acl: Fixed handling mailbox deletion when only "delete" right was available.

So especially when there were no "lookup" or "read" rights.

diff --git a/src/plugins/acl/acl-attributes.c b/src/plugins/acl/acl-attributes.c
index d8089d1aff964ade1800bd990eda0fffa48cfda6..4d9f83c46f7829f42a9cf151fbc527c697ccd05d 100644 (file)
--- a/src/plugins/acl/acl-attributes.c
+++ b/src/plugins/acl/acl-attributes.c
@@ -101,6 +101,11 @@ static int acl_have_attribute_rights(struct mailbox *box)
 {
        int ret;
 
+       if (box->deleting) {
+               /* deleting attributes during mailbox deletion */
+               return 1;
+       }
+
        /* RFC 5464:
 
           When the ACL extension [RFC4314] is present, users can only set and

diff --git a/src/plugins/acl/acl-mailbox.c b/src/plugins/acl/acl-mailbox.c
index 89b2adc893dfa8273e8c5c674955029064b534d9..8a02ceea357d7c7e87c0be5e5f3561daf2002a31 100644 (file)
--- a/src/plugins/acl/acl-mailbox.c
+++ b/src/plugins/acl/acl-mailbox.c
@@ -184,12 +184,7 @@ acl_mailbox_delete(struct mailbox *box)
                return -1;
        }
 
-       /* deletion might internally open the mailbox. let it succeed even if
-          we don't have READ permission. */
-       abox->skip_acl_checks = TRUE;
-       ret = abox->module_ctx.super.delete_box(box);
-       abox->skip_acl_checks = FALSE;
-       return ret;
+       return abox->module_ctx.super.delete_box(box);
 }
 
 static int
@@ -500,6 +495,8 @@ static int acl_mailbox_open_check_acl(struct mailbox *box)
        if ((box->flags & MAILBOX_FLAG_SAVEONLY) != 0) {
                open_right = (box->flags & MAILBOX_FLAG_POST_SESSION) != 0 ?
                        ACL_STORAGE_RIGHT_POST : ACL_STORAGE_RIGHT_INSERT;
+       } else if (box->deleting) {
+               open_right = ACL_STORAGE_RIGHT_DELETE;
        } else {
                open_right = ACL_STORAGE_RIGHT_READ;
        }