From c53519bf27504ea0b82398d64dceaf5c64aa8659 Mon Sep 17 00:00:00 2001
From: alec <alec@208e9e7b-5314-0410-a742-e7e81cd9613c>
Date: Mon, 16 May 2011 08:04:06 +0000
Subject: - Remove acl_username_realm option, use realm auto-detection

git-svn-id: https://svn.roundcube.net/trunk@4773 208e9e7b-5314-0410-a742-e7e81cd9613c
---
 plugins/acl/acl.php             | 41 +++++++++++++++++++++++++++++++++++++++--
 plugins/acl/config.inc.php.dist |  5 -----
 2 files changed, 39 insertions(+), 7 deletions(-)

diff --git a/plugins/acl/acl.php b/plugins/acl/acl.php
index 20168da88..450af49ea 100644
--- a/plugins/acl/acl.php
+++ b/plugins/acl/acl.php
@@ -1,7 +1,7 @@
 <?php
 
 /**
- * Folders Access Control Lists Management
+ * Folders Access Control Lists Management (RFC4314, RFC2086)
  *
  * @version 0.1
  * @author Aleksander Machniak <alec@alec.pl>
@@ -312,7 +312,7 @@ class acl extends rcube_plugin
 
         $acl = array_intersect(str_split($acl), $this->rights_supported());
 
-        if (!strpos($user, '@') && ($realm = $this->rc->config->get('acl_username_realm'))) {
+        if (!strpos($user, '@') && ($realm = $this->get_realm())) {
             $user .= '@' . rcube_idn_to_ascii(preg_replace('/^@/', '', $realm));
         }
 
@@ -455,4 +455,41 @@ class acl extends rcube_plugin
 
         return $this->supported = str_split('lrswi' . $rights . 'pa');
     }
+
+    /**
+     * Username realm detection.
+     *
+     * @return string Username realm (domain)
+     */
+    private function get_realm()
+    {
+        // When user enters a username without domain part, realm
+        // alows to add it to the username (and display correct username in the table)
+
+        if (isset($_SESSION['acl_username_realm'])) {
+            return $_SESSION['acl_username_realm'];
+        }
+
+        // find realm in username of logged user (?)
+        list($name, $domain) = explode('@', $_SESSION['username']);
+
+        // Use (always existent) ACL entry on the INBOX for the user to determine
+        // whether or not the user ID in ACL entries need to be qualified and how
+        // they would need to be qualified.
+        if (empty($domain)) {
+            $acl = $this->rc->imap->get_acl('INBOX');
+            if (is_array($acl)) {
+                $regexp = '/^' . preg_quote($_SESSION['username'], '/') . '@(.*)$/';
+                $regexp = '/^' . preg_quote('aleksander.machniak', '/') . '@(.*)$/';
+                foreach (array_keys($acl) as $name) {
+                    if (preg_match($regexp, $name, $matches)) {
+                        $domain = $matches[1];
+                        break;
+                    }
+                }
+            }
+        }
+
+        return $_SESSION['acl_username_realm'] = $domain;
+    }
 }
diff --git a/plugins/acl/config.inc.php.dist b/plugins/acl/config.inc.php.dist
index 6cb3093f3..4ced35861 100644
--- a/plugins/acl/config.inc.php.dist
+++ b/plugins/acl/config.inc.php.dist
@@ -5,9 +5,4 @@
 // In simple mode access rights are grouped into four groups: read, write, delete, full 
 $rcmail_config['acl_advanced_mode'] = false;
 
-// Username realm
-// When user enters a username without domain part, realm
-// alows to add it to the username (and display correct username in the table)
-$rcmail_config['acl_username_realm'] = '';
-
 ?>
-- 
cgit v1.2.3