diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php index f107863b..6a451cd9 100644 --- a/data/web/inc/functions.inc.php +++ b/data/web/inc/functions.inc.php @@ -949,6 +949,9 @@ function user_get_alias_details($username) { if (!filter_var($username, FILTER_VALIDATE_EMAIL)) { return false; } + if (!hasMailboxObjectAccess($username, $_SESSION['mailcow_cc_role'], $username)) { + return false; + } $data['address'] = $username; $stmt = $pdo->prepare("SELECT `address` AS `shared_aliases`, `public_comment` FROM `alias` WHERE `goto` REGEXP :username_goto diff --git a/data/web/js/site/mailbox.js b/data/web/js/site/mailbox.js index 101088c4..d008b478 100644 --- a/data/web/js/site/mailbox.js +++ b/data/web/js/site/mailbox.js @@ -565,13 +565,13 @@ jQuery(function($){ ft_bcc_table = FooTable.init('#bcc_table', { "columns": [ {"name":"chkbox","title":"","style":{"min-width":"60px","width":"60px"},"filterable": false,"sortable": false,"type":"html"}, - {"sorted": true,"name":"id","title":"ID","style":{"maxWidth":"60px","width":"60px","text-align":"center"}}, + {"sorted": true,"name":"id","title":"ID","style":{"min-width":"60px","width":"60px","text-align":"center"}}, {"name":"type","title":lang.bcc_type}, {"name":"local_dest","title":lang.bcc_local_dest}, {"name":"bcc_dest","title":lang.bcc_destinations}, {"name":"domain","title":lang.domain,"breakpoints":"xs sm"}, - {"name":"active","filterable": false,"style":{"maxWidth":"80px","width":"80px"},"title":lang.active,"formatter": function(value){return 1==value?'':0==value&&'';}}, - {"name":"action","filterable": false,"sortable": false,"style":{"text-align":"right","maxWidth":"180px","width":"180px"},"type":"html","title":lang.action,"breakpoints":"xs sm"} + {"name":"active","filterable": false,"style":{"min-width":"80px","width":"80px"},"title":lang.active,"formatter": function(value){return 1==value?'':0==value&&'';}}, + {"name":"action","filterable": false,"sortable": false,"style":{"text-align":"right","min-width":"180px","width":"180px"},"type":"html","title":lang.action,"breakpoints":"xs sm"} ], "empty": lang.empty, "rows": $.ajax({ diff --git a/data/web/modals/mailbox.php b/data/web/modals/mailbox.php index ad7d84b5..6ebd4435 100644 --- a/data/web/modals/mailbox.php +++ b/data/web/modals/mailbox.php @@ -650,25 +650,38 @@ if (!isset($_SESSION['mailcow_cc_role'])) {