static int acl_mailbox_rename(struct mailbox *src, struct mailbox *dest) { struct acl_mailbox *abox = ACL_CONTEXT(src); int ret; /* renaming requires rights to delete the old mailbox */ ret = acl_mailbox_right_lookup(src, ACL_STORAGE_RIGHT_DELETE); if (ret <= 0) { if (ret == 0) acl_mailbox_fail_not_found(src); return -1; } /* and create the new one under the parent mailbox */ T_BEGIN { ret = acl_mailbox_list_have_right(dest->list, dest->name, TRUE, ACL_STORAGE_RIGHT_CREATE, NULL); } T_END; if (ret <= 0) { if (ret == 0) { /* Note that if the mailbox didn't have LOOKUP permission, this now reveals to user the mailbox's existence. Can't help it. */ mail_storage_set_error(src->storage, MAIL_ERROR_PERM, MAIL_ERRSTR_NO_PERMISSION); } else { mail_storage_set_internal_error(src->storage); } return -1; } return abox->module_ctx.super.rename_box(src, dest); }
static int acl_mailbox_delete(struct mailbox *box) { struct acl_mailbox *abox = ACL_CONTEXT(box); int ret; ret = acl_mailbox_right_lookup(box, ACL_STORAGE_RIGHT_DELETE); if (ret <= 0) { if (ret == 0) acl_mailbox_fail_not_found(box); return -1; } return abox->module_ctx.super.delete_box(box); }
static int acl_mailbox_delete(struct mailbox *box) { struct acl_mailbox *abox = ACL_CONTEXT(box); int ret; ret = acl_mailbox_right_lookup(box, ACL_STORAGE_RIGHT_DELETE); if (ret <= 0) { if (ret == 0) acl_mailbox_fail_not_found(box); return -1; } /* deletion might internally open the mailbox. let it succeed even if we don't have READ permission. */ abox->skip_acl_checks = TRUE; ret = abox->module_ctx.super.delete_box(box); abox->skip_acl_checks = FALSE; return ret; }
static int acl_mailbox_open_check_acl(struct mailbox *box) { struct acl_mailbox *abox = ACL_CONTEXT(box); struct acl_mailbox_list *alist = ACL_LIST_CONTEXT(box->list); const unsigned int *idx_arr = alist->rights.acl_storage_right_idx; enum acl_storage_rights open_right; int ret; /* mailbox can be opened either for reading or appending new messages */ if ((box->flags & MAILBOX_FLAG_IGNORE_ACLS) != 0 || (box->list->ns->flags & NAMESPACE_FLAG_NOACL) != 0 || abox->skip_acl_checks) return 0; if ((box->flags & MAILBOX_FLAG_SAVEONLY) != 0) { open_right = (box->flags & MAILBOX_FLAG_POST_SESSION) != 0 ? ACL_STORAGE_RIGHT_POST : ACL_STORAGE_RIGHT_INSERT; } else if (box->deleting) { open_right = ACL_STORAGE_RIGHT_DELETE; } else { open_right = ACL_STORAGE_RIGHT_READ; } ret = acl_object_have_right(abox->aclobj, idx_arr[open_right]); if (ret <= 0) { if (ret == 0) { /* no access. */ acl_mailbox_fail_not_found(box); } return -1; } if (open_right != ACL_STORAGE_RIGHT_READ) { ret = acl_object_have_right(abox->aclobj, idx_arr[ACL_STORAGE_RIGHT_READ]); if (ret < 0) return -1; if (ret == 0) abox->no_read_right = TRUE; } return 0; }