(james-project) 34/37: JAMES-2182 Fix rights for APPEND, MOVE, COPY

rcordier Tue, 29 Oct 2024 20:41:45 -0700

This is an automated email from the ASF dual-hosted git repository.

rcordier pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/james-project.git


commit 7a23c6f6a30f7aead8073225e74d39ce8294eb00
Author: Benoit TELLIER <btell...@linagora.com>
AuthorDate: Thu Oct 17 16:28:41 2024 +0200

    JAMES-2182 Fix rights for APPEND, MOVE, COPY
---
 .../org/apache/james/mailbox/store/StoreMessageManager.java | 13 +++++++++++++
 .../org/apache/james/imap/scripts/SharingAccessLRS.test     |  5 +++--
 .../org/apache/james/imap/scripts/SharingAccessLRT.test     |  5 +++--
 .../org/apache/james/imap/scripts/SharingAccessLRTE.test    |  7 ++++---
 .../org/apache/james/imap/scripts/SharingAccessLRW.test     |  5 +++--
 .../org/apache/james/imap/scripts/SharingAccessLRX.test     |  3 ++-
 6 files changed, 28 insertions(+), 10 deletions(-)

diff --git 
a/mailbox/store/src/main/java/org/apache/james/mailbox/store/StoreMessageManager.java
 
b/mailbox/store/src/main/java/org/apache/james/mailbox/store/StoreMessageManager.java
index 79f3b52245..61e5fe4a41 100644
--- 
a/mailbox/store/src/main/java/org/apache/james/mailbox/store/StoreMessageManager.java
+++ 
b/mailbox/store/src/main/java/org/apache/james/mailbox/store/StoreMessageManager.java
@@ -63,6 +63,7 @@ import org.apache.james.mailbox.MessageUid;
 import org.apache.james.mailbox.MetadataWithMailboxId;
 import org.apache.james.mailbox.ModSeq;
 import org.apache.james.mailbox.events.MailboxIdRegistrationKey;
+import org.apache.james.mailbox.exception.InsufficientRightsException;
 import org.apache.james.mailbox.exception.MailboxException;
 import org.apache.james.mailbox.exception.ReadOnlyException;
 import org.apache.james.mailbox.exception.UnsupportedRightException;
@@ -408,6 +409,9 @@ public class StoreMessageManager implements MessageManager {
             if (!isWriteable(mailboxSession)) {
                 throw new ReadOnlyException(getMailboxPath());
             }
+            if (!storeRightManager.myRights(mailbox, 
mailboxSession).contains(MailboxACL.Right.Insert)) {
+                throw new InsufficientRightsException("Append messages 
requires 'i' right");
+            }
 
             try (InputStream contentStream = msgIn.getInputStream();
                  UnsynchronizedFilterInputStream bufferedContentStream = 
UnsynchronizedBufferedInputStream.builder()
@@ -733,6 +737,9 @@ public class StoreMessageManager implements MessageManager {
         if (!toMailbox.isWriteable(session)) {
             return Flux.error(new 
ReadOnlyException(toMailbox.getMailboxPath()));
         }
+        if (!storeRightManager.myRights(toMailbox.mailbox, 
session).contains(MailboxACL.Right.Insert)) {
+            return Flux.error(new InsufficientRightsException("Append messages 
requires 'i' right"));
+        }
         //TODO lock the from mailbox too, in a non-deadlocking manner - how?
         return 
Flux.from(locker.executeReactiveWithLockReactive(toMailbox.getMailboxPath(),
             copy(set, toMailbox, session)
@@ -747,9 +754,15 @@ public class StoreMessageManager implements MessageManager 
{
         if (!isWriteable(session)) {
             return Flux.error(new 
ReadOnlyException(toMailbox.getMailboxPath()));
         }
+        if (!storeRightManager.myRights(mailbox, 
session).contains(MailboxACL.Right.PerformExpunge)) {
+            return Flux.error(new InsufficientRightsException("Deleting 
messages requires 'e' right"));
+        }
         if (!toMailbox.isWriteable(session)) {
             return Flux.error(new 
ReadOnlyException(toMailbox.getMailboxPath()));
         }
+        if (!storeRightManager.myRights(toMailbox.mailbox, 
session).contains(MailboxACL.Right.Insert)) {
+            return Flux.error(new InsufficientRightsException("Append messages 
requires 'i' right"));
+        }
         //TODO lock the from mailbox too, in a non-deadlocking manner - how?
         return 
Flux.from(locker.executeReactiveWithLockReactive(toMailbox.getMailboxPath(),
             move(set, toMailbox, session)
diff --git 
a/mpt/impl/imap-mailbox/core/src/main/resources/org/apache/james/imap/scripts/SharingAccessLRS.test
 
b/mpt/impl/imap-mailbox/core/src/main/resources/org/apache/james/imap/scripts/SharingAccessLRS.test
index 867f624b35..d2bb291817 100644
--- 
a/mpt/impl/imap-mailbox/core/src/main/resources/org/apache/james/imap/scripts/SharingAccessLRS.test
+++ 
b/mpt/impl/imap-mailbox/core/src/main/resources/org/apache/james/imap/scripts/SharingAccessLRS.test
@@ -54,9 +54,10 @@ S: \* OK \[PERMANENTFLAGS \(.*\)\] Limited
 S: \* OK \[HIGHESTMODSEQ .*\] Highest
 S: \* OK \[UIDNEXT .*\] Predicted next UID
 S: a4 OK \[READ-WRITE\] SELECT completed.
-# TODO WTF I do not have 'i' right but I can copy?
+
 C: a4 COPY 1:* #user.boby.mailbox-lrs
-S: a4 OK .* COPY completed.
+S: a4 NO COPY processing failed.
+
 C: a6 UNSELECT
 S: a6 OK UNSELECT completed.
 
diff --git 
a/mpt/impl/imap-mailbox/core/src/main/resources/org/apache/james/imap/scripts/SharingAccessLRT.test
 
b/mpt/impl/imap-mailbox/core/src/main/resources/org/apache/james/imap/scripts/SharingAccessLRT.test
index d972b0da75..579e7905ff 100644
--- 
a/mpt/impl/imap-mailbox/core/src/main/resources/org/apache/james/imap/scripts/SharingAccessLRT.test
+++ 
b/mpt/impl/imap-mailbox/core/src/main/resources/org/apache/james/imap/scripts/SharingAccessLRT.test
@@ -54,9 +54,10 @@ S: \* OK \[PERMANENTFLAGS \(.*\)\] Limited
 S: \* OK \[HIGHESTMODSEQ .*\] Highest
 S: \* OK \[UIDNEXT .*\] Predicted next UID
 S: a4 OK \[READ-WRITE\] SELECT completed.
-# TODO WTF I do not have 'i' right but I can copy?
+
 C: a4 COPY 1:* #user.boby.mailbox-lrt
-S: a4 OK .* COPY completed.
+S: a4 NO COPY processing failed.
+
 C: a6 UNSELECT
 S: a6 OK UNSELECT completed.
 
diff --git 
a/mpt/impl/imap-mailbox/core/src/main/resources/org/apache/james/imap/scripts/SharingAccessLRTE.test
 
b/mpt/impl/imap-mailbox/core/src/main/resources/org/apache/james/imap/scripts/SharingAccessLRTE.test
index 9bf858fc3c..eef28d57b9 100644
--- 
a/mpt/impl/imap-mailbox/core/src/main/resources/org/apache/james/imap/scripts/SharingAccessLRTE.test
+++ 
b/mpt/impl/imap-mailbox/core/src/main/resources/org/apache/james/imap/scripts/SharingAccessLRTE.test
@@ -54,9 +54,10 @@ S: \* OK \[PERMANENTFLAGS \(.*\)\] Limited
 S: \* OK \[HIGHESTMODSEQ .*\] Highest
 S: \* OK \[UIDNEXT .*\] Predicted next UID
 S: a4 OK \[READ-WRITE\] SELECT completed.
-# TODO WTF I do not have 'i' right but I can copy?
+
 C: a4 COPY 1:* #user.boby.mailbox-lrte
-S: a4 OK .* COPY completed.
+S: a4 NO COPY processing failed.
+
 C: a6 UNSELECT
 S: a6 OK UNSELECT completed.
 
@@ -104,5 +105,5 @@ S: F11 OK FETCH completed.
 
 C: F15 EXPUNGE
 S: \* 1 EXPUNGE
-S: \* 19 RECENT
+S: \* 9 RECENT
 S: F15 OK EXPUNGE completed.
\ No newline at end of file
diff --git 
a/mpt/impl/imap-mailbox/core/src/main/resources/org/apache/james/imap/scripts/SharingAccessLRW.test
 
b/mpt/impl/imap-mailbox/core/src/main/resources/org/apache/james/imap/scripts/SharingAccessLRW.test
index 4056b27f71..569879821d 100644
--- 
a/mpt/impl/imap-mailbox/core/src/main/resources/org/apache/james/imap/scripts/SharingAccessLRW.test
+++ 
b/mpt/impl/imap-mailbox/core/src/main/resources/org/apache/james/imap/scripts/SharingAccessLRW.test
@@ -54,9 +54,10 @@ S: \* OK \[PERMANENTFLAGS \(.*\)\] Limited
 S: \* OK \[HIGHESTMODSEQ .*\] Highest
 S: \* OK \[UIDNEXT .*\] Predicted next UID
 S: a4 OK \[READ-WRITE\] SELECT completed.
-# TODO WTF I do not have 'i' right but I can copy?
+
 C: a4 COPY 1:* #user.boby.mailbox-lrw
-S: a4 OK .* COPY completed.
+S: a4 NO COPY processing failed.
+
 C: a6 UNSELECT
 S: a6 OK UNSELECT completed.
 
diff --git 
a/mpt/impl/imap-mailbox/core/src/main/resources/org/apache/james/imap/scripts/SharingAccessLRX.test
 
b/mpt/impl/imap-mailbox/core/src/main/resources/org/apache/james/imap/scripts/SharingAccessLRX.test
index e3f31d9291..3c1bb1107c 100644
--- 
a/mpt/impl/imap-mailbox/core/src/main/resources/org/apache/james/imap/scripts/SharingAccessLRX.test
+++ 
b/mpt/impl/imap-mailbox/core/src/main/resources/org/apache/james/imap/scripts/SharingAccessLRX.test
@@ -54,12 +54,13 @@ S: \* OK \[PERMANENTFLAGS \(.*\)\] Limited
 S: \* OK \[HIGHESTMODSEQ .*\] Highest
 S: \* OK \[UIDNEXT .*\] Predicted next UID
 S: a4 OK \[READ-WRITE\] SELECT completed.
+
 C: a4 COPY 1:* #user.boby.mailbox-lrx
 S: a4 NO COPY processing failed.
+
 C: a6 UNSELECT
 S: a6 OK UNSELECT completed.
 
-
 C: a5 SETACL #user.boby.mailbox-lrx imapuser lra
 S: a5 NO SETACL You need the Administer right to perform command SETACL on 
mailbox #user.boby.mailbox-lrx.
 


---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscr...@james.apache.org
For additional commands, e-mail: notifications-h...@james.apache.org

(james-project) 34/37: JAMES-2182 Fix rights for APPEND, MOVE, COPY

Reply via email to