server icon indicating copy to clipboard operation
server copied to clipboard
verified publisher icon nextcloud

fix(caldav): Do not overwrite shared calendar owner

Open SebastianKrupinski opened this issue 1 year ago • 3 comments

  • Resolves: #26668

Summary

Sabre invitation plugin skip invites if the organizer of the event is not the owner of the calendar. That happens for shared calendars because \OCA\DAV\CalDAV\Calendar::getOwner overwrites \Sabre\CalDAV\Calendar::getOwner. Upstream returns the principaluri of the owner, we return the principaluri of the sharee. Want to test if this revives the invites in shared calendars. Adjustments for other places that use the getOwner method might be required.

SebastianKrupinski avatar Apr 26 '24 11:04 SebastianKrupinski

Setting to draft because we have to test this locally before it's integrated. We do not want to experiment with this on production instances

ChristophWurst avatar Apr 26 '24 11:04 ChristophWurst

Setting to draft because we have to test this locally before it's integrated. We do not want to experiment with this on production instances

Agreed.

SebastianKrupinski avatar Apr 26 '24 11:04 SebastianKrupinski

Test scenario

  • Calendar "A-Team"
  • Owned by Alice
  • Shared editable with Bob, readonly with Jane
  • Reoccurring event created by Alice (Weekly, Mo, 9am, start date in the future - no invitations for events in the past)
  • Attendees are Alice, Bob, Jane, John, [email protected], [email protected], [email protected]

Case 1

Steps:

  1. Alice: Create event and add Bob and [email protected]
  2. Alice: Edit event and add Jane and [email protected]
  3. Bob: Edit event and add John and [email protected]

Expected outcome:

  • [x] Alice can invite internal and external attendees
  • [x] and the invitations are sent by email
  • [x] Bob sees the event two times (1x in the personal calendar because he is also an attendee, 1x in the shared calendar)
  • [x] Bob can invite internal and external attendees to the event in the shared calendar
  • [x] and the invitations are sent by email
  • [x] Jane sees the event two times (1x in the personal calendar because he is also an attendee, 1x in the shared calendar)
  • [x] Jane cannot edit the event in the shared calendar
  • [x] Internal users see the event in the calendar
  • [x] Users can accept/decline the event
  • [x] The status is updated properly for every user with a local account (note, it's important to accept the invitation for the right event - the copy in your personal calendar, if you accept the event in shared calendar the status for the copy in your personal calendar does not change until the next update from the event organizer)
  • [x] External users receive an invitation by email
  • [x] and can use the provided link to accept/decline

Case 2

Steps:

  1. Bob: Create event and add John and [email protected]
  2. Bob: Edit event and add Jane and [email protected]

Expected outcome:

  • [x] Bob sees the event one time (the one in the shared calendar, there is no copy in bob's personal calendar)
  • [x] Bob can invite internal and external attendees to the event in the shared calendar
  • [x] and the invitations are sent by email
  • [x] Jane sees the event two times (1x in the personal calendar because he is also an attendee, 1x in the shared calendar)
  • [x] Jane cannot edit the event in the shared calendar
  • [x] Internal users see the event in the calendar
  • [x] Users can accept/decline the event
  • [x] The status is updated properly for every user with a local account (the reply sent to bob does not trigger a status update because the event is not found at https://github.com/nextcloud/3rdparty/blob/cbcfacd52639b3201dd2cf507da3d440ea3344fe/sabre/dav/lib/CalDAV/Schedule/Plugin.php#L492)
  • [x] External users receive an invitation by email
  • [x] and can use the provided link to accept/decline

kesselb avatar May 23 '24 14:05 kesselb

Summary

Sabre invitation plugin skip invites if the organizer of the event is not the owner of the calendar. That happens for shared calendars because \OCA\DAV\CalDAV\Calendar::getOwner overwrites \Sabre\CalDAV\Calendar::getOwner. Upstream returns the principaluri of the owner, we return the principaluri of the sharee. Want to test if this revives the invites in shared calendars. Adjustments for other places that use the getOwner method might be required.

Disregard... Initial comment...

The better solution is to supply both the Sharer and Sharee addresses to the iTipBroker... This keeps the calendar owner logic sounds and in tacked and fixes the reason the iTipBroker does not generate proper messages when a Sharee creates an event with attendees in the Sharers calendar.

SebastianKrupinski avatar Jul 21 '24 18:07 SebastianKrupinski

Additional thoughts...

Some front end UI changes that would be beneficial...

  • Drop down on attendee tab to selected the organizer of the event. Use cases...
  • Sharee is an assistant with access to the Managers calendar (Sharer)... The organizer of the event should be the Sharer.
  • Sharee is a employee with access to the Company calendar (Sharer)... The organizer of the event should be the Sharee.

Some back end changes that would be beneficial...

  • Additional calendar property to control access to send on behalf of the Sharer.

Draw backs...

  • The above features would only work in the NC UI. CalDAV dose support the "CALDAV:schedule-send" ACL permission but I doubt that there are many if any clients that actually support this feature.

SebastianKrupinski avatar Jul 21 '24 19:07 SebastianKrupinski

Testing Instructions:

  1. Pull Patch and Calendar patch https://github.com/nextcloud/calendar/pull/6202 (enables attendee selection from UI)
  2. Create invite as an Sharee (User B) on a shared calendar (from User A) with attendees (User C).
  3. Check email of User C to see if invitation arrived.
  4. Repeat step 2 and 3 by creating invite in personal calendar with attendees

SebastianKrupinski avatar Jul 24 '24 12:07 SebastianKrupinski

@SebastianKrupinski as discussed, this is a critical change. We will not send this into production without a good test coverage.

  1. Tests that cover the old invitation workflows
  2. Tests that cover the new invitation workflows

ChristophWurst avatar Jul 24 '24 12:07 ChristophWurst

@ChristophWurst yes I am working on the tests, wasn't planning on merging this without them, just wanted some reviews on the subject.

SebastianKrupinski avatar Jul 24 '24 13:07 SebastianKrupinski

Notes: Testing Current Shared Calendar Behavior Configuration: User 2 (Sharer/Owner), User 1 (Sharee), User 3 (Non-Sharee), User External (Mail Address)

Case 1 Test: User 2 (Owner) Creates event with all other users

Case 1 Outcome: User 2 (Owner) - SEEs event in shared calendar and receives NO email User 1 (Sharee) - SEEs two events, one in personal and one in shared calendar and RECEIVES an email User 3 (Non-Sharee) - SEEs event in personal calendar and RECEIVES an email User E (External) - RECEIVES an email

Case 2 Test: User 1 (Sharee) Creates event with all other users

Case 2 Outcome: User 1 (Sharee) - SEEs event in shared calendar and receives NO email User 2 (Owner) - SEEs event in shared calendar and receives NO email User 3 (Non-Sharee) - Dose NOT see event in personal calendar and receives NO email User E (External) - receives NO email

SebastianKrupinski avatar Jul 28 '24 17:07 SebastianKrupinski

Notes: Testing New Shared Calendar Behavior Configuration: User 2 (Sharer/Owner), User 1 (Sharee), User 3 (Non-Sharee), User External (Mail Address)

Case 3 Test: User 2 (Owner) Creates event with all other users

Case 3 Outcome: User 2 (Owner) - SEEs event in shared calendar and receives NO email User 1 (Sharee) - SEEs two events, one in personal and one in shared calendar and RECEIVES an email User 3 (Non-Sharee) - SEEs event in personal calendar and RECEIVES an email User E (External) - RECEIVES an email

Case 4 Test: User 1 (Sharee) Creates event with all other users

Case 4 Outcome: User 1 (Sharee) - SEEs event in shared calendar and receives NO email User 2 (Owner) - SEEs two events, one in personal and one in shared calendar and RECEIVES an email User 3 (Non-Sharee) - SEEs event in personal calendar and RECEIVES an email User E (External) - RECEIVES an email

SebastianKrupinski avatar Jul 28 '24 17:07 SebastianKrupinski

I tried reproducing the 1st use case from Daniel but I can't add an additional attendee from the secondary user Bob with whom the calendar was shared. Am I missing something?

miaulalala avatar Jul 31 '24 14:07 miaulalala

@miaulalala

Did you enable the UI selection from the calendar PR?

https://github.com/nextcloud/server/pull/45054#issuecomment-2247832392

SebastianKrupinski avatar Jul 31 '24 15:07 SebastianKrupinski

Works, although the following issue might be confusing:

Admin invites Bob Bob has 2 copies of the VEVENT - one in the shared calendar, one in the personal calendar Bob deletes the VEVENT from the personal calendar Bob accepts the invitiation in the shared calendar The event in the personal calendar is recreated

miaulalala avatar Aug 01 '24 11:08 miaulalala

Works, although the following issue might be confusing:

Admin invites Bob Bob has 2 copies of the VEVENT - one in the shared calendar, one in the personal calendar Bob deletes the VEVENT from the personal calendar Bob accepts the invitiation in the shared calendar The event in the personal calendar is recreated

Pretty sure we would need to rewrite the Sabre iTipBroker class to fix this.

SebastianKrupinski avatar Aug 01 '24 17:08 SebastianKrupinski

Thank you all, most especially SebastianKrupinski, for the dedicated work on this.

I determined my skills at present were insufficient to assist in the testing, but I truly appreciate the work and am anxious to try it out.

bpmartin20 avatar Aug 06 '24 15:08 bpmartin20