[CalendarServer-users] Client library and admin tool

Cyrus Daboo cdaboo at apple.com
Fri Apr 4 07:58:02 PDT 2008


Hi Scott,

--On April 4, 2008 7:22:09 AM -0700 Scott Buchanan <dscottbuch at mac.com> 
wrote:

> Any idea why the ACL doesn't change and why the error (Ignoring error)?
> Also, is there any way with runshell.py to increase the reporting?

The logging command in the shell will turn on protocol tracing (basically 
it will print every http request/response.)

I think what is happening in your case is that you are running into a 
restriction on what you can change in an ACL. By default the server 
provisions each user and group to have DAV:all inheritable access to their 
on calendar home, and that DAV:ace element is protected. As a result, you 
cannot add a DAV:ace that possibly conflicts with that by overriding a 
privilege.

I think what you need to do is something like this:

1) Create a group (enabled for calendaring) for the calendar data and make 
those users who should be able to create/delete calendars members of that 
group.

2) Create another group (not enabled for calendaring) and add users who 
should have read/write access to the event data, but not create/delete 
calendar rights.

3) For each calendar created in the main group, change the ACL on the 
calendar collection to give the non-calendar group DAV:read and DAV:write 
access only.

Ultimately it would probably be handy if you could set the read/write 
access for the non-calendar group on the calendar home and have that be 
inheritable so that you don't have to set it up on each new calendar. 
Whilst our server does support an option to make a DAV:ace inheritable, 
there is no way to control that via the ACL method.

-- 
Cyrus Daboo



More information about the calendarserver-users mailing list