.isCollection():
requestURIis = "collection"
filteredaces = None
lastParent = None
isowner = None
else:
requestURIis = "resource"
filteredaces = None
isowner = None
if not disabled:
@inlineCallbacks
def doResponse():
# Special for addressbooks
if collection_type == COLLECTION_TYPE_ADDRESSBOOK:
if self.isDirectoryBackedAddressBookCollection():
result = (yield doDirectoryAddressBookResponse())
returnValue(result)
# Verify that requested resources are immediate children of the request-URI
valid_names = []
for href in resources:
resource_uri = str(href)
name = unquote(resource_uri[resource_uri.rfind("/") + 1:])
if not self._isChildURI(request, resource_uri):
responses.append(
davxml.StatusResponse(
href,
davxml.Status.fromResponseCode(
responsecode.BAD_REQUEST)))
else:
valid_names.append(name)
if not valid_names:
returnValue(None)
# Now determine which valid resources are readable and which are not
ok_resources = []
bad_resources = []
missing_resources = []
unavailable_resources = []
yield self.findChildrenFaster(
"1",
request,
lambda x, y: ok_resources.append((x, y)),
lambda x, y: bad_resources.append((x, y)),
lambda x: missing_resources.append(x),
lambda x: unavailable_resources.append(x),
valid_names, (davxml.Read(), ),
inherited_aces=filteredaces)
# Get properties for all valid readable resources
for resource, href in ok_resources:
try:
yield report_common.responseForHref(
request,
responses,
davxml.HRef.fromString(href),
resource,
propertiesForResource,
propertyreq,
isowner=isowner)
except ValueError:
log.error(
"Invalid calendar resource during multiget: {href}",
href=href)
responses.append(
davxml.StatusResponse(
davxml.HRef.fromString(href),
davxml.Status.fromResponseCode(
responsecode.FORBIDDEN)))
except ConcurrentModification:
# This can happen because of a race-condition between the
# time we determine which resources exist and the deletion
# of one of these resources in another request. In this
# case, return a 404 for the now missing resource rather
# than raise an error for the entire report.
log.error("Missing resource during multiget: {href}",
href=href)
responses.append(
davxml.StatusResponse(
davxml.HRef.fromString(href),
davxml.Status.fromResponseCode(
responsecode.NOT_FOUND)))
# Indicate error for all valid non-readable resources
for ignore_resource, href in bad_resources:
responses.append(
davxml.StatusResponse(
davxml.HRef.fromString(href),
davxml.Status.fromResponseCode(
responsecode.FORBIDDEN)))
# Indicate error for all missing/unavailable resources
for href in missing_resources:
responses.append(
davxml.StatusResponse(
davxml.HRef.fromString(href),
davxml.Status.fromResponseCode(
responsecode.NOT_FOUND)))
for href in unavailable_resources:
responses.append(
davxml.StatusResponse(
davxml.HRef.fromString(href),
davxml.Status.fromResponseCode(
responsecode.SERVICE_UNAVAILABLE)))
@inlineCallbacks
def doDirectoryAddressBookResponse():
directoryAddressBookLock = None
try:
# Verify that requested resources are immediate children of the request-URI
# and get vCardFilters ;similar to "normal" case below but do not call getChild()
vCardFilters = []
valid_hrefs = []
for href in resources:
resource_uri = str(href)
resource_name = unquote(
resource_uri[resource_uri.rfind("/") + 1:])
if self._isChildURI(
request, resource_uri) and resource_name.endswith(
".vcf") and len(resource_name) > 4:
valid_hrefs.append(href)
textMatchElement = carddavxml.TextMatch.fromString(
resource_name[:-4])
textMatchElement.attributes[
"match-type"] = "equals" # do equals compare. Default is "contains"
vCardFilters.append(
carddavxml.PropertyFilter(
textMatchElement,
name="UID", # attributes
))
else:
responses.append(
davxml.StatusResponse(
href,
davxml.Status.fromResponseCode(
responsecode.NOT_FOUND)))
# exit if not valid
if not vCardFilters or not valid_hrefs:
returnValue(None)
addressBookFilter = carddavxml.Filter(*vCardFilters)
addressBookFilter = Filter(addressBookFilter)
# get vCards and filter
limit = config.DirectoryAddressBook.MaxQueryResults
results, limited = (yield self.doAddressBookDirectoryQuery(
addressBookFilter, propertyreq, limit, defaultKind=None))
if limited:
log.error("Too many results in multiget report: {count}",
count=len(resources))
raise HTTPError(
ErrorResponse(
responsecode.FORBIDDEN,
(dav_namespace, "number-of-matches-within-limits"),
"Too many results",
))
for href in valid_hrefs:
matchingResource = None
for vCardResource in results:
if href == vCardResource.hRef(
): # might need to compare urls instead - also case sens ok?
matchingResource = vCardResource
break
if matchingResource:
yield report_common.responseForHref(
request,
responses,
href,
matchingResource,
propertiesForResource,
propertyreq,
vcard=matchingResource.vCard())
else:
responses.append(
davxml.StatusResponse(
href,
davxml.Status.fromResponseCode(
responsecode.NOT_FOUND)))
finally:
if directoryAddressBookLock:
yield directoryAddressBookLock.release()
if requestURIis == "calendar" or requestURIis == "addressbook":
yield doResponse()
else:
for href in resources:
resource_uri = str(href)
# Do href checks
if requestURIis == "calendar":
pass
elif requestURIis == "addressbook":
pass
# TODO: we can optimize this one in a similar manner to the calendar case
elif requestURIis == "collection":
name = unquote(resource_uri[resource_uri.rfind("/") + 1:])
if not self._isChildURI(request, resource_uri, False):
responses.append(
davxml.StatusResponse(
href,
davxml.Status.fromResponseCode(
responsecode.NOT_FOUND)))
continue
child = (yield request.locateResource(resource_uri))
if not child or not child.exists():
responses.append(
davxml.StatusResponse(
href,
davxml.Status.fromResponseCode(
responsecode.NOT_FOUND)))
continue
parent = (yield child.locateParent(request, resource_uri))
if collection_type == COLLECTION_TYPE_CALENDAR:
if not parent.isCalendarCollection() or not (
yield parent.resourceExists(name)):
responses.append(
davxml.StatusResponse(
href,
davxml.Status.fromResponseCode(
responsecode.FORBIDDEN)))
continue
elif collection_type == COLLECTION_TYPE_ADDRESSBOOK:
if not parent.isAddressBookCollection() or not (
yield parent.resourceExists(name)):
responses.append(
davxml.StatusResponse(
href,
davxml.Status.fromResponseCode(
responsecode.FORBIDDEN)))
continue
# Check privileges on parent - must have at least DAV:read
try:
yield parent.checkPrivileges(request,
(davxml.Read(), ))
except AccessDeniedError:
responses.append(
davxml.StatusResponse(
href,
davxml.Status.fromResponseCode(
responsecode.FORBIDDEN)))
continue
# Cache the last parent's inherited aces for checkPrivileges optimization
if lastParent != parent:
lastParent = parent
# Do some optimisation of access control calculation by determining any inherited ACLs outside of
# the child resource loop and supply those to the checkPrivileges on each child.
filteredaces = (
yield parent.inheritedACEsforChildren(request))
# Check private events access status
isowner = (yield parent.isOwner(request))
else:
name = unquote(resource_uri[resource_uri.rfind("/") + 1:])
if (resource_uri != request.uri) or not self.exists():
responses.append(
davxml.StatusResponse(
href,
davxml.Status.fromResponseCode(
responsecode.NOT_FOUND)))
continue
parent = (yield self.locateParent(request, resource_uri))
if collection_type == COLLECTION_TYPE_CALENDAR:
if not parent.isPseudoCalendarCollection() or not (
yield parent.resourceExists(name)):
responses.append(
davxml.StatusResponse(
href,
davxml.Status.fromResponseCode(
responsecode.FORBIDDEN)))
continue
elif collection_type == COLLECTION_TYPE_ADDRESSBOOK:
if not parent.isAddressBookCollection() or not (
yield parent.resourceExists(name)):
responses.append(
davxml.StatusResponse(
href,
davxml.Status.fromResponseCode(
responsecode.FORBIDDEN)))
continue
child = self
# Do some optimisation of access control calculation by determining any inherited ACLs outside of
# the child resource loop and supply those to the checkPrivileges on each child.
filteredaces = (yield
parent.inheritedACEsforChildren(request))
# Check private events access status
isowner = (yield parent.isOwner(request))
# Check privileges - must have at least DAV:read
try:
yield child.checkPrivileges(request, (davxml.Read(), ),
inherited_aces=filteredaces)
except AccessDeniedError:
responses.append(
davxml.StatusResponse(
href,
davxml.Status.fromResponseCode(
responsecode.FORBIDDEN)))
continue
yield report_common.responseForHref(request,
responses,
href,
child,
propertiesForResource,
propertyreq,
isowner=isowner)
returnValue(MultiStatusResponse(responses))
def doResponse():
# Special for addressbooks
if collection_type == COLLECTION_TYPE_ADDRESSBOOK:
if self.isDirectoryBackedAddressBookCollection():
result = (yield doDirectoryAddressBookResponse())
returnValue(result)
# Verify that requested resources are immediate children of the request-URI
valid_names = []
for href in resources:
resource_uri = str(href)
name = unquote(resource_uri[resource_uri.rfind("/") + 1:])
if not self._isChildURI(request, resource_uri):
responses.append(
davxml.StatusResponse(
href,
davxml.Status.fromResponseCode(
responsecode.BAD_REQUEST)))
else:
valid_names.append(name)
if not valid_names:
returnValue(None)
# Now determine which valid resources are readable and which are not
ok_resources = []
bad_resources = []
missing_resources = []
unavailable_resources = []
yield self.findChildrenFaster(
"1",
request,
lambda x, y: ok_resources.append((x, y)),
lambda x, y: bad_resources.append((x, y)),
lambda x: missing_resources.append(x),
lambda x: unavailable_resources.append(x),
valid_names, (davxml.Read(), ),
inherited_aces=filteredaces)
# Get properties for all valid readable resources
for resource, href in ok_resources:
try:
yield report_common.responseForHref(
request,
responses,
davxml.HRef.fromString(href),
resource,
propertiesForResource,
propertyreq,
isowner=isowner)
except ValueError:
log.error(
"Invalid calendar resource during multiget: {href}",
href=href)
responses.append(
davxml.StatusResponse(
davxml.HRef.fromString(href),
davxml.Status.fromResponseCode(
responsecode.FORBIDDEN)))
except ConcurrentModification:
# This can happen because of a race-condition between the
# time we determine which resources exist and the deletion
# of one of these resources in another request. In this
# case, return a 404 for the now missing resource rather
# than raise an error for the entire report.
log.error("Missing resource during multiget: {href}",
href=href)
responses.append(
davxml.StatusResponse(
davxml.HRef.fromString(href),
davxml.Status.fromResponseCode(
responsecode.NOT_FOUND)))
# Indicate error for all valid non-readable resources
for ignore_resource, href in bad_resources:
responses.append(
davxml.StatusResponse(
davxml.HRef.fromString(href),
davxml.Status.fromResponseCode(
responsecode.FORBIDDEN)))
# Indicate error for all missing/unavailable resources
for href in missing_resources:
responses.append(
davxml.StatusResponse(
davxml.HRef.fromString(href),
davxml.Status.fromResponseCode(
responsecode.NOT_FOUND)))
for href in unavailable_resources:
responses.append(
davxml.StatusResponse(
davxml.HRef.fromString(href),
davxml.Status.fromResponseCode(
responsecode.SERVICE_UNAVAILABLE)))
def _handleInvite(self, request, invitedoc):
def _handleInviteSet(inviteset):
userid = None
cn = None
access = None
summary = None
for item in inviteset.children:
if isinstance(item, element.HRef):
userid = str(item)
continue
if isinstance(item, customxml.CommonName):
cn = str(item)
continue
if isinstance(item, customxml.InviteSummary):
summary = str(item)
continue
if isinstance(item, customxml.ReadAccess) or isinstance(
item, customxml.ReadWriteAccess):
access = item
continue
if userid and access and summary:
return (userid, cn, access, summary)
else:
error_text = []
if userid is None:
error_text.append("missing href")
if access is None:
error_text.append("missing access")
if summary is None:
error_text.append("missing summary")
raise HTTPError(
ErrorResponse(
responsecode.FORBIDDEN,
(customxml.calendarserver_namespace, "valid-request"),
"%s: %s" % (
", ".join(error_text),
inviteset,
),
))
def _handleInviteRemove(inviteremove):
userid = None
access = []
for item in inviteremove.children:
if isinstance(item, element.HRef):
userid = str(item)
continue
if isinstance(item, customxml.ReadAccess) or isinstance(
item, customxml.ReadWriteAccess):
access.append(item)
continue
if userid is None:
raise HTTPError(
ErrorResponse(
responsecode.FORBIDDEN,
(customxml.calendarserver_namespace, "valid-request"),
"Missing href: %s" % (inviteremove, ),
))
if len(access) == 0:
access = None
else:
access = set(access)
return (userid, access)
setDict, removeDict, updateinviteDict = {}, {}, {}
okusers = set()
badusers = set()
for item in invitedoc.children:
if isinstance(item, customxml.InviteSet):
userid, cn, access, summary = _handleInviteSet(item)
setDict[userid] = (cn, access, summary)
# Validate each userid on add only
uid = (yield self.validUserIDForShare(userid, request))
if uid is None:
uid = yield self.principalForCalendarGroupAddress(userid)
(badusers if uid is None else okusers).add(userid)
elif isinstance(item, customxml.InviteRemove):
userid, access = _handleInviteRemove(item)
removeDict[userid] = access
# Treat removed userids as valid as we will fail invalid ones silently
okusers.add(userid)
# Only make changes if all OK
if len(badusers) == 0:
okusers = set()
badusers = set()
# Special case removing and adding the same user and treat that as an add
sameUseridInRemoveAndSet = [
u for u in removeDict.keys() if u in setDict
]
for u in sameUseridInRemoveAndSet:
removeACL = removeDict[u]
cn, newACL, summary = setDict[u]
updateinviteDict[u] = (cn, removeACL, newACL, summary)
del removeDict[u]
del setDict[u]
for userid, access in removeDict.iteritems():
result = (yield
self.uninviteUIDFromShare(userid, access, request))
# If result is False that means the user being removed was not
# actually invited, but let's not return an error in this case.
okusers.add(userid)
for userid, (cn, access, summary) in setDict.iteritems():
result = (yield self.inviteUIDToShare(userid, cn, access,
summary, request))
(okusers if result else badusers).add(userid)
for userid, (cn, removeACL, newACL,
summary) in updateinviteDict.iteritems():
result = (yield
self.inviteUserUpdateToShare(userid, cn, removeACL,
newACL, summary,
request))
(okusers if result else badusers).add(userid)
# In this case bad items do not prevent ok items from being processed
ok_code = responsecode.OK
else:
# In this case a bad item causes all ok items not to be processed so failed dependency is returned
ok_code = responsecode.FAILED_DEPENDENCY
# Do a final validation of the entire set of invites
invites = (yield self.validateInvites(request))
numRecords = len(invites)
# Set the sharing state on the collection
shared = self.isShared()
if shared and numRecords == 0:
yield self.downgradeFromShare(request)
elif not shared and numRecords != 0:
yield self.upgradeToShare()
# Create the multistatus response - only needed if some are bad
if badusers:
xml_responses = []
xml_responses.extend([
element.StatusResponse(
element.HRef(userid),
element.Status.fromResponseCode(ok_code))
for userid in sorted(okusers)
])
xml_responses.extend([
element.StatusResponse(
element.HRef(userid),
element.Status.fromResponseCode(responsecode.FORBIDDEN))
for userid in sorted(badusers)
])
#
# Return response
#
returnValue(MultiStatusResponse(xml_responses))
else:
returnValue(responsecode.OK)
