def testCollectionAccessSuperUser(self):
# super user accessing (non-)shared res from nu
parentColl = '/SOGo/dav/%s/Calendar/' % subscriber_username
self.createdRsrc = '%stest-dav-acl/' % parentColl
for rsrc in ['personal', 'test-dav-acl']:
resource = '%s%s/' % (parentColl, rsrc)
mkcol = webdavlib.WebDAVMKCOL(resource)
self.superuser_client.execute(mkcol)
acl_utility = utilities.TestCalendarACLUtility(
self, self.subscriber_client, resource)
acl_utility.setupRights(username, {})
propfind = webdavlib.WebDAVPROPFIND(parentColl, ["displayname"], 1)
self.subscriber_client.execute(propfind)
hrefs = [x.text \
for x in propfind.response["document"] \
.findall("{DAV:}response/{DAV:}href")]
self.assertTrue(
len(hrefs) > 2, "expected at least 3 hrefs in response")
self.assertEquals(hrefs[0], parentColl,
"the href must be the 'Calendar' parent coll.")
for rsrc in ['personal', 'test-dav-acl']:
resource = '%s%s/' % (parentColl, rsrc)
self.assertTrue(
hrefs.index(resource) > -1,
"resource '%s' not returned" % resource)
def _testMapping(self, client, perm, resource, rights):
dav_utility = utilities.TestCalendarACLUtility(self, client, resource)
dav_utility.setupRights(subscriber_username, rights)
membership = self._getMembership(subscriber_username)
self.assertEquals(
['/SOGo/dav/%s/calendar-proxy-%s/' % (username, perm)], membership,
"'%s' must have %s access to %s's calendars:\n%s" %
(subscriber_username, perm, username, membership))
proxyFor = self._getProxyFor(subscriber_username, perm)
self.assertEquals([username], proxyFor,
"'%s' expected to be %s proxy for %s: %s" %
(subscriber_username, perm, username, proxyFor))
def __init__(self, arg):
DAVAclTest.__init__(self, arg)
self.acl_utility = utilities.TestCalendarACLUtility(
self, self.client, self.resource)
def testCollectionAccessNormalUser(self):
"""normal user access to (non-)shared resource from su"""
# 1. all rights removed
parentColl = '/SOGo/dav/%s/Calendar/' % username
self.createdRsrc = '%stest-dav-acl/' % parentColl
for rsrc in ['personal', 'test-dav-acl']:
resource = '%s%s/' % (parentColl, rsrc)
mkcol = webdavlib.WebDAVMKCOL(resource)
self.client.execute(mkcol)
acl_utility = utilities.TestCalendarACLUtility(
self, self.client, resource)
acl_utility.setupRights("anonymous", {})
acl_utility.setupRights(subscriber_username, {})
acl_utility.setupRights("<default>", {})
propfind = webdavlib.WebDAVPROPFIND(parentColl, ["displayname"], 1)
self.subscriber_client.execute(propfind)
hrefs = propfind.response["document"] \
.findall("{DAV:}response/{DAV:}href")
self.assertEquals(
len(hrefs), 1,
"expected 1 href in response instead of %d" % len(hrefs))
self.assertEquals(hrefs[0].text, parentColl,
"the href must be the 'Calendar' parent coll.")
acl_utility = utilities.TestCalendarACLUtility(self, self.client,
self.createdRsrc)
# 2. creation right added
acl_utility.setupRights(subscriber_username, {"c": True})
self.subscriber_client.execute(propfind)
hrefs = propfind.response["document"].findall(
"{DAV:}response/{DAV:}href")
self.assertEquals(
len(hrefs), 4, "expected 4 hrefs in response, got %d: %s" %
(len(hrefs), ", ".join([x.text for x in hrefs])))
self.assertEquals(hrefs[0].text, parentColl,
"the first href is not a 'Calendar' parent coll.")
resourceHrefs = {
resource: False,
"%s.xml" % resource[:-1]: False,
"%s.ics" % resource[:-1]: False
}
for href in hrefs[1:]:
self.assertTrue(resourceHrefs.has_key(href.text),
"received unexpected href: %s" % href.text)
self.assertFalse(
resourceHrefs[href.text],
"href was returned more than once: %s" % href.text)
resourceHrefs[href.text] = True
acl_utility.setupRights(subscriber_username)
# 3. creation right added for "default user"
# subscriber_username expected to have access, but not "anonymous"
acl_utility.setupRights("<default>", {"c": True})
self.subscriber_client.execute(propfind)
hrefs = propfind.response["document"] \
.findall("{DAV:}response/{DAV:}href")
self.assertEquals(
len(hrefs), 4, "expected 4 hrefs in response, got %d: %s" %
(len(hrefs), ", ".join([x.text for x in hrefs])))
self.assertEquals(hrefs[0].text, parentColl,
"the first href is not a 'Calendar' parent coll.")
resourceHrefs = {
resource: False,
"%s.xml" % resource[:-1]: False,
"%s.ics" % resource[:-1]: False
}
for href in hrefs[1:]:
self.assertTrue(resourceHrefs.has_key(href.text),
"received unexpected href: %s" % href.text)
self.assertFalse(
resourceHrefs[href.text],
"href was returned more than once: %s" % href.text)
resourceHrefs[href.text] = True
anonParentColl = '/SOGo/dav/public/%s/Calendar/' % username
anon_propfind = webdavlib.WebDAVPROPFIND(anonParentColl,
["displayname"], 1)
self.anon_client.execute(anon_propfind)
hrefs = anon_propfind.response["document"] \
.findall("{DAV:}response/{DAV:}href")
self.assertEquals(len(hrefs), 1, "expected only 1 href in response")
self.assertEquals(hrefs[0].text, anonParentColl,
"the first href is not a 'Calendar' parent coll.")
acl_utility.setupRights("<default>", {})
# 4. creation right added for "anonymous"
# "anonymous" expected to have access, but not subscriber_username
acl_utility.setupRights("anonymous", {"c": True})
self.anon_client.execute(anon_propfind)
hrefs = anon_propfind.response["document"] \
.findall("{DAV:}response/{DAV:}href")
self.assertEquals(
len(hrefs), 4, "expected 4 hrefs in response, got %d: %s" %
(len(hrefs), ", ".join([x.text for x in hrefs])))
self.assertEquals(hrefs[0].text, anonParentColl,
"the first href is not a 'Calendar' parent coll.")
anonResource = '%stest-dav-acl/' % anonParentColl
resourceHrefs = {
anonResource: False,
"%s.xml" % anonResource[:-1]: False,
"%s.ics" % anonResource[:-1]: False
}
for href in hrefs[1:]:
self.assertTrue(resourceHrefs.has_key(href.text),
"received unexpected href: %s" % href.text)
self.assertFalse(
resourceHrefs[href.text],
"href was returned more than once: %s" % href.text)
resourceHrefs[href.text] = True
self.subscriber_client.execute(propfind)
hrefs = propfind.response["document"] \
.findall("{DAV:}response/{DAV:}href")
self.assertEquals(len(hrefs), 1, "expected only 1 href in response")
self.assertEquals(hrefs[0].text, parentColl,
"the first href is not a 'Calendar' parent coll.")
def testCalendarProxy2(self):
"""calendar-proxy as used from SOGo"""
client = webdavlib.WebDAVClient(hostname, port, superuser,
superuser_password)
client.user_agent = "DAVKit/4.0.1 (730); CalendarStore/4.0.1 (973); iCal/4.0.1 (1374); Mac OS X/10.6.2 (10C540)"
personal_resource = "/SOGo/dav/%s/Calendar/personal/" % username
dav_utility = utilities.TestCalendarACLUtility(self, client,
personal_resource)
dav_utility.setupRights(subscriber_username, {})
dav_utility.subscribe([subscriber_username])
other_resource = ("/SOGo/dav/%s/Calendar/test-calendar-proxy2/" %
username)
delete = webdavlib.WebDAVDELETE(other_resource)
client.execute(delete)
mkcol = webdavlib.WebDAVMKCOL(other_resource)
client.execute(mkcol)
dav_utility = utilities.TestCalendarACLUtility(self, client,
other_resource)
dav_utility.setupRights(subscriber_username, {})
dav_utility.subscribe([subscriber_username])
## we test the rights mapping
# write: write on 'personal', none on 'test-calendar-proxy2'
self._testMapping(client, "write", personal_resource, {
"c": True,
"d": False,
"pu": "v"
})
self._testMapping(client, "write", personal_resource, {
"c": False,
"d": True,
"pu": "v"
})
self._testMapping(client, "write", personal_resource, {
"c": False,
"d": False,
"pu": "m"
})
self._testMapping(client, "write", personal_resource, {
"c": False,
"d": False,
"pu": "r"
})
# read: read on 'personal', none on 'test-calendar-proxy2'
self._testMapping(client, "read", personal_resource, {
"c": False,
"d": False,
"pu": "d"
})
self._testMapping(client, "read", personal_resource, {
"c": False,
"d": False,
"pu": "v"
})
# write: read on 'personal', write on 'test-calendar-proxy2'
self._testMapping(client, "write", other_resource, {
"c": False,
"d": False,
"pu": "r"
})
## we test the unsubscription
# unsubscribed from personal, subscribed to 'test-calendar-proxy2'
dav_utility = utilities.TestCalendarACLUtility(self, client,
personal_resource)
dav_utility.unsubscribe([subscriber_username])
membership = self._getMembership(subscriber_username)
self.assertEquals(['/SOGo/dav/%s/calendar-proxy-write/' % username],
membership,
"'%s' must have write access to %s's calendars" %
(subscriber_username, username))
# unsubscribed from personal, unsubscribed from 'test-calendar-proxy2'
dav_utility = utilities.TestCalendarACLUtility(self, client,
other_resource)
dav_utility.unsubscribe([subscriber_username])
membership = self._getMembership(subscriber_username)
self.assertEquals([], membership,
"'%s' must have no access to %s's calendars" %
(subscriber_username, username))
delete = webdavlib.WebDAVDELETE(other_resource)
client.execute(delete)