diff --git a/pykolab/auth/ldap/__init__.py b/pykolab/auth/ldap/__init__.py --- a/pykolab/auth/ldap/__init__.py +++ b/pykolab/auth/ldap/__init__.py @@ -1317,44 +1317,8 @@ folderacl_entry_attribute ) - if not entry[folderacl_entry_attribute] == None: - # Parse it before assigning it - entry['kolabfolderaclentry'] = [] - if not isinstance(entry[folderacl_entry_attribute], list): - entry[folderacl_entry_attribute] = [ entry[folderacl_entry_attribute] ] - - for acl_entry in entry[folderacl_entry_attribute]: - acl_access = acl_entry.split()[-1] - - if len(acl_entry.split(', ')) > 1: - aci_subject = ', '.join(acl_entry.split(', ')[:-1]) - else: - aci_subject = acl_entry.split()[0] - - log.debug(_("Found a subject %r with access %r") % (aci_subject, acl_access), level=8) - - access_lookup_dict = { - 'all': 'lrsedntxakcpiw', - 'append': 'wip', - 'full': 'lrswipkxtecdn', - 'read': 'lrs', - 'read-only': 'lrs', - 'read-write': 'lrswitedn', - 'post': 'p', - 'semi-full': 'lrswit', - 'write': 'lrswite', - } - - if access_lookup_dict.has_key(acl_access): - acl_access = access_lookup_dict[acl_access] - - log.debug(_("Found a subject %r with access %r") % (aci_subject, acl_access), level=8) - - entry['kolabfolderaclentry'].append("(%r, %r, %r)" % (folder_path, aci_subject, acl_access)) - if not self.imap.shared_folder_exists(folder_path): self.imap.shared_folder_create(folder_path, server) - self.imap.set_acl(folder_path, 'anyone', '') if entry.has_key('kolabfoldertype') and \ not entry['kolabfoldertype'] == None: @@ -1364,12 +1328,11 @@ entry['kolabfoldertype'] ) - if entry.has_key('kolabfolderaclentry') and \ - not entry['kolabfolderaclentry'] == None: + entry['kolabfolderaclentry'] = self._parse_acl(entry[folderacl_entry_attribute]) - self.imap._set_kolab_mailfolder_acls( - entry['kolabfolderaclentry'] - ) + self.imap._set_kolab_mailfolder_acls( + entry['kolabfolderaclentry'], folder_path + ) if entry.has_key(delivery_address_attribute) and \ not entry[delivery_address_attribute] == None: @@ -1714,44 +1677,8 @@ folderacl_entry_attribute ) - if not entry[folderacl_entry_attribute] == None: - # Parse it before assigning it - entry['kolabfolderaclentry'] = [] - if not isinstance(entry[folderacl_entry_attribute], list): - entry[folderacl_entry_attribute] = [ entry[folderacl_entry_attribute] ] - - for acl_entry in entry[folderacl_entry_attribute]: - acl_access = acl_entry.split()[-1] - - if len(acl_entry.split(', ')) > 1: - aci_subject = ', '.join(acl_entry.split(', ')[:-1]) - else: - aci_subject = acl_entry.split()[0] - - log.debug(_("Found a subject %r with access %r") % (aci_subject, acl_access), level=8) - - access_lookup_dict = { - 'all': 'lrsedntxakcpiw', - 'append': 'wip', - 'full': 'lrswipkxtecdn', - 'read': 'lrs', - 'read-only': 'lrs', - 'read-write': 'lrswitedn', - 'post': 'p', - 'semi-full': 'lrswit', - 'write': 'lrswite', - } - - if access_lookup_dict.has_key(acl_access): - acl_access = access_lookup_dict[acl_access] - - log.debug(_("Found a subject %r with access %r") % (aci_subject, acl_access), level=8) - - entry['kolabfolderaclentry'].append("(%r, %r, %r)" % (folder_path, aci_subject, acl_access)) - if not self.imap.shared_folder_exists(folder_path): self.imap.shared_folder_create(folder_path, server) - self.imap.set_acl(folder_path, 'anyone', '') if entry.has_key('kolabfoldertype') and \ not entry['kolabfoldertype'] == None: @@ -1761,12 +1688,11 @@ entry['kolabfoldertype'] ) - if entry.has_key('kolabfolderaclentry') and \ - not entry['kolabfolderaclentry'] == None: + entry['kolabfolderaclentry'] = self._parse_acl(entry[folderacl_entry_attribute]) - self.imap._set_kolab_mailfolder_acls( - entry['kolabfolderaclentry'] - ) + self.imap._set_kolab_mailfolder_acls( + entry['kolabfolderaclentry'], folder_path, True + ) if entry.has_key(delivery_address_attribute) and \ not entry[delivery_address_attribute] == None: @@ -1944,33 +1870,11 @@ entry['kolabfoldertype'] ) - if entry.has_key('kolabfolderaclentry') and \ - not entry['kolabfolderaclentry'] == None: - - if isinstance(entry['kolabfolderaclentry'], basestring): - entry['kolabfolderaclentry'] = [ entry['kolabfolderaclentry'] ] - - import copy - _acls = copy.deepcopy(entry['kolabfolderaclentry']) - entry['kolabfolderaclentry'] = [] - - for _entry in _acls: - if _entry[0] == "(": - entry['kolabfolderaclentry'].append(_entry) - continue - - s,r = [x.strip() for x in _entry.split(',')] + entry['kolabfolderaclentry'] = self._parse_acl(entry['kolabfolderaclentry']) - entry['kolabfolderaclentry'].append("('%s', '%s', '%s')" % (folder_path, s, r)) - - self.imap._set_kolab_mailfolder_acls( - entry['kolabfolderaclentry'] - ) - - elif entry['kolabfolderaclentry'] in [None,[]]: - for ace in self.imap.list_acls(folder_path): - aci_subject = ace.split()[0] - self.imap.set_acl(folder_path, aci_subject, '') + self.imap._set_kolab_mailfolder_acls( + entry['kolabfolderaclentry'], folder_path, True + ) delivery_address_attribute = self.config_get('sharedfolder_delivery_address_attribute') if entry.has_key(delivery_address_attribute) and \ @@ -2934,3 +2838,32 @@ continue return _results + + def _parse_acl(self, acl): + """ + Parse LDAP ACL specification for use in IMAP + """ + + results = [] + + if acl is not None: + if not isinstance(acl, list): + acl = [ acl ] + + for acl_entry in acl: + # entry already converted to IMAP format? + if acl_entry[0] == "(": + results.append(acl_entry) + continue + + acl_access = acl_entry.split()[-1] + acl_subject = acl_entry.split(', ') + + if len(acl_subject) > 1: + acl_subject = ', '.join(acl_subject[:-1]) + else: + acl_subject = acl_entry.split()[0] + + results.append("(%r, %r)" % (acl_subject, acl_access)) + + return results diff --git a/pykolab/imap/__init__.py b/pykolab/imap/__init__.py --- a/pykolab/imap/__init__.py +++ b/pykolab/imap/__init__.py @@ -816,20 +816,43 @@ else: return False - def _set_kolab_mailfolder_acls(self, acls): + def _set_kolab_mailfolder_acls(self, acls, folder=None, update=False): + # special case, folder has no ACLs assigned and update was requested, + # remove all existing ACL entries + if update is True and isinstance(acls, list) and len(acls) == 0: + acls = self.list_acls(folder) + for subject in acls: + log.debug( + _("Removing ACL rights %s for subject %s on folder " + \ + "%s") % (acls[subject], subject, folder), level=8) + self.set_acl(folder, subject, '') + + return + if isinstance(acls, basestring): acls = [ acls ] + old_acls = None + for acl in acls: exec("acl = %s" % (acl)) - folder = acl[0] - subject = acl[1] - rights = acl[2] - if len(acl) == 4: - epoch = acl[3] + subject = acl[0] + rights = acl[1] + if len(acl) == 3: + epoch = acl[2] else: epoch = (int)(time.time()) + 3600 + # update mode, check existing entries + if update is True: + if old_acls is None: + old_acls = self.list_acls(folder) + for old_subject in old_acls: + old_acls[old_subject] = old_acls[old_subject] + + if subject in old_acls: + old_acls[subject] = None + if epoch > (int)(time.time()): log.debug( _("Setting ACL rights %s for subject %s on folder " + \ @@ -852,6 +875,15 @@ "" ) + # update mode, unset removed ACL entries + if old_acls is not None: + for subject in old_acls: + if old_acls[subject] is not None: + log.debug( + _("Removing ACL rights %s for subject %s on folder " + \ + "%s") % (old_acls[subject], subject, folder), level=8) + self.set_acl(folder, subject, '') + pass """ Blah functions """