[Web] Allow a user to choose notification categories (junk folder, rejected mail, both/all) + user ACL
This commit is contained in:
andryyy
@@ -332,6 +332,9 @@ function hasDomainAccess($username, $role, $domain) {
|
||||
}
|
||||
function hasMailboxObjectAccess($username, $role, $object) {
|
||||
global $pdo;
|
||||
if (empty($username) || empty($role) || empty($object)) {
|
||||
return false;
|
||||
}
|
||||
if (!filter_var(html_entity_decode(rawurldecode($username)), FILTER_VALIDATE_EMAIL) && !ctype_alnum(str_replace(array('_', '.', '-'), '', $username))) {
|
||||
return false;
|
||||
}
|
||||
|
||||
@@ -949,6 +949,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
|
||||
$pop3_access = (isset($_data['pop3_access'])) ? intval($_data['pop3_access']) : intval($MAILBOX_DEFAULT_ATTRIBUTES['pop3_access']);
|
||||
$smtp_access = (isset($_data['smtp_access'])) ? intval($_data['smtp_access']) : intval($MAILBOX_DEFAULT_ATTRIBUTES['smtp_access']);
|
||||
$quarantine_notification = (isset($_data['quarantine_notification'])) ? strval($_data['quarantine_notification']) : strval($MAILBOX_DEFAULT_ATTRIBUTES['quarantine_notification']);
|
||||
$quarantine_category = (isset($_data['quarantine_category'])) ? strval($_data['quarantine_category']) : strval($MAILBOX_DEFAULT_ATTRIBUTES['quarantine_category']);
|
||||
$quota_b = ($quota_m * 1048576);
|
||||
$mailbox_attrs = json_encode(
|
||||
array(
|
||||
@@ -960,7 +961,8 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
|
||||
'pop3_access' => strval($pop3_access),
|
||||
'smtp_access' => strval($smtp_access),
|
||||
'mailbox_format' => strval($MAILBOX_DEFAULT_ATTRIBUTES['mailbox_format']),
|
||||
'quarantine_notification' => strval($quarantine_notification)
|
||||
'quarantine_notification' => strval($quarantine_notification),
|
||||
'quarantine_category' => strval($quarantine_category)
|
||||
)
|
||||
);
|
||||
if (!is_valid_domain_name($domain)) {
|
||||
@@ -1409,6 +1411,65 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
|
||||
);
|
||||
}
|
||||
break;
|
||||
case 'quarantine_category':
|
||||
if (!is_array($_data['username'])) {
|
||||
$usernames = array();
|
||||
$usernames[] = $_data['username'];
|
||||
}
|
||||
else {
|
||||
$usernames = $_data['username'];
|
||||
}
|
||||
if (!isset($_SESSION['acl']['quarantine_category']) || $_SESSION['acl']['quarantine_category'] != "1" ) {
|
||||
$_SESSION['return'][] = array(
|
||||
'type' => 'danger',
|
||||
'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
|
||||
'msg' => 'access_denied'
|
||||
);
|
||||
return false;
|
||||
}
|
||||
foreach ($usernames as $username) {
|
||||
if (!filter_var($username, FILTER_VALIDATE_EMAIL) || !hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $username)) {
|
||||
$_SESSION['return'][] = array(
|
||||
'type' => 'danger',
|
||||
'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
|
||||
'msg' => 'access_denied'
|
||||
);
|
||||
continue;
|
||||
}
|
||||
$is_now = mailbox('get', 'quarantine_category', $username);
|
||||
if (!empty($is_now)) {
|
||||
$quarantine_category = (isset($_data['quarantine_category'])) ? $_data['quarantine_category'] : $is_now['quarantine_category'];
|
||||
}
|
||||
else {
|
||||
$_SESSION['return'][] = array(
|
||||
'type' => 'danger',
|
||||
'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
|
||||
'msg' => 'access_denied'
|
||||
);
|
||||
continue;
|
||||
}
|
||||
if (!in_array($quarantine_category, array('add_header', 'reject', 'all'))) {
|
||||
$_SESSION['return'][] = array(
|
||||
'type' => 'danger',
|
||||
'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
|
||||
'msg' => 'access_denied'
|
||||
);
|
||||
continue;
|
||||
}
|
||||
$stmt = $pdo->prepare("UPDATE `mailbox`
|
||||
SET `attributes` = JSON_SET(`attributes`, '$.quarantine_category', :quarantine_category)
|
||||
WHERE `username` = :username");
|
||||
$stmt->execute(array(
|
||||
':quarantine_category' => $quarantine_category,
|
||||
':username' => $username
|
||||
));
|
||||
$_SESSION['return'][] = array(
|
||||
'type' => 'success',
|
||||
'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
|
||||
'msg' => array('mailbox_modified', $username)
|
||||
);
|
||||
}
|
||||
break;
|
||||
case 'spam_score':
|
||||
if (!is_array($_data['username'])) {
|
||||
$usernames = array();
|
||||
@@ -2803,6 +2864,22 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
|
||||
$attrs = json_decode($attrs['attributes'], true);
|
||||
return $attrs['quarantine_notification'];
|
||||
break;
|
||||
case 'quarantine_category':
|
||||
$attrs = array();
|
||||
if (isset($_data) && filter_var($_data, FILTER_VALIDATE_EMAIL)) {
|
||||
if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $_data)) {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
else {
|
||||
$_data = $_SESSION['mailcow_cc_username'];
|
||||
}
|
||||
$stmt = $pdo->prepare("SELECT `attributes` FROM `mailbox` WHERE `username` = :username");
|
||||
$stmt->execute(array(':username' => $_data));
|
||||
$attrs = $stmt->fetch(PDO::FETCH_ASSOC);
|
||||
$attrs = json_decode($attrs['attributes'], true);
|
||||
return $attrs['quarantine_category'];
|
||||
break;
|
||||
case 'filters':
|
||||
$filters = array();
|
||||
if (isset($_data) && filter_var($_data, FILTER_VALIDATE_EMAIL)) {
|
||||
|
||||
@@ -3,7 +3,7 @@ function init_db_schema() {
|
||||
try {
|
||||
global $pdo;
|
||||
|
||||
$db_version = "16112020_1210";
|
||||
$db_version = "28112020_1210";
|
||||
|
||||
$stmt = $pdo->query("SHOW TABLES LIKE 'versions'");
|
||||
$num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
|
||||
@@ -401,6 +401,7 @@ function init_db_schema() {
|
||||
"quarantine" => "TINYINT(1) NOT NULL DEFAULT '1'",
|
||||
"quarantine_attachments" => "TINYINT(1) NOT NULL DEFAULT '1'",
|
||||
"quarantine_notification" => "TINYINT(1) NOT NULL DEFAULT '1'",
|
||||
"quarantine_category" => "TINYINT(1) NOT NULL DEFAULT '1'",
|
||||
"app_passwds" => "TINYINT(1) NOT NULL DEFAULT '1'",
|
||||
),
|
||||
"keys" => array(
|
||||
@@ -1185,6 +1186,7 @@ function init_db_schema() {
|
||||
$pdo->query("UPDATE `mailbox` SET `attributes` = JSON_SET(`attributes`, '$.smtp_access', \"1\") WHERE JSON_VALUE(`attributes`, '$.smtp_access') IS NULL;");
|
||||
$pdo->query("UPDATE `mailbox` SET `attributes` = JSON_SET(`attributes`, '$.mailbox_format', \"maildir:\") WHERE JSON_VALUE(`attributes`, '$.mailbox_format') IS NULL;");
|
||||
$pdo->query("UPDATE `mailbox` SET `attributes` = JSON_SET(`attributes`, '$.quarantine_notification', \"never\") WHERE JSON_VALUE(`attributes`, '$.quarantine_notification') IS NULL;");
|
||||
$pdo->query("UPDATE `mailbox` SET `attributes` = JSON_SET(`attributes`, '$.quarantine_category', \"reject\") WHERE JSON_VALUE(`attributes`, '$.quarantine_category') IS NULL;");
|
||||
foreach($tls_options as $tls_user => $tls_options) {
|
||||
$stmt = $pdo->prepare("UPDATE `mailbox` SET `attributes` = JSON_SET(`attributes`, '$.tls_enforce_in', :tls_enforce_in),
|
||||
`attributes` = JSON_SET(`attributes`, '$.tls_enforce_out', :tls_enforce_out)
|
||||
|
||||
@@ -167,6 +167,12 @@ $MAILBOX_DEFAULT_ATTRIBUTES['pop3_access'] = true;
|
||||
// Mailbox has SMTP access by default
|
||||
$MAILBOX_DEFAULT_ATTRIBUTES['smtp_access'] = true;
|
||||
|
||||
// Mailbox receives notifications about...
|
||||
// "add_header" - mail that was put into the Junk folder
|
||||
// "reject" - mail that was rejected
|
||||
// "all" - mail that was rejected and put into the Junk folder
|
||||
$MAILBOX_DEFAULT_ATTRIBUTES['quarantine_category'] = 'reject';
|
||||
|
||||
// Default mailbox format, should not be changed unless you know exactly, what you do, keep the trailing ":"
|
||||
// Check dovecot.conf for further changes (e.g. shared namespace)
|
||||
$MAILBOX_DEFAULT_ATTRIBUTES['mailbox_format'] = 'maildir:';
|
||||
|
||||
Reference in New Issue
Block a user