Class Permissions.

Inherits EventHandler

This class provides RFC 2086 access control lists.

It can evaluate its list and provide the list of rights available for any given user.

The rights are based on RFC 2086, its updated internet-draft and the ANNOTATE draft. The rights are:

Lookup ("l"): Mailbox is visible to LIST/LSUB commands, SUBSCRIBE mailbox. This is always granted to everyone, for the moment.

Read ("r"): SELECT the mailbox, perform STATUS.

KeepSeen ("s"): Keep seen/unseen information across sessions (set or clear "\SEEN" flag via STORE, also set "\SEEN" during APPEND/COPY/FETCH BODY[...]).

Write ("w"): Set or clear flags other than "\SEEN" and "\DELETED" via STORE, also set them during APPEND/COPY).

Insert ("i"): Perform APPEND, COPY into mailbox.

Post ("p"): Send mail to submission address for mailbox, not enforced by IMAP4 itself.

CreateMailboxes ("k"): CREATE new sub-mailboxes, or RENAME to a sub-mailbox of this mailbox.

DeleteMailbox ("x"): DELETE mailbox, RENAME mailbox to something else.

DeleteMessages ("t"): Set or clear "\DELETED" flag via STORE, set "\DELETED" flag during APPEND/COPY.

Expunge ("e"): Perform EXPUNGE, and expunge as a part of CLOSE.

Admin ("a"): Administer (perform SETACL/DELETEACL/GETACL). This is always granted to the owner of a mailbox, and may be granted to others.

WriteSharedAnnotation ("n"): Write a shared annotation. This is always granted to the mailbox owner, and may be granted to others.

For the moment, this class cannot modify the database. It can only verify that a user has a given right, and will notify an event handler when it's ready() to say whether the access is allowed() or not.

Permissions::Permissions( Mailbox * mailbox, User * user, EventHandler * handler )

Constructs an Permissions object for mailbox and user, and calls execute() to calculate permissions, issuing queries if necessary. If any queries are needed, handler will be notified when the object is ready().

Permissions::Permissions( Mailbox * mailbox, const UString & authid, const EString & rights )

Constructs a Permissions object for mailbox and authid with the specified rights.

static EString Permissions::all()

Returns a string containing all available rights characters.

void Permissions::allow( const EString & rights )

This function adds the specified rights to this object. Any unrecognised right characters are ignored.

bool Permissions::allowed( Right r )

Returns true only if the user has the r Right. This function is meaningful only when the object is ready().

static EString Permissions::describe( char c )

Returns a human-readable name for the rights character c, or an empty string if the character does not correspond to a validRight() or the virtual 'c' and 'd' rights.

void Permissions::disallow( const EString & rights )

This function removes the specified rights from this object. Any unrecognised right characters are ignored.

void Permissions::execute()

This function processes ACL results from the database and calculates the applicable permissions.

Reimplements EventHandler::execute().

Mailbox * Permissions::mailbox() const

Returns a pointer to the mailbox for which this object remembers rights.

bool Permissions::ready()

Returns true if the ACL object is ready to answer the question using allowed(), and false the object is still fetching data.

static char Permissions::rightChar( Permissions::Right right )

This static helper returns the RFC 2086 name for right.

void Permissions::set( const EString & rights )

Sets this object's permitted rights to rights, and removes all other rights.

EString Permissions::string() const

Returns a string representation of this ACL entry, suitable for use in a MYRIGHTS response.

(This is subject to change.)

User * Permissions::user() const

Returns a pointer to the user for which this object remembers rights.

static bool Permissions::validRight( char c )

Returns true only if c represents a valid right.

static bool Permissions::validRights( const EString & s )

Returns true only if s represents a valid set of rights.

This web page based on source code belonging to The Archiveopteryx Developers. All rights reserved.