Hi all,
On 15.01.2009, Sascha Wilde wrote:
> > But should it just internally convert "owner" to "username" when
> > replying?
>
> From our experience this would be a very good idea. Many clients
> recognize the username and handle those ACLs differently in there UI
> (for example they don't offer them for editing). But they don't
> understand "owner".
To work around this, we created a patch that tries to avoid the owner ACL
entries. It does not translate between "owner" and username in the imap-acl
plugin, but tries not to automatically create an ACL owner entries. Having
implemented this patch now, I wonder whether the translation wouldn't have
been simpler and better. Anyway, the main goal of the patch is to work
around the problems we've observed with some clients when they
encounter "owner" ACL entries so that we can get on with testing.
I don't think the patch is the right solution to the problem, but I've
included it anyway. Maybe it's useful for a discussion.
Cheers,
Bernhard
--
Bernhard Herzog | ++49-541-335 08 30 | http://www.intevation.de/
Intevation GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 18998
Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
diff -r 7c4f4a1b1313 src/plugins/acl/acl-backend-vfile.c
--- a/src/plugins/acl/acl-backend-vfile.c Tue Feb 03 12:07:21 2009 -0500
+++ b/src/plugins/acl/acl-backend-vfile.c Wed Feb 04 18:41:15 2009 +0100
@@ -710,12 +710,24 @@ static void apply_owner_rights(struct ac
static void apply_owner_rights(struct acl_object *_aclobj)
{
struct acl_rights_update ru;
+ struct mail_namespace *ns;
const char *null = NULL;
+
+ ns = mailbox_list_get_namespace(_aclobj->backend->list);
memset(&ru, 0, sizeof(ru));
ru.modify_mode = ACL_MODIFY_MODE_REPLACE;
ru.neg_modify_mode = ACL_MODIFY_MODE_REPLACE;
- ru.rights.id_type = ACL_ID_OWNER;
+ if (ns->owner != NULL) {
+ ru.rights.id_type = ACL_ID_USER;
+ ru.rights.identifier = ns->owner->username;
+ } else {
+ if (_aclobj->backend->debug) {
+ i_info("apply_owner_rights: no namespace owner,"
+ " falling back to 'owner' acl");
+ }
+ ru.rights.id_type = ACL_ID_OWNER;
+ }
ru.rights.rights = _aclobj->backend->default_rights;
ru.rights.neg_rights = &null;
acl_cache_update(_aclobj->backend->cache, _aclobj->name, &ru);
@@ -739,8 +751,17 @@ static void acl_backend_vfile_cache_rebu
ns = mailbox_list_get_namespace(_aclobj->backend->list);
memset(&ru2, 0, sizeof(ru2));
ru2.modify_mode = ACL_MODIFY_MODE_ADD;
- ru2.rights.id_type = ACL_ID_OWNER;
ru2.rights.rights = admin_rights;
+ if (ns->owner != NULL) {
+ ru2.rights.id_type = ACL_ID_USER;
+ ru2.rights.identifier = ns->owner->username;
+ } else {
+ if (_aclobj->backend->debug) {
+ i_info("acl vfile cache rebuild: no namespace owner,"
+ " falling back to 'owner' acl");
+ }
+ ru2.rights.id_type = ACL_ID_OWNER;
+ }
owner_applied = ns->type != NAMESPACE_PRIVATE;
@@ -1159,14 +1180,26 @@ acl_backend_vfile_object_list_next(struc
if (iter->idx == array_count(&aclobj->rights)) {
struct acl_backend *backend = iter->aclobj->backend;
+ struct mail_namespace *ns;
if (iter->returned_owner)
return 0;
+
+ ns = mailbox_list_get_namespace(backend->list);
/* return missing owner based on the default ACLs */
iter->returned_owner = TRUE;
memset(rights_r, 0, sizeof(*rights_r));
- rights_r->id_type = ACL_ID_OWNER;
+ if (ns->owner != NULL) {
+ rights_r->id_type = ACL_ID_USER;
+ rights_r->identifier = ns->owner->username;
+ } else {
+ if (backend->debug) {
+ i_info("acl_backend_vfile_object_list_next: no namespace owner,"
+ " falling back to 'owner' acl");
+ }
+ rights_r->id_type = ACL_ID_OWNER;
+ }
rights_r->rights =
acl_backend_mask_get_names(backend,
backend->default_aclmask,
