[imp] IMAP ACLs [PATCH]

Chris Hastie lists at oak-wood.co.uk
Mon Feb 3 14:55:38 PST 2003 

On Wed, 29 Jan 2003, Chris Hastie <lists at oak-wood.co.uk> wrote
>The attached files and patches represent my first stab at a way of
>managing Access Control Lists on IMAP servers that support RFC 2086.
>
>The code here can only edit the ACL - it will not display the current
>ACL. That's on it's way, but in the absence of a PHP function to easily
>retrieve ACLs from the server it is a little clumsy.

I've done a bit more on this, the results of which are attached. Major
changes are:

*   Existing ACLs are now retrieved and displayed, with a user interface
    based largely on that from imp/filters.php

*   I've taken on board Chuck's suggestion that it should use the same
    sort of sub-class / driver system as IMP_Quota. At present the only
    driver available is rfc2086, but should someone come up with another
    driver it should not be too hard to integrate it.

As presented, use of the rfc2086 driver is hard-coded into imp/acl.php,
since there are no alternatives. It would be fairly easy to make this a
configuration option in imp/config/servers.php in the same way as with
Quotas. As is, the code will throw you back to the Options page with an
error message if the server being used is not an IMAP server, or if the
result of the CAPABILITY command to the server were successfully
obtained and did not indicate ACL support.

Both retrieving CAPABILITY results (_getCapability()) and retrieving the
existing ACL (getAcl()) are dependant on being able to connect to the
IMAP server. If imap/ssl is being used this is only possible with PHP
4.3 or higher, and I haven't tested this (since I have neither an SSL
IMAP server nor PHP 4.3 at present).

If the Auth_SASL module is installed, getAcl() will use Digest-MD5 or
Cram-MD5 (in that order of preference) if the CAPABILITY command has
indicated support for one of these. Otherwise login for getAcl() is by
plain text. _getCapability() does not log in.

I've tested this with three IMAP servers: Cyrus, my ISP's Intermail
server and the MUA I use, Turnpike, which makes its folders available
via IMAP. Works fine with Cyrus and Turnpike, which support ACLs,
gracefully redirects with Intermail, which doesn't. Spaces and a few
other odd characters in folder names seem OK, but I haven't tested with
any folder names using character sets other than my own.

I've also tested with the two browsers I have available, IE 6 and NN
4.0. Basically works fine with both, although some of the field
disabling with JavaScript doesn't function on NN4.0 (but it doesn't
cause errors either).

-- 
Chris Hastie
-------------- next part --------------
A non-text attachment was scrubbed...
Name: IMP_Acl.tar.gz
Type: application/octet-stream
Size: 8381 bytes
Desc: IMP_Acl.tar.gz
Url : http://lists.horde.org/archives/imp/attachments/20030203/812572fa/IMP_Acl.tar.obj

More information about the imp mailing list