No announcement yet.

setting at server level default permissions for user calendars

  • Filter
  • Time
  • Show
Clear All
new posts

  • setting at server level default permissions for user calendars


    I would like to change default permissions that are set for the user's "Calendar". I would like these default permissions to give all users a read only view on "Calendar". This would be set when the account is created. Then every user would have the right to modify the permissions if needed.

    I couldn't find any place in the configuration files for that. Any idea on how to do this?

    Thank you in advance,


  • #2
    Hi Michaël,

    this is a very custom modification and nothing we support through a configuration option or anything else. Please be aware that this will most likely break a lot of logic and function of the groupware system. It's not only about the GUI, but also about other clients that use the API and ultimately the database (Outlook, Mobility...).

    You *could* change the folder permissions on a database level, but the owner of the folder still has administration permission to assign elevated permissions for the folder to himself. Changing the source code would be another option.

    The success of such a modification can and will not be guaranteed nor supported. It's quite possible that updates will destroy the custom setup because of database update tasks that repair broken datasets. If you really need this customization, you might contact our sales or professional services team to place a work order or feature request for this specific case.

    Last edited by Martin Heiland; 08-05-2010, 03:46 PM.


    • #3
      Hi Martin,

      Thank you for your prompt answer.

      I believe that my initial description was actually not precise enough. I want to do the following; on each user "Calendar", set the following permissions:

      - own permissions:
      * Admin: Yes
      * Folder, Read, Modify, Delete Rights: Admin

      - All Users:
      * Admin: No
      * Folder Rights: see
      * Read Rights: all
      * Modify, Delete Rights: none

      That wouldn't break anything, would it?

      Thank you,



      • #4
        Yep, if you do this through the HTTP API it will not break anything. It's enough to set "Visible Folder" folder permissions to enable "read-only" mode on this folder. My guess was, that you wanted to lock the user with a readonly calendar.

        Note that modifications through the HTTP API require knowledge of the users credentials. If you create the user and change it at once, you most likely have those. Check the API doc for more details on changing folder permissions:



        • #5
          Right, I had indeed identified the HTTP API as a potential way to do that.

          The issue is that users are authenticated using LDAP, so I don't have access to their credentials, even when I create their account.

          So for the moment it looks like the user is the only one who can modify the permissions associated to his calendar, which is not ideal as I would like to avoid having users take care of company wide configuration work.

          Could that configuration work be handled for example by a plugin that would run once the user is authenticated? Or by some other way?




          • #6
            For the record, I finally managed to set the same user calendar permissions using a plugin. The general description on how to create a plugin can be found here:

            Additional information on ox.JSON can be found here:

            And here is a draft version of the register.js file. I should obviously be improved, but it already gives the general idea of the approach.

            var all_users_id;
            var root_folder_id;
            var user_calendar_id;
            var user_calendar_timestamp;
            // entry point for the initialization
            function start_user_env_initialization() {
               // set proper permissions on user Calendar so that the calendar is visible
               // by everyone
            function set_default_user_calendar_permissions() {
               // search for the id of the "All users" group
               ox.JSON.put(AjaxRoot + "/group?action=search&session=" + session, {"pattern":"All users"}, all_users_ok, operation_nok, false);
               // search for the id of the user's main calendar
               ox.JSON.get(AjaxRoot + "/folders?action=root&session=" + session + "&columns=1,300,301", root_folder_ok, operation_nok, false);
            function change_user_calendar_permissions() {
               // change access rights of user Calendar folder
               // permission bits set to 403710016 correspond to:
               //    - all persmissions everywhere
               //    - admin flag set
               // 01000000100000010000001000000
               // permission bits set to 257 correspond to:
               //    - see the folder => 0000001
               //    - read all objects => 0000010
               //    - no permission to modify
               //    - no permission to delete
               // which leads to the following set of bits:
               // 00000100000001 => 257
               // user should have admin rights
               // All users should have read-only permissions
               var calendar_permissions =
                  '{"permissions": [\
                      "entity":"' + config.identifier + '",\
                      "entity":"' + all_users_id + '",\
               // transform the string into a JSON object
               var JSON_calendar_permissions = eval('(' + calendar_permissions + ')');
               // change calendar permissions
               ox.JSON.put(AjaxRoot + "/folders?action=update&session=" + session + "&id=" + user_calendar_id + "&timestamp=" + user_calendar_timestamp, JSON_calendar_permissions, change_access_rights_ok, operation_nok, true);
            function root_folder_ok(reply) {
               // root folder objectId is the first item in the column retrieved, as
               // requested by the JSON query
               root_folder_id =[0][0]
               ox.JSON.get(AjaxRoot + "/folders?action=list&session=" + session + "&parent="+ root_folder_id + "&allowed_modules=calendar&columns=1,300,301,6", user_folder_ok, operation_nok, false);
            // try to find a folder named "Calendar" and put its corresponding Id in
            // user_calendar_id
            function user_folder_ok(reply) {
               for (r in {
                  if ([r][1] == "Calendar") {
                     user_calendar_id =[r][0];
                     user_calendar_timestamp =[r][3];
            function change_access_rights_ok(reply) {
            function all_users_ok(reply) {
               all_users_id =[0].id;