Here too.

Looks good over here too.
Thanks.

This is now working correctly for me on RFC 2086 servers.

Changes have been made in Git for this ticket:

Bug #10091: Improve ACL UI (especially for RFC 2086 servers)

  2 files changed, 56 insertions(+), 88 deletions(-)
http://git.horde.org/horde-git/-/commit/c384e738d4d7a3c3b723b8a1e992af4e02fc7412

This broke the ACL screen for me. I have 3 Administration columns now.

It isn't about the rights, it is about the system user.
the following unix command doesn't return an error :
[]# maildiracl -set ~/Maildir INBOX.Bug user=ronan +azertyuiopqsdfghjklmwxcvbn
[]#

this one does return an error :
[]# maildiracl -set /home/rsalmon/Maildir INBOX.Bug administrators -e
Trying to set invalid access rights for administrators
[]#

Actually, from maildiracl man page :
IRREVOCABLE ACCESS RIGHTS
The owner of the mailbox must always have the ?a? amd ?l? access 
rights. The administrators group must always have all access rights to 
all folders. Attempts to set access control lists, that do not include 
these minimum access rights, will be rejected.

FWIW Cyrus is doing exactly the same. It has an implicit adminstrator 
user (usually "cyrus") that you can't revoke ACLs from, and you get an 
error message as soon as you save a folder's ACLs.

This is an issue with Courier - it should ignore rights it doesn't 
know about.  So I will have to work around this.
NO NO NO.  As mentioned in RFC 4314, the CREATE and DELETE rights are 
badly broken in RFC 2086.  So a user should *never* be allowed to 
directly set those rights.  Instead, they should set the RFC 4314 
rights, which should be translated (as necessary) before sending to 
the server.

I'm having second thoughts about being Ok with a error message being 
thrown to the user.

Everytime a user change an ACL, he gets the following error :
Couldn't remove from user "administrators" these rights for the 
mailbox "INBOX.Bug": kxte

This is going to be really disturbing for end users.

IMP is trying to unset ACLs that are not displayed in UI, but set on 
the server (which make sense).

I think you should revert your patch and make the two ACL available 
for modification (like it was perfectly working in IMP 4) to avoid end 
users/admins asking about those errors.

Ideally, I would have like "administrators" ACL to be hidden from 
users. but if this is specific to only one IMAP server then this is 
probably too much work/hack.
And since users can't modify it anyway, I guess I'm ok with an error 
being displayed.
No, but the following patch helps :

--- 
framework/Imap_Client/lib/Horde/Imap/Client/Base.php.org        2011-05-18 
09:01:42.000000000 +0200
+++ framework/Imap_Client/lib/Horde/Imap/Client/Base.php        2011-05-18 
09:01:50.000000000 +0200
@@ -2595,11 +2595,7 @@
              return array_merge($rights, str_split(reset($capability)));
          }

-        // Add RFC 2086 rights (DEPRECATED)
-        return array_merge($rights, array(
-            Horde_Imap_Client::ACL_CREATE,
-            Horde_Imap_Client::ACL_DELETE
-        ));
+        return $rights;
      }

I've seen traces of those two ACL const in 
framework/Imap_Client/lib/Horde/Imap/Client/Data/AclCommon.php.
May be you want to remove them ?

So I have no problem with errors being thrown by the IMAP server if 
their rights are attempted to be altered and they are not supposed to.

But this patch should completely remove the other two "disabled" UI 
elements.  Does this work better?

This is specific to Courier, I guess. "administrators" is no more 
special than any other users so there is no reason to lock access to it.
I actually need to delete those two from the Prefs UI.  They should 
NEVER show up.  They are "virtual rights" and we abstract them out 
when dealing with old RFC 2086 servers (because they are broken in the 
RFC 2086 limitation).

Changes have been made in Git for this ticket:

Bug #10091: These rights don't exist

  1 files changed, 0 insertions(+), 14 deletions(-)
http://git.horde.org/horde-git/-/commit/60b22c34f0cbd486ddee76cc55e18c2c57d83c90

I saw Ticket #10079 before reporting this issue, but Jan original's 
issue seams to be solved and I don't have any issue with deleting 
emails.

here I think the are 2 issues:
first, courier-imap doesn't wnat anybody to play/mess with the 
"administrators" user. Is this specific to courier-imap ? If not, 
should there be a check for not modifying this user's ACLs ?

second, IMP doesn't seam to detect all ACL attribute since both of the 
following are disabled in the UI : Create Folder, Delete/Purge. To the 
question "is this related to ticket #10079" ? I don't know as this has 
been a while since I tested ACL on IMP 5. (this is working fine on IMP 
4 though).

Most likely a duplicate of Ticket #10079.

using courier-imap 4.8.1

1. I can't set the following rights (UI disabled) : Create Folder, 
Delete/Purge.

2. when ever I change ACLs on a folder, I get the following error :
ERR: HORDE [imp] IMAP error: Cannot modify ACLs on this mailbox. [pid 
27021 on line 343 of "/var/www/html/hordetest/imp/lib/Imap.php"]
DEBUG: HORDE [imp] Couldn't remove from user "administrators" these 
rights for the mailbox "INBOX.bug": kxte [pid 27021 on line 27 of 
"/var/www/html/hordetest/libs/Horde/Core/Notification/Handler/Decorator/Hordelog.php"]
DEBUG: HORDE [imp] ACL rights for "ronan" updated for the mailbox 
"bug". [pid 27021 on line 27 of 
"/var/www/html/hordetest/libs/Horde/Core/Notification/Handler/Decorator/Hordelog.php"]



Since options  "Create Folder" and "Delete/Purge" are disabled in UI, 
when I save the ACLs, IMP is trying to modify  administrator's rights, 
and apparently courier-imap doesn't like it. attached is the imap trace.