| Summary | Deal with "negative rights" in IMAP ACLs |
| Queue | IMP |
| Queue Version | HEAD |
| Type | Enhancement |
| State | Accepted |
| Priority | 1. Low |
| Owners | |
| Requester | Matt Selsky <selsky (at) columbia (dot) edu> |
| Created | 10/04/2006 (586 days ago) |
| Due | |
| Updated | 04/16/2007 (392 days ago) |
| Assigned | |
| Resolved | |
| Attachments | |
| Milestone | |
| Patch |
State ⇒ Accepted
Works for me.How about strike-through'ing the user names and some help icon next to it?Matt or other ACL folks, any thoughts here?State ⇒ Feedback
Any suggestions on how to display negative ACLs?Priority ⇒ 1. Low
State ⇒ Accepted
Queue ⇒ IMP
Type ⇒ Enhancement
Summary ⇒ Deal with "negative rights" in IMAP ACLs
If an identifier is prefixed with a "-", then it is a negative ACL. From RFC 2086:
"When an identifier in an ACL starts with a dash ("-"), that indicates that associated rights are to be removed from the identifier that is prefixed by the dash. For example, if the identifier "-fred" is granted the "w" right, that indicates that the "w" right is to be removed from users matching the identifier "fred". Implementations need not support having identifiers which start with a dash in ACLs."
IMP currently displays the identifier with a leading "-", but it should make it clear that this is a negative ACL and remove the "-" for display purposes. We will also need to add some online help so people know what negative ACLs are.