[Freedombox-discuss] Radicale User rights

francois at avalenn.eu francois at avalenn.eu
Wed Apr 27 08:09:04 UTC 2016 

On Tue, Apr 26, 2016 at 08:07:29PM +0200, Dietmar wrote:
> I am currently playing with radicale, clients are Evolution and an
> Android phone with DAVDroid (was more stable than caldav).
> My use case is that I have one calender (just successfully migrated from
> owncloud) for my family, where we all have read and write access to.
> Now I want to add another calender for friends to organize trips and a
> personal task list (Evolution and OpenTasks). The problem of course is
> that all users have the same rights on all calenders, so my friends
> could read my personal tasks and the family calendar.
> 
> Changing this is apparently not so easy as the calendars are managed by
> radicale, not the FBx. 
> I have been wondering if one should not be able to define groups
> manually (such as "familyCalender", "friendsCalendar"), assign users to
> these groups, the calendars to the groups and then set the corresponding
> rights in the radicale configuration. This probably is a heavy user
> interface.
> 
> Does anyone else have such a use case as me?

Yes, and I did not find the way to fulfil it with Radicale when using
it with LDAP backend for authentication.

My current approach is to have three types of calendars :
  - private (default) which are accessible only to the owner
  - shared which are accessible to all the people having an account on
    my freedombox
  - public which are accessible to everyone with internet access

The corresponding rights configuration file is :

        # This means all users may read and write any collection starting with public.
        # We do so by just not testing against the user string.
        [public]
        user: .*
        collection: ^.*/public.*$
        permission: rw
        
        # partage is like public but for authenticated users
        [shared]
        user: .+
        collection: ^.*/shared_.*$
        permission: rw
        
        # Give write access to owners
        [owner-write]
        user: .+
        collection: ^%(login)s/.+$
        permission: rw

François

More information about the Freedombox-discuss mailing list