[Web] r/o API keys, Pushover integration (can be limited by ACL), other minor changes

2020-04-10 20:57:01 +02:00
parent ccdb7fcd26
commit 8f4540d5d9
14 changed files with 1670 additions and 1111 deletions
--- a/data/web/inc/sessions.inc.php
+++ b/data/web/inc/sessions.inc.php
@@ -57,6 +57,12 @@ if (!empty($_SERVER['HTTP_X_API_KEY'])) {
      $_SESSION['mailcow_cc_username'] = 'API';
      $_SESSION['mailcow_cc_role'] = 'admin';
      $_SESSION['mailcow_cc_api'] = true;
+      if ($api_return['api_key'] == 'rw') {
+        $_SESSION['mailcow_cc_api_access'] = 'rw';
+      }
+      else {
+        $_SESSION['mailcow_cc_api_access'] = 'ro';
+      }
    }
    else {
      $redis->publish("F2B_CHANNEL", "mailcow UI: Invalid password for API_USER by " . $_SERVER['REMOTE_ADDR']);