0004822: Calender advertises wrong ACL for shared address books - SOGo

ID	Project	Category	View Status	Date Submitted	Last Update

0004822	SOGo	Backend Address Book	public	2019-09-23 11:31	2019-10-28 13:41

Reporter	erwint	Assigned To
Priority	normal	Severity	minor	Reproducibility	always
Status	new	Resolution	open
Platform	[Server] Linux	OS	Debian	OS Version	8 (Jessie)
Product Version	4.0.8

Summary	0004822: Calender advertises wrong ACL for shared address books
Description	When addressbooks are shared, the ACLs are advertised wrongly. It will report a current-user-privilege-set with "write" (and some others), but not "read". According to https://tools.ietf.org/html/rfc3744#section-3.12 this is wrong, and will make e.g. TBSync skip the shared address book (there is now a workaround in the latest beta, though, see https://github.com/jobisoft/DAV-4-TbSync/issues/114) This might also be the problem of 0001981 and 0003333 BTW: for calendars this is done correctly
Steps To Reproduce	Share addressbook of user A with user B Use Thunderbird with TBSync to connect to SOGo with user B -> only the personal addressbook of user B and GAL are discovered, the shared addressbook of user A is missing
Tags	No tags attached.

erwint 2019-10-17 21:48 reporter ~0013831	Even worse, for readonly shared addressbooks no ACL is advertised at all: <D:response> <D:href>/SOGo/dav/XXXX/Contacts/YYYY/</D:href> <D:propstat> <D:status>HTTP/1.1 200 OK</D:status> <D:prop> <D:current-user-privilege-set xmlns:D="DAV:"></D:current-user-privilege-set> <D:resourcetype> <D:collection/> <vcard-collection xmlns="http://groupdav.org/"/> <addressbook xmlns="urn:ietf:params:xml:ns:carddav"/> </D:resourcetype> <D:displayname>ZZZZ</D:displayname> </D:prop> </D:propstat> </D:response>

Date Modified	Username	Field	Change
2019-09-23 11:31	erwint	New Issue
2019-10-17 21:48	erwint	Note Added: 0013831