Dependency Graph

Dependency Graph
related to related to child of child of duplicate of duplicate of

View Issue Details

IDProjectCategoryView StatusLast Update
0002502SOGoBackend Calendarpublic2014-02-06 19:25
ReporterThomasRZ Assigned Tofrancis  
PrioritynormalSeveritymajorReproducibilityalways
Status resolvedResolutionfixed 
Product Version2.1.0 
Target Version2.2.0Fixed in Version2.2.0 
Summary0002502: Wrong handling of ACLs on shared calendars with 2 Groups
Description

This Bug appears when a user shares his calendar to multiple groups with different ACLs. At least one user has to be in 2 Groups. At the moment the rights of a calendar are handled "old-to-new". The Right way must be "specific-to-unspecific".

Steps To Reproduce

To reproduce this Bug simply do the following:

  • You need 2 Users and 2 Groups

  • At least 1 of the 2 Users has to be in both groups

  • For Example, set the ACLs of a calendar from user "A" to:
    Group-A: PublicViewer
    Group-B: PublicModifier, ObjectCreator, ObjectErasor
    IN THIS ORDER.
    If you check the acl-table of the calendar of User "A" it should look like this:
    | @Group-A | //Calendar/personal | PublicViewer |
    | @Group-B | /
    /Calendar/personal | PublicModifier |
    | @Group-B | //Calendar/personal | ObjectCreator |
    | @Group-B | /
    /Calendar/personal | ObjectErasor |

  • Now log in with User "B" and subscribe to the calendar of User "A" (Make sure the ACLs are really used)

  • You are now allowed to create a object and delete a object

  • BUT: You cannot modify any public object, even though you are in the Group-B which has the required ACLs

Normally it should be possible to modify public objects of User "A", although Group-A only grants read-only rights. You can check the other way round just by changing the rights of Group-A to None, save and change them back to PublicViewer. They will appear at the bottom of the ACLs and SOGo will use the PublicModifier of Group-B now.

TagsNo tags attached.

Relationships

duplicate of 0001854 resolvedfrancis Order of ACLs unclear and can't be changed 

Issue History

Date Modified Username Field Change
2013-11-20 15:07 ThomasRZ New Issue
2014-02-06 18:56 francis Relationship added duplicate of 0001854
2014-02-06 18:56 francis Target Version => 2.2.0
2014-02-06 19:25 francis Note Added: 0006516
2014-02-06 19:25 francis Status new => resolved
2014-02-06 19:25 francis Fixed in Version => 2.2.0
2014-02-06 19:25 francis Resolution open => fixed
2014-02-06 19:25 francis Assigned To => francis