On Nov 16, 2008, at 5:09 AM, Timo Sirainen wrote:
Any thoughts?
Also: Users probably shouldn't be able to remove administrator access
from themselves in their own mailboxes? A global ACL would be able to
do that, but if there are no global ACLs I'm thinking that the admin
access would be allowed regardless of how the local ACLs are
configured. The admin access could be removed by one of owner, user or
group-override. I think maybe SETACL owner could refuse to drop the
'a' right (wouldn't give an error, but it would just not remove it),
but if user or group-override drops the admin right there's nothing to
be done there. Instead then GETACL's output just wouldn't match
MYRIGHTS output.
I'm not sure what to do about ACLs when renaming a private mailbox to
shared namespace. Currently this isn't even possible, but it should be
pretty easy to implement. In this case user could lose access to the
entire mailbox if ACLs aren't set properly. Perhaps the RENAME could
add user=<name> <all rights> automatically when renaming the mailbox?
And if adding that didn't give user 'lra' rights (because of group-
override or global ACLs) it would refuse the RENAME? After those
checks at least it would be guaranteed that user has some access to
the mailbox and hopefully even be able to RENAME it back if it was an
accident.