On 01.11.2008, Timo Sirainen wrote:
On Fri, 2008-10-31 at 17:51 +0200, Timo Sirainen wrote:
LIST % -> List "foo" as non-existing LIST foo -> List "foo" as non-existing LIST * -> List "foo/bar" only
There are also some truly horrible cases.
I tested this with my acl_mailbox_list_info_is_visible modification in a vanilla dovecot 1.2 (rev. c6482b5cdea1). User listtest2@test.hq has these mailboxes:
- LIST (\HasChildren) "/" "INBOX/foo"
- LIST (\HasChildren) "/" "INBOX/foo/foo"
- LIST (\HasNoChildren) "/" "INBOX/foo/foo/foo"
- LIST (\HasChildren) "/" "INBOX/foo/bar"
- LIST (\HasNoChildren) "/" "INBOX/foo/bar/baz"
INBOX/foo/foo/foo and INBOX/foo/bar/baz have ACLs which give listtest1@test.hq the l-permission. The other mailboxes involved have no ACLs or only ACL settings for the owner. The results for listtest1 are as follows:
1 list "" foo*
- LIST (\HasNoChildren) "." "foo.foo.foo"
- LIST (\HasNoChildren) "." "foo.bar.baz" 1 ok
1 list "" "users/listtest2@test.hq/foo*"
- LIST (\HasNoChildren) "/" "users/listtest2@test.hq/foo/foo/foo"
- LIST (\HasNoChildren) "/" "users/listtest2@test.hq/foo/bar/baz" 1 OK List completed.
2 list "" f*o.%
- LIST (\HasNoChildren) "." "foo.foo.foo"
- LIST (\Noselect \HasChildren) "." "foo.bar" 2 OK List completed.
2 list "" "users/listtest2@test.hq/f*o.%" 2 OK List completed.
The equivalent list command for the owner of the mailboxes, listtest2, doesn't return anything either:
2 list "" "INBOX/f*o.%" 2 OK List completed.
3 list "" f*r
- LIST (\Noselect \HasChildren) "." "foo.bar" 3 OK List completed.
3 list "" "users/listtest2@test.hq/f*r"
- LIST (\Noselect \HasChildren) "/" "users/listtest2@test.hq/foo/bar" 3 OK List completed.
As you can see, the non-existing "foo.foo" isn't returned because its child "foo.foo.foo" also matches the pattern and is returned. But the non-existing "foo.bar" is returned because its children don't match the pattern. It took me forever to get all this stuff working right with Maildir++. :)
I can imagine :). The reason it should work with ACLs more or less automatically is that when the mailbox list is populated by acl_mailbox_try_list_fast, it only adds the mailboxes that the user can see using mailbox_list_iter_update. mailbox_list_iter_update takes care of filling in the nonexisting parent mailboxes if necessary.
In your example, that means only foo.foo.foo and foo.bar.baz are added, regardless of whether foo, foo.foo or foo.bar actually exist. foo, foo.foo and foo.bar are added to the list as nonexisting mailboxes automatically, though. So AFAICT from the other user's point of view it really is as if only foo.foo.foo and foo.bar.baz actually existed.
Of course, assuming there's a reason acl_mailbox_try_list_fast has a "try" in its name and that it actually can fail, foo, foo.foo and foo.bar could perhaps end up in the mailbox list even if they do not have children that are visible to the user.
Bernhard
-- Bernhard Herzog | ++49-541-335 08 30 | http://www.intevation.de/ Intevation GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 18998 Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner