[Web] Fix permission exception in IdP actions

2025-12-16 03:15:59 +00:00 · 2025-01-15 12:48:10 +01:00
parent 69b03791a2
commit 8048e0a53c
8 changed files with 88 additions and 61 deletions
--- a/data/conf/phpfpm/crons/keycloak-sync.php
+++ b/data/conf/phpfpm/crons/keycloak-sync.php
@@ -188,6 +188,7 @@ while (true) {
      continue;
    }

+    $_SESSION['access_all_exception'] = '1';
    if (!$row && intval($iam_settings['import_users']) == 1){
      // mailbox user does not exist, create...
      logMsg("info", "Creating user " . $user['email']);
@@ -196,8 +197,7 @@ while (true) {
        'local_part' => explode('@', $user['email'])[0],
        'name' => $user['firstName'] . " " . $user['lastName'],
        'authsource' => 'keycloak',
-        'template' => $mbox_template,
-        'hasAccess' => true
+        'template' => $mbox_template
      ));
    } else if ($row && intval($iam_settings['periodic_sync']) == 1) {
      // mailbox user does exist, sync attribtues...
@@ -205,13 +205,13 @@ while (true) {
      mailbox('edit', 'mailbox_from_template', array(
        'username' => $user['email'],
        'name' => $user['firstName'] . " " . $user['lastName'],
-        'template' => $mbox_template,
-        'hasAccess' => true
+        'template' => $mbox_template
      ));
    } else {
      // skip mailbox user
      logMsg("info", "Skipping user " . $user['email']);
    }
+    $_SESSION['access_all_exception'] = '0';

    sleep(0.025);
  }
--- a/data/conf/phpfpm/crons/ldap-sync.php
+++ b/data/conf/phpfpm/crons/ldap-sync.php
@@ -152,6 +152,7 @@ foreach ($response as $user) {
    continue;
  }

+  $_SESSION['access_all_exception'] = '1';
  if (!$row && intval($iam_settings['import_users']) == 1){
    // mailbox user does not exist, create...
    logMsg("info", "Creating user " .  $user[$iam_settings['username_field']][0]);
@@ -160,8 +161,7 @@ foreach ($response as $user) {
      'local_part' => explode('@',  $user[$iam_settings['username_field']][0])[0],
      'name' => $user['displayname'][0],
      'authsource' => 'ldap',
-      'template' => $mbox_template,
-      'hasAccess' => true
+      'template' => $mbox_template
    ));
  } else if ($row && intval($iam_settings['periodic_sync']) == 1) {
    // mailbox user does exist, sync attribtues...
@@ -169,13 +169,13 @@ foreach ($response as $user) {
    mailbox('edit', 'mailbox_from_template', array(
      'username' =>  $user[$iam_settings['username_field']][0],
      'name' => $user['displayname'][0],
-      'template' => $mbox_template,
-      'hasAccess' => true
+      'template' => $mbox_template
    ));
  } else {
    // skip mailbox user
    logMsg("info", "Skipping user " .  $user[$iam_settings['username_field']][0]);
  }
+  $_SESSION['access_all_exception'] = '0';

  sleep(0.025);
 }