davis icon indicating copy to clipboard operation
davis copied to clipboard

Published 20 hours ago verified publisher icon tchapi

ACL Privileges for read-only user

Open djanpy opened this issue 4 years ago • 7 comments

Hi, how to can assign read-only permission in one user to consult default with uri adressbook other user?

Regards

djanpy avatar Mar 02 '21 19:03 djanpy

Hi I'm not sure that this is possible in sabre/dav at the moment, but if you have any info that it is, please share so I can have a look

tchapi avatar Mar 03 '21 09:03 tchapi

Hi @tchapi,

Let me explain what I want to do:

I currently have a CardDav server that I have implemented based on your Davis project, I have created an admin user with d:all permissions (isAdmin), now I would need to create another read-only user (d:read) to use the admin user's address book or a new one, but read-only.

Currently, accessing with the user (not admin and not adressbook owner) I get this error:

imagen

How could I implement read permissions (d:read) to a user? I can touch the code of the project, but I don't know very well where it assigns those permissions?

Regards

djanpy avatar Mar 05 '21 16:03 djanpy

I understand what you want to do, but the underlying sabre/dav library does not support it (yet?). There are some issues about it (like https://github.com/sabre-io/dav/issues/1052) on their repo.

I'm not sure that it's easy to implement, but if you want to give it a try ...

tchapi avatar Mar 08 '21 08:03 tchapi

Might be related: #105

tchapi avatar Aug 15 '23 20:08 tchapi

Maybe a strange question, but has this feature already been developed? I understand the basics of ticket https://github.com/sabre-io/dav/issues/1052#issuecomment-831679747 that you should return 403 error when user is not allowed to edit. Seems like a workable solution? Can you give a detailed explanation of how I should implement read only state in your code?

DevSysEngineer avatar Oct 21 '23 17:10 DevSysEngineer

It hasn't, as far as I know; But I'm a bit wary of touching permission-related code in Davis (rather than in sabre/dav, where it should be implemented) as it's generally laborious (see https://github.com/tchapi/davis/pull/105 on a different subject, it's a pain to have it working, circumventing the limitations of sabre/dav).

I have not looked at the proposed workaround tbh and it's not likely I will have the time to do so, but please feel free to submit something and we can have a look from there.

tchapi avatar Oct 21 '23 18:10 tchapi

@djanpy 👋🏼 Now that #105 is merged and released, does it fix your original issue?

tchapi avatar Dec 12 '23 20:12 tchapi