View Issue Details

IDProjectCategoryView StatusLast Update
0002763SOGo ConnectorBackend Address Bookpublic2017-11-09 09:13
Reportermbi Assigned To 
PriorityhighSeveritymajorReproducibilityalways
Status newResolutionopen 
Platform[Server] LinuxOSDebianOS Version7 (Wheezy)
Product Version24.0.4 
Summary0002763: 2 issues with Read-Only Address Books
Description

Ok, I have upgraded a users Thunderbird with the Connector nightly that contains a fix for read-only Address Books, but there are still 2 issues that need to be addressed (in my opinion).

a) Users are also able to successfully add new (local) entries to an Address book that they have Read-Only access to, and

b) Users are able to successfully edit an existing Contact

With the changes to the nightly Connector build, the Sync attempts for all changes to one of these Address Books now correctly show as failed, which is definitely better than the previous notification saying they succeeded, but...

The ideal behavior should be to simply not allow the Contact to be added.

Since SOGo is able to prevent deleting a contact in one of these Address Books, why can it not simply prevent adding one - give the same exact error that the user gets when they try to delete one:

"One or more elements of this addressbook could not be [erased][modified]. You may not have the required rights to achieve this operation."

This eliminates any/all confusion for the user, as well as the attendant support issues this causes.

If there is a good reason that this can not or should not be done, then at a minimum, I think the warning/notification for a) should be much more prominent - ie, an actual pop-up dialog that requires acknowledgement/action by the user (possibly with a 'Don't show this again' checkbox that is unchecked by default), that gives a more detailed error message, so the user understands what is going on, and can actually fix it - e.g.:

"You have added a new Contact $ContactName to the Read-Only $AddressBookName Address Book. Your local copy of this Contact has been saved, but it can not be sync'd to the Server Address Book. Please move the Contact to your Personal Address Book (or another Address Book that you have Write privileges for) to resolve this problem."

The second issue (b) above is more serious and is already causing support issues for me, and I believe should be addressed differently.

I believe that these changes should either be over-written at the next Sync, with a pop-up notification informing the user that they attempted to modify a Contact in an Address Book they don't have write access to.

Steps To Reproduce
  1. Create an Address Book, share it, and give a user read-only access to it.

  2. As the user who has read-only access, add a new Contact to the Address Book.

Note that:

3a. (bad) The Contact is added to the Local Copy of the (read-only) Address Book

3b. (bad) Until the user deletes the Contact they added, all subsequent syncs from this point forward display a very easy to miss warning about the failed Sync,

3c. (good) If the user deletes the Contact, the sync warning/error goes away

Simply disallowing adding the contact makes much more sense than letting the user do something they shouldn't be able to do, then constantly warning them in such a way that is very easy to miss, without even so much as a hint as to what exactly is failing, and more importantly, how to fix it.

If prevention is simply not possible, then I'm fine with SOGo not deleting the Contact (I hate anything that can result in actual data loss), but the warning/failed sync notification should be much more prominent - I think it should be a separate dialog that requires user action, e.g., something like:

"You have added a new Contact $ContactName to the Read-Only $AddressBookName Address Book. Your local copy of this Contact has not been deleted, but it can not be sync'd to the Server Address Book. Please move the Contact to your Personal Address Book (or another Address Book that you have Write privileges for) to resolve this problem."

  1. As the user who has read-only access, edit an existing Contact (a Contact that was already in the Address Book when it was Shared).

Note that:

5a. (bad) The modifications are saved to the local Contact entry

5b. (worst) All subsequent syncs from this point forward display a very easy to miss warning about the failed Sync, and there is absolutely no way for the user to eliminate these warnings.

The user cannot delete the entry, and if they simply undo the changes, the failed sync warnings continue.

If an attempt to edit an existing Contact in a read-only Address Book cannot simply be prevented, then such changes should simply be over-written at the next sync, with a pop-up notification to this effect that the user must acknowledge.

TagsNo tags attached.

Relationships

duplicate of 0001939 new Thunderbird read-only address books editable by subscribers 

Activities

cwright

cwright

2014-05-12 10:35

reporter   ~0007019

A duplicate of 0001939. I, too, would like to these changes. Thank you.

tanstaafl

tanstaafl

2014-05-13 06:06

reporter   ~0007021

Thanks cwright, I didn't find that bug when I was creating this one...

There is an older comment in there about a way to create these Address Books as Read-Only (ie, get the 'Read-Only' checkbox that is greyed out actually checked), but that apparently has some drawbacks...

I have previously asked about this mysterious checkbox in a list email, but not gotten an answer yet.

Ludo? Anyone? What is that checkbox? What creates/adds it? Can it be leveraged somehow to prevent users from being able to modify Address Books they don't have write permissions for?

SOGo is awesome, and this is the only real problem we are having since our migration from Google Calendars to SOGo, but I can see this becoming more painful as time goes on. Asking people to constantly have to un/re-subscribe an Address Book (then have to dbl-click > rename it to eliminate the full URL in the name) to fix this is really untenable in a 60+ installed user base...

mferrero

mferrero

2017-11-09 09:13

reporter   ~0012419

Last edited: 2017-11-09 09:13

View 2 revisions

Hello, we too have an installation with around 100 users and this problem.
We use sogo 3.2.10 with Thunderbird 52.4.0 and sogo connector and integrator 31.0.5

Is there any way to have correct address book permissions on thunderbird (using connector and integrator)?

thanks
Massimiliano

Issue History

Date Modified Username Field Change
2014-05-12 08:20 mbi New Issue
2014-05-12 10:35 cwright Note Added: 0007019
2014-05-13 06:06 tanstaafl Note Added: 0007021
2014-05-23 04:29 Christian Mack Relationship added duplicate of 0001939
2017-11-09 09:13 mferrero Note Added: 0012419
2017-11-09 09:13 mferrero Note Edited: 0012419 View Revisions