[Calypso] [PATCH 2/3] Add nopwd ACL

[Guido Günther]

This acl only verifies that the passed in username matches the
collection owner. No password is verified.

This can e.g. be used for GSSAPI authenticaation or HTTP header based
authentication after a authenticating reverse proxy.
---
 calypso/acl/nopwd.py | 37 +++++++++++++++++++++++++++++++++++++
 1 file changed, 37 insertions(+)
 create mode 100644 calypso/acl/nopwd.py

diff --git a/calypso/acl/nopwd.py b/calypso/acl/nopwd.py
new file mode 100644
index 0000000..4ef84ba
--- /dev/null
+++ b/calypso/acl/nopwd.py
@@ -0,0 +1,37 @@
+# -*- coding: utf-8 -*-
+#
+# This file is part of Calypso Server - Calendar Server
+# Copyright © 2016 Guido Günther <agx at sigxcpu.org>
+#
+# This library is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Calypso.  If not, see <http://www.gnu.org/licenses/>.
+
+"""
+nopwd ACL.
+
+only verify the user has access, ignore password
+"""
+import logging
+from calypso import config
+
+log = logging.getLogger()
+
+
+def has_right(owner, user, password):
+    """Check if ``user`` is valid."""
+    log.debug("owner %s user %s", owner, user)
+    if user == owner or not PERSONAL:
+        return True
+    return False
+
+PERSONAL = config.getboolean("acl", "personal")
-- 
2.8.0.rc3