[CalendarServer-users] PROPFIND returning way too much
information?
Cyrus Daboo
cdaboo at apple.com
Thu Apr 12 17:13:56 PDT 2007
Hi Nick,
--On April 12, 2007 4:12:58 PM -0600 Nick Zitzmann <nick at chronosnet.com>
wrote:
> Again I did a Google search and didn't find anything...
>
> Now that I've got the REPORT command working as expected, I'm trying to
> read the calendar server's ACL on a per-calendar basis. I only care about
> read and write permissions, and treat "all" as being both read and write,
> so I explicitly limit the results in the XML HTTP request:
>
> <?xml version="1.0" encoding="utf-8"?><o:propfind
> xmlns:o="DAV:"><o:prop><o:current-user-privilege-set><o:privilege><o:read
> /><o:write/><o:all/></o:privilege></o:current-user-privilege-set></o:prop
> ></o:propfind>
>
> I would expect that to return whether or not the current user has read or
> write access to the calendar, but here's what I get back from the server:
>
> <?xml version="1.0" encoding="UTF-8"?><multistatus
> xmlns="DAV:"><response><href>/calendars/users/admin/calendar/</href><prop
> stat><prop><current-user-privilege-set><privilege><all></all></privilege>
> <privilege><read></read></privilege><privilege><read-free-busy
> xmlns="urn:ietf:params:xml:ns:caldav"></read-free-busy></privilege><privi
> lege><write></write></privilege><privilege><write-properties></write-prop
> erties>
> [...]
>
> Fortunately I get what I wanted, but I tried to make my query very
> specific to cut down on 'net traffic, and the server's returning way too
> much information. The query doesn't ask for read-free-busy, etc.
> permissions and there they are. Is this a bug, or am I doing something
> wrong in the query?
>
> Also, if this is a bug, should I file this on Radar or on the public
> ticket tracker?
I don't see anything in the WebDAV ACL spec (RFC3744) that says a client
can send the list of privileges it is interested in in the PROPFIND
response and the server would have to returned the property filtered down
to only that set. Perhaps that is an extension that some other WebDAV
implementation has done, but I don't think its formally defined anywhere.
So right now I think we are doing the right thing except that we maybe
ought to generate a BAD REQUEST for your PROPFIND since it does contain
something we do not strictly interpret...
--
Cyrus Daboo
More information about the calendarserver-users
mailing list