[Web] Remove External as standard subfolder for sync jobs
[Web] Disallow a domain admin to set intersecting user ACLs [Web] Allow Pushover and SOGo EAS cache reset by default, disallow profile reset by defaultmaster
parent
ccf65fb50f
commit
ecebfe15df
|
@ -136,6 +136,16 @@ function acl($_action, $_scope = null, $_data = null) {
|
||||||
$stmt = $pdo->prepare("SELECT * FROM `user_acl` WHERE `username` = :username");
|
$stmt = $pdo->prepare("SELECT * FROM `user_acl` WHERE `username` = :username");
|
||||||
$stmt->execute(array(':username' => $_data));
|
$stmt->execute(array(':username' => $_data));
|
||||||
$data = $stmt->fetch(PDO::FETCH_ASSOC);
|
$data = $stmt->fetch(PDO::FETCH_ASSOC);
|
||||||
|
if ($_SESSION['mailcow_cc_role'] == 'domainadmin') {
|
||||||
|
// Domain admins cannot see, add or remove user ACLs they don't have access to by themselves
|
||||||
|
// Editing a user will use acl("get", "user") to determine granted ACLs and therefore block unallowed access escalation via form editing
|
||||||
|
$self_da_acl = acl('get', 'domainadmin', $_SESSION['mailcow_cc_username']);
|
||||||
|
foreach ($self_da_acl as $self_da_acl_key => $self_da_acl_val) {
|
||||||
|
if ($self_da_acl_val == 0) {
|
||||||
|
unset($data[$self_da_acl_key]);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
if (!empty($data)) {
|
if (!empty($data)) {
|
||||||
unset($data['username']);
|
unset($data['username']);
|
||||||
return $data;
|
return $data;
|
||||||
|
|
|
@ -3,7 +3,7 @@ function init_db_schema() {
|
||||||
try {
|
try {
|
||||||
global $pdo;
|
global $pdo;
|
||||||
|
|
||||||
$db_version = "16042020_2104";
|
$db_version = "19042020_1437";
|
||||||
|
|
||||||
$stmt = $pdo->query("SHOW TABLES LIKE 'versions'");
|
$stmt = $pdo->query("SHOW TABLES LIKE 'versions'");
|
||||||
$num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
|
$num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
|
||||||
|
@ -372,9 +372,9 @@ function init_db_schema() {
|
||||||
"spam_policy" => "TINYINT(1) NOT NULL DEFAULT '1'",
|
"spam_policy" => "TINYINT(1) NOT NULL DEFAULT '1'",
|
||||||
"delimiter_action" => "TINYINT(1) NOT NULL DEFAULT '1'",
|
"delimiter_action" => "TINYINT(1) NOT NULL DEFAULT '1'",
|
||||||
"syncjobs" => "TINYINT(1) NOT NULL DEFAULT '1'",
|
"syncjobs" => "TINYINT(1) NOT NULL DEFAULT '1'",
|
||||||
"eas_reset" => "TINYINT(1) NOT NULL DEFAULT '0'",
|
"eas_reset" => "TINYINT(1) NOT NULL DEFAULT '1'",
|
||||||
"sogo_profile_reset" => "TINYINT(1) NOT NULL DEFAULT '1'",
|
"sogo_profile_reset" => "TINYINT(1) NOT NULL DEFAULT '0'",
|
||||||
"pushover" => "TINYINT(1) NOT NULL DEFAULT '0'",
|
"pushover" => "TINYINT(1) NOT NULL DEFAULT '1'",
|
||||||
// quarantine is for quarantine actions, todo: rename
|
// quarantine is for quarantine actions, todo: rename
|
||||||
"quarantine" => "TINYINT(1) NOT NULL DEFAULT '1'",
|
"quarantine" => "TINYINT(1) NOT NULL DEFAULT '1'",
|
||||||
"quarantine_attachments" => "TINYINT(1) NOT NULL DEFAULT '1'",
|
"quarantine_attachments" => "TINYINT(1) NOT NULL DEFAULT '1'",
|
||||||
|
|
|
@ -448,7 +448,7 @@ if (!isset($_SESSION['mailcow_cc_role'])) {
|
||||||
<div class="form-group">
|
<div class="form-group">
|
||||||
<label class="control-label col-sm-2" for="subfolder2"><?=$lang['edit']['subfolder2'];?></label>
|
<label class="control-label col-sm-2" for="subfolder2"><?=$lang['edit']['subfolder2'];?></label>
|
||||||
<div class="col-sm-10">
|
<div class="col-sm-10">
|
||||||
<input type="text" class="form-control" name="subfolder2" value="External">
|
<input type="text" class="form-control" name="subfolder2" value="">
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
<div class="form-group">
|
<div class="form-group">
|
||||||
|
|
|
@ -60,7 +60,7 @@ if (!isset($_SESSION['mailcow_cc_role'])) {
|
||||||
<div class="form-group">
|
<div class="form-group">
|
||||||
<label class="control-label col-sm-2" for="subfolder2"><?=$lang['edit']['subfolder2'];?></label>
|
<label class="control-label col-sm-2" for="subfolder2"><?=$lang['edit']['subfolder2'];?></label>
|
||||||
<div class="col-sm-10">
|
<div class="col-sm-10">
|
||||||
<input type="text" class="form-control" name="subfolder2" value="External">
|
<input type="text" class="form-control" name="subfolder2" value="">
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
<div class="form-group">
|
<div class="form-group">
|
||||||
|
|
Loading…
Reference in New Issue