Cannot set ACL for owner

GUI is allowig to set ACL also for folder owner but they are

Thu, 10 Jul 2014 08:34:02 +0000

GUI is allowig to set ACL also for folder owner but they are NOT saved and after reload they are back to 'all privileges'.

> GUI is allowig to set ACL also for folder owner but they a

Fri, 11 Jul 2014 14:31:50 +0000

> GUI is allowig to set ACL also for folder owner but they are NOT > saved and after reload they are back to 'all privileges'. I can confirm this and there is nothing in the logs. I also find the change button confusing as switching folder reloads the permission screen anyway, so I don't see a use for it.

> I also find the change button confusing as switching folde

Fri, 11 Jul 2014 15:25:43 +0000

> I also find the change button confusing as switching folder reloads > the permission screen anyway, so I don't see a use for it. This was there to support non-JS clients. But we require JS now to use even the Basic interface, so you are correct that this is superfluous. It has been removed in git master.

This is not a bug. IMP has no way of knowing 1) who is th

Fri, 11 Jul 2014 15:30:18 +0000

This is not a bug. IMP has no way of knowing 1) who is the "owner" of the mailbox, or 2) *which* rights will be affected for any rights alteration. This is all known/expected/explained in the RFC. E.g., trying to remove the delete right on the owner user: C: 3 GETACL Testing.AAB S: * ACL Testing.AAB slusarz lrwstipekxacd S: 3 OK Getacl completed. C: 4 SETACL Testing.AAB slusarz -t S: 4 OK Setacl complete. C: 5 GETACL Testing.AAB S: * ACL Testing.AAB slusarz lrwstipekxacd S: 5 OK Getacl completed. As can be seen, the delete right was successfully removed via GUI request, but the actual rights on the server didn't change. Directly from RFC 4314 [Appendix C]: 2. Because this extension leaves the specific semantics of how rights are combined by the server as implementation defined, the ability to build a user-friendly interface is limited.

Wrong ticket # in commit message. Changes have been made

Fri, 11 Jul 2014 15:32:19 +0000

Wrong ticket # in commit message. Changes have been made in Git (master): commit 15a79ef7d3e70aa79ee67e4387286e339c56215a Author: Michael M Slusarz Date: Fri Jul 11 09:17:10 2014 -0600 Ticket #13349: Remove explicit change button for ACL mailbox selection We already require javascript on this page, so this button will never be used. imp/js/acl.js | 3 ++- imp/templates/prefs/acl.html.php | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) http://github.com/horde/horde/commit/15a79ef7d3e70aa79ee67e4387286e339c56215a

Ok, so how am i supposed to change ACLs for 'me' (=currently

Sat, 12 Jul 2014 14:10:28 +0000

Ok, so how am i supposed to change ACLs for 'me' (=currently logger user)? The GUI seems to support this but it's not working. If this is not possible, why GUI allows me to do it?

> Ok, so how am i supposed to change ACLs for 'me' (=current

Mon, 14 Jul 2014 23:07:42 +0000

> Ok, so how am i supposed to change ACLs for 'me' (=currently logger > user)? You can't. At least with your IMAP backend. This has nothing to do with IMP though. > The GUI seems to support this but it's not working. It does work. As mentioned before, it just requires that your backend supports it. Yours does not. > If this is > not possible, why GUI allows me to do it? As mentioned previously... because there is no way of knowing (through the ACL IMAP extension) whether this is possible or not. This would be no different than if your IMAP backend supported ACLs, but did not advertise support for the ACL extension (which is a possible scenario). A user could have no delete rights for a mailbox, but since there is no way of knowing this the Delete button could not be hidden in the GUI. The only way of knowing would be to try to delete a message, at which point you would get an error.

But my IMAP server (Dovecot) seems to support this: http://

Tue, 15 Jul 2014 07:14:41 +0000

But my IMAP server (Dovecot) seems to support this: http://wiki2.dovecot.org/ACL At the end, there is also 'owner' identifier.

> But my IMAP server (Dovecot) seems to support this: > htt

Tue, 15 Jul 2014 19:11:04 +0000

> But my IMAP server (Dovecot) seems to support this: > http://wiki2.dovecot.org/ACL > > At the end, there is also 'owner' identifier. You are not getting the point that nothing (ACL API-wise) allows the MUA/GUI to know that the owner's permissions can't be changed. Put another way: you could remove the delete permission from the owner and the server could automatically remove ALL other permissions. That is perfectly acceptable ACL behavior. And there is no way for the GUI to know that unless/until you remove the delete permission.

> Put another way: you could remove the delete permission fr

Tue, 15 Jul 2014 19:30:39 +0000

> Put another way: you could remove the delete permission from the > owner and the server could automatically remove ALL other > permissions. That is perfectly acceptable ACL behavior. And there > is no way for the GUI to know that unless/until you remove the delete > permission. Put yet another way: There is no guarantee that what you do GUI-wise will "stick" on the server. (Thus, the language from the RFC I quoted below).

Ok, thank you Michael.

Tue, 15 Jul 2014 19:33:20 +0000

Ok, thank you Michael.