Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

group member can overwrite private appointment #519

Closed
stefanroesler opened this issue Jun 28, 2017 · 2 comments
Closed

group member can overwrite private appointment #519

stefanroesler opened this issue Jun 28, 2017 · 2 comments
Labels
1. to develop Accepted and waiting to be taken care of bug
Milestone
2.0.2

Comments

@stefanroesler
Copy link

stefanroesler commented Jun 28, 2017
edited by jospoortvliet
Loading

Actual behaviour

The admin creates a calendar for group A, group A has read / write permission, User B1 and B2 are members of group A. In case B1 creates a private appointment it will be shown for every group member also for himself as busy (that's okay, cause the information will the shown via caldavsync in Outlook for the creator of this appointment). The problem: every group member with read / write permission can overwrite / delete B1's private appointment, is there no concept of ownership for appointments in shared calendars?

Server configuration

Operating system: Ubuntu 16.04.2 LTS (GNU/Linux 4.4.0-042stab120.18 x86_64)

Web server: Apache/2.4.18 (Ubuntu)

Database: mysql 5.7

PHP version: 7.0.18-0ubuntu0.16.04.1 (cli) ( NTS )

Server version: 12.0.0

Calendar version: 1.5.3

Updated from an older installed version or fresh install: fresh install

Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.
@georgehrke
Copy link
Member

Beginning with Nextcloud 9 the CalDAV server became part of Nextcloud's server and the calendar app is just a CalDAV client running in your browser.
Please report issues related to the CalDAV server in Nextcloud's server repo: https://github.com/nextcloud/server/issues

Let's keep this issue open here too, because it'd consider it a bug that you can create private and confidential events in a calendar shared with you.

@georgehrke georgehrke added 1. to develop Accepted and waiting to be taken care of bug labels Jun 28, 2017
@georgehrke georgehrke added this to the 1.7.0-next milestone Jun 28, 2017
@georgehrke georgehrke modified the milestones: 1.7.0-next, 1.6.2 Feb 11, 2018
@georgehrke georgehrke modified the milestones: 1.6.2, 2.0.0 beta2 Sep 8, 2018
@georgehrke georgehrke mentioned this issue Oct 26, 2019
Open
@georgehrke georgehrke modified the milestones: 2.0.0 beta2, 2.0.0 beta3 Nov 4, 2019
@georgehrke georgehrke modified the milestones: 2.0.0 beta3, 2.0.0 beta4 Dec 9, 2019
@georgehrke georgehrke modified the milestones: 2.0.0 RC, 2.0.1 Jan 14, 2020
@raimund-schluessler raimund-schluessler mentioned this issue Jan 28, 2020
Open
@georgehrke
Copy link
Member

Closing in favour of #1587 (comment)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
1. to develop Accepted and waiting to be taken care of bug
Projects
None yet
Milestone
2.0.2
Development

No branches or pull requests
2 participants
@georgehrke @stefanroesler