Page MenuHomekolab.org

full acces ACL shared personal calendar of a user scrambles event behavior if a permitted user creates an event in it
Open, NormalPublic

Description

Installed Packages
httpd.x86_64                 2.4.10-22.1.el6.kolab_14    @lhm-kolab-14-updates
postfix.x86_64               2:2.6.6-6.el6_7.1               @CentOS-ESG-updates/6.4
pykolab.noarch             0.7.28-1.1.el6.kolab_14     @lhm-kolab-14-updates
roundcubemail.noarch   1.1.5.21-1.1.el6.kolab_14  @lhm-kolab-14-updates
cyrus-imapd.x86_64       2.5.8-13.1.el6.kolab_14    @lhm-kolab-14-updates-testing
wallace.noarch              0.7.28-1.1.el6.kolab_14    @lhm-kolab-14-updates

We added some calendar sharing permissions on a personal (not private or some restricted) calendar of a user "CalendarOwner" to a group as shown on the screenhot:

This is the LDIF of the group:

dn:: .......
objectClass: groupOfUniqueNames
objectClass: kolabGroupOfUniqueNames
objectClass: labeledURIObject
objectClass: lhmDistributionList
objectClass: top
cn: ITM-B14
mail: itm-b14@domain.de
NPLEXListServerAccess: 4
NPLEXListServerType: 2
NPLEXMailingListMembersOnly: FALSE
NPLEXMailingListNotification: 0
NPLEXMailingListOwner: itm.b14.postmaster@domain.de
description: Automatisch erstellte Verteilerliste
labeledUri: ldap://ldap.domain.de/ou=Basisanwendungen,ou=Applikationen%20-
 %20Datenbanken%20-%20Werkzeuge,ou=Gesch%C3%A4ftsbereich%20Betrieb,ou=IT-M,o
 u=Direktorium,o=Hauptstadt,c=de??sub?(&(objectclass=pe
 rson)(lhmListMemberAuto=TRUE)(lhmMailboxServer=head)(!(ou:dn:=Stabsstelle%2
 0MIT-KonkreT)))
o: Verteiler ITM-B14
owner: lhmoushortname=ITM-B14
uniqueMember: GMember1
uniqueMember:: GMember2
  1. Then GMember1 subscribed to the CalendarOwners shared calendar and creates an event and invites one person not in the permitted group and one menber of this group and the CalendarOwner itself.
  2. All invited particicipants get the invitation mail
  3. all members of the permitted group can see the calendar entry in the shared calendar of the CalendarOwner

3a. by some reason the CalendarOwner himself can not see the event in his calendar, neither the one shared with the group nor any other (e.g. outstanding invitations)

  1. CalendarOwner accepts invitation by clicking received invitation mail


4a. Outstanding invitations count is reduced by the accepted one invitation but the event doesn't show up in any of the CalendarOwners calendars

  1. GMember2 receives invitation

  1. GMember2 has calendar entries for outstanding invitations and the CalendarOweners shared calendar

  1. GMember2 accepts the invitation via invitation mail accept button, action results in confirmation popups

  1. GMember1 (event organizer) receives a mail that GMember2 accepted the invitation but the calendar with this event could not be found

  1. GMember1 can see the event in his calendars as element of the calendar of CalendarOwner and element of the subscribed calendar of this

  1. details view available on GMember1 subscribed shared calendar

Now there are some aspects not working as expected:

  • "3a." CalendarOwner needs to see the event as outstanding invitations and as element of his with the group shared calendar
  • "4a." CalendarOwner needs to see the event as element of his with the group shared calendar where his status is accepted now
  • "8." because the ACL would grant permission to the shared calendar the calendar needs to be found and the event in it needs to be updated
  • "10." the action status of participants is as a result of "8." not updated in the events details

The VCALENDAR object of the organizer (as I understood this is stored in CalendarOwners shared calendar):

BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//Roundcube libcalendaring 1.1.5//Sabre//Sabre VObject 2.1.3//EN
CALSCALE:GREGORIAN
BEGIN:VEVENT
UID:DC9BAF89370DDE6B7FD11DCF4D574CE5-5731AC39A868F3A5
DTSTAMP;VALUE=DATE-TIME:20160920T133217Z
LAST-MODIFIED;VALUE=DATE-TIME:20160920T131008Z
DTSTART;VALUE=DATE-TIME;TZID=Europe/Berlin:20160922T160000
DTEND;VALUE=DATE-TIME;TZID=Europe/Berlin:20160922T163000
SUMMARY:Test Dirk kreiert Termin in Ada Sams Kalender der für Gruppe ITM-B
 14 freigegeben ist
SEQUENCE:0
TRANSP:OPAQUE
ATTENDEE;CN=Claudia  Marschner;PARTSTAT=NEEDS-ACTION;ROLE=REQ-PARTICIPANT;C
 UTYPE=INDIVIDUAL;RSVP=TRUE:mailto:claudia.marschner@domain.de
ATTENDEE;CN=Ada  Sams;PARTSTAT=ACCEPTED;ROLE=REQ-PARTICIPANT;CUTYPE=INDIVID
 UAL:mailto:ada.sams@domain.de
ATTENDEE;CN=Karl  Klammer;PARTSTAT=NEEDS-ACTION;ROLE=REQ-PARTICIPANT;CUTYPE
 =INDIVIDUAL;RSVP=TRUE:mailto:karl.klammer@domain.de
ORGANIZER;CN=Dirk Marschner:mailto:dirk.marschner@domain.de
END:VEVENT
BEGIN:VTIMEZONE
TZID:Europe/Berlin
X-MICROSOFT-CDO-TZID:4
BEGIN:STANDARD
DTSTART:20151025T010000
TZOFFSETFROM:+0200
TZOFFSETTO:+0100
TZNAME:CET
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:20160327T010000
TZOFFSETFROM:+0100
TZOFFSETTO:+0200
TZNAME:CEST
END:DAYLIGHT
BEGIN:STANDARD
DTSTART:20161030T010000
TZOFFSETFROM:+0200
TZOFFSETTO:+0100
TZNAME:CET
END:STANDARD
END:VTIMEZONE
END:VCALENDAR

Details

Ticket Type
Task

Event Timeline

OK, it was wrong that 3a. was wrong. The relevant time was just not in focus.


Here a screenshot of a later status but the event is available.

There were some related changes in git, some not packaged yet. I'll test git-master, to see if any of these issues can be still reproduced.

Tested and indeed there's a problem with this scenario. When handling an iTip we search for the event only in folders in personal and shared namespace. Here we have a folder in other user namespace. So, in [8] as well as in [6] the event cannot be found.

To support other users folders here we'd need to completely change the way how do we look for the event. We'd probably need to consider all writable folders and check the organizer. Additionally we may want to give the user possiblity to save the event to personal calendar (in [6]). This however, together with the kolab_delegation support in this context is not a simple fix.

ps. [4a] works for me.

vanmeeuwen lowered the priority of this task from 60 to Normal.Mar 28 2019, 8:12 AM