-
Notifications
You must be signed in to change notification settings - Fork 343
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Webinterface shows all principals #584
Comments
Between version 2.0 and 2.1 we made all principals discoverable by default. This was pretty much required to allow scheduling to work. There's a sort of 'trick' you can use to completely block users from getting the full list of users. You do this by setting the |
It's not so bad if I could find them. But Listing is a bit a problem in a shared environment. If I have multiple "Groups" (Like different companies) that should only see there group members, is this possible in any way? |
Hi! Sorry for not responding sooner, I missed your reply and then all the holidays happened. The drawback of It would be possible to control visibility per item, but you need to subclass the Sabre\DAVACL\Principal class and return appropriate rules from the getACL() method as you see fit. Hope this helps. Closing this ticket for now, but feel free to continue commenting. |
Hi, ok I will try this but have some problems adding my own Principal class to sabre dav. thx |
The way that would work right now is that you'd need to subclass That class creates an instance of |
OK and howbdo I attach this class? |
Your |
So, I found a way how it works but I think thats not a nice way looks more like a workaround manly because I have some problems the concept.
I check if the user has the same domain as the node, is there a cleaner way to the get current User? |
Normally it's not considered the 'correct way' to check for the current user. Instead, you just want to specify an ACL rule for the users you want to give access, and let the ACL plugin determine what that is. So in an ideal world you create separate principals per-domain. These would become your 'group principals'. Then you can add users to the member list of those domains. Then lastly, you return an ACL rule that allows the domain to get access to the properties for that principal. However, that might be a bit harder. If you do want to use the 'current user', I think you should consider injecting the auth plugin or server object into the constructor of your principal collection and the principal class, so you can avoid the global. This is a decent hack though. It's self-contained in one function, it's just that globals are usually frowned on. |
So more or less the same way how calender delegation works, that makes more sense. thx |
Hi,
since 2.1 the web interface shows me all principals and I'm not sure why.
My sabredav is set up with hideNodesFromListings (But maybe this has nothing todo with it).
The principals shows 2 nodes calendar-proxy-read and write, is it possible that I need a acl pluging that only shows the allowed principals?
thx
The text was updated successfully, but these errors were encountered: