search

owncloud / calendar

Calendar app for ownCloud
GNU Affero General Public License v3.0
121 stars 43 forks source link

Calendars from other Users with read only permission are shared as writable via caldav #332

Closed melo1 closed 8 years ago

melo1 commented 8 years ago

Steps to reproduce

  1. Share calendar to another user without write permission
  2. As the other user Access your calendars via caldav

    Expected behaviour

The read only calendars should be shared as read only.

This was already fixed with 8.0.x I was not using 8.1.x and 8.2.x because of the problem and no reaction of the team due to my issue reports in the past.

Actual behaviour

The read only calendar should be synced as read only so that the client does not offer the possibility to write an item to it.

Server configuration

Operating system: Debian 8.3

Web server: Nginx 1.9.5

Database: MariaDB 5.5.44

PHP version: 5.5.31

ownCloud version: (see ownCloud admin page) 9.0.0

Calendar version: (see ownCloud apps page) 1.0

Updated from an older ownCloud or fresh install: updated

Signing status (ownCloud 9.0 and above):

No errors have been found.

Login as admin user into your ownCloud and access 
http://example.com/index.php/settings/integrity/failed 
paste the results here.

List of activated apps:

Enabled:

If you have access to your command line run e.g.:
sudo -u www-data php occ app:list
from within your ownCloud installation folder

The content of config/config.php:

"system": {
    "instanceid": "5190d5dc535b7",
    "passwordsalt": "***REMOVED SENSITIVE VALUE***",
    "datadirectory":  "***REMOVED SENSITIVE VALUE***",
    "overwritehost":  "***REMOVED SENSITIVE VALUE***",
    "overwritewebroot": "\/owncloud",
    "overwrite.cli.url":  "***REMOVED SENSITIVE VALUE***",
    "skeletondirectory": "",
    "appstoreenabled": true,
    "appstoreurl": "https:\/\/api.owncloud.com\/v1",
    "apps_paths": [
        {
            "path":  "***REMOVED SENSITIVE VALUE***",
            "url": "\/apps",
            "writable": true
        }
    ],
    "appcodechecker": false,
    "dbtype": "mysql",
    "dbname": "owncloud",
    "dbuser": "***REMOVED SENSITIVE VALUE***",
    "dbpassword": "***REMOVED SENSITIVE VALUE***",
    "dbhost":  "***REMOVED SENSITIVE VALUE***",
    "dbtableprefix": "oc_",
    "version": "9.0.0.19",
    "installed": true,
    "forcessl": true,
    "theme": "",
    "maintenance": false,
    "memcache.local": "\\OC\\Memcache\\APCu",
    "loglevel": "3",
    "mail_smtpmode": "smtp",
    "mail_smtphost": "sslout.df.eu",
    "mail_smtpport": "465",
    "trusted_domains": [
         "***REMOVED SENSITIVE VALUE***"
    ],
    "mail_from_address": "owncloud",
    "mail_domain":  "***REMOVED SENSITIVE VALUE***",
    "mail_smtpsecure": "ssl",
    "mail_smtpauth": 1,
    "mail_smtpname": "***REMOVED SENSITIVE VALUE***",
    "mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
    "secret": "***REMOVED SENSITIVE VALUE***",
    "forceSSLforSubdomains": true,
    "hashingCost": 10,
    "defaultapp": "files",
    "knowledgebaseenabled": false,
    "enable_avatars": true,
    "allow_user_to_change_display_name": true,
    "remember_login_cookie_lifetime": 1296000,
    "session_lifetime": 86400,
    "session_keepalive": true,
    "trashbin_retention_obligation": "30, auto, auto",
    "updatechecker": true,
    "has_internet_connection": true,
    "check_for_working_webdav": true,
    "check_for_working_htaccess": false,
    "config_is_read_only": false,
    "log_type": "owncloud",
    "logfile":  "***REMOVED SENSITIVE VALUE***",
    "logdateformat": "F d, Y H:i:s",
    "log_query": false,
    "cron_log": false,
    "log_rotate_size": false,
    "enable_previews": true,
    "preview_max_scale_factor": 10,
    "preview_max_filesize_image": 50,
    "enabledPreviewProviders": [
        "OC\\Preview\\Image",
        "OC\\Preview\\MP3",
        "OC\\Preview\\TXT",
        "OC\\Preview\\MarkDown"
    ],
    "xframe_restriction": true,
    "cipher": "AES-256-CFB",
    "filesystem_check_changes": 1,
    "asset-pipeline.enabled": false,
    "assetdirectory": "***REMOVED SENSITIVE VALUE***",
    "mount_file": "data\/mount.json",
    "filesystem_cache_readonly": false,
    "custom_csp_policy": "default-src 'self'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-src *; img-src *; font-src 'self' data:; media-src *; connect-src *",
    "forwarded_for_headers": [
        "HTTP_X_FORWARDED",
        "HTTP_FORWARDED_FOR"
    ],
    "max_filesize_animated_gifs_public_sharing": 10,
    "appstore.experimental.enabled": false
},
"apps": {
    "activity": {
        "enabled": "no",
        "installed_version": "1.2.2",
        "types": "filesystem"
    },
    "backgroundjob": {
        "lastjob": "12"
    },
    "calendar": {
        "enabled": "yes",
        "installed_version": "1.0",
        "ocsid": "168707",
        "types": ""
    },
    "comments": {
        "enabled": "no",
        "installed_version": "0.2",
        "types": "logging"
    },
    "contacts": {
        "enabled": "yes",
        "installed_version": "1.0.0.0",
        "ocsid": "168708",
        "types": ""
    },
    "core": {
        "global_cache_gc_lastrun": "1458025731",
        "incoming_server2server_share_enabled": "no",
        "installedat": "1446039273.7023",
        "lastupdateResult": "{\"version\":{},\"versionstring\":{},\"url\":{},\"web\":{}}",
        "lastupdatedat": "1458139021",
        "oc.integritycheck.checker": "[]",
        "outgoing_server2server_share_enabled": "no",
        "public_caldav": "calendar\/share.php",
        "public_calendar": "calendar\/share.php",
        "public_files": "files_sharing\/public.php",
        "public_gallery": "gallery\/public.php",
        "public_webdav": "dav\/appinfo\/v1\/publicwebdav.php",
        "remote_caldav": "dav\/appinfo\/v1\/caldav.php",
        "remote_calendar": "dav\/appinfo\/v1\/caldav.php",
        "remote_carddav": "dav\/appinfo\/v1\/carddav.php",
        "remote_contacts": "dav\/appinfo\/v1\/carddav.php",
        "remote_dav": "dav\/appinfo\/v2\/remote.php",
        "remote_files": "dav\/appinfo\/v1\/webdav.php",
        "remote_webdav": "dav\/appinfo\/v1\/webdav.php",
        "repairlegacystoragesdone": "yes",
        "shareapi_allow_mail_notification": "yes",
        "shareapi_allow_public_notification": "yes",
        "shareapi_allow_public_upload": "no",
        "shareapi_allow_resharing": "no",
        "shareapi_exclude_groups": "no",
        "shareapi_exclude_groups_list": ""
    },
    "dav": {
        "enabled": "yes",
        "installed_version": "0.1.5",
        "types": "filesystem"
    },
    "federatedfilesharing": {
        "enabled": "yes",
        "installed_version": "0.1.0",
        "types": ""
    },
    "federation": {
        "enabled": "no",
        "installed_version": "0.0.4",
        "types": "authentication"
    },
    "files": {
        "cronjob_scan_files": "500",
        "default_quota": "5 GB",
        "enabled": "yes",
        "installed_version": "1.4.4",
        "types": "filesystem"
    },
    "files_locking": {
        "enabled": "no",
        "installed_version": "",
        "types": "filesystem"
    },
    "files_pdfviewer": {
        "enabled": "no",
        "installed_version": "0.7",
        "ocsid": "166049",
        "types": ""
    },
    "files_sharing": {
        "enabled": "yes",
        "incoming_server2server_share_enabled": "no",
        "installed_version": "0.9.1",
        "outgoing_server2server_share_enabled": "no",
        "types": "filesystem"
    },
    "files_texteditor": {
        "enabled": "no",
        "installed_version": "0.4",
        "ocsid": "166051",
        "types": ""
    },
    "files_trashbin": {
        "enabled": "yes",
        "installed_version": "0.8.0",
        "types": "filesystem"
    },
    "files_versions": {
        "enabled": "yes",
        "installed_version": "1.2.0",
        "types": "filesystem"
    },
    "files_videoplayer": {
        "enabled": "no",
        "installed_version": "0.9.8",
        "types": ""
    },
    "files_videoviewer": {
        "enabled": "no",
        "installed_version": "0.1.3",
        "ocsid": "166054",
        "types": ""
    },
    "firstrunwizard": {
        "enabled": "no",
        "installed_version": "1.1",
        "ocsid": "166055",
        "types": ""
    },
    "gallery": {
        "enabled": "no",
        "installed_version": "0.6.1",
        "types": ""
    },
    "notifications": {
        "enabled": "yes",
        "installed_version": "0.2.3",
        "types": "logging"
    },
    "ownnote": {
        "enabled": "yes",
        "installed_version": "1.07",
        "types": ""
    },
    "provisioning_api": {
        "enabled": "no",
        "installed_version": "0.2",
        "types": "filesystem"
    },
    "systemtags": {
        "enabled": "no",
        "installed_version": "0.2",
        "types": "logging"
    },
    "templateeditor": {
        "enabled": "no",
        "installed_version": "0.1",
        "types": ""
    },
    "updatenotification": {
        "enabled": "yes",
        "installed_version": "0.1.0",
        "types": ""
    },
    "updater": {
        "enabled": "no",
        "installed_version": "0.4.1",
        "types": ""
    }
}
If you have access to your command line run e.g.:
sudo -u www-data php occ config:list system
from within your ownCloud installation folder

or 

Insert your config.php content here
(Without the database password, passwordsalt and secret)

Are you using external storage, if yes which one: local/smb/sftp/...

Are you using encryption: yes/no

no

Are you using an external user-backend, if yes which one: LDAP/ActiveDirectory/Webdav/...

no

Client configuration

CalDAV-clients:

Android with CalDav-Sync or DAVdroid - doesn't matter

Logs

ownCloud log (data/owncloud.log)

Insert your ownCloud log here

no entries

georgehrke commented 8 years ago

caldav issue -> please report in https://github.com/owncloud/core/issues