Ticket #1649 (new defect)

Opened 13 years ago

Last modified 10 years ago

WebDAV access does not take care of per event permissions.

Reported by: lregebro Owned by: fguillaume
Priority: P2 Milestone: CPS 3.5.7
Component: CPSSharedCalendar Version: 3.4.1
Severity: normal Keywords:
Cc:

Description

Per event permission are currently not taken care of, which means you can modify meetings even though you are not the event organizer via WebDAV. Normally, only the event organizer can modify the event, but WebDAV modification is an all or nothing event.

Fixing this requires us to somehow hook into the iCalendar import and check what type of modifications is done, and check the access rights for each type of modification for each event. There is also the issue of what to do if you have done several modifications, but only one of them are unallowed. Skip all, or pretend everything is fine, but just not do the unallowed changes?

Change History

comment:1 Changed 10 years ago by gracinet

  • Component changed from CPS (global) to CPSSharedCalendar
Note: See TracTickets for help on using tickets.