[DockerApi] Fix IMAP ACL migration issue when renaming mailbox

2025-01-02 03:38:23 +02:00 · 2024-10-31 11:00:03 +01:00 · 2024-10-31 11:00:03 +01:00 · d8c8e4ab1b
commit d8c8e4ab1b
parent 2d76ffc88c
2 changed files with 34 additions and 18 deletions
--- a/data/Dockerfiles/dockerapi/modules/DockerApi.py
+++ b/data/Dockerfiles/dockerapi/modules/DockerApi.py
@ -429,24 +429,38 @@ class DockerApi:
      formatted_acls = []
      mailbox_seen = []
      for shared_folder in shared_folders:
-        if "Shared" not in shared_folder and "/" not in shared_folder:
-          continue
-        shared_folder = shared_folder.split("/")
-        if len(shared_folder) < 3:
-          continue
+        if "Shared" not in shared_folder:
+          mailbox = shared_folder.replace("'", "'\\''")
+          if mailbox in mailbox_seen:
+            continue

-        user = shared_folder[1].replace("'", "'\\''")
-        mailbox = '/'.join(shared_folder[2:]).replace("'", "'\\''")
-        if mailbox in mailbox_seen:
-          continue
+          acls = container.exec_run(["/bin/bash", "-c", f"doveadm acl get -u '{id}' '{mailbox}'"])
+          acls = acls.output.decode('utf-8').strip().splitlines()
+          if len(acls) >= 2:
+            for acl in acls[1:]:
+              user_id, rights = acl.split(maxsplit=1)
+              user_id = user_id.split('=')[1]
+              mailbox_seen.append(mailbox)
+              formatted_acls.append({ 'user': id, 'id': user_id, 'mailbox': mailbox, 'rights': rights.split() })
+        elif "Shared" in shared_folder and "/" in shared_folder:
+          shared_folder = shared_folder.split("/")
+          if len(shared_folder) < 3:
+            continue

-        acls = container.exec_run(["/bin/bash", "-c", f"doveadm acl get -u '{user}' '{mailbox}'"])
-        acls = acls.output.decode('utf-8').strip().splitlines()
-        if len(acls) >= 2:
-          for acl in acls[1:]:
-            _, rights = acls[1].split(maxsplit=1)
-            mailbox_seen.append(mailbox)
-            formatted_acls.append({ 'user': user, 'id': id, 'mailbox': mailbox, 'rights': rights.split() })
+          user = shared_folder[1].replace("'", "'\\''")
+          mailbox = '/'.join(shared_folder[2:]).replace("'", "'\\''")
+          if mailbox in mailbox_seen:
+            continue
+
+          acls = container.exec_run(["/bin/bash", "-c", f"doveadm acl get -u '{user}' '{mailbox}'"])
+          acls = acls.output.decode('utf-8').strip().splitlines()
+          if len(acls) >= 2:
+            for acl in acls[1:]:
+              user_id, rights = acl.split(maxsplit=1)
+              user_id = user_id.split('=')[1].replace("'", "'\\''")
+              if user_id == id and mailbox not in mailbox_seen:
+                mailbox_seen.append(mailbox)
+                formatted_acls.append({ 'user': user, 'id': id, 'mailbox': mailbox, 'rights': rights.split() })

      return Response(content=json.dumps(formatted_acls, indent=4), media_type="application/json")
  # api call: container_post - post_action: exec - cmd: doveadm - task: delete_acl
--- a/data/web/inc/functions.mailbox.inc.php
+++ b/data/web/inc/functions.mailbox.inc.php
@ -3364,12 +3364,14 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {

          // set imap acls
          foreach ($imap_acls as $imap_acl) {
+            $user_id = ($imap_acl['id'] == $old_username) ? $new_username : $imap_acl['id'];
+            $user = ($imap_acl['user'] == $old_username) ? $new_username : $imap_acl['user'];
            $exec_fields = array(
              'cmd' => 'doveadm',
              'task' => 'set_acl',
-              'user' => $imap_acl['user'],
+              'user' => $user,
              'mailbox' => $imap_acl['mailbox'],
-              'id' => $new_username,
+              'id' => $user_id,
              'rights' => $imap_acl['rights']
            );
            docker('post', 'dovecot-mailcow', 'exec', $exec_fields);