From: helge Date: Thu, 21 Jul 2005 11:37:30 +0000 (+0000) Subject: started to work on identities X-Git-Url: https://err.no/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4eade36fec702d58d568ac1fa723f1c223a12284;p=scalable-opengroupware.org started to work on identities added permission checks to the Mail app lookup git-svn-id: http://svn.opengroupware.org/SOGo/trunk@870 d1b88da0-ebda-0310-925b-ed51d893ca5b --- diff --git a/SOGo/SoObjects/Mailer/ChangeLog b/SOGo/SoObjects/Mailer/ChangeLog index 350d0e1b..efb7ac46 100644 --- a/SOGo/SoObjects/Mailer/ChangeLog +++ b/SOGo/SoObjects/Mailer/ChangeLog @@ -1,7 +1,15 @@ 2005-07-21 Helge Hess - * SOGoMailObject.m: added a -davEntityTag (v0.9.117) + * v0.9.118 + + * SOGoMailAccounts.m: reject access to the folder in case the name of + the home folder doesn't match the logged in account (a user tries to + access another users Mail application) + * started work on account based identities + + * SOGoMailObject.m: added a -davEntityTag (v0.9.117) + 2005-07-20 Helge Hess * SOGoMailObject.m: improved -doesMailExist check (do not refetch if diff --git a/SOGo/SoObjects/Mailer/GNUmakefile b/SOGo/SoObjects/Mailer/GNUmakefile index cdb90d47..74104625 100644 --- a/SOGo/SoObjects/Mailer/GNUmakefile +++ b/SOGo/SoObjects/Mailer/GNUmakefile @@ -29,6 +29,8 @@ Mailer_OBJC_FILES += \ \ SOGoDraftsFolder.m \ SOGoDraftObject.m \ + \ + SOGoMailIdentity.m \ Mailer_RESOURCE_FILES += \ Version \ diff --git a/SOGo/SoObjects/Mailer/SOGoMailAccounts.h b/SOGo/SoObjects/Mailer/SOGoMailAccounts.h index fd4ac223..0b22916f 100644 --- a/SOGo/SoObjects/Mailer/SOGoMailAccounts.h +++ b/SOGo/SoObjects/Mailer/SOGoMailAccounts.h @@ -1,5 +1,5 @@ /* - Copyright (C) 2004 SKYRIX Software AG + Copyright (C) 2004-2005 SKYRIX Software AG This file is part of OpenGroupware.org. @@ -18,7 +18,6 @@ Free Software Foundation, 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ -// $Id: SOGoMailAccounts.h 274 2004-08-26 13:10:49Z znek $ #ifndef __Mailer_SOGoMailAccounts_H__ #define __Mailer_SOGoMailAccounts_H__ @@ -32,15 +31,20 @@ The SOGoMailAccounts folder contains the mail accounts which are associated with a user. + The list of accounts is currently retrieved from the context -activeUser. Note: this is not yet an IMAP4 object. Its a wrapper which contains the root IMAP4 objects. */ +@class NSArray; + @interface SOGoMailAccounts : SOGoObject { } +- (NSArray *)fetchAllIdentities; + @end #endif /* __Mailer_SOGoMailAccounts_H__ */ diff --git a/SOGo/SoObjects/Mailer/SOGoMailAccounts.m b/SOGo/SoObjects/Mailer/SOGoMailAccounts.m index 1eba89be..2f15df22 100644 --- a/SOGo/SoObjects/Mailer/SOGoMailAccounts.m +++ b/SOGo/SoObjects/Mailer/SOGoMailAccounts.m @@ -37,6 +37,19 @@ static NSString *AgenorShareLoginMarker = @".-."; /* listing the available mailboxes */ +- (BOOL)isInHomeFolderBranchOfLoggedInAccount:(id)_ctx { + id user; + + if (_ctx == nil) _ctx = [[WOApplication application] context]; + if (_ctx == nil) { + [self errorWithFormat:@"Missing context!"]; + return NO; + } + + user = [_ctx activeUser]; + return [[[self container] nameInContainer] isEqualToString:[user login]]; +} + - (NSArray *)toManyRelationshipKeys { WOContext *ctx; id user; @@ -48,7 +61,26 @@ static NSString *AgenorShareLoginMarker = @".-."; __PRETTY_FUNCTION__]; return nil; } - user = [ctx activeUser]; + + /* + Note: this is not strictly correct. The accounts being retrieved should be + the accounts based on the container object of this folder. Given + sufficient rights (eg delegation rights!), this would allow you to + browse the hierarchies of other users. + + But then, the home-folder would need to know about mail + functionality which isn't perfect either. + => TODO + */ + user = [ctx activeUser]; + + /* for now: return nothing if the home-folder does not belong to the login */ + if (![self isInHomeFolderBranchOfLoggedInAccount:ctx]) { + [self warnWithFormat:@"User %@ tried to access mail hierarchy of %@", + [user login], [[self container] nameInContainer]]; + return nil; + } + account = [user valueForKey:@"primaryIMAP4AccountString"]; if ([account isNotNull]) account = [NSArray arrayWithObject:account]; @@ -61,6 +93,11 @@ static NSString *AgenorShareLoginMarker = @".-."; : [account arrayByAddingObjectsFromArray:shares]; } +- (NSArray *)fetchAllIdentities { + [self logWithFormat:@"TODO: implement me: %s", __PRETTY_FUNCTION__]; + return nil; +} + /* name lookup */ - (BOOL)isValidMailAccountName:(NSString *)_key { @@ -106,6 +143,14 @@ static NSString *AgenorShareLoginMarker = @".-."; if ((obj = [super lookupName:_key inContext:_ctx acquire:NO])) return obj; + if (![self isInHomeFolderBranchOfLoggedInAccount:_ctx]) { + [self warnWithFormat:@"User %@ tried to access mail hierarchy of %@", + [[_ctx activeUser] login], [[self container] nameInContainer]]; + + return [NSException exceptionWithHTTPStatus:403 /* Forbidden */ + reason:@"Tried to access the mail of another user"]; + } + if ([self isValidMailAccountName:_key]) { /* forbid shares for requests coming from the Internet */ BOOL isSharedKey; diff --git a/SOGo/SoObjects/Mailer/SOGoMailIdentity.h b/SOGo/SoObjects/Mailer/SOGoMailIdentity.h new file mode 100644 index 00000000..f9df7091 --- /dev/null +++ b/SOGo/SoObjects/Mailer/SOGoMailIdentity.h @@ -0,0 +1,61 @@ +/* + Copyright (C) 2005 SKYRIX Software AG + + This file is part of OpenGroupware.org. + + OGo is free software; you can redistribute it and/or modify it under + the terms of the GNU Lesser General Public License as published by the + Free Software Foundation; either version 2, or (at your option) any + later version. + + OGo is distributed in the hope that it will be useful, but WITHOUT ANY + WARRANTY; without even the implied warranty of MERCHANTABILITY or + FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public + License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with OGo; see the file COPYING. If not, write to the + Free Software Foundation, 59 Temple Place - Suite 330, Boston, MA + 02111-1307, USA. +*/ + +#ifndef __Mailer_SOGoMailIdentity_H__ +#define __Mailer_SOGoMailIdentity_H__ + +#import + +/* + SOGoMailIdentity + + A user identity bound to an account. + + Note: currently this is not a SoObject. This might change later on. + + + In Thunderbird you have a set of accounts which in turn have a set of + identities. There is one default identity. + + The identities then have: + - settings + - a name + - a from-email + - a reply-to + - an organization + - a signature + - a vcard (to be attached) + - folder settings + - Sent-Folder and bcc + - Drafts + Templates + - composition + - whether to use HTML + - whether to quote the source message (reply below, above the quote or + select the quote) +*/ + +@interface SOGoMailIdentity : NSObject +{ +} + +@end + +#endif /* __Mailer_SOGoMailIdentity_H__ */ diff --git a/SOGo/SoObjects/Mailer/SOGoMailIdentity.m b/SOGo/SoObjects/Mailer/SOGoMailIdentity.m new file mode 100644 index 00000000..bc3b9f75 --- /dev/null +++ b/SOGo/SoObjects/Mailer/SOGoMailIdentity.m @@ -0,0 +1,27 @@ +/* + Copyright (C) 2005 SKYRIX Software AG + + This file is part of OpenGroupware.org. + + OGo is free software; you can redistribute it and/or modify it under + the terms of the GNU Lesser General Public License as published by the + Free Software Foundation; either version 2, or (at your option) any + later version. + + OGo is distributed in the hope that it will be useful, but WITHOUT ANY + WARRANTY; without even the implied warranty of MERCHANTABILITY or + FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public + License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with OGo; see the file COPYING. If not, write to the + Free Software Foundation, 59 Temple Place - Suite 330, Boston, MA + 02111-1307, USA. +*/ + +#include "SOGoMailIdentity.h" +#include "common.h" + +@implementation SOGoMailIdentity + +@end /* SOGoMailIdentity */ diff --git a/SOGo/SoObjects/Mailer/Version b/SOGo/SoObjects/Mailer/Version index 84d48131..b22e520a 100644 --- a/SOGo/SoObjects/Mailer/Version +++ b/SOGo/SoObjects/Mailer/Version @@ -1,6 +1,6 @@ # Version file -SUBMINOR_VERSION:=117 +SUBMINOR_VERSION:=118 # v0.9.114 requires libNGMime v4.5.229 # v0.9.114 requires libNGExtensions v4.5.165