https://bugs.kde.org/show_bug.cgi?id=310734
Bug ID: 310734 Severity: normal Version: 4.9 Priority: NOR Assignee: kdepim-bugs@kde.org Summary: Akonadi DAV resource doesn't react on 403 errors Classification: Unclassified OS: Linux Reporter: tho...@tanghus.net Hardware: Other Status: UNCONFIRMED Component: DAV Resource Product: Akonadi When trying to delete a contact from a shared ownCloud addressbook, Akonadi believes it is deleted even though the response clearly indicates it is forbidden. Reproducible: Always Steps to Reproduce: Delete a contact from a shared ownCloud addressbook that doesn't have OCP\PERMISSION_DELETE, watch in the access log that the response is a 403. Actual Results: The contact is removed from Akonadi cache. Expected Results: The user should get an appropriate error message. This is against ownCloud master branch, so results may vary. In 4.5 it was possible to delete a resource even though the addressbook only had PERMISSION_UPDATE. Example URL: DELETE /owncloud/remote.php/carddav/addressbooks/test1/contacts_shared_by_test2/C52B52A4-8EA0-0001-2E8C-C89095241A13.vcf Response: HTTP/1.1 403 Forbidden Date: Mon, 26 Nov 2012 20:32:34 GMT Server: Apache/2.2.22 (Ubuntu) (snipped) Content-Length: 602 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: application/xml; charset=utf-8 Response body: <?xml version="1.0" encoding="utf-8"?> <d:error xmlns:d="DAV:" xmlns:s="http://sabredav.org/ns"> <s:exception>Sabre_DAVACL_Exception_NeedPrivileges</s:exception> <s:message>User did not have the required privileges ({DAV:}unbind) for path "addressbooks/test1/contacts_shared_by_test2"</s:message> <s:sabredav-version>1.7.1</s:sabredav-version> <d:need-privileges> <d:resource> <d:href>/owncloud/remote.php/carddav/addressbooks/test1/contacts_shared_by_test2</d:href> <d:privilege> <d:unbind/> </d:privilege> </d:resource> </d:need-privileges> </d:error> I have only tested this with CardDAV, but I suppose the same applies for CalDAV. -- You are receiving this mail because: You are the assignee for the bug. _______________________________________________ Kdepim-bugs mailing list Kdepim-bugs@kde.org https://mail.kde.org/mailman/listinfo/kdepim-bugs