From: Timo Sirainen Date: Wed, 15 Jan 2020 13:43:11 +0000 (+0200) Subject: acl: Move attribute rights checking to its own function X-Git-Tag: 2.3.10~127 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=1cef1f269169ce01a9e1f4b327afad8bcea99604;p=thirdparty%2Fdovecot%2Fcore.git acl: Move attribute rights checking to its own function --- diff --git a/src/plugins/acl/acl-attributes.c b/src/plugins/acl/acl-attributes.c index f0d3177de4..515ff42261 100644 --- a/src/plugins/acl/acl-attributes.c +++ b/src/plugins/acl/acl-attributes.c @@ -111,13 +111,6 @@ static int acl_have_attribute_rights(struct mailbox *box) return 1; } - /* RFC 5464: - - When the ACL extension [RFC4314] is present, users can only set and - retrieve private or shared mailbox annotations on a mailbox on which - they have the "l" right and any one of the "r", "s", "w", "i", or "p" - rights. - */ ret = acl_mailbox_right_lookup(box, ACL_STORAGE_RIGHT_LOOKUP); if (ret <= 0) { if (ret < 0) @@ -127,17 +120,7 @@ static int acl_have_attribute_rights(struct mailbox *box) return -1; } - if (acl_mailbox_right_lookup(box, ACL_STORAGE_RIGHT_READ) > 0) - return 0; - if (acl_mailbox_right_lookup(box, ACL_STORAGE_RIGHT_WRITE_SEEN) > 0) - return 0; - if (acl_mailbox_right_lookup(box, ACL_STORAGE_RIGHT_WRITE) > 0) - return 0; - if (acl_mailbox_right_lookup(box, ACL_STORAGE_RIGHT_INSERT) > 0) - return 0; - if (acl_mailbox_right_lookup(box, ACL_STORAGE_RIGHT_POST) > 0) - return 0; - return -1; + return acl_mailbox_have_extra_attribute_rights(box) ? 0 : -1; } int acl_attribute_set(struct mailbox_transaction_context *t, diff --git a/src/plugins/acl/acl-mailbox.c b/src/plugins/acl/acl-mailbox.c index 13ba0557d7..fabaa06410 100644 --- a/src/plugins/acl/acl-mailbox.c +++ b/src/plugins/acl/acl-mailbox.c @@ -487,6 +487,28 @@ static int acl_mailbox_exists(struct mailbox *box, bool auto_boxes, return 0; } +bool acl_mailbox_have_extra_attribute_rights(struct mailbox *box) +{ + /* RFC 5464: + + When the ACL extension [RFC4314] is present, users can only set and + retrieve private or shared mailbox annotations on a mailbox on which + they have the "l" right and any one of the "r", "s", "w", "i", or "p" + rights. + */ + if (acl_mailbox_right_lookup(box, ACL_STORAGE_RIGHT_READ) > 0) + return TRUE; + if (acl_mailbox_right_lookup(box, ACL_STORAGE_RIGHT_WRITE_SEEN) > 0) + return TRUE; + if (acl_mailbox_right_lookup(box, ACL_STORAGE_RIGHT_WRITE) > 0) + return TRUE; + if (acl_mailbox_right_lookup(box, ACL_STORAGE_RIGHT_INSERT) > 0) + return TRUE; + if (acl_mailbox_right_lookup(box, ACL_STORAGE_RIGHT_POST) > 0) + return TRUE; + return FALSE; +} + static int acl_mailbox_open_check_acl(struct mailbox *box) { struct acl_mailbox *abox = ACL_CONTEXT_REQUIRE(box); diff --git a/src/plugins/acl/acl-storage.h b/src/plugins/acl/acl-storage.h index 5f7df62172..8be4c269b4 100644 --- a/src/plugins/acl/acl-storage.h +++ b/src/plugins/acl/acl-storage.h @@ -28,6 +28,10 @@ struct acl_object *acl_mailbox_get_aclobj(struct mailbox *box); sets storage error. */ int acl_mailbox_right_lookup(struct mailbox *box, unsigned int right_idx); +/* Returns TRUE if mailbox has the necessary extra ACL for accessing + attributes. The caller must have checked the LOOKUP right already. */ +bool acl_mailbox_have_extra_attribute_rights(struct mailbox *box); + int acl_mailbox_update_acl(struct mailbox_transaction_context *t, const struct acl_rights_update *update);