Synology CalDAV reports write permissions for read-only calendars



  • Hi,

    I have a calendar on my NAS that syncs just fine with Davdroid. But if I give read-only access (let's say for my girlfriend) it fails to sync on android. Not even read works. iPhone can handle this.

    Thanks in advance

    Michael


  • developer

    Hello,

    Thanks for this information. Or is there a question? If there is one, the actual question and further details would be useful.



  • @rfc2822 Sorry for being unclear.

    The easy question is: How can I add a read-only calendar? Sync currently fails due to "write access denied".

    Samsung S5. Android 4.4 root. Synology NAS with CalDav.

    If permission to calendar is set to r/w everything works fine.

    Thank you.


  • developer

    When you set up the account, read-only calendars should be marked as read-only in the setup dialog.

    Did you delete and add the calendar (= the account) again after changing the permissions?



  • @rfc2822 But I can't find an option to tell DavDroid it's a read-only calendar. Where is it?

    Yes. I changed permission prior to account setup.


  • developer

    DAVdroid detects read-only calendars and flags them as read-only, so that you can't insert/update its events.

    Maybe you can provide detailed steps to reproduce? Did you already search the Synology forums for this?



  • @rfc2822 Maybe it detects them. But it doesn't update them (not even reads them) saying "Sync error" and displays a comprehensive error message then. Access denied (of course).


  • developer

    @zoulhh Is there a "read-only" icon in the setup process next to the read-only calendars?

    Also, I don't know why, but I somehow think the error message could be useful.

    Did you already search the Synology forums for this?



  • @rfc2822 No. I did not search the synology forum for a DavDroid issue. Also, I don't know why, I think I posted the error message already. But for you, here it is again: Access denied.

    Anyways, I think the problem can not be solved by you. You're more in the putting-people-down stuff. So lets forget about it.


  • developer

    @zoulhh said:

    @rfc2822 No. I did not search the synology forum for a DavDroid issue. Also, I don't know why, I think I posted the error message already. But for you, here it is again: Access denied.

    Please post the whole debug info – see [Please read before posting] What's required to diagnose a problem. A two-word error message is not very helpful.

    Anyways, I think the problem can not be solved by you. You're more in the putting-people-down stuff. So lets forget about it.

    It was not my intention to put anybody down, so if you feel like that, I'm sorry. Please understand that we get "bug reports" every day which don't contain useful steps to reproduce, debug info, etc. Then I put effort into collecting all required information, and in most (of course not all) cases, it's a configuration or server problem, so hours and hours of my time are wasted just because people don't think it's worth the time to make a useful bug report (not against you, but in general).



  • @rfc2822 I'm sorry too. I admit, I was pissed and unfair.

    Ok, here's what I did for testing:

    I set up a calendar (named "Mick") on the Synology NAS. It is located in a folder where user "Marion" has read-only access. User "Mick" has rw access.

    I now added to accounts to my Samsung S5 mini using Davdroid. Both accounts point to calender "Mick". The first account is user "Mick" and that works well. The second is "Marion" and it doesn't sync. By the way, it is NOT marked as read only by DavDroid when adding it with the "Marion" account. The error occurs after user "Marion" edited a calendar entry made by user "Mick" (and DavDroid tries to sync it, which is not allowed of course).

    And here comes the error message (after failed sync):

    SYNCHRONIZATION INFO
    Synchronization phase: 4
    Account name: MickCal
    Authority: com.android.calendar
    
    HTTP REQUEST:
    PUT https://zoulhh.ddns.net:5006/web/calendar/Mick/Mick/679b1103-c90c-4bd8-8ca3-2e467ff2b191.ics
    Content-Length: 3291
    Content-Type: text/calendar;charset=utf-8
    If-Match: "525d90c4f10a8"
    
    BEGIN:VCALENDAR[CR][LF]
    VERSION:2.0[CR][LF]
    PRODID:+//IDN bitfire.at//DAVdroid/0.9.1.2 ical4android ical4j/2.x[CR][LF]
    BEGIN:VEVENT[CR][LF]
    DTSTAMP:20151201T170224Z[CR][LF]
    UID:679b1103-c90c-4bd8-8ca3-2e467ff2b191[CR][LF]
    SEQUENCE:1[CR][LF]
    DTSTART;TZID=Europe/Berlin:20151201T174524[CR][LF]
    DTEND;TZID=Europe/Berlin:20151201T174524[CR][LF]
    SUMMARY:Testio[CR][LF]
    STATUS:CONFIRMED[CR][LF]
    ORGANIZER:mailto:MickCAL[CR][LF]
    BEGIN:VALARM[CR][LF]
    TRIGGER:-PT30M[CR][LF]
    ACTION:DISPLAY[CR][LF]
    DESCRIPTION:Testio[CR][LF]
    END:VALARM[CR][LF]
    END:VEVENT[CR][LF]
    BEGIN:VTIMEZONE[CR][LF]
    TZID:Europe/Berlin[CR][LF]
    TZURL:http://tzurl.org/zoneinfo/Europe/Berlin[CR][LF]
    X-LIC-LOCATION:Europe/Berlin[CR][LF]
    BEGIN:DAYLIGHT[CR][LF]
    TZOFFSETFROM:+0100[CR][LF]
    TZOFFSETTO:+0200[CR][LF]
    TZNAME:CEST[CR][LF]
    DTSTART:19810329T020000[CR][LF]
    RRULE:FREQ=YEARLY;BYMONTH=3;BYDAY=-1SU[CR][LF]
    END:DAYLIGHT[CR][LF]
    BEGIN:STANDARD[CR][LF]
    TZOFFSETFROM:+0200[CR][LF]
    TZOFFSETTO:+0100[CR][LF]
    TZNAME:CET[CR][LF]
    DTSTART:19961027T030000[CR][LF]
    RRULE:FREQ=YEARLY;BYMONTH=10;BYDAY=-1SU[CR][LF]
    END:STANDARD[CR][LF]
    BEGIN:STANDARD[CR][LF]
    TZOFFSETFROM:+5328[CR][LF]
    TZOFFSETTO:+0100[CR][LF]
    TZNAME:CET[CR][LF]
    DTSTART:18930401T000000[CR][LF]
    RDATE;VALUE=DATE-TIME:18930401T000000[CR][LF]
    END:STANDARD[CR][LF]
    BEGIN:DAYLIGHT[CR][LF]
    TZOFFSETFROM:+0100[CR][LF]
    TZOFFSETTO:+0200[CR][LF]
    TZNAME:CEST[CR][LF]
    DTSTART:19160501T000000[CR][LF]
    RDATE;VALUE=DATE-TIME:19160501T000000[CR][LF]
    RDATE;VALUE=DATE-TIME:19170416T030000[CR][LF]
    RDATE;VALUE=DATE-TIME:19180415T030000[CR][LF]
    RDATE;VALUE=DATE-TIME:19400401T030000[CR][LF]
    RDATE;VALUE=DATE-TIME:19430329T030000[CR][LF]
    RDATE;VALUE=DATE-TIME:19440403T030000[CR][LF]
    RDATE;VALUE=DATE-TIME:19450402T030000[CR][LF]
    RDATE;VALUE=DATE-TIME:19460414T030000[CR][LF]
    RDATE;VALUE=DATE-TIME:19470406T040000[CR][LF]
    RDATE;VALUE=DATE-TIME:19480418T030000[CR][LF]
    RDATE;VALUE=DATE-TIME:19490410T030000[CR][LF]
    RDATE;VALUE=DATE-TIME:19800406T020000[CR][LF]
    END:DAYLIGHT[CR][LF]
    BEGIN:STANDARD[CR][LF]
    TZOFFSETFROM:+0200[CR][LF]
    TZOFFSETTO:+0100[CR][LF]
    TZNAME:CET[CR][LF]
    DTSTART:19161001T010000[CR][LF]
    RDATE;VALUE=DATE-TIME:19161001T010000[CR][LF]
    RDATE;VALUE=DATE-TIME:19170917T030000[CR][LF]
    RDATE;VALUE=DATE-TIME:19180916T030000[CR][LF]
    RDATE;VALUE=DATE-TIME:19421102T030000[CR][LF]
    RDATE;VALUE=DATE-TIME:19431004T030000[CR][LF]
    RDATE;VALUE=DATE-TIME:19441002T030000[CR][LF]
    RDATE;VALUE=DATE-TIME:19451118T030000[CR][LF]
    RDATE;VALUE=DATE-TIME:19461007T030000[CR][LF]
    RDATE;VALUE=DATE-TIME:19471005T030000[CR][LF]
    RDATE;VALUE=DATE-TIME:19481003T030000[CR][LF]
    RDATE;VALUE=DATE-TIME:19491002T030000[CR][LF]
    RDATE;VALUE=DATE-TIME:19800928T030000[CR][LF]
    RDATE;VALUE=DATE-TIME:19810927T030000[CR][LF]
    RDATE;VALUE=DATE-TIME:19820926T030000[CR][LF]
    RDATE;VALUE=DATE-TIME:19830925T030000[CR][LF]
    RDATE;VALUE=DATE-TIME:19840930T030000[CR][LF]
    RDATE;VALUE=DATE-TIME:19850929T030000[CR][LF]
    RDATE;VALUE=DATE-TIME:19860928T030000[CR][LF]
    RDATE;VALUE=DATE-TIME:19870927T030000[CR][LF]
    RDATE;VALUE=DATE-TIME:19880925T030000[CR][LF]
    RDATE;VALUE=DATE-TIME:19890924T030000[CR][LF]
    RDATE;VALUE=DATE-TIME:19900930T030000[CR][LF]
    RDATE;VALUE=DATE-TIME:19910929T030000[CR][LF]
    RDATE;VALUE=DATE-TIME:19920927T030000[CR][LF]
    RDATE;VALUE=DATE-TIME:19930926T030000[CR][LF]
    RDATE;VALUE=DATE-TIME:19940925T030000[CR][LF]
    RDATE;VALUE=DATE-TIME:19950924T030000[CR][LF]
    END:STANDARD[CR][LF]
    BEGIN:DAYLIGHT[CR][LF]
    TZOFFSETFROM:+0200[CR][LF]
    TZOFFSETTO:+0300[CR][LF]
    TZNAME:CEMT[CR][LF]
    DTSTART:19450524T020000[CR][LF]
    RDATE;VALUE=DATE-TIME:19450524T020000[CR][LF]
    RDATE;VALUE=DATE-TIME:19470511T030000[CR][LF]
    END:DAYLIGHT[CR][LF]
    BEGIN:DAYLIGHT[CR][LF]
    TZOFFSETFROM:+0300[CR][LF]
    TZOFFSETTO:+0200[CR][LF]
    TZNAME:CEST[CR][LF]
    DTSTART:19450924T030000[CR][LF]
    RDATE;VALUE=DATE-TIME:19450924T030000[CR][LF]
    RDATE;VALUE=DATE-TIME:19470629T030000[CR][LF]
    END:DAYLIGHT[CR][LF]
    BEGIN:STANDARD[CR][LF]
    TZOFFSETFROM:+0100[CR][LF]
    TZOFFSETTO:+0100[CR][LF]
    TZNAME:CET[CR][LF]
    DTSTART:19460101T000000[CR][LF]
    RDATE;VALUE=DATE-TIME:19460101T000000[CR][LF]
    RDATE;VALUE=DATE-TIME:19800101T000000[CR][LF]
    END:STANDARD[CR][LF]
    END:VTIMEZONE[CR][LF]
    END:VCALENDAR[CR][LF]
    
    
    HTTP RESPONSE:
    http/1.1 403 Forbidden
    Connection: Keep-Alive
    Content-Length: 265
    Content-Type: text/html; charset=iso-8859-1
    Date: Tue, 01 Dec 2015 17:02:25 GMT
    Keep-Alive: timeout=5, max=99
    OkHttp-Received-Millis: 1448989345076
    OkHttp-Selected-Protocol: http/1.1
    OkHttp-Sent-Millis: 1448989345023
    Server: Apache
    
    <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">[LF]
    <html><head>[LF]
    <title>403 Forbidden</title>[LF]
    </head><body>[LF]
    <h1>Forbidden</h1>[LF]
    <p>You don't have permission to access /web/calendar/Mick/Mick/679b1103-c90c-4bd8-8ca3-2e467ff2b191.ics[LF]
    on this server.</p>[LF]
    </body></html>[LF]
    
    
    STACK TRACE:
    at.bitfire.dav4android.exception.HttpException: 403 Forbidden
    at.bitfire.dav4android.exception.HttpException: 403 Forbidden
    at at.bitfire.dav4android.DavResource.checkStatus(DavResource.java:281)
    at at.bitfire.dav4android.DavResource.checkStatus(DavResource.java:286)
    at at.bitfire.dav4android.DavResource.put(DavResource.java:181)
    at at.bitfire.davdroid.syncadapter.SyncManager.uploadDirty(SyncManager.java:338)
    at at.bitfire.davdroid.syncadapter.SyncManager.performSync(SyncManager.java:159)
    at at.bitfire.davdroid.syncadapter.CalendarsSyncAdapterService$SyncAdapter.onPerformSync(CalendarsSyncAdapterService.java:58)
    at android.content.AbstractThreadedSyncAdapter$SyncThread.run(AbstractThreadedSyncAdapter.java:259)
    
    SOFTWARE INFORMATION
    DAVdroid version: 0.9.1.2 (86) Tue Dec 01 17:59:34 MEZ 2015
    Installed from: com.android.vending
    JB Workaround installed: no
    
    CONFIGURATION
    System-wide synchronization: automatically
    Account: MarionCal
      Address book sync. interval: —
      Calendar     sync. interval: 1440 min
      OpenTasks    sync. interval: —
    Account: MarionContacts
      Address book sync. interval: 1440 min
      Calendar     sync. interval: —
      OpenTasks    sync. interval: —
    Account: MickCal
      Address book sync. interval: —
      Calendar     sync. interval: 1440 min
      OpenTasks    sync. interval: —
    
    SYSTEM INFORMATION
    Android version: 4.4.2 (KOT49H.G800FXXU1AOG2)
    Device: Samsung SM-G800F (kminilte)
    

  • developer

    @zoulhh I'll try it on our Synology DSM (but it may take some time). Which DSM version and which software on your DSM do you use? Default CalDAV or an extra package like Baikal or Owncloud?



  • @rfc2822 Hi. It's DSM 5.2-5644 Update 1 and default CalDAV.


  • developer

    @zoulhh I have reproduced your setup and can confirm that there is a problem:

    1. Create a folder folder where user1 has r/w access and user2 has r/o access.
    2. Create a calendar calendar in folder.
    3. Accessing folder/calendar as user1 works as expected.
    4. When accessing folder/calendar as user2, the server reports r/w privileges although user2 has only read access. This resuls in your HTTP Forbidden error as soon as you make changes to the Android calendar and DAVdroid tries to synchronize these changes to the server.

    When querying the folder as read-only user (!):

    --> PROPFIND /folder1/test/ HTTP/1.1
    Depth: 1
    Content-Type: application/xml; charset=utf-8
    Content-Length: 384
    Host: diskstation.lan:5005
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: DAVdroid/0.9.1.2 (2015/12/06; dav4android) Android/4.4.2
    <?xml version='1.0' encoding='UTF-8' ?><propfind xmlns="DAV:" xmlns:CAL="urn:ietf:par\
    ams:xml:ns:caldav" xmlns:CARD="urn:ietf:params:xml:ns:carddav"><prop><CAL:supported-c\
    alendar-component-set /><resourcetype /><displayname /><current-user-privilege-set />\
    <n0:calendar-color xmlns:n0="http://apple.com/ns/ical/" /><CAL:calendar-description /\
    ><CAL:calendar-timezone /></prop></propfind>
    --> END PROPFIND (384-byte body)
    <-- HTTP/1.1 207 Multi-Status (24ms)
    Date: Sun, 06 Dec 2015 12:08:31 GMT
    Server: Apache
    Content-Length: 1339
    Keep-Alive: timeout=5, max=95
    Connection: Keep-Alive
    Content-Type: application/xml; charset="utf-8"
    OkHttp-Selected-Protocol: http/1.1
    OkHttp-Sent-Millis: 1449403494370
    OkHttp-Received-Millis: 1449403494394
    <?xml version="1.0" encoding="utf-8"?>
    <D:multistatus xmlns:D="DAV:" xmlns:ns3="http://apple.com/ns/ical/" xmlns:ns2="urn:ie\
    tf:params:xml:ns:caldav" xmlns:ns1="urn:ietf:params:xml:ns:carddav" xmlns:ns0="DAV:">
    <D:response xmlns:lp1="DAV:" xmlns:g0="urn:ietf:params:xml:ns:caldav" xmlns:g1="DAV:"\
     xmlns:g2="http://apple.com/ns/ical/">
    <D:href>/folder1/test/</D:href>
    <D:propstat>
    <D:prop>
    <lp1:resourcetype><x:calendar xmlns:x="urn:ietf:params:xml:ns:caldav"/><D:collection/\
    ></lp1:resourcetype>
    <lp1:current-user-privilege-set><D:privilege><D:all/></D:privilege>
    <D:privilege><D:read-acl/></D:privilege>
    <D:privilege><D:read/></D:privilege>
    <D:privilege><D:read-current-user-privilege-set/></D:privilege>
    <D:privilege><D:write-acl/></D:privilege>
    <D:privilege><D:unlock/></D:privilege>
    <D:privilege><D:write/></D:privilege>
    <D:privilege><D:write-content/></D:privilege>
    <D:privilege><D:write-properties/></D:privilege>
    <D:privilege><D:bind/></D:privilege>
    <D:privilege><D:unbind/></D:privilege>
    </lp1:current-user-privilege-set>
    </D:prop>
    <D:status>HTTP/1.1 200 OK</D:status>
    </D:propstat>
    <D:propstat>
    <D:prop>
    <g0:supported-calendar-component-set/>
    <g1:displayname/>
    <g2:calendar-color/>
    <g0:calendar-description/>
    <g0:calendar-timezone/>
    </D:prop>
    <D:status>HTTP/1.1 404 Not Found</D:status>
    </D:propstat>
    </D:response>
    </D:multistatus>
    

    The pretty-printed response is:

    <?xml version="1.0" encoding="utf-8"?>
    <D:multistatus xmlns:D="DAV:" xmlns:ns3="http://apple.com/ns/ical/" xmlns:ns2="urn:ietf:params:xml:ns:caldav" xmlns:ns1="urn:ietf:params:xml:ns:carddav" xmlns:ns0="DAV:">
    <D:response xmlns:lp1="DAV:" xmlns:g0="urn:ietf:params:xml:ns:caldav" xmlns:g1="DAV:" xmlns:g2="http://apple.com/ns/ical/">
    <D:href>/folder1/test/</D:href>
    <D:propstat>
        <D:prop>
            <lp1:resourcetype>
                <x:calendar xmlns:x="urn:ietf:params:xml:ns:caldav"/>
                <D:collection/>
            </lp1:resourcetype>
            <lp1:current-user-privilege-set>
                <D:privilege>
                    <D:all/>
                </D:privilege>
                <D:privilege>
                    <D:read-acl/>
                </D:privilege>
                <D:privilege>
                    <D:read/>
                </D:privilege>
                <D:privilege>
                    <D:read-current-user-privilege-set/>
                </D:privilege>
                <D:privilege>
                    <D:write-acl/>
                </D:privilege>
                <D:privilege>
                    <D:unlock/>
                </D:privilege>
                <D:privilege>
                    <D:write/>
                </D:privilege>
                <D:privilege>
                    <D:write-content/>
                </D:privilege>
                <D:privilege>
                    <D:write-properties/>
                </D:privilege>
                <D:privilege>
                    <D:bind/>
                </D:privilege>
                <D:privilege>
                    <D:unbind/>
                </D:privilege>
            </lp1:current-user-privilege-set>
        </D:prop>
        <D:status>HTTP/1.1 200 OK</D:status>
    </D:propstat>
    <D:propstat>
        <D:prop>
            <g0:supported-calendar-component-set/>
            <g1:displayname/>
            <g2:calendar-color/>
            <g0:calendar-description/>
            <g0:calendar-timezone/>
        </D:prop>
        <D:status>HTTP/1.1 404 Not Found</D:status>
    </D:propstat>
    </D:response>
    </D:multistatus>
    

    As you can see, the server reports the all and write permissions for the current user (which is the read-only user!).

    I have reported this error to Synology (ticket #712664).


  • developer

    Synology have responded to the ticket (German):

    eine explizite Rechtevergabe ist derzeit nicht möglich.
    Ich werde die Anfragen gerne an unser Entwicklungsteam weitergeben!
    Schließlich versuchen wir unsere Kundenwünsche zu erfüllen.
    Wann oder Ob die gewünschten Funktionen umgesetzt werden, weiß ich zu diesem Zeitpunkt natürlich nicht.

    So, to summarize, the Synology software doesn't support shared calendars with read-only permissions at the moment.

    @zoulhh I'm sorry that I can't offer a solution, but as you can see, this is not a DAVdroid problem.



  • @rfc2822 Thanks for your kind support anyways.


Log in to reply
 

Looks like your connection to Bitfire App Forums was lost, please wait while we try to reconnect.