- From: Ken Murchison <murch@andrew.cmu.edu>
- Date: Thu, 25 Aug 2011 12:04:13 -0400
- To: w3c-dist-auth@w3.org
Folks,
Still a relative DAV newbie and trying to wrap my head around RFC 3744.
If I have an implementation where DAV:read-current-user-privilege-set
can not be split from DAV:read, and DAV:read-acl, DAV:write-acl,
DAV:unlock can not be separated from one another, is the response below
correct?
I have DAV:read-current-user-privilege-set as abstract under DAV:read,
and I have DAV:read-acl, DAV:write-acl, DAV:unlock all as abstract under
a private aggregate right CYRUS:admin.
Actually, looking at this again, since all of the member privileges
contained in the DAV:write aggregate have been granted to the current
user, should DAV:write also be listed?
<?xml version="1.0" encoding="utf-8"?>
<D:multistatus xmlns:D="DAV:" xmlns:C="urn:ietf:params:xml:ns:caldav"
xmlns:CY="http://cyrusimap.org/ns/">
<D:response>
<D:href>/calendars/user/ken/events/</D:href>
<D:propstat>
<D:status>HTTP/1.1 200 OK</D:status>
<D:prop>
<D:supported-privilege-set>
<D:supported-privilege>
<D:privilege><D:all/></D:privilege>
<D:abstract/>
<D:description xml:lang="en">
Any operation</D:description>
<D:supported-privilege>
<D:privilege><D:read/></D:privilege>
<D:description xml:lang="en">
Read any object</D:description>
<D:supported-privilege>
<D:privilege>
<D:read-current-user-privilege-set/></D:privilege>
<D:abstract/>
<D:description xml:lang="en">
Read current user privilege set property
</D:description>
</D:supported-privilege>
<D:supported-privilege>
<D:privilege><C:read-free-busy/></D:privilege>
<D:description xml:lang="en">
Read free/busy time</D:description>
</D:supported-privilege>
</D:supported-privilege>
<D:supported-privilege>
<D:privilege><D:write/></D:privilege>
<D:description xml:lang="en">
Write any object</D:description>
<D:supported-privilege>
<D:privilege><D:bind/></D:privilege>
<D:description xml:lang="en">
Add new member to collection</D:description>
</D:supported-privilege>
<D:supported-privilege>
<D:privilege><D:unbind/></D:privilege>
<D:description xml:lang="en">
Remove member from collection</D:description>
</D:supported-privilege>
<D:supported-privilege>
<D:privilege><D:write-properties/></D:privilege>
<D:description xml:lang="en">
Write properties</D:description>
</D:supported-privilege>
<D:supported-privilege>
<D:privilege><D:write-content/></D:privilege>
<D:description xml:lang="en">
Write resource content</D:description>
</D:supported-privilege>
</D:supported-privilege>
<D:supported-privilege>
<D:privilege><CY:admin/></D:privilege>
<D:description xml:lang="en">
Perform administrative operations</D:description>
<D:supported-privilege>
<D:privilege><D:read-acl/></D:privilege>
<D:abstract/>
<D:description xml:lang="en">
Read ACL</D:description>
</D:supported-privilege>
<D:supported-privilege>
<D:privilege><D:write-acl/></D:privilege>
<D:abstract/>
<D:description xml:lang="en">
Write ACL</D:description>
</D:supported-privilege>
<D:supported-privilege>
<D:privilege><D:unlock/></D:privilege>
<D:abstract/>
<D:description xml:lang="en">
Unlock resource</D:description>
</D:supported-privilege>
</D:supported-privilege>
</D:supported-privilege>
</D:supported-privilege-set>
<D:current-user-privilege-set>
<D:privilege><D:read/></D:privilege>
<D:privilege><C:read-free-busy/></D:privilege>
<D:privilege><D:bind/></D:privilege>
<D:privilege><D:unbind/></D:privilege>
<D:privilege><D:write-properties/></D:privilege>
<D:privilege><D:write-content/></D:privilege>
<D:privilege><CY:admin/></D:privilege>
</D:current-user-privilege-set>
</D:prop>
</D:propstat>
</D:response>
</D:multistatus>
--
Kenneth Murchison
Principal Systems Software Engineer
Carnegie Mellon University
Received on Thursday, 25 August 2011 16:13:41 UTC