DAV ACL question

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

DAV ACL question

Ken Murchison
Folks,

Still a relative DAV newbie and trying to wrap my head around RFC 3744.
  If I have an implementation where DAV:read-current-user-privilege-set
can not be split from DAV:read, and DAV:read-acl, DAV:write-acl,
DAV:unlock can not be separated from one another, is the response below
correct?

I have DAV:read-current-user-privilege-set as abstract under DAV:read,
and I have DAV:read-acl, DAV:write-acl, DAV:unlock all as abstract under
a private aggregate right CYRUS:admin.

Actually, looking at this again, since all of the member privileges
contained in the DAV:write aggregate have been granted to the current
user, should DAV:write also be listed?


<?xml version="1.0" encoding="utf-8"?>
<D:multistatus xmlns:D="DAV:" xmlns:C="urn:ietf:params:xml:ns:caldav"
               xmlns:CY="http://cyrusimap.org/ns/">
   <D:response>
     <D:href>/calendars/user/ken/events/</D:href>
     <D:propstat>
       <D:status>HTTP/1.1 200 OK</D:status>
       <D:prop>
         <D:supported-privilege-set>
           <D:supported-privilege>
             <D:privilege><D:all/></D:privilege>
             <D:abstract/>
             <D:description xml:lang="en">
              Any operation</D:description>
             <D:supported-privilege>
               <D:privilege><D:read/></D:privilege>
               <D:description xml:lang="en">
                Read any object</D:description>
               <D:supported-privilege>
                 <D:privilege>
                  <D:read-current-user-privilege-set/></D:privilege>
                 <D:abstract/>
                 <D:description xml:lang="en">
                  Read current user privilege set property
                </D:description>
               </D:supported-privilege>
               <D:supported-privilege>
                 <D:privilege><C:read-free-busy/></D:privilege>
                 <D:description xml:lang="en">
                  Read free/busy time</D:description>
               </D:supported-privilege>
             </D:supported-privilege>
             <D:supported-privilege>
               <D:privilege><D:write/></D:privilege>
               <D:description xml:lang="en">
                Write any object</D:description>
               <D:supported-privilege>
                 <D:privilege><D:bind/></D:privilege>
                 <D:description xml:lang="en">
                  Add new member to collection</D:description>
               </D:supported-privilege>
               <D:supported-privilege>
                 <D:privilege><D:unbind/></D:privilege>
                 <D:description xml:lang="en">
                  Remove member from collection</D:description>
               </D:supported-privilege>
               <D:supported-privilege>
                 <D:privilege><D:write-properties/></D:privilege>
                 <D:description xml:lang="en">
                  Write properties</D:description>
               </D:supported-privilege>
               <D:supported-privilege>
                 <D:privilege><D:write-content/></D:privilege>
                 <D:description xml:lang="en">
                  Write resource content</D:description>
               </D:supported-privilege>
             </D:supported-privilege>
             <D:supported-privilege>
               <D:privilege><CY:admin/></D:privilege>
               <D:description xml:lang="en">
                Perform administrative operations</D:description>
               <D:supported-privilege>
                 <D:privilege><D:read-acl/></D:privilege>
                 <D:abstract/>
                 <D:description xml:lang="en">
                  Read ACL</D:description>
               </D:supported-privilege>
               <D:supported-privilege>
                 <D:privilege><D:write-acl/></D:privilege>
                 <D:abstract/>
                 <D:description xml:lang="en">
                  Write ACL</D:description>
               </D:supported-privilege>
               <D:supported-privilege>
                 <D:privilege><D:unlock/></D:privilege>
                 <D:abstract/>
                 <D:description xml:lang="en">
                  Unlock resource</D:description>
               </D:supported-privilege>
             </D:supported-privilege>
           </D:supported-privilege>
         </D:supported-privilege-set>
         <D:current-user-privilege-set>
           <D:privilege><D:read/></D:privilege>
           <D:privilege><C:read-free-busy/></D:privilege>
           <D:privilege><D:bind/></D:privilege>
           <D:privilege><D:unbind/></D:privilege>
           <D:privilege><D:write-properties/></D:privilege>
           <D:privilege><D:write-content/></D:privilege>
           <D:privilege><CY:admin/></D:privilege>
         </D:current-user-privilege-set>
       </D:prop>
     </D:propstat>
   </D:response>
</D:multistatus>


--
Kenneth Murchison
Principal Systems Software Engineer
Carnegie Mellon University