IMAP, EWS, OWA: Allow others to access my mail folders #404

[NeilRashbrook]

Although #404 claimed that UX mockups exist it doesn't actually help because I don't know where they are, so I wrote some basic UI.

• When viewing an EWS account, it shows you the Exchange Delegation feature where you can assign delegates for your email, contatcs and calendar. You also get to assign basic permissions to your delegates. I can't remember whether this allows them to send mail as or on behalf of you or not.
• When viewing an EWS folder, it shows you the Exchange permissions for that folder. It uses the easy permissions model, so you get to choose from 9 permission levels rather than 288 possible permission combinations.
• When viewing an EWS calendar, it shows you the Exchange permissions for that calendar, again using the easy permissions model, although now there are 11 permission levels to choose from.

Permissions are entered using the autocomplete UI. You can add users using their email address and click on a user to edit their permissions. In the case of delegated users, each user is edited and saved separately using a button inside the popup, while in the case of folder and calendar permissions, these are all saved in one go using a separate button.

So that the easy permission UI can be slightly more easily understood, some of their effective permissions are shown as a group of checkboxes, but these are display only.

[NeilRashbrook]

Now with OWA support for folder and calendar permissions (OWA doesn't seem to support delegates).

[NeilRashbrook]

Now with support for addressbook permissions. Unfortunately due to a typo on my part I've had to work around a bug in #780...

[benbucksch]

Although #404 claimed that UX mockups exist it doesn't actually help because I don't know where they are

Sorry:
https://parula.cloud.xwiki.com/xwiki/bin/view/Main/Settings/Calendar/Share/

But the UI doesn't have to be perfect, I can fix it later.

[benbucksch]

• Please priotize protocol (e.g. OWA, ActiveSync) implementations over settings UI changes (despite my review comments)

[benbucksch]

Could you please explain why you change this? It removes the Availability display.

[NeilRashbrook]

You're right, this doesn't belong in this PR; I was just putting in {person.emailAddress} everywhere, since it really frustrates me to see 10 contacts named "Ben" without knowing which one is the email address I want.

As it happens, <PersonAvailability> is just a stub. Instead Availability is shown further down using <AvailabilityGrid>.

[benbucksch]

it really frustrates me to see 10 contacts named "Ben" without knowing which one is the email address I want.

Yes, I discussed that with @elenaux and we plan to add the email address to the results.

[benbucksch]

Please make these Autocomplete event handlers changes a separate PR with its own justification.

[NeilRashbrook]

Indeed, I think this is a better solution for #826, so I'll switch that PR over to this method. (But it would need to land before I could rebase the changes away.)

[benbucksch]

UI should be independent of Exchange. We need the same feature and UI in JMAP and even in IMAP accounts. IMAP supports this, and we have a specific request to implement that for Dovecot.

[NeilRashbrook]

Actually this section is for account permissions i.e. who has access to your Exchange Calendar "account" or Addressbook "account". The folder permissions are inapp/frontend/Settings/Mail/Account/ but I'd have to look at how folder permissions work in IMAP and JMAP to see whether I could unify the UI at all.

[NeilRashbrook]

IMAP rights work differently to Exchange folder permissions, so I can't really unify them. (They work more like Exchange delegate permissions, in that for instance the "Remove" action is immediate.) I tried to find out how JMAP mailbox permissions work, but I failed.

[NeilRashbrook]

I have written some shaky IMAP code to handle folder permissions.

• If the connection doesn't provide the ACL capability, getPermissions just returns undefined, and so the permissions block is never created in the UI.
• ImapFlow doesn't directly support ACLs, so I have used conn.exec to fake it out. This probably works for SETACL and DELETEACL but GETACL need extra work because of the untagged response, and I have no idea whether I have specified the option correctly.
• I should really UTF-7 escape the folder path like the ImapFlow library does (conn.exec assumes you've done this already). I don't know whether this can be done in the front end.
• I have written the UI along the same lines as all of the other UI that I have added. Because it lives inside a <grid>, I don't even know whether it even can be split up into a separate file.
• The code compiles but is otherwise completely untested.

[benbucksch]

UI screenshots, as-is:

Calendar, in Settings | Calendar | | Main:

Addressbook:

[NeilRashbrook]

You asked how folder permissions compare between IMAP and Exchange.

IMAP

You either change the permissions as you go, or you calculate the changes between the original permissions and the permissions you want although this may require multiple commands. The following permissions are available:

• a Set permissions on the folder
• e Permanently delete messages from the folder
• i Create or copy messages into the folder
• k Create subfolders
• l See the folder
• r List messages
• s Mark messages as (un)read
• t Mark messages as IMAP deleted
• w Flag messages
• x Delete the folder

Exchange

You just set the final permissions for all permitted users in one go, overwriting all previous permission settings for that folder. (But I guess you could do that at every change the user makes instead of having a "Save Permissions" button.) I used the simple permissions model, but extended permissions are also available:

• CanCreateItems: boolean
• CanCreateSubfolders: boolean
• DeleteItems: "None" | "Owned" | "All"
• EditItems: "None" | "Owned" | "All"
• IsFolderOwner: boolean (I don't know what this does, if anything)
• IsFolderVisible: boolean
• IsFolderContact: boolean (I'm not sure what this does either)
• ReadItems: "None" | "FullDetails" (for Calendars, this can also be "TimeOnly" or "TimeAndSubjectAndLocation")

There is a table that maps the simple permissions to extended permissions:

Permission level	Can create items	Can create subfolders	Is folder owner	Is folder visible	Is folder contact	Edit items	Delete items	Read items
None	False	False	False	False	False	None	None	None
Owner	True	True	True	True	True	All	All	FullDetails
PublishingEditor	True	True	False	True	False	All	All	FullDetails
Editor	True	False	False	True	False	All	All	FullDetails
PublishingAuthor	True	True	False	True	False	Owned	Owned	FullDetails
Author	True	False	False	True	False	Owned	Owned	FullDetails
NoneditingAuthor	True	False	False	True	False	None	Owned	FullDetails
Reviewer	False	False	False	True	False	None	None	FullDetails
Contributor	True	False	False	True	False	None	None	None

(for Calendars, you can also have FreeBusyTimeOnly and FreeBusyTimeAndSubjectAndLocation which work like Reviewer but at a lower ReadItems permission)

[benbucksch]

@NeilRashbrook Now that #826 landed, this now conflicts. Could you please resolve them? Shouldn't be difficult for you: Just a few lines, and you know what you intended here.

[benbucksch]

sanitize() everything

[benbucksch]

An IMAPPermission should have a person, not be a person.

Suggested change

	export class IMAPPermission extends PersonUID {
	export class IMAPPermission {
	for: PersonUID;

[NeilRashbrook]

Well, we'll see what what your final UI does, but for now, I'm using PersonsAutocomplete to hold the permitted users, and that needs the permissions to derive from, not aggregate, PersonUID.

[benbucksch]

left: is missing, right?

[benbucksch]

See IMAP: for: PersonUID. It is not a Person.

Suggested change

	export class ExchangePermission extends PersonUID {
	export class ExchangePermission {
	for: PersonUID;

[benbucksch]

We need to find a way to unify that with IMAPPermissions

[benbucksch]

We need to find a way to unify that with ExchangePermissions

[NeilRashbrook]

Now updated to present six of the Exchange folder permissions for individual editing.

[benbucksch]

OWA code in EWS?

The general direction is a generic API for permissions that works across all protocols.

[NeilRashbrook]

I've just noticed that my UI has a bug - it will try to display delegates of delegated accounts, which doesn't work.

[NeilRashbrook]

More bugs in my UI:

• Removing IMAP users doesn't update the folder UI
• Too much copy and paste in my IMAP permissions UI - right hand checkboxes are bound to the wrong properties

[NeilRashbrook]

• kolabnow: ACL, read works, write fails silently
• fastmail: ACL, read works, write fails*
• xmox: no ACL support

*UI doesn't report errors reporting setting IMAP permissions, also connection becomes unusable if an error occurs, but I don't know why

[benbucksch]

Thanks, Neil, for your work on this.

FWIW, the individual permissions should reflect the protocol level as closely as possible, after abstracting the different protocols. The options in the UI for the individual permissions were incomplete. It should have "create subfolder", "rename folder" etc.

Just please unify them between Exchange, IMAP and JMAP, as we discussed, so that the individual flags work across the protocols. We don't need to reflect admin nor owner access levels. And for Exchange, we accept that "edit flags" also means "can rewrite message content" and just document that in the JSDoc (and I'll add something to the UI later).