From: Timo Sirainen <tss@iki.fi>
Date: Mon, 26 Oct 2015 14:28:51 +0000 (+0200)
Subject: acl: Fixed handling mailbox deletion when only "delete" right was available.
X-Git-Tag: 2.2.20.rc1~120
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=fca5548c51bf3887a202089549b9f87cf94cf212;p=thirdparty%2Fdovecot%2Fcore.git

acl: Fixed handling mailbox deletion when only "delete" right was available.
So especially when there were no "lookup" or "read" rights.
---

diff --git a/src/plugins/acl/acl-attributes.c b/src/plugins/acl/acl-attributes.c
index d8089d1aff..4d9f83c46f 100644
--- a/src/plugins/acl/acl-attributes.c
+++ b/src/plugins/acl/acl-attributes.c
@@ -101,6 +101,11 @@ static int acl_have_attribute_rights(struct mailbox *box)
 {
 	int ret;
 
+	if (box->deleting) {
+		/* deleting attributes during mailbox deletion */
+		return 1;
+	}
+
 	/* RFC 5464:
 
 	   When the ACL extension [RFC4314] is present, users can only set and
diff --git a/src/plugins/acl/acl-mailbox.c b/src/plugins/acl/acl-mailbox.c
index 89b2adc893..8a02ceea35 100644
--- a/src/plugins/acl/acl-mailbox.c
+++ b/src/plugins/acl/acl-mailbox.c
@@ -184,12 +184,7 @@ acl_mailbox_delete(struct mailbox *box)
 		return -1;
 	}
 
-	/* deletion might internally open the mailbox. let it succeed even if
-	   we don't have READ permission. */
-	abox->skip_acl_checks = TRUE;
-	ret = abox->module_ctx.super.delete_box(box);
-	abox->skip_acl_checks = FALSE;
-	return ret;
+	return abox->module_ctx.super.delete_box(box);
 }
 
 static int
@@ -500,6 +495,8 @@ static int acl_mailbox_open_check_acl(struct mailbox *box)
 	if ((box->flags & MAILBOX_FLAG_SAVEONLY) != 0) {
 		open_right = (box->flags & MAILBOX_FLAG_POST_SESSION) != 0 ?
 			ACL_STORAGE_RIGHT_POST : ACL_STORAGE_RIGHT_INSERT;
+	} else if (box->deleting) {
+		open_right = ACL_STORAGE_RIGHT_DELETE;
 	} else {
 		open_right = ACL_STORAGE_RIGHT_READ;
 	}