DAV ACL question

Folks,

Still a relative DAV newbie and trying to wrap my head around RFC 3744. 
  If I have an implementation where DAV:read-current-user-privilege-set 
can not be split from DAV:read, and DAV:read-acl, DAV:write-acl, 
DAV:unlock can not be separated from one another, is the response below 
correct?

I have DAV:read-current-user-privilege-set as abstract under DAV:read, 
and I have DAV:read-acl, DAV:write-acl, DAV:unlock all as abstract under 
a private aggregate right CYRUS:admin.

Actually, looking at this again, since all of the member privileges 
contained in the DAV:write aggregate have been granted to the current 
user, should DAV:write also be listed?


<?xml version="1.0" encoding="utf-8"?>
<D:multistatus xmlns:D="DAV:" xmlns:C="urn:ietf:params:xml:ns:caldav"
	       xmlns:CY="http://cyrusimap.org/ns/">
   <D:response>
     <D:href>/calendars/user/ken/events/</D:href>
     <D:propstat>
       <D:status>HTTP/1.1 200 OK</D:status>
       <D:prop>
         <D:supported-privilege-set>
           <D:supported-privilege>
             <D:privilege><D:all/></D:privilege>
             <D:abstract/>
             <D:description xml:lang="en">
	      Any operation</D:description>
             <D:supported-privilege>
               <D:privilege><D:read/></D:privilege>
               <D:description xml:lang="en">
		Read any object</D:description>
               <D:supported-privilege>
                 <D:privilege>
		  <D:read-current-user-privilege-set/></D:privilege>
                 <D:abstract/>
                 <D:description xml:lang="en">
		  Read current user privilege set property
		</D:description>
               </D:supported-privilege>
               <D:supported-privilege>
                 <D:privilege><C:read-free-busy/></D:privilege>
                 <D:description xml:lang="en">
		  Read free/busy time</D:description>
               </D:supported-privilege>
             </D:supported-privilege>
             <D:supported-privilege>
               <D:privilege><D:write/></D:privilege>
               <D:description xml:lang="en">
		Write any object</D:description>
               <D:supported-privilege>
                 <D:privilege><D:bind/></D:privilege>
                 <D:description xml:lang="en">
		  Add new member to collection</D:description>
               </D:supported-privilege>
               <D:supported-privilege>
                 <D:privilege><D:unbind/></D:privilege>
                 <D:description xml:lang="en">
		  Remove member from collection</D:description>
               </D:supported-privilege>
               <D:supported-privilege>
                 <D:privilege><D:write-properties/></D:privilege>
                 <D:description xml:lang="en">
		  Write properties</D:description>
               </D:supported-privilege>
               <D:supported-privilege>
                 <D:privilege><D:write-content/></D:privilege>
                 <D:description xml:lang="en">
		  Write resource content</D:description>
               </D:supported-privilege>
             </D:supported-privilege>
             <D:supported-privilege>
               <D:privilege><CY:admin/></D:privilege>
               <D:description xml:lang="en">
		Perform administrative operations</D:description>
               <D:supported-privilege>
                 <D:privilege><D:read-acl/></D:privilege>
                 <D:abstract/>
                 <D:description xml:lang="en">
		  Read ACL</D:description>
               </D:supported-privilege>
               <D:supported-privilege>
                 <D:privilege><D:write-acl/></D:privilege>
                 <D:abstract/>
                 <D:description xml:lang="en">
		  Write ACL</D:description>
               </D:supported-privilege>
               <D:supported-privilege>
                 <D:privilege><D:unlock/></D:privilege>
                 <D:abstract/>
                 <D:description xml:lang="en">
		  Unlock resource</D:description>
               </D:supported-privilege>
             </D:supported-privilege>
           </D:supported-privilege>
         </D:supported-privilege-set>
         <D:current-user-privilege-set>
           <D:privilege><D:read/></D:privilege>
           <D:privilege><C:read-free-busy/></D:privilege>
           <D:privilege><D:bind/></D:privilege>
           <D:privilege><D:unbind/></D:privilege>
           <D:privilege><D:write-properties/></D:privilege>
           <D:privilege><D:write-content/></D:privilege>
           <D:privilege><CY:admin/></D:privilege>
         </D:current-user-privilege-set>
       </D:prop>
     </D:propstat>
   </D:response>
</D:multistatus>


-- 
Kenneth Murchison
Principal Systems Software Engineer
Carnegie Mellon University

Received on Thursday, 25 August 2011 16:13:41 UTC