Allow logging in as a Resource into SOGo, to change the resources ACLs

[andi0b]

Summary

In the Admin UI you can create resources for SOGo (calendar bookable rooms, cars, bikes, ...). This works well, but there is not a lot of configuration possible. Quite common would be to set a Calendar ACL for the resource, to make it only visible to some users, or to make it visible to the public.

It should be possible to log in into the resource in SOGo, and just edit it with the already existing ACL editor there. This is also recommended by some SOGo tutorials.

This could work by providing a "Log in into webmail" button next to the resource in the Admin UI (like there is for user accounts). Or by giving the possibility to set a password for a resource and just log in with that.

Motivation

I wanted to create a resource and provide it's booking status to the public (for an Info display). Or restrict it to some accounts (machine accounts for info display).

Currently editing the resources ACL is just possible if you connect to the SOGo container as user sogo and use the sogo-tool CLI application. Which is quite cumbersome to use.

That's how I was able to use sogo-tool (and I can always come back to this ticket if I ever need it again 😄):

# exec into the sogo container as user sogo, you should end up in a shell with a prompt like this:
# sogo@1111222aaabbb:/$
docker exec -it -u sogo mailcowdockerized-sogo-mailcow-1 bash

# get the current ACL for public access, 
# NOTE: casing of the resource is also important, if I use here "[email protected]" it doesn't work, 
# because I created it as "[email protected]"
sogo-tool manage-acl get [email protected] Calendar/personal 'anonymous'

# allow public viewing
sogo-tool manage-acl add [email protected] Calendar/personal anonymous '["PublicViewer"]'

Additional context

http://wiki.sogo.nu/ResourceConfiguration