Separation of authentication and authorization. Separation of read and write authorization.

Static test strategies for authentication. Barely tested. Use at your own risk!
2025-08-10 18:40:53 +00:00 · 2012-08-03 13:10:20 +02:00 · 2012-08-03 13:10:20 +02:00 · e40e68b528
commit e40e68b528
parent 83baebd750
14 changed files with 478 additions and 132 deletions
--- a/radicale/acl/IMAP.py
+++ b/radicale/acl/IMAP.py
@ -38,11 +38,8 @@ IMAP_SERVER = config.get("acl", "imap_auth_host_name")
 IMAP_SERVER_PORT = config.get("acl", "imap_auth_host_port")


-def has_right(owner, user, password):
+def is_authenticated(user, password):
    """Check if ``user``/``password`` couple is valid."""
-    if not user or (owner not in acl.PRIVATE_USERS and user != owner):
-        # No user given, or owner is not private and is not user, forbidden
-        return False

    log.LOGGER.debug(
        "[IMAP ACL] Connecting to %s:%s." % (IMAP_SERVER, IMAP_SERVER_PORT,))