From 274bc29313215d8d200aa61037d7406c44230724 Mon Sep 17 00:00:00 2001
From: Fabien BOURGEOIS <fabien@yaltik.com>
Date: Wed, 16 May 2018 09:43:14 +0200
Subject: [PATCH] [FIX]Radicale Odoo Right : we must take care of authenticated
 users alongside paths

---
 radicale_odoo_right/__init__.py | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/radicale_odoo_right/__init__.py b/radicale_odoo_right/__init__.py
index 773a10c..5040386 100644
--- a/radicale_odoo_right/__init__.py
+++ b/radicale_odoo_right/__init__.py
@@ -25,7 +25,12 @@ class Rights(BaseRights):
     """ BaseRights implementation for Odoo Radicale """
 
     def authorized(self, user, path, permission):
-        return permission == 'r'
-
-    def authorized_item(self, user, path, permission):
+        """ Authorized only readonly for authenticated users on their path """
+        if not user:
+            return False
+        if path == '/':
+            return True
+        path = path.strip('/').split('/')
+        if user != path[0]:
+            return False
         return permission == 'r'