0005258: ACL / RBAC for role "None" doesn't work - SOGo | BTS

ID	Project	Category	View Status	Date Submitted	Last Update

0005258	SOGo	Backend Calendar	public	2021-02-11 17:35	2021-02-12 16:00

Reporter	blackips	Assigned To
Priority	high	Severity	major	Reproducibility	always
Status	closed	Resolution	no change required
OS	Ubuntu	OS Version	20.04
Product Version	5.0.1

Summary	0005258: ACL / RBAC for role "None" doesn't work
Description	When using the "None" access right for any of the three categories (public, confidential, private) in the calendar module for any owned calendar, all details will be shown to an subscriber. The "None" right behaves like the "View all" role without any exception. Only when applying the "View the Date & Time" right, acces to the event details for events in this category is restricted. The default roles are defined like that: SOGoCalendarDefaultRoles = ( PublicViewer, ConfidentialDAndTViewer ); Event the fallback to the default roles doesn't apply, when selecting "None".
Steps To Reproduce	Alice creates a new calendar with access rights for authenticated users like these (no further rights given): Public: View the Date & Time Confidential: None Private: none Alice adds the following events (with unique description and location): 1) "Event A" is a public event at 09:00 2) "Event B" is a confidential event at 11:00 3) "Event C" is a private event at 13:00 Bob subscribes to the calendar and sees her calender like that: 1) "(Public event) at 09:00, no further details given 2) "Event B" at 11:00, all details shown 3) "Event C" at 13:00, all details shown The expected behaviour for Bob should be: 1) "(public event)" at 09:00, no further details given 2) "(Confidential event)" at 11:00, no further details given 3) Nothing to show for Event C
Tags	No tags attached.

blackips 2021-02-11 17:35 reporter	Alice.png (10,405 bytes) Alice.png (10,405 bytes) Bob.png (11,557 bytes) Bob.png (11,557 bytes) access_rights.png (30,697 bytes) access_rights.png (30,697 bytes)

francis 2021-02-12 01:53 administrator ~0015082	I can't reproduce this issue. Is Bob a super user?

blackips 2021-02-12 09:35 reporter ~0015083	Yes, indeed. It was getting late during tests yesterday... I can confirm that the ACL / RBAC settings for normal users apply as intended, but superadmin user will get the described behaviour. So everything works. I'm very sorry!

Date Modified	Username	Field	Change
2021-02-11 17:35	blackips	New Issue
2021-02-11 17:35	blackips	File Added: Alice.png
2021-02-11 17:35	blackips	File Added: Bob.png
2021-02-11 17:35	blackips	File Added: access_rights.png
2021-02-12 01:53	francis	Note Added: 0015082
2021-02-12 09:35	blackips	Note Added: 0015083
2021-02-12 16:00	francis	Status	new => closed
2021-02-12 16:00	francis	Resolution	open => no change required