On Nov 16, 2008, at 5:09 AM, Timo Sirainen wrote:
Any thoughts?
Also: Users probably shouldn't be able to remove administrator access from themselves in their own mailboxes? A global ACL would be able to do that, but if there are no global ACLs I'm thinking that the admin access would be allowed regardless of how the local ACLs are configured. The admin access could be removed by one of owner, user or group-override. I think maybe SETACL owner could refuse to drop the 'a' right (wouldn't give an error, but it would just not remove it), but if user or group-override drops the admin right there's nothing to be done there. Instead then GETACL's output just wouldn't match MYRIGHTS output.
I'm not sure what to do about ACLs when renaming a private mailbox to shared namespace. Currently this isn't even possible, but it should be pretty easy to implement. In this case user could lose access to the entire mailbox if ACLs aren't set properly. Perhaps the RENAME could add user=<name> <all rights> automatically when renaming the mailbox? And if adding that didn't give user 'lra' rights (because of group- override or global ACLs) it would refuse the RENAME? After those checks at least it would be guaranteed that user has some access to the mailbox and hopefully even be able to RENAME it back if it was an accident.
PGP.sig
Description: This is a digitally signed message part
