From 3e194c79060b84d04ce0b2c577ea4b68c7d8d732 Mon Sep 17 00:00:00 2001 From: Kristian Feldsam Date: Sat, 11 Nov 2023 17:12:00 +0100 Subject: [PATCH 1/5] Domains datatable - server side processing Signed-off-by: Kristian Feldsam --- data/web/inc/lib/ssp.class.php | 587 +++++++++++++++++++++++++++++++++ data/web/js/site/mailbox.js | 33 +- data/web/json_api.php | 65 +++- 3 files changed, 666 insertions(+), 19 deletions(-) create mode 100644 data/web/inc/lib/ssp.class.php diff --git a/data/web/inc/lib/ssp.class.php b/data/web/inc/lib/ssp.class.php new file mode 100644 index 00000000..c36c627c --- /dev/null +++ b/data/web/inc/lib/ssp.class.php @@ -0,0 +1,587 @@ + 'utf8'` - you might need this depending on your PHP / MySQL config + * @return resource PDO connection + */ + static function db ( $conn ) + { + if ( is_array( $conn ) ) { + return self::sql_connect( $conn ); + } + + return $conn; + } + + + /** + * Paging + * + * Construct the LIMIT clause for server-side processing SQL query + * + * @param array $request Data sent to server by DataTables + * @param array $columns Column information array + * @return string SQL limit clause + */ + static function limit ( $request, $columns ) + { + $limit = ''; + + if ( isset($request['start']) && $request['length'] != -1 ) { + $limit = "LIMIT ".intval($request['start']).", ".intval($request['length']); + } + + return $limit; + } + + + /** + * Ordering + * + * Construct the ORDER BY clause for server-side processing SQL query + * + * @param array $request Data sent to server by DataTables + * @param array $columns Column information array + * @return string SQL order by clause + */ + static function order ( $tableAS, $request, $columns ) + { + $order = ''; + + if ( isset($request['order']) && count($request['order']) ) { + $orderBy = array(); + $dtColumns = self::pluck( $columns, 'dt' ); + + for ( $i=0, $ien=count($request['order']) ; $i<$ien ; $i++ ) { + // Convert the column index into the column data property + $columnIdx = intval($request['order'][$i]['column']); + $requestColumn = $request['columns'][$columnIdx]; + + $columnIdx = array_search( $columnIdx, $dtColumns ); + $column = $columns[ $columnIdx ]; + + if ( $requestColumn['orderable'] == 'true' ) { + $dir = $request['order'][$i]['dir'] === 'asc' ? + 'ASC' : + 'DESC'; + + $orderBy[] = '`'.$tableAS.'`.`'.$column['db'].'` '.$dir; + } + } + + if ( count( $orderBy ) ) { + $order = 'ORDER BY '.implode(', ', $orderBy); + } + } + + return $order; + } + + + /** + * Searching / Filtering + * + * Construct the WHERE clause for server-side processing SQL query. + * + * NOTE this does not match the built-in DataTables filtering which does it + * word by word on any field. It's possible to do here performance on large + * databases would be very poor + * + * @param array $request Data sent to server by DataTables + * @param array $columns Column information array + * @param array $bindings Array of values for PDO bindings, used in the + * sql_exec() function + * @return string SQL where clause + */ + static function filter ( $tablesAS, $request, $columns, &$bindings ) + { + $globalSearch = array(); + $columnSearch = array(); + $dtColumns = self::pluck( $columns, 'dt' ); + + if ( isset($request['search']) && $request['search']['value'] != '' ) { + $str = $request['search']['value']; + + for ( $i=0, $ien=count($request['columns']) ; $i<$ien ; $i++ ) { + $requestColumn = $request['columns'][$i]; + $columnIdx = array_search( $requestColumn['data'], $dtColumns ); + $column = $columns[ $columnIdx ]; + + if ( $requestColumn['searchable'] == 'true' ) { + if(!empty($column['db'])){ + $binding = self::bind( $bindings, '%'.$str.'%', PDO::PARAM_STR ); + $globalSearch[] = "`".$tablesAS."`.`".$column['db']."` LIKE ".$binding; + } + } + } + } + + // Individual column filtering + if ( isset( $request['columns'] ) ) { + for ( $i=0, $ien=count($request['columns']) ; $i<$ien ; $i++ ) { + $requestColumn = $request['columns'][$i]; + $columnIdx = array_search( $requestColumn['data'], $dtColumns ); + $column = $columns[ $columnIdx ]; + + $str = $requestColumn['search']['value']; + + if ( $requestColumn['searchable'] == 'true' && + $str != '' ) { + if(!empty($column['db'])){ + $binding = self::bind( $bindings, '%'.$str.'%', PDO::PARAM_STR ); + $columnSearch[] = "`".$tablesAS."`.`".$column['db']."` LIKE ".$binding; + } + } + } + } + + // Combine the filters into a single string + $where = ''; + + if ( count( $globalSearch ) ) { + $where = '('.implode(' OR ', $globalSearch).')'; + } + + if ( count( $columnSearch ) ) { + $where = $where === '' ? + implode(' AND ', $columnSearch) : + $where .' AND '. implode(' AND ', $columnSearch); + } + + if ( $where !== '' ) { + $where = 'WHERE '.$where; + } + + return $where; + } + + + /** + * Perform the SQL queries needed for an server-side processing requested, + * utilising the helper functions of this class, limit(), order() and + * filter() among others. The returned array is ready to be encoded as JSON + * in response to an SSP request, or can be modified if needed before + * sending back to the client. + * + * @param array $request Data sent to server by DataTables + * @param array|PDO $conn PDO connection resource or connection parameters array + * @param string $table SQL table to query + * @param string $primaryKey Primary key of the table + * @param array $columns Column information array + * @return array Server-side processing response array + */ + static function simple ( $request, $conn, $table, $primaryKey, $columns ) + { + $bindings = array(); + $db = self::db( $conn ); + + // Allow for a JSON string to be passed in + if (isset($request['json'])) { + $request = json_decode($request['json'], true); + } + + // table AS + $tablesAS = null; + if(is_array($table)) { + $tablesAS = $table[1]; + $table = $table[0]; + } + + // Build the SQL query string from the request + $limit = self::limit( $request, $columns ); + $order = self::order( $tablesAS, $request, $columns ); + $where = self::filter( $tablesAS, $request, $columns, $bindings ); + + // Main query to actually get the data + $data = self::sql_exec( $db, $bindings, + "SELECT `$tablesAS`.`".implode("`, `$tablesAS`.`", self::pluck($columns, 'db'))."` + FROM `$table` AS `$tablesAS` + $where + $order + $limit" + ); + + // Data set length after filtering + $resFilterLength = self::sql_exec( $db, $bindings, + "SELECT COUNT(`{$primaryKey}`) + FROM `$table` AS `$tablesAS` + $where" + ); + $recordsFiltered = $resFilterLength[0][0]; + + // Total data set length + $resTotalLength = self::sql_exec( $db, + "SELECT COUNT(`{$primaryKey}`) + FROM `$table` AS `$tablesAS`" + ); + $recordsTotal = $resTotalLength[0][0]; + + /* + * Output + */ + return array( + "draw" => isset ( $request['draw'] ) ? + intval( $request['draw'] ) : + 0, + "recordsTotal" => intval( $recordsTotal ), + "recordsFiltered" => intval( $recordsFiltered ), + "data" => self::data_output( $columns, $data ) + ); + } + + + /** + * The difference between this method and the `simple` one, is that you can + * apply additional `where` conditions to the SQL queries. These can be in + * one of two forms: + * + * * 'Result condition' - This is applied to the result set, but not the + * overall paging information query - i.e. it will not effect the number + * of records that a user sees they can have access to. This should be + * used when you want apply a filtering condition that the user has sent. + * * 'All condition' - This is applied to all queries that are made and + * reduces the number of records that the user can access. This should be + * used in conditions where you don't want the user to ever have access to + * particular records (for example, restricting by a login id). + * + * In both cases the extra condition can be added as a simple string, or if + * you are using external values, as an assoc. array with `condition` and + * `bindings` parameters. The `condition` is a string with the SQL WHERE + * condition and `bindings` is an assoc. array of the binding names and + * values. + * + * @param array $request Data sent to server by DataTables + * @param array|PDO $conn PDO connection resource or connection parameters array + * @param string|array $table SQL table to query, if array second key is AS + * @param string $primaryKey Primary key of the table + * @param array $columns Column information array + * @param string $join JOIN sql string + * @param string|array $whereResult WHERE condition to apply to the result set + * @return array Server-side processing response array + */ + static function complex ( + $request, + $conn, + $table, + $primaryKey, + $columns, + $join=null, + $whereResult=null + ) { + $bindings = array(); + $db = self::db( $conn ); + + // table AS + $tablesAS = null; + if(is_array($table)) { + $tablesAS = $table[1]; + $table = $table[0]; + } + + // Build the SQL query string from the request + $limit = self::limit( $request, $columns ); + $order = self::order( $tablesAS, $request, $columns ); + $where = self::filter( $tablesAS, $request, $columns, $bindings ); + + // whereResult can be a simple string, or an assoc. array with a + // condition and bindings + if ( $whereResult ) { + $str = $whereResult; + + if ( is_array($whereResult) ) { + $str = $whereResult['condition']; + + if ( isset($whereResult['bindings']) ) { + self::add_bindings($bindings, $whereResult); + } + } + + $where = $where ? + $where .' AND '.$str : + 'WHERE '.$str; + } + + // Main query to actually get the data + $data = self::sql_exec( $db, $bindings, + "SELECT `$tablesAS`.`".implode("`, `$tablesAS`.`", self::pluck($columns, 'db'))."` + FROM `$table` AS `$tablesAS` + $join + $where + $order + $limit" + ); + + // Data set length after filtering + $resFilterLength = self::sql_exec( $db, $bindings, + "SELECT COUNT(`{$tablesAS}`.`{$primaryKey}`) + FROM `$table` AS `$tablesAS` + $join + $where" + ); + $recordsFiltered = $resFilterLength[0][0]; + + // Total data set length + $resTotalLength = self::sql_exec( $db, $bindings, + "SELECT COUNT(`{$tablesAS}`.`{$primaryKey}`) + FROM `$table` AS `$tablesAS` + $join + $where" + ); + $recordsTotal = $resTotalLength[0][0]; + + /* + * Output + */ + return array( + "draw" => isset ( $request['draw'] ) ? + intval( $request['draw'] ) : + 0, + "recordsTotal" => intval( $recordsTotal ), + "recordsFiltered" => intval( $recordsFiltered ), + "data" => self::data_output( $columns, $data ) + ); + } + + + /** + * Connect to the database + * + * @param array $sql_details SQL server connection details array, with the + * properties: + * * host - host name + * * db - database name + * * user - user name + * * pass - user password + * @return resource Database connection handle + */ + static function sql_connect ( $sql_details ) + { + try { + $db = @new PDO( + "mysql:host={$sql_details['host']};dbname={$sql_details['db']}", + $sql_details['user'], + $sql_details['pass'], + array( PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION ) + ); + } + catch (PDOException $e) { + self::fatal( + "An error occurred while connecting to the database. ". + "The error reported by the server was: ".$e->getMessage() + ); + } + + return $db; + } + + + /** + * Execute an SQL query on the database + * + * @param resource $db Database handler + * @param array $bindings Array of PDO binding values from bind() to be + * used for safely escaping strings. Note that this can be given as the + * SQL query string if no bindings are required. + * @param string $sql SQL query to execute. + * @return array Result from the query (all rows) + */ + static function sql_exec ( $db, $bindings, $sql=null ) + { + // Argument shifting + if ( $sql === null ) { + $sql = $bindings; + } + + $stmt = $db->prepare( $sql ); + + // Bind parameters + if ( is_array( $bindings ) ) { + for ( $i=0, $ien=count($bindings) ; $i<$ien ; $i++ ) { + $binding = $bindings[$i]; + $stmt->bindValue( $binding['key'], $binding['val'], $binding['type'] ); + } + } + + // Execute + try { + $stmt->execute(); + } + catch (PDOException $e) { + self::fatal( "An SQL error occurred: ".$e->getMessage() ); + } + + // Return all + return $stmt->fetchAll( PDO::FETCH_BOTH ); + } + + + /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * + * Internal methods + */ + + /** + * Throw a fatal error. + * + * This writes out an error message in a JSON string which DataTables will + * see and show to the user in the browser. + * + * @param string $msg Message to send to the client + */ + static function fatal ( $msg ) + { + echo json_encode( array( + "error" => $msg + ) ); + + exit(0); + } + + /** + * Create a PDO binding key which can be used for escaping variables safely + * when executing a query with sql_exec() + * + * @param array &$a Array of bindings + * @param * $val Value to bind + * @param int $type PDO field type + * @return string Bound key to be used in the SQL where this parameter + * would be used. + */ + static function bind ( &$a, $val, $type ) + { + $key = ':binding_'.count( $a ); + + $a[] = array( + 'key' => $key, + 'val' => $val, + 'type' => $type + ); + + return $key; + } + + static function add_bindings(&$bindings, $vals) + { + foreach($vals['bindings'] as $key => $value) { + $bindings[] = array( + 'key' => $key, + 'val' => $value, + 'type' => PDO::PARAM_STR + ); + } + } + + + /** + * Pull a particular property from each assoc. array in a numeric array, + * returning and array of the property values from each item. + * + * @param array $a Array to get data from + * @param string $prop Property to read + * @return array Array of property values + */ + static function pluck ( $a, $prop ) + { + $out = array(); + + for ( $i=0, $len=count($a) ; $i<$len ; $i++ ) { + if ( empty($a[$i][$prop]) && $a[$i][$prop] !== 0 ) { + continue; + } + + //removing the $out array index confuses the filter method in doing proper binding, + //adding it ensures that the array data are mapped correctly + $out[$i] = $a[$i][$prop]; + } + + return $out; + } + + + /** + * Return a string from an array or a string + * + * @param array|string $a Array to join + * @param string $join Glue for the concatenation + * @return string Joined string + */ + static function _flatten ( $a, $join = ' AND ' ) + { + if ( ! $a ) { + return ''; + } + else if ( $a && is_array($a) ) { + return implode( $join, $a ); + } + return $a; + } +} + diff --git a/data/web/js/site/mailbox.js b/data/web/js/site/mailbox.js index c2b1761d..5e1ba315 100644 --- a/data/web/js/site/mailbox.js +++ b/data/web/js/site/mailbox.js @@ -435,7 +435,7 @@ jQuery(function($){ var table = $('#domain_table').DataTable({ responsive: true, processing: true, - serverSide: false, + serverSide: true, stateSave: true, pageLength: pagination_size, dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" + @@ -447,9 +447,9 @@ jQuery(function($){ }, ajax: { type: "GET", - url: "/api/v1/get/domain/all", + url: "/api/v1/get/domain/datatables", dataSrc: function(json){ - $.each(json, function(i, item) { + $.each(json.data, function(i, item) { item.domain_name = escapeHtml(item.domain_name); item.aliases = item.aliases_in_domain + " / " + item.max_num_aliases_for_domain; @@ -498,7 +498,7 @@ jQuery(function($){ } }); - return json; + return json.data; } }, columns: [ @@ -528,17 +528,20 @@ jQuery(function($){ { title: lang.aliases, data: 'aliases', + searchable: false, defaultContent: '' }, { title: lang.mailboxes, data: 'mailboxes', + searchable: false, responsivePriority: 4, defaultContent: '' }, { title: lang.domain_quota, data: 'quota', + searchable: false, defaultContent: '', render: function (data, type) { data = data.split("/"); @@ -548,6 +551,8 @@ jQuery(function($){ { title: lang.stats, data: 'stats', + searchable: false, + orderable: false, defaultContent: '', render: function (data, type) { data = data.split("/"); @@ -557,21 +562,29 @@ jQuery(function($){ { title: lang.mailbox_defquota, data: 'def_quota_for_mbox', + searchable: false, + orderable: false, defaultContent: '' }, { title: lang.mailbox_quota, data: 'max_quota_for_mbox', + searchable: false, + orderable: false, defaultContent: '' }, { title: 'RL', data: 'rl', + searchable: false, + orderable: false, defaultContent: '' }, { title: lang.backup_mx, data: 'backupmx', + searchable: false, + orderable: false, defaultContent: '', redner: function (data, type){ return 1==value ? '' : 0==value && ''; @@ -580,30 +593,40 @@ jQuery(function($){ { title: lang.domain_admins, data: 'domain_admins', + searchable: false, + orderable: false, defaultContent: '', className: 'none' }, { title: lang.created_on, data: 'created', + searchable: false, + orderable: false, defaultContent: '', className: 'none' }, { title: lang.last_modified, data: 'modified', + searchable: false, + orderable: false, defaultContent: '', className: 'none' }, { title: 'Tags', data: 'tags', + searchable: false, + orderable: false, defaultContent: '', className: 'none' }, { title: lang.active, data: 'active', + searchable: false, + orderable: false, defaultContent: '', responsivePriority: 6, render: function (data, type) { @@ -613,6 +636,8 @@ jQuery(function($){ { title: lang.action, data: 'action', + searchable: false, + orderable: false, className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md dt-text-right', responsivePriority: 5, defaultContent: '' diff --git a/data/web/json_api.php b/data/web/json_api.php index b375bc8e..6c008a60 100644 --- a/data/web/json_api.php +++ b/data/web/json_api.php @@ -15,7 +15,7 @@ function api_log($_data) { continue; } - $value = json_decode($value, true); + $value = json_decode($value, true); if ($value) { if (is_array($value)) unset($value["csrf_token"]); foreach ($value as $key => &$val) { @@ -23,7 +23,7 @@ function api_log($_data) { $val = '*'; } } - $value = json_encode($value); + $value = json_encode($value); } $data_var[] = $data . "='" . $value . "'"; } @@ -44,7 +44,7 @@ function api_log($_data) { 'msg' => 'Redis: '.$e ); return false; - } + } } if (isset($_GET['query'])) { @@ -178,12 +178,12 @@ if (isset($_GET['query'])) { // parse post data $post = trim(file_get_contents('php://input')); if ($post) $post = json_decode($post); - + // process registration data from authenticator try { // decode base64 strings $clientDataJSON = base64_decode($post->clientDataJSON); - $attestationObject = base64_decode($post->attestationObject); + $attestationObject = base64_decode($post->attestationObject); // processCreate($clientDataJSON, $attestationObject, $challenge, $requireUserVerification=false, $requireUserPresent=true, $failIfRootMismatch=true) $data = $WebAuthn->processCreate($clientDataJSON, $attestationObject, $_SESSION['challenge'], false, true); @@ -250,7 +250,7 @@ if (isset($_GET['query'])) { default: process_add_return(mailbox('add', 'domain', $attr)); break; - } + } break; case "resource": process_add_return(mailbox('add', 'resource', $attr)); @@ -470,7 +470,7 @@ if (isset($_GET['query'])) { // false, if only internal is allowed // null, if internal and cross-platform is allowed $createArgs = $WebAuthn->getCreateArgs($_SESSION["mailcow_cc_username"], $_SESSION["mailcow_cc_username"], $_SESSION["mailcow_cc_username"], 30, false, $GLOBALS['WEBAUTHN_UV_FLAG_REGISTER'], null, $excludeCredentialIds); - + print(json_encode($createArgs)); $_SESSION['challenge'] = $WebAuthn->getChallenge(); return; @@ -523,9 +523,44 @@ if (isset($_GET['query'])) { case "domain": switch ($object) { + case "datatables": + $table = ['domain', 'd']; + $primaryKey = 'domain'; + $columns = [ + ['db' => 'domain', 'dt' => 2], + ['db' => 'aliases', 'dt' => 3], + ['db' => 'mailboxes', 'dt' => 4], + ['db' => 'quota', 'dt' => 5], + ]; + + require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/lib/ssp.class.php'; + global $pdo; + if($_SESSION['mailcow_cc_role'] === 'admin') { + $data = SSP::simple($_GET, $pdo, $table, $primaryKey, $columns); + } elseif ($_SESSION['mailcow_cc_role'] === 'domainadmin') { + $data = SSP::complex($_GET, $pdo, $table, $primaryKey, $columns, + 'INNER JOIN domain_admins as da ON da.domain = d.domain', + [ + 'condition' => 'da.active = 1 and da.username = :username', + 'bindings' => ['username' => $_SESSION['mailcow_cc_username']] + ]); + } + + if (!empty($data['data'])) { + $domainsData = []; + foreach ($data['data'] as $domain) { + if ($details = mailbox('get', 'domain_details', $domain[2])) { + $domainsData[] = $details; + } + } + $data['data'] = $domainsData; + } + + process_get_return($data); + break; case "all": $tags = null; - if (isset($_GET['tags']) && $_GET['tags'] != '') + if (isset($_GET['tags']) && $_GET['tags'] != '') $tags = explode(',', $_GET['tags']); $domains = mailbox('get', 'domains', null, $tags); @@ -1014,7 +1049,7 @@ if (isset($_GET['query'])) { case "all": case "reduced": $tags = null; - if (isset($_GET['tags']) && $_GET['tags'] != '') + if (isset($_GET['tags']) && $_GET['tags'] != '') $tags = explode(',', $_GET['tags']); if (empty($extra)) $domains = mailbox('get', 'domains'); @@ -1048,7 +1083,7 @@ if (isset($_GET['query'])) { break; default: $tags = null; - if (isset($_GET['tags']) && $_GET['tags'] != '') + if (isset($_GET['tags']) && $_GET['tags'] != '') $tags = explode(',', $_GET['tags']); if ($tags === null) { @@ -1058,7 +1093,7 @@ if (isset($_GET['query'])) { $mailboxes = mailbox('get', 'mailboxes', $object, $tags); if (is_array($mailboxes)) { foreach ($mailboxes as $mailbox) { - if ($details = mailbox('get', 'mailbox_details', $mailbox)) + if ($details = mailbox('get', 'mailbox_details', $mailbox)) $data[] = $details; } } @@ -1557,15 +1592,15 @@ if (isset($_GET['query'])) { 'solr_size' => $solr_size, 'solr_documents' => $solr_documents )); - break; + break; case "host": if (!$extra){ $stats = docker("host_stats"); echo json_encode($stats); - } + } else if ($extra == "ip") { // get public ips - + $curl = curl_init(); curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1); curl_setopt($curl, CURLOPT_POST, 0); @@ -1972,7 +2007,7 @@ if (isset($_GET['query'])) { exit(); } } -if ($_SESSION['mailcow_cc_api'] === true) { +if (array_key_exists('mailcow_cc_api', $_SESSION) && $_SESSION['mailcow_cc_api'] === true) { if (isset($_SESSION['mailcow_cc_api']) && $_SESSION['mailcow_cc_api'] === true) { unset($_SESSION['return']); } From 28cec9969931de92b128c086b1f113c35e600210 Mon Sep 17 00:00:00 2001 From: Kristian Feldsam Date: Sun, 12 Nov 2023 10:26:38 +0100 Subject: [PATCH 2/5] Mailboxes datatable - server side processing Signed-off-by: Kristian Feldsam --- data/web/js/site/mailbox.js | 39 ++++++++++++++++++------------------- data/web/json_api.php | 33 +++++++++++++++++++++++++++++++ 2 files changed, 52 insertions(+), 20 deletions(-) diff --git a/data/web/js/site/mailbox.js b/data/web/js/site/mailbox.js index 5e1ba315..fe6113a8 100644 --- a/data/web/js/site/mailbox.js +++ b/data/web/js/site/mailbox.js @@ -869,7 +869,7 @@ jQuery(function($){ var table = $('#mailbox_table').DataTable({ responsive: true, processing: true, - serverSide: false, + serverSide: true, stateSave: true, pageLength: pagination_size, dom: "<'row'<'col-sm-12 col-md-6'f><'col-sm-12 col-md-6'l>>" + @@ -878,13 +878,12 @@ jQuery(function($){ language: lang_datatables, initComplete: function(settings, json){ hideTableExpandCollapseBtn('#tab-mailboxes', '#mailbox_table'); - filterByDomain(json, 8, table); }, ajax: { type: "GET", - url: "/api/v1/get/mailbox/reduced", + url: "/api/v1/get/mailbox/datatables", dataSrc: function(json){ - $.each(json, function (i, item) { + $.each(json.data, function (i, item) { item.quota = { sortBy: item.quota_used, value: item.quota @@ -970,7 +969,7 @@ jQuery(function($){ } }); - return json; + return json.data; } }, columns: [ @@ -1000,13 +999,15 @@ jQuery(function($){ { title: lang.domain_quota, data: 'quota.value', + searchable: false, responsivePriority: 8, - defaultContent: '', - orderData: 23 + defaultContent: '' }, { title: lang.last_mail_login, data: 'last_mail_login', + searchable: false, + orderable: false, defaultContent: '', responsivePriority: 7, render: function (data, type) { @@ -1019,11 +1020,15 @@ jQuery(function($){ { title: lang.last_pw_change, data: 'last_pw_change', + searchable: false, + orderable: false, defaultContent: '' }, { title: lang.in_use, data: 'in_use.value', + searchable: false, + orderable: false, defaultContent: '', responsivePriority: 9, className: 'dt-data-w100', @@ -1092,6 +1097,8 @@ jQuery(function($){ { title: lang.msg_num, data: 'messages', + searchable: false, + orderable: false, defaultContent: '', responsivePriority: 5 }, @@ -1116,6 +1123,8 @@ jQuery(function($){ { title: lang.active, data: 'active', + searchable: false, + orderable: false, defaultContent: '', responsivePriority: 4, render: function (data, type) { @@ -1125,22 +1134,12 @@ jQuery(function($){ { title: lang.action, data: 'action', + searchable: false, + orderable: false, className: 'dt-sm-head-hidden dt-data-w100 dtr-col-md dt-text-right', responsivePriority: 6, defaultContent: '' - }, - { - title: "", - data: 'quota.sortBy', - defaultContent: '', - className: "d-none" - }, - { - title: "", - data: 'in_use.sortBy', - defaultContent: '', - className: "d-none" - }, + } ] }); diff --git a/data/web/json_api.php b/data/web/json_api.php index 6c008a60..3077bf7b 100644 --- a/data/web/json_api.php +++ b/data/web/json_api.php @@ -1046,6 +1046,39 @@ if (isset($_GET['query'])) { break; case "mailbox": switch ($object) { + case "datatables": + $table = ['mailbox', 'm']; + $primaryKey = 'username'; + $columns = [ + ['db' => 'username', 'dt' => 2], + ['db' => 'quota', 'dt' => 3], + ]; + + require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/lib/ssp.class.php'; + global $pdo; + if($_SESSION['mailcow_cc_role'] === 'admin') { + $data = SSP::complex($_GET, $pdo, $table, $primaryKey, $columns, null, "(`m`.`kind` = '' OR `m`.`kind` = NULL)"); + } elseif ($_SESSION['mailcow_cc_role'] === 'domainadmin') { + $data = SSP::complex($_GET, $pdo, $table, $primaryKey, $columns, + 'INNER JOIN domain_admins as da ON da.domain = m.domain', + [ + 'condition' => "(`m`.`kind` = '' OR `m`.`kind` = NULL) AND `da`.`active` = 1 AND `da`.`username` = :username", + 'bindings' => ['username' => $_SESSION['mailcow_cc_username']] + ]); + } + + if (!empty($data['data'])) { + $mailboxData = []; + foreach ($data['data'] as $mailbox) { + if ($details = mailbox('get', 'mailbox_details', $mailbox[2])) { + $mailboxData[] = $details; + } + } + $data['data'] = $mailboxData; + } + + process_get_return($data); + break; case "all": case "reduced": $tags = null; From 4dad0002cd72a6464f6193bd51092293a897078b Mon Sep 17 00:00:00 2001 From: Kristian Feldsam Date: Mon, 4 Dec 2023 13:41:09 +0100 Subject: [PATCH 3/5] Domains datatable - server side processing ordering Signed-off-by: Kristian Feldsam --- data/web/inc/functions.mailbox.inc.php | 1 - data/web/inc/lib/ssp.class.php | 30 ++++++++++++++++++++------ data/web/js/site/mailbox.js | 9 ++------ data/web/json_api.php | 11 +++++++--- 4 files changed, 33 insertions(+), 18 deletions(-) diff --git a/data/web/inc/functions.mailbox.inc.php b/data/web/inc/functions.mailbox.inc.php index 68cb50f1..c3529435 100644 --- a/data/web/inc/functions.mailbox.inc.php +++ b/data/web/inc/functions.mailbox.inc.php @@ -4323,7 +4323,6 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { $mailboxdata['active'] = $row['active']; $mailboxdata['active_int'] = $row['active']; $mailboxdata['domain'] = $row['domain']; - $mailboxdata['relayhost'] = $row['relayhost']; $mailboxdata['name'] = $row['name']; $mailboxdata['local_part'] = $row['local_part']; $mailboxdata['quota'] = $row['quota']; diff --git a/data/web/inc/lib/ssp.class.php b/data/web/inc/lib/ssp.class.php index c36c627c..a06e7d09 100644 --- a/data/web/inc/lib/ssp.class.php +++ b/data/web/inc/lib/ssp.class.php @@ -43,7 +43,7 @@ class SSP { } } else { - if(!empty($column['db'])){ + if(!empty($column['db']) && (!isset($column['dummy']) || $column['dummy'] !== true)){ $row[ $column['dt'] ] = $data[$i][ $columns[$j]['db'] ]; } else{ @@ -115,10 +115,12 @@ class SSP { */ static function order ( $tableAS, $request, $columns ) { + $select = ''; $order = ''; if ( isset($request['order']) && count($request['order']) ) { - $orderBy = array(); + $selects = []; + $orderBy = []; $dtColumns = self::pluck( $columns, 'dt' ); for ( $i=0, $ien=count($request['order']) ; $i<$ien ; $i++ ) { @@ -133,17 +135,26 @@ class SSP { $dir = $request['order'][$i]['dir'] === 'asc' ? 'ASC' : 'DESC'; - - $orderBy[] = '`'.$tableAS.'`.`'.$column['db'].'` '.$dir; + + if(isset($column['order_subquery'])) { + $selects[] = '('.$column['order_subquery'].') AS `'.$column['db'].'_count`'; + $orderBy[] = '`'.$column['db'].'_count` '.$dir; + } else { + $orderBy[] = '`'.$tableAS.'`.`'.$column['db'].'` '.$dir; + } } } + if ( count( $selects ) ) { + $select = ', '.implode(', ', $selects); + } + if ( count( $orderBy ) ) { $order = 'ORDER BY '.implode(', ', $orderBy); } } - return $order; + return [$select, $order]; } @@ -257,13 +268,14 @@ class SSP { } // Build the SQL query string from the request + list($select, $order) = self::order( $tablesAS, $request, $columns ); $limit = self::limit( $request, $columns ); - $order = self::order( $tablesAS, $request, $columns ); $where = self::filter( $tablesAS, $request, $columns, $bindings ); // Main query to actually get the data $data = self::sql_exec( $db, $bindings, "SELECT `$tablesAS`.`".implode("`, `$tablesAS`.`", self::pluck($columns, 'db'))."` + $select FROM `$table` AS `$tablesAS` $where $order @@ -348,8 +360,8 @@ class SSP { } // Build the SQL query string from the request + list($select, $order) = self::order( $tablesAS, $request, $columns ); $limit = self::limit( $request, $columns ); - $order = self::order( $tablesAS, $request, $columns ); $where = self::filter( $tablesAS, $request, $columns, $bindings ); // whereResult can be a simple string, or an assoc. array with a @@ -373,6 +385,7 @@ class SSP { // Main query to actually get the data $data = self::sql_exec( $db, $bindings, "SELECT `$tablesAS`.`".implode("`, `$tablesAS`.`", self::pluck($columns, 'db'))."` + $select FROM `$table` AS `$tablesAS` $join $where @@ -556,6 +569,9 @@ class SSP { if ( empty($a[$i][$prop]) && $a[$i][$prop] !== 0 ) { continue; } + if ( $prop == 'db' && isset($a[$i]['dummy']) && $a[$i]['dummy'] === true ) { + continue; + } //removing the $out array index confuses the filter method in doing proper binding, //adding it ensures that the array data are mapped correctly diff --git a/data/web/js/site/mailbox.js b/data/web/js/site/mailbox.js index fe6113a8..c6f57d45 100644 --- a/data/web/js/site/mailbox.js +++ b/data/web/js/site/mailbox.js @@ -552,7 +552,6 @@ jQuery(function($){ title: lang.stats, data: 'stats', searchable: false, - orderable: false, defaultContent: '', render: function (data, type) { data = data.split("/"); @@ -563,14 +562,12 @@ jQuery(function($){ title: lang.mailbox_defquota, data: 'def_quota_for_mbox', searchable: false, - orderable: false, defaultContent: '' }, { title: lang.mailbox_quota, data: 'max_quota_for_mbox', searchable: false, - orderable: false, defaultContent: '' }, { @@ -584,10 +581,9 @@ jQuery(function($){ title: lang.backup_mx, data: 'backupmx', searchable: false, - orderable: false, defaultContent: '', - redner: function (data, type){ - return 1==value ? '' : 0==value && ''; + render: function (data, type){ + return 1==data ? '' : 0==data && ''; } }, { @@ -626,7 +622,6 @@ jQuery(function($){ title: lang.active, data: 'active', searchable: false, - orderable: false, defaultContent: '', responsivePriority: 6, render: function (data, type) { diff --git a/data/web/json_api.php b/data/web/json_api.php index 3077bf7b..0f0c23b1 100644 --- a/data/web/json_api.php +++ b/data/web/json_api.php @@ -528,9 +528,14 @@ if (isset($_GET['query'])) { $primaryKey = 'domain'; $columns = [ ['db' => 'domain', 'dt' => 2], - ['db' => 'aliases', 'dt' => 3], - ['db' => 'mailboxes', 'dt' => 4], - ['db' => 'quota', 'dt' => 5], + ['db' => 'aliases', 'dt' => 3, 'order_subquery' => "SELECT COUNT(*) FROM `alias` WHERE (`domain`= `d`.`domain` OR `domain` IN (SELECT `alias_domain` FROM `alias_domain` WHERE `target_domain` = `d`.`domain`)) AND `address` NOT IN (SELECT `username` FROM `mailbox`)"], + ['db' => 'mailboxes', 'dt' => 4, 'order_subquery' => "SELECT COUNT(*) FROM `mailbox` WHERE `mailbox`.`domain` = `d`.`domain` AND (`mailbox`.`kind` = '' OR `mailbox`.`kind` = NULL)"], + ['db' => 'quota', 'dt' => 5, 'order_subquery' => "SELECT COALESCE(SUM(`mailbox`.`quota`), 0) FROM `mailbox` WHERE `mailbox`.`domain` = `d`.`domain` AND (`mailbox`.`kind` = '' OR `mailbox`.`kind` = NULL)"], + ['db' => 'stats', 'dt' => 6, 'dummy' => true, 'order_subquery' => "SELECT SUM(bytes) FROM `quota2` WHERE `quota2`.`username` IN (SELECT `username` FROM `mailbox` WHERE `domain` = `d`.`domain`)"], + ['db' => 'defquota', 'dt' => 7], + ['db' => 'maxquota', 'dt' => 8], + ['db' => 'backupmx', 'dt' => 10], + ['db' => 'active', 'dt' => 15], ]; require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/lib/ssp.class.php'; From efcca61f5a4f33bff53758390b3f18a452744cd1 Mon Sep 17 00:00:00 2001 From: Kristian Feldsam Date: Mon, 4 Dec 2023 14:49:07 +0100 Subject: [PATCH 4/5] Mailboxes datatable - server side processing ordering Signed-off-by: Kristian Feldsam --- data/web/js/site/mailbox.js | 8 +------- data/web/json_api.php | 5 +++++ 2 files changed, 6 insertions(+), 7 deletions(-) diff --git a/data/web/js/site/mailbox.js b/data/web/js/site/mailbox.js index c6f57d45..b1ec9482 100644 --- a/data/web/js/site/mailbox.js +++ b/data/web/js/site/mailbox.js @@ -1002,7 +1002,6 @@ jQuery(function($){ title: lang.last_mail_login, data: 'last_mail_login', searchable: false, - orderable: false, defaultContent: '', responsivePriority: 7, render: function (data, type) { @@ -1016,18 +1015,15 @@ jQuery(function($){ title: lang.last_pw_change, data: 'last_pw_change', searchable: false, - orderable: false, defaultContent: '' }, { title: lang.in_use, data: 'in_use.value', searchable: false, - orderable: false, defaultContent: '', responsivePriority: 9, - className: 'dt-data-w100', - orderData: 24 + className: 'dt-data-w100' }, { title: lang.fname, @@ -1093,7 +1089,6 @@ jQuery(function($){ title: lang.msg_num, data: 'messages', searchable: false, - orderable: false, defaultContent: '', responsivePriority: 5 }, @@ -1119,7 +1114,6 @@ jQuery(function($){ title: lang.active, data: 'active', searchable: false, - orderable: false, defaultContent: '', responsivePriority: 4, render: function (data, type) { diff --git a/data/web/json_api.php b/data/web/json_api.php index 0f0c23b1..403b5a79 100644 --- a/data/web/json_api.php +++ b/data/web/json_api.php @@ -1057,6 +1057,11 @@ if (isset($_GET['query'])) { $columns = [ ['db' => 'username', 'dt' => 2], ['db' => 'quota', 'dt' => 3], + ['db' => 'last_mail_login', 'dt' => 4, 'dummy' => true, 'order_subquery' => "SELECT MAX(`datetime`) FROM `sasl_log` WHERE `service` != 'SSO' AND `username` = `m`.`username`"], + ['db' => 'last_pw_change', 'dt' => 5, 'dummy' => true, 'order_subquery' => "JSON_EXTRACT(attributes, '$.passwd_update')"], + ['db' => 'in_use', 'dt' => 6, 'dummy' => true, 'order_subquery' => "(SELECT SUM(bytes) FROM `quota2` WHERE `quota2`.`username` = `m`.`username`) / `m`.`quota`"], + ['db' => 'messages', 'dt' => 17, 'dummy' => true, 'order_subquery' => "SELECT SUM(messages) FROM `quota2` WHERE `quota2`.`username` = `m`.`username`"], + ['db' => 'active', 'dt' => 21] ]; require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/lib/ssp.class.php'; From ac4f131fa8f1629b1c831478d020f5f1b6be4261 Mon Sep 17 00:00:00 2001 From: Kristian Feldsam Date: Wed, 27 Dec 2023 16:29:25 +0100 Subject: [PATCH 5/5] Domains and Mailboxes datatable - server side processing - filtering by tags Signed-off-by: Kristian Feldsam --- data/web/inc/lib/ssp.class.php | 44 ++++++++++++++++++++++++---------- data/web/js/site/mailbox.js | 3 ++- data/web/json_api.php | 2 ++ 3 files changed, 36 insertions(+), 13 deletions(-) diff --git a/data/web/inc/lib/ssp.class.php b/data/web/inc/lib/ssp.class.php index a06e7d09..503f9b29 100644 --- a/data/web/inc/lib/ssp.class.php +++ b/data/web/inc/lib/ssp.class.php @@ -177,6 +177,7 @@ class SSP { { $globalSearch = array(); $columnSearch = array(); + $joins = array(); $dtColumns = self::pluck( $columns, 'dt' ); if ( isset($request['search']) && $request['search']['value'] != '' ) { @@ -184,13 +185,19 @@ class SSP { for ( $i=0, $ien=count($request['columns']) ; $i<$ien ; $i++ ) { $requestColumn = $request['columns'][$i]; - $columnIdx = array_search( $requestColumn['data'], $dtColumns ); + $columnIdx = array_search( $i, $dtColumns ); $column = $columns[ $columnIdx ]; if ( $requestColumn['searchable'] == 'true' ) { if(!empty($column['db'])){ - $binding = self::bind( $bindings, '%'.$str.'%', PDO::PARAM_STR ); - $globalSearch[] = "`".$tablesAS."`.`".$column['db']."` LIKE ".$binding; + $binding = self::bind( $bindings, '%'.$str.'%', PDO::PARAM_STR ); + + if(isset($column['search']['join'])) { + $joins[] = $column['search']['join']; + $globalSearch[] = $column['search']['where_column'].' LIKE '.$binding; + } else { + $globalSearch[] = "`".$tablesAS."`.`".$column['db']."` LIKE ".$binding; + } } } } @@ -227,12 +234,17 @@ class SSP { implode(' AND ', $columnSearch) : $where .' AND '. implode(' AND ', $columnSearch); } + + $join = ''; + if( count($joins) ) { + $join = implode(' ', $joins); + } if ( $where !== '' ) { $where = 'WHERE '.$where; } - return $where; + return [$join, $where]; } @@ -270,13 +282,14 @@ class SSP { // Build the SQL query string from the request list($select, $order) = self::order( $tablesAS, $request, $columns ); $limit = self::limit( $request, $columns ); - $where = self::filter( $tablesAS, $request, $columns, $bindings ); + list($join, $where) = self::filter( $tablesAS, $request, $columns, $bindings ); // Main query to actually get the data $data = self::sql_exec( $db, $bindings, "SELECT `$tablesAS`.`".implode("`, `$tablesAS`.`", self::pluck($columns, 'db'))."` $select FROM `$table` AS `$tablesAS` + $join $where $order $limit" @@ -284,15 +297,16 @@ class SSP { // Data set length after filtering $resFilterLength = self::sql_exec( $db, $bindings, - "SELECT COUNT(`{$primaryKey}`) + "SELECT COUNT(`{$tablesAS}`.`{$primaryKey}`) FROM `$table` AS `$tablesAS` + $join $where" ); $recordsFiltered = $resFilterLength[0][0]; // Total data set length $resTotalLength = self::sql_exec( $db, - "SELECT COUNT(`{$primaryKey}`) + "SELECT COUNT(`{$tablesAS}`.`{$primaryKey}`) FROM `$table` AS `$tablesAS`" ); $recordsTotal = $resTotalLength[0][0]; @@ -362,7 +376,7 @@ class SSP { // Build the SQL query string from the request list($select, $order) = self::order( $tablesAS, $request, $columns ); $limit = self::limit( $request, $columns ); - $where = self::filter( $tablesAS, $request, $columns, $bindings ); + list($join_filter, $where) = self::filter( $tablesAS, $request, $columns, $bindings ); // whereResult can be a simple string, or an assoc. array with a // condition and bindings @@ -388,7 +402,9 @@ class SSP { $select FROM `$table` AS `$tablesAS` $join + $join_filter $where + GROUP BY `{$tablesAS}`.`{$primaryKey}` $order $limit" ); @@ -398,18 +414,22 @@ class SSP { "SELECT COUNT(`{$tablesAS}`.`{$primaryKey}`) FROM `$table` AS `$tablesAS` $join - $where" + $join_filter + $where + GROUP BY `{$tablesAS}`.`{$primaryKey}`" ); - $recordsFiltered = $resFilterLength[0][0]; + $recordsFiltered = (isset($resFilterLength[0])) ? $resFilterLength[0][0] : 0; // Total data set length $resTotalLength = self::sql_exec( $db, $bindings, "SELECT COUNT(`{$tablesAS}`.`{$primaryKey}`) FROM `$table` AS `$tablesAS` $join - $where" + $join_filter + $where + GROUP BY `{$tablesAS}`.`{$primaryKey}`" ); - $recordsTotal = $resTotalLength[0][0]; + $recordsTotal = (isset($resTotalLength[0])) ? $resTotalLength[0][0] : 0; /* * Output diff --git a/data/web/js/site/mailbox.js b/data/web/js/site/mailbox.js index b1ec9482..cc316b71 100644 --- a/data/web/js/site/mailbox.js +++ b/data/web/js/site/mailbox.js @@ -613,7 +613,7 @@ jQuery(function($){ { title: 'Tags', data: 'tags', - searchable: false, + searchable: true, orderable: false, defaultContent: '', className: 'none' @@ -1107,6 +1107,7 @@ jQuery(function($){ { title: 'Tags', data: 'tags', + searchable: true, defaultContent: '', className: 'none' }, diff --git a/data/web/json_api.php b/data/web/json_api.php index 403b5a79..05d54903 100644 --- a/data/web/json_api.php +++ b/data/web/json_api.php @@ -535,6 +535,7 @@ if (isset($_GET['query'])) { ['db' => 'defquota', 'dt' => 7], ['db' => 'maxquota', 'dt' => 8], ['db' => 'backupmx', 'dt' => 10], + ['db' => 'tags', 'dt' => 14, 'dummy' => true, 'search' => ['join' => 'LEFT JOIN `tags_domain` AS `td` ON `td`.`domain` = `d`.`domain`', 'where_column' => '`td`.`tag_name`']], ['db' => 'active', 'dt' => 15], ]; @@ -1061,6 +1062,7 @@ if (isset($_GET['query'])) { ['db' => 'last_pw_change', 'dt' => 5, 'dummy' => true, 'order_subquery' => "JSON_EXTRACT(attributes, '$.passwd_update')"], ['db' => 'in_use', 'dt' => 6, 'dummy' => true, 'order_subquery' => "(SELECT SUM(bytes) FROM `quota2` WHERE `quota2`.`username` = `m`.`username`) / `m`.`quota`"], ['db' => 'messages', 'dt' => 17, 'dummy' => true, 'order_subquery' => "SELECT SUM(messages) FROM `quota2` WHERE `quota2`.`username` = `m`.`username`"], + ['db' => 'tags', 'dt' => 20, 'dummy' => true, 'search' => ['join' => 'LEFT JOIN `tags_mailbox` AS `tm` ON `tm`.`username` = `m`.`username`', 'where_column' => '`tm`.`tag_name`']], ['db' => 'active', 'dt' => 21] ];