Writing in a calendar without permissions completely bricks sync



  • In i.e. Owncloud, it's possible to share calendars with other users as read-only. If a calendar is shared to you (the davdroid user) as read-only, davdroid doesn't quite handle it gracefully yet.

    1. In the android calendar, create an event in a calendar that you don't have write access to, or edit an existing event in that calendar (this can be as small as marking 'attending' as yes/no)

    2. Force a sync

    Calendar sync is now completely bricked. On the server end I can see a http forbidden error:

    "PUT /remote.php/caldav/calendars/user/defaultcalendar_shared_by_user/owncloud-1253411a506f5b7dkfjifdkfdfj.ics HTTP/1.0" 403 1229 "-" "DAVdroid/0.5.2-alpha"
    

    No further events are synced from the server -> davdroid or davdroid -> server.

    Possible fixes:

    1. Gracefully handle http 403 errors (continue syncing other events)
    2. Show a notification if an error occurs during sync/if the calendar hasn't been able to sync for longer than a certain period
    3. If this is possible: detect that a certain calendar is read-only and don't allow the user to write to it in the first place

  • developer

    Thanks for the report. I'll classify this as an "enhancement" because of course, two-way-sync (which is the intended way of using DAVdroid) can't work with read-only calendars.


  • developer

    Commited. Read-only calendars are now

    • detected (when possible),
    • reported as read-only to Android, meaning you can't enter/change events in these calendars anymore,
    • a hard ParseException (Android "sync problems with this account" message) is shown when there are HTTP errors, including 403, indicating account problems.

    If the calendar privileges change, i.e. the write permission is removed after adding the account in DAVdroid, there will still only be the "sync problems with this account" message.

    In my opinion, it doesn't make sense to continue syncing events in such a case, because a two-way synchronization is not defined on a read-only resource and you might rather fix the permissions on server-side.



  • I have added a calendar that was detected as read-only by DAVdroid. However, I do get persistent 403 errors with one of my CardDAV accounts.

    I would guess they are caused by some automated process, probably the automatic linking of similar contacts from different accounts.

    Would it be possible for DAVdroid to ignore writes on read-only accounts, at least after the first 403 message was confirmed by the user?

    (The expanded message is <AccountName>: at.bitfire.davdroid.webdav.HttpException: 403 Forbidden at at.bitfire.davdroid.bebdav.WebDavResource.checkResponse(WebDavResource.java:419) at at.bitfire.davdroid.webdav.WebDavResourc … (it ends here, so not really helpful). I am running DAVdroid on a Samsung with Android 4.4.4)


  • developer

    I have added a calendar that was detected as read-only by DAVdroid. However, I do get persistent 403 errors with one of my CardDAV accounts.

    DAVdroid only detects read-only calendars and not address books because there's not way to tell Android that an address book (= the contacts of an account) are read-only.



  • That's not true. My version of DAVdroid (0.6.11) definitely shows a no-write symbol beside my read-only address books and adds "(schreibgeschützt)" between the address book name and URL. I'll happily send you a screen shot.

    (I did not notice that this bug is calendar-only. Should I open a new one?)


  • developer

    That's not true. My version of DAVdroid (0.6.11) definitely shows a no-write symbol beside my read-only address books and adds "(schreibgeschützt)" between the address book name and URL. I'll happily send you a screen shot.

    It may show this symbol, but it can't set a "read-only" flag for Android because Android doesn't have an "address book" table, only contacts. So DAVdroid is able to detect that the server-side addressbook is read-only, but it doesn't have any possibility to prevent Android to write to this account's contacts.

    (I did not notice that this bug is calendar-only. Should I open a new one?)

    Yes, please. But I don't know whether it is even possible with Android to have read-only address books. But we can discuss this in a new issue because it's not related to calendars (read-only calendars ARE possible).


Log in to reply
 

Looks like your connection to Bitfire App Forums was lost, please wait while we try to reconnect.