Permission sharing too simple ? - nextcloud 11.0.2 - calendar 1.5.2

[adrienfr44]

i read this #160 #12 #148
i don't find exactly my trouble, If I missed an existing issue/request dealing the subject, excuse me.

i have a really trouble with sharing possibility :

Example:
User1 in Admin group
User2,3,4... in Test1 group

Steps to reproduce

1. User1 create calendar "TEST_CALENDAR" and sharing with Test1 group with check option "Can Edit"
2. User2 connect, go to calendar panel and uncheck "Can Edit" of this calendar "TEST_CALENDAR"

Expected behaviour

It should be impossible to User2 to uncheck "Can Edit" ! (If User2 dont want this sharing, it lacks an option to delete this share individually but this is another problem.)

Actual behaviour

All users of Test1 group pass immediatly in read only mode. At this moment, only User1 (creator of calendar "TEST_CALENDAR") can re-check "Can Edit" for resolve the trouble.

Server configuration

Operating system:
debian 8

Web server:
apache

Database:
mysql

PHP version:
php 5.6

Server version: (see your admin page)
nextcloud 11.0.2

Calendar version: (see the apps page)
1.5.2

Updated from an older installed version or fresh install:
fresh install

Are you using an external user-backend, if yes which one: LDAP/ActiveDirectory/Webdav/...
yes ldap backend and user_saml authentification

Client configuration

Browser:
firefox and chrome last version

Operating system:
windows 10

CalDAV-clients:
no

Logs

no log server and client error

[georgehrke]

First of all:
Beginning with Nextcloud 9 the CalDAV server became part of Nextcloud's server and the calendar app is just a CalDAV client running in your browser.
Please report issues related to the CalDAV server in Nextcloud's server repo: https://github.com/nextcloud/server/issues :)

Second: nextcloud/server#3595
Permission handling of shares will be restricted to the owner beginning with Nextcloud 12.
So there is no need to report another bug here

[adrienfr44]

tks Georg