View Issue Details

IDProjectCategoryView StatusLast Update
0003180SOGoActiveSyncpublic2016-11-21 15:47
Reporterc.mammoli Assigned Toludovic  
PrioritynormalSeverityminorReproducibilityalways
Status resolvedResolutionfixed 
Platform[Server] LinuxOSRHEL/CentOSOS Version6
Product Version2.2.17 
Fixed in Version3.2.2 
Summary0003180: Subscribed addressbooks are synchronized via EAS only if user has all permissions on it
Description

User foo has:
Personal addressbook
User foo addressbook subscribed (read only)

On any activesync user's bar addressbook are not synchronized

If user bar gives to user foo all permissions on his addressbook (read, modify, delete, add) then user foo can see user bar contact via activesync

Steps To Reproduce

User bar:
create an additional addressbook
share the addressbook with user foo with read permission only

User foo:
Subscribe user bar addressbook

On activesync device
Add user foo account
Notice that only user foo personal addressbook is synchronized
Delete ActiveSync account

User bar:
give to user foo all permission on the shared addressbook

On activesync device
Add user foo account
Notice that all contacts are synchronized (user foo and user bar ones)

TagsNo tags attached.

Relationships

related to 0003118 resolvedludovic ActiveSync does not enforce permissions 
has duplicate 0003892 closedludovic Subscribed calendars (shared) doesnt sync with iPhone even if Synchronize enabled 

Activities

c.mammoli

c.mammoli

2015-04-28 08:16

reporter   ~0008433

In SOGoActiveSyncDispatcher.m line 932 there is a comment stating:
// Inside this loop we remove all the folder without write/delete permissions

I didn't look at all the code and by far I'm not able to understand it, but wht's the point of this loop?

c.mammoli

c.mammoli

2015-04-29 11:34

reporter   ~0008438

Additional infos:
The user need all permission on the shared addressbooks ONLY at the time the EAS client is enrolled:

Steps to reproduce:
As user foo share an addressbook with user bar only granting read permissions
As user bar subscribe the folder
As user bar enroll a device with EAS
Notice that contacts in the shared addressbook are not present
Run sogo-tool manage-eas listfolders bar <androidID>
Notice that the shared folder is not present

Remove the EAS account on the phone
As user foo grant all permissions on the shared addressbook to user bar
As user bar enroll a device with EAS
Notice that contacts in the shared addressbook ARE present
Run sogo-tool manage-eas listfolders bar <androidID>
Notice that the shared folder IS present

As user foo revoke write permission on the shared addressbook
Add a contact in the shared addressbook
As user bar trigger a sync on the phone
Notice that the new contact is synced

ludovic

ludovic

2016-11-21 15:47

administrator   ~0010896

Fixed with: https://github.com/inverse-inc/sogo/commit/f7c44863709a74b070407f6259e622bfdd8c08b2

Issue History

Date Modified Username Field Change
2015-04-24 07:27 c.mammoli New Issue
2015-04-28 08:16 c.mammoli Note Added: 0008433
2015-04-29 11:34 c.mammoli Note Added: 0008438
2016-11-15 13:24 francis Relationship added has duplicate 0003892
2016-11-21 15:47 ludovic Note Added: 0010896
2016-11-21 15:47 ludovic Status new => resolved
2016-11-21 15:47 ludovic Fixed in Version => 3.2.2
2016-11-21 15:47 ludovic Resolution open => fixed
2016-11-21 15:47 ludovic Assigned To => ludovic
2016-11-21 15:47 ludovic Relationship added related to 0003118