[imp] IMAP ACLs [PATCH]

Chris Hastie lists at oak-wood.co.uk
Mon Feb 3 16:40:08 PST 2003 

On Mon, 3 Feb 2003, Jan Schneider <jan at horde.org> wrote
>Zitat von Chris Hastie <lists at oak-wood.co.uk>:
>
>> As presented, use of the rfc2086 driver is hard-coded into imp/acl.php,
>> since there are no alternatives. It would be fairly easy to make this a
>> configuration option in imp/config/servers.php in the same way as with
>> Quotas. As is, the code will throw you back to the Options page with an
>> error message if the server being used is not an IMAP server, or if the
>> result of the CAPABILITY command to the server were successfully
>> obtained and did not indicate ACL support.
>
>I think adding a configuration option to servers.php is the way to go. If
>you send a patch for servers.php.dist please make sure to document the new
>option well in the comment header. For now it only makes sense to add it to
>the Cyrus example if I understand you correctly.

I could do with a hint on how to pick up any values defined in
servers.php. EG if I add

$servers['cyrus'] = array(
   ...
   'acl' => array(
             'driver' => 'rfc2086'
          )
)

how do I access this value? I did have a quick look at this and it
seemed I needed to do some other work, maybe in imp/lib/Session.php, to
get the value into $_SESSION. Which was my main reason for not doing it
- I wanted to change as little as possible elsewhere.

>
>> Both retrieving CAPABILITY results (_getCapability()) and retrieving the
>> existing ACL (getAcl()) are dependant on being able to connect to the
>> IMAP server. If imap/ssl is being used this is only possible with PHP
>> 4.3 or higher, and I haven't tested this (since I have neither an SSL
>> IMAP server nor PHP 4.3 at present).
>
>Wasn't able to test this either. Did you put a version check into the code?
>This should also be mentioned in servers.php.
>
Yes, there is a version check.
>
>> If the Auth_SASL module is installed, getAcl() will use Digest-MD5 or
>> Cram-MD5 (in that order of preference) if the CAPABILITY command has
>> indicated support for one of these. Otherwise login for getAcl() is by
>> plain text. _getCapability() does not log in.
>
>It would be great if you could also make a patch for test.php that includes
>an (optional) check for Auth_SASL.

OK, I'll try and do something in the next couple of days.

>Tested with Cyrus.
>I wasn't able to teste it with non-ascii folder names because I wasn't able
>to change the folder and edit the ACLs for any other folder than INBOX. The
>page just reloaded and nothing happened.
>

Ah, that's not good :( Do you see any JavaScript errors reported? Can
you give me any other clues? It works fine here so I'm not really sure
where to start looking for the problem. The JS for this was basically
plagiarised from the folder drop down on IMP's menu bar.

Could there be an issue with using the same element name in two
different forms? A form named 'folders' should be being submitted when
you change the drop down box, and in folders the drop down is called
'folder'. But another form exists (the main one), named 'acl'. This has
a hidden input element also called 'folder' and set to the value of the
current folder. If this form is being submitted, or this value of
'folder' is being submitted, then you would get stuck in INBOX loop I
guess.
-- 
Chris Hastie

More information about the imp mailing list