By expanding roles from the given ACL to have these values as flags
inside the OpenChange library. This only applies to Calendar and
Tasks folders which stored four different access rights to three
different types of events/tasks.
As the events and tasks are stored in the same table, I have added
two new classes to manage permissions in the same way and this
avoids the code duplication called MAPIStoreCalTask(Folder|Message).
Instead of treating all the message either as alternative or mixed with
this changeset the MIME type of the parent part is used.
This allows a correct disposition of the message in the cases when
nested multiparts elements are used.
Also in mixed parts we convert between plain text and HTML as needed.
If we have multiple parts with different encodings we recode
all HTML parts to UTF-8 and we use it as message charset.
This is neccesary because Outlook assummessa single charset
for all the message.
Also we convert the end of line in text/plain to <br/> tag
when showing them as HTML in multipart/mixed parts.
It was using MAPIStoreDBFolder class instead of specialised version
MAPIStoreNotesFolder and thus the shared subfolders where set to create
messages as normal messages instead of notes.
By storing these custom MAPI roles in the ACL. Take into account that
a task folder is shared with a calendar folder with the same name, therefore
permissions are shared and overwritten from different Outlook sections.
The extension 'X-SOGO-COMPONENT-CREATED-BY' is used to store the task
creator in both Outlook and SOGo Webmail.
The PidLidTaskOwner is not yet properly managed and we are always returning
the folder owner but to effects of sharing that extension is used by now
which matches a little more with what the user expects until we fix
the task ownership defined in [MS-OXOTASK].
By storing these custom MAPI roles in the ACL.
An extension field called 'X-OPENCHANGE-CREATOR' is created in the vcard
to validate the creator/owner of the contact in the shared folder.
By storing these custom MAPI roles in the ACL.
The extension field 'X-SOGO-COMPONENT-CREATED-BY' is used to store the
event creator when it is done from Outlook. It is the same field SOGo
uses when an event is created from a shared folder in the webmail.
The creator and the organizer/owner of the event can be different and it can
be used from external sources by checking the organizer field. This matches
the specification from [MS-OXOCAL] Section 1.1 which defines the organizer
as the owner or creator of the event.
And returning back PidTagCreatorName.
This is done by checking the owner of the resource if the given
permission is restricted to edit/delete own items.
This requires a52bc3b to work in calendar folders as it requires to store and retrieve
the MAPI custom permissions in the ACL.
This is a security issue that allowed a user to read the number
of messages and its subjects when it does not have any permission to read.
Now the user cannot see other's folder without asking for me to the owner.
Instead of asking general container. This gives the possibility to
perform the deletion depending on the data from the message, for instance,
the user creator.
As specified by [MS-OXCPERM] Section 3.2.5.2, the ModifyPermissions ROP
is only possible to users which have this right.
After this changeset, we check the active user can modify permission
list. This is a security fix.
Instead of using the connected active user.
Although this provides no changes in the result, it could be depending
on changes from the backend so it'd better have it accurated to what
the OpenChange DB API offers.
Instead of using connected active user because the fmids are related
to the root folder (context) owner. This avoids returning back incorrect
identifiers which mostly collide with already associated URLs.
This specifies a little the scope of the variable to make it
more realistic with the actual values it may have. We do have
a static typed compiled language, why don't we use it?
In RTF is possible to specify characters with the sequence \'XX being
XX an hexadecimal number.
With this changeset we guard against incorrect hexadecimal numbers which
will be ignored.
The other change added is to ignore carriadge returns in plain text.
In _getElement which match many properties and in both
PidLidAddressBookProviderEmailList and PidLidAddressBookProviderArrayType.
As it is specified in [MS-OXOCNTC] Section 2.2.1, each property
must be stored when the user needs it. So we can assume we can avoid
returning them if we don't have it.
This fix a Sync Issue which make it impossible to sync a contact
folder where some contact object does not any email. The sync issue
message is as follows:
Error synchronizing folder
[80070057-30FFFFFF-0-560]
By setting `SoIMAP4ExceptionsEnabled` config key to YES
Enabled for OpenChange by default, it will ensure no action is taken
when IMAP connection is not valid.
By restricting when FolderVisible right is set to the following rights:
* ReadAny
* EditAny
* DeleteAny
This goes beyond what specs says about when FolderVisible right is
mandatory but there is no more information stored in SOGo
(no possibility to set FolderVisible specific right)
See [MS-OXCPERM] Section 2.2.6 for more details
When Outlook sets the editor role, the FreeBusyDetailed and FreeBusySimple
right flags are set as Full Details are available.
When we store this information in SOGo, the SOGoCalendarRole_PublicModifier,
SOGoCalendarRole_PrivateModifier and SOGoCalendarRole_ConfidentialModifier
are stored as well as the free busy related roles, but as
[SOGoAppointmentFolder aclsForUser:forObjectAtPath] only returns the highest
access rights, we have to set as well the FreeBusy flags.
More details on [MS-OXCPERM] Section 2.2.6
If the event was created by the MAPI client, the client's time zone (if
present) is assigned to the event's calendar in iCalEvent+MAPIStore.
This way, we can use it to deliver the event's properties correctly.
According to [MS-OXCPERM] Section 2.2.7 in PidTagMemberRights possible
values, once we set the DeleteAny flag, the DeleteOwned flag must be set.
Likewise EditOwned must be set when EditAny is set. In this way,
the rights sent by the MAPI client are equal to the returned by the
server when Editor is set.
In real world practice, makes more strict Outlook 2013 work with editor permissions
the sharing of user's defined calendars, tasks or contacts folders as
the recipients can be editors of that folder.
All-day and recurrent events have a binary property that describes the
time zone they take place in. We were using the user's time zone in
the webmail, but it may not be equal to the one in the client. This
difference eventually leads to time shifts in events.
This change adapts the bias fields in the TimeZoneStruct and TZRule
structures to the changes in openchange that allow this offsets to be
negative (zentyal/openchange bba372faea29d942b9471e6bed90bf425dc4b231)
The method computes the date of a SYSTEMTIME structure, in which the day
within the month is given by the Nth occurrence of a weekday (see
[MS-OXOCAL] 2.2.1.39).
For example, if the SMTP is down, then the message is not sent and
an error is returned. We returned back this error code to be managed
by upper layer.