oss/Radicale
oss/Radicale
1
0
Fork 0
mirror of https://github.com/Kozea/Radicale.git synced 2025-06-26 16:45:52 +00:00
Code Wiki Activity
765 commits 5 branches 81 tags 7.4 MiB
Commit graph

16 commits

Author SHA1 Message Date
Guillaume Ayoub
b484d42547 Merge pull request #335 from Kozea/permissions 
Use the first matching section for getting rights
 2015-12-31 11:30:29 +01:00
Unrud
4bfe7c9f79 Prevent "regex injection" 
If an attacker is able to authenticate with a user name like .* he can bypass limitations imposed by "owner_write" and "owner_only".
 2015-12-23 07:05:20 +01:00
Guillaume Ayoub
e807c3d35b Use the first matching section for getting rights 2015-12-03 15:22:12 +01:00
Guillaume Ayoub
e69bec1272 Don't rely on case-sensitive imports, fix #282 
We should burn PEP 235, bicameral scripts, encodings, Python2/3 compatibility,
Windows, MacOS X, filenames, unicode (including composite characters), and the
whole world. And LF/CR too, of course.

Let's recreate a language relying on only two characters. Anyone interested?
 2015-04-29 18:55:56 +02:00
Guillaume Ayoub
2b4485f6ae Allow requests on root folder for authenticated users 2014-08-07 15:06:48 +02:00
Guillaume Ayoub
6021f16866 Fix owner_* methods (fix #151) 2014-05-06 15:15:58 +02:00
Guillaume Ayoub
1ab07d84e6 Add some documentation about the "user" key in the "regex" rights module 2014-04-16 18:56:57 +02:00
Guillaume Ayoub
799dbfe612 Fix "authenticated" method 2014-04-16 17:05:20 +02:00
Guillaume Ayoub
3e893a3420 Merge pull request #142 from mike-perdide/authenticated_feature 
Adding a new "authenticated" ACL type.
 2014-04-15 16:48:19 +02:00
Julien Miotte
aabebb5578 Adding a new "authenticated" ACL type. 
When set, all authenticated users will have rw permissions on all
collections, but no anonymous user will be able to read or write any
collection.
 2014-04-09 00:02:39 +02:00
Julien Miotte
963e21212b Renaming the regex.py methods args for coherence. 2014-04-09 00:02:09 +02:00
Julien Miotte
6677dbcdc9 Moving the debug log at the proper place. 
If we don't do this, we might get the following in the logs:

  2014-04-08 20:00:59,354 - DEBUG: Section 'r' matches
  2014-04-08 20:00:59,354 - DEBUG: Section 'r' does not match

which is a bit confusing.
 2014-04-09 00:02:03 +02:00
Sergey Fursov
dca10fa14e Different rights management backends 
Initially only one backend - regular expressions based
 2013-12-25 03:44:24 +04:00
Guillaume Ayoub
586773148e Use a more simple rights manager 2013-08-14 10:50:59 +02:00
Guillaume Ayoub
faa331ccc3 Change a couple of things in regex-based rights manager 2013-07-23 18:05:22 +02:00
mail@sweil.de
eed0f74fad New rights management method: regex 
user and collection are matched against regular expression to determine read/write access
 2013-07-19 15:16:36 +02:00