Merge pull request #1409 from pbiering/fix-1314

add option for global permit of delete of collection (default: True t…
2025-06-26 16:45:52 +00:00 · 2024-03-09 07:16:18 +01:00 · 2024-03-09 07:16:18 +01:00 · 44cfd38263
commit 44cfd38263
parent f407915227 21ebbca2d9
6 changed files with 21 additions and 1 deletions
--- a/DOCUMENTATION.md
+++ b/DOCUMENTATION.md
@ -812,6 +812,12 @@ Default: `owner_only`
 File for the rights backend `from_file`.  See the
 [Rights](#authentication-and-rights) section.

+##### permit_delete_collection
+
+(New since 3.1.9)
+
+Global control of permission to delete complete collection (default: True)
+
 #### storage

 ##### type
--- a/3
+++ b/3
@ -79,6 +79,9 @@
 # File for rights management from_file
 #file = /etc/radicale/rights

+# Permit delete of a collection (global)
+#permit_delete_collection = True
+

 [storage]

--- a/radicale/app/init.py
+++ b/radicale/app/init.py
@ -68,6 +68,7 @@ class Application(ApplicationPartDelete, ApplicationPartHead,
    _max_content_length: int
    _auth_realm: str
    _extra_headers: Mapping[str, str]
+    _permit_delete_collection: bool

    def __init__(self, configuration: config.Configuration) -> None:
        """Initialize Application.
@ -84,6 +85,8 @@ class Application(ApplicationPartDelete, ApplicationPartHead,
        self._max_content_length = configuration.get(
            "server", "max_content_length")
        self._auth_realm = configuration.get("auth", "realm")
+        self._permit_delete_collection = configuration.get("rights", "permit_delete_collection")
+        logger.info("permit delete of collection: %s", self._permit_delete_collection)
        self._extra_headers = dict()
        for key in self.configuration.options("headers"):
            self._extra_headers[key] = configuration.get("headers", key)
--- a/radicale/app/base.py
+++ b/radicale/app/base.py
@ -38,6 +38,7 @@ class ApplicationBase:
    _rights: rights.BaseRights
    _web: web.BaseWeb
    _encoding: str
+    _permit_delete_collection: bool

    def __init__(self, configuration: config.Configuration) -> None:
        self.configuration = configuration
--- a/radicale/app/delete.py
+++ b/radicale/app/delete.py
@ -68,7 +68,10 @@ class ApplicationPartDelete(ApplicationBase):
                # ETag precondition not verified, do not delete item
                return httputils.PRECONDITION_FAILED
            if isinstance(item, storage.BaseCollection):
-                xml_answer = xml_delete(base_prefix, path, item)
+                if self._permit_delete_collection:
+                    xml_answer = xml_delete(base_prefix, path, item)
+                else:
+                    return httputils.NOT_ALLOWED
            else:
                assert item.collection is not None
                assert item.href is not None
--- a/radicale/config.py
+++ b/radicale/config.py
@ -184,6 +184,10 @@ DEFAULT_CONFIG_SCHEMA: types.CONFIG_SCHEMA = OrderedDict([
            "help": "rights backend",
            "type": str_or_callable,
            "internal": rights.INTERNAL_TYPES}),
+        ("permit_delete_collection", {
+            "value": "True",
+            "help": "permit delete of a collection",
+            "type": bool}),
        ("file", {
            "value": "/etc/radicale/rights",
            "help": "file for rights management from_file",