Stepping back a minute...
If you've subscribed to a read-only calendar in Chandler, you currently
cannot edit those events in any way (even locally).
- No dragging the event to another calendar
- No mailing the event
(Grant noted that one could go hack it if they ran headless and knew
what they were doing.)
Presumably we have no plans to change this functionality before Preview.
I believe there is no way to add an event to a second collection from
the Cosmo UI in the Preview timeframe (read-only or not).
Am I missing something? (entirely possible!)
Cheers,
Katie
Katie Capps Parlante wrote:
Ted Leung wrote:
On Mar 15, 2007, at 4:06 PM, Mimi Yin wrote:
Morgen, I think that's the desired behavior? If you have 1 item in 2
collections with conflicting privileges, we want the more liberal
privilege to win on that item, namely read-write.
I just re-read this. If that's the desired behavior, than that's what
we have now. The only problem is that a bunch of people consider this
to be a security problem.
If I understand correctly, this scenario is not the security hole.
The security hole is when:
Katie publishes a read-only calendar (Katie-work).
Mimi adds "staff-meeting" (found in Katie-work) to "Mimi-work".
Mimi publishes "Mimi-work" as read-write.
"staff-meeting" now has read-write permissions, allowing Mimi to edit
"staff-meeting" and have the changes percolate back to "Katie-work",
which was shared read-only.
If Katie had published both Mimi-work (read-write) and Katie-work
(read-only), then presumably she'd be comfortable with "staff meeting"
being read-write. (The scenario that Morgen mentions, and which Mimi
says is desirable behavior).
The problem arises when Mimi's action causes Katie's read-only event to
surprisingly become read-write.
Cheers,
Katie
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
Open Source Applications Foundation "Design" mailing list
http://lists.osafoundation.org/mailman/listinfo/design
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
Open Source Applications Foundation "Design" mailing list
http://lists.osafoundation.org/mailman/listinfo/design
