From ef3f582fdf2d007838bba693f8c2629d079668de Mon Sep 17 00:00:00 2001
From: Timo Sirainen <tss@iki.fi>
Date: Mon, 5 May 2008 00:18:56 +0300
Subject: [PATCH] ACL: If we don't have 'w' access, don't allow creating new
 keywords.

--HG--
branch : HEAD
---
 src/plugins/acl/acl-mailbox.c | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)

diff --git a/src/plugins/acl/acl-mailbox.c b/src/plugins/acl/acl-mailbox.c
index 19878ba82d..4d649e20e1 100644
--- a/src/plugins/acl/acl-mailbox.c
+++ b/src/plugins/acl/acl-mailbox.c
@@ -295,6 +295,36 @@ acl_transaction_commit(struct mailbox_transaction_context *ctx,
 		transaction_commit(ctx, uid_validity_r,
 				   first_saved_uid_r, last_saved_uid_r);
 }
+
+static int
+acl_keywords_create(struct mailbox *box, const char *const keywords[],
+		    struct mail_keywords **keywords_r, bool skip_invalid)
+{
+	struct acl_mailbox *abox = ACL_CONTEXT(box);
+	int ret;
+
+	ret = mailbox_acl_right_lookup(box, ACL_STORAGE_RIGHT_WRITE);
+	if (ret < 0) {
+		if (!skip_invalid)
+			return -1;
+		/* we can't return failure. assume we don't have permissions. */
+		ret = 0;
+	}
+
+	if (ret == 0) {
+		/* no permission to update any flags. just return empty
+		   keywords list. */
+		const char *null = NULL;
+
+		return abox->module_ctx.super.keywords_create(box, &null,
+							      keywords_r,
+							      skip_invalid);
+	}
+
+	return abox->module_ctx.super.keywords_create(box, keywords,
+						      keywords_r, skip_invalid);
+}
+
 struct mailbox *acl_mailbox_open_box(struct mailbox *box)
 {
 	struct acl_mail_storage *astorage = ACL_CONTEXT(box->storage);
@@ -311,6 +341,7 @@ struct mailbox *acl_mailbox_open_box(struct mailbox *box)
 	box->v.close = acl_mailbox_close;
 	box->v.mail_alloc = acl_mail_alloc;
 	box->v.save_init = acl_save_init;
+	box->v.keywords_create = acl_keywords_create;
 	box->v.copy = acl_copy;
 	box->v.transaction_commit = acl_transaction_commit;
 	MODULE_CONTEXT_SET(box, acl_storage_module, abox);
-- 
2.47.3