[Dovecot] IMAP ACLs and global ACLs in v1.2

[Robert Schetterer]

Hi Sascha,

Sascha Wilde schrieb:
> Robert Schetterer <robert at schetterer.org> writes:
>> Bernhard Herzog schrieb:
>>> On 15.01.2009, Sascha Wilde wrote:
>>>>> But should it just internally convert "owner" to "username" when
>>>>> replying?
>>>> From our experience this would be a very good idea.  Many clients
>>>> recognize the username and handle those ACLs differently in there UI
>>>> (for example they don't offer them for editing).  But they don't
>>>> understand "owner".
>>> To work around this, we created a patch that tries to avoid the owner ACL 
>>> entries.
> [...]
>> i dont think you should mess around what clients think
>> where should this end , the technical right and most clear description
>> is owner, username can be very wide interpreted and may lead
>> to technical problems in reading imap-acl i.e from horde imp or other
>> mail clients later, as far i remember owner is use i.e in exchange too
> 
> Hi Robert,
> 
> I'm not quite sure if we are talking about the same thing.  This is
> about the reply to the getacl command in the imap protocol (in opposite
> to the output in the clients UI).

i was talking about imap getacl, which answers owner
but youre right maybe we missunderstood

> 
> I don't know about exchange, but most clients don't know about dovecots
> special meaning of "owner" but simply consider it an ordinary user name.

do you mean clients as humans or mail clients?
there are less mail clients which understand imap acl at all
the only only i know which works right fully  in the that way is
mulberry and horde imp, thunderbird can read acls but nor set ( shame on
tb hackers )
and it reports simply owner etc ( but i should try the english version ....)

> 
> On the other hand I know horde imp (the Kolab Webclient is horde based)
> and I can assure you that it gets confused by dovecots current behavior:
> it does not recognize "owner" as "the actual owner of that mailbox" and
> does not handle the ACL in any special way while it _does_ recognize
> when the returned username is matching the current user and for instance
> horde prevents the user from changing his own right.

on my latests test with horde imp latest i cant find any problems
with imap acl and owner, there where a few updates with acl lately
and i had to mess around with the config but made it work,
but for sure i couldnt test all features for now very deep,
cause i still have bugs with other dovecot new features like virtual plugin
> 
> Further more there is no way in the IMAP ACL extension to determine the
> "owner" of an mailbox I'm aware of, so there would be no way for an
> client to resolve the "owner" ACL to an actual user, which makes the
> information rather useless.
> 
i thought so

> cheers

whatever what i mean was leave the code to standarts
dont try to implement specials for brain bugged humans
which might leave to other tec problems later,
anyway i am not in the case to forbid something *g
i ll trust on you that you know what youre doing at last *ggg

-- 
Best Regards

MfG Robert Schetterer

Germany/Munich/Bavaria