| 44 | | Access control not quite right. The requirements are something like: |
|---|
| 45 | | |
|---|
| 46 | | Changes to access further up the tree should affect subtrees through inheritence |
|---|
| 47 | | i.e. on paths |
|---|
| 48 | | /user/douglm/special/calendar1 |
|---|
| 49 | | /user/douglm/special/calendar2 |
|---|
| 50 | | Setting access to read, authenticated on special should allow all authenticated |
|---|
| 51 | | users to read calendar1 and calendar2. |
|---|
| 52 | | |
|---|
| 53 | | However a specific access to calendar2 of none, johnsa should make calendar1 |
|---|
| 54 | | unreadable to johnsa but not anybody else. |
|---|
| 55 | | |
|---|
| 56 | | Also a specific access to special of none, johnsa should make calendar1 and |
|---|
| 57 | | calendar2 unreadable to johnsa but not anybody else. In addition if I add |
|---|
| 58 | | /user/douglm/special/calendar3 it should automatically take the same access |
|---|
| 59 | | rights, i.e. johnsa has no access. |
|---|
| 60 | | |
|---|
| 61 | | What if I already set none,schwag on 'douglm', that is set the default access |
|---|
| 62 | | for all my stuff to none, schwag? |
|---|
| 63 | | |
|---|
| 64 | | It seems that to calculate access we need to go up the tree accumulating |
|---|
| 65 | | SPECIFIC access rights till we reach the root - which has the default access. |
|---|
| 66 | | |
|---|
| 67 | | At that point we determine the access the user has based on those acls. |
|---|
| 68 | | |
|---|
| 69 | | We should set a flag in the acl indicating if this is an inherited acl. Webdav |
|---|
| 70 | | likes to know this. Also when a user is chaging access they want to know if the |
|---|
| 71 | | current access is inherited or set in the object. They may want to isolate an |
|---|
| 72 | | object from changes above it by explicitly setting access rights. |
|---|
| 73 | | |
|---|
| 74 | | Also, we need a lot of caching - this is a frequent operation. Within a single |
|---|
| 75 | | request, we can build a table of calculated acls with the path (and owner) as |
|---|
| 76 | | the key. |
|---|
| 77 | | |
|---|
| 78 | | Don't forget the case of referenced events. We may be looking in |
|---|
| 79 | | /user/douglm/special/calendar1 |
|---|
| 80 | | but the actual event may be in |
|---|
| 81 | | /user/johnsa/calendar |
|---|
| 82 | | |
|---|
| 83 | | (Isn't it the case though, that the path defines the owner) |
|---|
| 84 | | |
|---|
| 85 | | The frequent searches are going to be for BwCalendar objects. These should be |
|---|
| 86 | | cached by hibernate. In additon we should cache all calculated acls for a given |
|---|
| 87 | | path, along with a checksum of some kind - the sum of the seq values on the path |
|---|
| 88 | | maybe. We could get the whole path - if the sum is the same don't rebuild acl. |
|---|
| 89 | | |
|---|
| 90 | | Process for checking access becomes something like: |
|---|
| 91 | | |
|---|
| 92 | | Check the table for the merged access for the current path. For an event the |
|---|
| 93 | | path is that of the containing calendar. For calendars it's the path to the |
|---|
| 94 | | object itself. |
|---|
| 95 | | |
|---|
| 96 | | If the path does not exist, create a merged Acl and add it to the table. |
|---|
| 97 | | |
|---|
| 98 | | For an event if there is any access info in the event create a merged acl. |
|---|
| 99 | | For an event with no access info or a calendar just use the path acl. |
|---|
| 100 | | |
|---|
| 101 | | Check the access against the acl. |
|---|
| 102 | | |
|---|
| 103 | | This step can be optimised further by keeping the result of checks against that |
|---|
| 104 | | path with that principal. |
|---|
| 472 | | * <p>Some notes on DTSTART and DTEND from caldav mail-list exchanges |
|---|
| 473 | | * <pre> |
|---|
| 474 | | * -------------------------------------------------------------------- |
|---|
| 475 | | * rfc2445 is unclear if the DTEND is inclusive or exclusive when both the |
|---|
| 476 | | * DTSTART and DTEND are DATEs. |
|---|
| 477 | | * -------------------------------------------------------------------- |
|---|
| 478 | | * Afaik RFC 2445 does not say anything about allday events, but in all |
|---|
| 479 | | * implementations I have seen so far the DTEND is exclusive. |
|---|
| 480 | | * |
|---|
| 481 | | * Example for a one day allday event on Jul 15: |
|---|
| 482 | | * |
|---|
| 483 | | * DTSTART;VALUE=DATE:20050715 |
|---|
| 484 | | * DTEND;VALUE=DATE:20050716 |
|---|
| 485 | | * |
|---|
| 486 | | * Think of this being another form for midnight to midnight local time: |
|---|
| 487 | | * |
|---|
| 488 | | * DTSTART:20050715T000000 |
|---|
| 489 | | * DTEND:20050716T000000 |
|---|
| 490 | | * |
|---|
| 491 | | * Carsten |
|---|
| 492 | | * -------------------------------------------------------------------- |
|---|
| 493 | | * To find the language about this, you have to look in the (not |
|---|
| 494 | | * intuitively located) VEVENT definition. It says: |
|---|
| 495 | | * |
|---|
| 496 | | * The "DTSTART" property for a "VEVENT" specifies the inclusive start |
|---|
| 497 | | * of the event. For recurring events, it also specifies the very first |
|---|
| 498 | | * instance in the recurrence set. The "DTEND" property for a "VEVENT" |
|---|
| 499 | | * calendar component specifies the non-inclusive end of the event. |
|---|
| 500 | | * |
|---|
| 501 | | * It doesn't say anything specific about DATE valued events, so DTEND is |
|---|
| 502 | | * always exclusive. |
|---|
| 503 | | * |
|---|
| 504 | | * In practice, Apple's iCal always exports one-day all-day events with an |
|---|
| 505 | | * explicit DTEND of the day after the start. I scratched my head about |
|---|
| 506 | | * that for a while, too, till I looked in VEVENT. |
|---|
| 507 | | * |
|---|
| 508 | | * Sincerely, Jeffrey Harris |
|---|
| 509 | | * -------------------------------------------------------------------- |
|---|
| 510 | | * Which also makes sense with the DATETIME case (i.e. a 'ponctual' event): |
|---|
| 511 | | * "For cases where a "VEVENT" calendar component |
|---|
| 512 | | * specifies a "DTSTART" property with a DATE-TIME data type but no |
|---|
| 513 | | * "DTEND" property, the event ends on the same calendar date and time |
|---|
| 514 | | * of day specified by the "DTSTART" property. |
|---|
| 515 | | * |
|---|
| 516 | | * > In practice, Apple's iCal always exports .... |
|---|
| 517 | | * |
|---|
| 518 | | * |
|---|
| 519 | | * I'm not sure it's 'always'. I think that with our implementation you might get in |
|---|
| 520 | | * some cases a one-day DATE valued event without a DTEND. |
|---|
| 521 | | * -------------------------------------------------------------------- |
|---|
| 522 | | * Then please see the following mail by Frank Dawson, who is one of the original |
|---|
| 523 | | * authors of rfc 2445: |
|---|
| 524 | | * http://www.imc.org/ietf-calendar/archive1/msg03648.html |
|---|
| 525 | | * |
|---|
| 526 | | * In particular: |
|---|
| 527 | | * >I agree that the RFC does not seem very clear for the DTEND of an event. |
|---|
| 528 | | * >A clarificaiton on the meaning of the term "non-inclusive" would be good. |
|---|
| 529 | | * >Editors? |
|---|
| 530 | | * >I would think that if an event had DTSTART:199900801 and DTEND:19990802 |
|---|
| 531 | | * >then that would equal 2 full days of busy time |
|---|
| 532 | | * (from 19990801000000Z to 19990802235959. Correct? |
|---|
| 533 | | * |
|---|
| 534 | | * We explicitly got feedback to add the "non-inclusive" term. |
|---|
| 535 | | * It means up to "T235959". Yes, you are correct in your interpretation. |
|---|
| 536 | | * Similarly, a DTSTART;VALUE=DATE:19990730 means "-T000000" to "-T235959". |
|---|
| 537 | | * |
|---|
| 538 | | * I found this mail only recently, and so far (from KDE 3.1 until 3.4.2) we |
|---|
| 539 | | * (Korganizer and Kontact resp.)also interpreted non-inclusive to mean that |
|---|
| 540 | | * DTEND should be the first date after the event. A while ago I also talked |
|---|
| 541 | | * with one of the evolution developers and he agreed that if Frank's mail is |
|---|
| 542 | | * true, we might have misunderstood rfc 2445. |
|---|
| 543 | | * |
|---|
| 544 | | * So, the question is now what to do about this. Shall we stick to the |
|---|
| 545 | | * interpretation that "non-inclusive" means that DTEND needs to be first date |
|---|
| 546 | | * after the item? Or shall we use the correct interpretation from now on? |
|---|
| 547 | | * |
|---|
| 548 | | * The reason I'm asking is that we are releasing KDE 3.5 shortly, and currently |
|---|
| 549 | | * I fixed it to use Frank's interpretation. |
|---|
| 550 | | * -------------------------------------------------------------------- |
|---|
| 551 | | * |
|---|
| 552 | | * Wow. You're right, it looks like their intention was for non-inclusive |
|---|
| 553 | | * to mean not including the last minute of but including the rest of the |
|---|
| 554 | | * day. That's sure not the way I read that language, so lets come up with |
|---|
| 555 | | * better language for 2445bis as Lisa suggests. |
|---|
| 556 | | * |
|---|
| 557 | | * It seems to me that there's lots of iCal data out there with the |
|---|
| 558 | | * "doesn't include the whole day" interpretation, I suspect Outlook does |
|---|
| 559 | | * the same thing. So I'd suggest we change the language in 2445bis to say |
|---|
| 560 | | * something like: |
|---|
| 561 | | * |
|---|
| 562 | | * "When a DATE value is used for DTEND no time during the given day is |
|---|
| 563 | | * included in the component, so |
|---|
| 564 | | * |
|---|
| 565 | | * DTSTART;VALUE=DATE:20050101 |
|---|
| 566 | | * DTEND;VALUE=DATE:20050102 |
|---|
| 567 | | * |
|---|
| 568 | | * represents a 24 hour period." |
|---|
| 569 | | * |
|---|
| 570 | | * It's too bad there's data in the wild that means this, I really think |
|---|
| 571 | | * dates for dtends would adhere to common usage better if they were |
|---|
| 572 | | * inclusive, but ce la vies. |
|---|
| 573 | | * |
|---|
| 574 | | * Sincerely, Jeffrey Harris |
|---|
| 575 | | * -------------------------------------------------------------------- |
|---|
| 576 | | |
|---|
| 577 | | But there are other places in rfc 2445 which suggest that the DTEND is the |
|---|
| 578 | | last date of the event: |
|---|
| 579 | | |
|---|
| 580 | | Sec 4.6.1: "The anniversary type of |
|---|
| 581 | | "VEVENT" can span more than one date (i.e, "DTEND" property value is |
|---|
| 582 | | set to a calendar date after the "DTSTART" property value)." |
|---|
| 583 | | |
|---|
| 584 | | In particular that last sentence says that it's a multi-day event if DTEND is |
|---|
| 585 | | not eqal to DTSTART, so your example from below is a two-day event. |
|---|
| 586 | | |
|---|
| 587 | | Sec 4.6.1: "For cases where a "VEVENT" calendar component specifies a "DTSTART" |
|---|
| 588 | | property with a DATE data type but no "DTEND" property, the events |
|---|
| 589 | | non-inclusive end is the end of the calendar date specified by the |
|---|
| 590 | | "DTSTART" property. |
|---|
| 591 | | |
|---|
| 592 | | This last sentence is a strong indication that "non-inclusive" was intended to |
|---|
| 593 | | be understood the way Frank explained. |
|---|
| 594 | | |
|---|
| 595 | | The problem then is that DTEND and DURATION are not required. If you have only |
|---|
| 596 | | a DTSTART, e.g. |
|---|
| 597 | | |
|---|
| 598 | | DTSTART;VALUE=DATE:20050101 |
|---|
| 599 | | |
|---|
| 600 | | the above quote says that this is equivalent to |
|---|
| 601 | | |
|---|
| 602 | | DTSTART;VALUE=DATE:20050101 |
|---|
| 603 | | DTEND;VALUE=DATE:20050101 |
|---|
| 604 | | |
|---|
| 605 | | How would you have to understand this? And what would be the difference to |
|---|
| 606 | | |
|---|
| 607 | | DTSTART;VALUE=DATE:20050101 |
|---|
| 608 | | DTEND;VALUE=DATE:20050102 |
|---|
| 609 | | |
|---|
| 610 | | Cheers, Reinhold |
|---|
| 611 | | * -------------------------------------------------------------------- |
|---|
| 612 | | If we followed what I believe iCal is doing (and what I have done in |
|---|
| 613 | | Chandler, following iCal, but Chandler's not shipping so it can change |
|---|
| 614 | | however we want), there would be no semantic difference between the |
|---|
| 615 | | three examples above. |
|---|
| 616 | | |
|---|
| 617 | | I'll freely admit I have lots of special casing in Chandler to deal with |
|---|
| 618 | | this oddity, I'd be delighted to get rid of it. Unfortunately, I think |
|---|
| 619 | | given how widespread the above (admittedly not the intended by the |
|---|
| 620 | | authors) interpretation is in actual use, we need to work with it for |
|---|
| 621 | | VERSION:2.0 iCalendar. |
|---|
| 622 | | |
|---|
| 623 | | We should probably find out what different implementations are doing |
|---|
| 624 | | what with VALUE=DATE events at the upcoming CalConnect... Perhaps if |
|---|
| 625 | | it's just iCal, we could special case anything old iCal data, but that |
|---|
| 626 | | sounds like a nightmare to me. |
|---|
| 627 | | |
|---|
| 628 | | Sincerely, Jeffrey |
|---|
| 629 | | * -------------------------------------------------------------------- |
|---|
| 630 | | I treat DTEND as always being exclusive in iCalendar data - even for date-only |
|---|
| 631 | | values. However, when a user edits or creates an 'all-day' event, the |
|---|
| 632 | | displayed end time is actually the inclusive end. So I basically map between |
|---|
| 633 | | inclusive/exclusive values for display purposes because I found inclusive |
|---|
| 634 | | end to be more intuitive for users. i.e it makes more sense that a two day |
|---|
| 635 | | event starts on Monday and ends on Tuesday, than it does to start on Monday |
|---|
| 636 | | and end on Wednesday (the exclusive option). |
|---|
| 637 | | |
|---|
| 638 | | Cyrus Daboo |
|---|
| 639 | | * -------------------------------------------------------------------- |
|---|
| 640 | | Unfortunately it's not just iCal. Just to name a few others that do the same |
|---|
| 641 | | thing: Evolution, Sunbird, Outlook/MSN and the next release of the Scalix |
|---|
| 642 | | server. Some vendors (Microsoft for example) also introduced their own property |
|---|
| 643 | | to explicitely mark an event as all-day. |
|---|
| 644 | | * -------------------------------------------------------------------- |
|---|
| 645 | | Where does it leave us? |
|---|
| 646 | | |
|---|
| 647 | | DATE-TIME start, no end -- zero time at indicated time |
|---|
| 648 | | DATE-TIME start, DATE end -- is that allowed, means remainder of day? |
|---|
| 649 | | DATE-TIME start, DATE-TIME end -- from start, up to, not including end |
|---|
| 650 | | DATE start -- all day event |
|---|
| 651 | | DATE start, DATE end -- end - start + 1 all day(s) |
|---|
| 652 | | * -------------------------------------------------------------------- |
|---|
| 653 | | * </pre> |
|---|
| 654 | | -------------------------------------------------------------------------------- |
|---|
| 655 | | -------------------------------------------------------------------------------- |
|---|
| 656 | | -------------------------------------------------------------------------------- |
|---|
| 657 | | |
|---|
| | 409 | -------------------------------------------------------------------------------- |
|---|
| | 410 | -------------------------------------------------------------------------------- |
|---|
| | 411 | -------------------------------------------------------------------------------- |
|---|
| | 412 | |
|---|
