[imp] IMAP ACLs [PATCH]

Jan Schneider jan at horde.org
Mon Feb 3 16:52:02 PST 2003 

Zitat von Chris Hastie <lists at oak-wood.co.uk>:

> On Wed, 29 Jan 2003, Chris Hastie <lists at oak-wood.co.uk> wrote
> >The attached files and patches represent my first stab at a way of
> >managing Access Control Lists on IMAP servers that support RFC 2086.
> >
> >The code here can only edit the ACL - it will not display the current
> >ACL. That's on it's way, but in the absence of a PHP function to easily
> >retrieve ACLs from the server it is a little clumsy.
> 
> I've done a bit more on this, the results of which are attached. Major
> changes are:

Great! I've tested it shortly and it seems to work pretty nice though I
wasn't able to change the folder (see below). You did a very slick user
interface, btw.

> *   Existing ACLs are now retrieved and displayed, with a user interface
>     based largely on that from imp/filters.php

Works fine.
 
> *   I've taken on board Chuck's suggestion that it should use the same
>     sort of sub-class / driver system as IMP_Quota. At present the only
>     driver available is rfc2086, but should someone come up with another
>     driver it should not be too hard to integrate it.

I renamed the php files and classed to use "ACL" rather than "Acl" to fit
better in our naming scheme.
 
> As presented, use of the rfc2086 driver is hard-coded into imp/acl.php,
> since there are no alternatives. It would be fairly easy to make this a
> configuration option in imp/config/servers.php in the same way as with
> Quotas. As is, the code will throw you back to the Options page with an
> error message if the server being used is not an IMAP server, or if the
> result of the CAPABILITY command to the server were successfully
> obtained and did not indicate ACL support.

I think adding a configuration option to servers.php is the way to go. If
you send a patch for servers.php.dist please make sure to document the new
option well in the comment header. For now it only makes sense to add it to
the Cyrus example if I understand you correctly.

Please note that I changed the prefs.php file. There's no need for a
preference page that only contains a single link. The preference category
now links directly to acl.php.
 
> Both retrieving CAPABILITY results (_getCapability()) and retrieving the
> existing ACL (getAcl()) are dependant on being able to connect to the
> IMAP server. If imap/ssl is being used this is only possible with PHP
> 4.3 or higher, and I haven't tested this (since I have neither an SSL
> IMAP server nor PHP 4.3 at present).

Wasn't able to test this either. Did you put a version check into the code?
This should also be mentioned in servers.php.
 
> If the Auth_SASL module is installed, getAcl() will use Digest-MD5 or
> Cram-MD5 (in that order of preference) if the CAPABILITY command has
> indicated support for one of these. Otherwise login for getAcl() is by
> plain text. _getCapability() does not log in.

It would be great if you could also make a patch for test.php that includes
an (optional) check for Auth_SASL.
 
> I've tested this with three IMAP servers: Cyrus, my ISP's Intermail
> server and the MUA I use, Turnpike, which makes its folders available
> via IMAP. Works fine with Cyrus and Turnpike, which support ACLs,
> gracefully redirects with Intermail, which doesn't. Spaces and a few
> other odd characters in folder names seem OK, but I haven't tested with
> any folder names using character sets other than my own.

Tested with Cyrus.
I wasn't able to teste it with non-ascii folder names because I wasn't able
to change the folder and edit the ACLs for any other folder than INBOX. The
page just reloaded and nothing happened.
 
Jan.

--
http://www.horde.org - The Horde Project
http://www.ammma.de - discover your knowledge
http://www.tip4all.de - Deine private Tippgemeinschaft

More information about the imp mailing list