Univention Bugzilla – Full Text Bug Listing |
Summary: | UCS400: Removing ACLs on shared folder objects does not remove ACLs in IMAP | ||
---|---|---|---|
Product: | UCS | Reporter: | Sönke Schwardt-Krummrich <schwardt> |
Component: | Mail - Dovecot | Assignee: | Daniel Tröder <troeder> |
Status: | CLOSED FIXED | QA Contact: | Sönke Schwardt-Krummrich <schwardt> |
Severity: | normal | ||
Priority: | P5 | CC: | gohmann, walkenhorst |
Version: | UCS 4.1 | ||
Target Milestone: | UCS 4.0-4-errata | ||
Hardware: | Other | ||
OS: | Linux | ||
What kind of report is it?: | --- | What type of bug is this?: | --- |
Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
User Pain: | Enterprise Customer affected?: | ||
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | ||
Max CVSS v3 score: | |||
Bug Depends on: | 40194 | ||
Bug Blocks: |
Description
Sönke Schwardt-Krummrich
2015-12-08 15:15:59 CET
IMAP ACLs were only removed on "public" shared folders. The same code for diff'ing old and new ACLs is now also used for "private" shared folders. Code: 66356 YAML: 66360 OK: code change OK: functional test OK: YAML (reworded description → r66895) Check old package version: # eval "$(ucr shell)" # udm mail/folder create --position "cn=mail,$ldap_base" --set name=FolderPriv1 --set mailDomain=nstx.local --set mailHomeServer=master90.nstx.local Object created: cn=FolderPriv1@nstx.local,cn=mail,dc=nstx,dc=local # doveadm acl get -A FolderPriv1@nstx.local/INBOX Username ID Global Rights # udm mail/folder modify --dn cn=FolderPriv1@nstx.local,cn=mail,$ldap_base --append sharedFolderUserACL="mail2@nstx.local read" Object modified: cn=FolderPriv1@nstx.local,cn=mail,dc=nstx,dc=local # doveadm acl get -u mail1@nstx.local FolderPriv1@nstx.local/INBOX ID Global Rights user=mail2@nstx.local lookup read write write-seen # udm mail/folder modify --dn cn=FolderPriv1@nstx.local,cn=mail,$ldap_base --remove sharedFolderUserACL="mail2@nstx.local read" Object modified: cn=FolderPriv1@nstx.local,cn=mail,dc=nstx,dc=local # doveadm acl get -u mail1@nstx.local FolderPriv1@nstx.local/INBOX ID Global Rights # udm mail/folder modify --dn cn=FolderPriv1@nstx.local,cn=mail,$ldap_base --append sharedFolderGroupACL="grp3 append" Object modified: cn=FolderPriv1@nstx.local,cn=mail,dc=nstx,dc=local # doveadm acl get -u mail1@nstx.local FolderPriv1@nstx.local/INBOX ID Global Rights group=grp3 insert lookup post read write write-seen # udm mail/folder modify --dn cn=FolderPriv1@nstx.local,cn=mail,$ldap_base --remove sharedFolderGroupACL="grp3 append" Object modified: cn=FolderPriv1@nstx.local,cn=mail,dc=nstx,dc=local # doveadm acl get -u mail1@nstx.local FolderPriv1@nstx.local/INBOX ID Global Rights # eval "$(ucr shell)" # udm mail/folder create --position "cn=mail,$ldap_base" --set name=FolderPub2 --set mailPrimaryAddress=pub2@nstx.local --set mailDomain=nstx.local --set mailHomeServer=master90.nstx.local Object created: cn=FolderPub2@nstx.local,cn=mail,dc=nstx,dc=local # doveadm acl get -u mail1@nstx.local shared/pub2@nstx.local ID Global Rights # udm mail/folder modify --dn cn=FolderPub2@nstx.local,cn=mail,$ldap_base --append sharedFolderUserACL="mail3@nstx.local append" --append sharedFolderGroupACL="grp4 read" Object modified: cn=FolderPub2@nstx.local,cn=mail,dc=nstx,dc=local # doveadm acl get -u mail1@nstx.local shared/pub2@nstx.local ID Global Rights group=grp4 lookup read write write-seen user=mail3@nstx.local insert lookup post read write write-seen # udm mail/folder modify --dn cn=FolderPub2@nstx.local,cn=mail,$ldap_base --remove sharedFolderUserACL="mail3@nstx.local append" Object modified: cn=FolderPub2@nstx.local,cn=mail,dc=nstx,dc=local # doveadm acl get -u mail1@nstx.local shared/pub2@nstx.local ID Global Rights group=grp4 lookup read write write-seen user=mail3@nstx.local insert lookup post read write write-seen ←←←←←←←←←← FAIL IN OLD VERSION # udm mail/folder modify --dn cn=FolderPub2@nstx.local,cn=mail,$ldap_base --remove sharedFolderGroupACL="grp4 read" Object modified: cn=FolderPub2@nstx.local,cn=mail,dc=nstx,dc=local # doveadm acl get -u mail1@nstx.local shared/pub2@nstx.local ID Global Rights group=grp4 lookup read write write-seen ←←←←←←←←←← FAIL IN OLD VERSION user=mail3@nstx.local insert lookup post read write write-seen ←←←←←←←←←← FAIL IN OLD VERSION # Check new package version: # udm mail/folder create --position "cn=mail,$ldap_base" --set name=FolderPub3 --set mailPrimaryAddress=pub3@nstx.local --set mailDomain=nstx.local --set mailHomeServer=master90.nstx.local Object created: cn=FolderPub3@nstx.local,cn=mail,dc=nstx,dc=local # doveadm acl get -u mail1@nstx.local shared/pub3@nstx.local ID Global Rights # udm mail/folder modify --dn cn=FolderPub3@nstx.local,cn=mail,$ldap_base --append sharedFolderUserACL="mail3@nstx.local append" --append sharedFolderGroupACL="grp4 read" Object modified: cn=FolderPub3@nstx.local,cn=mail,dc=nstx,dc=loca # doveadm acl get -u mail1@nstx.local shared/pub3@nstx.local ID Global Rights group=grp4 lookup read write write-seen user=mail3@nstx.local insert lookup post read write write-seen # udm mail/folder modify --dn cn=FolderPub3@nstx.local,cn=mail,$ldap_base --remove sharedFolderUserACL="mail3@nstx.local append" Object modified: cn=FolderPub3@nstx.local,cn=mail,dc=nstx,dc=local # doveadm acl get -u mail1@nstx.local shared/pub3@nstx.local ID Global Rights group=grp4 lookup read write write-seen # udm mail/folder modify --dn cn=FolderPub3@nstx.local,cn=mail,$ldap_base --remove sharedFolderGroupACL="grp4 read" Object modified: cn=FolderPub3@nstx.local,cn=mail,dc=nstx,dc=local # doveadm acl get -u mail1@nstx.local shared/pub3@nstx.local ID Global Rights # |