acl: Skip auto=create|subscribe mailboxes that don't have lookup-right

Removing them entirely from the boxes and box_sets arrays in the list
context treats them as if they weren't configured at all. This way they
don't need any other special code.

diff --git a/src/plugins/acl/Makefile.am b/src/plugins/acl/Makefile.am
index 9c0fcfbb8f7a494cc1777dba72d06102c23b5be2..9ac5b3cebad14bfdf6854452d81dee582a1064a9 100644 (file)
--- a/src/plugins/acl/Makefile.am
+++ b/src/plugins/acl/Makefile.am
@@ -7,6 +7,7 @@ AM_CPPFLAGS = \
        -I$(top_srcdir)/src/lib-imap \
        -I$(top_srcdir)/src/lib-index \
        -I$(top_srcdir)/src/lib-storage \
+       -I$(top_srcdir)/src/lib-storage/list \
        -I$(top_srcdir)/src/doveadm
 
 NOPLUGIN_LDFLAGS =

diff --git a/src/plugins/acl/acl-mailbox-list.c b/src/plugins/acl/acl-mailbox-list.c
index 48f9e96bf2e6064f57c46e71f99167b61fc4d5d2..e54bebf7defc10ff7d4aa54fcb982b39e1f35f8e 100644 (file)
--- a/src/plugins/acl/acl-mailbox-list.c
+++ b/src/plugins/acl/acl-mailbox-list.c
@@ -6,7 +6,7 @@
 #include "imap-match.h"
 #include "mailbox-tree.h"
 #include "mail-namespace.h"
-#include "mailbox-list-private.h"
+#include "mailbox-list-iter-private.h"
 #include "acl-api-private.h"
 #include "acl-cache.h"
 #include "acl-shared-storage.h"
@@ -23,6 +23,7 @@ struct acl_mailbox_list_iterate_context {
        char sep;
        bool hide_nonlistable_subscriptions:1;
        bool simple_star_glob:1;
+       bool autocreate_acls_checked:1;
 };
 
 static const char *acl_storage_right_names[ACL_STORAGE_RIGHT_COUNT] = {
@@ -400,6 +401,46 @@ acl_mailbox_list_info_is_visible(struct mailbox_list_iterate_context *_ctx)
        return 0;
 }
 
+static int
+acl_mailbox_list_iter_check_autocreate_acls(struct mailbox_list_iterate_context *_ctx)
+{
+       struct acl_mailbox_list_iterate_context *ctx =
+               ACL_LIST_ITERATE_CONTEXT(_ctx);
+       struct mailbox_settings *const *box_sets;
+       unsigned int i, count;
+       int ret;
+
+       ctx->autocreate_acls_checked = TRUE;
+       if (_ctx->autocreate_ctx == NULL)
+               return 0;
+       if ((_ctx->flags & MAILBOX_LIST_ITER_RAW_LIST) != 0) {
+               /* skip ACL checks. */
+               return 0;
+       }
+
+       box_sets = array_get(&_ctx->autocreate_ctx->box_sets, &count);
+       i_assert(array_count(&_ctx->autocreate_ctx->boxes) == count);
+
+       for (i = 0; i < count; ) {
+               const char *acl_name =
+                       acl_mailbox_list_iter_get_name(_ctx, box_sets[i]->name);
+               ret = acl_mailbox_list_have_right(_ctx->list, acl_name, FALSE,
+                                                 ACL_STORAGE_RIGHT_LOOKUP,
+                                                 NULL);
+               if (ret < 0)
+                       return -1;
+               if (ret > 0)
+                       i++;
+               else {
+                       /* no list right - remove the whole autobox */
+                       array_delete(&_ctx->autocreate_ctx->box_sets, i, 1);
+                       array_delete(&_ctx->autocreate_ctx->boxes, i, 1);
+                       box_sets = array_get(&_ctx->autocreate_ctx->box_sets, &count);
+               }
+       }
+       return 0;
+}
+
 static const struct mailbox_info *
 acl_mailbox_list_iter_next(struct mailbox_list_iterate_context *_ctx)
 {
@@ -408,6 +449,13 @@ acl_mailbox_list_iter_next(struct mailbox_list_iterate_context *_ctx)
        const struct mailbox_info *info;
        int ret;
 
+       if (!ctx->autocreate_acls_checked) {
+               if (acl_mailbox_list_iter_check_autocreate_acls(_ctx) < 0) {
+                       _ctx->failed = TRUE;
+                       return NULL;
+               }
+       }
+
        while ((info = acl_mailbox_list_iter_next_info(_ctx)) != NULL) {
                ctx->info = *info;
                T_BEGIN {