[Tickets #10470] Re: full creator permissions on a calendar "all authenticated" can show+read does not imply add privileges
bugs at horde.org
bugs at horde.org
Thu Apr 12 12:01:39 UTC 2012
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: http://bugs.horde.org/ticket/10470
------------------------------------------------------------------------------
Ticket | 10470
Updated By | gimili17 at gmail.com
Summary | full creator permissions on a calendar "all
| authenticated" can show+read does not imply add
| privileges
Queue | Kronolith
Version | 3.0.7
Type | Bug
State | Assigned
Priority | 1. Low
Milestone |
Patch |
Owners | Jan Schneider, Horde Developers
------------------------------------------------------------------------------
gimili17 at gmail.com (2012-04-12 12:01) wrote:
OK I just tested kronolith 3.0.16 traditional view and with
Authenticated Users: show, read, delegate
Creator as show, read, edit, delete, delegate
Result: Nobody can add new events.
With
Authenticated Users: show, read, *edit*, delegate
Creator as show, read, edit, delete, delegate
Result: users can now create new events and only delete events that
they own. The problem is users can still edit events that they did
not create yet if I remove the edit for authenticated users then they
can't create any events.
Thanks for the suggestion Ralf as this is a big improvement as at
least users can no longer delete events that they did not create.
More information about the bugs
mailing list