On Mon, 2008-11-03 at 13:03 +0100, Bernhard Herzog wrote: > > As you can see, the non-existing "foo.foo" isn't returned because its > > child "foo.foo.foo" also matches the pattern and is returned. But the > > non-existing "foo.bar" is returned because its children don't match the > > pattern. It took me forever to get all this stuff working right with > > Maildir++. :) > > I can imagine :). The reason it should work with ACLs more or less > automatically is that when the mailbox list is populated by > acl_mailbox_try_list_fast, it only adds the mailboxes that the user can see > using mailbox_list_iter_update. mailbox_list_iter_update takes care of > filling in the nonexisting parent mailboxes if necessary.
That's not correct actually. acl_mailbox_try_list_fast adds all mailboxes that exist in dovecot-acl-list file, i.e. all mailboxes that have 'l' right set to someone (not necessarily to you). So if you have: foo: owner <no rights> foo/bar: user=xyz l Then "foo" should be visible as non-existing mailbox for user xyz, but no-one else. With your change it will be visible to everyone. > Of course, assuming there's a reason acl_mailbox_try_list_fast has a "try" in > its name and that it actually can fail, foo, foo.foo and foo.bar could > perhaps end up in the mailbox list even if they do not have children that are > visible to the user. The name implies that it could fail. But .. hmm. I'm not sure yet, have to look at the code some more. :)
signature.asc
Description: This is a digitally signed message part