From 8b1341528e8028d5569240f60e7a0521388b22a3 Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem.moulin@fripost.org>
Date: Mon, 28 Jan 2013 02:30:30 +0100
Subject: List commands are now created by the user him/herself.

---
 ldap/acl.ldif | 50 +++++++++++++++++++++++++++++++-------------------
 1 file changed, 31 insertions(+), 19 deletions(-)

(limited to 'ldap/acl.ldif')

diff --git a/ldap/acl.ldif b/ldap/acl.ldif
index 7b19d5f..5cc0ef0 100644
--- a/ldap/acl.ldif
+++ b/ldap/acl.ldif
@@ -84,9 +84,9 @@ olcAccess: to dn.regex="^fvd=[^,]+,ou=virtual,o=mailHosting,dc=fripost,dc=dev$"
     by dnattr=fripostOwner =z break
     by * =0 break
 #
-# The list creation service can delete the 'pending' status on lists.
+# The list creation service can delete the 'pending' status on lists and list commands.
 olcAccess: to dn.regex="^fvl=[^,]+,fvd=[^,]+,ou=virtual,o=mailHosting,dc=fripost,dc=dev$"
-        filter=(&(objectClass=FripostVirtualList)(objectClass=FripostPendingEntry))
+        filter=(&(|(objectClass=FripostVirtualList)(objectClass=FripostVirtualListCommand))(objectClass=FripostPendingEntry))
         attrs=objectClass val=FripostPendingEntry
     by dn.exact="cn=CreateList,ou=services,o=mailHosting,dc=fripost,dc=dev" =z break
     by * +0 break
@@ -97,7 +97,7 @@ olcAccess: to dn.subtree="ou=virtual,o=mailHosting,dc=fripost,dc=dev"
     by * +rscd
 #
 # The pending token is not public, but domain owner and postmasters can check their and
-# delete it (upon success, but it's done on the library side).
+# delete it (if the token matches, but the check is done on the library side).
 olcAccess: to dn.regex="^fvd=[^,]+,ou=virtual,o=mailHosting,dc=fripost,dc=dev$"
         filter=(&(objectClass=FripostVirtualDomain)(objectClass=FripostPendingEntry))
         attrs=fripostPendingToken
@@ -105,9 +105,9 @@ olcAccess: to dn.regex="^fvd=[^,]+,ou=virtual,o=mailHosting,dc=fripost,dc=dev$"
     by dnattr=fripostOwner =zcd break
     by * +0 break
 #
-# The list creation service can delete the 'pending' status on lists.
+# The list creation service can delete the 'pending' status on lists and list commands.
 olcAccess: to dn.regex="^fvl=[^,]+,fvd=[^,]+,ou=virtual,o=mailHosting,dc=fripost,dc=dev$"
-        filter=(&(objectClass=FripostVirtualList)(objectClass=FripostPendingEntry))
+        filter=(&(|(objectClass=FripostVirtualList)(objectClass=FripostVirtualListCommand))(objectClass=FripostPendingEntry))
         attrs=fripostPendingToken
     by dn.exact="cn=CreateList,ou=services,o=mailHosting,dc=fripost,dc=dev" +z
     by * +0
@@ -119,14 +119,6 @@ olcAccess: to dn.children="ou=virtual,o=mailHosting,dc=fripost,dc=dev"
     by dn.exact="cn=DeletePendingEntries,ou=services,o=mailHosting,dc=fripost,dc=dev" =zrd break
     by * =0 break
 #
-# Only the list creation service may add list commands. (It seems unsafe since it can create
-# arbitrary commands, but as other services it run in safe environments only.)
-# (Listcommands are not concerned by the cleaning service.)
-olcAccess: to dn.regex="^fvl=[^,]+-[^,-]+,fvd=[^,]+,ou=virtual,o=mailHosting,dc=fripost,dc=dev$"
-        filter=(objectClass=FripostVirtualListCommand)
-        attrs=entry
-    by dn.exact="cn=CreateList,ou=services,o=mailHosting,dc=fripost,dc=dev" =a
-#
 # One can search search everywhere in the virtual tree.
 olcAccess: to dn.subtree="ou=virtual,o=mailHosting,dc=fripost,dc=dev"
         attrs=entry
@@ -149,7 +141,6 @@ olcAccess: to dn.one="ou=virtual,o=mailHosting,dc=fripost,dc=dev"
         filter=(&(objectClass=FripostVirtualDomain)(!(objectClass=FripostPendingEntry)))
         attrs=children
     by dn.children="ou=virtual,o=mailHosting,dc=fripost,dc=dev" =w
-    by dn.exact="cn=CreateList,ou=services,o=mailHosting,dc=fripost,dc=dev" =a
 #
 # The cleaning service needs to know when entries have been created.
 olcAccess: to dn.children="ou=virtual,o=mailHosting,dc=fripost,dc=dev"
@@ -159,6 +150,7 @@ olcAccess: to dn.children="ou=virtual,o=mailHosting,dc=fripost,dc=dev"
 #
 # Users can use these in filters (e.g., to list the entries they have created).
 olcAccess: to dn.children="ou=virtual,o=mailHosting,dc=fripost,dc=dev"
+        filter=(|(objectClass=FripostVirtualDomain)(objectClass=FripostVirtualUser)(objectClass=FripostVirtualAlias)(objectClass=FripostVirtualList))
         attrs=fripostOwner,fripostPostmaster,fripostCanAddAlias,fripostCanAddList
     by dn.children="ou=virtual,o=mailHosting,dc=fripost,dc=dev" =s break
 #
@@ -352,18 +344,38 @@ olcAccess: to dn.regex="^fvl=[^,]+,(fvd=[^,]+,ou=virtual,o=mailHosting,dc=fripos
     by group/FripostVirtualDomain/fripostOwner.expand="$1" =wrscd
     by group/FripostVirtualDomain/fripostPostmaster.expand="$1" =wrscd
 #
-# 1-3. People with "canAddList" access can create lists, but only with a
-# 'pending' status.
-# 4. The list creation service can search and browse the entry.
+# 1. The domain owner can create and delete lists, but only those with a 'pending' status
+# 2. So can the domain postmaster.
+# 3. The list owner can delete pending lists.
+# 4. The entry creator can delete pending lists (needed to be able to rollback).
+# 5. People with "canAddList" access can create lists, but only with a 'pending' status.
+# 6. The list creation service can search and browse the entry.
 olcAccess: to dn.regex="^fvl=[^,]+,(fvd=[^,]+,ou=virtual,o=mailHosting,dc=fripost,dc=dev)$"
         filter=(&(objectClass=FripostVirtualList)(objectClass=FripostPendingEntry))
         attrs=entry
-    by group/FripostVirtualDomain/fripostOwner.expand="$1" +a break
-    by group/FripostVirtualDomain/fripostPostmaster.expand="$1" +a break
+    by group/FripostVirtualDomain/fripostOwner.expand="$1" +w break
+    by group/FripostVirtualDomain/fripostPostmaster.expand="$1" +w break
+    by dnattr=fripostOwner +z continue
+    by dnattr=creatorsName +z continue
     by set.exact="this/-1/fripostCanAddList & (user | user/-1)" +a break
     by dn.exact="cn=CreateList,ou=services,o=mailHosting,dc=fripost,dc=dev" +rd
     by * +0 break
 #
+# 1. The domain owner can create and delete list commands, but only those with a 'pending' status
+# 2. So can the domain postmaster.
+# 3. The entry creator can delete pending list commands (needed to be able to rollback).
+# 4. People with "canAddList" access can create list commands, but only with a 'pending' status.
+# 5. The list creation service can search and browse the entry.
+olcAccess: to dn.regex="^fvl=[^,]+,(fvd=[^,]+,ou=virtual,o=mailHosting,dc=fripost,dc=dev)$"
+        filter=(&(objectClass=FripostVirtualListCommand)(objectClass=FripostPendingEntry))
+        attrs=entry
+    by group/FripostVirtualDomain/fripostOwner.expand="$1" +w
+    by group/FripostVirtualDomain/fripostPostmaster.expand="$1" +w
+    by dnattr=creatorsName +z continue
+    by set.exact="this/-1/fripostCanAddList & (user | user/-1)" +a
+    by dn.exact="cn=CreateList,ou=services,o=mailHosting,dc=fripost,dc=dev" +rd
+    by * +0
+#
 # 1. The list owners can read the entry.
 # 2. So can the domain's Owner.
 # 3. So can the domain's Postmaster.
-- 
cgit v1.2.3