[CalendarServer-users] account.xml configuation
Cyrus Daboo
cdaboo at apple.com
Wed Nov 7 14:23:26 PST 2007
Hi Darren,
--On November 7, 2007 3:56:48 PM -0600 Darren Hildebrand
<dhildebrand at franticfilms.com> wrote:
> This could probably be achieved (although it may be somewhat tedious...)
> by creating a user called guest and using the mulberry client to modify
> ACLs so that they have read access to all the other users' calendars.
> You'd just have to remember to adjust permissions every time you create a
> new user's calendar. Definitely not ideal, but it could (probably) do
> the job in a pinch.
Ideally what is needed for this is to set the guest read-only ACL on the
top-level root resource and ensure that is inherited by all child
resources. Unfortunately, webdav ACL is a bit lame when it comes to setting
up inheritance - there is actually no way to do that through protocol.
The calendar server does support inheritable privileges with WebDAV ACL via
a private XML element we add to the stored WebDAV ACL on the server. By
setting the inheritable element, that ace becomes inherited by all child
resources. We use that in a number of areas:
- The admin principal is an inheritable ace on the root resource.
- Each user has an inheritable ace giving them read/write/admin privileges
on their own calendar home.
- Calendar proxies are given the appropriate inheritable privileges on the
calendar homes of the users they can proxy too.
- By default, any ace added to a calendar collection is made inheritable -
that way by default if you give some access to your calendar collection
they automatically get access to all the content as well (which is likely
the intent).
It certainly would be nice to be able to specify inheritance via webdav
protocol so that users/admins can setup more complex sharing scenarios.
That would require a protocol extension.
--
Cyrus Daboo
More information about the calendarserver-users
mailing list