(james-project) 35/37: JAMES-2182 Fix rights for SELECT, STATUS

Tue, 29 Oct 2024 20:41:50 -0700 

This is an automated email from the ASF dual-hosted git repository.

rcordier pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/james-project.git

commit 1a6aa3df1333d9e04457f563d483b779ce283820
Author: Benoit TELLIER <btell...@linagora.com>
AuthorDate: Thu Oct 17 16:37:06 2024 +0200

    JAMES-2182 Fix rights for SELECT, STATUS
---
 .../org/apache/james/imap/scripts/SharingAccessL.test     | 15 ++-------------
 .../james/imap/processor/AbstractSelectionProcessor.java  |  9 ++++++++-
 .../org/apache/james/imap/processor/StatusProcessor.java  |  9 +++++++++
 3 files changed, 19 insertions(+), 14 deletions(-)

diff --git 
a/mpt/impl/imap-mailbox/core/src/main/resources/org/apache/james/imap/scripts/SharingAccessL.test
 
b/mpt/impl/imap-mailbox/core/src/main/resources/org/apache/james/imap/scripts/SharingAccessL.test
index 004cb21dbd..63df2847d4 100644
--- 
a/mpt/impl/imap-mailbox/core/src/main/resources/org/apache/james/imap/scripts/SharingAccessL.test
+++ 
b/mpt/impl/imap-mailbox/core/src/main/resources/org/apache/james/imap/scripts/SharingAccessL.test
@@ -38,10 +38,8 @@ C: a1 MYRIGHTS #user.boby.mailbox-l
 S: \* MYRIGHTS \"#user.boby.mailbox-l\" \"l\"
 S: a1 OK MYRIGHTS completed.
 
-# TODO should have had failed
 C: a2 STATUS #user.boby.mailbox-l (MESSAGES)
-S: \* STATUS \"#user.boby.mailbox-l\" \(MESSAGES 0\)
-S: a2 OK STATUS completed.
+S: a2 NO STATUS failed. Status failed.
 
 # Ensure we cannot write in the mailbox
 C: a4 SELECT INBOX
@@ -67,16 +65,7 @@ S: a5 NO SETACL You need the Administer right to perform 
command SETACL on mailb
 C: a7 CREATE #user.boby.mailbox-l.evev
 S: a7 NO CREATE processing failed.
 
-# TODO should have had failed
 C: a3 SELECT #user.boby.mailbox-l
-S: \* OK \[MAILBOXID \(.*\)\] Ok
-S: \* FLAGS \(.*\)
-S: \* .* EXISTS
-S: \* .* RECENT
-S: \* OK \[UIDVALIDITY .*\] UIDs valid
-S: \* OK \[PERMANENTFLAGS\] No permanent flags permitted
-S: \* OK \[HIGHESTMODSEQ .*\] Highest
-S: \* OK \[UIDNEXT .*\] Predicted next UID
-S: a3 OK \[READ-ONLY\] SELECT completed.
+S: a3 NO SELECT failed.
 
 
diff --git 
a/protocols/imap/src/main/java/org/apache/james/imap/processor/AbstractSelectionProcessor.java
 
b/protocols/imap/src/main/java/org/apache/james/imap/processor/AbstractSelectionProcessor.java
index a5df7d2e35..cd32c1ad30 100644
--- 
a/protocols/imap/src/main/java/org/apache/james/imap/processor/AbstractSelectionProcessor.java
+++ 
b/protocols/imap/src/main/java/org/apache/james/imap/processor/AbstractSelectionProcessor.java
@@ -58,6 +58,7 @@ import org.apache.james.mailbox.MessageManager;
 import org.apache.james.mailbox.MessageManager.MailboxMetaData;
 import org.apache.james.mailbox.MessageUid;
 import org.apache.james.mailbox.ModSeq;
+import org.apache.james.mailbox.exception.InsufficientRightsException;
 import org.apache.james.mailbox.exception.MailboxException;
 import org.apache.james.mailbox.exception.MailboxNotFoundException;
 import org.apache.james.mailbox.model.MailboxACL;
@@ -109,7 +110,7 @@ abstract class AbstractSelectionProcessor<R extends 
AbstractMailboxSelectionRequ
                 return ReactorUtils.logAsMono(() -> LOGGER.debug("Select 
failed as mailbox does not exist {}", mailboxName, e));
             })
             .onErrorResume(MailboxException.class, e -> {
-                no(request, responder, HumanReadableText.SELECT);
+                no(request, responder, HumanReadableText.FAILED);
                 return ReactorUtils.logAsMono(() -> LOGGER.error("Select 
failed for mailbox {}", mailboxName, e));
             });
     }
@@ -400,6 +401,12 @@ abstract class AbstractSelectionProcessor<R extends 
AbstractMailboxSelectionRequ
         final SelectedMailbox currentMailbox = session.getSelected();
 
         return Mono.from(mailboxManager.getMailboxReactive(mailboxPath, 
mailboxSession))
+            .<MessageManager>handle(Throwing.biConsumer((mailbox, sink) -> {
+                if (mailboxManager.hasRight(mailbox.getMailboxEntity(), 
MailboxACL.Right.Read, mailboxSession)) {
+                    sink.next(mailbox);
+                }
+                sink.error(new InsufficientRightsException("'r' right is 
needed to select a mailbox"));
+            }))
             .flatMap(Throwing.function(mailbox -> selectMailbox(session, 
responder, mailbox, currentMailbox)
                 .flatMap(Throwing.function(sessionMailbox ->
                     mailbox.getMetaDataReactive(recentMode(!openReadOnly, 
mailbox, mailboxSession), mailboxSession, 
EnumSet.of(MailboxMetaData.Item.FirstUnseen, 
MailboxMetaData.Item.HighestModSeq, MailboxMetaData.Item.NextUid, 
MailboxMetaData.Item.MailboxCounters))
diff --git 
a/protocols/imap/src/main/java/org/apache/james/imap/processor/StatusProcessor.java
 
b/protocols/imap/src/main/java/org/apache/james/imap/processor/StatusProcessor.java
index d1f8114321..361fc8f5b0 100644
--- 
a/protocols/imap/src/main/java/org/apache/james/imap/processor/StatusProcessor.java
+++ 
b/protocols/imap/src/main/java/org/apache/james/imap/processor/StatusProcessor.java
@@ -44,10 +44,12 @@ import org.apache.james.mailbox.MessageManager;
 import org.apache.james.mailbox.MessageManager.MailboxMetaData.RecentMode;
 import org.apache.james.mailbox.MessageUid;
 import org.apache.james.mailbox.ModSeq;
+import org.apache.james.mailbox.exception.InsufficientRightsException;
 import org.apache.james.mailbox.exception.MailboxException;
 import org.apache.james.mailbox.exception.MailboxNotFoundException;
 import org.apache.james.mailbox.model.ComposedMessageIdWithMetaData;
 import org.apache.james.mailbox.model.FetchGroup;
+import org.apache.james.mailbox.model.MailboxACL;
 import org.apache.james.mailbox.model.MailboxId;
 import org.apache.james.mailbox.model.MailboxPath;
 import org.apache.james.mailbox.model.MessageRange;
@@ -59,6 +61,7 @@ import org.apache.james.util.ReactorUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import com.github.fge.lambdas.Throwing;
 import com.google.common.collect.ImmutableList;
 
 import reactor.core.publisher.Flux;
@@ -121,6 +124,12 @@ public class StatusProcessor extends 
AbstractMailboxProcessor<StatusRequest> imp
 
     private Mono<MailboxStatusResponse> sendStatus(MailboxPath mailboxPath, 
StatusDataItems statusDataItems, Responder responder, ImapSession session, 
MailboxSession mailboxSession) {
         return Mono.from(getMailboxManager().getMailboxReactive(mailboxPath, 
mailboxSession))
+            .<MessageManager>handle(Throwing.biConsumer((mailbox, sink) -> {
+                if (getMailboxManager().hasRight(mailbox.getMailboxEntity(), 
MailboxACL.Right.Read, mailboxSession)) {
+                    sink.next(mailbox);
+                }
+                sink.error(new InsufficientRightsException("'r' right is 
needed to status a mailbox"));
+            }))
             .flatMap(mailbox -> sendStatus(mailbox, statusDataItems, 
responder, session, mailboxSession));
     }
 


---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscr...@james.apache.org
For additional commands, e-mail: notifications-h...@james.apache.org

Reply via email to