def test_Privilege_isAggregateOf(self): """ Privilege.isAggregateOf() """ for a, b in ( (davxml.All(), davxml.Write()), (davxml.All(), davxml.ReadACL()), (davxml.Write(), davxml.WriteProperties()), (davxml.Write(), davxml.WriteContent()), (davxml.Write(), davxml.Bind()), (davxml.Write(), davxml.Unbind()), ): pa = davxml.Privilege(a) pb = davxml.Privilege(b) self.failUnless(pa.isAggregateOf(pb, davPrivilegeSet), "%s contains %s" % (a.sname(), b.sname())) self.failIf(pb.isAggregateOf(pa, davPrivilegeSet), "%s does not contain %s" % (b.sname(), a.sname())) for a, b in ( (davxml.Unlock(), davxml.Write()), (davxml.Unlock(), davxml.WriteACL()), (davxml.ReadCurrentUserPrivilegeSet(), davxml.WriteProperties()), ): pa = davxml.Privilege(a) pb = davxml.Privilege(b) self.failIf(pb.isAggregateOf(pa, davPrivilegeSet), "%s does not contain %s" % (b.sname(), a.sname()))
def createDocumentRoot(self): docroot = self.mktemp() os.mkdir(docroot) userResource = TestDAVPrincipalResource("/principals/users/user01") userResource.writeDeadProperty(TwistedPasswordProperty("user01")) principalCollection = TestPrincipalsCollection( "/principals/", children={"users": TestPrincipalsCollection( "/principals/users/", children={"user01": userResource})}) rootResource = self.resource_class( docroot, principalCollections=(principalCollection,)) portal = Portal(DavRealm()) portal.registerChecker(TwistedPropertyChecker()) credentialFactories = (basic.BasicCredentialFactory(""),) loginInterfaces = (IPrincipal,) self.site = Site(AuthenticationWrapper( rootResource, portal, credentialFactories, credentialFactories, loginInterfaces )) rootResource.setAccessControlList(self.grant(element.All())) for name, acl in ( ("none" , self.grant()), ("read" , self.grant(element.Read())), ("read-write" , self.grant(element.Read(), element.Write())), ("unlock" , self.grant(element.Unlock())), ("all" , self.grant(element.All())), ): filename = os.path.join(docroot, name) if not os.path.isfile(filename): file(filename, "w").close() resource = self.resource_class(filename) resource.setAccessControlList(acl) for name, acl in ( ("nobind" , self.grant()), ("bind" , self.grant(element.Bind())), ("unbind" , self.grant(element.Bind(), element.Unbind())), ): dirname = os.path.join(docroot, name) if not os.path.isdir(dirname): os.mkdir(dirname) resource = self.resource_class(dirname) resource.setAccessControlList(acl) return docroot
def work(): dst_path = os.path.join(self.docroot, "copy_dst") dst_uri = "/" + os.path.basename(dst_path) for src, status in ( ("nobind", responsecode.FORBIDDEN), ("bind", responsecode.FORBIDDEN), ("unbind", responsecode.CREATED), ): src_path = os.path.join(self.docroot, "src_" + src) src_uri = "/" + os.path.basename(src_path) if not os.path.isdir(src_path): os.mkdir(src_path) src_resource = self.resource_class(src_path) src_resource.setAccessControlList({ "nobind": self.grant(), "bind" : self.grant(element.Bind()), "unbind": self.grant(element.Bind(), element.Unbind()) }[src]) for name, acl in ( ("none" , self.grant()), ("read" , self.grant(element.Read())), ("read-write" , self.grant(element.Read(), element.Write())), ("unlock" , self.grant(element.Unlock())), ("all" , self.grant(element.All())), ): filename = os.path.join(src_path, name) if not os.path.isfile(filename): file(filename, "w").close() self.resource_class(filename).setAccessControlList(acl) for method in ("COPY", "MOVE"): for name, code in ( ("none", {"COPY": responsecode.FORBIDDEN, "MOVE": status}[method]), ("read", {"COPY": responsecode.CREATED, "MOVE": status}[method]), ("read-write" , {"COPY": responsecode.CREATED, "MOVE": status}[method]), ("unlock", {"COPY": responsecode.FORBIDDEN, "MOVE": status}[method]), ("all", {"COPY": responsecode.CREATED, "MOVE": status}[method]), ): path = os.path.join(src_path, name) uri = src_uri + "/" + name request = SimpleRequest(self.site, method, uri) request.headers.setHeader("destination", dst_uri) _add_auth_header(request) def test(response, code=code, path=path): if os.path.isfile(dst_path): os.remove(dst_path) if response.code != code: return self.oops(request, response, code, method, name) yield (request, test)
def http_DELETE(self, request): """ Respond to a DELETE request. (RFC 2518, section 8.6) """ if not self.exists(): log.error("File not found: %s" % (self, )) raise HTTPError(responsecode.NOT_FOUND) depth = request.headers.getHeader("depth", "infinity") # # Check authentication and access controls # parent = waitForDeferred(request.locateResource(parentForURL(request.uri))) yield parent parent = parent.getResult() x = waitForDeferred(parent.authorize(request, (davxml.Unbind(), ))) yield x x.getResult() x = waitForDeferred(deleteResource(request, self, request.uri, depth)) yield x yield x.getResult()
def http_MOVE(self, request): """ Respond to a MOVE request. (RFC 2518, section 8.9) """ r = waitForDeferred(prepareForCopy(self, request)) yield r r = r.getResult() destination, destination_uri, depth = r # # Check authentication and access controls # parentURL = parentForURL(request.uri) parent = waitForDeferred(request.locateResource(parentURL)) yield parent parent = parent.getResult() x = waitForDeferred(parent.authorize(request, (davxml.Unbind(), ))) yield x x.getResult() if destination.exists(): x = waitForDeferred( destination.authorize(request, (davxml.Bind(), davxml.Unbind()), recurse=True)) yield x x.getResult() else: destparentURL = parentForURL(destination_uri) destparent = waitForDeferred(request.locateResource(destparentURL)) yield destparent destparent = destparent.getResult() x = waitForDeferred(destparent.authorize(request, (davxml.Bind(), ))) yield x x.getResult() # May need to add a location header addLocation(request, destination_uri) # # RFC 2518, section 8.9 says that we must act as if the Depth header is set # to infinity, and that the client must omit the Depth header or set it to # infinity. # # This seems somewhat at odds with the notion that a bad request should be # rejected outright; if the client sends a bad depth header, the client is # broken, and section 8 suggests that a bad request should be rejected... # # Let's play it safe for now and ignore broken clients. # if self.isCollection() and depth != "infinity": msg = "Client sent illegal depth header value for MOVE: %s" % (depth, ) log.error(msg) raise HTTPError(StatusResponse(responsecode.BAD_REQUEST, msg)) # Lets optimise a move within the same directory to a new resource as a simple move # rather than using the full transaction based storeResource api. This allows simple # "rename" operations to work quickly. if (not destination.exists()) and destparent == parent: x = waitForDeferred( move(self.fp, request.uri, destination.fp, destination_uri, depth)) else: x = waitForDeferred( put_common.storeResource(request, source=self, source_uri=request.uri, destination=destination, destination_uri=destination_uri, deletesource=True, depth=depth)) yield x yield x.getResult()