[Tickets #6617] Problem with invitations and WebDAV

[bugs at horde.org]

DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.

Ticket URL: http://bugs.horde.org/ticket/6617
-----------------------------------------------------------------------
 Ticket             | 6617
 Created By         | almarin at um.es
 Summary            | Problem with invitations and WebDAV
 Queue              | Kronolith
 Version            | HEAD
 Type               | Bug
 State              | Unconfirmed
 Priority           | 2. Medium
 Milestone          |
 Patch              |
 Owners             |
-----------------------------------------------------------------------


almarin at um.es (2008-04-17 07:04) wrote:

I have detected this problem with invitations and WebDAV publishing:

User_A creates an event with UID_A in calendar_A, and he invites to
User_B.

User_B has Lightning pointing to Calendar_B throw WebDAV. After accept,
Lightning try to publish event with UID_A in Calendar_B, but nothing
happen. What is going on?

After have a look at code, in api.php: _kronolith_put, line 476 we have:

$existing_event = &$kronolith_driver->getByUID($uid);
if (!is_a($existing_event, 'PEAR_Error')) {
   // Entry exists.
   if (($existing_event->isPrivate() &&
      $existing_event->getCreatorId() != Auth::getAuth()) ||
      !$existing_event->hasPermission(PERMS_EDIT)) {
      continue;
   }

In the scenario described:
- Kronolith tries to find an event with UID_A, and it exists because was
created by User_A in Calendar_A.
- $existing_event->hasPermission(PERMS_EDIT) fails because User_B doesn't
have permission on Calendar_A, but User_B doesn't want to edit Calendar_A.
User_B only wants to create an event with UID_A in Calendar_B.

I think that !$existing_event->hasPermission(PERMS_EDIT) should be
removed, but i don't really know the real implications. That condition was
added in version 1.212 of api.php, with others. I think a similar behaviour
should occurs in _kronolith_import.