1 files changed, 27 insertions, 21 deletions

diff --git a/src/mailman_pgp/rest/lists.py b/src/mailman_pgp/rest/lists.py
index fbece1d..c7c632a 100644
--- a/src/mailman_pgp/rest/lists.py
+++ b/src/mailman_pgp/rest/lists.py
@@ -21,9 +21,9 @@ from mailman.interfaces.action import Action
 from mailman.interfaces.listmanager import IListManager
 from mailman.interfaces.member import MemberRole
 from mailman.rest.helpers import (accepted, bad_request,
-                                  child, ChildError, CollectionMixin, etag,
+                                  child, CollectionMixin, etag,
                                   GetterSetter, no_content, not_found,
-                                  NotFound, okay)
+                                  NotFound, okay, forbidden)
 from mailman.rest.validator import (enum_validator, PatchValidator,
                                     UnknownPATCHRequestError, Validator)
 from pgpy.errors import PGPError
@@ -38,7 +38,8 @@ from mailman_pgp.utils.rest import enumflag_validator, workflow_validator
 from mailman_pgp.workflows.key_change import (KeyChangeModWorkflow,
                                               KeyChangeWorkflow)
 
-CONFIGURATION = dict(
+ATTRIBUTES = dict(
+        list_id=GetterSetter(None),
         unsigned_msg_action=GetterSetter(enum_validator(Action)),
         inline_pgp_action=GetterSetter(enum_validator(Action)),
         expired_sig_action=GetterSetter(enum_validator(Action)),
@@ -54,24 +55,25 @@ CONFIGURATION = dict(
         key_signing_allowed=GetterSetter(enumflag_validator(MemberRole))
 )
 
+VALIDATORS = ATTRIBUTES.copy()
+for attribute, gettersetter in list(VALIDATORS.items()):
+    if gettersetter.decoder is None:
+        del VALIDATORS[attribute]
+
 
 class _PGPListBase(CollectionMixin):
     def _resource_as_dict(self, emlist):
         """See `CollectionMixin`."""
-        return dict(list_id=emlist.list_id,
-                    unsigned_msg_action=emlist.unsigned_msg_action,
-                    inline_pgp_action=emlist.inline_pgp_action,
-                    expired_sig_action=emlist.expired_sig_action,
-                    revoked_sig_action=emlist.revoked_sig_action,
-                    invalid_sig_action=emlist.invalid_sig_action,
-                    duplicate_sig_action=emlist.duplicate_sig_action,
-                    strip_original_sig=emlist.strip_original_sig,
-                    sign_outgoing=emlist.sign_outgoing,
-                    nonencrypted_msg_action=emlist.nonencrypted_msg_action,
-                    encrypt_outgoing=emlist.encrypt_outgoing,
-                    self_link=self.api.path_to(
-                            '/plugins/{}/lists/{}'.format(config.name,
-                                                          emlist.list_id)))
+        resource = {}
+        for attribute, getter in ATTRIBUTES.items():
+            value = getter.get(emlist, attribute)
+            if isinstance(value, (set, frozenset)):
+                value = list(iter(value))
+            resource[attribute] = value
+        resource['self_link'] = self.api.path_to(
+                '/plugins/{}/lists/{}'.format(config.name,
+                                              emlist.list_id))
+        return resource
 
     def _get_collection(self, request):
         """See `CollectionMixin`."""
@@ -112,7 +114,7 @@ class APGPList(_PGPListBase):
         if self._mlist is None:
             not_found(response)
         else:
-            validator = Validator(**CONFIGURATION)
+            validator = Validator(**VALIDATORS)
             try:
                 with transaction():
                     validator.update(self._mlist, request)
@@ -127,7 +129,7 @@ class APGPList(_PGPListBase):
             not_found(response)
         else:
             try:
-                validator = PatchValidator(request, CONFIGURATION)
+                validator = PatchValidator(request, VALIDATORS)
             except UnknownPATCHRequestError as error:
                 bad_request(response,
                             'Unknown attribute: {}'.format(error.attribute))
@@ -144,8 +146,6 @@ class APGPList(_PGPListBase):
     def key(self, context, segments):
         if self._mlist is None:
             return NotFound(), []
-        if not config.get_value('rest', 'expose_private_key'):
-            return ChildError(403), []
         return AListKey(self._mlist), []
 
     @child()
@@ -164,6 +164,9 @@ class AListKey:
 
     def on_get(self, request, response):
         """/lists/<list_id>/key"""
+        if not config.get_value('rest', 'allow_read_private_key'):
+            forbidden(response)
+            return
         key = self._mlist.key
         if key is None:
             not_found(response)
@@ -174,6 +177,9 @@ class AListKey:
 
     def on_put(self, request, response):
         """/lists/<list_id>/key"""
+        if not config.get_value('rest', 'allow_write_private_key'):
+            forbidden(response)
+            return
         try:
             validator = Validator(key=GetterSetter(key_from_blob))
             values = validator(request)