From 63e0157bafaa075c1c15af91174e876c44900a3e Mon Sep 17 00:00:00 2001
From: Hadi Nategh <hnategh@gmail.com>
Date: Thu, 11 May 2017 16:47:31 +0200
Subject: [PATCH] WIP of RFC 4314 implementation, in order to be able to
 separate delete message right and delete mailbox right in mail acl dialog

---
 mail/inc/class.mail_acl.inc.php | 50 ++++++++++++++++++++++
 mail/js/app.js                  | 73 ++++++++++++++++++++-------------
 mail/templates/default/acl.xet  | 32 ++++++++++-----
 3 files changed, 117 insertions(+), 38 deletions(-)

diff --git a/mail/inc/class.mail_acl.inc.php b/mail/inc/class.mail_acl.inc.php
index ffe2dded5b..f2afd24d05 100644
--- a/mail/inc/class.mail_acl.inc.php
+++ b/mail/inc/class.mail_acl.inc.php
@@ -10,6 +10,56 @@
  * @version $Id$
  */
 
+/*
+ * Reference: RFC 4314 DOCUMENTATION - RIGHTS (https://tools.ietf.org/html/rfc4314)
+ *
+ * Standard Rights:
+ *
+ * The currently defined standard rights are (note that the list below
+ * doesn't list all commands that use a particular right):
+ *
+ * l - lookup (mailbox is visible to LIST/LSUB commands, SUBSCRIBE mailbox)
+ * r - read (SELECT the mailbox, perform STATUS)
+ * s - keep seen/unseen information across sessions (set or clear \SEEN flag
+ *     via STORE, also set \SEEN during APPEND/COPY/ FETCH BODY[...])
+ * w - write (set or clear flags other than \SEEN and \DELETED via
+ *     STORE, also set them during APPEND/COPY)
+ * i - insert (perform APPEND, COPY into mailbox)
+ * p - post (send mail to submission address for mailbox,
+ *     not enforced by IMAP4 itself)
+ * k - create mailboxes (CREATE new sub-mailboxes in any
+ *     implementation-defined hierarchy, parent mailbox for the new
+ *     mailbox name in RENAME)
+ * x - delete mailbox (DELETE mailbox, old mailbox name in RENAME)
+ * t - delete messages (set or clear \DELETED flag via STORE, set
+ *     \DELETED flag during APPEND/COPY)
+ * e - perform EXPUNGE and expunge as a part of CLOSE
+ * a - administer (perform SETACL/DELETEACL/GETACL/LISTRIGHTS)
+ *
+ *
+ *
+ * Obsolete Rights:
+ *
+ * Due to ambiguity in RFC 2086, some existing RFC 2086 server
+ * implementations use the "c" right to control the DELETE command.
+ * Others chose to use the "d" right to control the DELETE command.  For
+ * the former group, let's define the "create" right as union of the "k"
+ * and "x" rights, and the "delete" right as union of the "e" and "t"
+ * rights.  For the latter group, let's define the "create" rights as a
+ * synonym to the "k" right, and the "delete" right as union of the "e",
+ * "t", and "x" rights.
+ * For compatibility with RFC 2086, this section defines two virtual
+ * rights "d" and "c".
+ * If a client includes the "d" right in a rights list, then it MUST be
+ * treated as if the client had included every member of the "delete"
+ * right.  (It is not an error for a client to specify both the "d"
+ * right and one or more members of the "delete" right, but the effect
+ * is no different than if just the "d" right or all members of the
+ * "delete" right had been specified.)
+ *
+ */
+
+
 use EGroupware\Api;
 use EGroupware\Api\Framework;
 use EGroupware\Api\Etemplate;
diff --git a/mail/js/app.js b/mail/js/app.js
index 36967f1036..51b7b297b7 100644
--- a/mail/js/app.js
+++ b/mail/js/app.js
@@ -62,7 +62,7 @@ app.classes.mail = AppJS.extend(
 	 * @array
 	 *
 	 */
-	aclRights:['l','r','s','w','i','p','c','d','a'],
+	aclRights:['l','r','s','w','i','p','c','d','k','x','t','e','a'],
 
 	/**
 	 * In order to store Intervals assigned to window
@@ -3920,6 +3920,11 @@ app.classes.mail = AppJS.extend(
 			{
 				var rightsWidget = this.et2.getWidgetById(rowId+'[acl_' + this.aclRights[i]+ ']');
 				rightsWidget.set_value((jQuery.inArray(this.aclRights[i],rights) != -1 )?true:false);
+				if ((rights.indexOf('c') == -1 && ['k','x'].indexOf(this.aclRights[i]) > -1)
+						|| (rights.indexOf('d') == -1 && ['e','x','t'].indexOf(this.aclRights[i]) > -1 ))
+				{
+					rightsWidget.set_readonly(false);
+				}
 			}
 		}
 	},
@@ -3934,35 +3939,47 @@ app.classes.mail = AppJS.extend(
 	 */
 	acl_common_rights: function(event, widget)
 	{
-	   var rowId = widget.id.replace(/[^0-9.]+/g, '');
-	   var aclCommonWidget = this.et2.getWidgetById(rowId + '[acl]');
-	   var rights = '';
+		var rowId = widget.id.replace(/[^0-9.]+/g, '');
+		var aclCommonWidget = this.et2.getWidgetById(rowId + '[acl]');
+		var rights = '';
+		var selectedBox = widget.id;
+		var virtualDelete = ['e','t','x'];
+		var virtualCreate = ['k','x'];
 
-	   for (var i=0;i<this.aclRights.length;i++)
-	   {
-		   var rightsWidget = this.et2.getWidgetById(rowId+'[acl_' + this.aclRights[i]+ ']');
-		   if (rightsWidget.get_value() == "true")
-			   rights += this.aclRights[i];
+		for (var i=0;i<this.aclRights.length;i++)
+		{
+			var rightsWidget = this.et2.getWidgetById(rowId+'[acl_' + this.aclRights[i]+ ']');
+			if (selectedBox == rowId+'[acl_c]' && virtualCreate.indexOf(this.aclRights[i])>-1)
+			{
+				rightsWidget.set_value(false);
+				rightsWidget.set_readonly(widget.get_value() == "true" ? true:false);
+			}
+			if (selectedBox == rowId+'[acl_d]' && virtualDelete.indexOf(this.aclRights[i])>-1)
+			{
+				rightsWidget.set_value(false);
+				rightsWidget.set_readonly(widget.get_value() == "true" ? true:false);
+			}
+			if (rightsWidget.get_value() == "true")
+				rights += this.aclRights[i];
+		}
 
-	   }
-
-	   for (var i=0;i<this.aclCommonRights.length;i++)
-	   {
-		   if (rights.split("").sort().toString() == this.aclCommonRights[i].split("").sort().toString())
-			   rights = this.aclCommonRights[i];
-	   }
-	   if (jQuery.inArray(rights,this.aclCommonRights ) == -1 && rights !='lrswipcda')
-	   {
-		   aclCommonWidget.set_value('custom');
-	   }
-	   else if (rights =='lrswipcda')
-	   {
-           aclCommonWidget.set_value('aeiklprstwx');
-	   }
-	   else
-	   {
-		   aclCommonWidget.set_value(rights);
-	   }
+		for (var i=0;i<this.aclCommonRights.length;i++)
+		{
+			if (rights.split("").sort().toString() == this.aclCommonRights[i].split("").sort().toString())
+				rights = this.aclCommonRights[i];
+		}
+		if (jQuery.inArray(rights,this.aclCommonRights ) == -1 && rights !='lrswipcda')
+		{
+			aclCommonWidget.set_value('custom');
+		}
+		else if (rights =='lrswipcda')
+		{
+			aclCommonWidget.set_value('aeiklprstwx');
+		}
+		else
+		{
+			aclCommonWidget.set_value(rights);
+		}
 	},
 
 	/**
diff --git a/mail/templates/default/acl.xet b/mail/templates/default/acl.xet
index 601c4d5a02..a5e9ff4b22 100755
--- a/mail/templates/default/acl.xet
+++ b/mail/templates/default/acl.xet
@@ -33,21 +33,29 @@
 							<column/>
 							<column/>
 							<column/>
+							<column/>
+							<column/>
+							<column/>
+							<column/>
 						</columns>
 						<rows>
 							<row class="th">
 								<description value="Name"/>
 								<description value="Common ACL"/>
-								<description align="center" value="L"/>
-								<description align="center" value="R"/>
-								<description align="center" value="S"/>
-								<description align="center" value="W"/>
-								<description align="center" value="I"/>
-								<description align="center" value="P"/>
-								<description align="center" value="C"/>
-								<description align="center" value="D"/>
-								<description align="center" value="A"/>
-								<description align="center" value="Recursively"/>
+								<description align="center" statustext="Lookup (mailbox is visible to LIST/LSUB commands, SUBSCRIBE mailbox)" value="L"/>
+								<description align="center" statustext="Read (SELECT the mailbox, perform STATUS)" value="R"/>
+								<description align="center" statustext="Keep seen/unseen information across sessions (set or clear \SEEN flag via STORE, also set \SEEN during APPEND/COPY/ FETCH BODY[...])" value="S"/>
+								<description align="center" statustext="Write (set or clear flags other than \SEEN and \DELETED via STORE, also set them during APPEND/COPY)" value="W"/>
+								<description align="center" statustext="Insert (perform APPEND, COPY into mailbox)" value="I"/>
+								<description align="center" statustext="Post (send mail to submission address for mailbox, not enforced by IMAP4 itself)" value="P"/>
+								<description align="center" statustext="Obsolet create right, combination rights of K and X" value="C"/>
+								<description align="center" statustext="Obsolete delete right, combination rights of E, T and X" value="D"/>
+								<description align="center" statustext="Create mailboxes (CREATE new sub-mailboxes in any implementation-defined hierarchy, parent mailbox for the new mailb" value="K"/>
+								<description align="center" statustext="Delete mailbox (DELETE mailbox, old mailbox name in RENAME)" value="X"/>
+								<description align="center" statustext="Delete messages (set or clear \DELETED flag via STORE, set \DELETED flag during APPEND/COPY)" value="T"/>
+								<description align="center" statustext="Perform EXPUNGE and expunge as a part of CLOSE" value="E"/>
+								<description align="center" statustext="Administer (perform SETACL/DELETEACL/GETACL/LISTRIGHTS)" value="A"/>
+								<description align="center" statustext="Apply rights recursively to sub-folders" value="Recursively"/>
 								<description value="Action"/>
 							</row>
 							<row class="row">
@@ -63,6 +71,10 @@
 								<checkbox align="center" id="${row}[acl_p]" onchange="app.mail.acl_common_rights"/>
 								<checkbox align="center" id="${row}[acl_c]" onchange="app.mail.acl_common_rights"/>
 								<checkbox align="center" id="${row}[acl_d]" onchange="app.mail.acl_common_rights"/>
+								<checkbox align="center" id="${row}[acl_k]" onchange="app.mail.acl_common_rights"/>
+								<checkbox align="center" id="${row}[acl_x]" onchange="app.mail.acl_common_rights"/>
+								<checkbox align="center" id="${row}[acl_t]" onchange="app.mail.acl_common_rights"/>
+								<checkbox align="center" id="${row}[acl_e]" onchange="app.mail.acl_common_rights"/>
 								<checkbox align="center" id="${row}[acl_a]" onchange="app.mail.acl_common_rights"/>
 								<checkbox align="center" id="${row}[acl_recursive]"/>
 								<hbox orient=",0,0">