summaryrefslogtreecommitdiffstats
path: root/pykolab
diff options
context:
space:
mode:
authorAleksander Machniak <machniak@kolabsys.com>2016-05-04 16:25:08 +0200
committerJeroen van Meeuwen (Kolab Systems) <vanmeeuwen@kolabsys.com>2016-05-04 16:25:08 +0200
commit3f91c239ffae22cf00eb1f9d148e8c73c0279ecf (patch)
tree49b07c510030dda77f4134257b0efedc211a72fd /pykolab
parenta5f4438d6383ac3e7377543fbb3903a340945ce0 (diff)
downloadpykolab-3f91c239ffae22cf00eb1f9d148e8c73c0279ecf.tar.gz
Fix removing shared folder ACL entries (#5002)
Summary: With small refactoring and cleanup. Note: This will remove IMAP ACL entries that do not exist in LDAP. Reviewers: #pykolab_developers, vanmeeuwen Reviewed By: #pykolab_developers, vanmeeuwen Differential Revision: https://git.kolab.org/D145
Diffstat (limited to 'pykolab')
-rw-r--r--pykolab/auth/ldap/__init__.py149
-rw-r--r--pykolab/imap/__init__.py44
2 files changed, 79 insertions, 114 deletions
diff --git a/pykolab/auth/ldap/__init__.py b/pykolab/auth/ldap/__init__.py
index f9e27ff..ac9dfe9 100644
--- a/pykolab/auth/ldap/__init__.py
+++ b/pykolab/auth/ldap/__init__.py
@@ -1317,44 +1317,8 @@ class LDAP(pykolab.base.Base):
folderacl_entry_attribute
)
- if not entry[folderacl_entry_attribute] == None:
- # Parse it before assigning it
- entry['kolabfolderaclentry'] = []
- if not isinstance(entry[folderacl_entry_attribute], list):
- entry[folderacl_entry_attribute] = [ entry[folderacl_entry_attribute] ]
-
- for acl_entry in entry[folderacl_entry_attribute]:
- acl_access = acl_entry.split()[-1]
-
- if len(acl_entry.split(', ')) > 1:
- aci_subject = ', '.join(acl_entry.split(', ')[:-1])
- else:
- aci_subject = acl_entry.split()[0]
-
- log.debug(_("Found a subject %r with access %r") % (aci_subject, acl_access), level=8)
-
- access_lookup_dict = {
- 'all': 'lrsedntxakcpiw',
- 'append': 'wip',
- 'full': 'lrswipkxtecdn',
- 'read': 'lrs',
- 'read-only': 'lrs',
- 'read-write': 'lrswitedn',
- 'post': 'p',
- 'semi-full': 'lrswit',
- 'write': 'lrswite',
- }
-
- if access_lookup_dict.has_key(acl_access):
- acl_access = access_lookup_dict[acl_access]
-
- log.debug(_("Found a subject %r with access %r") % (aci_subject, acl_access), level=8)
-
- entry['kolabfolderaclentry'].append("(%r, %r, %r)" % (folder_path, aci_subject, acl_access))
-
if not self.imap.shared_folder_exists(folder_path):
self.imap.shared_folder_create(folder_path, server)
- self.imap.set_acl(folder_path, 'anyone', '')
if entry.has_key('kolabfoldertype') and \
not entry['kolabfoldertype'] == None:
@@ -1364,12 +1328,11 @@ class LDAP(pykolab.base.Base):
entry['kolabfoldertype']
)
- if entry.has_key('kolabfolderaclentry') and \
- not entry['kolabfolderaclentry'] == None:
+ entry['kolabfolderaclentry'] = self._parse_acl(entry[folderacl_entry_attribute])
- self.imap._set_kolab_mailfolder_acls(
- entry['kolabfolderaclentry']
- )
+ self.imap._set_kolab_mailfolder_acls(
+ entry['kolabfolderaclentry'], folder_path
+ )
if entry.has_key(delivery_address_attribute) and \
not entry[delivery_address_attribute] == None:
@@ -1714,44 +1677,8 @@ class LDAP(pykolab.base.Base):
folderacl_entry_attribute
)
- if not entry[folderacl_entry_attribute] == None:
- # Parse it before assigning it
- entry['kolabfolderaclentry'] = []
- if not isinstance(entry[folderacl_entry_attribute], list):
- entry[folderacl_entry_attribute] = [ entry[folderacl_entry_attribute] ]
-
- for acl_entry in entry[folderacl_entry_attribute]:
- acl_access = acl_entry.split()[-1]
-
- if len(acl_entry.split(', ')) > 1:
- aci_subject = ', '.join(acl_entry.split(', ')[:-1])
- else:
- aci_subject = acl_entry.split()[0]
-
- log.debug(_("Found a subject %r with access %r") % (aci_subject, acl_access), level=8)
-
- access_lookup_dict = {
- 'all': 'lrsedntxakcpiw',
- 'append': 'wip',
- 'full': 'lrswipkxtecdn',
- 'read': 'lrs',
- 'read-only': 'lrs',
- 'read-write': 'lrswitedn',
- 'post': 'p',
- 'semi-full': 'lrswit',
- 'write': 'lrswite',
- }
-
- if access_lookup_dict.has_key(acl_access):
- acl_access = access_lookup_dict[acl_access]
-
- log.debug(_("Found a subject %r with access %r") % (aci_subject, acl_access), level=8)
-
- entry['kolabfolderaclentry'].append("(%r, %r, %r)" % (folder_path, aci_subject, acl_access))
-
if not self.imap.shared_folder_exists(folder_path):
self.imap.shared_folder_create(folder_path, server)
- self.imap.set_acl(folder_path, 'anyone', '')
if entry.has_key('kolabfoldertype') and \
not entry['kolabfoldertype'] == None:
@@ -1761,12 +1688,11 @@ class LDAP(pykolab.base.Base):
entry['kolabfoldertype']
)
- if entry.has_key('kolabfolderaclentry') and \
- not entry['kolabfolderaclentry'] == None:
+ entry['kolabfolderaclentry'] = self._parse_acl(entry[folderacl_entry_attribute])
- self.imap._set_kolab_mailfolder_acls(
- entry['kolabfolderaclentry']
- )
+ self.imap._set_kolab_mailfolder_acls(
+ entry['kolabfolderaclentry'], folder_path, True
+ )
if entry.has_key(delivery_address_attribute) and \
not entry[delivery_address_attribute] == None:
@@ -1944,33 +1870,11 @@ class LDAP(pykolab.base.Base):
entry['kolabfoldertype']
)
- if entry.has_key('kolabfolderaclentry') and \
- not entry['kolabfolderaclentry'] == None:
-
- if isinstance(entry['kolabfolderaclentry'], basestring):
- entry['kolabfolderaclentry'] = [ entry['kolabfolderaclentry'] ]
-
- import copy
- _acls = copy.deepcopy(entry['kolabfolderaclentry'])
- entry['kolabfolderaclentry'] = []
-
- for _entry in _acls:
- if _entry[0] == "(":
- entry['kolabfolderaclentry'].append(_entry)
- continue
-
- s,r = [x.strip() for x in _entry.split(',')]
+ entry['kolabfolderaclentry'] = self._parse_acl(entry['kolabfolderaclentry'])
- entry['kolabfolderaclentry'].append("('%s', '%s', '%s')" % (folder_path, s, r))
-
- self.imap._set_kolab_mailfolder_acls(
- entry['kolabfolderaclentry']
- )
-
- elif entry['kolabfolderaclentry'] in [None,[]]:
- for ace in self.imap.list_acls(folder_path):
- aci_subject = ace.split()[0]
- self.imap.set_acl(folder_path, aci_subject, '')
+ self.imap._set_kolab_mailfolder_acls(
+ entry['kolabfolderaclentry'], folder_path, True
+ )
delivery_address_attribute = self.config_get('sharedfolder_delivery_address_attribute')
if entry.has_key(delivery_address_attribute) and \
@@ -2934,3 +2838,32 @@ class LDAP(pykolab.base.Base):
continue
return _results
+
+ def _parse_acl(self, acl):
+ """
+ Parse LDAP ACL specification for use in IMAP
+ """
+
+ results = []
+
+ if acl is not None:
+ if not isinstance(acl, list):
+ acl = [ acl ]
+
+ for acl_entry in acl:
+ # entry already converted to IMAP format?
+ if acl_entry[0] == "(":
+ results.append(acl_entry)
+ continue
+
+ acl_access = acl_entry.split()[-1]
+ acl_subject = acl_entry.split(', ')
+
+ if len(acl_subject) > 1:
+ acl_subject = ', '.join(acl_subject[:-1])
+ else:
+ acl_subject = acl_entry.split()[0]
+
+ results.append("(%r, %r)" % (acl_subject, acl_access))
+
+ return results
diff --git a/pykolab/imap/__init__.py b/pykolab/imap/__init__.py
index 545e6d7..7ad25e8 100644
--- a/pykolab/imap/__init__.py
+++ b/pykolab/imap/__init__.py
@@ -816,20 +816,43 @@ class IMAP(object):
else:
return False
- def _set_kolab_mailfolder_acls(self, acls):
+ def _set_kolab_mailfolder_acls(self, acls, folder=None, update=False):
+ # special case, folder has no ACLs assigned and update was requested,
+ # remove all existing ACL entries
+ if update is True and isinstance(acls, list) and len(acls) == 0:
+ acls = self.list_acls(folder)
+ for subject in acls:
+ log.debug(
+ _("Removing ACL rights %s for subject %s on folder " + \
+ "%s") % (acls[subject], subject, folder), level=8)
+ self.set_acl(folder, subject, '')
+
+ return
+
if isinstance(acls, basestring):
acls = [ acls ]
+ old_acls = None
+
for acl in acls:
exec("acl = %s" % (acl))
- folder = acl[0]
- subject = acl[1]
- rights = acl[2]
- if len(acl) == 4:
- epoch = acl[3]
+ subject = acl[0]
+ rights = acl[1]
+ if len(acl) == 3:
+ epoch = acl[2]
else:
epoch = (int)(time.time()) + 3600
+ # update mode, check existing entries
+ if update is True:
+ if old_acls is None:
+ old_acls = self.list_acls(folder)
+ for old_subject in old_acls:
+ old_acls[old_subject] = old_acls[old_subject]
+
+ if subject in old_acls:
+ old_acls[subject] = None
+
if epoch > (int)(time.time()):
log.debug(
_("Setting ACL rights %s for subject %s on folder " + \
@@ -852,6 +875,15 @@ class IMAP(object):
""
)
+ # update mode, unset removed ACL entries
+ if old_acls is not None:
+ for subject in old_acls:
+ if old_acls[subject] is not None:
+ log.debug(
+ _("Removing ACL rights %s for subject %s on folder " + \
+ "%s") % (old_acls[subject], subject, folder), level=8)
+ self.set_acl(folder, subject, '')
+
pass
""" Blah functions """