Page MenuHomePhorge
Files F117929399

D4567.1775461500.diff
No OneTemporary
Actions

Authored By
Unknown
Size
16 KB
Referenced Files
None
Subscribers
None

D4567.1775461500.diff
View Options

diff --git a/src/app/Backends/IMAP.php b/src/app/Backends/IMAP.php
--- a/src/app/Backends/IMAP.php
+++ b/src/app/Backends/IMAP.php
@@ -6,6 +6,7 @@
use App\Resource;
use App\SharedFolder;
use App\User;
+use App\Utils;
class IMAP
{
@@ -219,12 +220,15 @@
$settings = $resource->getSettings(['invitation_policy', 'folder']);
$mailbox = self::toUTF7($settings['folder']);
- $acl = null;
+ $acl = [];
if (!empty($settings['invitation_policy'])) {
if (preg_match('/^manual:(\S+@\S+)$/', $settings['invitation_policy'], $m)) {
$acl = ["{$m[1]}, full"];
}
}
+
+ Utils::ensureAclPostPermission($acl);
+
self::createFolder($imap, $mailbox, false, ['/shared/vendor/kolab/folder-type' => 'event'], $acl);
$imap->closeConnection();
@@ -268,6 +272,9 @@
$acl = ["{$m[1]}, full"];
}
}
+
+ Utils::ensureAclPostPermission($acl);
+
self::aclUpdate($imap, $mailbox, $acl);
$imap->closeConnection();
@@ -316,9 +323,14 @@
$imap = self::initIMAP($config);
$settings = $folder->getSettings(['acl', 'folder']);
- $acl = !empty($settings['acl']) ? json_decode($settings['acl'], true) : null;
+ $acl = !empty($settings['acl']) ? json_decode($settings['acl'], true) : [];
$mailbox = self::toUTF7($settings['folder']);
+ // For Mail folders make sure they can receive mail
+ if ($folder->type == 'mail') {
+ Utils::ensureAclPostPermission($acl);
+ }
+
self::createFolder($imap, $mailbox, false, ['/shared/vendor/kolab/folder-type' => $folder->type], $acl);
$imap->closeConnection();
@@ -342,6 +354,12 @@
$settings = $folder->getSettings(['acl', 'folder']);
$acl = !empty($settings['acl']) ? json_decode($settings['acl'], true) : null;
+
+ // For Mail folders make sure they can receive mail
+ if ($folder->type == 'mail') {
+ Utils::ensureAclPostPermission($acl);
+ }
+
$folder = $settings['folder'];
$mailbox = self::toUTF7($folder);
@@ -629,7 +647,7 @@
throw new \Exception("Failed to create mailbox {$mailbox}");
}
- if ($acl) {
+ if (!empty($acl)) {
self::aclUpdate($imap, $mailbox, $acl, true);
}
@@ -656,7 +674,8 @@
return \collect($acl)
->mapWithKeys(function ($item, $key) {
list($user, $rights) = explode(',', $item, 2);
- return [trim($user) => self::ACL_MAP[trim($rights)]];
+ $rights = trim($rights);
+ return [trim($user) => self::ACL_MAP[$rights] ?? $rights];
})
->all();
}
diff --git a/src/app/Backends/LDAP.php b/src/app/Backends/LDAP.php
--- a/src/app/Backends/LDAP.php
+++ b/src/app/Backends/LDAP.php
@@ -7,6 +7,7 @@
use App\Resource;
use App\SharedFolder;
use App\User;
+use App\Utils;
class LDAP
{
@@ -1015,7 +1016,7 @@
$entry['cn'] = $resource->name;
$entry['owner'] = null;
$entry['kolabinvitationpolicy'] = null;
- $entry['acl'] = '';
+ $entry['acl'] = [];
$settings = $resource->getSettings(['invitation_policy', 'folder']);
@@ -1044,13 +1045,15 @@
} elseif (preg_match('/^manual:(\S+@\S+)$/', $settings['invitation_policy'], $m)) {
if (self::getUserEntry($ldap, $m[1], $userDN)) {
$entry['owner'] = $userDN;
- $entry['acl'] = $m[1] . ', full';
+ $entry['acl'] = [$m[1] . ', full'];
$entry['kolabinvitationpolicy'] = 'ACT_MANUAL';
} else {
$entry['kolabinvitationpolicy'] = 'ACT_ACCEPT';
}
}
}
+
+ Utils::ensureAclPostPermission($entry['acl']);
}
/**
@@ -1060,10 +1063,17 @@
{
$settings = $folder->getSettings(['acl', 'folder']);
+ $acl = !empty($settings['acl']) ? json_decode($settings['acl'], true) : [];
+
+ // For Mail folders make sure they can receive mail
+ if ($folder->type == 'mail') {
+ Utils::ensureAclPostPermission($acl);
+ }
+
$entry['cn'] = $folder->name;
$entry['kolabfoldertype'] = $folder->type;
$entry['kolabtargetfolder'] = $settings['folder'] ?? '';
- $entry['acl'] = !empty($settings['acl']) ? json_decode($settings['acl'], true) : '';
+ $entry['acl'] = $acl;
$entry['alias'] = $folder->aliases()->pluck('alias')->all();
}
diff --git a/src/app/Utils.php b/src/app/Utils.php
--- a/src/app/Utils.php
+++ b/src/app/Utils.php
@@ -146,6 +146,28 @@
return strtolower($email);
}
+ /**
+ * Make sure that IMAP folder access rights contains "anyone: p" permission
+ *
+ * @param array $acl ACL (in form of "user, permission" records)
+ */
+ public static function ensureAclPostPermission(array &$acl): void
+ {
+ foreach ($acl as $idx => $entry) {
+ if (str_starts_with($entry, 'anyone,')) {
+ if (strpos($entry, 'read-only')) {
+ $acl[$idx] = 'anyone, lrsp';
+ } elseif (strpos($entry, 'read-write')) {
+ $acl[$idx] = 'anyone, lrswitednp';
+ }
+
+ return;
+ }
+ }
+
+ $acl[] = 'anyone, p';
+ }
+
/**
* Generate a passphrase. Not intended for use in production, so limited to environments that are not production.
*
diff --git a/src/tests/Feature/Backends/IMAPTest.php b/src/tests/Feature/Backends/IMAPTest.php
--- a/src/tests/Feature/Backends/IMAPTest.php
+++ b/src/tests/Feature/Backends/IMAPTest.php
@@ -205,10 +205,9 @@
$this->assertTrue(IMAP::verifySharedFolder($imapFolder = $resource->getSetting('folder')));
$imap = $this->getImap();
- $expectedAcl = ['john@kolab.org' => str_split('lrswipkxtecdn')];
+ $expectedAcl = ['anyone' => ['p'], 'john@kolab.org' => str_split('lrswipkxtecdn')];
$acl = $imap->getACL(IMAP::toUTF7($imapFolder));
- $this->assertTrue(is_array($acl) && isset($acl['john@kolab.org']));
- $this->assertSame($expectedAcl['john@kolab.org'], $acl['john@kolab.org']);
+ $this->assertSame($expectedAcl, $acl);
// Update the resource (rename)
$resource->name = 'Resource1 ©' . time();
@@ -219,13 +218,12 @@
$this->assertTrue($imapFolder != $newImapFolder);
$this->assertTrue(IMAP::verifySharedFolder($newImapFolder));
$acl = $imap->getACL(IMAP::toUTF7($newImapFolder));
- $this->assertTrue(is_array($acl) && isset($acl['john@kolab.org']));
- $this->assertSame($expectedAcl['john@kolab.org'], $acl['john@kolab.org']);
+ $this->assertSame($expectedAcl, $acl);
// Update the resource (acl change)
$resource->setSetting('invitation_policy', 'accept');
$this->assertTrue(IMAP::updateResource($resource));
- $this->assertSame([], $imap->getACL(IMAP::toUTF7($newImapFolder)));
+ $this->assertSame(['anyone' => ['p']], $imap->getACL(IMAP::toUTF7($newImapFolder)));
// Delete the resource
$this->assertTrue(IMAP::deleteResource($resource));
@@ -233,7 +231,7 @@
}
/**
- * Test creating/updating/deleting a shared folder
+ * Test creating/updating/deleting a shared folder (type: mail)
*
* @group imap
*/
@@ -252,27 +250,28 @@
$imap = $this->getImap();
$expectedAcl = [
+ 'anyone' => ['p'],
+ 'jack@kolab.org' => str_split('lrs'),
'john@kolab.org' => str_split('lrswipkxtecdn'),
- 'jack@kolab.org' => str_split('lrs')
];
$acl = $imap->getACL(IMAP::toUTF7($imapFolder));
- $this->assertTrue(is_array($acl) && isset($acl['john@kolab.org']));
- $this->assertSame($expectedAcl['john@kolab.org'], $acl['john@kolab.org']);
- $this->assertTrue(is_array($acl) && isset($acl['jack@kolab.org']));
- $this->assertSame($expectedAcl['jack@kolab.org'], $acl['jack@kolab.org']);
+ ksort($acl);
+ $this->assertSame($expectedAcl, $acl);
// Update shared folder (acl)
$folder->setSetting('acl', json_encode(['jack@kolab.org, read-only']));
$this->assertTrue(IMAP::updateSharedFolder($folder));
- $expectedAcl = ['jack@kolab.org' => str_split('lrs')];
+ $expectedAcl = [
+ 'anyone' => ['p'],
+ 'jack@kolab.org' => str_split('lrs'),
+ ];
$acl = $imap->getACL(IMAP::toUTF7($imapFolder));
- $this->assertTrue(is_array($acl) && isset($acl['jack@kolab.org']));
- $this->assertSame($expectedAcl['jack@kolab.org'], $acl['jack@kolab.org']);
- $this->assertTrue(!isset($acl['john@kolab.org']));
+ ksort($acl);
+ $this->assertSame($expectedAcl, $acl);
// Update the shared folder (rename)
$folder->name = 'SharedFolder1 ©' . time();
@@ -284,14 +283,60 @@
$this->assertTrue(IMAP::verifySharedFolder($newImapFolder));
$acl = $imap->getACL(IMAP::toUTF7($newImapFolder));
- $this->assertTrue(is_array($acl) && isset($acl['jack@kolab.org']));
- $this->assertSame($expectedAcl['jack@kolab.org'], $acl['jack@kolab.org']);
+ ksort($acl);
+ $this->assertSame($expectedAcl, $acl);
// Delete the shared folder
$this->assertTrue(IMAP::deleteSharedFolder($folder));
$this->assertFalse(IMAP::verifySharedFolder($newImapFolder));
}
+ /**
+ * Test creating/updating/deleting a shared folder (type: event)
+ *
+ * @group imap
+ */
+ public function testSharedFoldersTypeEvent(): void
+ {
+ $this->folder = $folder = $this->getTestSharedFolder(
+ 'test-folder-' . time() . '@kolab.org',
+ ['name' => 'SharedFolder' . time(), 'type' => 'event']
+ );
+
+ $folder->setSetting('acl', json_encode(['john@kolab.org, full', 'jack@kolab.org, read-only']));
+
+ $this->assertTrue(IMAP::createSharedFolder($folder));
+ $this->assertTrue(IMAP::verifySharedFolder($imapFolder = $folder->getSetting('folder')));
+
+ $imap = $this->getImap();
+ $expectedAcl = [
+ // FIXME: If you create a shared folder without specifying permissions for 'anyone'
+ // Cyrus assigns 'lrs' to 'anyone' by default. I don't know, should we remove it?
+ 'anyone' => str_split('lrs'),
+ 'jack@kolab.org' => str_split('lrs'),
+ 'john@kolab.org' => str_split('lrswipkxtecdn'),
+ ];
+
+ $acl = $imap->getACL(IMAP::toUTF7($imapFolder));
+ ksort($acl);
+ $this->assertSame($expectedAcl, $acl);
+
+ // Update shared folder (acl)
+ $folder->setSetting('acl', json_encode(['jack@kolab.org, read-only']));
+
+ $this->assertTrue(IMAP::updateSharedFolder($folder));
+
+ $expectedAcl = [
+ // FIXME: An update will remove the default 'anyone' permissions, because they do not exist in Kolab.
+ // 'anyone' => str_split('lrs'),
+ 'jack@kolab.org' => str_split('lrs'),
+ ];
+
+ $acl = $imap->getACL(IMAP::toUTF7($imapFolder));
+ ksort($acl);
+ $this->assertSame($expectedAcl, $acl);
+ }
+
/**
* Test verifying IMAP account existence (existing account)
*
diff --git a/src/tests/Feature/Backends/LDAPTest.php b/src/tests/Feature/Backends/LDAPTest.php
--- a/src/tests/Feature/Backends/LDAPTest.php
+++ b/src/tests/Feature/Backends/LDAPTest.php
@@ -247,7 +247,7 @@
'kolabtargetfolder' => 'shared/Resources/Test1@kolab.org',
'kolabinvitationpolicy' => null,
'owner' => null,
- 'acl' => null,
+ 'acl' => 'anyone, p',
];
foreach ($expected as $attr => $value) {
@@ -267,7 +267,7 @@
$expected['owner'] = 'uid=john@kolab.org,ou=People,ou=kolab.org,' . $root_dn;
$expected['dn'] = 'cn=Te(\\3dść)1,ou=Resources,ou=kolab.org,' . $root_dn;
$expected['cn'] = 'Te(=ść)1';
- $expected['acl'] = 'john@kolab.org, full';
+ $expected['acl'] = ['john@kolab.org, full', 'anyone, p'];
$ldap_resource = LDAP::getResource($resource->email);
@@ -281,7 +281,7 @@
LDAP::updateResource($resource);
- $expected['acl'] = null;
+ $expected['acl'] = 'anyone, p';
$expected['kolabinvitationpolicy'] = null;
$expected['owner'] = null;
@@ -299,7 +299,7 @@
}
/**
- * Test creating/updating/deleting a shared folder record
+ * Test creating/updating/deleting a shared folder record (type: mail)
*
* @group ldap
*/
@@ -307,6 +307,75 @@
{
Queue::fake();
+ $root_dn = \config('ldap.hosted.root_dn');
+ $folder = $this->getTestSharedFolder('test-folder@kolab.org', ['type' => 'mail']);
+ $folder->setSetting('acl', null);
+
+ // Make sure the shared folder does not exist
+ // LDAP::deleteSharedFolder($folder);
+
+ // Create the shared folder
+ LDAP::createSharedFolder($folder);
+
+ $ldap_folder = LDAP::getSharedFolder($folder->email);
+
+ $expected = [
+ 'cn' => 'test-folder',
+ 'dn' => 'cn=test-folder,ou=Shared Folders,ou=kolab.org,' . $root_dn,
+ 'mail' => $folder->email,
+ 'objectclass' => [
+ 'top',
+ 'kolabsharedfolder',
+ 'mailrecipient',
+ ],
+ 'kolabfoldertype' => 'mail',
+ 'kolabtargetfolder' => 'shared/test-folder@kolab.org',
+ 'acl' => 'anyone, p',
+ 'alias' => null,
+ ];
+
+ foreach ($expected as $attr => $value) {
+ $ldap_value = isset($ldap_folder[$attr]) ? $ldap_folder[$attr] : null;
+ $this->assertEquals($value, $ldap_value, "Shared folder $attr attribute");
+ }
+
+ // Update folder name and acl
+ $folder->name = 'Te(=ść)1';
+ $folder->save();
+ $folder->setSetting('acl', '["john@kolab.org, read-write","anyone, read-only"]');
+ $aliases = ['t1-' . $folder->email, 't2-' . $folder->email];
+ $folder->setAliases($aliases);
+
+ LDAP::updateSharedFolder($folder);
+
+ $expected['kolabtargetfolder'] = 'shared/Te(=ść)1@kolab.org';
+ $expected['acl'] = ['john@kolab.org, read-write', 'anyone, lrsp'];
+ $expected['dn'] = 'cn=Te(\\3dść)1,ou=Shared Folders,ou=kolab.org,' . $root_dn;
+ $expected['cn'] = 'Te(=ść)1';
+ $expected['alias'] = $aliases;
+
+ $ldap_folder = LDAP::getSharedFolder($folder->email);
+
+ foreach ($expected as $attr => $value) {
+ $ldap_value = isset($ldap_folder[$attr]) ? $ldap_folder[$attr] : null;
+ $this->assertEquals($value, $ldap_value, "Shared folder $attr attribute");
+ }
+
+ // Delete the resource
+ LDAP::deleteSharedFolder($folder);
+
+ $this->assertSame(null, LDAP::getSharedFolder($folder->email));
+ }
+
+ /**
+ * Test creating/updating/deleting a shared folder record (type: event)
+ *
+ * @group ldap
+ */
+ public function testSharedFolderEvent(): void
+ {
+ Queue::fake();
+
$root_dn = \config('ldap.hosted.root_dn');
$folder = $this->getTestSharedFolder('test-folder@kolab.org', ['type' => 'event']);
$folder->setSetting('acl', null);
diff --git a/src/tests/Unit/UtilsTest.php b/src/tests/Unit/UtilsTest.php
--- a/src/tests/Unit/UtilsTest.php
+++ b/src/tests/Unit/UtilsTest.php
@@ -58,6 +58,28 @@
$this->assertSame('shared+shared/Test@test.tld', Utils::emailToLower('shared+shared/Test@Test.Tld'));
}
+ /**
+ * Test for Utils::ensureAclPostPermission()
+ */
+ public function testEnsureAclPostPermission(): void
+ {
+ $acl = [];
+ Utils::ensureAclPostPermission($acl);
+ $this->assertSame(['anyone, p'], $acl);
+
+ $acl = ['anyone, full'];
+ Utils::ensureAclPostPermission($acl);
+ $this->assertSame(['anyone, full'], $acl);
+
+ $acl = ['anyone, read-only'];
+ Utils::ensureAclPostPermission($acl);
+ $this->assertSame(['anyone, lrsp'], $acl);
+
+ $acl = ['anyone, read-write'];
+ Utils::ensureAclPostPermission($acl);
+ $this->assertSame(['anyone, lrswitednp'], $acl);
+ }
+
/**
* Test for Utils::money()
*/

File Metadata

Mime Type
text/plain
Expires
Mon, Apr 6, 7:45 AM (7 h, 36 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
18836094
Default Alt Text
D4567.1775461500.diff (16 KB)

Event Timeline