From 53bc6167d357f55454858ed67f5dda5f22f117d6 Mon Sep 17 00:00:00 2001 From: Peter Bieringer Date: Sun, 29 Sep 2024 19:52:53 +0200 Subject: [PATCH] add support for dedicated forbid/permit permission --- radicale/app/delete.py | 26 +++++++++++++++----------- 1 file changed, 15 insertions(+), 11 deletions(-) diff --git a/radicale/app/delete.py b/radicale/app/delete.py index 9c595da6..ee7550ff 100644 --- a/radicale/app/delete.py +++ b/radicale/app/delete.py @@ -73,18 +73,22 @@ class ApplicationPartDelete(ApplicationBase): hook_notification_item_list = [] if isinstance(item, storage.BaseCollection): if self._permit_delete_collection: - for i in item.get_all(): - hook_notification_item_list.append( - HookNotificationItem( - HookNotificationItemTypes.DELETE, - access.path, - i.uid - ) - ) - xml_answer = xml_delete(base_prefix, path, item) + if access.check("d", item): + logger.info("delete of collection is permitted by config/option [rights] permit_delete_collection but explicit forbidden by permission 'd': %s", path) + return httputils.NOT_ALLOWED else: - logger.info("delete of collection is prevented by config/option [rights] permit_delete_collection: %s", path) - return httputils.NOT_ALLOWED + if not access.check("D", item): + logger.info("delete of collection is prevented by config/option [rights] permit_delete_collection and not explicit allowed by permission 'D': %s", path) + return httputils.NOT_ALLOWED + for i in item.get_all(): + hook_notification_item_list.append( + HookNotificationItem( + HookNotificationItemTypes.DELETE, + access.path, + i.uid + ) + ) + xml_answer = xml_delete(base_prefix, path, item) else: assert item.collection is not None assert item.href is not None