[Web] Started work on ACL, fix notifications
This commit is contained in:
andryyy
@@ -18,7 +18,8 @@ function setLang(sel) {
|
||||
|
||||
$(document).ready(function() {
|
||||
function mailcow_alert_box(message, type) {
|
||||
$.notify({message: message},{type: type,placement: {from: "bottom",align: "right"},animate: {enter: 'animated fadeInUp',exit: 'animated fadeOutDown'}});
|
||||
msg = $('<span/>').html(message).text();
|
||||
$.notify({message: msg},{type: type,placement: {from: "bottom",align: "right"},animate: {enter: 'animated fadeInUp',exit: 'animated fadeOutDown'}});
|
||||
}
|
||||
<?php if (isset($_SESSION['return'])): ?>
|
||||
mailcow_alert_box("<?= $_SESSION['return']['msg']; ?>", "<?= $_SESSION['return']['type']; ?>");
|
||||
|
||||
@@ -218,6 +218,23 @@ function check_login($user, $pass) {
|
||||
}
|
||||
sleep($_SESSION['ldelay']);
|
||||
}
|
||||
function set_acl() {
|
||||
global $pdo;
|
||||
if (!isset($_SESSION['mailcow_cc_username'])) {
|
||||
return false;
|
||||
}
|
||||
$username = strtolower(trim($_SESSION['mailcow_cc_username']));
|
||||
$stmt = $pdo->prepare("SELECT * FROM `user_acl` WHERE `username` = :username");
|
||||
$stmt->execute(array(':username' => $username));
|
||||
$acl['acl'] = $stmt->fetch(PDO::FETCH_ASSOC);
|
||||
unset($acl['acl']['username']);
|
||||
if (!empty($acl)) {
|
||||
$_SESSION = array_merge($_SESSION, $acl);
|
||||
}
|
||||
else {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
function formatBytes($size, $precision = 2) {
|
||||
if(!is_numeric($size)) {
|
||||
return "0";
|
||||
|
||||
@@ -7,6 +7,13 @@ function mailbox($_action, $_type, $_data = null) {
|
||||
case 'add':
|
||||
switch ($_type) {
|
||||
case 'time_limited_alias':
|
||||
if (!isset($_SESSION['acl']['spam_alias']) || $_SESSION['acl']['spam_alias'] != "1" ) {
|
||||
$_SESSION['return'] = array(
|
||||
'type' => 'danger',
|
||||
'msg' => sprintf($lang['danger']['access_denied'])
|
||||
);
|
||||
return false;
|
||||
}
|
||||
if (isset($_data['username']) && filter_var($_data['username'], FILTER_VALIDATE_EMAIL)) {
|
||||
if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $_data['username'])) {
|
||||
$_SESSION['return'] = array(
|
||||
@@ -66,6 +73,13 @@ function mailbox($_action, $_type, $_data = null) {
|
||||
);
|
||||
break;
|
||||
case 'syncjob':
|
||||
if (!isset($_SESSION['acl']['syncjobs']) || $_SESSION['acl']['syncjobs'] != "1" ) {
|
||||
$_SESSION['return'] = array(
|
||||
'type' => 'danger',
|
||||
'msg' => sprintf($lang['danger']['access_denied'])
|
||||
);
|
||||
return false;
|
||||
}
|
||||
if (isset($_data['username']) && filter_var($_data['username'], FILTER_VALIDATE_EMAIL)) {
|
||||
if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $_data['username'])) {
|
||||
$_SESSION['return'] = array(
|
||||
@@ -743,6 +757,10 @@ function mailbox($_action, $_type, $_data = null) {
|
||||
':domain' => $domain,
|
||||
':active' => $active
|
||||
));
|
||||
$stmt = $pdo->prepare("INSERT INTO `user_acl` (`username`) VALUES (:username)");
|
||||
$stmt->execute(array(
|
||||
':username' => $username
|
||||
));
|
||||
$_SESSION['return'] = array(
|
||||
'type' => 'success',
|
||||
'msg' => sprintf($lang['success']['mailbox_added'], htmlspecialchars($username))
|
||||
@@ -949,6 +967,13 @@ function mailbox($_action, $_type, $_data = null) {
|
||||
else {
|
||||
$usernames = $_data['username'];
|
||||
}
|
||||
if (!isset($_SESSION['acl']['tls_policy']) || $_SESSION['acl']['tls_policy'] != "1" ) {
|
||||
$_SESSION['return'] = array(
|
||||
'type' => 'danger',
|
||||
'msg' => sprintf($lang['danger']['access_denied'])
|
||||
);
|
||||
return false;
|
||||
}
|
||||
foreach ($usernames as $username) {
|
||||
if (!filter_var($username, FILTER_VALIDATE_EMAIL) || !hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $username)) {
|
||||
$_SESSION['return'] = array(
|
||||
@@ -998,6 +1023,13 @@ function mailbox($_action, $_type, $_data = null) {
|
||||
else {
|
||||
$usernames = $_data['username'];
|
||||
}
|
||||
if (!isset($_SESSION['acl']['spam_score']) || $_SESSION['acl']['spam_score'] != "1" ) {
|
||||
$_SESSION['return'] = array(
|
||||
'type' => 'danger',
|
||||
'msg' => sprintf($lang['danger']['access_denied'])
|
||||
);
|
||||
return false;
|
||||
}
|
||||
foreach ($usernames as $username) {
|
||||
$lowspamlevel = explode(',', $_data['spam_score'])[0];
|
||||
$highspamlevel = explode(',', $_data['spam_score'])[1];
|
||||
@@ -1046,6 +1078,13 @@ function mailbox($_action, $_type, $_data = null) {
|
||||
);
|
||||
break;
|
||||
case 'time_limited_alias':
|
||||
if (!isset($_SESSION['acl']['spam_alias']) || $_SESSION['acl']['spam_alias'] != "1" ) {
|
||||
$_SESSION['return'] = array(
|
||||
'type' => 'danger',
|
||||
'msg' => sprintf($lang['danger']['access_denied'])
|
||||
);
|
||||
return false;
|
||||
}
|
||||
if (!is_array($_data['address'])) {
|
||||
$addresses = array();
|
||||
$addresses[] = $_data['address'];
|
||||
@@ -1103,6 +1142,13 @@ function mailbox($_action, $_type, $_data = null) {
|
||||
else {
|
||||
$usernames = $_data['username'];
|
||||
}
|
||||
if (!isset($_SESSION['acl']['delimiter_action']) || $_SESSION['acl']['delimiter_action'] != "1" ) {
|
||||
$_SESSION['return'] = array(
|
||||
'type' => 'danger',
|
||||
'msg' => sprintf($lang['danger']['access_denied'])
|
||||
);
|
||||
return false;
|
||||
}
|
||||
foreach ($usernames as $username) {
|
||||
if (!filter_var($username, FILTER_VALIDATE_EMAIL) || !hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $username)) {
|
||||
$_SESSION['return'] = array(
|
||||
@@ -1206,6 +1252,13 @@ function mailbox($_action, $_type, $_data = null) {
|
||||
else {
|
||||
$ids = $_data['id'];
|
||||
}
|
||||
if (!isset($_SESSION['acl']['syncjobs']) || $_SESSION['acl']['syncjobs'] != "1" ) {
|
||||
$_SESSION['return'] = array(
|
||||
'type' => 'danger',
|
||||
'msg' => sprintf($lang['danger']['access_denied'])
|
||||
);
|
||||
return false;
|
||||
}
|
||||
foreach ($ids as $id) {
|
||||
$is_now = mailbox('get', 'syncjob_details', $id);
|
||||
if (!empty($is_now)) {
|
||||
@@ -2677,6 +2730,13 @@ function mailbox($_action, $_type, $_data = null) {
|
||||
else {
|
||||
$ids = $_data['id'];
|
||||
}
|
||||
if (!isset($_SESSION['acl']['syncjobs']) || $_SESSION['acl']['syncjobs'] != "1" ) {
|
||||
$_SESSION['return'] = array(
|
||||
'type' => 'danger',
|
||||
'msg' => sprintf($lang['danger']['access_denied'])
|
||||
);
|
||||
return false;
|
||||
}
|
||||
foreach ($ids as $id) {
|
||||
if (!is_numeric($id)) {
|
||||
$_SESSION['return'] = array(
|
||||
@@ -2721,6 +2781,13 @@ function mailbox($_action, $_type, $_data = null) {
|
||||
else {
|
||||
$addresses = $_data['address'];
|
||||
}
|
||||
if (!isset($_SESSION['acl']['spam_alias']) || $_SESSION['acl']['spam_alias'] != "1" ) {
|
||||
$_SESSION['return'] = array(
|
||||
'type' => 'danger',
|
||||
'msg' => sprintf($lang['danger']['access_denied'])
|
||||
);
|
||||
return false;
|
||||
}
|
||||
foreach ($addresses as $address) {
|
||||
try {
|
||||
$stmt = $pdo->prepare("SELECT `goto` FROM `spamalias` WHERE `address` = :address");
|
||||
@@ -2769,6 +2836,13 @@ function mailbox($_action, $_type, $_data = null) {
|
||||
else {
|
||||
$usernames = $_data['username'];
|
||||
}
|
||||
if (!isset($_SESSION['acl']['eas_reset']) || $_SESSION['acl']['eas_reset'] != "1" ) {
|
||||
$_SESSION['return'] = array(
|
||||
'type' => 'danger',
|
||||
'msg' => sprintf($lang['danger']['access_denied'])
|
||||
);
|
||||
return false;
|
||||
}
|
||||
foreach ($usernames as $username) {
|
||||
if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $username)) {
|
||||
$_SESSION['return'] = array(
|
||||
|
||||
@@ -1,5 +1,4 @@
|
||||
<?php
|
||||
|
||||
function policy($_action, $_scope, $_data = null) {
|
||||
global $pdo;
|
||||
global $redis;
|
||||
@@ -99,6 +98,13 @@ function policy($_action, $_scope, $_data = null) {
|
||||
);
|
||||
return false;
|
||||
}
|
||||
if (!isset($_SESSION['acl']['spam_policy']) || $_SESSION['acl']['spam_policy'] != "1" ) {
|
||||
$_SESSION['return'] = array(
|
||||
'type' => 'danger',
|
||||
'msg' => sprintf($lang['danger']['access_denied'])
|
||||
);
|
||||
return false;
|
||||
}
|
||||
if ($_data['object_list'] == "bl") {
|
||||
$object_list = "blacklist_from";
|
||||
}
|
||||
@@ -233,6 +239,13 @@ function policy($_action, $_scope, $_data = null) {
|
||||
else {
|
||||
$prefids = $_data['prefid'];
|
||||
}
|
||||
if (!isset($_SESSION['acl']['spam_policy']) || $_SESSION['acl']['spam_policy'] != "1" ) {
|
||||
$_SESSION['return'] = array(
|
||||
'type' => 'danger',
|
||||
'msg' => sprintf($lang['danger']['access_denied'])
|
||||
);
|
||||
return false;
|
||||
}
|
||||
foreach ($prefids as $prefid) {
|
||||
if (!is_numeric($prefid)) {
|
||||
$_SESSION['return'] = array(
|
||||
|
||||
@@ -3,7 +3,7 @@ function init_db_schema() {
|
||||
try {
|
||||
global $pdo;
|
||||
|
||||
$db_version = "20072107_1029";
|
||||
$db_version = "02082017_0938";
|
||||
|
||||
$stmt = $pdo->query("SHOW TABLES LIKE 'versions'");
|
||||
$num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
|
||||
@@ -127,6 +127,30 @@ function init_db_schema() {
|
||||
),
|
||||
"attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
|
||||
),
|
||||
"user_acl" => array(
|
||||
"cols" => array(
|
||||
"username" => "VARCHAR(255) NOT NULL",
|
||||
"spam_alias" => "TINYINT(1) NOT NULL DEFAULT '1'",
|
||||
"tls_policy" => "TINYINT(1) NOT NULL DEFAULT '1'",
|
||||
"spam_score" => "TINYINT(1) NOT NULL DEFAULT '1'",
|
||||
"spam_policy" => "TINYINT(1) NOT NULL DEFAULT '1'",
|
||||
"delimiter_action" => "TINYINT(1) NOT NULL DEFAULT '1'",
|
||||
"syncjobs" => "TINYINT(1) NOT NULL DEFAULT '1'",
|
||||
"eas_reset" => "TINYINT(1) NOT NULL DEFAULT '1'",
|
||||
"eas_autoconfig" => "TINYINT(1) NOT NULL DEFAULT '1'"
|
||||
),
|
||||
"keys" => array(
|
||||
"fkey" => array(
|
||||
"fk_username" => array(
|
||||
"col" => "username",
|
||||
"ref" => "mailbox.username",
|
||||
"delete" => "CASCADE",
|
||||
"update" => "NO ACTION"
|
||||
)
|
||||
)
|
||||
),
|
||||
"attr" => "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC"
|
||||
),
|
||||
"alias_domain" => array(
|
||||
"cols" => array(
|
||||
"alias_domain" => "VARCHAR(255) NOT NULL",
|
||||
@@ -511,6 +535,19 @@ function init_db_schema() {
|
||||
$pdo->query("ALTER TABLE `" . $table . "` " . $is_drop . "ADD UNIQUE KEY `" . $key_name . "` (" . $fields . ")");
|
||||
}
|
||||
}
|
||||
if (strtolower($key_type) == 'fkey') {
|
||||
foreach ($key_content as $key_name => $key_values) {
|
||||
$fields = "`" . implode("`, `", $key_values) . "`";
|
||||
$stmt = $pdo->query("SHOW KEYS FROM `" . $table . "` WHERE Key_name = '" . $key_name . "'");
|
||||
$num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
|
||||
if ($num_results != 0) {
|
||||
$pdo->query("ALTER TABLE `" . $table . "` DROP FOREIGN KEY `" . $key_name . "`");
|
||||
}
|
||||
@list($table_ref, $field_ref) = explode('.', $key_values['ref']);
|
||||
$pdo->query("ALTER TABLE `" . $table . "` ADD FOREIGN KEY `" . $key_name . "` (" . $key_values['col'] . ") REFERENCES `" . $table_ref . "` (`" . $field_ref . "`)
|
||||
ON DELETE " . $key_values['delete'] . " ON UPDATE " . $key_values['update']);
|
||||
}
|
||||
}
|
||||
}
|
||||
// Drop all vanished columns
|
||||
$stmt = $pdo->query("SHOW COLUMNS FROM `" . $table . "`");
|
||||
@@ -535,10 +572,21 @@ function init_db_schema() {
|
||||
$keys_to_exist[] = $key_name;
|
||||
}
|
||||
}
|
||||
// Index for foreign key must exist
|
||||
if (isset($properties['keys']['fkey']) && is_array($properties['keys']['fkey'])) {
|
||||
foreach ($properties['keys']['fkey'] as $key_name => $key_values) {
|
||||
$keys_to_exist[] = $key_name;
|
||||
}
|
||||
}
|
||||
// Step 2: Drop all vanished indexes
|
||||
while ($row = array_shift($keys_in_table)) {
|
||||
if (!in_array($row['Key_name'], $keys_to_exist)) {
|
||||
$pdo->query("ALTER TABLE `" . $table . "` DROP INDEX `" . $row['Key_name'] . "`");
|
||||
try {
|
||||
$pdo->query("ALTER TABLE `" . $table . "` DROP FOREIGN KEY `" . $row['Key_name'] . "`");
|
||||
}
|
||||
finally {
|
||||
$pdo->query("ALTER TABLE `" . $table . "` DROP INDEX `" . $row['Key_name'] . "`");
|
||||
}
|
||||
}
|
||||
}
|
||||
// Step 3: Drop all vanished primary keys
|
||||
@@ -575,6 +623,14 @@ function init_db_schema() {
|
||||
$sql .= "UNIQUE KEY `" . $key_name . "` (" . $fields . ")" . ",";
|
||||
}
|
||||
}
|
||||
elseif (strtolower($key_type) == 'fkey') {
|
||||
foreach ($key_content as $key_name => $key_values) {
|
||||
@list($table_ref, $field_ref) = explode('.', $key_values['ref']);
|
||||
$fields = "`" . implode("`, `", $key_values) . "`";
|
||||
$sql .= "FOREIGN KEY `" . $key_name . "` (" . $key_values['col'] . ") REFERENCES `" . $table_ref . "` (`" . $field_ref . "`)
|
||||
ON DELETE " . $key_values['delete'] . " ON UPDATE " . $key_values['update'] . ",";
|
||||
}
|
||||
}
|
||||
}
|
||||
$sql = rtrim($sql, ",");
|
||||
$sql .= ") " . $properties['attr'];
|
||||
@@ -606,6 +662,9 @@ function init_db_schema() {
|
||||
'type' => 'success',
|
||||
'msg' => 'Database initialisation completed'
|
||||
);
|
||||
|
||||
// Fix user_acl
|
||||
$stmt = $pdo->query("INSERT INTO `user_acl` (`username`) SELECT `username` FROM `mailbox` WHERE `kind` = '' AND NOT EXISTS (SELECT `username` FROM `user_acl`);");
|
||||
}
|
||||
catch (PDOException $e) {
|
||||
$_SESSION['return'] = array(
|
||||
|
||||
@@ -70,3 +70,6 @@ require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/functions.fail2ban.inc.php';
|
||||
require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/init_db.inc.php';
|
||||
require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/triggers.inc.php';
|
||||
init_db_schema();
|
||||
if (isset($_SESSION['mailcow_cc_role'])) {
|
||||
set_acl();
|
||||
}
|
||||
Reference in New Issue
Block a user