[horde] H5.2 & IMP 6.2.6 list user capability is "true" wrongly

Steffen skhorde at smail.inf.fh-bonn-rhein-sieg.de
Wed Jan 21 14:06:48 UTC 2015 

On Wed, 21 Jan 2015, Jan Schneider wrote:
> Zitat von Steffen <skhorde at smail.inf.fh-bonn-rhein-sieg.de>:
>
>> I have configured IMP as auth backend for Horde, but I have no admin user 
>> in the backend: "
>> * admin: (array) Use this if you want to enable mailbox management for
>> *   administrators via Horde's user administration interface. The mailbox
>> *   management gets enabled if you let IMP handle the Horde authentication
>> *   the 'application' authentication driver.  Your IMAP server needs to
>> *   support mailbox management via IMAP commands.
>> *
>> *   Do not define this value if you do not want mailbox management 
>> [DEFAULT].
>> "
>> 
>> I don't want mailbox management from Horde and till H5.1 & IMP 6.1.7 to 
>> create new calendars and sharing anything worked without a list of users .
>> 
>> Now, in webmail 5.2.4 usernames cannot be validated in the share dialogue 
>> in services/shares/edit.php, because $auth->hasCapability('list') returns 
>> true .
>> 
>> problem 1)
>> After upgrade from IMP 6.1.7 to 6.2.6 I cannot create new calenders no 
>> longer. This can be avoided by setting
>> $conf['auth']['list_users'] = 'input';
>> 
>> This error is thrown: "Admin access not enabled."
>> 
>> If I change in ./imp/lib/Factory/AuthImap.php:
>>
>>        $admin = 
>> $injector->getInstance('IMP_Factory_Imap')->create()->config->admin;
>>        if (!$admin) {
>>            //throw new IMP_Exception('Admin access not enabled.');
>>            $admin = array();		// TODO
>>        }
>> 
>> I get "Listing of users is nor supported."
>> 
>> problem 2)
>> sharing calendars, tasklists, notebooks and such I cannot set permission to 
>> other users, because the user cannot be validated, because of this snippet 
>> in edit.php:
>>
>>        } elseif ($auth->hasCapability('list') && 
>> !$auth->exists($new_owner_backend)) {
>>            $notification->push(sprintf(_("The user \"%s\" does not 
>> exist."), $new_owner_backend), 'horde.error');
>> 
>> ====
>> 
>> I patched Core/Auth/Application.php to return false always:
>> 
>>
>>        if($capability == "list")	//TODO
>>        	return false;
>>        return in_array(strtolower($capability), $this->_appCapabilities);
>> 
>> Now H5.2 behaves as H5.1.
>> 
>> Did the upgrade from H5.1 to H5.2 introduced a new setting controlling this 
>> capability? I did not found something in Horde nor Imp config.
>
> Bug 13808

I can access a shared calendar via CalDAV.
Imp 6.2.6 seems to include the patch in comment #3.

The capabilities at line 142 of imp/lib/Application are good:

imp/Application.php _init $auth = array (#012  1 => 'authenticate',#012  3 
=> 'transparent',#012)

still, in services/shares/edit.php the call $auth->hasCapability('list') 
returns true. Looks like

For testing purpose, I added the
if(empty($injector->getInstance('IMP_Factory_Imap')->create()->config->admin)) 
{
   $this->auth = array_diff($this->auth, array('add', 'list', 'remove'));
}

to bootstrap, too, but the problem persists.

-- 
Steffen

More information about the horde mailing list