View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0006179SOGoBackend Address Bookpublic2026-03-09 08:012026-03-09 08:01
Reporterschorer Assigned To 
PriorityhighSeveritymajorReproducibilityalways
Status newResolutionopen 
Platform[Client] MicrosoftOSWindowsOS Version7
Product Version5.9.1 
Summary0006179: CardDAV Shared Read only Address books has empty property current-user-privilege-set in discovery
Description

Hello Sogo Team,

I'd Like to report a bug with the CardDAV Implementation for address books that are shared with read only privileges.

System is sogo 5.9.1 using Thunderbird 148 as client.

Thunderbird will get a response in CardDAV calendar discovery that contains a empty current-user-privilege-set instead of the correct read privilege prop. That's why Thunderbird won't show this address book as "addable".

Ways to make Thundebird discover the adress book:

1) If one would override this check in the debug mode of Thunderbird by changing the variables to readable=true. It shows up and is usable perfectly fine (thus showing that it is indeed readable).

2) Also, if the property <D:current-user-privilege-set xmlns:D="DAV:"/> would be omitted completely (which I did also in the Thunderbird debugger) one is able to discover, add and use the address books just fine.

3) Perfectly correct would be to include the read privilege as shown below.

Example response for a "bad" read only shared address book response:

<D:response xmlns:D="DAV:"><D:href>/SOGo/dav/sogo-rz1/Contacts/6DDF-6551C400-B-23F36E80/</D:href><D:propstat><D:status>HTTP/1.1 200 OK</D:status><D:prop><D:resourcetype><D:collection/><vcard-collection xmlns="http://groupdav.org/&quot;/>&lt;addressbook xmlns="urn:ietf:params:xml:ns:carddav"/></D:resourcetype><D:displayname>HS-Verteiler ( <sogo.rz1@hs-kempten.de>)</D:displayname><D:current-user-principal xmlns:D="DAV:"><D:href>/SOGo/dav/schorerm</D:href></D:current-user-principal>

<D:current-user-privilege-set xmlns:D="DAV:"/>

</D:prop></D:propstat></D:response>

Correctly it should be:

'<D:href xmlns:D="DAV:">/SOGo/dav/sogo-rz1/Contacts/6DDF-6551C400-B-23F36E80/</D:href><D:propstat xmlns:D="DAV:"><D:status>HTTP/1.1 200 OK</D:status><D:prop><D:resourcetype><D:collection/><vcard-collection xmlns="http://groupdav.org/&quot;/>&lt;addressbook xmlns="urn:ietf:params:xml:ns:carddav"/></D:resourcetype><D:displayname>HS-Verteiler ( <sogo.rz1@hs-kempten.de>)</D:displayname><D:current-user-principal xmlns:D="DAV:"><D:href>/SOGo/dav/schorerm</D:href></D:current-user-principal>

<D:current-user-privilege-set xmlns:D="DAV:">

<D:privilege><D:read/></D:privilege>

</D:current-user-privilege-set>

</D:prop></D:propstat>'

Steps To Reproduce

Create shared (read only for authenticated users) address book
Try to add address book as user in Thunderbird 148
-> Error: No address books found

TagsCardDAV

Activities

There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2026-03-09 08:01 schorer New Issue
2026-03-09 08:01 schorer Tag Attached: CardDAV