import sys

sys.path.append('..')

import pykolab

conf = pykolab.getConf()
conf.debuglevel = 9
conf.read_config("../conf/kolab-shc.conf")

imap = pykolab.imap

imap.connect()

# List the shared and user folders
shared_folders = imap.lm("shared/*@mydomain.com")
user_folders = imap.lm("user/*@mydomain.com")

# Placeholder for valid ACL entries
valid_acls = {
        # These are special keywords used in ACLs
        'anyone': True
    }

# Loop through the user folders found, ...
for user_folder in user_folders:

    # ... and distill the user@domain ACL qualifier.
    folder_parts = imap.parse_mailbox(user_folder)
    if folder_parts['domain']:
        valid_acl = "%s@%s" %(folder_parts['path_parts'][1],folder_parts['domain'])
    else:
        valid_acl = "%s" %(folder_parts['path_parts'])

    # 'valid_acl' now contains the fully qualified user identifier (i.e.
    # user@domain.tld), which may be used in the ACL entries on the other
    # folders. Store the valid ACL entry.
    if not valid_acls.has_key(valid_acl):
        valid_acls[valid_acl] = True

# For all folders (shared and user), ...
folders = user_folders + shared_folders

print "Iterating over %d folders" %(len(folders))

# ... loop through them and ...
for folder in folders:
    # ... list the ACL entries
    acls = imap.lam(folder)

    # For each ACL entry, see if we think it is a current, valid entry
    for acl_entry in acls.keys():

        # If the key 'acl_entry' does not exist in the dictionary of valid
        # ACL entries, this ACL entry has got to go.
        if not valid_acls.has_key(acl_entry):
            # Set the ACL to '' (effectively deleting the ACL entry)
            imap.sam(folder, acl_entry, '')