oss/Radicale
oss/Radicale
1
0
Fork 0
mirror of https://github.com/Kozea/Radicale.git synced 2025-07-02 16:58:30 +00:00
Code Wiki Activity
1320 commits 5 branches 81 tags 7.5 MiB
Commit graph

30 commits

Author SHA1 Message Date
Guillaume Ayoub
3e0c8cf285 Update copyright years 2017-05-27 17:28:07 +02:00
Guillaume Ayoub
b47505d5bd Don't set rights management when no authentication is set 2017-03-04 14:15:46 +01:00
Unrud
9e27d4e2a8 Emulate fullmatch with match 
re.fullmatch was introduced in Python 3.4
 2016-09-02 15:06:32 +02:00
Unrud
e2b87d145f Cosmetics: Don't use % for logging 2016-08-10 23:43:32 +02:00
Guillaume Ayoub
8ac3ce1a89 Clean many, many things 2016-08-05 02:14:49 +02:00
Unrud
066b5994d1 Improve rights checking and request handlers 
* Access rights are checked before the storage is locked and
    collections are loaded.
  * DELETE sends 410 instead of doing nothing or crashing if the target
    doesn't exist.
  * GET always returns 404 if the target doesn't exist.
  * GET doesn't crash if a collection without tag property is requested.
  * MKCOL and MKCALENDAR send 409 if the target already exists.
  * MOVE checks if the target collection of an item actually exists and
    sends 409 otherwise.
  * PUT doesn't crash if a whole collection that doesn't exist yet is
    uploaded and ``content-type`` is ``text/vcard`` or
    ``text/calendar``.
  * PUT distinguishes between simple items and whole collections by the
    following criteria: Target is a collection; Parent exists; Parent
    has the tag property set; Parent contains other items. Before only
    the first two criteria where used, which was very unrelieable. #384
  * PROPPATCH is only allowed on collections and 409 is send otherwise.
  * ``Rights.authorized`` takes a path instead of a collection.
  * ``Collection.discover`` only returns items in ``path``, that
    actually exist. #442
 2016-08-04 06:08:08 +02:00
Guillaume Ayoub
b517818749 Don't reject everybody from "/" with owner_only 
Fix 407.
 2016-08-01 18:59:47 +02:00
Guillaume Ayoub
6bfdcbafec Cosmetics 2016-08-01 12:50:51 +02:00
Guillaume Ayoub
9d3086427d Merge pull request #450 from Unrud/safeusernames 
Prevent unsafe usernames
 2016-08-01 12:14:40 +02:00
Unrud
9dd8c65d65 Always match full username/collection with regex 
It's easy to forget $ at the end of a regex and it's counter-intuitive that ^ is implicit but $ is not.
 2016-08-01 10:07:21 +02:00
Unrud
da1a693620 Prevent unsafe usernames 
If an attacker is able to create an account with a username like "user/calendar.ics", he can access collections of other users.
 2016-08-01 09:10:23 +02:00
Florian Mounier
221379ef85 Sort imports 2016-07-04 14:32:33 +02:00
Markus Unterwaditzer
0de3ad36be Fixes to Rights 
- BaseRights expects the config and logger params
- user may be None, which leads to errors when trying to use it with
  regexes.
 2016-04-22 20:30:40 +02:00
Guillaume Ayoub
2f97d7d1e1 Remove global state about configuration and logs 
Many things have been changed to make this possible, probably leading to
many hidden bugs waiting to be found.

Related to #122.
 2016-04-22 11:37:02 +09:00
Guillaume Ayoub
e586569b31 Fix a lot of details 2016-04-12 18:21:18 +02:00
Guillaume Ayoub
1001bcb676 Remove extra auth, rights and storage modules 2016-04-07 19:02:52 +02:00
Sergey Fursov
dca10fa14e Different rights management backends 
Initially only one backend - regular expressions based
 2013-12-25 03:44:24 +04:00
Guillaume Ayoub
0e566e4c97 Merge branch 'apple' 2013-12-24 11:22:57 +01:00
Guillaume Ayoub
ce8e86af63 Allow read-only access to .well-known/ca(l|rd)av (related to #32) 2013-10-31 13:57:37 +01:00
Guillaume Ayoub
92b3cf41bc Simple try/except import trick 2013-10-29 14:09:46 +01:00
David Aurelio
fb784c28c4 Fix python 3 problem: 'str' does not support the buffer interface 2013-10-27 22:36:56 +01:00
Jean-Marc Martins
e2512b12fb Fixed partially anonymous authentication 2013-09-13 15:05:02 +02:00
Jean-Marc Martins
58faf725b0 Fixed authentication for anonymous users 2013-09-12 17:39:20 +02:00
Guillaume Ayoub
43785e48a9 Get configuration keys at runtime, not when module is imported (fixes #64) 2013-09-12 13:48:49 +02:00
Ossi Salmi
8c3cf6bccd Fix built-in owner_only right 2013-08-28 00:56:45 +03:00
Guillaume Ayoub
c0c652b3f8 Add documentation and example for rights management 2013-08-27 11:05:54 +02:00
Guillaume Ayoub
07a9ce8296 Fix owner_* rights with python2 (fix #49) 2013-08-21 06:58:30 +02:00
Guillaume Ayoub
f7f26afd6b Fix rights type "None" 2013-08-14 11:58:08 +02:00
Guillaume Ayoub
d1379e349a Don't check the file twice for rights 2013-08-14 10:52:50 +02:00
Guillaume Ayoub
586773148e Use a more simple rights manager 2013-08-14 10:50:59 +02:00
Renamed from radicale/rights/regex.py (Browse further)