SOGo | BTS

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0002502SOGoBackend Calendarpublic2013-11-20 10:072014-02-06 14:25
ReporterThomasRZ 
Assigned Tofrancis 
PrioritynormalSeveritymajorReproducibilityalways
StatusresolvedResolutionfixed 
PlatformOSOS Version
Product Version2.1.0 
Target Version2.2.0Fixed in Version2.2.0 
Summary0002502: Wrong handling of ACLs on shared calendars with 2 Groups
DescriptionThis Bug appears when a user shares his calendar to multiple groups with different ACLs. At least one user has to be in 2 Groups. At the moment the rights of a calendar are handled "old-to-new". The Right way must be "specific-to-unspecific".
Steps To ReproduceTo reproduce this Bug simply do the following:

- You need 2 Users and 2 Groups
- At least 1 of the 2 Users has to be in both groups
- For Example, set the ACLs of a calendar from user "A" to:
  Group-A: PublicViewer
  Group-B: PublicModifier, ObjectCreator, ObjectErasor
IN THIS ORDER.
If you check the acl-table of the calendar of User "A" it should look like this:
| @Group-A | /****/Calendar/personal | PublicViewer |
| @Group-B | /****/Calendar/personal | PublicModifier |
| @Group-B | /****/Calendar/personal | ObjectCreator |
| @Group-B | /****/Calendar/personal | ObjectErasor |

- Now log in with User "B" and subscribe to the calendar of User "A" (Make sure the ACLs are really used)
- You are now allowed to create a object and delete a object
- BUT: You cannot modify any public object, even though you are in the Group-B which has the required ACLs

Normally it should be possible to modify public objects of User "A", although Group-A only grants read-only rights. You can check the other way round just by changing the rights of Group-A to None, save and change them back to PublicViewer. They will appear at the bottom of the ACLs and SOGo will use the PublicModifier of Group-B now.
TagsNo tags attached.
Attached Files

- Relationships Relation Graph ] Dependency Graph ]
duplicate of 0001854resolvedfrancis Order of ACLs unclear and can't be changed 

-  Notes
User avatar (0006516)
francis (administrator)
2014-02-06 14:25

Fixed.

See https://github.com/inverse-inc/sogo/commit/2c678101fcb5a73097cd409a832710bfbc9c916f [^]

- Issue History
Date Modified Username Field Change
2013-11-20 10:07 ThomasRZ New Issue
2014-02-06 13:56 francis Relationship added duplicate of 0001854
2014-02-06 13:56 francis Target Version => 2.2.0
2014-02-06 14:25 francis Note Added: 0006516
2014-02-06 14:25 francis Status new => resolved
2014-02-06 14:25 francis Fixed in Version => 2.2.0
2014-02-06 14:25 francis Resolution open => fixed
2014-02-06 14:25 francis Assigned To => francis


Copyright © 2000 - 2019 MantisBT Team
Powered by Mantis Bugtracker