[Calypso] calypso with davdroid: in the direction of principals
Jelmer Vernooij
jelmer at samba.org
Mon Apr 14 18:01:37 PDT 2014
On Fri, Apr 04, 2014 at 03:03:25PM +0200, chrysn wrote:
> On Sat, Mar 08, 2014 at 06:03:02PM +0000, Jelmer Vernooij wrote:
> > Rather than adding labels, couldn't we just add a setting for the
> > principal with substition for the username? E.g.:
> >
> > [server]
> > principal = /+{USER}
> >
> > That seems much simpler.
>
> that approach was clearly not intended for production, but was the
> quickest i could sketch up.
>
> i've built on your patch, and started providing a proper resource for
> principal, calendar and addressbook home set.
>
> On Mon, Mar 31, 2014 at 09:19:16AM +0200, Guido Günther wrote:
> > We already assume that the first part of the path is the owner for
> > permision checks (see url_to_owner and acl/httpasswd). Shouldn't we just
> > set the current-user-principal to the first path component as well?
>
> i'd like to think of the principal as distinct from the "folder" where a
> user's collections reside in -- it can be implemented in the same
> resource, but does not need to.
>
> according to personal url preferences, you can set user_principal to
> "/%(user)s/" or "/+%(user)s/" or "/principals/%(user)s/". (name clashes
> might be an issue if you name your address book like the addressbook
> home set, but yeah.
>
> > We could then use this to query home-collection like:
> >
> > ~/.config/calypso/calendars/
> > `- princ1/
> > `- collection1
> > `- collection2
> > `- princ2/
> > `- collectionfoo
> > `- collectionbar
> >
> > by simply retrurning all git repositories below princ1/ as
> > home-collections for each user.
>
> the current implementation tries to build a collection from all
> non-hidden directories under the storage folder, and lists them in the
> home sets depending on permissions and their type.
>
>
> the patch set i'm suggesting is quite comprehensive. apart from the
> previously suggested patches (some of which i've built upon, otherwise
> i'd have started from master), [1] changes:
>
> * support the address-data report entry
>
> * new classes that represent non-collection resources (principals and
> home sets)
>
> in the final version, they are passed to the xmlutils.propfind method
> in parallel with `collection`; however, they implement their propfind
> methods themselves. (the big switch list with attributes became a
> hassle with the increasing number of isinstance() checks for that).
>
> (this creates compatibility with clients that only do
> auto-configuration like DavDroid, and makes configuration easier with
> many others).
>
> * collection enumeration by walking the storage folder
>
> * explicit per-resource configuration in .calypso-collection
>
> this was started by jelmer with inspecting the .git/description
> contents, but didn't go far enough -- for one, that does not work when
> the git repository is rooted higher up in the hierarchy, and then, it
> won't allow finer control of permissions, which is implemented now
> too. (a collection can be set personal or public, and if it's
> personal, additional users can be granted access to it).
>
> explicit configuration also declares now as which type of collection
> (address book or calendar) a collection is published. the old way of
> just publishing both the address book and the calendar attributes fail
> with clients like acal (which previously treated all calypso
> repositories as address books).
>
> a fallback is in place for existing repositories that determines the
> type of a collection based on its contents.
>
> * bugfixes
>
> some code gets moved through the patches, so i tried to structure it
> with relatively small commits.
>
>
> please try out my integration branch at [1], which contains all other
> patches sent by jelmer and guido in the last weeks, with your own setup;
> it works for me and i'm confident it will work for you, but software is
> prone to bugs, so let's better check twice.
>
> keith, if no negative responses come back, please consider merging these
> patches.
>
I can confirm that this works with DAVDroid. I needed the attached
patch though, since I'm using fake ACLs.
There are some other rough edges (not introduced by this patch). For
example, I have a couple of invalid vcards (no FN) that cause
tracebacks from calypso and then empty files in the repository.
Cheers,
Jelmer
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Accept-keyword-arguments-in-crypto.acl.fake.patch
Type: text/x-diff
Size: 632 bytes
Desc: not available
URL: </pipermail/calypso/attachments/20140415/1c36f5ad/attachment.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: </pipermail/calypso/attachments/20140415/1c36f5ad/attachment.sig>
More information about the Calypso
mailing list