[Dovecot] patch: list shared namespace

Timo Sirainen tss at iki.fi
Wed Nov 19 16:49:18 EET 2008


On Mon, 2008-11-03 at 13:03 +0100, Bernhard Herzog wrote:
> > As you can see, the non-existing "foo.foo" isn't returned because its
> > child "foo.foo.foo" also matches the pattern and is returned. But the
> > non-existing "foo.bar" is returned because its children don't match the
> > pattern. It took me forever to get all this stuff working right with
> > Maildir++. :)
> 
> I can imagine :).  The reason it should work with ACLs more or less 
> automatically is that when the mailbox list is populated by 
> acl_mailbox_try_list_fast, it only adds the mailboxes that the user can see 
> using mailbox_list_iter_update.  mailbox_list_iter_update takes care of 
> filling in the nonexisting parent mailboxes if necessary.

That's not correct actually. acl_mailbox_try_list_fast adds all
mailboxes that exist in dovecot-acl-list file, i.e. all mailboxes that
have 'l' right set to someone (not necessarily to you). So if you have:

foo: owner <no rights>
foo/bar: user=xyz l

Then "foo" should be visible as non-existing mailbox for user xyz, but
no-one else. With your change it will be visible to everyone.

> Of course, assuming there's a reason acl_mailbox_try_list_fast has a "try" in 
> its name and that it actually can fail, foo, foo.foo and foo.bar could 
> perhaps end up in the mailbox list even if they do not have children that are 
> visible to the user.

The name implies that it could fail. But .. hmm. I'm not sure yet, have
to look at the code some more. :)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20081119/79bbed5a/attachment.bin 


More information about the dovecot mailing list