mirror of
https://github.com/mailcow/mailcow-dockerized.git
synced 2026-03-13 02:01:23 +00:00
Compare commits
1 Commits
weblate-tr
...
feat/acl-s
| Author | SHA1 | Date | |
|---|---|---|---|
|
cb70023241 |
@@ -308,33 +308,13 @@ while true; do
|
||||
done
|
||||
fi
|
||||
|
||||
# Check if MAILCOW_HOSTNAME is covered by a wildcard in ADDITIONAL_SAN
|
||||
MAILCOW_HOSTNAME_COVERED=0
|
||||
if [[ ! -z ${VALIDATED_MAILCOW_HOSTNAME} && ! -z ${ADDITIONAL_SAN} ]]; then
|
||||
# Extract parent domain from MAILCOW_HOSTNAME (e.g., mail.example.com -> example.com)
|
||||
MAILCOW_PARENT_DOMAIN=$(echo ${VALIDATED_MAILCOW_HOSTNAME} | cut -d. -f2-)
|
||||
# Check if ADDITIONAL_SAN contains a wildcard for this parent domain
|
||||
if [[ "${ADDITIONAL_SAN}" == *"*.${MAILCOW_PARENT_DOMAIN}"* ]]; then
|
||||
log_f "MAILCOW_HOSTNAME '${VALIDATED_MAILCOW_HOSTNAME}' is covered by wildcard '*.${MAILCOW_PARENT_DOMAIN}' - skipping explicit hostname"
|
||||
MAILCOW_HOSTNAME_COVERED=1
|
||||
fi
|
||||
fi
|
||||
|
||||
# Unique domains for server certificate
|
||||
if [[ ${ENABLE_SSL_SNI} == "y" ]]; then
|
||||
# create certificate for server name and fqdn SANs only
|
||||
if [[ ${MAILCOW_HOSTNAME_COVERED} == "1" ]]; then
|
||||
SERVER_SAN_VALIDATED=($(echo ${ADDITIONAL_VALIDATED_SAN[*]} | xargs -n1 | sort -u | xargs))
|
||||
else
|
||||
SERVER_SAN_VALIDATED=(${VALIDATED_MAILCOW_HOSTNAME} $(echo ${ADDITIONAL_VALIDATED_SAN[*]} | xargs -n1 | sort -u | xargs))
|
||||
fi
|
||||
SERVER_SAN_VALIDATED=(${VALIDATED_MAILCOW_HOSTNAME} $(echo ${ADDITIONAL_VALIDATED_SAN[*]} | xargs -n1 | sort -u | xargs))
|
||||
else
|
||||
# create certificate for all domains, including all subdomains from other domains [*]
|
||||
if [[ ${MAILCOW_HOSTNAME_COVERED} == "1" ]]; then
|
||||
SERVER_SAN_VALIDATED=($(echo ${VALIDATED_CONFIG_DOMAINS[*]} ${ADDITIONAL_VALIDATED_SAN[*]} | xargs -n1 | sort -u | xargs))
|
||||
else
|
||||
SERVER_SAN_VALIDATED=(${VALIDATED_MAILCOW_HOSTNAME} $(echo ${VALIDATED_CONFIG_DOMAINS[*]} ${ADDITIONAL_VALIDATED_SAN[*]} | xargs -n1 | sort -u | xargs))
|
||||
fi
|
||||
SERVER_SAN_VALIDATED=(${VALIDATED_MAILCOW_HOSTNAME} $(echo ${VALIDATED_CONFIG_DOMAINS[*]} ${ADDITIONAL_VALIDATED_SAN[*]} | xargs -n1 | sort -u | xargs))
|
||||
fi
|
||||
if [[ ! -z ${SERVER_SAN_VALIDATED[*]} ]]; then
|
||||
CERT_NAME=${SERVER_SAN_VALIDATED[0]}
|
||||
|
||||
@@ -66,7 +66,7 @@ $_SESSION['acl']['tls_policy'] = "1";
|
||||
$_SESSION['acl']['quarantine_notification'] = "1";
|
||||
$_SESSION['acl']['quarantine_category'] = "1";
|
||||
$_SESSION['acl']['ratelimit'] = "1";
|
||||
$_SESSION['acl']['sogo_access'] = "1";
|
||||
$_SESSION['acl']['sogo_redirection'] = "1";
|
||||
$_SESSION['acl']['protocol_access'] = "1";
|
||||
$_SESSION['acl']['mailbox_relayhost'] = "1";
|
||||
$_SESSION['acl']['unlimited_quota'] = "1";
|
||||
|
||||
@@ -66,7 +66,7 @@ $_SESSION['acl']['tls_policy'] = "1";
|
||||
$_SESSION['acl']['quarantine_notification'] = "1";
|
||||
$_SESSION['acl']['quarantine_category'] = "1";
|
||||
$_SESSION['acl']['ratelimit'] = "1";
|
||||
$_SESSION['acl']['sogo_access'] = "1";
|
||||
$_SESSION['acl']['sogo_redirection'] = "1";
|
||||
$_SESSION['acl']['protocol_access'] = "1";
|
||||
$_SESSION['acl']['mailbox_relayhost'] = "1";
|
||||
$_SESSION['acl']['unlimited_quota'] = "1";
|
||||
|
||||
@@ -754,7 +754,7 @@ paths:
|
||||
- syncjobs
|
||||
- quarantine
|
||||
- login_as
|
||||
- sogo_access
|
||||
- sogo_redirection
|
||||
- app_passwds
|
||||
- bcc_maps
|
||||
- pushover
|
||||
@@ -807,7 +807,7 @@ paths:
|
||||
- syncjobs
|
||||
- quarantine
|
||||
- login_as
|
||||
- sogo_access
|
||||
- sogo_redirection
|
||||
- app_passwds
|
||||
- bcc_maps
|
||||
- pushover
|
||||
@@ -3423,7 +3423,7 @@ paths:
|
||||
- info@domain2.tld
|
||||
- domain3.tld
|
||||
- "*"
|
||||
sogo_access: "1"
|
||||
sogo_redirection: "1"
|
||||
username:
|
||||
- info@domain.tld
|
||||
tags: ["tag3", "tag4"]
|
||||
@@ -3474,7 +3474,7 @@ paths:
|
||||
- info@domain2.tld
|
||||
- domain3.tld
|
||||
- "*"
|
||||
sogo_access: "1"
|
||||
sogo_redirection: "1"
|
||||
tags: ["tag3", "tag4"]
|
||||
items:
|
||||
- info@domain.tld
|
||||
@@ -3506,7 +3506,7 @@ paths:
|
||||
sender_acl:
|
||||
description: list of allowed send from addresses
|
||||
type: object
|
||||
sogo_access:
|
||||
sogo_redirection:
|
||||
description: is access to SOGo webmail active or not
|
||||
type: boolean
|
||||
type: object
|
||||
@@ -4883,7 +4883,7 @@ paths:
|
||||
force_pw_update: "0"
|
||||
mailbox_format: "maildir:"
|
||||
quarantine_notification: never
|
||||
sogo_access: "1"
|
||||
sogo_redirection: "1"
|
||||
tls_enforce_in: "0"
|
||||
tls_enforce_out: "0"
|
||||
domain: doman3.tld
|
||||
@@ -5807,7 +5807,7 @@ paths:
|
||||
force_pw_update: "0"
|
||||
mailbox_format: "maildir:"
|
||||
quarantine_notification: never
|
||||
sogo_access: "1"
|
||||
sogo_redirection: "1"
|
||||
tls_enforce_in: "0"
|
||||
tls_enforce_out: "0"
|
||||
custom_attributes: {}
|
||||
|
||||
@@ -48,7 +48,12 @@ function acl($_action, $_scope = null, $_data = null, $_extra = null) {
|
||||
);
|
||||
continue;
|
||||
}
|
||||
$sogo_acl_changed = false;
|
||||
foreach ($set_acls as $set_acl_key => $set_acl_val) {
|
||||
// Track if sogo_access ACL changed
|
||||
if ($set_acl_key == 'sogo_access' && $is_now[$set_acl_key] != $set_acl_val) {
|
||||
$sogo_acl_changed = true;
|
||||
}
|
||||
$stmt = $pdo->prepare("UPDATE `user_acl` SET " . $set_acl_key . " = " . intval($set_acl_val) . "
|
||||
WHERE `username` = :username");
|
||||
$stmt->execute(array(
|
||||
@@ -60,6 +65,10 @@ function acl($_action, $_scope = null, $_data = null, $_extra = null) {
|
||||
'log' => array(__FUNCTION__, $_action, $_scope, $_data_log),
|
||||
'msg' => array('acl_saved', $username)
|
||||
);
|
||||
// Update SOGo static view if sogo_access ACL changed
|
||||
if ($sogo_acl_changed) {
|
||||
update_sogo_static_view($username);
|
||||
}
|
||||
}
|
||||
break;
|
||||
case 'domainadmin':
|
||||
|
||||
@@ -287,8 +287,6 @@ function user_login($user, $pass, $extra = null){
|
||||
return false;
|
||||
}
|
||||
|
||||
$row['attributes'] = json_decode($row['attributes'], true);
|
||||
|
||||
// check for tfa authenticators
|
||||
$authenticators = get_tfa($user);
|
||||
if (isset($authenticators['additional']) && is_array($authenticators['additional']) && count($authenticators['additional']) > 0 && !$is_internal) {
|
||||
@@ -345,8 +343,6 @@ function user_login($user, $pass, $extra = null){
|
||||
return false;
|
||||
}
|
||||
|
||||
$row['attributes'] = json_decode($row['attributes'], true);
|
||||
|
||||
// check for tfa authenticators
|
||||
$authenticators = get_tfa($user);
|
||||
if (isset($authenticators['additional']) && is_array($authenticators['additional']) && count($authenticators['additional']) > 0 && !$is_internal) {
|
||||
|
||||
@@ -940,8 +940,12 @@ function update_sogo_static_view($mailbox = null) {
|
||||
|
||||
$mailbox_exists = false;
|
||||
if ($mailbox !== null) {
|
||||
// Check if the mailbox exists
|
||||
$stmt = $pdo->prepare("SELECT username FROM mailbox WHERE username = :mailbox AND active = '1'");
|
||||
// Check if the mailbox exists and should have SOGo access
|
||||
$stmt = $pdo->prepare("SELECT m.username FROM mailbox m
|
||||
LEFT JOIN user_acl u ON m.username = u.username
|
||||
WHERE m.username = :mailbox
|
||||
AND m.active = '1'
|
||||
AND (u.sogo_access IS NULL OR u.sogo_access = 1)");
|
||||
$stmt->execute(array(':mailbox' => $mailbox));
|
||||
$row = $stmt->fetch(PDO::FETCH_ASSOC);
|
||||
if ($row){
|
||||
@@ -976,8 +980,10 @@ function update_sogo_static_view($mailbox = null) {
|
||||
LEFT OUTER JOIN grouped_mail_aliases ga ON ga.username REGEXP CONCAT('(^|,)', mailbox.username, '($|,)')
|
||||
LEFT OUTER JOIN grouped_domain_alias_address gda ON gda.username = mailbox.username
|
||||
LEFT OUTER JOIN grouped_sender_acl_external external_acl ON external_acl.username = mailbox.username
|
||||
LEFT OUTER JOIN user_acl ON user_acl.username = mailbox.username
|
||||
WHERE
|
||||
mailbox.active = '1'
|
||||
AND (user_acl.sogo_access IS NULL OR user_acl.sogo_access = 1)
|
||||
$subquery
|
||||
ON DUPLICATE KEY UPDATE
|
||||
`domain` = VALUES(`domain`),
|
||||
@@ -1005,7 +1011,27 @@ function update_sogo_static_view($mailbox = null) {
|
||||
));
|
||||
}
|
||||
|
||||
$stmt = $pdo->query("DELETE FROM _sogo_static_view WHERE `c_uid` NOT IN (SELECT `username` FROM `mailbox` WHERE `active` = '1');");
|
||||
if ($mailbox_exists) {
|
||||
// For single mailbox update, only delete this specific user
|
||||
$stmt = $pdo->prepare("DELETE FROM _sogo_static_view
|
||||
WHERE `c_uid` = :mailbox
|
||||
AND `c_uid` NOT IN (
|
||||
SELECT m.`username` FROM `mailbox` m
|
||||
LEFT JOIN `user_acl` u ON m.`username` = u.`username`
|
||||
WHERE m.`active` = '1'
|
||||
AND m.`username` = :mailbox2
|
||||
AND (u.`sogo_access` IS NULL OR u.`sogo_access` = 1)
|
||||
)");
|
||||
$stmt->execute(array(':mailbox' => $mailbox, ':mailbox2' => $mailbox));
|
||||
} else {
|
||||
// Full cleanup for all users
|
||||
$stmt = $pdo->query("DELETE FROM _sogo_static_view WHERE `c_uid` NOT IN (
|
||||
SELECT m.`username` FROM `mailbox` m
|
||||
LEFT JOIN `user_acl` u ON m.`username` = u.`username`
|
||||
WHERE m.`active` = '1'
|
||||
AND (u.`sogo_access` IS NULL OR u.`sogo_access` = 1)
|
||||
);");
|
||||
}
|
||||
|
||||
flush_memcached();
|
||||
}
|
||||
@@ -3490,9 +3516,14 @@ function set_user_loggedin_session($user) {
|
||||
session_regenerate_id(true);
|
||||
$_SESSION['mailcow_cc_username'] = $user;
|
||||
$_SESSION['mailcow_cc_role'] = 'user';
|
||||
$sogo_sso_pass = file_get_contents("/etc/sogo-sso/sogo-sso.pass");
|
||||
$_SESSION['sogo-sso-user-allowed'][] = $user;
|
||||
$_SESSION['sogo-sso-pass'] = $sogo_sso_pass;
|
||||
|
||||
acl('to_session');
|
||||
if (hasACLAccess("sogo_access")) {
|
||||
$sogo_sso_pass = file_get_contents("/etc/sogo-sso/sogo-sso.pass");
|
||||
$_SESSION['sogo-sso-user-allowed'][] = $user;
|
||||
$_SESSION['sogo-sso-pass'] = $sogo_sso_pass;
|
||||
}
|
||||
|
||||
unset($_SESSION['pending_mailcow_cc_username']);
|
||||
unset($_SESSION['pending_mailcow_cc_role']);
|
||||
unset($_SESSION['pending_tfa_methods']);
|
||||
|
||||
@@ -1101,7 +1101,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
|
||||
$force_tfa = (isset($_data['force_tfa'])) ? intval($_data['force_tfa']) : intval($MAILBOX_DEFAULT_ATTRIBUTES['force_tfa']);
|
||||
$tls_enforce_in = (isset($_data['tls_enforce_in'])) ? intval($_data['tls_enforce_in']) : intval($MAILBOX_DEFAULT_ATTRIBUTES['tls_enforce_in']);
|
||||
$tls_enforce_out = (isset($_data['tls_enforce_out'])) ? intval($_data['tls_enforce_out']) : intval($MAILBOX_DEFAULT_ATTRIBUTES['tls_enforce_out']);
|
||||
$sogo_access = (isset($_data['sogo_access'])) ? intval($_data['sogo_access']) : intval($MAILBOX_DEFAULT_ATTRIBUTES['sogo_access']);
|
||||
$sogo_redirection = (isset($_data['sogo_redirection'])) ? intval($_data['sogo_redirection']) : intval($MAILBOX_DEFAULT_ATTRIBUTES['sogo_redirection']);
|
||||
$imap_access = (isset($_data['imap_access'])) ? intval($_data['imap_access']) : intval($MAILBOX_DEFAULT_ATTRIBUTES['imap_access']);
|
||||
$pop3_access = (isset($_data['pop3_access'])) ? intval($_data['pop3_access']) : intval($MAILBOX_DEFAULT_ATTRIBUTES['pop3_access']);
|
||||
$smtp_access = (isset($_data['smtp_access'])) ? intval($_data['smtp_access']) : intval($MAILBOX_DEFAULT_ATTRIBUTES['smtp_access']);
|
||||
@@ -1123,7 +1123,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
|
||||
'force_tfa' => strval($force_tfa),
|
||||
'tls_enforce_in' => strval($tls_enforce_in),
|
||||
'tls_enforce_out' => strval($tls_enforce_out),
|
||||
'sogo_access' => strval($sogo_access),
|
||||
'sogo_redirection' => strval($sogo_redirection),
|
||||
'imap_access' => strval($imap_access),
|
||||
'pop3_access' => strval($pop3_access),
|
||||
'smtp_access' => strval($smtp_access),
|
||||
@@ -1314,6 +1314,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
|
||||
$_data['syncjobs'] = (in_array('syncjobs', $_data['acl'])) ? 1 : 0;
|
||||
$_data['eas_reset'] = (in_array('eas_reset', $_data['acl'])) ? 1 : 0;
|
||||
$_data['sogo_profile_reset'] = (in_array('sogo_profile_reset', $_data['acl'])) ? 1 : 0;
|
||||
$_data['sogo_access'] = (in_array('sogo_access', $_data['acl'])) ? 1 : 0;
|
||||
$_data['pushover'] = (in_array('pushover', $_data['acl'])) ? 1 : 0;
|
||||
$_data['quarantine'] = (in_array('quarantine', $_data['acl'])) ? 1 : 0;
|
||||
$_data['quarantine_attachments'] = (in_array('quarantine_attachments', $_data['acl'])) ? 1 : 0;
|
||||
@@ -1330,6 +1331,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
|
||||
$_data['syncjobs'] = intval($MAILBOX_DEFAULT_ATTRIBUTES['acl_syncjobs']);
|
||||
$_data['eas_reset'] = intval($MAILBOX_DEFAULT_ATTRIBUTES['acl_eas_reset']);
|
||||
$_data['sogo_profile_reset'] = intval($MAILBOX_DEFAULT_ATTRIBUTES['acl_sogo_profile_reset']);
|
||||
$_data['sogo_access'] = intval($MAILBOX_DEFAULT_ATTRIBUTES['acl_sogo_access']);
|
||||
$_data['pushover'] = intval($MAILBOX_DEFAULT_ATTRIBUTES['acl_pushover']);
|
||||
$_data['quarantine'] = intval($MAILBOX_DEFAULT_ATTRIBUTES['acl_quarantine']);
|
||||
$_data['quarantine_attachments'] = intval($MAILBOX_DEFAULT_ATTRIBUTES['acl_quarantine_attachments']);
|
||||
@@ -1341,9 +1343,9 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
|
||||
|
||||
try {
|
||||
$stmt = $pdo->prepare("INSERT INTO `user_acl`
|
||||
(`username`, `spam_alias`, `tls_policy`, `spam_score`, `spam_policy`, `delimiter_action`, `syncjobs`, `eas_reset`, `sogo_profile_reset`,
|
||||
(`username`, `spam_alias`, `tls_policy`, `spam_score`, `spam_policy`, `delimiter_action`, `syncjobs`, `eas_reset`, `sogo_profile_reset`, `sogo_access`,
|
||||
`pushover`, `quarantine`, `quarantine_attachments`, `quarantine_notification`, `quarantine_category`, `app_passwds`, `pw_reset`)
|
||||
VALUES (:username, :spam_alias, :tls_policy, :spam_score, :spam_policy, :delimiter_action, :syncjobs, :eas_reset, :sogo_profile_reset,
|
||||
VALUES (:username, :spam_alias, :tls_policy, :spam_score, :spam_policy, :delimiter_action, :syncjobs, :eas_reset, :sogo_profile_reset, :sogo_access,
|
||||
:pushover, :quarantine, :quarantine_attachments, :quarantine_notification, :quarantine_category, :app_passwds, :pw_reset) ");
|
||||
$stmt->execute(array(
|
||||
':username' => $username,
|
||||
@@ -1355,6 +1357,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
|
||||
':syncjobs' => $_data['syncjobs'],
|
||||
':eas_reset' => $_data['eas_reset'],
|
||||
':sogo_profile_reset' => $_data['sogo_profile_reset'],
|
||||
':sogo_access' => $_data['sogo_access'],
|
||||
':pushover' => $_data['pushover'],
|
||||
':quarantine' => $_data['quarantine'],
|
||||
':quarantine_attachments' => $_data['quarantine_attachments'],
|
||||
@@ -1735,7 +1738,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
|
||||
$attr["rl_value"] = (!empty($_data['rl_value'])) ? $_data['rl_value'] : "";
|
||||
$attr["force_pw_update"] = isset($_data['force_pw_update']) ? intval($_data['force_pw_update']) : intval($MAILBOX_DEFAULT_ATTRIBUTES['force_pw_update']);
|
||||
$attr["force_tfa"] = isset($_data['force_tfa']) ? intval($_data['force_tfa']) : intval($MAILBOX_DEFAULT_ATTRIBUTES['force_tfa']);
|
||||
$attr["sogo_access"] = isset($_data['sogo_access']) ? intval($_data['sogo_access']) : intval($MAILBOX_DEFAULT_ATTRIBUTES['sogo_access']);
|
||||
$attr["sogo_redirection"] = isset($_data['sogo_redirection']) ? intval($_data['sogo_redirection']) : intval($MAILBOX_DEFAULT_ATTRIBUTES['sogo_redirection']);
|
||||
$attr["active"] = isset($_data['active']) ? intval($_data['active']) : 1;
|
||||
$attr["tls_enforce_in"] = isset($_data['tls_enforce_in']) ? intval($_data['tls_enforce_in']) : intval($MAILBOX_DEFAULT_ATTRIBUTES['tls_enforce_in']);
|
||||
$attr["tls_enforce_out"] = isset($_data['tls_enforce_out']) ? intval($_data['tls_enforce_out']) : intval($MAILBOX_DEFAULT_ATTRIBUTES['tls_enforce_out']);
|
||||
@@ -1766,6 +1769,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
|
||||
$attr['acl_syncjobs'] = (in_array('syncjobs', $_data['acl'])) ? 1 : 0;
|
||||
$attr['acl_eas_reset'] = (in_array('eas_reset', $_data['acl'])) ? 1 : 0;
|
||||
$attr['acl_sogo_profile_reset'] = (in_array('sogo_profile_reset', $_data['acl'])) ? 1 : 0;
|
||||
$attr['acl_sogo_access'] = (in_array('sogo_access', $_data['acl'])) ? 1 : 0;
|
||||
$attr['acl_pushover'] = (in_array('pushover', $_data['acl'])) ? 1 : 0;
|
||||
$attr['acl_quarantine'] = (in_array('quarantine', $_data['acl'])) ? 1 : 0;
|
||||
$attr['acl_quarantine_attachments'] = (in_array('quarantine_attachments', $_data['acl'])) ? 1 : 0;
|
||||
@@ -1783,6 +1787,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
|
||||
$attr['acl_syncjobs'] = 0;
|
||||
$attr['acl_eas_reset'] = 0;
|
||||
$attr['acl_sogo_profile_reset'] = 0;
|
||||
$attr['acl_sogo_access'] = 0;
|
||||
$attr['acl_pushover'] = 0;
|
||||
$attr['acl_quarantine'] = 0;
|
||||
$attr['acl_quarantine_attachments'] = 0;
|
||||
@@ -3103,7 +3108,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
|
||||
$active = (isset($_data['active'])) ? intval($_data['active']) : $is_now['active'];
|
||||
(int)$force_pw_update = (isset($_data['force_pw_update'])) ? intval($_data['force_pw_update']) : intval($is_now['attributes']['force_pw_update']);
|
||||
(int)$force_tfa = (isset($_data['force_tfa'])) ? intval($_data['force_tfa']) : intval($is_now['attributes']['force_tfa']);
|
||||
(int)$sogo_access = (isset($_data['sogo_access']) && hasACLAccess("sogo_access")) ? intval($_data['sogo_access']) : intval($is_now['attributes']['sogo_access']);
|
||||
(int)$sogo_redirection = (isset($_data['sogo_redirection'])) ? intval($_data['sogo_redirection']) : intval($is_now['attributes']['sogo_redirection']);
|
||||
(int)$imap_access = (isset($_data['imap_access']) && hasACLAccess("protocol_access")) ? intval($_data['imap_access']) : intval($is_now['attributes']['imap_access']);
|
||||
(int)$pop3_access = (isset($_data['pop3_access']) && hasACLAccess("protocol_access")) ? intval($_data['pop3_access']) : intval($is_now['attributes']['pop3_access']);
|
||||
(int)$smtp_access = (isset($_data['smtp_access']) && hasACLAccess("protocol_access")) ? intval($_data['smtp_access']) : intval($is_now['attributes']['smtp_access']);
|
||||
@@ -3399,7 +3404,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
|
||||
`authsource` = :authsource,
|
||||
`attributes` = JSON_SET(`attributes`, '$.force_pw_update', :force_pw_update),
|
||||
`attributes` = JSON_SET(`attributes`, '$.force_tfa', :force_tfa),
|
||||
`attributes` = JSON_SET(`attributes`, '$.sogo_access', :sogo_access),
|
||||
`attributes` = JSON_SET(`attributes`, '$.sogo_redirection', :sogo_redirection),
|
||||
`attributes` = JSON_SET(`attributes`, '$.imap_access', :imap_access),
|
||||
`attributes` = JSON_SET(`attributes`, '$.sieve_access', :sieve_access),
|
||||
`attributes` = JSON_SET(`attributes`, '$.pop3_access', :pop3_access),
|
||||
@@ -3417,7 +3422,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
|
||||
':attribute_hash' => $attribute_hash,
|
||||
':force_pw_update' => $force_pw_update,
|
||||
':force_tfa' => $force_tfa,
|
||||
':sogo_access' => $sogo_access,
|
||||
':sogo_redirection' => $sogo_redirection,
|
||||
':imap_access' => $imap_access,
|
||||
':pop3_access' => $pop3_access,
|
||||
':sieve_access' => $sieve_access,
|
||||
@@ -3789,7 +3794,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
|
||||
$attr["rl_frame"] = (!empty($_data['rl_frame'])) ? $_data['rl_frame'] : $is_now['rl_frame'];
|
||||
$attr["rl_value"] = (!empty($_data['rl_value'])) ? $_data['rl_value'] : $is_now['rl_value'];
|
||||
$attr["force_pw_update"] = isset($_data['force_pw_update']) ? intval($_data['force_pw_update']) : $is_now['force_pw_update'];
|
||||
$attr["sogo_access"] = isset($_data['sogo_access']) ? intval($_data['sogo_access']) : $is_now['sogo_access'];
|
||||
$attr["sogo_redirection"] = isset($_data['sogo_redirection']) ? intval($_data['sogo_redirection']) : $is_now['sogo_redirection'];
|
||||
$attr["active"] = isset($_data['active']) ? intval($_data['active']) : $is_now['active'];
|
||||
$attr["tls_enforce_in"] = isset($_data['tls_enforce_in']) ? intval($_data['tls_enforce_in']) : $is_now['tls_enforce_in'];
|
||||
$attr["tls_enforce_out"] = isset($_data['tls_enforce_out']) ? intval($_data['tls_enforce_out']) : $is_now['tls_enforce_out'];
|
||||
@@ -3817,6 +3822,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
|
||||
$attr['acl_syncjobs'] = (in_array('syncjobs', $_data['acl'])) ? 1 : 0;
|
||||
$attr['acl_eas_reset'] = (in_array('eas_reset', $_data['acl'])) ? 1 : 0;
|
||||
$attr['acl_sogo_profile_reset'] = (in_array('sogo_profile_reset', $_data['acl'])) ? 1 : 0;
|
||||
$attr['acl_sogo_access'] = (in_array('sogo_access', $_data['acl'])) ? 1 : 0;
|
||||
$attr['acl_pushover'] = (in_array('pushover', $_data['acl'])) ? 1 : 0;
|
||||
$attr['acl_quarantine'] = (in_array('quarantine', $_data['acl'])) ? 1 : 0;
|
||||
$attr['acl_quarantine_attachments'] = (in_array('quarantine_attachments', $_data['acl'])) ? 1 : 0;
|
||||
|
||||
@@ -4,7 +4,7 @@ function init_db_schema()
|
||||
try {
|
||||
global $pdo;
|
||||
|
||||
$db_version = "19022026_1220";
|
||||
$db_version = "12032026_1300";
|
||||
|
||||
$stmt = $pdo->query("SHOW TABLES LIKE 'versions'");
|
||||
$num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
|
||||
@@ -506,6 +506,7 @@ function init_db_schema()
|
||||
"syncjobs" => "TINYINT(1) NOT NULL DEFAULT '0'",
|
||||
"eas_reset" => "TINYINT(1) NOT NULL DEFAULT '1'",
|
||||
"sogo_profile_reset" => "TINYINT(1) NOT NULL DEFAULT '0'",
|
||||
"sogo_access" => "TINYINT(1) NOT NULL DEFAULT '1'",
|
||||
"pushover" => "TINYINT(1) NOT NULL DEFAULT '1'",
|
||||
// quarantine is for quarantine actions, todo: rename
|
||||
"quarantine" => "TINYINT(1) NOT NULL DEFAULT '1'",
|
||||
@@ -705,7 +706,7 @@ function init_db_schema()
|
||||
"syncjobs" => "TINYINT(1) NOT NULL DEFAULT '1'",
|
||||
"quarantine" => "TINYINT(1) NOT NULL DEFAULT '1'",
|
||||
"login_as" => "TINYINT(1) NOT NULL DEFAULT '1'",
|
||||
"sogo_access" => "TINYINT(1) NOT NULL DEFAULT '1'",
|
||||
"sogo_redirection" => "TINYINT(1) NOT NULL DEFAULT '1'",
|
||||
"app_passwds" => "TINYINT(1) NOT NULL DEFAULT '1'",
|
||||
"bcc_maps" => "TINYINT(1) NOT NULL DEFAULT '1'",
|
||||
"pushover" => "TINYINT(1) NOT NULL DEFAULT '0'",
|
||||
@@ -1397,7 +1398,10 @@ function init_db_schema()
|
||||
$pdo->query("UPDATE `admin` SET `attributes` = JSON_SET(`attributes`, '$.force_tfa', \"0\") WHERE JSON_VALUE(`attributes`, '$.force_tfa') IS NULL;");
|
||||
$pdo->query("UPDATE `admin` SET `attributes` = JSON_SET(`attributes`, '$.force_pw_update', \"0\") WHERE JSON_VALUE(`attributes`, '$.force_pw_update') IS NULL;");
|
||||
$pdo->query("UPDATE `mailbox` SET `attributes` = JSON_SET(`attributes`, '$.sieve_access', \"1\") WHERE JSON_VALUE(`attributes`, '$.sieve_access') IS NULL;");
|
||||
$pdo->query("UPDATE `mailbox` SET `attributes` = JSON_SET(`attributes`, '$.sogo_access', \"1\") WHERE JSON_VALUE(`attributes`, '$.sogo_access') IS NULL;");
|
||||
// Migrate sogo_access attribute to sogo_redirection
|
||||
$pdo->query("UPDATE `mailbox` SET `attributes` = JSON_SET(`attributes`, '$.sogo_redirection', JSON_VALUE(`attributes`, '$.sogo_access')) WHERE JSON_VALUE(`attributes`, '$.sogo_access') IS NOT NULL;");
|
||||
$pdo->query("UPDATE `mailbox` SET `attributes` = JSON_REMOVE(`attributes`, '$.sogo_access') WHERE JSON_VALUE(`attributes`, '$.sogo_access') IS NOT NULL;");
|
||||
$pdo->query("UPDATE `mailbox` SET `attributes` = JSON_SET(`attributes`, '$.sogo_redirection', \"1\") WHERE JSON_VALUE(`attributes`, '$.sogo_redirection') IS NULL;");
|
||||
$pdo->query("UPDATE `mailbox` SET `attributes` = JSON_SET(`attributes`, '$.imap_access', \"1\") WHERE JSON_VALUE(`attributes`, '$.imap_access') IS NULL;");
|
||||
$pdo->query("UPDATE `mailbox` SET `attributes` = JSON_SET(`attributes`, '$.pop3_access', \"1\") WHERE JSON_VALUE(`attributes`, '$.pop3_access') IS NULL;");
|
||||
$pdo->query("UPDATE `mailbox` SET `attributes` = JSON_SET(`attributes`, '$.smtp_access', \"1\") WHERE JSON_VALUE(`attributes`, '$.smtp_access') IS NULL;");
|
||||
@@ -1421,6 +1425,10 @@ function init_db_schema()
|
||||
// Fix domain_admins
|
||||
$pdo->query("DELETE FROM `domain_admins` WHERE `domain` = 'ALL';");
|
||||
|
||||
// Migrate template sogo_access to sogo_redirection
|
||||
$pdo->query("UPDATE `templates` SET `attributes` = JSON_SET(`attributes`, '$.sogo_redirection', JSON_VALUE(`attributes`, '$.sogo_access')) WHERE `type` = 'mailbox' AND JSON_VALUE(`attributes`, '$.sogo_access') IS NOT NULL;");
|
||||
$pdo->query("UPDATE `templates` SET `attributes` = JSON_REMOVE(`attributes`, '$.sogo_access') WHERE `type` = 'mailbox' AND JSON_VALUE(`attributes`, '$.sogo_access') IS NOT NULL;");
|
||||
|
||||
// add default templates
|
||||
$default_domain_template = array(
|
||||
"template" => "Default",
|
||||
@@ -1456,7 +1464,7 @@ function init_db_schema()
|
||||
"rl_value" => "",
|
||||
"force_pw_update" => intval($GLOBALS['MAILBOX_DEFAULT_ATTRIBUTES']['force_pw_update']),
|
||||
"force_tfa" => intval($GLOBALS['MAILBOX_DEFAULT_ATTRIBUTES']['force_tfa']),
|
||||
"sogo_access" => intval($GLOBALS['MAILBOX_DEFAULT_ATTRIBUTES']['sogo_access']),
|
||||
"sogo_redirection" => intval($GLOBALS['MAILBOX_DEFAULT_ATTRIBUTES']['sogo_redirection']),
|
||||
"active" => 1,
|
||||
"tls_enforce_in" => intval($GLOBALS['MAILBOX_DEFAULT_ATTRIBUTES']['tls_enforce_in']),
|
||||
"tls_enforce_out" => intval($GLOBALS['MAILBOX_DEFAULT_ATTRIBUTES']['tls_enforce_out']),
|
||||
@@ -1472,6 +1480,7 @@ function init_db_schema()
|
||||
"acl_syncjobs" => 0,
|
||||
"acl_eas_reset" => 1,
|
||||
"acl_sogo_profile_reset" => 0,
|
||||
"acl_sogo_access" => 1,
|
||||
"acl_pushover" => 1,
|
||||
"acl_quarantine" => 1,
|
||||
"acl_quarantine_attachments" => 1,
|
||||
|
||||
@@ -81,8 +81,9 @@ if (isset($_POST["verify_tfa_login"])) {
|
||||
header("Location: /");
|
||||
die();
|
||||
}
|
||||
if (intval($user_details['attributes']['sogo_access']) == 1 &&
|
||||
if (intval($user_details['attributes']['sogo_redirection']) == 1 &&
|
||||
intval($user_details['attributes']['force_pw_update']) != 1 &&
|
||||
hasACLAccess('sogo_access') &&
|
||||
getenv('SKIP_SOGO') != "y" &&
|
||||
!$is_dual) {
|
||||
header("Location: /SOGo/so/");
|
||||
@@ -161,8 +162,9 @@ if (isset($_POST["login_user"]) && isset($_POST["pass_user"])) {
|
||||
header("Location: /");
|
||||
die();
|
||||
}
|
||||
if (intval($user_details['attributes']['sogo_access']) == 1 &&
|
||||
if (intval($user_details['attributes']['sogo_redirection']) == 1 &&
|
||||
intval($user_details['attributes']['force_pw_update']) != 1 &&
|
||||
hasACLAccess('sogo_access') &&
|
||||
getenv('SKIP_SOGO') != "y" &&
|
||||
!$is_dual) {
|
||||
header("Location: /SOGo/so/");
|
||||
|
||||
@@ -196,8 +196,8 @@ $MAILBOX_DEFAULT_ATTRIBUTES['force_pw_update'] = false;
|
||||
// Force 2FA enrollment at next login
|
||||
$MAILBOX_DEFAULT_ATTRIBUTES['force_tfa'] = false;
|
||||
|
||||
// Enable SOGo access - Users will be redirected to SOGo after login (set to false to disable redirect by default)
|
||||
$MAILBOX_DEFAULT_ATTRIBUTES['sogo_access'] = true;
|
||||
// Enable SOGo redirection - Users will be redirected to SOGo after login (set to false to disable redirect by default)
|
||||
$MAILBOX_DEFAULT_ATTRIBUTES['sogo_redirection'] = true;
|
||||
|
||||
// How to handle tagged emails
|
||||
// none - No special handling
|
||||
|
||||
@@ -12,7 +12,9 @@ elseif (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == '
|
||||
if (empty($_SESSION['pending_tfa_setup']) && empty($_SESSION['pending_pw_update'])) {
|
||||
$user_details = mailbox("get", "mailbox_details", $_SESSION['mailcow_cc_username']);
|
||||
$is_dual = (!empty($_SESSION["dual-login"]["username"])) ? true : false;
|
||||
if (intval($user_details['attributes']['sogo_access']) == 1 && !$is_dual && getenv('SKIP_SOGO') != "y") {
|
||||
if (intval($user_details['attributes']['sogo_redirection']) == 1 &&
|
||||
hasACLAccess('sogo_access') &&
|
||||
!$is_dual && getenv('SKIP_SOGO') != "y") {
|
||||
header("Location: /SOGo/so/");
|
||||
} else {
|
||||
header("Location: /user");
|
||||
|
||||
@@ -345,7 +345,7 @@ $(document).ready(function() {
|
||||
$('.main-logo-dark').addClass('d-none');
|
||||
if ($('#rspamd_logo').length) $('#rspamd_logo').attr('src', '/img/rspamd_logo_dark.png');
|
||||
if ($('#rspamd_logo_sm').length) $('#rspamd_logo_sm').attr('src', '/img/rspamd_logo_dark.png');
|
||||
localStorage.setItem('mailcow_theme', 'light');
|
||||
localStorage.setItem('theme', 'light');
|
||||
}else{
|
||||
$('head').append('<link id="dark-mode-theme" rel="stylesheet" type="text/css" href="/css/themes/mailcow-darkmode.css">');
|
||||
$('#dark-mode-toggle').prop('checked', true);
|
||||
@@ -353,7 +353,7 @@ $(document).ready(function() {
|
||||
$('.main-logo-dark').removeClass('d-none');
|
||||
if ($('#rspamd_logo').length) $('#rspamd_logo').attr('src', '/img/rspamd_logo_light.png');
|
||||
if ($('#rspamd_logo_sm').length) $('#rspamd_logo_sm').attr('src', '/img/rspamd_logo_light.png');
|
||||
localStorage.setItem('mailcow_theme', 'dark');
|
||||
localStorage.setItem('theme', 'dark');
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -1,6 +1,5 @@
|
||||
$(document).ready(function() {
|
||||
var theme = localStorage.getItem("mailcow_theme");
|
||||
if (theme !== null) {
|
||||
localStorage.setItem("mailcow_theme", theme);
|
||||
}
|
||||
var theme = localStorage.getItem("theme");
|
||||
localStorage.clear();
|
||||
localStorage.setItem("theme", theme);
|
||||
});
|
||||
|
||||
@@ -385,6 +385,9 @@ $(document).ready(function() {
|
||||
if (template.acl_sogo_profile_reset == 1){
|
||||
acl.push("sogo_profile_reset");
|
||||
}
|
||||
if (template.acl_sogo_access == 1){
|
||||
acl.push("sogo_access");
|
||||
}
|
||||
if (template.acl_pushover == 1){
|
||||
acl.push("pushover");
|
||||
}
|
||||
@@ -424,10 +427,10 @@ $(document).ready(function() {
|
||||
} else {
|
||||
$('#force_pw_update').prop('checked', false);
|
||||
}
|
||||
if (template.sogo_access == 1){
|
||||
$('#sogo_access').prop('checked', true);
|
||||
if (template.sogo_redirection == 1){
|
||||
$('#sogo_redirection').prop('checked', true);
|
||||
} else {
|
||||
$('#sogo_access').prop('checked', false);
|
||||
$('#sogo_redirection').prop('checked', false);
|
||||
}
|
||||
|
||||
// load tags
|
||||
@@ -1241,7 +1244,7 @@ jQuery(function($){
|
||||
item.attributes.sieve_access = '<i class="text-' + (item.attributes.sieve_access == 1 ? 'success' : 'danger') + ' bi bi-' + (item.attributes.sieve_access == 1 ? 'check-lg' : 'x-lg') + '"><span class="sorting-value">' + (item.attributes.sieve_access == 1 ? '1' : '0') + '</span></i>';
|
||||
item.attributes.eas_access = '<i class="text-' + (item.attributes.eas_access == 1 ? 'success' : 'danger') + ' bi bi-' + (item.attributes.eas_access == 1 ? 'check-lg' : 'x-lg') + '"><span class="sorting-value">' + (item.attributes.eas_access == 1 ? '1' : '0') + '</span></i>';
|
||||
item.attributes.dav_access = '<i class="text-' + (item.attributes.dav_access == 1 ? 'success' : 'danger') + ' bi bi-' + (item.attributes.dav_access == 1 ? 'check-lg' : 'x-lg') + '"><span class="sorting-value">' + (item.attributes.dav_access == 1 ? '1' : '0') + '</span></i>';
|
||||
item.attributes.sogo_access = '<i class="text-' + (item.attributes.sogo_access == 1 ? 'success' : 'danger') + ' bi bi-' + (item.attributes.sogo_access == 1 ? 'check-lg' : 'x-lg') + '"><span class="sorting-value">' + (item.attributes.sogo_access == 1 ? '1' : '0') + '</span></i>';
|
||||
item.attributes.sogo_redirection = '<i class="text-' + (item.attributes.sogo_redirection == 1 ? 'success' : 'danger') + ' bi bi-' + (item.attributes.sogo_redirection == 1 ? 'check-lg' : 'x-lg') + '"><span class="sorting-value">' + (item.attributes.sogo_redirection == 1 ? '1' : '0') + '</span></i>';
|
||||
if (item.attributes.quarantine_notification === 'never') {
|
||||
item.attributes.quarantine_notification = lang.never;
|
||||
} else if (item.attributes.quarantine_notification === 'hourly') {
|
||||
@@ -1360,8 +1363,8 @@ jQuery(function($){
|
||||
defaultContent: '',
|
||||
},
|
||||
{
|
||||
title: 'SOGO',
|
||||
data: 'attributes.sogo_access',
|
||||
title: 'SOGO redirection',
|
||||
data: 'attributes.sogo_redirection',
|
||||
defaultContent: '',
|
||||
},
|
||||
{
|
||||
|
||||
@@ -22,14 +22,15 @@
|
||||
"ratelimit": "Rate limit",
|
||||
"recipient_maps": "Empfängerumschreibungen",
|
||||
"smtp_ip_access": "Verwalten der erlaubten Hosts für SMTP",
|
||||
"sogo_access": "Verwalten des SOGo-Zugriffsrechts erlauben",
|
||||
"sogo_access": "SOGo-Nutzung erlauben",
|
||||
"sogo_profile_reset": "SOGo-Profil zurücksetzen",
|
||||
"spam_alias": "Temporäre E-Mail-Aliasse",
|
||||
"spam_policy": "Deny/Allowlist",
|
||||
"spam_score": "Spam-Bewertung",
|
||||
"syncjobs": "Sync Jobs",
|
||||
"tls_policy": "Verschlüsselungsrichtlinie",
|
||||
"unlimited_quota": "Unendliche Quota für Mailboxen"
|
||||
"unlimited_quota": "Unendliche Quota für Mailboxen",
|
||||
"sogo_redirection": "Verwalten der SOGo-Weiterleitung erlauben"
|
||||
},
|
||||
"add": {
|
||||
"activate_filter_warn": "Alle anderen Filter dieses Typs werden deaktiviert, falls dieses Script aktiviert wird.",
|
||||
@@ -767,8 +768,6 @@
|
||||
"sieve_desc": "Kurze Beschreibung",
|
||||
"sieve_type": "Filtertyp",
|
||||
"skipcrossduplicates": "Duplikate auch über Ordner hinweg überspringen (\"first come, first serve\")",
|
||||
"sogo_access": "Direktes weiterleiten an SOGo",
|
||||
"sogo_access_info": "Nach dem Einloggen wird der Benutzer automatisch an SOGo weitergeleitet.",
|
||||
"sogo_visible": "Alias in SOGo sichtbar",
|
||||
"sogo_visible_info": "Diese Option hat lediglich Einfluss auf Objekte, die in SOGo darstellbar sind (geteilte oder nicht-geteilte Alias-Adressen mit dem Ziel mindestens einer lokalen Mailbox).",
|
||||
"spam_alias": "Anpassen temporärer Alias-Adressen",
|
||||
@@ -785,7 +784,9 @@
|
||||
"unchanged_if_empty": "Unverändert, wenn leer",
|
||||
"username": "Benutzername",
|
||||
"validate_save": "Validieren und speichern",
|
||||
"pushover_sound": "Ton"
|
||||
"pushover_sound": "Ton",
|
||||
"sogo_redirection": "Direktes weiterleiten an SOGo",
|
||||
"sogo_redirection_info": "Nach dem Einloggen wird der Benutzer automatisch an SOGo weitergeleitet."
|
||||
},
|
||||
"fido2": {
|
||||
"confirm": "Bestätigen",
|
||||
|
||||
@@ -22,14 +22,15 @@
|
||||
"ratelimit": "Rate limit",
|
||||
"recipient_maps": "Recipient maps",
|
||||
"smtp_ip_access": "Change allowed hosts for SMTP",
|
||||
"sogo_access": "Allow management of SOGo access",
|
||||
"sogo_access": "Allow SOGo usage",
|
||||
"sogo_profile_reset": "Reset SOGo profile",
|
||||
"spam_alias": "Temporary aliases",
|
||||
"spam_policy": "Denylist/Allowlist",
|
||||
"spam_score": "Spam score",
|
||||
"syncjobs": "Sync jobs",
|
||||
"tls_policy": "TLS policy",
|
||||
"unlimited_quota": "Unlimited quota for mailboxes"
|
||||
"unlimited_quota": "Unlimited quota for mailboxes",
|
||||
"sogo_redirection": "Allow management of SOGo forwarding"
|
||||
},
|
||||
"add": {
|
||||
"activate_filter_warn": "All other filters will be deactivated, when active is checked.",
|
||||
@@ -768,8 +769,6 @@
|
||||
"sieve_desc": "Short description",
|
||||
"sieve_type": "Filter type",
|
||||
"skipcrossduplicates": "Skip duplicate messages across folders (first come, first serve)",
|
||||
"sogo_access": "Direct forwarding to SOGo",
|
||||
"sogo_access_info": "After logging in, the user is automatically redirected to SOGo.",
|
||||
"sogo_visible": "Alias is visible in SOGo",
|
||||
"sogo_visible_info": "This option only affects objects, that can be displayed in SOGo (shared or non-shared alias addresses pointing to at least one local mailbox). If hidden, an alias will not appear as selectable sender in SOGo.",
|
||||
"spam_alias": "Create or change time limited alias addresses",
|
||||
@@ -785,7 +784,9 @@
|
||||
"title": "Edit object",
|
||||
"unchanged_if_empty": "If unchanged leave blank",
|
||||
"username": "Username",
|
||||
"validate_save": "Validate and save"
|
||||
"validate_save": "Validate and save",
|
||||
"sogo_redirection": "Direct forwarding to SOGo",
|
||||
"sogo_redirection_info": "After logging in, the user is automatically redirected to SOGo."
|
||||
},
|
||||
"fido2": {
|
||||
"confirm": "Confirm",
|
||||
|
||||
@@ -1144,8 +1144,7 @@
|
||||
"subscribeall": "Feliratkozás minden mappára",
|
||||
"syncjob": "Szinkronizálási feladat hozzáadása",
|
||||
"internal": "Belső",
|
||||
"internal_info": "Belső álnevek csak a saját domain vagy domain álnév számára elérhető.",
|
||||
"sender_allowed": "Küldés engedélyezése ezzel az aliasszal"
|
||||
"internal_info": "Belső álnevek csak a saját domain vagy domain álnév számára elérhető."
|
||||
},
|
||||
"danger": {
|
||||
"access_denied": "Hozzáférés megtagatva vagy nem megfelelő űrlap adat",
|
||||
@@ -1246,21 +1245,6 @@
|
||||
"pushover_key": "A pushover kulcs rossz formátumú",
|
||||
"pushover_token": "A Pushover token rossz formátumú",
|
||||
"quota_not_0_not_numeric": "A kvótának numerikusnak és >= 0-nak kell lennie.",
|
||||
"recipient_map_entry_exists": "Létezik egy \"%s\" címzett-térkép bejegyzés",
|
||||
"redis_error": "Redis hiba lépett fel: %s",
|
||||
"relayhost_invalid": "A(z) %s elem érvénytelen a leképezésben.",
|
||||
"release_send_failed": "Az üzenet felszabadítása sikertelen: %s",
|
||||
"reset_f2b_regex": "A regex-szűrő időtúllépés miatt nem állt le. Próbálja újra, vagy várjon egy kicsit, és töltse újra az oldalt.",
|
||||
"resource_invalid": "A(z) %s erőforrásnév érvénytelen",
|
||||
"rl_timeframe": "Érvénytelen időkeret a lekérdezési korláthoz",
|
||||
"rspamd_ui_pw_length": "A Rspamd UI jelszónak legalább 6 karakter hosszúnak kell lennie.",
|
||||
"script_empty": "A szkript nem lehet üres",
|
||||
"sender_acl_invalid": "A küldőhöz tartozó ACL-érték (%s) érvénytelen",
|
||||
"set_acl_failed": "Az ACL beállítása meghiúsult",
|
||||
"settings_map_invalid": "Érvénytelen beállítás-leképezési azonosító: %s",
|
||||
"recovery_email_failed": "A helyreállítási email kiküldése sikertelen. Kérlek, lépj kapcsolatba az adminisztrátorral!",
|
||||
"reset_token_limit_exceeded": "Túl sok visszaállítási kísérlet. Kérjük, várjon, mielőtt újra próbálkozna.",
|
||||
"required_data_missing": "Hiányzik a(z) szükséges %s adat",
|
||||
"tfa_removal_blocked": "A kétfaktoros hitelesítés nem távolítható el, mert elengedhetetlen a fiókod használatához."
|
||||
"recipient_map_entry_exists": "Létezik egy \"%s\" címzett-térkép bejegyzés"
|
||||
}
|
||||
}
|
||||
|
||||
@@ -27,7 +27,7 @@ if (isset($_SERVER['PHP_AUTH_USER'])) {
|
||||
}
|
||||
|
||||
$login_check = check_login($username, $password, array('service' => $service));
|
||||
if ($login_check === 'user') {
|
||||
if ($login_check === 'user' && hasACLAccess('sogo_access')) {
|
||||
header("X-User: $username");
|
||||
header("X-Auth: Basic ".base64_encode("$username:$password"));
|
||||
header("X-Auth-Type: Basic");
|
||||
@@ -47,6 +47,7 @@ elseif (isset($_GET['login'])) {
|
||||
// check permissions (if dual_login is active, deny sso when acl is not given)
|
||||
$login = html_entity_decode(rawurldecode($_GET["login"]));
|
||||
if (isset($_SESSION['mailcow_cc_role']) &&
|
||||
hasACLAccess('sogo_access') &&
|
||||
(($_SESSION['acl']['login_as'] == "1" && $ALLOW_ADMIN_EMAIL_LOGIN !== 0) || ($is_dual === false && $login == $_SESSION['mailcow_cc_username']))) {
|
||||
if (filter_var($login, FILTER_VALIDATE_EMAIL)) {
|
||||
if (user_get_alias_details($login) !== false) {
|
||||
|
||||
@@ -11,8 +11,8 @@
|
||||
<link rel="stylesheet" href="{{ css_path }}">
|
||||
<script>
|
||||
// check if darkmode is preferred by OS or set by localStorage
|
||||
if (window.matchMedia && window.matchMedia('(prefers-color-scheme: dark)').matches && localStorage.getItem("mailcow_theme") !== "light" ||
|
||||
localStorage.getItem("mailcow_theme") === "dark") {
|
||||
if (window.matchMedia && window.matchMedia('(prefers-color-scheme: dark)').matches && localStorage.getItem("theme") !== "light" ||
|
||||
localStorage.getItem("theme") === "dark") {
|
||||
var head = document.getElementsByTagName('head')[0];
|
||||
var link = document.createElement('link');
|
||||
link.id = 'dark-mode-theme';
|
||||
|
||||
@@ -8,7 +8,7 @@
|
||||
|
||||
<input type="hidden" value="default" name="sender_acl">
|
||||
<input type="hidden" value="0" name="force_pw_update">
|
||||
<input type="hidden" value="0" name="sogo_access">
|
||||
<input type="hidden" value="0" name="sogo_redirection">
|
||||
<input type="hidden" value="0" name="protocol_access">
|
||||
|
||||
<div class="row mb-4">
|
||||
@@ -125,6 +125,7 @@
|
||||
<option value="syncjobs" {% if template.attributes.acl_syncjobs == '1' %} selected{% endif %}>{{ lang.acl["syncjobs"] }}</option>
|
||||
<option value="eas_reset" {% if template.attributes.acl_eas_reset == '1' %} selected{% endif %}>{{ lang.acl["eas_reset"] }}</option>
|
||||
<option value="sogo_profile_reset" {% if template.attributes.acl_sogo_profile_reset == '1' %} selected{% endif %}>{{ lang.acl["sogo_profile_reset"] }}</option>
|
||||
<option value="sogo_access" {% if template.attributes.acl_sogo_access == '1' %} selected{% endif %}>{{ lang.acl["sogo_access"] }}</option>
|
||||
<option value="pushover" {% if template.attributes.acl_pushover == '1' %} selected{% endif %}>{{ lang.acl["pushover"] }}</option>
|
||||
<option value="quarantine" {% if template.attributes.acl_quarantine == '1' %} selected{% endif %}>{{ lang.acl["quarantine"] }}</option>
|
||||
<option value="quarantine_attachments" {% if template.attributes.acl_quarantine_attachments == '1' %} selected{% endif %}>{{ lang.acl["quarantine_attachments"] }}</option>
|
||||
@@ -169,8 +170,8 @@
|
||||
<div class="row">
|
||||
<div class="offset-sm-2 col-sm-10">
|
||||
<div class="form-check">
|
||||
<label><input type="checkbox" class="form-check-input" value="1" name="sogo_access"{% if template.attributes.sogo_access == '1' %} checked{% endif %}> {{ lang.edit.sogo_access }}</label>
|
||||
<small class="text-muted">{{ lang.edit.sogo_access_info }}</small>
|
||||
<label><input type="checkbox" class="form-check-input" value="1" name="sogo_redirection"{% if template.attributes.sogo_redirection == '1' %} checked{% endif %}> {{ lang.edit.sogo_redirection }}</label>
|
||||
<small class="text-muted">{{ lang.edit.sogo_redirection_info }}</small>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
@@ -25,7 +25,7 @@
|
||||
<input type="hidden" value="default" name="sender_acl">
|
||||
<input type="hidden" value="0" name="force_pw_update">
|
||||
<input type="hidden" value="0" name="force_tfa">
|
||||
<input type="hidden" value="0" name="sogo_access">
|
||||
<input type="hidden" value="0" name="sogo_redirection">
|
||||
<input type="hidden" value="0" name="protocol_access">
|
||||
<div class="row mb-2">
|
||||
<label class="control-label col-sm-2">{{ lang.admin.iam }}</label>
|
||||
@@ -327,11 +327,11 @@
|
||||
</div>
|
||||
</div>
|
||||
{% if not skip_sogo %}
|
||||
<div data-acl="{{ acl.sogo_access }}" class="row">
|
||||
<div data-acl="{{ acl.sogo_redirection }}" class="row">
|
||||
<div class="offset-sm-2 col-sm-10">
|
||||
<div class="form-check">
|
||||
<label><input type="checkbox" class="form-check-input" value="1" name="sogo_access"{% if result.attributes.sogo_access == '1' %} checked{% endif %}> {{ lang.edit.sogo_access }}</label>
|
||||
<small class="text-muted">{{ lang.edit.sogo_access_info }}</small>
|
||||
<label><input type="checkbox" class="form-check-input" value="1" name="sogo_redirection"{% if result.attributes.sogo_redirection == '1' %} checked{% endif %}> {{ lang.edit.sogo_redirection }}</label>
|
||||
<small class="text-muted">{{ lang.edit.sogo_redirection_info }}</small>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
@@ -10,7 +10,7 @@
|
||||
<form class="form-horizontal" data-cached-form="true" data-id="add_mailbox" role="form" autocomplete="off">
|
||||
<input type="hidden" value="0" name="force_pw_update">
|
||||
<input type="hidden" value="0" name="force_tfa">
|
||||
<input type="hidden" value="0" name="sogo_access">
|
||||
<input type="hidden" value="0" name="sogo_redirection">
|
||||
<input type="hidden" value="0" name="protocol_access">
|
||||
<input type="hidden" value="mailcow" name="authsource">
|
||||
|
||||
@@ -166,6 +166,7 @@
|
||||
<option value="syncjobs">{{ lang.acl["syncjobs"] }}</option>
|
||||
<option value="eas_reset" selected>{{ lang.acl["eas_reset"] }}</option>
|
||||
<option value="sogo_profile_reset">{{ lang.acl["sogo_profile_reset"] }}</option>
|
||||
<option value="sogo_access" selected>{{ lang.acl["sogo_access"] }}</option>
|
||||
<option value="pushover" selected>{{ lang.acl["pushover"] }}</option>
|
||||
<option value="quarantine" selected>{{ lang.acl["quarantine"] }}</option>
|
||||
<option value="quarantine_attachments" selected>{{ lang.acl["quarantine_attachments"] }}</option>
|
||||
@@ -217,8 +218,8 @@
|
||||
<div class="row">
|
||||
<div class="offset-sm-2 col-sm-10">
|
||||
<div class="form-check">
|
||||
<label><input type="checkbox" class="form-check-input" value="1" name="sogo_access" id="sogo_access"> {{ lang.edit.sogo_access }}</label>
|
||||
<small class="text-muted">{{ lang.edit.sogo_access_info }}</small>
|
||||
<label><input type="checkbox" class="form-check-input" value="1" name="sogo_redirection" id="sogo_access"> {{ lang.edit.sogo_redirection }}</label>
|
||||
<small class="text-muted">{{ lang.edit.sogo_redirection_info }}</small>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
@@ -247,7 +248,7 @@
|
||||
<input type="hidden" value="default" name="sender_acl">
|
||||
<input type="hidden" value="0" name="force_pw_update">
|
||||
<input type="hidden" value="0" name="force_tfa">
|
||||
<input type="hidden" value="0" name="sogo_access">
|
||||
<input type="hidden" value="0" name="sogo_redirection">
|
||||
<input type="hidden" value="0" name="protocol_access">
|
||||
|
||||
<div class="row mb-4">
|
||||
@@ -416,8 +417,8 @@
|
||||
<div class="row">
|
||||
<div class="offset-sm-2 col-sm-10">
|
||||
<div class="form-check">
|
||||
<label><input type="checkbox" class="form-check-input" value="1" name="sogo_access"> {{ lang.edit.sogo_access }}</label>
|
||||
<small class="text-muted">{{ lang.edit.sogo_access_info }}</small>
|
||||
<label><input type="checkbox" class="form-check-input" value="1" name="sogo_redirection"> {{ lang.edit.sogo_redirection }}</label>
|
||||
<small class="text-muted">{{ lang.edit.sogo_redirection_info }}</small>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
@@ -23,10 +23,14 @@
|
||||
<a href="/sogo-auth.php?login={{ mailcow_cc_username }}" role="button" class="btn btn-primary btn-lg btn-block btn-xs-lg w-100">
|
||||
{{ lang.user.open_webmail_sso }} <i class="bi bi-arrow-right"></i>
|
||||
</a>
|
||||
{% else %}
|
||||
{% elseif acl.sogo_access == 1 %}
|
||||
<a href="/SOGo/so" role="button" class="btn btn-primary btn-lg btn-block btn-xs-lg w-100">
|
||||
{{ lang.user.open_webmail_sso }} <i class="bi bi-arrow-right"></i>
|
||||
</a>
|
||||
{% else %}
|
||||
<button disabled class="btn btn-secondary btn-block btn-xs-lg w-100">
|
||||
{{ lang.user.open_webmail_sso }} <i class="bi bi-arrow-right"></i>
|
||||
</button>
|
||||
{% endif %}
|
||||
</div>
|
||||
</div>
|
||||
|
||||
@@ -465,7 +465,7 @@ services:
|
||||
condition: service_started
|
||||
unbound-mailcow:
|
||||
condition: service_healthy
|
||||
image: ghcr.io/mailcow/acme:1.97
|
||||
image: ghcr.io/mailcow/acme:1.96
|
||||
dns:
|
||||
- ${IPV4_NETWORK:-172.22.1}.254
|
||||
environment:
|
||||
|
||||
Reference in New Issue
Block a user