Separation of authentication and authorization. Separation of read and write authorization.

Static test strategies for authentication. Barely tested. Use at your own risk!
2025-07-02 16:58:30 +00:00 · 2012-08-03 13:10:20 +02:00 · 2012-08-03 13:10:20 +02:00 · e40e68b528
commit e40e68b528
parent 83baebd750
14 changed files with 478 additions and 132 deletions
--- a/radicale/acl/LDAP.py
+++ b/radicale/acl/LDAP.py
@ -38,14 +38,10 @@ PASSWORD = config.get("acl", "ldap_password")
 SCOPE = getattr(ldap, "SCOPE_%s" % config.get("acl", "ldap_scope").upper())


-def has_right(owner, user, password):
+def is_authenticated(user, password):
    """Check if ``user``/``password`` couple is valid."""
    global CONNEXION

-    if not user or (owner not in acl.PRIVATE_USERS and user != owner):
-        # No user given, or owner is not private and is not user, forbidden
-        return False
-
    try:
        CONNEXION.whoami_s()
    except: