Hi all, I'm trying to integrate calendar server into a project I'm working on. My previous CalDAV experience is non-existant. I'm trying to understand the best way to set calendar-proxy-read/write permissions. I'm currently just testing with the xmlfile.py directory but ultimately I will have to create my own directory service.
From the client browser I can see that the proxies are stored under eg.
/principals/users/user09/calendar-proxy-write If I am user09 can I dynamically add other users to these resources via http or do these proxies have to be set up beforehand via the directory service? Can I add groups to these proxies instead of users? So an "admin-group" belongs to calendar-proxy-write instead of constantly making sure all admins are in there? Thank you, Atli
Hi Atli, --On February 24, 2014 at 4:53:03 PM +0000 Atli Thorbjornsson <atlithorn@gmail.com> wrote:
From the client browser I can see that the proxies are stored under eg.
/principals/users/user09/calendar-proxy-write
If I am user09 can I dynamically add other users to these resources via http or do these proxies have to be set up beforehand via the directory service?
Can I add groups to these proxies instead of users? So an "admin-group" belongs to calendar-proxy-write instead of constantly making sure all admins are in there?
The calendar-proxy-write and calendar-proxy-read "sub-principal" resources are in effect "groups". So If user09 wants to make user10 a read-write proxy, all they need to do is add user10 to the DAV:group-member-set WebDAV property of the user09 calendar-proxy-write resource. So a simple PROPPATCH: PROPPATCH /principals/users/user09/calendar-proxy-write HTTP/1.1 Host: localhost ... <?xml version="1.0" encoding="utf-8" ?> <D:propertyupdate xmlns:D="DAV:"> <D:set> <D:prop> <D:group-member-set><D:href>/principals/users/user10</D:href></D:group-member-set> </D:prop> </D:set> </D:propertyupdate> Note that you have to re-write the DAV:group-member-set each time, so you need to get the existing list first and make changes to that as a whole, then update the entire list via the PROPPATCH. And yes, our server does support adding group principals into the DAV:group-member-set property and the server takes care of automatically "expanding" that and effectively making all members of that group a proxy for the relevant user. -- Cyrus Daboo
Thanks Cyrus! On Feb 24, 2014 5:01 PM, "Cyrus Daboo" <cdaboo@apple.com> wrote:
Hi Atli,
--On February 24, 2014 at 4:53:03 PM +0000 Atli Thorbjornsson <
atlithorn@gmail.com> wrote:
From the client browser I can see that the proxies are stored under eg.
/principals/users/user09/calendar-proxy-write
If I am user09 can I dynamically add other users to these resources via http or do these proxies have to be set up beforehand via the directory service?
Can I add groups to these proxies instead of users? So an "admin-group" belongs to calendar-proxy-write instead of constantly making sure all admins are in there?
The calendar-proxy-write and calendar-proxy-read "sub-principal"
resources are in effect "groups". So If user09 wants to make user10 a read-write proxy, all they need to do is add user10 to the DAV:group-member-set WebDAV property of the user09 calendar-proxy-write resource. So a simple PROPPATCH:
PROPPATCH /principals/users/user09/calendar-proxy-write HTTP/1.1 Host: localhost ...
<?xml version="1.0" encoding="utf-8" ?> <D:propertyupdate xmlns:D="DAV:"> <D:set> <D:prop>
<D:group-member-set><D:href>/principals/users/user10</D:href></D:group-member-set>
</D:prop> </D:set> </D:propertyupdate>
Note that you have to re-write the DAV:group-member-set each time, so you need to get the existing list first and make changes to that as a whole, then update the entire list via the PROPPATCH.
That's exactly what I need, perfect.
And yes, our server does support adding group principals into the DAV:group-member-set property and the server takes care of automatically "expanding" that and effectively making all members of that group a proxy for the relevant user.
Even better. Out of curiosity, is that "expansion" cached? If a user is subsequently removed from a group in my custom directory service would I need to somehow clear the cache or is the directory service queried every time?
-- Cyrus Daboo
Thanks again, Atli
participants (2)
-
Atli Thorbjornsson
-
Cyrus Daboo