static int
acl_mailbox_rename(struct mailbox *src, struct mailbox *dest)
{
struct acl_mailbox *abox = ACL_CONTEXT(src);
int ret;
/* renaming requires rights to delete the old mailbox */
ret = acl_mailbox_right_lookup(src, ACL_STORAGE_RIGHT_DELETE);
if (ret <= 0) {
if (ret == 0)
acl_mailbox_fail_not_found(src);
return -1;
}
/* and create the new one under the parent mailbox */
T_BEGIN {
ret = acl_mailbox_list_have_right(dest->list, dest->name, TRUE,
ACL_STORAGE_RIGHT_CREATE, NULL);
} T_END;
if (ret <= 0) {
if (ret == 0) {
/* Note that if the mailbox didn't have LOOKUP
permission, this now reveals to user the mailbox's
existence. Can't help it. */
mail_storage_set_error(src->storage, MAIL_ERROR_PERM,
MAIL_ERRSTR_NO_PERMISSION);
} else {
mail_storage_set_internal_error(src->storage);
}
return -1;
}
return abox->module_ctx.super.rename_box(src, dest);
}
static int
acl_mailbox_delete(struct mailbox *box)
{
struct acl_mailbox *abox = ACL_CONTEXT(box);
int ret;
ret = acl_mailbox_right_lookup(box, ACL_STORAGE_RIGHT_DELETE);
if (ret <= 0) {
if (ret == 0)
acl_mailbox_fail_not_found(box);
return -1;
}
return abox->module_ctx.super.delete_box(box);
}
static int
acl_mailbox_delete(struct mailbox *box)
{
struct acl_mailbox *abox = ACL_CONTEXT(box);
int ret;
ret = acl_mailbox_right_lookup(box, ACL_STORAGE_RIGHT_DELETE);
if (ret <= 0) {
if (ret == 0)
acl_mailbox_fail_not_found(box);
return -1;
}
/* deletion might internally open the mailbox. let it succeed even if
we don't have READ permission. */
abox->skip_acl_checks = TRUE;
ret = abox->module_ctx.super.delete_box(box);
abox->skip_acl_checks = FALSE;
return ret;
}
static int acl_mailbox_open_check_acl(struct mailbox *box)
{
struct acl_mailbox *abox = ACL_CONTEXT(box);
struct acl_mailbox_list *alist = ACL_LIST_CONTEXT(box->list);
const unsigned int *idx_arr = alist->rights.acl_storage_right_idx;
enum acl_storage_rights open_right;
int ret;
/* mailbox can be opened either for reading or appending new messages */
if ((box->flags & MAILBOX_FLAG_IGNORE_ACLS) != 0 ||
(box->list->ns->flags & NAMESPACE_FLAG_NOACL) != 0 ||
abox->skip_acl_checks)
return 0;
if ((box->flags & MAILBOX_FLAG_SAVEONLY) != 0) {
open_right = (box->flags & MAILBOX_FLAG_POST_SESSION) != 0 ?
ACL_STORAGE_RIGHT_POST : ACL_STORAGE_RIGHT_INSERT;
} else if (box->deleting) {
open_right = ACL_STORAGE_RIGHT_DELETE;
} else {
open_right = ACL_STORAGE_RIGHT_READ;
}
ret = acl_object_have_right(abox->aclobj, idx_arr[open_right]);
if (ret <= 0) {
if (ret == 0) {
/* no access. */
acl_mailbox_fail_not_found(box);
}
return -1;
}
if (open_right != ACL_STORAGE_RIGHT_READ) {
ret = acl_object_have_right(abox->aclobj,
idx_arr[ACL_STORAGE_RIGHT_READ]);
if (ret < 0)
return -1;
if (ret == 0)
abox->no_read_right = TRUE;
}
return 0;
}
