From f7eaa50be6f5deed90a4badb6a9f133fdada1c62 Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <patschul@posteo.de>
Date: Tue, 14 Mar 2023 18:49:57 +0100
Subject: [PATCH] [Web] create ratelimit acl on iam mbox creation 2

---
 data/web/inc/functions.ratelimit.inc.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/data/web/inc/functions.ratelimit.inc.php b/data/web/inc/functions.ratelimit.inc.php
index f311533f..93840b5e 100644
--- a/data/web/inc/functions.ratelimit.inc.php
+++ b/data/web/inc/functions.ratelimit.inc.php
@@ -4,7 +4,7 @@ function ratelimit($_action, $_scope, $_data = null) {
   $_data_log = $_data;
   switch ($_action) {
     case 'edit':
-      if (!isset($_SESSION['acl']['ratelimit']) || $_SESSION['acl']['ratelimit'] != "1" ) {
+      if ((!isset($_SESSION['acl']['ratelimit']) || $_SESSION['acl']['ratelimit'] != "1") && !$_SESSION['iam_create_login']) {
         $_SESSION['return'][] = array(
           'type' => 'danger',
           'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
@@ -92,8 +92,8 @@ function ratelimit($_action, $_scope, $_data = null) {
               );
               continue;
             }
-            if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $object) && !$_SESSION['iam_create_login']
-              || ($_SESSION['mailcow_cc_role'] != 'admin' && $_SESSION['mailcow_cc_role'] != 'domainadmin')) {
+            if ((!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $object)
+              || ($_SESSION['mailcow_cc_role'] != 'admin' && $_SESSION['mailcow_cc_role'] != 'domainadmin')) && !$_SESSION['iam_create_login']) {
               $_SESSION['return'][] = array(
                 'type' => 'danger',
                 'log' => array(__FUNCTION__, $_action, $_scope, $_data_log),