[OGo-Discuss] IMAP ACL problems

Sauro Saltini discuss@opengroupware.org
Thu, 13 Dec 2007 22:38:07 +0100 

I've started to implement SOGo in a test environment as I'm very 
intrested in using TB / Lightning as "fat" client to relpace Outlook / 
Exchange duo.

I've done a fresh install from sources on a Slackware server and, after 
some initial problems the whole thing is working like a charm (at least 
the web interface).

My IMAP server (also installed from sources on the same host for testing 
purposes) was Cyrus 2.2.12 (latest stable) authenticating users on 
OpenLDAP, SOGo also authenticates via LDAP.

I've soon realized, playing with the IMAP ACL's for folder sharing, that 
SOGo follows RFC 4314 for rights, so some of the ACL righs won't be 
read/set correctly with my Cyrus-imap version (checkboxes remains always 
unset) - I've also noticed that even the "inverse" demo site suffers the 
same bug.

Replacing Cyrus-imap with 2.3.9 (testing version) which implements 
RFC4314 ACL's the permission manager for imap folders worked well, 
except for the "Remove this folder" and "Erase mails from this folder" 
checkboxes:

- Setting "Remove this folder" and applying will result in "t" acl 
instead of "x" and reopening the form you have:
Remove this folder (x) -> unchecked
Erase mails from this folder (t) -> checked

- Setting "Erase mails from this folder" and applying will result in an 
empty acl and reopening the form will show:
Erase mails from this folder (t) -> unchecked

After some search through the sourcecode I've finally found that the 
Template file (wox) for the form sets uncorrectly the checkbox names 
(which was my initial guess, but took me some time to work out as I've 
never looked at a GNUstep application before!).

In UI/Templates/MailerUI/UIxMailUserRightsEditor.wox I've changed the 
checkbox named: "ObjectEraser" to "FolderEraser" and the one named 
"MailMessageEraser" to "ObjectEraser" according to the rest of logic in 
"SOGoMailFolder" (_sogoAclsToImapAcls and _imapAclsToSOGoAcls methods)

In the meantime I've found some other inconsistencies between 
"SOGoPermissions.h" declarations and the "SOGoPermissions.m" assignments:

in SOGoPermissions.h the "MailRoles" declared are:
extern NSString *SOGoMailRole_SeenKeeper;
extern NSString *SOGoMailRole_Writer;
extern NSString *SOGoMailRole_Poster;
extern NSString *SOGoMailRole_Expunger;
extern NSString *SOGoMailRole_Creator;
extern NSString *SOGoMailRole_Administrator;

instead in SOGoPermissions.m I can see:
NSString *SOGoMailRole_SeenKeeper = @"MailSeenKeeper";
NSString *SOGoMailRole_Writer = @"MailWriter";
NSString *SOGoMailRole_Poster = @"MailPoster";
NSString *SOGoMailRole_Expunger = @"MailExpunger";
NSString *SOGoMailRole_Administrator = @"MailAdministrator";
NSString *SOGoMailRole_MessageEraser = @"MailMessageEraser";

i.e no value assigned for SOGoMailRole_Creator and no declaration for 
SOGoMailRole_MessageEraser (which is one of the problematic roles  used 
in the template file I've changed)

I don't know which is the current direction of development regarding the 
"role names", in fact the whole thing can be patched exactly in the 
opposite way.

The point is only about how you want to call in SOGo the "x" and "t" 
IMAP rights:
x -> MailMessageEraser or ObjectEraser
t -> ObjectEraser or FolderEraser

I hope this can be useful for someone.

I'll go on testing SOGo as I think it can be a great solution.
I'm sorry I can't help with the development as I know quite nothing 
about GNUstep and Objective-C.

Sauro Saltini.