Always grant 'DAV::read' privilege from principal to group members.

Some clients want to read the group principal before they're happy to access the group's calendar collections. This grants them the DAV::read privilege so they can do that. Also see: https://bugzilla.mozilla.org/show_bug.cgi?id=610087
2026-01-27 00:33:34 +00:00 · 2010-11-06 15:12:35 +13:00 · 2010-11-06 15:12:35 +13:00 · cd6a609ea2
commit cd6a609ea2
parent 0e9f299f45
7 changed files with 104 additions and 24 deletions
--- a/inc/CalDAVPrincipal.php
+++ b/inc/CalDAVPrincipal.php
@ -504,8 +504,12 @@ class CalDAVPrincipal
  * Return the privileges bits for the current session user to this resource
  */
  function Privileges() {
+    global $session;
    if ( !isset($this->privileges) ) $this->privileges = 0;
    if ( is_string($this->privileges) ) $this->privileges = bindec( $this->privileges );
+    if ( $this->_is_group && in_array(ConstructURL('/'.$session->username.'/'), $this->GroupMemberSet()) ) {
+      $this->privileges |=  privilege_to_bits( array('DAV::read', 'DAV::read-current-user-privilege-set') ); 
+    }
    return $this->privileges;
  }

--- a/testing/tests/regression-suite/0224-Moz-OPTIONS-principal.result
+++ b/testing/tests/regression-suite/0224-Moz-OPTIONS-principal.result
--- a/testing/tests/regression-suite/0224-Moz-OPTIONS-principal.test
+++ b/testing/tests/regression-suite/0224-Moz-OPTIONS-principal.test
@ -0,0 +1,9 @@
+#
+# Do an OPTIONS request against our own principal-URL
+#
+TYPE=OPTIONS
+URL=http://mycaldav/caldav.php/user1/
+
+HEADER=User-Agent: DAViCalTester/1.0
+
+HEAD
--- a/testing/tests/regression-suite/0225-Moz-OPTIONS-group-principal.result
+++ b/testing/tests/regression-suite/0225-Moz-OPTIONS-group-principal.result
--- a/testing/tests/regression-suite/0225-Moz-OPTIONS-group-principal.test
+++ b/testing/tests/regression-suite/0225-Moz-OPTIONS-group-principal.test
@ -0,0 +1,9 @@
+#
+# Do an OPTIONS request against the principal-URL of a group we are a member of
+#
+TYPE=OPTIONS
+URL=http://mycaldav/caldav.php/teamclient1/
+
+HEADER=User-Agent: DAViCalTester/1.0
+
+HEAD
--- a/testing/tests/regression-suite/0527-iCal-PROPFIND.result
+++ b/testing/tests/regression-suite/0527-iCal-PROPFIND.result
@ -1,18 +1,47 @@
-HTTP/1.1 403 Forbidden
+HTTP/1.1 207 Multi-Status
 Date: Dow, 01 Jan 2000 00:00:00 GMT
 DAV: 1, 2, 3, access-control, calendar-access, calendar-schedule
 DAV: extended-mkcol, calendar-proxy, bind, addressbook
-Content-Length: 216
+ETag: "1f0e016ecbd8566bc60b88a167178059"
+Content-Length: 1071
 Content-Type: text/xml; charset="utf-8"

 <?xml version="1.0" encoding="utf-8" ?>
-<error xmlns="DAV:">
- <need-privileges>
-  <resource>
-   <href>/caldav.php/resmgr1/</href>
-   <privilege>
-    <read/>
-   </privilege>
-  </resource>
- </need-privileges>
-</error>
+<multistatus xmlns="DAV:">
+ <response>
+  <href>/caldav.php/resmgr1/</href>
+  <propstat>
+   <prop>
+    <group-membership>
+     <href>/caldav.php/resource1/calendar-proxy-write/</href>
+     <href>/caldav.php/resource2/calendar-proxy-write/</href>
+    </group-membership>
+   </prop>
+   <status>HTTP/1.1 200 OK</status>
+  </propstat>
+ </response>
+ <response>
+  <href>/caldav.php/resmgr1/calendar-proxy-read/</href>
+  <propstat>
+   <prop>
+    <group-membership>
+     <href>/caldav.php/resource1/calendar-proxy-write/</href>
+     <href>/caldav.php/resource2/calendar-proxy-write/</href>
+    </group-membership>
+   </prop>
+   <status>HTTP/1.1 200 OK</status>
+  </propstat>
+ </response>
+ <response>
+  <href>/caldav.php/resmgr1/calendar-proxy-write/</href>
+  <propstat>
+   <prop>
+    <group-membership>
+     <href>/caldav.php/resource1/calendar-proxy-write/</href>
+     <href>/caldav.php/resource2/calendar-proxy-write/</href>
+    </group-membership>
+   </prop>
+   <status>HTTP/1.1 200 OK</status>
+  </propstat>
+ </response>
+</multistatus>
--- a/testing/tests/regression-suite/0528-iCal-PROPFIND.result
+++ b/testing/tests/regression-suite/0528-iCal-PROPFIND.result
@ -1,18 +1,47 @@
-HTTP/1.1 403 Forbidden
+HTTP/1.1 207 Multi-Status
 Date: Dow, 01 Jan 2000 00:00:00 GMT
 DAV: 1, 2, 3, access-control, calendar-access, calendar-schedule
 DAV: extended-mkcol, calendar-proxy, bind, addressbook
-Content-Length: 216
+ETag: "1f0e016ecbd8566bc60b88a167178059"
+Content-Length: 1071
 Content-Type: text/xml; charset="utf-8"

 <?xml version="1.0" encoding="utf-8" ?>
-<error xmlns="DAV:">
- <need-privileges>
-  <resource>
-   <href>/caldav.php/resmgr1/</href>
-   <privilege>
-    <read/>
-   </privilege>
-  </resource>
- </need-privileges>
-</error>
+<multistatus xmlns="DAV:">
+ <response>
+  <href>/caldav.php/resmgr1/</href>
+  <propstat>
+   <prop>
+    <group-membership>
+     <href>/caldav.php/resource1/calendar-proxy-write/</href>
+     <href>/caldav.php/resource2/calendar-proxy-write/</href>
+    </group-membership>
+   </prop>
+   <status>HTTP/1.1 200 OK</status>
+  </propstat>
+ </response>
+ <response>
+  <href>/caldav.php/resmgr1/calendar-proxy-read/</href>
+  <propstat>
+   <prop>
+    <group-membership>
+     <href>/caldav.php/resource1/calendar-proxy-write/</href>
+     <href>/caldav.php/resource2/calendar-proxy-write/</href>
+    </group-membership>
+   </prop>
+   <status>HTTP/1.1 200 OK</status>
+  </propstat>
+ </response>
+ <response>
+  <href>/caldav.php/resmgr1/calendar-proxy-write/</href>
+  <propstat>
+   <prop>
+    <group-membership>
+     <href>/caldav.php/resource1/calendar-proxy-write/</href>
+     <href>/caldav.php/resource2/calendar-proxy-write/</href>
+    </group-membership>
+   </prop>
+   <status>HTTP/1.1 200 OK</status>
+  </propstat>
+ </response>
+</multistatus>