View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0003283 | SOGo | Backend Address Book | public | 2015-07-17 13:23 | 2015-07-17 13:23 |
| Reporter | Marten Gajda | Assigned To | |||
| Priority | normal | Severity | minor | Reproducibility | always |
| Status | new | Resolution | open | ||
| Product Version | 2.3.0 | ||||
| Summary | 0003283: (read-only) Addressbook reports DAV:all privilege | ||||
| Description | Doing a propfind for current-user-privilege-set on a read-only address book returns DAV:all property. According to https://tools.ietf.org/html/rfc3744#section-5.4 the privilege set must contain all aggregated privileges. So the response should either not list DAV:all or it should also list all missing privileges. | ||||
| Steps To Reproduce | Set the following request: curl -X PROPFIND -u sogo3:sogo3 -H "content-type: application/xml" -H "Depth: 0" -d "<?xml version='1.0' encoding='utf-8' ?><B:propfind xmlns:A=\"http://calendarserver.org/ns/\" xmlns:B=\"DAV:\"><B:prop><B:supported-report-set /><B:displayname /><B:current-user-privilege-set /><A:getctag /><B:sync-token /></B:prop></B:propfind>" http://sogo-demo.inverse.ca/SOGo/dav/sogo3/Contacts/public/ | xmllint -format - The response contains D:all when it shouldn't. | ||||
| Tags | No tags attached. | ||||
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2015-07-17 13:23 | Marten Gajda | New Issue |
