def queryCalendarObjectResource(resource, uri, name, calendar, timezone, query_ok=False, isowner=True):
"""
Run a query on the specified calendar.
@param resource: the L{CalDAVResource} for the calendar.
@param uri: the uri of the resource.
@param name: the name of the resource.
@param calendar: the L{Component} calendar read from the resource.
"""
# Handle private events access restrictions
if not isowner:
access = resource.accessMode
else:
access = None
if query_ok or filter.match(calendar, access):
# Check size of results is within limit
matchcount[0] += 1
if max_number_of_results[0] is not None and matchcount[0] > max_number_of_results[0]:
raise NumberOfMatchesWithinLimits(max_number_of_results[0])
if name:
href = davxml.HRef.fromString(joinURL(uri, name))
else:
href = davxml.HRef.fromString(uri)
try:
yield report_common.responseForHref(request, responses, href, resource, propertiesForResource, props, isowner, calendar=calendar, timezone=timezone)
except ConcurrentModification:
# This can happen because of a race-condition between the
# time we determine which resources exist and the deletion
# of one of these resources in another request. In this
# case, we ignore the now missing resource rather
# than raise an error for the entire report.
log.error("Missing resource during query: %s" % (href,))
def report_DAV__principal_property_search(self, request, principal_property_search):
"""
Generate a principal-property-search REPORT. (RFC 3744, section 9.4)
"""
# Verify root element
if not isinstance(principal_property_search, element.PrincipalPropertySearch):
raise ValueError("%s expected as root element, not %s."
% (element.PrincipalPropertySearch.sname(), principal_property_search.sname()))
# Only handle Depth: 0
depth = request.headers.getHeader("depth", "0")
if depth != "0":
log.error("Error in prinicpal-property-search REPORT, Depth set to %s" % (depth,))
raise HTTPError(StatusResponse(responsecode.BAD_REQUEST, "Depth %s not allowed" % (depth,)))
# Get a single DAV:prop element from the REPORT request body
propertiesForResource = None
propElement = None
propertySearches = []
applyTo = False
for child in principal_property_search.children:
if child.qname() == (dav_namespace, "prop"):
propertiesForResource = prop_common.propertyListForResource
propElement = child
elif child.qname() == (dav_namespace, "apply-to-principal-collection-set"):
applyTo = True
elif child.qname() == (dav_namespace, "property-search"):
props = child.childOfType(element.PropertyContainer)
props.removeWhitespaceNodes()
match = child.childOfType(element.Match)
propertySearches.append((props.children, str(match).lower()))
def nodeMatch(node, match):
"""
See if the content of the supplied node matches the supplied text.
Try to follow the matching guidance in rfc3744 section 9.4.1.
@param prop: the property element to match.
@param match: the text to match against.
@return: True if the property matches, False otherwise.
"""
node.removeWhitespaceNodes()
for child in node.children:
if isinstance(child, PCDATAElement):
comp = str(child).lower()
if comp.find(match) != -1:
return True
else:
return nodeMatch(child, match)
else:
return False
def propertySearch(resource, request):
"""
Test the resource to see if it contains properties matching the
property-search specification in this report.
@param resource: the L{DAVFile} for the resource to test.
@param request: the current request.
@return: True if the resource has matching properties, False otherwise.
"""
for props, match in propertySearches:
# Test each property
for prop in props:
try:
propvalue = waitForDeferred(resource.readProperty(prop.qname(), request))
yield propvalue
propvalue = propvalue.getResult()
if propvalue and not nodeMatch(propvalue, match):
yield False
return
except HTTPError:
# No property => no match
yield False
return
yield True
propertySearch = deferredGenerator(propertySearch)
# Run report
try:
resources = []
responses = []
matchcount = 0
if applyTo:
for principalCollection in self.principalCollections():
uri = principalCollection.principalCollectionURL()
resource = waitForDeferred(request.locateResource(uri))
yield resource
resource = resource.getResult()
if resource:
resources.append((resource, uri))
else:
resources.append((self, request.uri))
# Loop over all collections and principal resources within
for resource, ruri in resources:
# Do some optimisation of access control calculation by determining any inherited ACLs outside of
# the child resource loop and supply those to the checkPrivileges on each child.
filteredaces = waitForDeferred(resource.inheritedACEsforChildren(request))
yield filteredaces
filteredaces = filteredaces.getResult()
children = []
d = waitForDeferred(resource.findChildren("infinity", request, lambda x, y: children.append((x,y)),
privileges=(element.Read(),), inherited_aces=filteredaces))
yield d
d.getResult()
for child, uri in children:
if isPrincipalResource(child):
d = waitForDeferred(propertySearch(child, request))
yield d
d = d.getResult()
if d:
# Check size of results is within limit
matchcount += 1
if matchcount > max_number_of_matches:
raise NumberOfMatchesWithinLimits(max_number_of_matches)
d = waitForDeferred(prop_common.responseForHref(
request,
responses,
element.HRef.fromString(uri),
child,
propertiesForResource,
propElement
))
yield d
d.getResult()
except NumberOfMatchesWithinLimits:
log.error("Too many matching components in prinicpal-property-search report")
raise HTTPError(ErrorResponse(
responsecode.FORBIDDEN,
element.NumberOfMatchesWithinLimits()
))
yield MultiStatusResponse(responses)
def report_DAV__acl_principal_prop_set(self, request, acl_prinicpal_prop_set):
"""
Generate an acl-prinicpal-prop-set REPORT. (RFC 3744, section 9.2)
"""
# Verify root element
if not isinstance(acl_prinicpal_prop_set, davxml.ACLPrincipalPropSet):
raise ValueError("%s expected as root element, not %s." %
(davxml.ACLPrincipalPropSet.sname(),
acl_prinicpal_prop_set.sname()))
# Depth must be "0"
depth = request.headers.getHeader("depth", "0")
if depth != "0":
log.error("Error in prinicpal-prop-set REPORT, Depth set to %s" %
(depth, ))
raise HTTPError(
StatusResponse(responsecode.BAD_REQUEST,
"Depth %s not allowed" % (depth, )))
#
# Check authentication and access controls
#
x = waitForDeferred(self.authorize(request, (davxml.ReadACL(), )))
yield x
x.getResult()
# Get a single DAV:prop element from the REPORT request body
propertiesForResource = None
propElement = None
for child in acl_prinicpal_prop_set.children:
if child.qname() == ("DAV:", "prop"):
if propertiesForResource is not None:
log.error("Only one DAV:prop element allowed")
raise HTTPError(
StatusResponse(responsecode.BAD_REQUEST,
"Only one DAV:prop element allowed"))
propertiesForResource = prop_common.propertyListForResource
propElement = child
if propertiesForResource is None:
log.error(
"Error in acl-principal-prop-set REPORT, no DAV:prop element")
raise HTTPError(
StatusResponse(responsecode.BAD_REQUEST, "No DAV:prop element"))
# Enumerate principals on ACL in current resource
principals = []
acl = waitForDeferred(self.accessControlList(request))
yield acl
acl = acl.getResult()
for ace in acl.children:
resolved = waitForDeferred(
self.resolvePrincipal(ace.principal.children[0], request))
yield resolved
resolved = resolved.getResult()
if resolved is not None and resolved not in principals:
principals.append(resolved)
# Run report for each referenced principal
try:
responses = []
matchcount = 0
for principal in principals:
# Check size of results is within limit
matchcount += 1
if matchcount > max_number_of_matches:
raise NumberOfMatchesWithinLimits(max_number_of_matches)
resource = waitForDeferred(request.locateResource(str(principal)))
yield resource
resource = resource.getResult()
if resource is not None:
#
# Check authentication and access controls
#
x = waitForDeferred(
resource.authorize(request, (davxml.Read(), )))
yield x
try:
x.getResult()
except HTTPError:
responses.append(
davxml.StatusResponse(
principal,
davxml.Status.fromResponseCode(
responsecode.FORBIDDEN)))
else:
d = waitForDeferred(
prop_common.responseForHref(request, responses,
principal, resource,
propertiesForResource,
propElement))
yield d
d.getResult()
else:
log.error("Requested principal resource not found: %s" %
(str(principal), ))
responses.append(
davxml.StatusResponse(
principal,
davxml.Status.fromResponseCode(
responsecode.NOT_FOUND)))
except NumberOfMatchesWithinLimits:
log.error("Too many matching components")
raise HTTPError(
ErrorResponse(responsecode.FORBIDDEN,
davxml.NumberOfMatchesWithinLimits()))
yield MultiStatusResponse(responses)
def checkMaxResults():
matchcount[0] += 1
if max_number_of_results[0] is not None and matchcount[
0] > max_number_of_results[0]:
raise NumberOfMatchesWithinLimits(max_number_of_results[0])
def doQuery(addrresource, uri):
"""
Run a query on the specified address book collection
accumulating the query responses.
@param addrresource: the L{CalDAVResource} for an address book collection.
@param uri: the uri for the address book collecton resource.
"""
def checkMaxResults():
matchcount[0] += 1
if max_number_of_results[0] is not None and matchcount[
0] > max_number_of_results[0]:
raise NumberOfMatchesWithinLimits(max_number_of_results[0])
@inlineCallbacks
def queryAddressBookObjectResource(resource,
uri,
name,
vcard,
query_ok=False):
"""
Run a query on the specified vcard.
@param resource: the L{CalDAVResource} for the vcard.
@param uri: the uri of the resource.
@param name: the name of the resource.
@param vcard: the L{Component} vcard read from the resource.
"""
if query_ok or filter.match(vcard):
# Check size of results is within limit
checkMaxResults()
if name:
href = davxml.HRef.fromString(joinURL(uri, name))
else:
href = davxml.HRef.fromString(uri)
try:
yield report_common.responseForHref(request,
responses,
href,
resource,
propertiesForResource,
query,
vcard=vcard)
except ConcurrentModification:
# This can happen because of a race-condition between the
# time we determine which resources exist and the deletion
# of one of these resources in another request. In this
# case, we ignore the now missing resource rather
# than raise an error for the entire report.
log.error("Missing resource during sync: {href}",
href=href)
@inlineCallbacks
def queryDirectoryBackedAddressBook(directoryBackedAddressBook,
addressBookFilter):
"""
"""
results, limited[
0] = yield directoryBackedAddressBook.doAddressBookDirectoryQuery(
addressBookFilter, query, max_number_of_results[0])
for vCardResult in results:
# match against original filter if different from addressBookFilter
if addressBookFilter is filter or filter.match(
(yield vCardResult.vCard())):
# Check size of results is within limit
checkMaxResults()
try:
yield report_common.responseForHref(
request,
responses,
vCardResult.hRef(),
vCardResult,
propertiesForResource,
query,
vcard=(yield vCardResult.vCard()))
except ConcurrentModification:
# This can happen because of a race-condition between the
# time we determine which resources exist and the deletion
# of one of these resources in another request. In this
# case, we ignore the now missing resource rather
# than raise an error for the entire report.
log.error("Missing resource during sync: {href}",
href=vCardResult.hRef())
if not addrresource.isAddressBookCollection():
#do UID lookup on last part of uri
resource_name = urllib.unquote(uri[uri.rfind("/") + 1:])
if resource_name.endswith(".vcf") and len(resource_name) > 4:
# see if parent is directory backed address book
parent = (yield addrresource.locateParent(request, uri))
# Check whether supplied resource is an address book or an address book object resource
if addrresource.isAddressBookCollection():
if addrresource.isDirectoryBackedAddressBookCollection():
yield maybeDeferred(queryDirectoryBackedAddressBook,
addrresource, filter)
else:
# Do some optimisation of access control calculation by determining any inherited ACLs outside of
# the child resource loop and supply those to the checkPrivileges on each child.
filteredaces = (yield
addrresource.inheritedACEsforChildren(request))
# Check for disabled access
if filteredaces is not None:
index_query_ok = True
try:
# Get list of children that match the search and have read access
names = [
name for name, ignore_uid in (
yield addrresource.search(filter))
] #@UnusedVariable
except IndexedSearchException:
names = yield addrresource.listChildren()
index_query_ok = False
if not names:
return
# Now determine which valid resources are readable and which are not
ok_resources = []
yield addrresource.findChildrenFaster(
"1",
request,
lambda x, y: ok_resources.append((x, y)),
None,
None,
None,
names, (davxml.Read(), ),
inherited_aces=filteredaces)
for child, child_uri in ok_resources:
child_uri_name = child_uri[child_uri.rfind("/") + 1:]
if generate_address_data or not index_query_ok:
vcard = yield child.vCard()
assert vcard is not None, "vCard {name} is missing from address book collection {collection!r}".format(
name=child_uri_name, collection=self)
else:
vcard = None
yield queryAddressBookObjectResource(
child,
uri,
child_uri_name,
vcard,
query_ok=index_query_ok)
else:
handled = False
resource_name = urllib.unquote(uri[uri.rfind("/") + 1:])
if resource_name.endswith(".vcf") and len(resource_name) > 4:
# see if parent is directory backed address book
parent = (yield addrresource.locateParent(request, uri))
if parent.isDirectoryBackedAddressBookCollection():
vCardFilter = carddavxml.Filter(*[
carddavxml.PropertyFilter(
carddavxml.TextMatch.fromString(
resource_name[:-4]),
name="UID", # attributes
),
])
vCardFilter = Filter(vCardFilter)
yield maybeDeferred(queryDirectoryBackedAddressBook,
parent, vCardFilter)
handled = True
if not handled:
vcard = yield addrresource.vCard()
yield queryAddressBookObjectResource(addrresource, uri, None,
vcard)
if limited[0]:
raise NumberOfMatchesWithinLimits(matchcount[0])
def generateFreeBusyInfo(
request,
calresource,
fbinfo,
timerange,
matchtotal,
excludeuid=None,
organizer=None,
organizerPrincipal=None,
same_calendar_user=False,
servertoserver=False,
event_details=None,
):
"""
Run a free busy report on the specified calendar collection
accumulating the free busy info for later processing.
@param request: the L{IRequest} for the current request.
@param calresource: the L{CalDAVResource} for a calendar collection.
@param fbinfo: the array of busy periods to update.
@param timerange: the L{TimeRange} for the query.
@param matchtotal: the running total for the number of matches.
@param excludeuid: a C{str} containing a UID value to exclude any
components with that UID from contributing to free-busy.
@param organizer: a C{str} containing the value of the ORGANIZER property
in the VFREEBUSY request. This is used in conjunction with the UID
value to process exclusions.
@param same_calendar_user: a C{bool} indicating whether the calendar user
requesting the free-busy information is the same as the calendar user
being targeted.
@param servertoserver: a C{bool} indicating whether we are doing a local or
remote lookup request.
@param event_details: a C{list} into which to store extended VEVENT details if not C{None}
"""
# First check the privilege on this collection
# TODO: for server-to-server we bypass this right now as we have no way to authorize external users.
if not servertoserver:
try:
yield calresource.checkPrivileges(request,
(caldavxml.ReadFreeBusy(), ),
principal=organizerPrincipal)
except AccessDeniedError:
returnValue(matchtotal)
# May need organizer principal
organizer_principal = (yield calresource.principalForCalendarUserAddress(
organizer)) if organizer else None
organizer_uid = organizer_principal.principalUID(
) if organizer_principal else ""
# Free busy is per-user
userPrincipal = (yield calresource.resourceOwnerPrincipal(request))
if userPrincipal:
useruid = userPrincipal.principalUID()
else:
useruid = ""
# Get the timezone property from the collection.
has_prop = (yield calresource.hasProperty(CalendarTimeZone(), request))
if has_prop:
tz = (yield calresource.readProperty(CalendarTimeZone(), request))
else:
tz = None
# Look for possible extended free busy information
rich_options = {
"organizer": False,
"delegate": False,
"resource": False,
}
do_event_details = False
if event_details is not None and organizer_principal is not None and userPrincipal is not None:
# Check if organizer is attendee
if organizer_principal == userPrincipal:
do_event_details = True
rich_options["organizer"] = True
# Check if organizer is a delegate of attendee
proxy = (yield organizer_principal.isProxyFor(userPrincipal))
if config.Scheduling.Options.DelegeteRichFreeBusy and proxy:
do_event_details = True
rich_options["delegate"] = True
# Check if attendee is room or resource
if config.Scheduling.Options.RoomResourceRichFreeBusy and userPrincipal.getCUType(
) in (
"RESOURCE",
"ROOM",
):
do_event_details = True
rich_options["resource"] = True
# Try cache
resources = (yield FBCacheEntry.getCacheEntry(
calresource, useruid,
timerange)) if config.EnableFreeBusyCache else None
if resources is None:
caching = False
if config.EnableFreeBusyCache:
# Log extended item
if not hasattr(request, "extendedLogItems"):
request.extendedLogItems = {}
request.extendedLogItems[
"fb-uncached"] = request.extendedLogItems.get(
"fb-uncached", 0) + 1
# We want to cache a large range of time based on the current date
cache_start = normalizeToUTC(DateTime.getToday() + Duration(
days=0 - config.FreeBusyCacheDaysBack))
cache_end = normalizeToUTC(DateTime.getToday() + Duration(
days=config.FreeBusyCacheDaysForward))
# If the requested timerange would fit in our allowed cache range, trigger the cache creation
if compareDateTime(timerange.start,
cache_start) >= 0 and compareDateTime(
timerange.end, cache_end) <= 0:
cache_timerange = TimeRange(start=cache_start.getText(),
end=cache_end.getText())
caching = True
#
# What we do is a fake calendar-query for VEVENT/VFREEBUSYs in the specified time-range.
# We then take those results and merge them into one VFREEBUSY component
# with appropriate FREEBUSY properties, and return that single item as iCal data.
#
# Create fake filter element to match time-range
filter = caldavxml.Filter(
caldavxml.ComponentFilter(
caldavxml.ComponentFilter(
cache_timerange if caching else timerange,
name=("VEVENT", "VFREEBUSY", "VAVAILABILITY"),
),
name="VCALENDAR",
))
filter = Filter(filter)
tzinfo = filter.settimezone(tz)
try:
resources = yield calresource.search(filter,
useruid=useruid,
fbtype=True)
if caching:
yield FBCacheEntry.makeCacheEntry(calresource, useruid,
cache_timerange, resources)
except IndexedSearchException:
raise HTTPError(
StatusResponse(responsecode.INTERNAL_SERVER_ERROR,
"Failed freebusy query"))
else:
# Log extended item
if not hasattr(request, "extendedLogItems"):
request.extendedLogItems = {}
request.extendedLogItems["fb-cached"] = request.extendedLogItems.get(
"fb-cached", 0) + 1
# Determine appropriate timezone (UTC is the default)
tzinfo = tz.gettimezone() if tz is not None else Timezone(utc=True)
# We care about separate instances for VEVENTs only
aggregated_resources = {}
for name, uid, type, test_organizer, float, start, end, fbtype, transp in resources:
if transp == 'T' and fbtype != '?':
fbtype = 'F'
aggregated_resources.setdefault((
name,
uid,
type,
test_organizer,
), []).append((
float,
start,
end,
fbtype,
))
for key in aggregated_resources.iterkeys():
name, uid, type, test_organizer = key
# Short-cut - if an fbtype exists we can use that
if type == "VEVENT" and aggregated_resources[key][0][3] != '?':
matchedResource = False
# Look at each instance
for float, start, end, fbtype in aggregated_resources[key]:
# Ignore free time or unknown
if fbtype in ('F', '?'):
continue
# Ignore ones of this UID
if excludeuid:
# See if we have a UID match
if (excludeuid == uid):
test_principal = (
yield calresource.principalForCalendarUserAddress(
test_organizer)) if test_organizer else None
test_uid = test_principal.principalUID(
) if test_principal else ""
# Check that ORGANIZER's match (security requirement)
if (organizer is None) or (organizer_uid == test_uid):
continue
# Check for no ORGANIZER and check by same calendar user
elif (test_uid == "") and same_calendar_user:
continue
# Apply a timezone to any floating times
fbstart = parseSQLTimestampToPyCalendar(start)
if float == 'Y':
fbstart.setTimezone(tzinfo)
else:
fbstart.setTimezone(Timezone(utc=True))
fbend = parseSQLTimestampToPyCalendar(end)
if float == 'Y':
fbend.setTimezone(tzinfo)
else:
fbend.setTimezone(Timezone(utc=True))
# Clip instance to time range
clipped = clipPeriod(Period(fbstart, duration=fbend - fbstart),
Period(timerange.start, timerange.end))
# Double check for overlap
if clipped:
matchedResource = True
fbinfo[fbtype_index_mapper.get(fbtype, 0)].append(clipped)
if matchedResource:
# Check size of results is within limit
matchtotal += 1
if matchtotal > max_number_of_matches:
raise NumberOfMatchesWithinLimits(max_number_of_matches)
# Add extended details
if do_event_details:
child = (yield
request.locateChildResource(calresource, name))
calendar = (yield child.iCalendarForUser(request))
_addEventDetails(calendar, event_details, rich_options,
timerange, tzinfo)
else:
child = (yield request.locateChildResource(calresource, name))
calendar = (yield child.iCalendarForUser(request))
# The calendar may come back as None if the resource is being changed, or was deleted
# between our initial index query and getting here. For now we will ignore this error, but in
# the longer term we need to implement some form of locking, perhaps.
if calendar is None:
log.error(
"Calendar %s is missing from calendar collection %r" %
(name, calresource))
continue
# Ignore ones of this UID
if excludeuid:
# See if we have a UID match
if (excludeuid == uid):
test_organizer = calendar.getOrganizer()
test_principal = (
yield calresource.principalForCalendarUserAddress(
test_organizer)) if test_organizer else None
test_uid = test_principal.principalUID(
) if test_principal else ""
# Check that ORGANIZER's match (security requirement)
if (organizer is None) or (organizer_uid == test_uid):
continue
# Check for no ORGANIZER and check by same calendar user
elif (test_organizer is None) and same_calendar_user:
continue
if filter.match(calendar, None):
# Check size of results is within limit
matchtotal += 1
if matchtotal > max_number_of_matches:
raise NumberOfMatchesWithinLimits(max_number_of_matches)
if calendar.mainType() == "VEVENT":
processEventFreeBusy(calendar, fbinfo, timerange, tzinfo)
elif calendar.mainType() == "VFREEBUSY":
processFreeBusyFreeBusy(calendar, fbinfo, timerange)
elif calendar.mainType() == "VAVAILABILITY":
processAvailabilityFreeBusy(calendar, fbinfo, timerange)
else:
assert "Free-busy query returned unwanted component: %s in %r", (
name,
calresource,
)
# Add extended details
if calendar.mainType() == "VEVENT" and do_event_details:
child = (yield
request.locateChildResource(calresource, name))
calendar = (yield child.iCalendarForUser(request))
_addEventDetails(calendar, event_details, rich_options,
timerange, tzinfo)
returnValue(matchtotal)
def report_DAV__principal_match(self, request, principal_match):
"""
Generate a principal-match REPORT. (RFC 3744, section 9.3)
"""
# Verify root element
if not isinstance(principal_match, element.PrincipalMatch):
raise ValueError(
"%s expected as root element, not %s." %
(element.PrincipalMatch.sname(), principal_match.sname()))
# Only handle Depth: 0
depth = request.headers.getHeader("depth", "0")
if depth != "0":
log.error("Non-zero depth is not allowed: %s" % (depth, ))
raise HTTPError(
StatusResponse(responsecode.BAD_REQUEST,
"Depth %s not allowed" % (depth, )))
# Get a single DAV:prop element from the REPORT request body
propertiesForResource = None
propElement = None
principalPropElement = None
lookForPrincipals = True
for child in principal_match.children:
if child.qname() == (dav_namespace, "prop"):
propertiesForResource = prop_common.propertyListForResource
propElement = child
elif child.qname() == (dav_namespace, "self"):
lookForPrincipals = True
elif child.qname() == (dav_namespace, "principal-property"):
# Must have one and only one property in this element
if len(child.children) != 1:
log.error(
"Wrong number of properties in DAV:principal-property: %s"
% (len(child.children), ))
raise HTTPError(
StatusResponse(
responsecode.BAD_REQUEST,
"DAV:principal-property must contain exactly one property"
))
lookForPrincipals = False
principalPropElement = child.children[0]
# Run report for each referenced principal
try:
responses = []
matchcount = 0
myPrincipalURL = self.currentPrincipal(request).children[0]
if lookForPrincipals:
# Find the set of principals that represent "self".
# First add "self"
principal = waitForDeferred(
request.locateResource(str(myPrincipalURL)))
yield principal
principal = principal.getResult()
selfItems = [
principal,
]
# Get group memberships for "self" and add each of those
d = waitForDeferred(principal.groupMemberships())
yield d
memberships = d.getResult()
selfItems.extend(memberships)
# Now add each principal found to the response provided the principal resource is a child of
# the current resource.
for principal in selfItems:
# Get all the URIs that point to the principal resource
# FIXME: making the assumption that the principalURL() is the URL of the resource we found
principal_uris = [principal.principalURL()]
principal_uris.extend(principal.alternateURIs())
# Compare each one to the request URI and return at most one that matches
for uri in principal_uris:
if uri.startswith(request.uri):
# Check size of results is within limit
matchcount += 1
if matchcount > max_number_of_matches:
raise NumberOfMatchesWithinLimits(
max_number_of_matches)
d = waitForDeferred(
prop_common.responseForHref(
request, responses,
element.HRef.fromString(uri), principal,
propertiesForResource, propElement))
yield d
d.getResult()
break
else:
# Do some optimisation of access control calculation by determining any inherited ACLs outside of
# the child resource loop and supply those to the checkPrivileges on each child.
filteredaces = waitForDeferred(
self.inheritedACEsforChildren(request))
yield filteredaces
filteredaces = filteredaces.getResult()
children = []
d = waitForDeferred(
self.findChildren("infinity",
request,
lambda x, y: children.append((x, y)),
privileges=(element.Read(), ),
inherited_aces=filteredaces))
yield d
d.getResult()
for child, uri in children:
# Try to read the requested property from this resource
try:
prop = waitForDeferred(
child.readProperty(principalPropElement.qname(),
request))
yield prop
prop = prop.getResult()
if prop:
prop.removeWhitespaceNodes()
if prop and len(prop.children) == 1 and isinstance(
prop.children[0], element.HRef):
# Find principal associated with this property and test it
principal = waitForDeferred(
request.locateResource(str(prop.children[0])))
yield principal
principal = principal.getResult()
if principal and isPrincipalResource(principal):
d = waitForDeferred(
principal.principalMatch(myPrincipalURL))
yield d
matched = d.getResult()
if matched:
# Check size of results is within limit
matchcount += 1
if matchcount > max_number_of_matches:
raise NumberOfMatchesWithinLimits(
max_number_of_matches)
d = waitForDeferred(
prop_common.responseForHref(
request, responses,
element.HRef.fromString(uri), child,
propertiesForResource, propElement))
yield d
d.getResult()
except HTTPError:
# Just ignore a failure to access the property. We treat this like a property that does not exist
# or does not match the principal.
pass
except NumberOfMatchesWithinLimits:
log.error("Too many matching components in principal-match report")
raise HTTPError(
ErrorResponse(responsecode.FORBIDDEN,
element.NumberOfMatchesWithinLimits()))
yield MultiStatusResponse(responses)
