[FIX]Radicale Odoo Right : we must take care of authenticated users alongside paths

2018-05-16 09:43:14 +02:00 · 2018-05-16 09:43:14 +02:00 · 274bc29313
commit 274bc29313
parent 258ccac379
1 changed files with 8 additions and 3 deletions
--- a/radicale_odoo_right/init.py
+++ b/radicale_odoo_right/init.py
@ -25,7 +25,12 @@ class Rights(BaseRights):
    """ BaseRights implementation for Odoo Radicale """

    def authorized(self, user, path, permission):
-        return permission == 'r'
-
-    def authorized_item(self, user, path, permission):
+        """ Authorized only readonly for authenticated users on their path """
+        if not user:
+            return False
+        if path == '/':
+            return True
+        path = path.strip('/').split('/')
+        if user != path[0]:
+            return False
        return permission == 'r'