Open Bug 462859 Opened 16 years ago Updated 2 years ago

CalDAV: Allow manipulation of calendar DAV permissions

Categories

(Calendar :: Provider: CalDAV, enhancement)

Product:
Calendar
Component:
Provider: CalDAV
Version:
Sunbird 0.9
Type:
enhancement

Tracking

(Not tracked)

People

(Reporter: jelledejong, Unassigned)

Details

Attachments

(4 files)

icalsubscribe picture
38.09 KB, image/png
Details
darwin calendar account settings example
1.08 KB, text/plain
Details
proposed dialog, for ui review
33.73 KB, image/png
Details
mockup
65.15 KB, image/png
Details 
User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.3) Gecko/2008092816 Iceweasel/3.0.3 (Debian-3.0.3-3)
Build Identifier: pool/main/i/iceowl/iceowl_0.8-6_i386.deb

Hello everybody,

I am testing iceowl with my darwin calendar servers and when using iceowl as front-end. I can only access one of my calendars, because it only asks for one user name and password, my other calenders do not work because i don't have permission to read or write them.

calendar-user0
caldav
https://hostname.domain.org:8443/calendars/users/user0/calendar

calendar-user1
caldav
https://hostname.domain.org:8443/calendars/users/user1/calendar

calendar-group0
caldav
https://hostname.domain.org:8443/calendars/group/group0/calendar

Reproducible: Always

Steps to Reproduce:
1. setup multiple calendars, with different users and passwords
2. try to create events in all calendars
3. it will only work with one calendars where password and username where asked
4. non working calendars setup
Do you use Sunbird or Lightning and what version?
Component: General → Provider: CalDAV
QA Contact: general → caldav-provider
Thank you Stefan, I am using iceowl version 0.8.6 build for i386 platform on debian sid (iceowl_0.8-6_i386.deb). Iceowl is the Sunbird version but without non free software and trademarks restrictions.
Version: unspecified → Sunbird 0.8
This is expected behavior on a CalDAV server. Since the server comprises a single HTTP authentication realm, you want to use a single set of credentials with it, and if you need to access more than one calendar on that server with that credential set the ACLs server-side have to allow that access. Unfortunately, Sunbird/Lightning currently cannot be used to manupulate those permissions: you'd need to use something like iCal to give user1 access to user0's calendar.
Thank you Bruno for taking the time to response, Is this a issue with my Darwin calendar server that does not follow the Caldav specification [1], or is it something with Iceowl/Sunbird that does not follow the Caldav specification. What is needed to get this working? And what can I do about this without writing the code myself?

[1] http://tools.ietf.org/html/draft-dusseault-caldav-15#page-63

Thanks in advance,
(In reply to comment #4)
> Is this a issue with my Darwin
> calendar server that does not follow the Caldav specification [1], or is it
> something with Iceowl/Sunbird that does not follow the Caldav specification.

I think that both Darwin and Sb/Ltn are following the spec; what we are talking about here is a missing feature in the latter. 

> What is needed to get this working? 

Depends on what you mean by "get this working". The short-term solution is to set permissions with a tool that allows it. This should be possible with iCal, though I can't say I've done that myself yet. The longer-term solution is to add the needed feature to Sb/Ltn. I should have filed a bug for that long since and am converting this bug into the needed one.

> And what can I do about this without
> writing the code myself?

Well, the DAV part of this bug should be pretty straightforward, but I don't see that the UI bits will be, so any suggestions about how that could work would be helpful.

> 
> [1] http://tools.ietf.org/html/draft-dusseault-caldav-15#page-63
> 

http://ietfreport.isoc.org/idref/rfc4791/
Severity: normal → enhancement
Status: UNCONFIRMED → NEW
Ever confirmed: true
OS: Linux → All
Hardware: PC → All
Summary: iceowl only ask one user and password for the first caldav network calendar, multiple calendars does not work... → CalDAV: Allow manipulation of calendar DAV permissions
Version: Sunbird 0.8 → Sunbird 0.9
Attached image icalsubscribe picture β€” 
maybe start with adding these gui options:
use separate user and password for every calender subscription
I think that could be a reasonable UI - for something else, likely in an extension. What I think we need here is a UI that will allow the user to select one or more of the user|group principals on the CalDAV server, and allow setting read-only, read-write, and other permissions on the given calendar to those principal(s). This follows the security model native to WebDAV/CalDAV, and will give us a basis to add on later the various permissions needed for scheduling.
Should this be enough to create group calendars? It is an mock up of my current setup. See http://trac.calendarserver.org/wiki/XMLDirectoryService
I still have this issue with:

sudo apt-get install -t experimental iceowl iceowl-extension iceowl-l10n-nl
Version: 0.9-1

would it be possible to rename this bug to:
make multiple calenders work with different user names, passwords and servers
(In reply to comment #9)
> would it be possible to rename this bug to:
> make multiple calenders work with different user names, passwords and servers

I believe thats bug 247486. If you agree and think there are no remaining parts from this bug, please mark as duplicate.
Requesting ui-review on a dialog for applying coarse-grained DAV permissions to a CalDAV calendar.

This dialog would be reached via a "Edit Calendar Permissions" (accesskey "m") menuitem on both the calendar-list popup and the main "Events and Tasks" menu. The menuitem would be enabled only when the selected calendar is a CalDAV one.

When the user types into the textbox the dialog queries the server for principals whose displayname matches the textbox string, and shows those displaynames in the listbox. When the user selects a displayname in the listbox the displayname and associated calendar-user-address are displayed at the upper-right of the dialog (this is to help with disambiguating e.g. multiple "John Smiths"). The calendar-user-address can be any URI; in the case of a mailto: URI as shown in the sample the scheme portion of the URI would be removed before display.

The checkboxes allow fairly coarse-grained setting of DAV privileges. We may want some kind of "Advanced Permissions" mechanism in the future, but I think that's a different bug. 

Given security implications of this kind of access control, I thought it made more sense to have an "Apply" button than live-changing permissions as the user manipulates the checkboxes.
Attachment #615659 - Flags: ui-review?(nisses.mail)
Would it be out of scope scale-wise to list all the users on the server instead of using the freeform search to query for users?

If not I think this is possible to handle with more elegant controls than a separate listbox to display the results and do it with a awesomebar instead. Mockup coming up!
Attached image mockup β€” 
What about something like this?
In any case, I think this should be made part of the calendar properties dialog. We should use a similar layout as the folder properties dialog of Thunderbird and have a tab with permissions.
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: