2026-01-09 00:51:25 +01:00
|
|
|
"""
|
|
|
|
|
Declare and configure the signals for the calendars core application
|
|
|
|
|
"""
|
|
|
|
|
|
✨(all) add organizations, resources, channels, and infra migration (#34)
Add multi-tenant organization model populated from OIDC claims with
org-scoped user discovery, CalDAV principal filtering, and cross-org
isolation at the SabreDAV layer.
Add bookable resource principals (rooms, equipment) with CalDAV
auto-scheduling that handles conflict detection, auto-accept/decline,
and org-scoped booking enforcement. Fixes #14.
Replace CalendarSubscriptionToken with a unified Channel model
supporting CalDAV integration tokens and iCal feed URLs, with
encrypted token storage and role-based access control. Fixes #16.
Migrate task queue from Celery to Dramatiq with async ICS import,
progress tracking, and task status polling endpoint.
Replace nginx with Caddy for both the reverse proxy and frontend
static serving. Switch frontend package manager from yarn/pnpm to
npm and upgrade Node to 24, Next.js to 16, TypeScript to 5.9.
Harden security with fail-closed entitlements, RSVP rate limiting
and token expiry, CalDAV proxy path validation blocking internal
API routes, channel path scope enforcement, and ETag-based
conflict prevention.
Add frontend pages for resource management and integration channel
CRUD, with resource booking in the event modal.
Restructure CalDAV paths to /calendars/users/ and
/calendars/resources/ with nested principal collections in SabreDAV.
2026-03-09 09:09:34 +01:00
|
|
|
import json
|
2026-01-09 00:51:25 +01:00
|
|
|
import logging
|
|
|
|
|
|
|
|
|
|
from django.conf import settings
|
|
|
|
|
from django.contrib.auth import get_user_model
|
✨(all) add organizations, resources, channels, and infra migration (#34)
Add multi-tenant organization model populated from OIDC claims with
org-scoped user discovery, CalDAV principal filtering, and cross-org
isolation at the SabreDAV layer.
Add bookable resource principals (rooms, equipment) with CalDAV
auto-scheduling that handles conflict detection, auto-accept/decline,
and org-scoped booking enforcement. Fixes #14.
Replace CalendarSubscriptionToken with a unified Channel model
supporting CalDAV integration tokens and iCal feed URLs, with
encrypted token storage and role-based access control. Fixes #16.
Migrate task queue from Celery to Dramatiq with async ICS import,
progress tracking, and task status polling endpoint.
Replace nginx with Caddy for both the reverse proxy and frontend
static serving. Switch frontend package manager from yarn/pnpm to
npm and upgrade Node to 24, Next.js to 16, TypeScript to 5.9.
Harden security with fail-closed entitlements, RSVP rate limiting
and token expiry, CalDAV proxy path validation blocking internal
API routes, channel path scope enforcement, and ETag-based
conflict prevention.
Add frontend pages for resource management and integration channel
CRUD, with resource booking in the event modal.
Restructure CalDAV paths to /calendars/users/ and
/calendars/resources/ with nested principal collections in SabreDAV.
2026-03-09 09:09:34 +01:00
|
|
|
from django.db import transaction
|
|
|
|
|
from django.db.models.signals import post_save, pre_delete
|
2026-01-09 00:51:25 +01:00
|
|
|
from django.dispatch import receiver
|
|
|
|
|
|
2026-03-06 02:47:03 +01:00
|
|
|
from core.entitlements import EntitlementsUnavailableError, get_user_entitlements
|
✨(all) add organizations, resources, channels, and infra migration (#34)
Add multi-tenant organization model populated from OIDC claims with
org-scoped user discovery, CalDAV principal filtering, and cross-org
isolation at the SabreDAV layer.
Add bookable resource principals (rooms, equipment) with CalDAV
auto-scheduling that handles conflict detection, auto-accept/decline,
and org-scoped booking enforcement. Fixes #14.
Replace CalendarSubscriptionToken with a unified Channel model
supporting CalDAV integration tokens and iCal feed URLs, with
encrypted token storage and role-based access control. Fixes #16.
Migrate task queue from Celery to Dramatiq with async ICS import,
progress tracking, and task status polling endpoint.
Replace nginx with Caddy for both the reverse proxy and frontend
static serving. Switch frontend package manager from yarn/pnpm to
npm and upgrade Node to 24, Next.js to 16, TypeScript to 5.9.
Harden security with fail-closed entitlements, RSVP rate limiting
and token expiry, CalDAV proxy path validation blocking internal
API routes, channel path scope enforcement, and ETag-based
conflict prevention.
Add frontend pages for resource management and integration channel
CRUD, with resource booking in the event modal.
Restructure CalDAV paths to /calendars/users/ and
/calendars/resources/ with nested principal collections in SabreDAV.
2026-03-09 09:09:34 +01:00
|
|
|
from core.services.caldav_service import CalDAVHTTPClient, CalendarService
|
2026-01-09 00:51:25 +01:00
|
|
|
|
|
|
|
|
logger = logging.getLogger(__name__)
|
|
|
|
|
User = get_user_model()
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@receiver(post_save, sender=User)
|
2026-02-09 18:43:49 +01:00
|
|
|
def provision_default_calendar(sender, instance, created, **kwargs): # pylint: disable=unused-argument
|
2026-01-09 00:51:25 +01:00
|
|
|
"""
|
|
|
|
|
Auto-provision a default calendar when a new user is created.
|
|
|
|
|
"""
|
|
|
|
|
if not created:
|
|
|
|
|
return
|
|
|
|
|
|
2026-01-11 02:28:04 +01:00
|
|
|
# Skip calendar creation if CalDAV server is not configured
|
|
|
|
|
if not settings.CALDAV_URL:
|
2026-01-09 00:51:25 +01:00
|
|
|
return
|
|
|
|
|
|
2026-03-06 02:47:03 +01:00
|
|
|
# Check entitlements before creating calendar — fail-closed:
|
|
|
|
|
# never create a calendar if we can't confirm access.
|
|
|
|
|
try:
|
|
|
|
|
entitlements = get_user_entitlements(instance.sub, instance.email)
|
✨(all) add organizations, resources, channels, and infra migration (#34)
Add multi-tenant organization model populated from OIDC claims with
org-scoped user discovery, CalDAV principal filtering, and cross-org
isolation at the SabreDAV layer.
Add bookable resource principals (rooms, equipment) with CalDAV
auto-scheduling that handles conflict detection, auto-accept/decline,
and org-scoped booking enforcement. Fixes #14.
Replace CalendarSubscriptionToken with a unified Channel model
supporting CalDAV integration tokens and iCal feed URLs, with
encrypted token storage and role-based access control. Fixes #16.
Migrate task queue from Celery to Dramatiq with async ICS import,
progress tracking, and task status polling endpoint.
Replace nginx with Caddy for both the reverse proxy and frontend
static serving. Switch frontend package manager from yarn/pnpm to
npm and upgrade Node to 24, Next.js to 16, TypeScript to 5.9.
Harden security with fail-closed entitlements, RSVP rate limiting
and token expiry, CalDAV proxy path validation blocking internal
API routes, channel path scope enforcement, and ETag-based
conflict prevention.
Add frontend pages for resource management and integration channel
CRUD, with resource booking in the event modal.
Restructure CalDAV paths to /calendars/users/ and
/calendars/resources/ with nested principal collections in SabreDAV.
2026-03-09 09:09:34 +01:00
|
|
|
if not entitlements.get("can_access", False):
|
2026-03-06 02:47:03 +01:00
|
|
|
logger.info(
|
|
|
|
|
"Skipped calendar creation for %s (not entitled)",
|
|
|
|
|
instance.email,
|
|
|
|
|
)
|
|
|
|
|
return
|
|
|
|
|
except EntitlementsUnavailableError:
|
|
|
|
|
logger.warning(
|
|
|
|
|
"Entitlements unavailable for %s, skipping calendar creation",
|
|
|
|
|
instance.email,
|
|
|
|
|
)
|
|
|
|
|
return
|
|
|
|
|
|
2026-01-09 00:51:25 +01:00
|
|
|
try:
|
|
|
|
|
service = CalendarService()
|
|
|
|
|
service.create_default_calendar(instance)
|
✨(all) add organizations, resources, channels, and infra migration (#34)
Add multi-tenant organization model populated from OIDC claims with
org-scoped user discovery, CalDAV principal filtering, and cross-org
isolation at the SabreDAV layer.
Add bookable resource principals (rooms, equipment) with CalDAV
auto-scheduling that handles conflict detection, auto-accept/decline,
and org-scoped booking enforcement. Fixes #14.
Replace CalendarSubscriptionToken with a unified Channel model
supporting CalDAV integration tokens and iCal feed URLs, with
encrypted token storage and role-based access control. Fixes #16.
Migrate task queue from Celery to Dramatiq with async ICS import,
progress tracking, and task status polling endpoint.
Replace nginx with Caddy for both the reverse proxy and frontend
static serving. Switch frontend package manager from yarn/pnpm to
npm and upgrade Node to 24, Next.js to 16, TypeScript to 5.9.
Harden security with fail-closed entitlements, RSVP rate limiting
and token expiry, CalDAV proxy path validation blocking internal
API routes, channel path scope enforcement, and ETag-based
conflict prevention.
Add frontend pages for resource management and integration channel
CRUD, with resource booking in the event modal.
Restructure CalDAV paths to /calendars/users/ and
/calendars/resources/ with nested principal collections in SabreDAV.
2026-03-09 09:09:34 +01:00
|
|
|
logger.info("Created default calendar for user %s", instance.pk)
|
|
|
|
|
except Exception: # pylint: disable=broad-exception-caught
|
|
|
|
|
logger.exception(
|
|
|
|
|
"Failed to create default calendar for user %s",
|
|
|
|
|
instance.pk,
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@receiver(pre_delete, sender=User)
|
|
|
|
|
def delete_user_caldav_data(sender, instance, **kwargs): # pylint: disable=unused-argument
|
|
|
|
|
"""Schedule CalDAV data cleanup when a user is deleted.
|
|
|
|
|
|
|
|
|
|
Uses on_commit so the external CalDAV call only fires after
|
|
|
|
|
the DB transaction commits — avoids orphaned state on rollback.
|
|
|
|
|
"""
|
|
|
|
|
email = instance.email
|
|
|
|
|
if not email:
|
|
|
|
|
return
|
|
|
|
|
|
|
|
|
|
if not settings.CALDAV_INTERNAL_API_KEY:
|
|
|
|
|
return
|
|
|
|
|
|
|
|
|
|
api_key = settings.CALDAV_INTERNAL_API_KEY
|
|
|
|
|
|
|
|
|
|
def _cleanup():
|
|
|
|
|
try:
|
|
|
|
|
http = CalDAVHTTPClient()
|
|
|
|
|
http.request(
|
|
|
|
|
"POST",
|
|
|
|
|
instance,
|
|
|
|
|
"internal-api/users/delete",
|
|
|
|
|
data=json.dumps({"email": email}).encode("utf-8"),
|
|
|
|
|
content_type="application/json",
|
|
|
|
|
extra_headers={"X-Internal-Api-Key": api_key},
|
2026-01-09 00:51:25 +01:00
|
|
|
)
|
✨(all) add organizations, resources, channels, and infra migration (#34)
Add multi-tenant organization model populated from OIDC claims with
org-scoped user discovery, CalDAV principal filtering, and cross-org
isolation at the SabreDAV layer.
Add bookable resource principals (rooms, equipment) with CalDAV
auto-scheduling that handles conflict detection, auto-accept/decline,
and org-scoped booking enforcement. Fixes #14.
Replace CalendarSubscriptionToken with a unified Channel model
supporting CalDAV integration tokens and iCal feed URLs, with
encrypted token storage and role-based access control. Fixes #16.
Migrate task queue from Celery to Dramatiq with async ICS import,
progress tracking, and task status polling endpoint.
Replace nginx with Caddy for both the reverse proxy and frontend
static serving. Switch frontend package manager from yarn/pnpm to
npm and upgrade Node to 24, Next.js to 16, TypeScript to 5.9.
Harden security with fail-closed entitlements, RSVP rate limiting
and token expiry, CalDAV proxy path validation blocking internal
API routes, channel path scope enforcement, and ETag-based
conflict prevention.
Add frontend pages for resource management and integration channel
CRUD, with resource booking in the event modal.
Restructure CalDAV paths to /calendars/users/ and
/calendars/resources/ with nested principal collections in SabreDAV.
2026-03-09 09:09:34 +01:00
|
|
|
except Exception: # pylint: disable=broad-exception-caught
|
|
|
|
|
logger.exception(
|
|
|
|
|
"Failed to clean up CalDAV data for user %s",
|
|
|
|
|
email,
|
2026-01-09 00:51:25 +01:00
|
|
|
)
|
✨(all) add organizations, resources, channels, and infra migration (#34)
Add multi-tenant organization model populated from OIDC claims with
org-scoped user discovery, CalDAV principal filtering, and cross-org
isolation at the SabreDAV layer.
Add bookable resource principals (rooms, equipment) with CalDAV
auto-scheduling that handles conflict detection, auto-accept/decline,
and org-scoped booking enforcement. Fixes #14.
Replace CalendarSubscriptionToken with a unified Channel model
supporting CalDAV integration tokens and iCal feed URLs, with
encrypted token storage and role-based access control. Fixes #16.
Migrate task queue from Celery to Dramatiq with async ICS import,
progress tracking, and task status polling endpoint.
Replace nginx with Caddy for both the reverse proxy and frontend
static serving. Switch frontend package manager from yarn/pnpm to
npm and upgrade Node to 24, Next.js to 16, TypeScript to 5.9.
Harden security with fail-closed entitlements, RSVP rate limiting
and token expiry, CalDAV proxy path validation blocking internal
API routes, channel path scope enforcement, and ETag-based
conflict prevention.
Add frontend pages for resource management and integration channel
CRUD, with resource booking in the event modal.
Restructure CalDAV paths to /calendars/users/ and
/calendars/resources/ with nested principal collections in SabreDAV.
2026-03-09 09:09:34 +01:00
|
|
|
|
|
|
|
|
transaction.on_commit(_cleanup)
|