mirror of
https://github.com/mailcow/mailcow-dockerized.git
synced 2024-12-12 10:45:14 +02:00
Some slight changes in permission checks for future updates
This commit is contained in:
parent
2aace3d5cc
commit
8e07d29f0a
@ -8,11 +8,12 @@ function hasDomainAccess($username, $role, $domain) {
|
|||||||
if (!filter_var($username, FILTER_VALIDATE_EMAIL) && !ctype_alnum(str_replace(array('_', '.', '-'), '', $username))) {
|
if (!filter_var($username, FILTER_VALIDATE_EMAIL) && !ctype_alnum(str_replace(array('_', '.', '-'), '', $username))) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!is_valid_domain_name($domain)) {
|
if (!is_valid_domain_name($domain)) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
if ($role != 'admin' && $role != 'domainadmin' && $role != 'user') {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
try {
|
try {
|
||||||
$stmt = $pdo->prepare("SELECT `domain` FROM `domain_admins`
|
$stmt = $pdo->prepare("SELECT `domain` FROM `domain_admins`
|
||||||
WHERE (
|
WHERE (
|
||||||
@ -2192,6 +2193,9 @@ function delete_domain_admin($postarray) {
|
|||||||
function get_spam_score($username) {
|
function get_spam_score($username) {
|
||||||
global $pdo;
|
global $pdo;
|
||||||
$default = "5, 15";
|
$default = "5, 15";
|
||||||
|
if ($_SESSION['mailcow_cc_role'] != "user") {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
if (!filter_var($username, FILTER_VALIDATE_EMAIL)) {
|
if (!filter_var($username, FILTER_VALIDATE_EMAIL)) {
|
||||||
return $default;
|
return $default;
|
||||||
}
|
}
|
||||||
@ -2235,6 +2239,13 @@ function get_spam_score($username) {
|
|||||||
function set_spam_score($postarray) {
|
function set_spam_score($postarray) {
|
||||||
global $lang;
|
global $lang;
|
||||||
global $pdo;
|
global $pdo;
|
||||||
|
if ($_SESSION['mailcow_cc_role'] != "user") {
|
||||||
|
$_SESSION['return'] = array(
|
||||||
|
'type' => 'danger',
|
||||||
|
'msg' => sprintf($lang['danger']['access_denied'])
|
||||||
|
);
|
||||||
|
return false;
|
||||||
|
}
|
||||||
$username = $_SESSION['mailcow_cc_username'];
|
$username = $_SESSION['mailcow_cc_username'];
|
||||||
$lowspamlevel = explode(',', $postarray['score'])[0];
|
$lowspamlevel = explode(',', $postarray['score'])[0];
|
||||||
$highspamlevel = explode(',', $postarray['score'])[1];
|
$highspamlevel = explode(',', $postarray['score'])[1];
|
||||||
@ -2288,7 +2299,15 @@ function set_spam_score($postarray) {
|
|||||||
function set_policy_list($postarray) {
|
function set_policy_list($postarray) {
|
||||||
global $lang;
|
global $lang;
|
||||||
global $pdo;
|
global $pdo;
|
||||||
|
if ($_SESSION['mailcow_cc_role'] != "admin" &&
|
||||||
|
$_SESSION['mailcow_cc_role'] != "domainadmin" &&
|
||||||
|
$_SESSION['mailcow_cc_role'] != "user") {
|
||||||
|
$_SESSION['return'] = array(
|
||||||
|
'type' => 'danger',
|
||||||
|
'msg' => sprintf($lang['danger']['access_denied'])
|
||||||
|
);
|
||||||
|
return false;
|
||||||
|
}
|
||||||
(isset($postarray['domain'])) ? $object = $postarray['domain'] : $object = $_SESSION['mailcow_cc_username'];
|
(isset($postarray['domain'])) ? $object = $postarray['domain'] : $object = $_SESSION['mailcow_cc_username'];
|
||||||
($postarray['object_list'] == "bl") ? $object_list = "blacklist_from" : $object_list = "whitelist_from";
|
($postarray['object_list'] == "bl") ? $object_list = "blacklist_from" : $object_list = "whitelist_from";
|
||||||
$object_from = preg_replace('/\.+/', '.', rtrim(preg_replace("/\.\*/", "*", trim(strtolower($postarray['object_from']))), '.'));
|
$object_from = preg_replace('/\.+/', '.', rtrim(preg_replace("/\.\*/", "*", trim(strtolower($postarray['object_from']))), '.'));
|
||||||
@ -2389,6 +2408,13 @@ function set_policy_list($postarray) {
|
|||||||
function set_tls_policy($postarray) {
|
function set_tls_policy($postarray) {
|
||||||
global $lang;
|
global $lang;
|
||||||
global $pdo;
|
global $pdo;
|
||||||
|
if ($_SESSION['mailcow_cc_role'] != "user") {
|
||||||
|
$_SESSION['return'] = array(
|
||||||
|
'type' => 'danger',
|
||||||
|
'msg' => sprintf($lang['danger']['access_denied'])
|
||||||
|
);
|
||||||
|
return false;
|
||||||
|
}
|
||||||
isset($postarray['tls_in']) ? $tls_in = '1' : $tls_in = '0';
|
isset($postarray['tls_in']) ? $tls_in = '1' : $tls_in = '0';
|
||||||
isset($postarray['tls_out']) ? $tls_out = '1' : $tls_out = '0';
|
isset($postarray['tls_out']) ? $tls_out = '1' : $tls_out = '0';
|
||||||
$username = $_SESSION['mailcow_cc_username'];
|
$username = $_SESSION['mailcow_cc_username'];
|
||||||
@ -2422,6 +2448,9 @@ function set_tls_policy($postarray) {
|
|||||||
function get_tls_policy($username) {
|
function get_tls_policy($username) {
|
||||||
global $lang;
|
global $lang;
|
||||||
global $pdo;
|
global $pdo;
|
||||||
|
if ($_SESSION['mailcow_cc_role'] != "user") {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
if (!filter_var($username, FILTER_VALIDATE_EMAIL)) {
|
if (!filter_var($username, FILTER_VALIDATE_EMAIL)) {
|
||||||
$_SESSION['return'] = array(
|
$_SESSION['return'] = array(
|
||||||
'type' => 'danger',
|
'type' => 'danger',
|
||||||
|
Loading…
Reference in New Issue
Block a user