Tickets :: [#4082] fb.php output for authenticated users only

6.0.0-beta1

7/24/25

Summary	fb.php output for authenticated users only
Queue	Kronolith
Queue Version	2.1.2
Type	Enhancement
State	Rejected
Priority	2. Medium
Owners
Requester	christian.brandes (at) forschungsgruppe (dot) de
Created	06/26/2006 (6968 days ago)
Due
Updated	08/17/2006 (6916 days ago)
Assigned
Resolved	08/17/2006 (6916 days ago)
Milestone
Patch	No

08/17/2006 01:22:11 PM	christian (dot) brandes (at) forschungsgruppe (dot) de	Comment #7	Reply to this comment
It is easier than setting rights on a calendar. It just needs a selection box under: Options->Calendar->Free/Busy Information that says: share f/b-information with "everybody" / "authenticated users" / "no one" To save out of the box functionalities it could default to "everybody".

08/17/2006 01:08:58 PM	Chuck Hagenbuch	Comment #6 State ⇒ Rejected	Reply to this comment
I don't think that ease-of-use and general users of Kronolith are served by adding this feature.

08/17/2006 09:40:13 AM	christian (dot) brandes (at) forschungsgruppe (dot) de	Comment #5	Reply to this comment
No, I intended to offer them the possibility to choose, with who they want to share f/b-information. Just like they can set permissions for their calendars, they should be able to set permissions for their f/b-info, too. Is it really so easy to implement permissions for f/b-urls? It might require changes in the preference storage system and in prefs.php as well.

08/17/2006 04:41:07 AM	Chuck Hagenbuch	Comment #4 State ⇒ Feedback	Reply to this comment
Are you going to explain to the users that they can't do any of the normal sharing with outside users? No email calendar scheduling, etc? I still just don't see it as a problem. And you can easily modify fb.php to require Horde auth if you really need this.

06/27/2006 04:32:10 PM	christian (dot) brandes (at) forschungsgruppe (dot) de	Comment #3	Reply to this comment
In generell f/b-information is not too sensitive. But I would like to setup a horde platform that is only accessible by authenticated users. I think it is a good idea to let either the system administrator or the user decide wether to expose f/b-information to the world or not. So a system wide or a user setting could help. Default could be "allow" so that out of the box users have full functionality. Another possibility is as you said to respect SHOW permissions.

06/26/2006 06:39:57 PM	Chuck Hagenbuch	Comment #2	Reply to this comment
It's not hard to make fb.php respect the SHOW permission on any calendar. But this makes fb much harder for regular users out of the box, and what I'm really confused about is: what information that's in free/busy info do you consider sensitive?

06/26/2006 04:53:28 PM	christian (dot) brandes (at) forschungsgruppe (dot) de	Comment #1 Priority ⇒ 2. Medium Type ⇒ Enhancement Summary ⇒ fb.php output for authenticated users only Queue ⇒ Kronolith State ⇒ New	Reply to this comment
At the moment fb.php can be queried by anyone. I would like to have the option to choose, who is allowed to read a user's f/b-information: - anyone - authenticated users - no one This could help sensitive information not to be exposed to the whole world, if not wanted so. I hope you find this a good solution, too. Is this difficult to implement? Thanx Christian