[Cosmo-dev] testing with the same .ics files

[Jeffrey Harris]

Hi Brian,

> the right way to solve this is two-fold:
> 
> #1: clients don't re-use uuids from other sources
> 
> #2: the server implements, among other security restrictions, per-item
> permissions checking so that only people who have explicit write
> access to an item can make changes to it
> 
> we've had this discussion before, you know.

Indeed, we have.  But it's a hard issue and I don't think we've nailed
down what our future plan is.

Generally speaking, I agree that #2 is the right approach.  I don't
understand what you mean by #1, but if you mean all data from
non-Chandler sources should automatically have their UUIDs randomized, I
don't agree.

Once we have ACLs on Hub items, I think clients publishing items that
already exist on the server are going to want to have a two step process:

1. See if the client's credentials associated with the item contains
write access to the item, if so, provide those credentials
2. If this fails, use a different UUID for publishing to the server, but
include a link to the original UUID

Anyway.  Lets pick the permissions side of this up again post-Preview.
I think we may end up changing Chandler to always randomize UUIDs for
imported iCalendar pre-Preview since that doesn't involve a ton of work.

Sincerely,
Jeffrey