[Freedombox-discuss] Radicale User rights

francois francois at avalenn.eu
Wed Apr 27 19:08:07 UTC 2016 

On Wed, Apr 27, 2016 at 08:00:03PM +0200, Dietmar wrote:
> Merci bien Francois,

Avec plaisir.

> I will copy your rights for the owner, but I could not find the general
> syntax of this file.

Documentation is poor for my taste too, I found this one :
http://radicale.org/user_documentation/#idfrom-file

> Can I do something like
> 
> >         user: User1,User2,User3
> >         collection: ^.*/OurCalendar.ics
> >         permission: rw

If I understood the documentation correctly it should be :
   user: ^(User1|User2|User3)$

The value is a regexp that the username must match.

> This is an intermediate solution I can do, but to have radicale on a
> level where uneducated users can define access rights, I think this
> feature has to be added into plinth.

I think indeed that we need something to manage this sort of
use-cases.

I personnaly think that a general way to manage groups would be useful
to several freedombox applications, but this is probably overkill for
this specific use-case.

François.

P.S. and just for reference I put here my configuration file for
radicale for using LDAP as a backend as I did not see specific
documentation on this elsewhere :

$ grep -v '^#' /etc/radicale/config  | grep -v '^ *$'
    [server]
    hosts = [::1]:5232
    base_prefix = /radicale/
    realm = FreedomBox Login
    [encoding]
    [well-known]
    [auth]
    type = LDAP
    ldap_url = ldap://localhost:389/
    ldap_base = ou=users,dc=thisbox
    ldap_attribute = uid
    ldap_binddn = uid=radicaleAdmin,ou=users,dc=thisbox
    ldap_password = ****
    [git]
    [rights]
    type = from_file
    file = /etc/radicale/rights
    [storage]
    type = filesystem
    filesystem_folder = /var/lib/radicale/collections
    [logging]
    [headers]




> Am Mittwoch, den 27.04.2016, 10:09 +0200 schrieb francois at avalenn.eu:
> > Yes, and I did not find the way to fulfil it with Radicale when using
> > it with LDAP backend for authentication.
> > 
> > My current approach is to have three types of calendars :
> >   - private (default) which are accessible only to the owner
> >   - shared which are accessible to all the people having an account on
> >     my freedombox
> >   - public which are accessible to everyone with internet access
> > 
> > The corresponding rights configuration file is :
> > 
> >         # This means all users may read and write any collection starting with public.
> >         # We do so by just not testing against the user string.
> >         [public]
> >         user: .*
> >         collection: ^.*/public.*$
> >         permission: rw
> >         
> >         # partage is like public but for authenticated users
> >         [shared]
> >         user: .+
> >         collection: ^.*/shared_.*$
> >         permission: rw
> >         
> >         # Give write access to owners
> >         [owner-write]
> >         user: .+
> >         collection: ^%(login)s/.+$
> >         permission: rw
> > 
> > François

More information about the Freedombox-discuss mailing list