GoogleSync Can't differentiate between user's 'SuiteCRM' calendar and one shared with them

[ApatheticCosmos]

Issue

If a user has access to multiple calendars named 'SuiteCRM', GoogleSync can't tell the difference between them and may choose the wrong one to sync with. This happens when users share their 'SuiteCRM' Google calendars with others.

It gets worse... if the user renames the shared calendar, Google stores that in an override field, not the main calendar name. So GoogleSync still can't tell the difference.

It gets worse... it is easy enough to just make sure that the user is marked as 'owner' of the calendar. However, if someone assigns access as 'Make changes and manage sharing', then both the user and the user they shared with will both be listed as 'owner'. Google makes no note of who the 'real' owner is. Everyone is equal to Google. In fact, the shared-with user can boot the original user off their own calendar!

Expected Behavior

GoogleSync should know what calendar to sync with under all circumstances.

Actual Behavior

GoogleSync may try to sync with a shared 'SuiteCRM' calendar. This will cause an exception if the user doesn't have write access to that calendar. Or, much worse, it will sync the user's events with the wrong calendar... which may cascade to the other user's meetings!

Possible Fix

This is going to require a rather major reworking of the Google calendar discovery/creation code.
There will probably be unavoidable user-facing changes, like recreating their SuiteCRM calendar.

Steps to Reproduce

1. Have two users both syncing their calendars
2. Share the calendar's with each other
3. It might crash if shared read-only, or sync with the wrong one if r/w

Context

We discovered this bug in house when users shared their calendars, and things broke. It's not easy to fix, either.

Your Environment

• SuiteCRM Version used: 7.11.8
• Browser name and version (e.g. Chrome Version 51.0.2704.63 (64-bit)): Multiple/All
• Environment name and version (e.g. MySQL, PHP 7): Php 7.2.19, MariaDB
• Operating System and version (e.g Ubuntu 16.04): Ubuntu 18.04

[ApatheticCosmos]

I've been working on this internally for the past couple of days. I think I'm going to need to save the id of the 'SuiteCRM' google calendar when it's created. But this leaves an issue for current users, who have a 'SuiteCRM' google calendar, but the id isn't saved in their settings. It's going to create a new 'SuiteCRM' calendar unless I figure out how to magic out the existing calendar id without mistaking a shared calendar for their own. It's a quandary.

[Mac-Rae]

This is from a completely outside perspective from someone who has never worked on SuiteCRM > google-calendar. Could you look at checking if there are more than one authors? And if you already know the account within SuiteCRM from that identify the original author and therefore the calendar that should be synced?

[ApatheticCosmos]

@Mac-Rae That's what I've been trying to do, find out if more than one person has 'owner' permissions on the calendar. If we find that, we'll halt the sync for the user and let them know that they need to fix their permissions.
Google doesn't seem to have a concept of original owner of a calendar, at least not exposed in their API.
I'm still researching.

[Mac-Rae]

Let me know if you agree with that priority @ApatheticCosmos

[ApatheticCosmos]

@Mac-Rae
It all depends on how common it is for people to share their SuiteCRM calendar. I found this internally, but never heard of it being an issue anywhere else. But when it breaks this way, it really breaks badly.

[Mac-Rae]

Thanks @ApatheticCosmos, I'll leave it as a medium priority for now as it does need to be acted on however I don't feel it's causing a major problem for now.