[kronolith] Limiting the creation of Remote Calendars

Jan Schneider jan at horde.org
Fri Nov 17 21:04:02 UTC 2017 

Zitat von Jens Wahnes <wahnes at uni-koeln.de>:

> Is there a way to control as admin what kind of remote calenders  
> users may create?  I could not find any hooks in Kronolith for this.  
>  There seem to be no "Permissions" for this either.  For example,  
> one cannot set a permission to e.g. limit the number of remote  
> calendars that a certain user can create.
>
> Did I miss something obvious?  Or is there really no way to restrain  
> user actions with regard to remote calendars?
>
> There is one thing in particular that I would like to do: check the  
> URL of a remote calendar entered by a user via the web interface and  
> reject it if it fails some test (e.g. a regular expression check).   
> Is there any way to do this?  If I were to set
>
> $_prefs['remote_cals']['hook'] = true;
>
> in kronolith/config/prefs.local.php, would that help?  If so, how  
> would I control the allowed values of that pref?

You could set the on_change property of that pref to a function that  
checks the pref value and then resets it to a different value if  
necessary. Though I'm not sure if that wouldn't create an infinite  
loop. Worth a try.

> The problem at hand at our site is that users enter nonsense URLs as  
> "remote calendars" and the Horde server then queries these URLs.  
> However, these websites do not offer CalDAV/ICS calendars but just  
> webbased calenders to be viewed through a browser.  To the remote  
> websites, it looks like the Horde server is the origin of lots of  
> strange HTTP requests (i.e. REPORT or PROPFIND) that they find  
> disturbing.
>
> The only way around this that I can see currently is to use Horde's  
> proxy settings to have the remote calendar URLs fetched through a  
> proxy server.  That way, I could add restrictions in the proxy  
> server so that certain URLs will never be fetched.  But that is  
> rather ugly, as it only limits the nuisance for the remote server  
> operators.  The users that entered the nonsense URL do not receive  
> any notice about this and may even get angry that their remote  
> calendar is "not working".  So I'd rather reject the creation of  
> nonsense remote calendars in the first place.
>
>
> Jens



-- 
Jan Schneider
The Horde Project
https://www.horde.org/

More information about the kronolith mailing list