I’m creating a PHP application that will write events to a CalDAV calendar (Kolab groupware). For this I ask for the calendar-home-set of the respective user. After that, I only want to use calendars that I have write permissions for. It may well be that I received shared calendars that I’m only allowed to read. So how can I determine the access rights to a calendar before I register an event and receive an error message?
Thanks in advance.
Advertisement
Answer
To get CalDAV(/*DAV) resource/collection privileges you can query the {DAV:}current-user-privilege-set
property while retrieving the calendar list.
This is part of RFC 3744 (WebDAV ACL). Sample from the RFC:
PROPFIND /papers/ HTTP/1.1 Host: www.example.com Content-type: text/xml; charset="utf-8" Content-Length: xxx Depth: 0 Authorization: Digest username="khare", realm="users@example.com", nonce="...", uri="/papers/", response="...", opaque="..." <?xml version="1.0" encoding="utf-8" ?> <D:propfind xmlns:D="DAV:"> <D:prop> <D:current-user-privilege-set/> </D:prop> </D:propfind>
HTTP/1.1 207 Multi-Status Content-Type: text/xml; charset="utf-8" Content-Length: xxx <?xml version="1.0" encoding="utf-8" ?> <D:multistatus xmlns:D="DAV:"> <D:response> <D:href>http://www.example.com/papers/</D:href> <D:propstat> <D:prop> <D:current-user-privilege-set> <D:privilege><D:read/></D:privilege> </D:current-user-privilege-set> </D:prop> <D:status>HTTP/1.1 200 OK</D:status> </D:propstat> </D:response> </D:multistatus>