Closed Bug 1738443 Opened 11 months ago Closed 8 months ago

CalDAV calendars are read-only on startup

Categories

(Calendar :: Provider: CalDAV, defect)

Thunderbird 91
x86_64
Windows 10
defect

Tracking

(thunderbird_esr91 fixed, thunderbird94 affected, thunderbird95 affected, thunderbird96 affected)

RESOLVED FIXED
99 Branch
Tracking Status
thunderbird_esr91 --- fixed
thunderbird94 --- affected
thunderbird95 --- affected
thunderbird96 --- affected

People

(Reporter: epaine, Assigned: lasana)

References

(Regression)

Details

(Keywords: regression)

Attachments

(2 files, 1 obsolete file)

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/93.0

Steps to reproduce:

Update to 91.2.1 (from 78)

Actual results:

All CalDAV calendars became read-only. If read-only is unset, it resets itself to read-only when Thunderbird is restarted.

Expected results:

Calendar read-only settings should be preserved.

Component: Untriaged → Provider: CalDAV
OS: Unspecified → Windows 10
Product: Thunderbird → Calendar
Hardware: Unspecified → x86_64

I can reproduce this issue at all of my installations, too.
When the read-only option is disabled in the UI and TB is closed,
the prefs.js option calendar.registry.<guid>.readOnly is set to false.
As soon TB is started, the option is changed to true again.

The problem seems to be caused by this change in calendar/providers/caldav/CalDavCalendar.jsm: D126061 / Bug 1729235

When the server does not support the current-user-privilege-set (as out does), the privs set is empty all the time.
The calender gets read only because none of the expected values are contained in the empty set.

    // line 1095 ff

          let privs = response.firstProps["D:current-user-privilege-set"];
          // Don't clear this.readOnly, only set it. The user may have write
          // privileges but not want to use them.
          if (!this.readOnly && privs && privs instanceof Set) {
            this.readOnly = ![
              "D:write",
              "D:write-content",
              "D:write-properties",
              "D:all",
            ].some(priv => privs.has(priv));
Status: UNCONFIRMED → NEW
Ever confirmed: true
Flags: needinfo?(geoff)
Keywords: regression
Regressed by: 1729235
Flags: needinfo?(geoff) → needinfo?(lasana)
Regressed by: 1665203
No longer regressed by: 1729235

I can't say I understand the problem here. If we detect we do not have permissions to write to the calendar then it is set to read-only.

Alexander Becker is it that the server you are using sends the current-user-privilege-set property but does not actually use it? What server is this? Are you able to provide a calendar url?

Flags: needinfo?(lasana) → needinfo?(A.Becker)

I asked our calDAV provider (VPOP3) for guidance. They don't provide a fully featured webDAV server like Apache, and specifically don't have a current-user-privilege-set property available. Ideally a non-existent property should not not do anything (rather than changing a setting to read-only as in this case).

The server does not support the current-user-privilege-set property, and tells this in the response.
Thunderbird should simply assume write access if the server does not provide a privilege set.

Here is a fragment of a response to the PROPFIND request:

<D:propstat>
      <D:status>HTTP/1.1 404 Not Found</D:status>
      <D:prop>
        <D:current-user-privilege-set/>
        <CS:getctag/>
      </D:prop>
</D:propstat>
Flags: needinfo?(A.Becker)
Assignee: nobody → lasana
Status: NEW → ASSIGNED
Attachment #9257383 - Attachment description: WIP: Bug 1738443 - Do not treat 404 current-user-privilege-set responses as an empty list. r=darktrojan → Bug 1738443 - Do not treat 404 current-user-privilege-set responses as an empty list. r=darktrojan
Target Milestone: --- → 98 Branch

Also this one needs rebasing as it doesn't apply cleanly.

Flags: needinfo?(lasana)
Flags: needinfo?(lasana)
Target Milestone: 98 Branch → 99 Branch

Doesn't apply to tip. Please rebase.

Updated for D136832 changes.

Pushed by mkmelin@iki.fi:
https://hg.mozilla.org/comm-central/rev/11ed8bba1371
Do not treat 404 current-user-privilege-set responses as an empty list. r=darktrojan

Status: ASSIGNED → RESOLVED
Closed: 8 months ago
Resolution: --- → FIXED
Attachment #9272162 - Attachment is obsolete: true
Attached patch esr91.patchSplinter Review

[Approval Request Comment]
Regression caused by (bug #):
User impact if declined: Users of some caldav servers may find them set to read-only unintentionally.
Testing completed (on c-c, etc.): trunk
Risk to taking this patch (and alternatives if risky):
Should be low risk for the user. Separate patch for failed hunks. Did not verify the tests pass on 91.

Attachment #9272174 - Flags: approval-comm-esr91?

Comment on attachment 9272174 [details] [diff] [review]
esr91.patch

[Triage Comment]
Approved for esr91

Attachment #9272174 - Flags: approval-comm-esr91? → approval-comm-esr91+
You need to log in before you can comment on or make changes to this bug.