Improve rights checking and request handlers

* Access rights are checked before the storage is locked and
    collections are loaded.
  * DELETE sends 410 instead of doing nothing or crashing if the target
    doesn't exist.
  * GET always returns 404 if the target doesn't exist.
  * GET doesn't crash if a collection without tag property is requested.
  * MKCOL and MKCALENDAR send 409 if the target already exists.
  * MOVE checks if the target collection of an item actually exists and
    sends 409 otherwise.
  * PUT doesn't crash if a whole collection that doesn't exist yet is
    uploaded and ``content-type`` is ``text/vcard`` or
    ``text/calendar``.
  * PUT distinguishes between simple items and whole collections by the
    following criteria: Target is a collection; Parent exists; Parent
    has the tag property set; Parent contains other items. Before only
    the first two criteria where used, which was very unrelieable. #384
  * PROPPATCH is only allowed on collections and 409 is send otherwise.
  * ``Rights.authorized`` takes a path instead of a collection.
  * ``Collection.discover`` only returns items in ``path``, that
    actually exist. #442

radicale/xmlutils.py

@@ -472,20 +472,13 @@ def props_from_request(root, actions=("set", "remove")):
     return result
 
 
-def delete(path, collection):
+def delete(path, collection, href=None):
     """Read and answer DELETE requests.
 
     Read rfc4918-9.6 for info.
 
     """
-    # Reading request
-    if collection.path == path.strip("/"):
-        # Delete the whole collection
-        collection.delete()
-    else:
-        # Remove an item from the collection
-        collection.delete(name_from_path(path, collection))
-
+    collection.delete(href)
     # Writing answer
     multistatus = ET.Element(_tag("D", "multistatus"))
     response = ET.Element(_tag("D", "response"))