[#4021] Creator Perms
Summary Creator Perms
Queue Horde Framework Packages
Queue Version FRAMEWORK_3
Type Bug
State Not A Bug
Priority 1. Low
Requester michael.menge (at) zdv (dot) uni-tuebingen (dot) de
Created 2006-06-09 (5651 days ago)
Updated 2006-06-29 (5631 days ago)
Assigned 2006-06-10 (5650 days ago)
Resolved 2006-06-29 (5631 days ago)
Patch No

2006-06-29 09:51:29 michael (dot) menge (at) zdv (dot) uni-tuebingen (dot) de Comment #8 Reply to this comment
How does User A has to set the permissions that only user B can create 
Objets in the share and that he can edit only the Objects he has 
2006-06-29 09:47:32 Jan Schneider Comment #7 Reply to this comment
All scenarios are working as expected.
2006-06-29 09:40:53 michael (dot) menge (at) zdv (dot) uni-tuebingen (dot) de Comment #6 Reply to this comment
the intention of object_creator permissions is clear, but at the 
moment there are some things that are not as they should be.  Here are 
some example settings to show the Problems

Lets have the Users A, B and C

User A has the share "Shared Share" he wants to share with user B, but 
he dont want user C to have annithing to du with his share

Scenario 1.


user B has (Show Read Edit Delete)

  object creator has no rights


Now user B can do every thing, also Edit and Delete the objects 
created by user A This is what i would expect and works fine.

Scenario 2


user B has (Show Read )

  object creator has Edit and Delete permissons


user B can create new objects can edit them and can delete bem but is 
not able to edit other objects of the user A.

BUT user C can create new objects, he cant delete them because he has 
now Show permission for the share. So he cant select the share

Scenario 3


user B has (Show Read Edit)

  object creator has Delete permissons


user B can create new objects but can EDIT all but his own object.

Scenario 4


user B has (Show Read Edit)

  object creator has Show permissons


User C sees the "Shared Share" in the dorp down selection, but can do 
nothing with the share.

2006-06-29 09:08:36 Jan Schneider Comment #5
State ⇒ Not A Bug
Reply to this comment
That's exactly the purpose of the creator permissions. You want to set 
creator permission if you want to give certain permissions to objects 
in a share only to the creator of these objects. Since Horde doesn't 
have permissions on the object-level, only on the share-level, this is 
the only way to allow users editing and creating objects in a share 
without allowing them to mess with other users' objects.
2006-06-20 09:37:23 michael (dot) menge (at) zdv (dot) uni-tuebingen (dot) de Comment #4 Reply to this comment
The Problem is more serious than i thought.

If ther edit permission is set for the Object_creator EVERYONE can 
create new objects in the share
2006-06-12 18:21:34 michael (dot) menge (at) zdv (dot) uni-tuebingen (dot) de Comment #3 Reply to this comment
If I understand the creator perms right they don't make muche sense.

To make the things clear lets talk about calendars (this should also 
work with adressbooks, tasks ...)

At the moment you need the edit permisson to create a new event in a calendar.

If you have the edit permission you can edit all events in this 
calendar. The only usefull permission in this scenacrio is the delete 

If there were a create permission the creator edit permission would be 

Then you could only edit your own events.


Back to my problem

If user A sets the rights for his calendar Importent_Calendar for the 
individual user B to show,read,edit

and for the object creator to show,read,edit and delete.

then user C,D,E,.... will see Importent_Calendar were they choose the 
calendas to display.

this would be no problem if only user A would do this, but if all 
33333 users do the same thing user B might get a problem to find the 
right calendar

If user A does not set the object creator show permission but only the 
edit permission Importent_Calendar would not show at "Select calendars 
do display" but at  "Advanced Search"

If users C,D,... would select Importent_Calendar they would see and 
find  nothing.

2006-06-10 17:27:32 Chuck Hagenbuch Comment #2
State ⇒ Feedback
Reply to this comment
If it worked that way, you could never create an object on the share 
in the first place. You should see the share if you have read 
permissions to it - nothing to do with whether you've created objects 
on it or not. If people are seeing shares they don't have read access 
to, that's a problem.
2006-06-09 14:42:07 michael (dot) menge (at) zdv (dot) uni-tuebingen (dot) de Comment #1
Type ⇒ Bug
State ⇒ Unconfirmed
Priority ⇒ 1. Low
Summary ⇒ Creator Perms
Queue ⇒ Horde Framework Packages
Reply to this comment
Everyone can select a share, if the creator perrmission to show or to 
edit  are set, even if the user has no objects created in the share.

This is no securety issue, but the list of shares can get very long 
and users might get problems finding the right share.

An object creator should only be able to select a share if he has 
objects in the share

Saved Queries