View Issue Details

IDProjectCategoryView StatusLast Update
0004822SOGoBackend Address Bookpublic2019-10-28 13:41
Reportererwint Assigned To 
PrioritynormalSeverityminorReproducibilityalways
Status newResolutionopen 
Platform[Server] LinuxOSDebianOS Version8 (Jessie)
Product Version4.0.8 
Summary0004822: Calender advertises wrong ACL for shared address books
Description

When addressbooks are shared, the ACLs are advertised wrongly. It will report a current-user-privilege-set with "write" (and some others), but not "read".

According to https://tools.ietf.org/html/rfc3744#section-3.12 this is wrong, and will make e.g. TBSync skip the shared address book (there is now a workaround in the latest beta, though, see https://github.com/jobisoft/DAV-4-TbSync/issues/114)

This might also be the problem of 0001981 and 0003333

BTW: for calendars this is done correctly

Steps To Reproduce
  • Share addressbook of user A with user B
  • Use Thunderbird with TBSync to connect to SOGo with user B
    -> only the personal addressbook of user B and GAL are discovered, the shared addressbook of user A is missing
TagsNo tags attached.

Activities

erwint

erwint

2019-10-17 21:48

reporter   ~0013831

Even worse, for readonly shared addressbooks no ACL is advertised at all:

<D:response>
<D:href>/SOGo/dav/XXXX/Contacts/YYYY/</D:href>
<D:propstat>
<D:status>HTTP/1.1 200 OK</D:status>
<D:prop>
<D:current-user-privilege-set xmlns:D="DAV:"></D:current-user-privilege-set>
<D:resourcetype>
<D:collection/>
<vcard-collection xmlns="http://groupdav.org/&quot;/>
<addressbook xmlns="urn:ietf:params:xml:ns:carddav"/>
</D:resourcetype>
<D:displayname>ZZZZ</D:displayname>
</D:prop>
</D:propstat>
</D:response>

Issue History

Date Modified Username Field Change
2019-09-23 11:31 erwint New Issue
2019-10-17 21:48 erwint Note Added: 0013831