I've brought this up several times before, but I'd like to offer it
again. I think that the current ACL permission of CREATE for being able
to delete folders is better than the old right of DELETE, but I think
that it's still wrong.
Let me propose an example. Say that there is a shared folder called
``share''. Many people access this folder. In addition, many people
have the right to create subfolders in it. In order to create
subfolders, they must be given the right CREATE. This gives them the
ability to create those folders and to delete them, as the new acls
follow from the parent. However, under the current scheme, this also
gives them the ability to delete ``share'' itself. That doesn't seem
right.
I think that the totally correct way to do it would be to test if the
user has CREATE permissions on the folder's parent, but that would cause
some problems, like an annoying implementation and also the fact that
there's no ``root'' folder that all other folders are descended from to
check for first-level folders being deleted.
I think that a better way would be to check for ADMIN rights. ADMIN,
IMHO, implies ownership of a folder, as it provides no rights other than
the ability to change permissions. And it makes sense for that to imply
the right to delete the folder. The only drawback to this scheme is
that then people would be able to create subfolders that they would not
be able to delete. That would require the intervention of an admin to
give them ADMIN rights on that folder (or to just delete it for them).
I think that that's would be less time consuming, if somewhat more
frequent, than the necessity to restore folders from tape because some
luser accidentally deleted a shared folder. That has happened to me any
number of times in the past.
Also note that users automatically have ADMIN rights on their own
folders (backing up my ADMIN rights==owner theory), so there would be no
issue there.
Anyway, what do you think? The patch for my (second) fix is two lines
changed in mboxlist.c, and that's it.
-Bitt
