I’m creating a PHP application that will write events to a CalDAV calendar (Kolab groupware). For this I ask for the calendar-home-set of the respective user. After that, I only want to use calendars that I have write permissions for. It may well be that I received shared calendars that I’m only allowed to read. So how can I determine the access rights to a calendar before I register an event and receive an error message?
Thanks in advance.
Advertisement
Answer
To get CalDAV(/*DAV) resource/collection privileges you can query the {DAV:}current-user-privilege-set property while retrieving the calendar list.
This is part of RFC 3744 (WebDAV ACL). Sample from the RFC:
PROPFIND /papers/ HTTP/1.1
Host: www.example.com
Content-type: text/xml; charset="utf-8"
Content-Length: xxx
Depth: 0
Authorization: Digest username="khare",
realm="users@example.com", nonce="...",
uri="/papers/", response="...", opaque="..."
<?xml version="1.0" encoding="utf-8" ?>
<D:propfind xmlns:D="DAV:">
<D:prop>
<D:current-user-privilege-set/>
</D:prop>
</D:propfind>
HTTP/1.1 207 Multi-Status
Content-Type: text/xml; charset="utf-8"
Content-Length: xxx
<?xml version="1.0" encoding="utf-8" ?>
<D:multistatus xmlns:D="DAV:">
<D:response>
<D:href>http://www.example.com/papers/</D:href>
<D:propstat>
<D:prop>
<D:current-user-privilege-set>
<D:privilege><D:read/></D:privilege>
</D:current-user-privilege-set>
</D:prop>
<D:status>HTTP/1.1 200 OK</D:status>
</D:propstat>
</D:response>
</D:multistatus>