View Issue Details

IDProjectCategoryView StatusLast Update
0000155SOGoBackend Calendarpublic2009-10-15 21:34
Reporterpmei Assigned Touser4 
PrioritynormalSeveritymajorReproducibilityhave not tried
Status resolvedResolutionfixed 
Product Version1.0.4 
Target Version1.1.0 
Summary0000155: iPhone 3.1 OS upgrade makes SOGo cals readonly
Description

from Hans Verbrugge's post on Sep. 30, 2009:
-----snip-----

It turns out that iPhone3.1 iCal is now checking webdav acls, when an account is created. If it does, the server returns a minimal set of privileges. Things started working again, after I removed the account, patched the server, so that it returns write permissions, when iCal goes after the initial PROPFIND.

I'm not quite familiar with the source code yet, so I can't tell if this will break anything else or not.

With those patches, iPhone3.1 iCal can write in your own caldav calendars again.

There is one exception, subscribed calendars (from others) are read-only, even if shared for modification.If you change SoObjects/Appointments/SOGoAppointmentFolder.m SoPerm_OwnerWebDAVAccess (this will give DAV write permissions to the owner only, in the AppointmentFolder) to SoPerm_WebDAVAccess, it will be writable too. There's a glitch here too, it will allow you delete objects in a subscribed calendar, even if those permissions are not granted by the owner of the calendar. Maybe that's an iPhone thing. It will allow you, but it is not erased from the DB, because I can still see it in another iCal (which on my Mac throws an error, stating that deletion is not allowed, if I try there).

Should you try this; you will have to invalidate your iPhone caldav account first. You can do this by going to the account settings/advanced and append a character to the url. Then go back to settings, quit and start the calendar app. The caldav calendar will now be gone. Go back to the account settings, remove the character from the url, go back to your calendar and it should work.

Again, a big disclaimer here, this works for me, but maybe one of the developers can tell if this is a safe thing to do.

Cheers,

  • hans
Additional Information

[ apply patch to SVN, rev 1508, with "--ignore-whitespace" ]

from Hans Verbrugge's post on Sep. 15, 2009:
-----snip-----

[... running SOGo 1.0.4 ]

I recently upgraded from iPhone OS 3.0 (where everything worked fine) to 3.1. With 3.1, my calendars have all become read-only on my iPhone.

Now, I don't know what it used to send over the line in 3.0, but in 3.1 it starts with:

PROPFIND /SOGo/dav/hans/Calendar/ HTTP/1.1
Host: xxxx
User-Agent: DAVKit/4.0 (728.4); iCalendar/1 (42.1); iPhone/3.1 7C144
Authorization: Basic xxxxxx
Content-Type: text/xml
Depth: 1
Connection: close
Content-Length: 410

<?xml version="1.0" encoding="utf-8"?>
<x0:propfind xmlns:x2="http://calendarserver.org/ns/&quot; xmlns:x0="DAV:" xmlns:x3="http://apple.com/ns/ical/&quot; xmlns:x1="urn:ietf:params:xml:ns:caldav">
<x0:prop>
<x0:displayname/>
<x1:calendar-description/>
<x2:getctag/>
<x3:calendar-color/>
<x1:supported-calendar-component-set/>
<x0:resourcetype/>
<x0:current-user-privilege-set/>
</x0:prop>
</x0:propfind>

On my macs I run Leopard (10.5.8) and it starts a session with this;

PROPFIND /SOGo/dav/hans/Calendar/ HTTP/1.1
Host: xxxx
User-Agent: DAVKit/3.0.6 (661); CalendarStore/3.0.8 (860); iCal/3.0.8 (1287); Mac OS X/10.5.8 (9L30)
Authorization: Basic xxxxxx
Content-Type: text/xml
Depth: 1
Connection: close
Content-Length: 388

<?xml version="1.0" encoding="utf-8"?>
<x0:propfind xmlns:x1="http://calendarserver.org/ns/&quot; xmlns:x0="DAV:" xmlns:x3="http://apple.com/ns/ical/&quot; xmlns:x2="urn:ietf:params:xml:ns:caldav">
<x0:prop>
<x1:getctag/>
<x0:displayname/>
<x2:calendar-description/>
<x3:calendar-color/>
<x3:calendar-order/>
<x0:resourcetype/>
<x2:calendar-free-busy-set/>
</x0:prop>
</x0:propfind>

The interesting difference (I think) is the addition of the supported-calendar-component-set and current-user-privilege-set properties in iPhone OS3.1.

I can't really tell if this is a bug, or Apple being non compliant. Davical has addressed this issue in a new release (mentioning OS 3.1 brokenness, mmm).

Any help or pointers (even to source-code fragments, so I can maybe fix this myself) are greatly appreciated.

Cheers,

  • hans
    -----snip-----

from Hans Verbrugge's post on Sep. 21, 2009
-----snip-----

I've been doing some more research, and it seems 3.1 is now asking for the current-user-privilege-set to find out if some options in the client should be disabled, based on acl/access.

If I look at the response that is being sent back, at least for the /dav/user/Calendar collection, I'd expect that if the current user is also the owner, he should have all rights? I don't see any write privileges in there, so I suspect it's the reason why iPhone 3.1 thinks that the collection is read-only (and thus it sees the underlying calendars as read-only).
Maybe the same applies for the Calendars themselves; do they need an explicit all/write privilege being returned in the reply?
Am I seeing this correctly?

See the output below;

Cheers,

  • hans

<?xml version="1.0" encoding="utf-8"?>
<D:multistatus xmlns:c="http://apple.com/ns/ical/&quot;
xmlns:a="urn:ietf:params:xml:ns:caldav"
xmlns:b="http://calendarserver.org/ns/&quot; xmlns:D="DAV:">
<D:response>
<D:href>
https://xxx.xxx.xxx/SOGo/dav/hans/Calendar/&lt;/D:href>
<D:propstat>
<D:status>HTTP/1.1 200 OK</D:status>
<D:prop>
<D:displayname>Calendar</D:displayname>
<n1:supported-calendar-component-set xmlns:n1="urn:ietf:params:xml:ns:caldav"
xmlns:D="DAV:">
<n1:comp name="VEVENT" />
<n1:comp name="VTODO" />
</n1:supported-calendar-component-set>
<D:resourcetype>
<D:collection />
</D:resourcetype>
<D:current-user-privilege-set xmlns:D="DAV:">
<D:privilege>
<D:read-current-user-privilege-set />
</D:privilege>
<D:privilege>
<D:bind />
</D:privilege>
<D:privilege>
<D:unbind />
</D:privilege>
</D:current-user-privilege-set>
</D:prop>
</D:propstat>
<D:propstat>
<D:status>HTTP/1.1 404 Resource Not Found</D:status>
<D:prop>
<a:calendar-description />
<b:getctag />
<c:calendar-color />
</D:prop>
</D:propstat>
</D:response>
<D:response>
<D:href>
https://xxx.xxx.xxx/SOGo/dav/hans/Calendar/personal&lt;/D:href>
<D:propstat>
<D:status>HTTP/1.1 200 OK</D:status>
<D:prop>
<D:displayname>Home</D:displayname>
<a:calendar-description />
<b:getctag>1253351607</b:getctag>
<c:calendar-color>#009933FF</c:calendar-color>
<n1:supported-calendar-component-set xmlns:n1="urn:ietf:params:xml:ns:caldav"
xmlns:D="DAV:">
<n1:comp name="VEVENT" />
<n1:comp name="VTODO" />
</n1:supported-calendar-component-set>
<D:resourcetype>
<D:collection />
<calendar xmlns="urn:ietf:params:xml:ns:caldav" />
</D:resourcetype>
<D:current-user-privilege-set xmlns:n2="urn:inverse:params:xml:ns:inverse-dav"
xmlns:D="DAV:" xmlns:n1="urn:ietf:params:xml:ns:caldav">
<D:privilege>
<D:read />
</D:privilege>
<D:privilege>
<D:read-free-busy />
</D:privilege>
<D:privilege>
<D:read-current-user-privilege-set />
</D:privilege>
<D:privilege>
<D:bind />
</D:privilege>
<D:privilege>
<n1:schedule />
</D:privilege>
<D:privilege>
<n1:schedule-post />
</D:privilege>
<D:privilege>
<n1:schedule-post-vevent />
</D:privilege>
<D:privilege>
<n1:schedule-post-vtodo />
</D:privilege>
<D:privilege>
<n1:schedule-post-vjournal />
</D:privilege>
<D:privilege>
<n1:schedule-post-vfreebusy />
</D:privilege>
<D:privilege>
<n1:schedule-deliver />
</D:privilege>
<D:privilege>
<n1:schedule-deliver-vevent />
</D:privilege>
<D:privilege>
<n1:schedule-deliver-vtodo />
</D:privilege>
<D:privilege>
<n1:schedule-deliver-vjournal />
</D:privilege>
<D:privilege>
<n1:schedule-deliver-vfreebusy />
</D:privilege>
<D:privilege>
<n1:schedule-respond />
</D:privilege>
<D:privilege>
<n1:schedule-respond-vevent />
</D:privilege>
<D:privilege>
<n1:schedule-respond-vtodo />
</D:privilege>
<D:privilege>
<D:unbind />
</D:privilege>
<D:privilege>
<D:write-properties />
</D:privilege>
<D:privilege>
<D:read-acl />
</D:privilege>
<D:privilege>
<D:write-acl />
</D:privilege>
<D:privilege>
<n2:admin />
</D:privilege>
</D:current-user-privilege-set>
</D:prop>
</D:propstat>
</D:response>
</D:multistatus>

TagsNo tags attached.

Activities

2009-09-30 18:08

 

iPhone31_acl_workaround.patch (3,033 bytes)   
# svn diff
Index: SoObjects/Appointments/SOGoAppointmentFolder.m
===================================================================
--- SoObjects/Appointments/SOGoAppointmentFolder.m    (revision 1508)
+++ SoObjects/Appointments/SOGoAppointmentFolder.m    (working copy)
@@ -134,7 +134,8 @@
           asChildOf: davElement (@"read", XMLNS_WEBDAV)];
       [aclManager registerDAVPermission: davElement (@"write", XMLNS_WEBDAV)
           abstract: YES
-          withEquivalent: nil
+          withEquivalent: SoPerm_OwnerWebDAVAccess
+          //withEquivalent: nil
           asChildOf: davElement (@"all", XMLNS_WEBDAV)];
       [aclManager registerDAVPermission: davElement (@"bind", XMLNS_WEBDAV)
           abstract: NO

Index: SoObjects/SOGo/SOGoPermissions.h
===================================================================
--- SoObjects/SOGo/SOGoPermissions.h    (revision 1508)
+++ SoObjects/SOGo/SOGoPermissions.h    (working copy)
@@ -73,7 +73,10 @@
 extern NSString *SOGoPerm_DeleteObject;
 extern NSString *SOGoPerm_ReadAcls;
 extern NSString *SOGoPerm_FreeBusyLookup;
+/* HV: should go to SOPE */
+extern NSString *SoPerm_OwnerWebDAVAccess;

+
 extern NSString *SOGoCalendarPerm_ViewWholePublicRecords;
 extern NSString *SOGoCalendarPerm_ViewDAndTOfPublicRecords;
 extern NSString *SOGoCalendarPerm_ModifyPublicRecords;
Index: SoObjects/SOGo/SOGoPermissions.m
===================================================================
--- SoObjects/SOGo/SOGoPermissions.m    (revision 1508)
+++ SoObjects/SOGo/SOGoPermissions.m    (working copy)
@@ -78,6 +78,10 @@
                                               currently missing from SOPE */
 NSString *SOGoPerm_FreeBusyLookup = @"FreeBusyLookup";

+/* HV: should go to SOPE */
+NSString *SoPerm_OwnerWebDAVAccess = @"OwnerWebDAV Access";
+
+
 NSString *SOGoCalendarPerm_ViewWholePublicRecords = @"ViewWholePublicRecords";
 NSString *SOGoCalendarPerm_ViewDAndTOfPublicRecords = @"ViewDAndTOfPublicRecords";
 NSString *SOGoCalendarPerm_ModifyPublicRecords = @"ModifyPublicRecords";
Index: SoObjects/SOGo/SOGoWebDAVAclManager.m
===================================================================
--- SoObjects/SOGo/SOGoWebDAVAclManager.m    (revision 1508)
+++ SoObjects/SOGo/SOGoWebDAVAclManager.m    (working copy)
@@ -38,6 +38,7 @@
 #import "SOGoWebDAVAclManager.h"

 static NSNumber *yesObject = nil;
+extern NSString *SoPerm_OwnerWebDAVAccess;

 @interface SoClass (SOGoDAVPermissions)


Index: UI/MainUI/product.plist
===================================================================
--- UI/MainUI/product.plist    (revision 1508)
+++ UI/MainUI/product.plist    (working copy)
@@ -62,6 +62,7 @@
     "Access Object" = ( "Authenticated", "AuthorizedSubscriber" );
     "Access Contents Information" = ( "Owner", "ObjectViewer", "ObjectEditor" );
     "WebDAV Access" = ( "Authenticated", "AuthorizedSubscriber" );
+    "OwnerWebDAV Access" = ( "Owner" );
         "Delete Object" = ( "Owner" );
         "Delete Objects" = ( "Owner", "ObjectEraser" );
       };

iPhone31_acl_workaround.patch (3,033 bytes)   
ludovic

ludovic

2009-10-14 23:19

administrator   ~0000164

Will need to review in details RFC3744

user4

2009-10-15 21:34

  ~0000176

Fixed for iPhone OS 3.1.2

Issue History

Date Modified Username Field Change
2009-09-30 18:08 pmei New Issue
2009-09-30 18:08 pmei File Added: iPhone31_acl_workaround.patch
2009-10-09 17:21 ludovic Target Version => 1.1.0
2009-10-14 23:19 ludovic Note Added: 0000164
2009-10-15 21:34 user4 Status new => assigned
2009-10-15 21:34 user4 Assigned To => user4
2009-10-15 21:34 user4 Note Added: 0000176
2009-10-15 21:34 user4 Status assigned => resolved
2009-10-15 21:34 user4 Resolution open => fixed