Added sogo_access acl for domain admin
- new sogo_access acl is added for domain admins - changing sogo_acces on a mailbox is only allowed if attempted by admin or by an domain admin with sogo_access acl. - new Mailboxes are created with SOGo access if "$MAILBOX_DEFAULT_ATTRIBUTES['sogo_access'] = true;" AND if created by admin or domain admin with sogo_access acl. Otherwise sogo_access is forbidden for the new mailbox.
This commit is contained in:
parent
a008855991
commit
2e42cfbd5f
@ -487,7 +487,7 @@ if (!isset($_SESSION['gal']) && $license_cache = $redis->Get('LICENSE_STATUS_CAC
|
||||
<button class="btn btn-sm btn-default" data-action="add_item" data-id="dkim" data-api-url='add/dkim' data-api-attr='{}' href="#"><span class="glyphicon glyphicon-plus"></span> <?=$lang['admin']['add'];?></button>
|
||||
</form>
|
||||
|
||||
<legend data-target="#import_dkim" style="margin-top:40px;cursor:pointer" class="arrow-toggle"" unselectable="on" data-toggle="collapse">
|
||||
<legend data-target="#import_dkim" style="margin-top:40px;cursor:pointer" class="arrow-toggle" unselectable="on" data-toggle="collapse">
|
||||
<span style="font-size:12px" class="arrow rotate glyphicon glyphicon-menu-down"></span> <?=$lang['admin']['import_private_key'];?>
|
||||
</legend>
|
||||
<div id="import_dkim" class="collapse">
|
||||
|
@ -713,7 +713,7 @@ if (isset($_SESSION['mailcow_cc_role'])) {
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<div data-acl="<?=$_SESSION['acl']['sogo_access'];?>" class="form-group">
|
||||
<div class="col-sm-offset-2 col-sm-10">
|
||||
<div class="checkbox">
|
||||
<label><input type="checkbox" value="1" name="sogo_access" <?=($result['attributes']['sogo_access']=="1") ? "checked" : null;?>> <?=$lang['edit']['sogo_access'];?></label>
|
||||
|
@ -816,7 +816,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
|
||||
'force_pw_update' => strval(intval($MAILBOX_DEFAULT_ATTRIBUTES['force_pw_update'])),
|
||||
'tls_enforce_in' => strval(intval($MAILBOX_DEFAULT_ATTRIBUTES['tls_enforce_in'])),
|
||||
'tls_enforce_out' => strval(intval($MAILBOX_DEFAULT_ATTRIBUTES['tls_enforce_out'])),
|
||||
'sogo_access' => strval(intval($MAILBOX_DEFAULT_ATTRIBUTES['sogo_access'])),
|
||||
'sogo_access' => (!isset($_SESSION['acl']['sogo_access']) || $_SESSION['acl']['sogo_access'] != "1") ? 0 : strval(intval($MAILBOX_DEFAULT_ATTRIBUTES['sogo_access'])),
|
||||
'mailbox_format' => strval($MAILBOX_DEFAULT_ATTRIBUTES['mailbox_format']),
|
||||
'quarantine_notification' => strval($MAILBOX_DEFAULT_ATTRIBUTES['quarantine_notification'])
|
||||
)
|
||||
@ -2119,6 +2119,16 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
|
||||
);
|
||||
continue;
|
||||
}
|
||||
// if already 1 == ok
|
||||
if ((!isset($_SESSION['acl']['sogo_access']) || $_SESSION['acl']['sogo_access'] != "1") &&
|
||||
(intval($_data['sogo_access']) == 0 && intval($is_now['attributes']['sogo_access'] != 0))) {
|
||||
$_SESSION['return'][] = array(
|
||||
'type' => 'danger',
|
||||
'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
|
||||
'msg' => 'access_denied'
|
||||
);
|
||||
return false;
|
||||
}
|
||||
$extra_acls = array();
|
||||
if (isset($_data['extended_sender_acl'])) {
|
||||
if (!isset($_SESSION['acl']['extend_sender_acl']) || $_SESSION['acl']['extend_sender_acl'] != "1" ) {
|
||||
|
@ -474,6 +474,7 @@ function init_db_schema() {
|
||||
"syncjobs" => "TINYINT(1) NOT NULL DEFAULT '1'",
|
||||
"quarantine" => "TINYINT(1) NOT NULL DEFAULT '1'",
|
||||
"login_as" => "TINYINT(1) NOT NULL DEFAULT '1'",
|
||||
"sogo_access" => "TINYINT(1) NOT NULL DEFAULT '1'",
|
||||
"bcc_maps" => "TINYINT(1) NOT NULL DEFAULT '1'",
|
||||
"filters" => "TINYINT(1) NOT NULL DEFAULT '1'",
|
||||
"ratelimit" => "TINYINT(1) NOT NULL DEFAULT '1'",
|
||||
|
@ -420,6 +420,7 @@ $lang['acl']['recipient_maps'] = 'Empfängerumschreibungen';
|
||||
$lang['acl']['unlimited_quota'] = 'Unendliche Quota für Mailboxen';
|
||||
$lang['acl']['extend_sender_acl'] = 'Eingabe externer Absenderadressen erlauben';
|
||||
$lang['acl']['prohibited'] = 'Untersagt durch Richtlinie';
|
||||
$lang['acl']['sogo_access'] = 'SOGo Zugriffsrecht';
|
||||
|
||||
$lang['edit']['extended_sender_acl'] = 'Externe Absenderadressen';
|
||||
$lang['edit']['extended_sender_acl_info'] = 'Der DKIM Domainkey der externen Absenderdomain sollte in diesen Server importiert werden, falls vorhanden.<br>
|
||||
|
@ -428,6 +428,7 @@ $lang['acl']['recipient_maps'] = 'Recipient maps';
|
||||
$lang['acl']['unlimited_quota'] = 'Unlimited quota for mailboxes';
|
||||
$lang['acl']['extend_sender_acl'] = 'Allow to extend sender ACL by external addresses';
|
||||
$lang['acl']['prohibited'] = 'Prohibited by ACL';
|
||||
$lang['acl']['sogo_access'] = 'Grant access to SOGo';
|
||||
|
||||
$lang['edit']['extended_sender_acl'] = 'External sender addresses';
|
||||
$lang['edit']['extended_sender_acl_info'] = 'A DKIM domain key should be imported, if available.<br>
|
||||
@ -936,4 +937,3 @@ $lang['mailbox']['alias_domain_backupmx'] = 'Alias domain inactive for relay dom
|
||||
|
||||
$lang['danger']['extra_acl_invalid'] = 'External sender address "%s" is invalid';
|
||||
$lang['danger']['extra_acl_invalid_domain'] = 'External sender "%s" uses an invalid domain';
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user