Write access over CalDAV

[Jaggob]

• Resolves: Write access over CalDAV #2399
• Target version: main

Summary

This PR adds CalDAV write support for Deck, enabling CalDAV clients to create, update, complete/uncomplete, and delete Deck cards.

It also introduces per-user CalDAV list mapping modes in Deck settings, so each user can choose how Deck lists are represented in CalDAV clients:

• Default (existing behavior): list hierarchy via VTODO parent/child relationships (RELATED-TO)
• One VCALENDAR per list
• Single board calendar with list name in CATEGORIES
• Single board calendar with list position mapped to PRIORITY

Additional changes include DAV hardening and compatibility improvements (notably for Thunderbird and Apple clients), plus backend cleanup/performance improvements in the CalDAV handling path.

Done in this PR

• Added CalDAV write support for Deck cards (create/update/delete/complete)
• Added per-user CalDAV list mapping modes in Deck settings
• Implemented category sync (CATEGORIES) including Thunderbird interoperability
• Added DAV hardening and compatibility fixes (including stale href handling)

Future TODO

• Improve move semantics further for clients that still use create+delete behavior instead of true move semantics. At the current implementation moving cards with e. g. Thunderbird leads to Nextcloud saying cards have been deleted and created instead of moved (but aside from activity logs moving works fine)
• Add CalDAV mapping for assignees
• Add CalDAV mapping for file attachments
• Improve Apple tag interoperability where Deck tags are currently not recognized as native Apple tags

Checklist

• Code is properly formatted
• Sign-off message is added to all commits
• Tests (unit, integration, api and/or acceptance) are included
• Documentation (manuals or wiki) has been updated or is not required

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 36747a6fd3

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[grnd-alt]

Hey, thanks for your contribution, would be nice to get this feature in. I have some smaller code-style remarks, that are partly up for discussion.

The most important remark is that one though: https://github.com/nextcloud/deck/pull/7655/changes#r2840797696

I think this should be oriented to work with tasks as much as possible before merging.

[grnd-alt]

why is it always needs-action? Isn't it fine to have no status as the default?

[Jaggob]

My concern was that leaving the synthetic list VTODOs without an explicit status could lead some clients to infer or write back their own status, which would make the behavior less consistent across clients. I did not test that in depth though, so this was mainly a defensive choice.

[grnd-alt]

I am not entirely fluent with the webdav protocol, but when testing this with nextcloud tasks and thunderbird the behavior was not as I would've expected it.
I could not investigate thunderbirds requests, but for nc tasks the createFile was called with a filename and after creation the same file was re-requested to display the task, the name seems not to be respected so it is not served again under that name leading to a 404.

[Jaggob]

Thanks for the review and this good catch! Somehow missed that in my testings thanks to tolerant clients.

Fixed in f95476c47:
Created cards now persist the client-provided DAV href for non-canonical names, so follow-up requests to the same resource name no longer fail with a 404 after creation. Existing cards still fall back to the canonical card-<id>.ics naming.

Fixed in dea36cf8c:
While testing that change with Thunderbird moves, it also became clear that in per_list_calendar mode Thunderbird can send the target calendar URL while still keeping the old RELATED-TO in the payload. The follow-up fix now prefers the target list from the destination calendar in that mode, so the trailing source delete no longer removes the moved card.

I also added test coverage for stored href resolution, custom-href creation, and same-board stack moves via the target calendar.

An alternative would have been to keep a fully server-generated canonical href model and add extra mapping/alias persistence for client-provided object names. That would preserve uniform resource names, but it also adds noticeably more persistence and lookup complexity.

For this PR I preferred the smaller approach of persisting a single stable DAV href per card. That means object names can be client-shaped rather than fully uniform, but it keeps the DAV object identity stable without introducing a separate DAV object layer for Deck.

This is also closer to how Nextcloud's CalDAV backend handles object URIs in general: object hrefs are persisted as part of the DAV object state, rather than being recomputed into a server-generated card-<id>.ics style name on every request. The main difference is that Deck stores that URI on the card itself instead of using a dedicated calendarobjects persistence layer like core CalDAV does.

[Jaggob]

As a small interoperability follow-up fixed in 656466f6c:
direct GET/HEAD requests to stale source hrefs after same-board list moves now return 404 instead of a placeholder object. That avoids Thunderbird treating the old source entry as a still-readable changed item, while collection/report fallback handling remains in place.

[github-actions]

Hello there,
Thank you so much for taking the time and effort to create a pull request to our Nextcloud project.

We hope that the review process is going smooth and is helpful for you. We want to ensure your pull request is reviewed to your satisfaction. If you have a moment, our community management team would very much appreciate your feedback on your experience with this PR review process.

Your feedback is valuable to us as we continuously strive to improve our community developer experience. Please take a moment to complete our short survey by clicking on the following link: https://cloud.nextcloud.com/apps/forms/s/i9Ago4EQRZ7TWxjfmeEpPkf6

Thank you for contributing to Nextcloud and we hope to hear from you soon!

(If you believe you should not receive this message, you can add yourself to the blocklist.)

[grnd-alt]

I did not manage to grasp everything in here, but this feels quite spaghetti and hard to read or follow tbh. I do think this can be implemented in a more readable manner, but might as well be a skill issue on code reading on my side. However it would be nice if this could be split up to e.g. not have the list_modes in there as well and get this to be easier to review

[grnd-alt]

wrapper function only to suppress psalm? same for VTodo

[grnd-alt]

this for loop can be something like this using the sabre types to not do the property handling etc yourself, then you could also remove some of the helper functions.

		$relatedToArray = $todo->select("RELATED-TO");
		foreach($relatedToArray as $relatedTo) {
			$reltype = $relatedTo["RELTYPE"] ?? null;
			if ($reltype instanceof \Sabre\VObject\Parameter) {
				$reltypeValue = $reltype->getValue();
				if ($reltypeValue === 'PARENT') {
					$parentCandidates[] = (string)$relatedTo;
				} else {
					$otherCandidates[] = (string)$relatedTo;
				}
			}
		}

[grnd-alt]

this entire stackId handling is not very easily readable, and seems overly complex, it does not make clear why the stackId is selected the way it is.

[grnd-alt]

weird naming, does not seem to normalize anything but rather validate.

[blizzz]

Strange to have the parameter nullable, but OK. Personally, I would expect an exception thrown in the negative case.

Is this user controlled, though? Is the check sufficient?

[grnd-alt]

why is this named lite?

[grnd-alt]

I don't think those have any benefit as the activitymanager gets board and stack data

[grnd-alt]

only doing this check if knownBoardId is not passed feels like a security issue. If KnownBoardId does not match the board the card's on it's possible to move a card from a board where a user has only read permission. It looks like this is verified for in getBackendChildren() but that is multiple functions deep and very implicit.

[blizzz]

I am confused about wide parts of this PR. Some aspects maybe makes sense, but do not really belong here, about others I am really puzzled. Maybe we can extract the necessary parts and have a very specific and lean as possible change set? Aspects that are not directly related to the write access can still be implemented in a separate PR.

[blizzz]

as a technical user, I do not know what this means. Seeing the possible value the meaning gets clearer, the main label should still be easier to understand.

Also, isn't this out of scope for the writable caldav feature and should be split into a separate PR?

[blizzz]

type is missing

[blizzz]

this is already part of the UID?

[blizzz]

looks strange?

[blizzz]

why?

[blizzz]

The return code later suggest only one specific entry is returned, then why sorting?

[blizzz]

Strange to have the parameter nullable, but OK. Personally, I would expect an exception thrown in the negative case.

Is this user controlled, though? Is the check sufficient?

[blizzz]

why is this extended? It does not seem that this is related to the feature?