Closed pkoevesdi closed 12 months ago
Rilele
commented
12 months ago For infcloud it is important that users can read the root and the user collection.
Try it like this:
[admin]
user: admin
collection: .*
permissions: RrWw
[root]
user: .+
collection:
permissions: R
[user]
user: .+
collection: {user}
permissions: R
[jederseins]
user: .+
collection: {user}/[^/]+
permissions: Rr 
pkoevesdi
commented
12 months ago Sadly, this doesn't work, with this a tested user can still access a different user's address book via carddav. I think, it's because
[root]
user: .+
collection:
permissions: RI also tried to put it in the end, doesn't change. If I leave out this section, the carddav behaviour is fine again (every user only his own address book), but login in infcloud fails again.
pkoevesdi
commented
12 months ago Oh, I must correct myself, I had a bad test tool: I used cardBook in thunderbird to check only for login. It shows up, that login on the other users address book url is possible, but retrieveing it fails. There seems to be some automatism, that cardBook looks up the tree, if the full url is not allowed. And if there a login was possible, it gave me this wrong-positive feedback. So, I tried it with curl and it seems, the behaviour is as wanted now, thank You very much!
I want to have users able to read access their own address book via carddav and infcloud webgui and an admin who can read and write all address books (at least via carddav protocol). So I made this rights file which does what I want in terms of carddav:
Every user can only access his own address book via carddav, and readonly, and the admin can access all of them and read and write. So far so good. The problem: the users except
admincannot login via infcloud. So I tested with these rights:Now, everything works as expected in infcloud. But, of couse, the users can access the other user's address books as well via carddav. So, what's the correct rights to set to achieve the same behaviour for carddav and infcloud?