On Tue, 2006-01-31 at 12:41 -0500, Charles Marcus wrote:
- 'Seen' flags (I know there are more - but these are the only ones I need to be able to configure) - I need to be able to set these as 'Per User', on a per Folder basis. If this option is *not* set on a folder, then the server should maintain the seen state - any user can change it, and all will see the new state.
It wouldn't matter to me which was the default behavior - ie, if I had to set seen='per user', or seen='server'.
This isn't on my paid-to-do list, but I'll probably add support for this after ACLs work in general. I'll do it by making Dovecot store the per-user-flags into index files only, hope that's good enough..
- 'Hide Unreadable' Global flag - if I set it, then users should not even see shared folders that they don't have at least read-only perms. Samba does this really well with shares - any folders inside a share are invisible to users who don't have perms to open them.
IMAP ACLs have separate "can see" and "can open" flags.
- ACLs - ability to set user and group ACLs on a per folder (or per group of folders) basis.
Yep. Although I'm not exactly sure how groups should be configured for users. If users are in /etc/passwd, using /etc/group is probably a good idea. But for virtual users then should there be also virtual groups, and how are they configured?
Do IMAP ACLs support the ability to set whether a user can add new folders or not (assuming they have read/write perms),
It has a flag to specify if user can create subfolders for a mailbox. Perhaps I could also make it possible to set those flags for a "" mailbox, which would control if user can create anything under root.
and if they are allowed to, whether the ACLs should propogate to (be inherited by) any new sub-folders or not?
There's no inheritation specified by the spec. I'm not sure if I should bother doing that for Dovecot either.. Might get difficult to understand how the configuration works. Or maybe I could support wildcards, so "box/*" would be possible. But those ACLs couldn't then be modified via IMAP ACL extension (or maybe they could be, but they just couldn't be listed).