From 45c13c687b7c294d24708cd44eb05062d0862d33 Mon Sep 17 00:00:00 2001 From: FreddleSpl0it Date: Sun, 1 Dec 2024 16:36:16 +0100 Subject: [PATCH] [Web] update user based on template after login --- data/conf/phpfpm/crons/keycloak-sync.php | 16 +++--- data/conf/phpfpm/crons/ldap-sync.php | 6 ++- data/web/inc/functions.acl.inc.php | 10 ++-- data/web/inc/functions.auth.inc.php | 2 +- data/web/inc/functions.inc.php | 55 ++++++++++++--------- data/web/inc/functions.mailbox.inc.php | 62 ++++++++++++------------ data/web/inc/functions.ratelimit.inc.php | 4 +- 7 files changed, 85 insertions(+), 70 deletions(-) diff --git a/data/conf/phpfpm/crons/keycloak-sync.php b/data/conf/phpfpm/crons/keycloak-sync.php index 3a7b1da7b..a7e46c4fd 100644 --- a/data/conf/phpfpm/crons/keycloak-sync.php +++ b/data/conf/phpfpm/crons/keycloak-sync.php @@ -114,7 +114,7 @@ $iam_provider = identity_provider('init'); while (true) { // Get admin access token $admin_token = identity_provider("get-keycloak-admin-token"); - + // Make the API request to retrieve the users $url = "{$iam_settings['server_url']}/admin/realms/{$iam_settings['realm']}/users?first=$start&max=$max"; $ch = curl_init(); @@ -127,7 +127,7 @@ while (true) { $response = curl_exec($ch); $code = curl_getinfo($ch, CURLINFO_HTTP_CODE); curl_close($ch); - + if ($code != 200){ logMsg("err", "Recieved HTTP {$code}"); session_destroy(); @@ -157,8 +157,8 @@ while (true) { logMsg("warning", "No attributes in keycloak found for user " . $user['email']); continue; } - if (!isset($user['attributes']['mailcow_template']) || - !is_array($user['attributes']['mailcow_template']) || + if (!isset($user['attributes']['mailcow_template']) || + !is_array($user['attributes']['mailcow_template']) || count($user['attributes']['mailcow_template']) == 0) { logMsg("warning", "No mailcow_template in keycloak found for user " . $user['email']); continue; @@ -195,7 +195,8 @@ while (true) { 'local_part' => explode('@', $user['email'])[0], 'name' => $user['firstName'] . " " . $user['lastName'], 'authsource' => 'keycloak', - 'template' => $mbox_template + 'template' => $mbox_template, + 'hasAccess' => true )); } else if ($row && intval($iam_settings['periodic_sync']) == 1) { // mailbox user does exist, sync attribtues... @@ -203,7 +204,8 @@ while (true) { mailbox('edit', 'mailbox_from_template', array( 'username' => $user['email'], 'name' => $user['firstName'] . " " . $user['lastName'], - 'template' => $mbox_template + 'template' => $mbox_template, + 'hasAccess' => true )); } else { // skip mailbox user @@ -212,7 +214,7 @@ while (true) { sleep(0.025); } - + // Update the pagination variables for the next batch $start += $max; sleep(1); diff --git a/data/conf/phpfpm/crons/ldap-sync.php b/data/conf/phpfpm/crons/ldap-sync.php index 75eddc7a1..da5533b39 100644 --- a/data/conf/phpfpm/crons/ldap-sync.php +++ b/data/conf/phpfpm/crons/ldap-sync.php @@ -159,7 +159,8 @@ foreach ($response as $user) { 'local_part' => explode('@', $user[$iam_settings['username_field']][0])[0], 'name' => $user['displayname'][0], 'authsource' => 'ldap', - 'template' => $mbox_template + 'template' => $mbox_template, + 'hasAccess' => true )); } else if ($row && intval($iam_settings['periodic_sync']) == 1) { // mailbox user does exist, sync attribtues... @@ -167,7 +168,8 @@ foreach ($response as $user) { mailbox('edit', 'mailbox_from_template', array( 'username' => $user[$iam_settings['username_field']][0], 'name' => $user['displayname'][0], - 'template' => $mbox_template + 'template' => $mbox_template, + 'hasAccess' => true )); } else { // skip mailbox user diff --git a/data/web/inc/functions.acl.inc.php b/data/web/inc/functions.acl.inc.php index ffce9f44c..ffc7408fe 100644 --- a/data/web/inc/functions.acl.inc.php +++ b/data/web/inc/functions.acl.inc.php @@ -1,5 +1,5 @@ 'danger', 'log' => array(__FUNCTION__, $_action, $_scope, $_data_log), @@ -34,7 +34,7 @@ function acl($_action, $_scope = null, $_data = null) { } // Read all available acl options by calling acl(get) // Set all available acl options we cannot find in the post data to 0, else 1 - $is_now = acl('get', 'user', $username); + $is_now = acl('get', 'user', $username, $_extra); if (!empty($is_now)) { foreach ($is_now as $acl_now_name => $acl_now_val) { $set_acls[$acl_now_name] = (isset($acl_post[$acl_now_name])) ? 1 : 0; @@ -130,7 +130,7 @@ function acl($_action, $_scope = null, $_data = null) { case 'get': switch ($_scope) { case 'user': - if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $_data)) { + if (!$_extra['hasAccess'] && !hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $_data)) { return false; } $stmt = $pdo->prepare("SELECT * FROM `user_acl` WHERE `username` = :username"); diff --git a/data/web/inc/functions.auth.inc.php b/data/web/inc/functions.auth.inc.php index 74cd6d956..83c0a32eb 100644 --- a/data/web/inc/functions.auth.inc.php +++ b/data/web/inc/functions.auth.inc.php @@ -467,7 +467,7 @@ function keycloak_mbox_login_rest($user, $pass, $extra = null){ $create_res = mailbox('add', 'mailbox_from_template', array( 'domain' => explode('@', $user)[1], 'local_part' => explode('@', $user)[0], - 'name' => $user_res['firstName'] . " " . $user_res['lastName'], + 'name' => $user_res['name'], 'authsource' => 'keycloak', 'template' => $iam_settings['templates'][$mapper_key] )); diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php index dfe3a15ad..943d53e97 100644 --- a/data/web/inc/functions.inc.php +++ b/data/web/inc/functions.inc.php @@ -2512,27 +2512,6 @@ function identity_provider($_action = null, $_data = null, $_extra = null) { // check if email address is given if (empty($info['email'])) return false; - // token valid, get mailbox - $stmt = $pdo->prepare("SELECT * FROM `mailbox` - INNER JOIN domain on mailbox.domain = domain.domain - WHERE `kind` NOT REGEXP 'location|thing|group' - AND `mailbox`.`active`='1' - AND `domain`.`active`='1' - AND `username` = :user - AND (`authsource`='keycloak' OR `authsource`='generic-oidc')"); - $stmt->execute(array(':user' => $info['email'])); - $row = $stmt->fetch(PDO::FETCH_ASSOC); - if ($row){ - // success - set_user_loggedin_session($info['email']); - $_SESSION['return'][] = array( - 'type' => 'success', - 'log' => array(__FUNCTION__, $_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role']), - 'msg' => array('logged_in_as', $_SESSION['mailcow_cc_username']) - ); - return true; - } - // get mapped template, if not set return false // also return false if no mappers were defined $user_template = $info['mailcow_template']; @@ -2558,13 +2537,43 @@ function identity_provider($_action = null, $_data = null, $_extra = null) { return false; } + + // token valid, get mailbox + $stmt = $pdo->prepare("SELECT * FROM `mailbox` + INNER JOIN domain on mailbox.domain = domain.domain + WHERE `kind` NOT REGEXP 'location|thing|group' + AND `mailbox`.`active`='1' + AND `domain`.`active`='1' + AND `username` = :user + AND (`authsource`='keycloak' OR `authsource`='generic-oidc')"); + $stmt->execute(array(':user' => $info['email'])); + $row = $stmt->fetch(PDO::FETCH_ASSOC); + if ($row){ + // success + // update user + mailbox('edit', 'mailbox_from_template', array( + 'username' => $info['email'], + 'name' => $info['name'], + 'template' => $iam_settings['templates'][$mapper_key], + 'hasAccess' => true + )); + set_user_loggedin_session($info['email']); + $_SESSION['return'][] = array( + 'type' => 'success', + 'log' => array(__FUNCTION__, $_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role']), + 'msg' => array('logged_in_as', $_SESSION['mailcow_cc_username']) + ); + return true; + } + // create mailbox $create_res = mailbox('add', 'mailbox_from_template', array( 'domain' => explode('@', $info['email'])[1], 'local_part' => explode('@', $info['email'])[0], - 'name' => $info['firstName'] . " " . $info['lastName'], + 'name' => $info['name'], 'authsource' => $iam_settings['authsource'], - 'template' => $iam_settings['templates'][$mapper_key] + 'template' => $iam_settings['templates'][$mapper_key], + 'hasAccess' => true )); if (!$create_res){ clear_session(); diff --git a/data/web/inc/functions.mailbox.inc.php b/data/web/inc/functions.mailbox.inc.php index 1b5b577f8..5c8d50d41 100644 --- a/data/web/inc/functions.mailbox.inc.php +++ b/data/web/inc/functions.mailbox.inc.php @@ -1045,7 +1045,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { $password2 = ''; $password_hashed = ''; } - if (!$_extra['iam_create_login'] && ((!isset($_SESSION['acl']['unlimited_quota']) || $_SESSION['acl']['unlimited_quota'] != "1") && $quota_m === 0)) { + if (!$_extra['hasAccess'] && ((!isset($_SESSION['acl']['unlimited_quota']) || $_SESSION['acl']['unlimited_quota'] != "1") && $quota_m === 0)) { $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), @@ -1101,7 +1101,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { ); return false; } - if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain) && !$_extra['iam_create_login']) { + if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain) && !$_extra['hasAccess']) { $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), @@ -1364,6 +1364,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { $attribute_hash = sha1(json_encode($mbox_template_data["attributes"])); $mbox_template_data = json_decode($mbox_template_data["attributes"], true); $mbox_template_data['domain'] = $_data['domain']; + $mbox_template_data['name'] = $_data['name']; $mbox_template_data['local_part'] = $_data['local_part']; $mbox_template_data['authsource'] = $_data['authsource']; $mbox_template_data['attribute_hash'] = $attribute_hash; @@ -1381,7 +1382,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { } } - return mailbox('add', 'mailbox', $mailbox_attributes, array('iam_create_login' => true)); + return mailbox('add', 'mailbox', $mailbox_attributes, array('hasAccess' => $_data['hasAccess'])); break; case 'resource': $domain = idn_to_ascii(strtolower(trim($_data['domain'])), 0, INTL_IDNA_VARIANT_UTS46); @@ -1749,7 +1750,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { else { $usernames = $_data['username']; } - if (!isset($_SESSION['acl']['tls_policy']) || $_SESSION['acl']['tls_policy'] != "1" ) { + if (!$_extra['hasAccess'] && (!isset($_SESSION['acl']['tls_policy']) || $_SESSION['acl']['tls_policy'] != "1")) { $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), @@ -1758,7 +1759,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { return false; } foreach ($usernames as $username) { - if (!filter_var($username, FILTER_VALIDATE_EMAIL) || !hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $username)) { + if (!$_extra['hasAccess'] && (!filter_var($username, FILTER_VALIDATE_EMAIL) || !hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $username))) { $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), @@ -1766,7 +1767,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { ); continue; } - $is_now = mailbox('get', 'tls_policy', $username); + $is_now = mailbox('get', 'tls_policy', $username, $_extra); if (!empty($is_now)) { $tls_enforce_in = (isset($_data['tls_enforce_in'])) ? intval($_data['tls_enforce_in']) : $is_now['tls_enforce_in']; $tls_enforce_out = (isset($_data['tls_enforce_out'])) ? intval($_data['tls_enforce_out']) : $is_now['tls_enforce_out']; @@ -1803,7 +1804,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { else { $usernames = $_data['username']; } - if (!isset($_SESSION['acl']['quarantine_notification']) || $_SESSION['acl']['quarantine_notification'] != "1" ) { + if (!$_extra['hasAccess'] && (!isset($_SESSION['acl']['quarantine_notification']) || $_SESSION['acl']['quarantine_notification'] != "1")) { $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), @@ -1812,7 +1813,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { return false; } foreach ($usernames as $username) { - if (!filter_var($username, FILTER_VALIDATE_EMAIL) || !hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $username)) { + if (!$_extra['hasAccess'] && (!filter_var($username, FILTER_VALIDATE_EMAIL) || !hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $username))) { $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), @@ -1820,7 +1821,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { ); continue; } - $is_now = mailbox('get', 'quarantine_notification', $username); + $is_now = mailbox('get', 'quarantine_notification', $username, $_extra); if (!empty($is_now)) { $quarantine_notification = (isset($_data['quarantine_notification'])) ? $_data['quarantine_notification'] : $is_now['quarantine_notification']; } @@ -1862,7 +1863,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { else { $usernames = $_data['username']; } - if (!isset($_SESSION['acl']['quarantine_category']) || $_SESSION['acl']['quarantine_category'] != "1" ) { + if (!$_extra['hasAccess'] && (!isset($_SESSION['acl']['quarantine_category']) || $_SESSION['acl']['quarantine_category'] != "1")) { $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), @@ -1871,7 +1872,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { return false; } foreach ($usernames as $username) { - if (!filter_var($username, FILTER_VALIDATE_EMAIL) || !hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $username)) { + if (!$_extra['hasAccess'] && (!filter_var($username, FILTER_VALIDATE_EMAIL) || !hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $username))) { $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), @@ -1879,7 +1880,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { ); continue; } - $is_now = mailbox('get', 'quarantine_category', $username); + $is_now = mailbox('get', 'quarantine_category', $username, $_extra); if (!empty($is_now)) { $quarantine_category = (isset($_data['quarantine_category'])) ? $_data['quarantine_category'] : $is_now['quarantine_category']; } @@ -2923,7 +2924,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { ); continue; } - $is_now = mailbox('get', 'mailbox_details', $username); + $is_now = mailbox('get', 'mailbox_details', $username, $_extra); if (isset($_data['protocol_access'])) { $_data['protocol_access'] = (array)$_data['protocol_access']; $_data['imap_access'] = (in_array('imap', $_data['protocol_access'])) ? 1 : 0; @@ -2963,7 +2964,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { continue; } // if already 0 == ok - if ((!isset($_SESSION['acl']['unlimited_quota']) || $_SESSION['acl']['unlimited_quota'] != "1") && ($quota_m == 0 && $is_now['quota'] != 0)) { + if (!$_extra['hasAccess'] && (!isset($_SESSION['acl']['unlimited_quota']) || $_SESSION['acl']['unlimited_quota'] != "1") && ($quota_m == 0 && $is_now['quota'] != 0)) { $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), @@ -2971,7 +2972,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { ); return false; } - if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain)) { + if (!$_extra['hasAccess'] && !hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain)) { $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), @@ -2998,7 +2999,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { } $extra_acls = array(); if (isset($_data['extended_sender_acl'])) { - if (!isset($_SESSION['acl']['extend_sender_acl']) || $_SESSION['acl']['extend_sender_acl'] != "1" ) { + if (!$_extra['hasAccess'] && (!isset($_SESSION['acl']['extend_sender_acl']) || $_SESSION['acl']['extend_sender_acl'] != "1")) { $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), @@ -3493,7 +3494,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { } $attribute_hash = sha1(json_encode($mbox_template_data["attributes"])); - $is_now = mailbox('get', 'mailbox_details', $_data['username']); + $is_now = mailbox('get', 'mailbox_details', $_data['username'], array('hasAccess' => $_data['hasAccess'])); $name = ltrim(rtrim($_data['name'], '>'), '<'); if ($is_now['attributes']['attribute_hash'] == $attribute_hash && $is_now['name'] == $name) return true; @@ -3529,19 +3530,20 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { } $mailbox_attributes['quota'] = intval($mailbox_attributes['quota'] / 1048576); - $result = mailbox('edit', 'mailbox', $mailbox_attributes); + $result = mailbox('edit', 'mailbox', $mailbox_attributes, array('hasAccess' => $_data['hasAccess'])); if ($result === false) return $result; - $result = mailbox('edit', 'tls_policy', $tls_attributes); + $result = mailbox('edit', 'tls_policy', $tls_attributes, array('hasAccess' => $_data['hasAccess'])); if ($result === false) return $result; - $result = mailbox('edit', 'quarantine_notification', $quarantine_attributes); + $result = mailbox('edit', 'quarantine_notification', $quarantine_attributes, array('hasAccess' => $_data['hasAccess'])); if ($result === false) return $result; - $result = mailbox('edit', 'quarantine_category', $quarantine_attributes); + $result = mailbox('edit', 'quarantine_category', $quarantine_attributes, array('hasAccess' => $_data['hasAccess'])); if ($result === false) return $result; - $result = ratelimit('edit', 'mailbox', $ratelimit_attributes); + $result = ratelimit('edit', 'mailbox', $ratelimit_attributes, array('hasAccess' => $_data['hasAccess'])); if ($result === false) return $result; - $result = acl('edit', 'user', $acl_attributes); + $result = acl('edit', 'user', $acl_attributes, array('hasAccess' => $_data['hasAccess'])); if ($result === false) return $result; + $_SESSION['return'] = array(); return true; break; case 'mailbox_templates': @@ -4077,7 +4079,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { case 'tls_policy': $attrs = array(); if (isset($_data) && filter_var($_data, FILTER_VALIDATE_EMAIL)) { - if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $_data)) { + if (!$_extra['hasAccess'] && !hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $_data)) { return false; } } @@ -4096,7 +4098,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { case 'quarantine_notification': $attrs = array(); if (isset($_data) && filter_var($_data, FILTER_VALIDATE_EMAIL)) { - if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $_data)) { + if (!$_extra['hasAccess'] && !hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $_data)) { return false; } } @@ -4112,7 +4114,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { case 'quarantine_category': $attrs = array(); if (isset($_data) && filter_var($_data, FILTER_VALIDATE_EMAIL)) { - if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $_data)) { + if (!$_extra['hasAccess'] && (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $_data))) { return false; } } @@ -4793,7 +4795,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { } break; case 'mailbox_details': - if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $_data)) { + if (!$_extra['hasAccess'] && !hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $_data)) { return false; } $mailboxdata = array(); @@ -4891,7 +4893,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { else if ($SaslLogs['service'] == 'pop3') { $last_pop3_login = strtotime($SaslLogs['datetime']); } - else if ($SaslLogs['service'] == 'SSO') { + else if ($SaslLogs['service'] == 'SSO') { $last_sso_login = strtotime($SaslLogs['datetime']); } } @@ -4904,7 +4906,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { if (!isset($last_pop3_login) || $GLOBALS['SHOW_LAST_LOGIN'] === false) { $last_pop3_login = 0; } - if (!isset($last_sso_login) || $GLOBALS['SHOW_LAST_LOGIN'] === false) { + if (!isset($last_sso_login) || $GLOBALS['SHOW_LAST_LOGIN'] === false) { $last_sso_login = 0; } $mailboxdata['last_imap_login'] = $last_imap_login; @@ -4956,7 +4958,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) { return $mailboxdata; break; case 'mailbox_templates': - if ($_SESSION['mailcow_cc_role'] != "admin" && $_SESSION['mailcow_cc_role'] != "domainadmin" && !$_extra['iam_create_login']) { + if ($_SESSION['mailcow_cc_role'] != "admin" && $_SESSION['mailcow_cc_role'] != "domainadmin" && !$_extra['hasAccess']) { return false; } $_data = (isset($_data)) ? intval($_data) : null; diff --git a/data/web/inc/functions.ratelimit.inc.php b/data/web/inc/functions.ratelimit.inc.php index bc05cd362..c59accb54 100644 --- a/data/web/inc/functions.ratelimit.inc.php +++ b/data/web/inc/functions.ratelimit.inc.php @@ -4,7 +4,7 @@ function ratelimit($_action, $_scope, $_data = null, $_extra = null) { $_data_log = $_data; switch ($_action) { case 'edit': - if ((!isset($_SESSION['acl']['ratelimit']) || $_SESSION['acl']['ratelimit'] != "1") && !$_extra['iam_create_login']) { + if ((!isset($_SESSION['acl']['ratelimit']) || $_SESSION['acl']['ratelimit'] != "1") && !$_extra['hasAccess']) { $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr), @@ -93,7 +93,7 @@ function ratelimit($_action, $_scope, $_data = null, $_extra = null) { continue; } if ((!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $object) - || ($_SESSION['mailcow_cc_role'] != 'admin' && $_SESSION['mailcow_cc_role'] != 'domainadmin')) && !$_extra['iam_create_login']) { + || ($_SESSION['mailcow_cc_role'] != 'admin' && $_SESSION['mailcow_cc_role'] != 'domainadmin')) && !$_extra['hasAccess']) { $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__, $_action, $_scope, $_data_log),