andrew at morphoss
Feb 28, 2012, 11:15 AM
Post #2 of 3
(720 views)
Permalink
|
On Tue, 2012-02-28 at 13:05 +0100, Matthias Althaus wrote:
> Hey list,
>
> I've got a new issue and I'd like to know if there's an elegant
> solution for this:
>
> I've got users who are in groups. This data is mapped onto Davical.
> Each group has its own calendar. All regular users (like pupils) are
> only allowed to *read* their group calendars. This is the easy part
> which I can control with basic Caldav permissions.
>
> Now we have a separate privilege in our system which can be granted to
> groups and allows their members (like teachers) to *write* to their
> group calendars.
>
> Is there a way to map this to Davical without the need to grant each
> member of this extra groups the read privilege on the group calendars
> individually? Any "You're allowed to write to all your group
> collections"-permission I've overseen?
If the relationship is 'teacher' and 'students' then I would make the
calendar owned by the teacher, and grant read access to the students.
If the relationship is 'teachers' and 'students' then I would make the
calendar separately owned, and would grant 'write' to the 'teachers'
group and 'read' to the 'students' group.
If you need a layer of 'per class' on top of this then you'll have two
groups per class.
I can't see anything particularly difficult about this, but the process
of setting it up may not be ideal in the current DAViCal admin UI. It's
worth noting, maybe, that the 'class' calendars need not be owned by the
group - they would probably be better to be owned by one or more
separate principals, with the permissions granted by the calendar,
rather than by the principal.
Cheers,
Andrew.
--
------------------------------------------------------------------------
andrew (AT) morphoss (DOT) com +64(272)DEBIAN
Take an astronaut to launch.
------------------------------------------------------------------------
|
signature.asc
