4 Replies Latest reply: Mar 7, 2012 11:02 AM by 901854 RSS

    RFE - Access rights (ACL) in Oracle Communication Server

    901854
      Hi,

      Using version 7u2-5 (./getVersion --> 7.2-5.06 20111214 Linux x86 32), i notice these facts.

      1) Support for read-free-busy
      This right is defined by the CALDAV RFC, but whenever i try to set it for a user, it is ignored.
      This feature was available using the WCAP service, so the users might expect it.

      2) ACL should reflect the rights for all users
      When i share a calendar for everyone (e.g for a room, everyone can read the calendar), when getting the ACL, it does not contains this access right, only the ace entries for specific users.

      (Why asking all this ? I'm working on an addon for calendar sharing)

      Anybody knows if these to RFE are planned in future releases ? Or any developer to reproduce it ?

      Thanks.
        • 1. Re: RFE - Access rights (ACL) in Oracle Communication Server
          Erwinr-Oracle
          I need a little more information:

          1) Support for read-free-busy
          How are you trying to set this?
          Free-busy rights are set on a user's account, not on their individual calendars. You should see the free-busy rights for a user when you use the get_accountprops wcap command.

          2) ACL should reflect the rights for all users
          How are you getting the ACL, via get_calprops wcap? If so, this will only show you the r/w rights to the calendar, not the free-busy rights.
          • 2. Re: RFE - Access rights (ACL) in Oracle Communication Server
            901854
            Hi,

            For the 1), you're right, i think i misread the description.

            For the 2), if you're the owner of a calendar, say /dav/home/user1@domain/Parties/

            If this Calendar is granting read to everyone + read-write for a specific user, you can run this:

            Method: PROPFIND
            URI : /dav/home/user1@domain/Parties/
            Depth: 0

            Data:
            <?xml version="1.0" encoding="utf-8"?>
            <D:propfind xmlns:D="DAV:">
            <D:prop>
            <D:acl/>
            </D:prop>
            </D:propfind>

            You should get the acl, but no ace entry for "D:authenticated" or "D:all" in it...do you ?

            Something like this :
            <D:response>
            <D:href>/dav/home/user1@domain/Parties/</D:href>
            <D:propstat>
            <D:prop>
            <D:acl>
            <D:ace>
            <D:principal>
            <D:href>/dav/principals/specific1@domain/</D:href>
            </D:principal>
            <D:grant>
            <D:privilege>
            <D:read/>
            </D:privilege>
            <!-- etc. with write-properties, write-content, unbind, bind -->
            </D:grant>
            </D:ace>
            </D:acl>
            </D:prop>
            <D:status>HTTP/1.1 200 OK</D:status>
            </D:propstat>
            </D:response>
            </D:multistatus>
            • 3. Re: RFE - Access rights (ACL) in Oracle Communication Server
              arnaudq
              I'm assuming that you are using only WebDAV ACL + CalDAV to get/set the acls.
              The trouble is that the WebDAV ACL specification is so flexible in the way that ACLs can be represented that so far not many clients are really making use of it, and when they are, it is in a different manner. As a consequence, you will find most server implementations incomplete at best.

              Now as far as your particular issues, they seem reasonable to fix.
              About the first one, we are talking about the privilege that is applied on the scheduling inbox, as defined in http://tools.ietf.org/html/draft-desruisseaux-caldav-sched-10#section-13.1.1.4 right ?

              Are you in a position to file two SR describing the exact commands that you are trying to send with their expected result so that they get fix for sure in update3 ?

              If you need a temporary workaround, you can use the wcapbis protocol for this type of operation.

              See https://wikis.oracle.com/display/CommSuite/set_calprops.wcap for setting read access and https://wikis.oracle.com/display/CommSuite/set_accountprops.wcap for setting freebusy access.

              One undocumented feature is that you can use pretty much the same url that you are using for caldav also for wcapbis, just changing dav prefix with a wcap prefix and appending the wcap command at the end of the uri.

              For example, if your original relative calendar uri looks like:

              /dav/home/arnaudq/calendar/

              you can use a uri like

              /wcap/home/arnaudq/calendar/get_calprops.wcap?httpauth=1&fmt-out=text/xml

              to get back the calendar properties of the calendar (i.e. no need for the calid or id parameters).
              • 4. Re: RFE - Access rights (ACL) in Oracle Communication Server
                901854
                Hi,

                Thank both of you for these hints.

                I'm using WebDAV and CALDAV, yes, i'd prefer to avoid specific code if i can, but if there's no other choice i'll have a look at wcap methods.

                Here is the unfinished module, in order to have an idea of what i get from the server.

                http://xul.addons.free.fr/caldav-share/

                Please keep in mind that it is not fully functional...