def testCollectionAccessSuperUser(self): # super user accessing (non-)shared res from nu parentColl = '/SOGo/dav/%s/Calendar/' % subscriber_username self.createdRsrc = '%stest-dav-acl/' % parentColl for rsrc in ['personal', 'test-dav-acl']: resource = '%s%s/' % (parentColl, rsrc) mkcol = webdavlib.WebDAVMKCOL(resource) self.superuser_client.execute(mkcol) acl_utility = utilities.TestCalendarACLUtility( self, self.subscriber_client, resource) acl_utility.setupRights(username, {}) propfind = webdavlib.WebDAVPROPFIND(parentColl, ["displayname"], 1) self.subscriber_client.execute(propfind) hrefs = [x.text \ for x in propfind.response["document"] \ .findall("{DAV:}response/{DAV:}href")] self.assertTrue( len(hrefs) > 2, "expected at least 3 hrefs in response") self.assertEquals(hrefs[0], parentColl, "the href must be the 'Calendar' parent coll.") for rsrc in ['personal', 'test-dav-acl']: resource = '%s%s/' % (parentColl, rsrc) self.assertTrue( hrefs.index(resource) > -1, "resource '%s' not returned" % resource)
def _testMapping(self, client, perm, resource, rights): dav_utility = utilities.TestCalendarACLUtility(self, client, resource) dav_utility.setupRights(subscriber_username, rights) membership = self._getMembership(subscriber_username) self.assertEquals( ['/SOGo/dav/%s/calendar-proxy-%s/' % (username, perm)], membership, "'%s' must have %s access to %s's calendars:\n%s" % (subscriber_username, perm, username, membership)) proxyFor = self._getProxyFor(subscriber_username, perm) self.assertEquals([username], proxyFor, "'%s' expected to be %s proxy for %s: %s" % (subscriber_username, perm, username, proxyFor))
def __init__(self, arg): DAVAclTest.__init__(self, arg) self.acl_utility = utilities.TestCalendarACLUtility( self, self.client, self.resource)
def testCollectionAccessNormalUser(self): """normal user access to (non-)shared resource from su""" # 1. all rights removed parentColl = '/SOGo/dav/%s/Calendar/' % username self.createdRsrc = '%stest-dav-acl/' % parentColl for rsrc in ['personal', 'test-dav-acl']: resource = '%s%s/' % (parentColl, rsrc) mkcol = webdavlib.WebDAVMKCOL(resource) self.client.execute(mkcol) acl_utility = utilities.TestCalendarACLUtility( self, self.client, resource) acl_utility.setupRights("anonymous", {}) acl_utility.setupRights(subscriber_username, {}) acl_utility.setupRights("<default>", {}) propfind = webdavlib.WebDAVPROPFIND(parentColl, ["displayname"], 1) self.subscriber_client.execute(propfind) hrefs = propfind.response["document"] \ .findall("{DAV:}response/{DAV:}href") self.assertEquals( len(hrefs), 1, "expected 1 href in response instead of %d" % len(hrefs)) self.assertEquals(hrefs[0].text, parentColl, "the href must be the 'Calendar' parent coll.") acl_utility = utilities.TestCalendarACLUtility(self, self.client, self.createdRsrc) # 2. creation right added acl_utility.setupRights(subscriber_username, {"c": True}) self.subscriber_client.execute(propfind) hrefs = propfind.response["document"].findall( "{DAV:}response/{DAV:}href") self.assertEquals( len(hrefs), 4, "expected 4 hrefs in response, got %d: %s" % (len(hrefs), ", ".join([x.text for x in hrefs]))) self.assertEquals(hrefs[0].text, parentColl, "the first href is not a 'Calendar' parent coll.") resourceHrefs = { resource: False, "%s.xml" % resource[:-1]: False, "%s.ics" % resource[:-1]: False } for href in hrefs[1:]: self.assertTrue(resourceHrefs.has_key(href.text), "received unexpected href: %s" % href.text) self.assertFalse( resourceHrefs[href.text], "href was returned more than once: %s" % href.text) resourceHrefs[href.text] = True acl_utility.setupRights(subscriber_username) # 3. creation right added for "default user" # subscriber_username expected to have access, but not "anonymous" acl_utility.setupRights("<default>", {"c": True}) self.subscriber_client.execute(propfind) hrefs = propfind.response["document"] \ .findall("{DAV:}response/{DAV:}href") self.assertEquals( len(hrefs), 4, "expected 4 hrefs in response, got %d: %s" % (len(hrefs), ", ".join([x.text for x in hrefs]))) self.assertEquals(hrefs[0].text, parentColl, "the first href is not a 'Calendar' parent coll.") resourceHrefs = { resource: False, "%s.xml" % resource[:-1]: False, "%s.ics" % resource[:-1]: False } for href in hrefs[1:]: self.assertTrue(resourceHrefs.has_key(href.text), "received unexpected href: %s" % href.text) self.assertFalse( resourceHrefs[href.text], "href was returned more than once: %s" % href.text) resourceHrefs[href.text] = True anonParentColl = '/SOGo/dav/public/%s/Calendar/' % username anon_propfind = webdavlib.WebDAVPROPFIND(anonParentColl, ["displayname"], 1) self.anon_client.execute(anon_propfind) hrefs = anon_propfind.response["document"] \ .findall("{DAV:}response/{DAV:}href") self.assertEquals(len(hrefs), 1, "expected only 1 href in response") self.assertEquals(hrefs[0].text, anonParentColl, "the first href is not a 'Calendar' parent coll.") acl_utility.setupRights("<default>", {}) # 4. creation right added for "anonymous" # "anonymous" expected to have access, but not subscriber_username acl_utility.setupRights("anonymous", {"c": True}) self.anon_client.execute(anon_propfind) hrefs = anon_propfind.response["document"] \ .findall("{DAV:}response/{DAV:}href") self.assertEquals( len(hrefs), 4, "expected 4 hrefs in response, got %d: %s" % (len(hrefs), ", ".join([x.text for x in hrefs]))) self.assertEquals(hrefs[0].text, anonParentColl, "the first href is not a 'Calendar' parent coll.") anonResource = '%stest-dav-acl/' % anonParentColl resourceHrefs = { anonResource: False, "%s.xml" % anonResource[:-1]: False, "%s.ics" % anonResource[:-1]: False } for href in hrefs[1:]: self.assertTrue(resourceHrefs.has_key(href.text), "received unexpected href: %s" % href.text) self.assertFalse( resourceHrefs[href.text], "href was returned more than once: %s" % href.text) resourceHrefs[href.text] = True self.subscriber_client.execute(propfind) hrefs = propfind.response["document"] \ .findall("{DAV:}response/{DAV:}href") self.assertEquals(len(hrefs), 1, "expected only 1 href in response") self.assertEquals(hrefs[0].text, parentColl, "the first href is not a 'Calendar' parent coll.")
def testCalendarProxy2(self): """calendar-proxy as used from SOGo""" client = webdavlib.WebDAVClient(hostname, port, superuser, superuser_password) client.user_agent = "DAVKit/4.0.1 (730); CalendarStore/4.0.1 (973); iCal/4.0.1 (1374); Mac OS X/10.6.2 (10C540)" personal_resource = "/SOGo/dav/%s/Calendar/personal/" % username dav_utility = utilities.TestCalendarACLUtility(self, client, personal_resource) dav_utility.setupRights(subscriber_username, {}) dav_utility.subscribe([subscriber_username]) other_resource = ("/SOGo/dav/%s/Calendar/test-calendar-proxy2/" % username) delete = webdavlib.WebDAVDELETE(other_resource) client.execute(delete) mkcol = webdavlib.WebDAVMKCOL(other_resource) client.execute(mkcol) dav_utility = utilities.TestCalendarACLUtility(self, client, other_resource) dav_utility.setupRights(subscriber_username, {}) dav_utility.subscribe([subscriber_username]) ## we test the rights mapping # write: write on 'personal', none on 'test-calendar-proxy2' self._testMapping(client, "write", personal_resource, { "c": True, "d": False, "pu": "v" }) self._testMapping(client, "write", personal_resource, { "c": False, "d": True, "pu": "v" }) self._testMapping(client, "write", personal_resource, { "c": False, "d": False, "pu": "m" }) self._testMapping(client, "write", personal_resource, { "c": False, "d": False, "pu": "r" }) # read: read on 'personal', none on 'test-calendar-proxy2' self._testMapping(client, "read", personal_resource, { "c": False, "d": False, "pu": "d" }) self._testMapping(client, "read", personal_resource, { "c": False, "d": False, "pu": "v" }) # write: read on 'personal', write on 'test-calendar-proxy2' self._testMapping(client, "write", other_resource, { "c": False, "d": False, "pu": "r" }) ## we test the unsubscription # unsubscribed from personal, subscribed to 'test-calendar-proxy2' dav_utility = utilities.TestCalendarACLUtility(self, client, personal_resource) dav_utility.unsubscribe([subscriber_username]) membership = self._getMembership(subscriber_username) self.assertEquals(['/SOGo/dav/%s/calendar-proxy-write/' % username], membership, "'%s' must have write access to %s's calendars" % (subscriber_username, username)) # unsubscribed from personal, unsubscribed from 'test-calendar-proxy2' dav_utility = utilities.TestCalendarACLUtility(self, client, other_resource) dav_utility.unsubscribe([subscriber_username]) membership = self._getMembership(subscriber_username) self.assertEquals([], membership, "'%s' must have no access to %s's calendars" % (subscriber_username, username)) delete = webdavlib.WebDAVDELETE(other_resource) client.execute(delete)