[Bug 310734] New: Akonadi DAV resource doesn't react on 403 errors
Thomas Tanghus
thomas at tanghus.net
Mon Nov 26 21:00:41 GMT 2012
https://bugs.kde.org/show_bug.cgi?id=310734
Bug ID: 310734
Severity: normal
Version: 4.9
Priority: NOR
Assignee: kdepim-bugs at kde.org
Summary: Akonadi DAV resource doesn't react on 403 errors
Classification: Unclassified
OS: Linux
Reporter: thomas at tanghus.net
Hardware: Other
Status: UNCONFIRMED
Component: DAV Resource
Product: Akonadi
When trying to delete a contact from a shared ownCloud addressbook, Akonadi
believes it is deleted even though the response clearly indicates it is
forbidden.
Reproducible: Always
Steps to Reproduce:
Delete a contact from a shared ownCloud addressbook that doesn't have
OCP\PERMISSION_DELETE, watch in the access log that the response is a 403.
Actual Results:
The contact is removed from Akonadi cache.
Expected Results:
The user should get an appropriate error message.
This is against ownCloud master branch, so results may vary. In 4.5 it was
possible to delete a resource even though the addressbook only had
PERMISSION_UPDATE.
Example URL:
DELETE
/owncloud/remote.php/carddav/addressbooks/test1/contacts_shared_by_test2/C52B52A4-8EA0-0001-2E8C-C89095241A13.vcf
Response:
HTTP/1.1 403 Forbidden
Date: Mon, 26 Nov 2012 20:32:34 GMT
Server: Apache/2.2.22 (Ubuntu)
(snipped)
Content-Length: 602
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/xml; charset=utf-8
Response body:
<?xml version="1.0" encoding="utf-8"?>
<d:error xmlns:d="DAV:" xmlns:s="http://sabredav.org/ns">
<s:exception>Sabre_DAVACL_Exception_NeedPrivileges</s:exception>
<s:message>User did not have the required privileges ({DAV:}unbind) for path
"addressbooks/test1/contacts_shared_by_test2"</s:message>
<s:sabredav-version>1.7.1</s:sabredav-version>
<d:need-privileges>
<d:resource>
<d:href>/owncloud/remote.php/carddav/addressbooks/test1/contacts_shared_by_test2</d:href>
<d:privilege>
<d:unbind/>
</d:privilege>
</d:resource>
</d:need-privileges>
</d:error>
I have only tested this with CardDAV, but I suppose the same applies for
CalDAV.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the Kdepim-bugs
mailing list