From 1aeb36d40e2ed921bc0caaf33fd2c679b674363c Mon Sep 17 00:00:00 2001 From: FreddleSpl0it Date: Tue, 14 Mar 2023 18:49:57 +0100 Subject: [PATCH] [Web] create ratelimit acl on iam mbox creation 2 --- data/web/inc/functions.ratelimit.inc.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/data/web/inc/functions.ratelimit.inc.php b/data/web/inc/functions.ratelimit.inc.php index f311533fa..93840b5eb 100644 --- a/data/web/inc/functions.ratelimit.inc.php +++ b/data/web/inc/functions.ratelimit.inc.php @@ -4,7 +4,7 @@ function ratelimit($_action, $_scope, $_data = null) { $_data_log = $_data; switch ($_action) { case 'edit': - if (!isset($_SESSION['acl']['ratelimit']) || $_SESSION['acl']['ratelimit'] != "1" ) { + if ((!isset($_SESSION['acl']['ratelimit']) || $_SESSION['acl']['ratelimit'] != "1") && !$_SESSION['iam_create_login']) { $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), @@ -92,8 +92,8 @@ function ratelimit($_action, $_scope, $_data = null) { ); continue; } - if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $object) && !$_SESSION['iam_create_login'] - || ($_SESSION['mailcow_cc_role'] != 'admin' && $_SESSION['mailcow_cc_role'] != 'domainadmin')) { + if ((!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $object) + || ($_SESSION['mailcow_cc_role'] != 'admin' && $_SESSION['mailcow_cc_role'] != 'domainadmin')) && !$_SESSION['iam_create_login']) { $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_scope, $_data_log),