Scalable OGo (SOGo)

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0004216SOGoBackend Calendarpublic2017-07-05 11:102017-08-07 09:49
ReporterPeter2121 
Assigned To 
PrioritynormalSeverityminorReproducibilityalways
StatusnewResolutionopen 
Platform[Server] LinuxOSDebianOS Version8 (Jessie)
Product Version3.2.7 
Target VersionFixed in Version 
Summary0004216: Modification of event using admin account is impossible
DescriptionIt seems that modification of event with invited person by CalDAV is impossible using SOGoSuperUsernames accounts. One can delete event, but cannot modify it.
The error returned by server is "HTTP/1.1 409 Conflict" :
Not allowed to perform this action. Wrong SENT-BY being used regarding access rights on organizer's calendar.
Steps To Reproduce1. Create an event in a user's calendar, invite at least one person (not administrator).
2. Configure an CalDAV client (Thunderbird/Lightning) to access the calendar, using an account of administrator (mentioned in SOGoSuperUsernames).
3. Try to modify the event (change the date, for example) - the server returns status 409 ("Wrong SENT-BY...")
4. Try to delete the event - no problem, the server returns status 204 as expected.
Additional InformationNormally, one don't need additional ACLs in case of SOGoSuperUsernames account to manipulate the events of other users. It seems to be the case for all operations but modification of events with at least one invited person.
It seems to be a bug in ACLs verification - during the verification of roles (on PUT of modified event) the membership of SOGoSuperUsernames is not checked.
BTW, adding permissions using SOGo Web interface does not change the behavior.
TagsNo tags attached.
Attached Files

- Relationships Relation Graph ] Dependency Graph ]

-  Notes
(0012153)
ste (reporter)
2017-08-07 09:48
edited on: 2017-08-07 09:49

same here with latest SOGo, Outlook 2013 and caldavsynchronizer 2.22.2.
I belive the affected Calendar events are previously made by an android CALDav client. caldavsynchronizer shows the mentioned error on every sync.


- Issue History
Date Modified Username Field Change
2017-07-05 11:10 Peter2121 New Issue
2017-07-05 11:14 ludovic Severity major => minor
2017-08-07 09:48 ste Note Added: 0012153
2017-08-07 09:49 ste Note Edited: 0012153 View Revisions


Copyright © 2000 - 2017 MantisBT Team
Powered by Mantis Bugtracker