Improved Permissions

At 0.6.0 the permissions in RSCDS were limited to "All", "Write", "Read" and "Freebusy", which should be sufficient for the functionality available at present, but may need to be extended further in future.

One thing that is not covered well at the moment is:
 * See collections (but not their contents)

The DAV permissions are as follows:
 * read
 * write
 * write-properties
 * write-content
 * unlock
 * read-acl
 * read-current-user-privilege-set
 * write-acl
 * bind
 * unbind
 * all

Since none of those cover what might be desirable for Freebusy there is an additional one defined by CalDAV, which is:
 * CALDAV:read-free-busy

The 'bind' permission means 'can PUT a new event', the 'unbind' permission means 'can DELETE an existing event' - why do people have to invent new names for these sorts of things? I can't for the life of me see what would be wrong with 'create' and 'delete' permissions.

More recently, a design is taking shape for full implementation of the DAV permissions model. See Permissions Redesign for the details of work being attempted in the 0.9.x series.

Detailed Implementation State
I found this nice table in the DAV ACL specifications, so here is the full comprehensive state of RSCDS in terms of implementing this:

METHOD PRIVILEGES DAViCal Plans GET ||  || Done HEAD ||  || Done OPTIONS ||  || Done PUT (target exists) ||  on target resource || Done (1) PUT (no target exists) ||  on parent collection of target || Done PROPPATCH ||  || Done (1) PROPFIND ||  (plus  and  as needed) || Done (2) DELETE ||  on parent collection || Done LOCK (target exists) ||  || Done (1) LOCK (no target exists) ||  on parent collection || Done (1) MKCOL ||  on parent collection || Done MKCALENDAR ||  on parent collection || Done UNLOCK ||  || Done (1) REPORT ||  (on all referenced resources) || Done FREEBUSY || <CALDAV:read-free-busy> on parent collection || Done COPY (target exists) || <D:read>, <D:write-content> and <D:write-properties> on target resource || HttpMethodNotSupported COPY (no target exists) || <D:read>, <D:bind> on target collection || HttpMethodNotSupported MOVE (no target exists) || <D:unbind> on source collection and <D:bind> on target collection || HttpMethodNotSupported MOVE (target exists) || As above, plus <D:unbind> on the target collection || HttpMethodNotSupported ACL || <D:write-acl> || HttpMethodNotSupported CHECKOUT || <D:write-properties> || HttpMethodNotSupported CHECKIN || <D:write-properties> || HttpMethodNotSupported VERSION-CONTROL || <D:write-properties> || HttpMethodNotSupported MERGE || <D:write-content> || HttpMethodNotSupported MKWORKSPACE || <D:write-content> on parent collection || HttpMethodNotSupported BASELINE-CONTROL || <D:write-properties> and <D:write-content> || HttpMethodNotSupported MKACTIVITY || <D:write-content> on parent collection || HttpMethodNotSupported
 * }

Although this looks a bit daunting it's not too bad, since clients should issue an OPTIONS request to discover the supported methods, and looked at that way only PROPFIND is presently incomplete. It would be nice to get a few more of these HTTP methods supported though!