View Issue Details

IDProjectCategoryView StatusLast Update
0003283SOGoBackend Address Bookpublic2015-07-17 09:23
ReporterMarten Gajda Assigned To 
PrioritynormalSeverityminorReproducibilityalways
Status newResolutionopen 
Product Version2.3.0 
Summary0003283: (read-only) Addressbook reports DAV:all privilege
Description

Doing a propfind for current-user-privilege-set on a read-only address book returns DAV:all property.

According to https://tools.ietf.org/html/rfc3744#section-5.4 the privilege set must contain all aggregated privileges. So the response should either not list DAV:all or it should also list all missing privileges.

Steps To Reproduce

Set the following request:

curl -X PROPFIND -u sogo3:sogo3 -H "content-type: application/xml" -H "Depth: 0" -d "<?xml version='1.0' encoding='utf-8' ?><B:propfind xmlns:A=\"http://calendarserver.org/ns/\&quot; xmlns:B=\"DAV:\"><B:prop><B:supported-report-set /><B:displayname /><B:current-user-privilege-set /><A:getctag /><B:sync-token /></B:prop></B:propfind>" http://sogo-demo.inverse.ca/SOGo/dav/sogo3/Contacts/public/ | xmllint -format -

The response contains D:all when it shouldn't.

TagsNo tags attached.

Activities

There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2015-07-17 09:23 Marten Gajda New Issue