Tickets :: [#4480] Only allow editing of your own ACLs

6.0.0-beta1

7/29/25

Summary	Only allow editing of your own ACLs
Queue	IMP
Queue Version	Git master
Type	Enhancement
State	Resolved
Priority	1. Low
Owners	jan (at) horde (dot) org, slusarz (at) horde (dot) org
Requester	selsky (at) columbia (dot) edu
Created	10/03/2006 (6874 days ago)
Due
Updated	10/21/2010 (5395 days ago)
Assigned	10/03/2006 (6874 days ago)
Resolved	10/21/2010 (5395 days ago)
Milestone
Patch	No

10/21/2010 06:05:25 AM	Michael Slusarz	State ⇒ Resolved

10/21/2010 06:04:49 AM	Git Commit	Comment #16	Reply to this comment
Changes have been made in Git for this ticket: ~~Bug #4480~~: always show mailbox list, even on ACL list error http://git.horde.org/diff.php/imp/lib/Prefs/Ui.php?rt=horde-git&r1=b1904c7f78abed1faf32ed6acb94aefb350f7aa8&r2=4d4352c2f89d39c3dd5b010b7249745dd1f16d03 http://git.horde.org/diff.php/imp/templates/prefs/acl.html?rt=horde-git&r1=b1904c7f78abed1faf32ed6acb94aefb350f7aa8&r2=4d4352c2f89d39c3dd5b010b7249745dd1f16d03

08/10/2010 11:23:57 PM	Jan Schneider	Comment #15	Reply to this comment
AFAICS GETACL fails if the user doen't have admin permissions on the folder, and gets an error notification. Unfortunatly, the form is otherwise empty, so he can't select another folder, but has to return to the prefs overview first.

08/10/2010 10:02:05 PM	Michael Slusarz	Comment #14 Version ⇒ Git master State ⇒ Feedback Assigned to Michael Slusarz Assigned to Jan Schneider	Reply to this comment
Jan - Is this still an issue in git HEAD?

05/10/2007 09:24:49 AM	Jan Schneider	Taken from Horde Developers Taken from Matt Selsky State ⇒ Accepted

05/03/2007 04:11:09 PM	Matt Selsky	Comment #13	Reply to this comment
See: http://cvs.horde.org/co.php?r=1.28&f=framework%2FIMAP%2FIMAP%2FACL%2Frfc2086.php#l380 and http://cvs.horde.org/co.php?r=1.28&f=framework%2FIMAP%2FIMAP%2FACL%2Frfc2086.php#l530

05/03/2007 04:03:39 PM	Chuck Hagenbuch	Comment #12 State ⇒ Feedback	Reply to this comment
Which login code is in question here? Is this still an issue?

10/10/2006 08:51:45 AM	Matt Selsky	Comment #11	Reply to this comment
Committed. Login code still needs to be refactored.

10/04/2006 11:18:35 PM	Jan Schneider	Comment #10	Reply to this comment
But technically, the username passed in the parameters is only an argurment for the driver instance, other drivers might not need this parameter.

10/04/2006 11:05:00 PM	Matt Selsky	Comment #9	Reply to this comment
Not at the moment, but given that this is a general purpose class in horde, I would like to keep that option. The RFC doesn't seem to provide a mechanism to get this sort of information though...

10/03/2006 11:37:28 PM	Jan Schneider	Comment #8	Reply to this comment
Are there cases when you'd want to call canEdit() for other users besides the current one? Not at the moment, but given that this is a general purpose class in horde, I would like to keep that option.

10/03/2006 05:57:13 PM	Matt Selsky	Comment #7	Reply to this comment
Are there cases when you'd want to call canEdit() for other users besides the current one?

10/03/2006 05:47:25 PM	Matt Selsky	Comment #6	Reply to this comment
Neither, the method should be used as is, and you patch looks like it does this. I don't exactly follow the logic without applying the patch, but do you have in mind that the driver could connect as a regular user or the cyrus user? Beside that, that authentication stuff has to go into a separate private method to avoid the code duplication. Currently the driver connects as a regular user. No special access is needed for the MYRIGHTS command. I'll refactor the authentication code.

10/03/2006 11:32:55 AM	Jan Schneider	Comment #5	Reply to this comment
Or should the canEdit function be modified to make the $user argument optional, and if not set, then do the MYRIGHTS command above? Neither, the method should be used as is, and you patch looks like it does this. I don't exactly follow the logic without applying the patch, but do you have in mind that the driver could connect as a regular user or the cyrus user? Beside that, that authentication stuff has to go into a separate private method to avoid the code duplication.

10/03/2006 11:23:23 AM	Jan Schneider	Deleted Original Message

10/03/2006 09:11:42 AM	Matt Selsky	Comment #4 New Attachment: myrights[1].patch	Reply to this comment
Let's try that again.

10/03/2006 09:10:32 AM	Matt Selsky	Comment #3 New Attachment: myrights.patch	Reply to this comment
Comments?

10/03/2006 08:08:27 AM	Matt Selsky	Assigned to Horde Developers

10/03/2006 06:16:54 AM	Matt Selsky	Comment #2	Reply to this comment
There's a canEdit($folder, $user) function that is unimplemented in all drivers. Any problem with adding a new function? canUserEdit($folder) { // ask IMAP server for rights on $folder via "MYRIGHTS" command for current user. } Or should the canEdit function be modified to make the $user argument optional, and if not set, then do the MYRIGHTS command above?

10/03/2006 06:03:56 AM	Michael Slusarz	Summary ⇒ Only allow editing of your own ACLs

10/03/2006 05:48:15 AM	Matt Selsky	State ⇒ Assigned

10/03/2006 05:47:50 AM	Matt Selsky	Assigned to Matt Selsky

10/03/2006 05:47:18 AM	Matt Selsky	Comment #1 Priority ⇒ 1. Low State ⇒ New Queue ⇒ IMP Summary ⇒ Only allow editting of your own ACLs Type ⇒ Enhancement	Reply to this comment
IMP currently shows ACLs for folders that you don't have admin access to as if you can edit them. IMP should instead display the ACL, but grey it out so you don't think you can change it. Currently the error is "Permission denied" with Cyrus.