Bug 53955 – Wrong access-permissions for shared imap-folders

Bug 53955 - Wrong access-permissions for shared imap-folders


Summary:	Wrong access-permissions for shared imap-folders

Status:	NEW

Product:	Z_Internal OX development
Classification:	Unclassified
Component:	Listener
Version:	UCS 4.4 / 7.10.5
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	---
Assigned To:	Mail maintainers
QA Contact:

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2021-10-19 14:13 CEST by Daniel Duchon
Modified:	2023-08-25 18:41 CEST (History)
CC List:	4 users (show)

See Also:
What kind of report is it?:	Bug Report
What type of bug is this?:	4: Minor Usability: Impairs usability in secondary scenarios
Who will be affected by this bug?:	2: Will only affect a few installed domains
How will those affected feel about the bug?:	2: A Pain – users won’t like this once they notice it
User Pain:	0.091
Enterprise Customer affected?:	Yes
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:	2021083121000269
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Daniel Duchon

2021-10-19 14:13:45 CEST

When setting access-permissions in UMC (Domain -> OX Mail -> Add -> OX-Mail: IMAP-Ordner) these permissions are set wrong:

In UCS respectively the rights for the users oxadmin / write / attach / send / and read set.
->
root@example:/var/spool/dovecot/public/example.com/sharedfolder/.INBOX# cat dovecot-acl
user=attach@example.com ilprws
user=read@example.com lrws
user=oxadmin@example.com akxeilprwts
user=write@example.com eilprwts
user=sent@example.com lprws


If a user is assigned the "Read" right in the UCS, it is displayed in the OX app with "Reviewer" instead of "Viewer".
likewise with "Send" and with "Attach".
For "Write" the assignment is with "Author".
For "All" the assignment is "Administrator".

If you set the appropriate rights in the OX you get the following:

root@example:/var/spool/dovecot/public/example.com/sharedfolder/.INBOX# cat dovecot-acl
user=attach@example.com lprws
user=read@example.com lprs
user=oxadmin@example.com akxeilprwts
user=write@example.com kxeilprwts
user=sent@example.com lprws

Comment 1 Daniel Tröder

2021-10-20 08:24:33 CEST

Yes: UCS and OX do not use the same access permission combinations.
But what is the exact _problem_ for the customer?

Comment 2 Daniel Duchon

2021-10-20 08:32:56 CEST

(In reply to Daniel Tröder from comment #1)
> Yes: UCS and OX do not use the same access permission combinations.

The customer expected the setting of permissions in Univention to be identical to those in OX. 

Specifically, when setting the "read" permission, they expect it to be mapped to "Viewer" and not "Reviewer".

I also don't see any explainable reason why we act differently here, especially seen on this permission.


> But what is the exact _problem_ for the customer?

The customer's exact problem is that setting permissions in UCS does not end up matching the permissions set in OX.