Monotone-Parent: 36c59ea6f5d3705bff60a615e113d6b9e7a7501e

Monotone-Revision: 2ae12f2c67f3e74fddaf5d592a19e233d0806899

Monotone-Author: wsourdeau@inverse.ca
Monotone-Date: 2007-04-26T01:16:19
Monotone-Branch: ca.inverse.sogo

SoObjects/Appointments/SOGoAppointmentFolder.h

@@ -46,6 +46,7 @@
 @class NSTimeZone;
 @class GCSFolder;
 
+#import <NGCards/iCalEntityObject.h>
 @interface SOGoAppointmentFolder : SOGoFolder
 {
   NSTimeZone *timeZone;
@@ -114,6 +115,9 @@
 
 - (NSArray *) calendarFolders;
 
+- (NSString *) roleForComponentsWithAccessClass: (iCalAccessClass) accessClass
+					forUser: (NSString *) uid;
+
 @end
 
 #endif /* __Appointments_SOGoAppointmentFolder_H__ */

SoObjects/Appointments/SOGoAppointmentFolder.m

@@ -705,6 +705,27 @@ static NSNumber   *sharedYes = nil;
                    end, start];
 }
 
+- (NSString *) _privacyClassificationStringsForUID: (NSString *) uid
+{
+  NSMutableString *classificationString;
+  NSString *currentRole;
+  unsigned int counter;
+  iCalAccessClass classes[] = {iCalAccessPublic, iCalAccessPrivate,
+			       iCalAccessConfidential};
+
+  classificationString = [NSMutableString string];
+  for (counter = 0; counter < 3; counter++)
+    {
+      currentRole = [self roleForComponentsWithAccessClass: classes[counter]
+			  forUser: uid];
+      if ([currentRole length] > 0)
+	[classificationString appendFormat: @"classification = %d or ",
+			      classes[counter]];
+    }
+
+  return classificationString;
+}
+
 - (NSString *) _privacySqlString
 {
   NSString *privacySqlString, *owner, *currentUser, *email;
@@ -719,17 +740,48 @@ static NSNumber   *sharedYes = nil;
   else
     {
       email = [activeUser email];
+      
       privacySqlString
         = [NSString stringWithFormat:
-                      @"(classification != %d or (orgmail = '%@')"
+                      @"(%@(orgmail = '%@')"
                       @" or ((partmails caseInsensitiveLike '%@%%'"
                       @" or partmails caseInsensitiveLike '%%\\n%@%%')))",
-                    iCalAccessPrivate, email, email, email];
+		    [self _privacyClassificationStringsForUID: currentUser],
+		    email, email, email];
     }
 
   return privacySqlString;
 }
 
+- (NSString *) roleForComponentsWithAccessClass: (iCalAccessClass) accessClass
+					forUser: (NSString *) uid
+{
+  NSString *accessRole, *prefix, *currentRole, *suffix;
+  NSEnumerator *acls;
+
+  accessRole = nil;
+
+  if (accessClass == iCalAccessPublic)
+    prefix = @"Public";
+  else if (accessClass == iCalAccessPrivate)
+    prefix = @"Private";
+  else
+    prefix = @"Confidential";
+
+  acls = [[self aclsForUser: uid] objectEnumerator];
+  currentRole = [acls nextObject];
+  while (currentRole && !accessRole)
+    if ([currentRole hasPrefix: prefix])
+      {
+	suffix = [currentRole substringFromIndex: [prefix length]];
+	accessRole = [NSString stringWithFormat: @"Component%@", suffix];
+      }
+    else
+      currentRole = [acls nextObject];
+
+  return accessRole;
+}
+
 - (NSArray *) fetchFields: (NSArray *) _fields
                fromFolder: (GCSFolder *) _folder
                      from: (NSCalendarDate *) _startDate
@@ -1222,7 +1274,7 @@ static NSNumber   *sharedYes = nil;
 {
   return [NSArray arrayWithObjects:
 		    SOGoCalendarRole_PublicViewer,
-		  SOGoCalendarRole_PrivateDAndTViewer,
+		  SOGoCalendarRole_ConfidentialDAndTViewer,
 		  nil];
 }
 

SoObjects/Appointments/SOGoCalendarComponent.m

@@ -32,6 +32,7 @@
 #import <SoObjects/SOGo/AgenorUserManager.h>
 #import <SoObjects/SOGo/SOGoPermissions.h>
 #import <SoObjects/SOGo/SOGoUser.h>
+#import <SoObjects/Appointments/SOGoAppointmentFolder.h>
 
 #import "common.h"
 
@@ -96,7 +97,7 @@ static BOOL sendEMailNotifications = NO;
   return nil;
 }
 
-- (void) _filterPrivateComponent: (iCalEntityObject *) component
+- (void) _filterComponent: (iCalEntityObject *) component
 {
   [component setSummary: @""];
   [component setComment: @""];
@@ -110,7 +111,7 @@ static BOOL sendEMailNotifications = NO;
 
 - (NSString *) contentAsString
 {
-  NSString *tmpContent, *email;
+  NSString *tmpContent, *email, *uid, *role;
   iCalCalendar *tmpCalendar;
   iCalRepeatableEntityObject *tmpComponent;
 
@@ -118,20 +119,30 @@ static BOOL sendEMailNotifications = NO;
     {
       tmpContent = [super contentAsString];
       calContent = tmpContent;
-      if ([tmpContent length] > 0)
+      uid = [[context activeUser] login];
+      if (![[self ownerInContext: context] isEqualToString: uid]
+	  && [tmpContent length] > 0)
         {
           tmpCalendar = [iCalCalendar parseSingleFromSource: tmpContent];
-          tmpComponent = (iCalRepeatableEntityObject *) [tmpCalendar firstChildWithTag: [self componentTag]];
+          tmpComponent = (iCalRepeatableEntityObject *)
-          if (![tmpComponent isPublic])
+	    [tmpCalendar firstChildWithTag: [self componentTag]];
-            {
+	  email = [[context activeUser] email];
-              email = [[context activeUser] email];
+	  if (!([tmpComponent isOrganizer: email]
-              if (!([tmpComponent isOrganizer: email]
+		|| [tmpComponent isParticipant: email]))
-                    || [tmpComponent isParticipant: email]))
+	    {
-                {
+	      role = [container roleForComponentsWithAccessClass: [tmpComponent symbolicAccessClass]
-                  //             content = tmpContent;
+				forUser: uid];
-                  [self _filterPrivateComponent: tmpComponent];
+	      if ([role length] > 0)
-                  calContent = [tmpCalendar versitString];
+		{
-                }
+		  if ([role isEqualToString: SOGoCalendarPerm_ViewDAndT])
+		    {
+		      //             content = tmpContent;
+		      [self _filterComponent: tmpComponent];
+		      calContent = [tmpCalendar versitString];
+		    }
+		}
+	      else
+		calContent = nil;
             }
         }
 
@@ -178,7 +189,7 @@ static BOOL sendEMailNotifications = NO;
               newComponent = [[calendar classForTag: componentTag]
                                groupWithTag: componentTag];
               [calendar addChild: newComponent];
-              isNew = YES;
+	      isNew = YES;
             }
         }
       if (calendar)
@@ -432,39 +443,39 @@ static BOOL sendEMailNotifications = NO;
     }
 }
 
-- (NSArray *) rolesOfUser: (NSString *) login
+// - (NSArray *) rolesOfUser: (NSString *) login
-{
+// {
-  AgenorUserManager *um;
+//   AgenorUserManager *um;
-  iCalRepeatableEntityObject *component;
+//   iCalRepeatableEntityObject *component;
-  NSMutableArray *sogoRoles;
+//   NSMutableArray *sogoRoles;
-  NSString *email;
+//   NSString *email;
-  SOGoUser *user;
+//   SOGoUser *user;
 
-  sogoRoles = [NSMutableArray new];
+//   sogoRoles = [NSMutableArray new];
-  [sogoRoles autorelease];
+//   [sogoRoles autorelease];
 
-  um = [AgenorUserManager sharedUserManager];
+//   um = [AgenorUserManager sharedUserManager];
-  email = [um getEmailForUID: login];
+//   email = [um getEmailForUID: login];
 
-  component = [self component: NO];
+//   component = [self component: NO];
-  if (component)
+//   if (component)
-    {
+//     {
-      if ([component isOrganizer: email])
+//       if ([component isOrganizer: email])
-        [sogoRoles addObject: SOGoCalendarRole_Organizer];
+//         [sogoRoles addObject: SOGoCalendarRole_Organizer];
-      else if ([component isParticipant: email])
+//       else if ([component isParticipant: email])
-        [sogoRoles addObject: SOGoCalendarRole_Participant];
+//         [sogoRoles addObject: SOGoCalendarRole_Participant];
-      else if ([[container ownerInContext: context] isEqualToString: login])
+//       else if ([[container ownerInContext: context] isEqualToString: login])
-        [sogoRoles addObject: SoRole_Owner];
+//         [sogoRoles addObject: SoRole_Owner];
-    }
+//     }
-  else
+//   else
-    {
+//     {
-      user = [SOGoUser userWithLogin: login andRoles: nil];
+//       user = [SOGoUser userWithLogin: login andRoles: nil];
-      [sogoRoles addObjectsFromArray: [user rolesForObject: container
+//       [sogoRoles addObjectsFromArray: [user rolesForObject: container
-                                            inContext: context]];
+//                                             inContext: context]];
-    }
+//     }
 
-  return sogoRoles;
+//   return sogoRoles;
-}
+// }
 
 - (BOOL) isOrganizer: (NSString *) email
              orOwner: (NSString *) login
@@ -499,4 +510,36 @@ static BOOL sendEMailNotifications = NO;
   return isParticipant;
 }
 
+- (NSArray *) aclsForUser: (NSString *) uid
+{
+  NSMutableArray *roles;
+  NSArray *superAcls;
+  iCalRepeatableEntityObject *component;
+  NSString *email, *accessRole;
+
+  roles = [NSMutableArray array];
+  component = [self component: NO];
+  if (component)
+    {
+      email = [[AgenorUserManager sharedUserManager] getEmailForUID: uid];
+      if ([component isOrganizer: email])
+	[roles addObject: SOGoCalendarRole_Organizer];
+      if ([component isParticipant: email])
+	[roles addObject: SOGoCalendarRole_Participant];
+      accessRole = [container roleForComponentsWithAccessClass:
+				[component symbolicAccessClass]
+			      forUser: uid];
+      if ([accessRole length] > 0)
+	[roles addObject: accessRole];
+    }
+
+  superAcls = [super aclsForUser: uid];
+  if ([superAcls count] > 0)
+    [roles addObjectsFromArray: superAcls];
+  if ([roles containsObject: SOGoRole_ObjectCreator])
+    [roles addObject: SOGoCalendarRole_ComponentModifier];
+
+  return roles;
+}
+
 @end

SoObjects/Appointments/SOGoGroupAppointmentFolder.m

@@ -19,6 +19,7 @@
   02111-1307, USA.
 */
 
+#import <NGCards/iCalEntityObject.h>
 #import <SOGo/SOGoGroupFolder.h>
 
 #include "SOGoGroupAppointmentFolder.h"

SoObjects/SOGo/SOGoContentObject.m

@@ -21,10 +21,10 @@
 
 #import <GDLContentStore/GCSFolder.h>
 
-#import <SOGo/SOGoUser.h>
-
 #import "common.h"
 #import "SOGoFolder.h"
+#import "SOGoUser.h"
+#import "SOGoPermissions.h"
 #import "SOGoContentObject.h"
 
 @interface SOGoContentObject(ETag)
@@ -234,24 +234,24 @@
 }
 
 /* security */
-- (NSArray *) rolesOfUser: (NSString *) login
+// - (NSArray *) rolesOfUser: (NSString *) login
-{
+// {
-  NSMutableArray *sogoRoles;
+//   NSMutableArray *sogoRoles;
-  SOGoUser *user;
+//   SOGoUser *user;
 
-  sogoRoles = [NSMutableArray new];
+//   sogoRoles = [NSMutableArray new];
-  [sogoRoles autorelease];
+//   [sogoRoles autorelease];
 
-  if (![container nameExistsInFolder: nameInContainer])
+//   if (![container nameExistsInFolder: nameInContainer])
-    {
+//     {
-      user = [[SOGoUser alloc] initWithLogin: login roles: nil];
+//       user = [[SOGoUser alloc] initWithLogin: login roles: nil];
-      [sogoRoles addObjectsFromArray: [user rolesForObject: container
+//       [sogoRoles addObjectsFromArray: [user rolesForObject: container
-                                            inContext: context]];
+//                                             inContext: context]];
-      [user release];
+//       [user release];
-    }
+//     }
 
-  return sogoRoles;
+//   return sogoRoles;
-}
+// }
 
 /* E-Tags */
 
@@ -314,8 +314,23 @@
 
 - (NSArray *) aclsForUser: (NSString *) uid
 {
-  return [container aclsForUser: uid
+  NSMutableArray *acls;
-                    forObjectAtPath: [self pathArrayToSoObject]];
+  NSArray *ownAcls, *containerAcls;
+
+  acls = [NSMutableArray array];
+  ownAcls = [container aclsForUser: uid
+		       forObjectAtPath: [self pathArrayToSoObject]];
+  [acls addObjectsFromArray: ownAcls];
+  containerAcls = [container aclsForUser: uid];
+  if ([containerAcls count] > 0)
+    {
+      if ([containerAcls containsObject: SOGoRole_ObjectCreator])
+	[acls addObject: SOGoRole_ObjectCreator];
+      if ([containerAcls containsObject: SOGoRole_ObjectEraser])
+	[acls addObject: SOGoRole_ObjectEraser];
+    }
+
+  return acls;
 }
 
 - (void) setRoles: (NSArray *) roles

SoObjects/SOGo/SOGoFolder.m

@@ -25,6 +25,7 @@
 #import <GDLContentStore/GCSFolder.h>
 #import <GDLContentStore/GCSFolderType.h>
 
+#import "SOGoPermissions.h"
 #import "SOGoFolder.h"
 #import "common.h"
 #import <unistd.h>
@@ -240,6 +241,7 @@
 
 /* acls as a container */
 
+#warning we should cache those data to avoid numerous accesses to the database
 - (NSArray *) aclsForObjectAtPath: (NSArray *) objectPathArray;
 {
   EOQualifier *qualifier;
@@ -257,6 +259,7 @@
 {
   EOQualifier *qualifier;
   NSArray *records;
+  NSMutableArray *acls;
   NSString *qs;
 
   qs = [NSString stringWithFormat: @"(c_object = '/%@') AND (c_uid = '%@')",
@@ -264,7 +267,14 @@
   qualifier = [EOQualifier qualifierWithQualifierFormat: qs];
   records = [[self ocsFolder] fetchAclMatchingQualifier: qualifier];
 
-  return [records valueForKey: @"c_role"];
+  acls = [NSMutableArray array];
+  if ([records count] > 0)
+    {
+      [acls addObject: SOGoRole_AuthorizedSubscriber];
+      [acls addObjectsFromArray: [records valueForKey: @"c_role"]];
+    }
+
+  return acls;
 }
 
 - (void) removeAclsForUsers: (NSArray *) users
@@ -302,12 +312,15 @@
   currentRole = [userRoles nextObject];
   while (currentRole)
     {
-      SQL = [NSString stringWithFormat: @"INSERT INTO %@"
+      if (![currentRole isEqualToString: SOGoRole_AuthorizedSubscriber])
-		      @" (c_object, c_uid, c_role)"
+	{
-		      @" VALUES ('/%@', '%@', '%@')", [folder aclTableName],
+	  SQL = [NSString stringWithFormat: @"INSERT INTO %@"
-		      [objectPathArray componentsJoinedByString: @"/"],
+			  @" (c_object, c_uid, c_role)"
-		      uid, currentRole];
+			  @" VALUES ('/%@', '%@', '%@')", [folder aclTableName],
-      [channel evaluateExpressionX: SQL];
+			  [objectPathArray componentsJoinedByString: @"/"],
+			  uid, currentRole];
+	  [channel evaluateExpressionX: SQL];
+	}
       currentRole = [userRoles nextObject];
     }
 

SoObjects/SOGo/SOGoObject.m

@@ -152,19 +152,19 @@ static BOOL kontactGroupDAV = YES;
   kontactGroupDAV = 
     [ud boolForKey:@"SOGoDisableKontact34GroupDAVHack"] ? NO : YES;
 
-  /* SoClass security declarations */
+//   SoClass security declarations
   
-  /* require View permission to access the root (bound to authenticated ...) */
+//   require View permission to access the root (bound to authenticated ...)
   [[self soClassSecurityInfo] declareObjectProtected: SoPerm_View];
 
-  /* to allow public access to all contained objects (subkeys) */
+//   to allow public access to all contained objects (subkeys)
   [[self soClassSecurityInfo] setDefaultAccess: @"allow"];
   
-  /* require Authenticated role for View and WebDAV */
+//   /* require Authenticated role for View and WebDAV */
-  [[self soClassSecurityInfo] declareRole: SoRole_Owner
+//   [[self soClassSecurityInfo] declareRole: SoRole_Owner
-                              asDefaultForPermission: SoPerm_View];
+//                               asDefaultForPermission: SoPerm_View];
-  [[self soClassSecurityInfo] declareRole: SoRole_Owner
+//   [[self soClassSecurityInfo] declareRole: SoRole_Owner
-                              asDefaultForPermission: SoPerm_WebDAVAccess];
+//                               asDefaultForPermission: SoPerm_WebDAVAccess];
 }
 
 + (void) _fillDictionary: (NSMutableDictionary *) dictionary

SoObjects/SOGo/SOGoPermissions.h

@@ -29,6 +29,7 @@
 
 extern NSString *SOGoRole_ObjectCreator;
 extern NSString *SOGoRole_ObjectEraser;
+extern NSString *SOGoRole_AuthorizedSubscriber;
 
 extern NSString *SOGoRole_FreeBusy;
 extern NSString *SOGoRole_FreeBusyLookup;
@@ -52,4 +53,27 @@ extern NSString *SOGoCalendarRole_ConfidentialDAndTViewer;
 extern NSString *SOGoCalendarRole_ConfidentialModifier;
 extern NSString *SOGoCalendarRole_ConfidentialResponder;
 
+extern NSString *SOGoCalendarRole_ComponentViewer;
+extern NSString *SOGoCalendarRole_ComponentDAndTViewer;
+extern NSString *SOGoCalendarRole_ComponentModifier;
+extern NSString *SOGoCalendarRole_ComponentResponder;
+
+extern NSString *SOGoCalendarPerm_ViewWholePublicRecords;
+extern NSString *SOGoCalendarPerm_ViewDAndTOfPublicRecords;
+extern NSString *SOGoCalendarPerm_ModifyPublicRecords;
+extern NSString *SOGoCalendarPerm_RespondToPublicRecords;
+extern NSString *SOGoCalendarPerm_ViewWholePrivateRecords;
+extern NSString *SOGoCalendarPerm_ViewDAndTOfPrivateRecords;
+extern NSString *SOGoCalendarPerm_ModifyPrivateRecords;
+extern NSString *SOGoCalendarPerm_RespondToPrivateRecords;
+extern NSString *SOGoCalendarPerm_ViewWholeConfidentialRecords;
+extern NSString *SOGoCalendarPerm_ViewDAndTOfConfidentialRecords;
+extern NSString *SOGoCalendarPerm_ModifyConfidentialRecords;
+extern NSString *SOGoCalendarPerm_RespondToConfidentialRecords;
+
+extern NSString *SOGoCalendarPerm_ViewAllComponent;
+extern NSString *SOGoCalendarPerm_ViewDAndT;
+extern NSString *SOGoCalendarPerm_ModifyComponent;
+extern NSString *SOGoCalendarPerm_RespondToComponent;
+
 #endif /* SOGOPERMISSIONS_H */

SoObjects/SOGo/SOGoPermissions.m

@@ -25,6 +25,7 @@
 /* General */
 NSString *SOGoRole_ObjectCreator = @"ObjectCreator";
 NSString *SOGoRole_ObjectEraser = @"ObjectEraser";
+NSString *SOGoRole_AuthorizedSubscriber = @"AuthorizedSubscriber";
 
 NSString *SOGoRole_FreeBusy = @"FreeBusy"; /* for the "freebusy" special user
                                             */
@@ -51,9 +52,32 @@ NSString *SOGoCalendarRole_ConfidentialDAndTViewer = @"ConfidentialDAndTViewer";
 NSString *SOGoCalendarRole_ConfidentialModifier = @"ConfidentialModifier";
 NSString *SOGoCalendarRole_ConfidentialResponder = @"ConfidentialResponder";
 
+NSString *SOGoCalendarRole_ComponentViewer = @"ComponentViewer";
+NSString *SOGoCalendarRole_ComponentDAndTViewer = @"ComponentDAndTViewer";
+NSString *SOGoCalendarRole_ComponentModifier = @"ComponentModifier";
+NSString *SOGoCalendarRole_ComponentResponder = @"ComponentResponder";
+
 /* permissions */
 #warning ReadAcls still not used...
 NSString *SOGoPerm_ReadAcls = @"ReadAcls"; /* the equivalent of "read-acl" in
                                               the WebDAV acls spec, which is
                                               currently missing from SOPE */
 NSString *SOGoPerm_FreeBusyLookup = @"FreeBusyLookup";
+
+NSString *SOGoCalendarPerm_ViewWholePublicRecords = @"ViewWholePublicRecords";
+NSString *SOGoCalendarPerm_ViewDAndTOfPublicRecords = @"ViewDAndTOfPublicRecords";
+NSString *SOGoCalendarPerm_ModifyPublicRecords = @"ModifyPublicRecords";
+NSString *SOGoCalendarPerm_RespondToPublicRecords = @"RespondToPublicRecords";
+NSString *SOGoCalendarPerm_ViewWholePrivateRecords = @"ViewWholePrivateRecords";
+NSString *SOGoCalendarPerm_ViewDAndTOfPrivateRecords = @"ViewDAndTOfPrivateRecords";
+NSString *SOGoCalendarPerm_ModifyPrivateRecords = @"ModifyPrivateRecords";
+NSString *SOGoCalendarPerm_RespondToPrivateRecords = @"RespondToPrivateRecords";
+NSString *SOGoCalendarPerm_ViewWholeConfidentialRecords = @"ViewWholeConfidentialRecords";
+NSString *SOGoCalendarPerm_ViewDAndTOfConfidentialRecords = @"ViewDAndTOfConfidentialRecords";
+NSString *SOGoCalendarPerm_ModifyConfidentialRecords = @"ModifyConfidentialRecords";
+NSString *SOGoCalendarPerm_RespondToConfidentialRecords = @"RespondToConfidentialRecords";
+
+NSString *SOGoCalendarPerm_ViewAllComponent = @"ViewAllComponent";
+NSString *SOGoCalendarPerm_ViewDAndT = @"ViewDAndT";
+NSString *SOGoCalendarPerm_ModifyComponent = @"ModifyComponent";
+NSString *SOGoCalendarPerm_RespondToComponent = @"RespondToComponent";

SoObjects/SOGo/SOGoUser.m

@@ -268,12 +268,6 @@ static NSTimeZone *serverTimeZone = nil;
       if (sogoRoles)
         [rolesForObject addObjectsFromArray: sogoRoles];
     }
-  if ([object respondsToSelector: @selector (rolesOfUser:)])
-    {
-      sogoRoles = [object rolesOfUser: login];
-      if (sogoRoles)
-        [rolesForObject addObjectsFromArray: sogoRoles];
-    }
 
   return rolesForObject;
 }

UI/Scheduler/UIxCalInlineAptView.m

@@ -284,23 +284,4 @@
   return userIsInTheCard;
 }
 
-- (BOOL) titleShouldBeHidden
-{
-  BOOL shouldBeHidden;
-  SOGoUser *user;
-  SOGoAuthenticator *sAuth;
-
-  sAuth = [SOGoAuthenticator sharedSOGoAuthenticator];
-  user = [sAuth userInContext: context];
-
-  if ([[appointment objectForKey: @"owner"] isEqualToString: [user login]]
-      || ([[appointment objectForKey: @"classification"] intValue]
-          != iCalAccessConfidential))
-    shouldBeHidden = NO;
-  else
-    shouldBeHidden = ![self _userIsInTheCard: [user email]];
-
-  return shouldBeHidden;
-}
-
 @end

UI/Scheduler/UIxCalUserRightsEditor.m

@@ -154,7 +154,7 @@
 - (NSArray *) rightTypes
 {
   return
-    [NSArray arrayWithObjects: @"Public", @"Private", @"Confidential", nil];
+    [NSArray arrayWithObjects: @"Public", @"Confidential", @"Private", nil];
 }
 
 - (void) setCurrentRightType: (NSString *) newCurrentRightType

UI/Scheduler/UIxCalView.m

@@ -161,45 +161,39 @@ static BOOL shouldDisplayWeekend = NO;
 
 - (void) setAppointment:(id) _apt
 {
-  NSString *mailtoChunk;
+  ASSIGN (appointment, _apt);
-  NSString *myEmail;
+}
 
-  ASSIGN(appointment, _apt);
+// - (void) setAppointment:(id) _apt
+// {
+//   NSString *mailtoChunk;
+//   NSString *myEmail;
+//   NSString *partmails;
 
-  /* cache some info about apt for faster access */
+//   ASSIGN(appointment, _apt);
+
+//   /* cache some info about apt for faster access */
   
-  mailtoChunk = [_apt valueForKey: @"orgmail"];
+//   mailtoChunk = [_apt valueForKey: @"orgmail"];
-  myEmail = [self emailForUser];
+//   myEmail = [self emailForUser];
-  if ([mailtoChunk rangeOfString: myEmail].length > 0)
+//   if ([mailtoChunk rangeOfString: myEmail].length > 0)
-    {
+//     {
-      aptFlags.isMyApt = YES;
+//       aptFlags.isMyApt = YES;
-      aptFlags.canAccessApt = YES;
+//       aptFlags.canAccessApt = YES;
-    }
+//     }
-  else
+//   else
-    {
+//     {
-      NSString *partmails;
+//       aptFlags.isMyApt = NO;
 
-      aptFlags.isMyApt = NO;
+//       partmails = [_apt valueForKey: @"partmails"];
-
+//       if ([partmails rangeOfString: myEmail].length)
-      partmails = [_apt valueForKey: @"partmails"];
+//         aptFlags.canAccessApt = YES;
-      if ([partmails rangeOfString: myEmail].length)
+//       else
-        aptFlags.canAccessApt = YES;
+//         aptFlags.canAccessApt
-      else
+//           = ([[_apt valueForKey: @"classification"] intValue]
-        aptFlags.canAccessApt
+//              == iCalAccessPublic);
-          = ([[_apt valueForKey: @"classification"] intValue]
+//     }
-             == iCalAccessPublic);
+// }
-    }
-}
-
-- (void) setTasks: (NSArray *) _tasks
-{
-  ASSIGN(tasks, _tasks);
-}
-
-- (NSArray *) tasks
-{
-  return tasks;
-}
 
 - (id) appointment
 {
@@ -248,6 +242,16 @@ static BOOL shouldDisplayWeekend = NO;
   return privateAptTooltipFormatter;
 }
 
+- (void) setTasks: (NSArray *) _tasks
+{
+  ASSIGN(tasks, _tasks);
+}
+
+- (NSArray *) tasks
+{
+  return tasks;
+}
+
 /* TODO: remove this */
 - (NSString *) shortTextForApt
 {
@@ -496,6 +500,38 @@ static BOOL shouldDisplayWeekend = NO;
   return activeFolders;
 }
 
+- (void) _updatePrivacyInObjects: (NSArray *) objectInfos
+		      fromFolder: (SOGoAppointmentFolder *) folder
+{
+  int hideDetails[] = {-1, -1, -1};
+  NSMutableDictionary *currentRecord;
+  int privacyFlag;
+  NSString *roleString, *userLogin;
+  NSEnumerator *infos;
+
+  userLogin = [[context activeUser] login];
+  infos = [objectInfos objectEnumerator];
+  currentRecord = [infos nextObject];
+  while (currentRecord)
+    {
+      privacyFlag = [[currentRecord objectForKey: @"classification"] intValue];
+      if (hideDetails[privacyFlag] == -1)
+	{
+	  roleString = [folder roleForComponentsWithAccessClass: privacyFlag
+			       forUser: userLogin];
+	  hideDetails[privacyFlag] = ([roleString isEqualToString: @"ComponentDAndTViewer"]
+				      ? 1 : 0);
+	}
+      if (hideDetails[privacyFlag])
+	{
+	  [currentRecord setObject: [self labelForKey: @"(Private Event)"]
+			 forKey: @"title"];
+	  [currentRecord setObject: @"" forKey: @"location"];
+	}
+      currentRecord = [infos nextObject];
+    }
+}
+
 - (NSArray *) _fetchCoreInfosForComponent: (NSString *) component
 {
   NSArray *currentInfos;
@@ -517,6 +553,8 @@ static BOOL shouldDisplayWeekend = NO;
           [currentInfos makeObjectsPerform: @selector (setObject:forKey:)
                         withObject: [currentFolder ownerInContext: nil]
                         withObject: @"owner"];
+	  [self _updatePrivacyInObjects: currentInfos
+		fromFolder: currentFolder];
           [infos addObjectsFromArray: currentInfos];
           currentFolder = [folders nextObject];
         }

UI/Scheduler/UIxComponentEditor.m

@@ -830,6 +830,7 @@
   [component setLocation: location];
   [component setComment: comment];
   [component setUrl: url];
+  [component setAccessClass: privacy];
   [self _handleAttendeesEdition];
   [self _handleOrganizer];
   clientObject = [self clientObject];