-
-
Notifications
You must be signed in to change notification settings - Fork 2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
GoogleSync Can't differentiate between user's 'SuiteCRM' calendar and one shared with them #8199
Comments
I've been working on this internally for the past couple of days. I think I'm going to need to save the id of the 'SuiteCRM' google calendar when it's created. But this leaves an issue for current users, who have a 'SuiteCRM' google calendar, but the id isn't saved in their settings. It's going to create a new 'SuiteCRM' calendar unless I figure out how to magic out the existing calendar id without mistaking a shared calendar for their own. It's a quandary. |
This is from a completely outside perspective from someone who has never worked on SuiteCRM > google-calendar. Could you look at checking if there are more than one authors? And if you already know the account within SuiteCRM from that identify the original author and therefore the calendar that should be synced? |
@Mac-Rae That's what I've been trying to do, find out if more than one person has 'owner' permissions on the calendar. If we find that, we'll halt the sync for the user and let them know that they need to fix their permissions. |
salesagility#8199 salesagility#8200 With this code SuiteCRM can be sure that the calendar it's syncing with is: 1) Owned by the Correct user 2) Not shared with anyone else w/ owners rights It will also alert the user if the sync fails.
Let me know if you agree with that priority @ApatheticCosmos |
@Mac-Rae |
Thanks @ApatheticCosmos, I'll leave it as a medium priority for now as it does need to be acted on however I don't feel it's causing a major problem for now. |
Issue
If a user has access to multiple calendars named 'SuiteCRM', GoogleSync can't tell the difference between them and may choose the wrong one to sync with. This happens when users share their 'SuiteCRM' Google calendars with others.
It gets worse... if the user renames the shared calendar, Google stores that in an override field, not the main calendar name. So GoogleSync still can't tell the difference.
It gets worse... it is easy enough to just make sure that the user is marked as 'owner' of the calendar. However, if someone assigns access as 'Make changes and manage sharing', then both the user and the user they shared with will both be listed as 'owner'. Google makes no note of who the 'real' owner is. Everyone is equal to Google. In fact, the shared-with user can boot the original user off their own calendar!
Expected Behavior
GoogleSync should know what calendar to sync with under all circumstances.
Actual Behavior
GoogleSync may try to sync with a shared 'SuiteCRM' calendar. This will cause an exception if the user doesn't have write access to that calendar. Or, much worse, it will sync the user's events with the wrong calendar... which may cascade to the other user's meetings!
Possible Fix
This is going to require a rather major reworking of the Google calendar discovery/creation code.
There will probably be unavoidable user-facing changes, like recreating their SuiteCRM calendar.
Steps to Reproduce
Context
We discovered this bug in house when users shared their calendars, and things broke. It's not easy to fix, either.
Your Environment
The text was updated successfully, but these errors were encountered: