Hi,
Continuing this old thread:
On Tue, 2011-05-10 at 22:46 -0600, Michael M Slusarz wrote:
But as far as the NO for a non-silent STORE, it seems that RFC 4314
[4] disagrees with you:STORE operation SHOULD NOT fail if the user has rights to modify at least one flag specified in the STORE, as the tagged NO response to a STORE command is not handled very well by deployed clients.To me, the negative inference from this statement would be: "STORE
operation SHOULD fail if the user has no rights to modify at least one
flag specified in the STORE."
That's not the negative of it. :)
At a minimum, a NOPERM response should be thrown, or else there is no
feedback at all why the flag was not set (without parsing ACLs).
Perhaps OK [NOPERM] or some other kind of informational message about it .. But there's no way to do it with Dovecot's current API.
Also RFC 3501 recommends implementing "session flags" for flags that cannot be permanently stored. So even if user doesn't have access to set any flags, a "well behaving IMAP server" (so not Dovecot :( ) would set those flags for the duration of the current session.
Anyway, you can look at PERMANENTFLAGS reply to see if it's possible to set the flag, no need to look at ACLs.
My reading of this is that NOPERM should be returned for ANY ACL
prohibited action, not just for selecting or creating a mailbox.
Dovecot 2.0.12 does not return NOPERM for DELETE/EXPUNGE actions
(at a minimum) that are prohibited.I'm not really sure. Maybe for EXPUNGE a NO would be okay. For flag
changes it's just annoying to see clients popup pointless error
messages when trying to set a \Seen flag (or \Answered flag when
replying).
Apparently I've tried this earlier, since there's a comment in code:
ret = acl_mailbox_right_lookup(_mail->box, ACL_STORAGE_RIGHT_EXPUNGE);
if (ret <= 0) {
/* if we don't have permission, silently return success so
users won't see annoying error messages in case their
clients try automatic expunging. */