Kozea · pbiering · Mar 9, 2024 · Mar 9, 2024 · Mar 9, 2024 · Mar 9, 2024
diff --git a/DOCUMENTATION.md b/DOCUMENTATION.md
@@ -812,6 +812,12 @@ Default: `owner_only`
 File for the rights backend `from_file`.  See the
 [Rights](#authentication-and-rights) section.
 
+##### permit_delete_collection
+
+(New since 3.1.9)
+
+Global control of permission to delete complete collection (default: True)
+
 #### storage
 
 ##### type

diff --git a/config b/config
@@ -79,6 +79,9 @@
 # File for rights management from_file
 #file = /etc/radicale/rights
 
+# Permit delete of a collection (global)
+#permit_delete_collection = True
+
 
 [storage]
 

diff --git a/radicale/app/__init__.py b/radicale/app/__init__.py
@@ -68,6 +68,7 @@ class Application(ApplicationPartDelete, ApplicationPartHead,
     _max_content_length: int
     _auth_realm: str
     _extra_headers: Mapping[str, str]
+    _permit_delete_collection: bool
 
     def __init__(self, configuration: config.Configuration) -> None:
         """Initialize Application.
@@ -84,6 +85,8 @@ def __init__(self, configuration: config.Configuration) -> None:
         self._max_content_length = configuration.get(
             "server", "max_content_length")
         self._auth_realm = configuration.get("auth", "realm")
+        self._permit_delete_collection = configuration.get("rights", "permit_delete_collection")
+        logger.info("permit delete of collection: %s", self._permit_delete_collection)
         self._extra_headers = dict()
         for key in self.configuration.options("headers"):
             self._extra_headers[key] = configuration.get("headers", key)

diff --git a/radicale/app/base.py b/radicale/app/base.py
@@ -38,6 +38,7 @@ class ApplicationBase:
     _rights: rights.BaseRights
     _web: web.BaseWeb
     _encoding: str
+    _permit_delete_collection: bool
 
     def __init__(self, configuration: config.Configuration) -> None:
         self.configuration = configuration

diff --git a/radicale/app/delete.py b/radicale/app/delete.py
@@ -68,7 +68,10 @@ def do_DELETE(self, environ: types.WSGIEnviron, base_prefix: str,
                 # ETag precondition not verified, do not delete item
                 return httputils.PRECONDITION_FAILED
             if isinstance(item, storage.BaseCollection):
-                xml_answer = xml_delete(base_prefix, path, item)
+                if self._permit_delete_collection:
+                    xml_answer = xml_delete(base_prefix, path, item)
+                else:
+                    return httputils.NOT_ALLOWED
             else:
                 assert item.collection is not None
                 assert item.href is not None

diff --git a/radicale/config.py b/radicale/config.py
@@ -184,6 +184,10 @@ def _convert_to_bool(value: Any) -> bool:
             "help": "rights backend",
             "type": str_or_callable,
             "internal": rights.INTERNAL_TYPES}),
+        ("permit_delete_collection", {
+            "value": "True",
+            "help": "permit delete of a collection",
+            "type": bool}),
         ("file", {
             "value": "/etc/radicale/rights",
             "help": "file for rights management from_file",