mirror of
https://github.com/mailcow/mailcow-dockerized.git
synced 2026-05-31 11:43:07 +00:00
[Web] Add User ACL to manage SOGo access
This commit is contained in:
FreddleSpl0it
@@ -48,7 +48,12 @@ function acl($_action, $_scope = null, $_data = null, $_extra = null) {
|
||||
);
|
||||
continue;
|
||||
}
|
||||
$sogo_acl_changed = false;
|
||||
foreach ($set_acls as $set_acl_key => $set_acl_val) {
|
||||
// Track if sogo_access ACL changed
|
||||
if ($set_acl_key == 'sogo_access' && $is_now[$set_acl_key] != $set_acl_val) {
|
||||
$sogo_acl_changed = true;
|
||||
}
|
||||
$stmt = $pdo->prepare("UPDATE `user_acl` SET " . $set_acl_key . " = " . intval($set_acl_val) . "
|
||||
WHERE `username` = :username");
|
||||
$stmt->execute(array(
|
||||
@@ -60,6 +65,10 @@ function acl($_action, $_scope = null, $_data = null, $_extra = null) {
|
||||
'log' => array(__FUNCTION__, $_action, $_scope, $_data_log),
|
||||
'msg' => array('acl_saved', $username)
|
||||
);
|
||||
// Update SOGo static view if sogo_access ACL changed
|
||||
if ($sogo_acl_changed) {
|
||||
update_sogo_static_view($username);
|
||||
}
|
||||
}
|
||||
break;
|
||||
case 'domainadmin':
|
||||
|
||||
@@ -940,8 +940,12 @@ function update_sogo_static_view($mailbox = null) {
|
||||
|
||||
$mailbox_exists = false;
|
||||
if ($mailbox !== null) {
|
||||
// Check if the mailbox exists
|
||||
$stmt = $pdo->prepare("SELECT username FROM mailbox WHERE username = :mailbox AND active = '1'");
|
||||
// Check if the mailbox exists and should have SOGo access
|
||||
$stmt = $pdo->prepare("SELECT m.username FROM mailbox m
|
||||
LEFT JOIN user_acl u ON m.username = u.username
|
||||
WHERE m.username = :mailbox
|
||||
AND m.active = '1'
|
||||
AND (u.sogo_access IS NULL OR u.sogo_access = 1)");
|
||||
$stmt->execute(array(':mailbox' => $mailbox));
|
||||
$row = $stmt->fetch(PDO::FETCH_ASSOC);
|
||||
if ($row){
|
||||
@@ -976,8 +980,10 @@ function update_sogo_static_view($mailbox = null) {
|
||||
LEFT OUTER JOIN grouped_mail_aliases ga ON ga.username REGEXP CONCAT('(^|,)', mailbox.username, '($|,)')
|
||||
LEFT OUTER JOIN grouped_domain_alias_address gda ON gda.username = mailbox.username
|
||||
LEFT OUTER JOIN grouped_sender_acl_external external_acl ON external_acl.username = mailbox.username
|
||||
LEFT OUTER JOIN user_acl ON user_acl.username = mailbox.username
|
||||
WHERE
|
||||
mailbox.active = '1'
|
||||
AND (user_acl.sogo_access IS NULL OR user_acl.sogo_access = 1)
|
||||
$subquery
|
||||
ON DUPLICATE KEY UPDATE
|
||||
`domain` = VALUES(`domain`),
|
||||
@@ -1005,7 +1011,27 @@ function update_sogo_static_view($mailbox = null) {
|
||||
));
|
||||
}
|
||||
|
||||
$stmt = $pdo->query("DELETE FROM _sogo_static_view WHERE `c_uid` NOT IN (SELECT `username` FROM `mailbox` WHERE `active` = '1');");
|
||||
if ($mailbox_exists) {
|
||||
// For single mailbox update, only delete this specific user
|
||||
$stmt = $pdo->prepare("DELETE FROM _sogo_static_view
|
||||
WHERE `c_uid` = :mailbox
|
||||
AND `c_uid` NOT IN (
|
||||
SELECT m.`username` FROM `mailbox` m
|
||||
LEFT JOIN `user_acl` u ON m.`username` = u.`username`
|
||||
WHERE m.`active` = '1'
|
||||
AND m.`username` = :mailbox2
|
||||
AND (u.`sogo_access` IS NULL OR u.`sogo_access` = 1)
|
||||
)");
|
||||
$stmt->execute(array(':mailbox' => $mailbox, ':mailbox2' => $mailbox));
|
||||
} else {
|
||||
// Full cleanup for all users
|
||||
$stmt = $pdo->query("DELETE FROM _sogo_static_view WHERE `c_uid` NOT IN (
|
||||
SELECT m.`username` FROM `mailbox` m
|
||||
LEFT JOIN `user_acl` u ON m.`username` = u.`username`
|
||||
WHERE m.`active` = '1'
|
||||
AND (u.`sogo_access` IS NULL OR u.`sogo_access` = 1)
|
||||
);");
|
||||
}
|
||||
|
||||
flush_memcached();
|
||||
}
|
||||
@@ -3490,9 +3516,14 @@ function set_user_loggedin_session($user) {
|
||||
session_regenerate_id(true);
|
||||
$_SESSION['mailcow_cc_username'] = $user;
|
||||
$_SESSION['mailcow_cc_role'] = 'user';
|
||||
$sogo_sso_pass = file_get_contents("/etc/sogo-sso/sogo-sso.pass");
|
||||
$_SESSION['sogo-sso-user-allowed'][] = $user;
|
||||
$_SESSION['sogo-sso-pass'] = $sogo_sso_pass;
|
||||
|
||||
acl('to_session');
|
||||
if (hasACLAccess("sogo_access")) {
|
||||
$sogo_sso_pass = file_get_contents("/etc/sogo-sso/sogo-sso.pass");
|
||||
$_SESSION['sogo-sso-user-allowed'][] = $user;
|
||||
$_SESSION['sogo-sso-pass'] = $sogo_sso_pass;
|
||||
}
|
||||
|
||||
unset($_SESSION['pending_mailcow_cc_username']);
|
||||
unset($_SESSION['pending_mailcow_cc_role']);
|
||||
unset($_SESSION['pending_tfa_methods']);
|
||||
|
||||
@@ -1101,7 +1101,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
|
||||
$force_tfa = (isset($_data['force_tfa'])) ? intval($_data['force_tfa']) : intval($MAILBOX_DEFAULT_ATTRIBUTES['force_tfa']);
|
||||
$tls_enforce_in = (isset($_data['tls_enforce_in'])) ? intval($_data['tls_enforce_in']) : intval($MAILBOX_DEFAULT_ATTRIBUTES['tls_enforce_in']);
|
||||
$tls_enforce_out = (isset($_data['tls_enforce_out'])) ? intval($_data['tls_enforce_out']) : intval($MAILBOX_DEFAULT_ATTRIBUTES['tls_enforce_out']);
|
||||
$sogo_access = (isset($_data['sogo_access'])) ? intval($_data['sogo_access']) : intval($MAILBOX_DEFAULT_ATTRIBUTES['sogo_access']);
|
||||
$sogo_redirection = (isset($_data['sogo_redirection'])) ? intval($_data['sogo_redirection']) : intval($MAILBOX_DEFAULT_ATTRIBUTES['sogo_redirection']);
|
||||
$imap_access = (isset($_data['imap_access'])) ? intval($_data['imap_access']) : intval($MAILBOX_DEFAULT_ATTRIBUTES['imap_access']);
|
||||
$pop3_access = (isset($_data['pop3_access'])) ? intval($_data['pop3_access']) : intval($MAILBOX_DEFAULT_ATTRIBUTES['pop3_access']);
|
||||
$smtp_access = (isset($_data['smtp_access'])) ? intval($_data['smtp_access']) : intval($MAILBOX_DEFAULT_ATTRIBUTES['smtp_access']);
|
||||
@@ -1123,7 +1123,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
|
||||
'force_tfa' => strval($force_tfa),
|
||||
'tls_enforce_in' => strval($tls_enforce_in),
|
||||
'tls_enforce_out' => strval($tls_enforce_out),
|
||||
'sogo_access' => strval($sogo_access),
|
||||
'sogo_redirection' => strval($sogo_redirection),
|
||||
'imap_access' => strval($imap_access),
|
||||
'pop3_access' => strval($pop3_access),
|
||||
'smtp_access' => strval($smtp_access),
|
||||
@@ -1314,6 +1314,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
|
||||
$_data['syncjobs'] = (in_array('syncjobs', $_data['acl'])) ? 1 : 0;
|
||||
$_data['eas_reset'] = (in_array('eas_reset', $_data['acl'])) ? 1 : 0;
|
||||
$_data['sogo_profile_reset'] = (in_array('sogo_profile_reset', $_data['acl'])) ? 1 : 0;
|
||||
$_data['sogo_access'] = (in_array('sogo_access', $_data['acl'])) ? 1 : 0;
|
||||
$_data['pushover'] = (in_array('pushover', $_data['acl'])) ? 1 : 0;
|
||||
$_data['quarantine'] = (in_array('quarantine', $_data['acl'])) ? 1 : 0;
|
||||
$_data['quarantine_attachments'] = (in_array('quarantine_attachments', $_data['acl'])) ? 1 : 0;
|
||||
@@ -1330,6 +1331,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
|
||||
$_data['syncjobs'] = intval($MAILBOX_DEFAULT_ATTRIBUTES['acl_syncjobs']);
|
||||
$_data['eas_reset'] = intval($MAILBOX_DEFAULT_ATTRIBUTES['acl_eas_reset']);
|
||||
$_data['sogo_profile_reset'] = intval($MAILBOX_DEFAULT_ATTRIBUTES['acl_sogo_profile_reset']);
|
||||
$_data['sogo_access'] = intval($MAILBOX_DEFAULT_ATTRIBUTES['acl_sogo_access']);
|
||||
$_data['pushover'] = intval($MAILBOX_DEFAULT_ATTRIBUTES['acl_pushover']);
|
||||
$_data['quarantine'] = intval($MAILBOX_DEFAULT_ATTRIBUTES['acl_quarantine']);
|
||||
$_data['quarantine_attachments'] = intval($MAILBOX_DEFAULT_ATTRIBUTES['acl_quarantine_attachments']);
|
||||
@@ -1341,9 +1343,9 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
|
||||
|
||||
try {
|
||||
$stmt = $pdo->prepare("INSERT INTO `user_acl`
|
||||
(`username`, `spam_alias`, `tls_policy`, `spam_score`, `spam_policy`, `delimiter_action`, `syncjobs`, `eas_reset`, `sogo_profile_reset`,
|
||||
(`username`, `spam_alias`, `tls_policy`, `spam_score`, `spam_policy`, `delimiter_action`, `syncjobs`, `eas_reset`, `sogo_profile_reset`, `sogo_access`,
|
||||
`pushover`, `quarantine`, `quarantine_attachments`, `quarantine_notification`, `quarantine_category`, `app_passwds`, `pw_reset`)
|
||||
VALUES (:username, :spam_alias, :tls_policy, :spam_score, :spam_policy, :delimiter_action, :syncjobs, :eas_reset, :sogo_profile_reset,
|
||||
VALUES (:username, :spam_alias, :tls_policy, :spam_score, :spam_policy, :delimiter_action, :syncjobs, :eas_reset, :sogo_profile_reset, :sogo_access,
|
||||
:pushover, :quarantine, :quarantine_attachments, :quarantine_notification, :quarantine_category, :app_passwds, :pw_reset) ");
|
||||
$stmt->execute(array(
|
||||
':username' => $username,
|
||||
@@ -1355,6 +1357,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
|
||||
':syncjobs' => $_data['syncjobs'],
|
||||
':eas_reset' => $_data['eas_reset'],
|
||||
':sogo_profile_reset' => $_data['sogo_profile_reset'],
|
||||
':sogo_access' => $_data['sogo_access'],
|
||||
':pushover' => $_data['pushover'],
|
||||
':quarantine' => $_data['quarantine'],
|
||||
':quarantine_attachments' => $_data['quarantine_attachments'],
|
||||
@@ -1735,7 +1738,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
|
||||
$attr["rl_value"] = (!empty($_data['rl_value'])) ? $_data['rl_value'] : "";
|
||||
$attr["force_pw_update"] = isset($_data['force_pw_update']) ? intval($_data['force_pw_update']) : intval($MAILBOX_DEFAULT_ATTRIBUTES['force_pw_update']);
|
||||
$attr["force_tfa"] = isset($_data['force_tfa']) ? intval($_data['force_tfa']) : intval($MAILBOX_DEFAULT_ATTRIBUTES['force_tfa']);
|
||||
$attr["sogo_access"] = isset($_data['sogo_access']) ? intval($_data['sogo_access']) : intval($MAILBOX_DEFAULT_ATTRIBUTES['sogo_access']);
|
||||
$attr["sogo_redirection"] = isset($_data['sogo_redirection']) ? intval($_data['sogo_redirection']) : intval($MAILBOX_DEFAULT_ATTRIBUTES['sogo_redirection']);
|
||||
$attr["active"] = isset($_data['active']) ? intval($_data['active']) : 1;
|
||||
$attr["tls_enforce_in"] = isset($_data['tls_enforce_in']) ? intval($_data['tls_enforce_in']) : intval($MAILBOX_DEFAULT_ATTRIBUTES['tls_enforce_in']);
|
||||
$attr["tls_enforce_out"] = isset($_data['tls_enforce_out']) ? intval($_data['tls_enforce_out']) : intval($MAILBOX_DEFAULT_ATTRIBUTES['tls_enforce_out']);
|
||||
@@ -1766,6 +1769,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
|
||||
$attr['acl_syncjobs'] = (in_array('syncjobs', $_data['acl'])) ? 1 : 0;
|
||||
$attr['acl_eas_reset'] = (in_array('eas_reset', $_data['acl'])) ? 1 : 0;
|
||||
$attr['acl_sogo_profile_reset'] = (in_array('sogo_profile_reset', $_data['acl'])) ? 1 : 0;
|
||||
$attr['acl_sogo_access'] = (in_array('sogo_access', $_data['acl'])) ? 1 : 0;
|
||||
$attr['acl_pushover'] = (in_array('pushover', $_data['acl'])) ? 1 : 0;
|
||||
$attr['acl_quarantine'] = (in_array('quarantine', $_data['acl'])) ? 1 : 0;
|
||||
$attr['acl_quarantine_attachments'] = (in_array('quarantine_attachments', $_data['acl'])) ? 1 : 0;
|
||||
@@ -1783,6 +1787,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
|
||||
$attr['acl_syncjobs'] = 0;
|
||||
$attr['acl_eas_reset'] = 0;
|
||||
$attr['acl_sogo_profile_reset'] = 0;
|
||||
$attr['acl_sogo_access'] = 0;
|
||||
$attr['acl_pushover'] = 0;
|
||||
$attr['acl_quarantine'] = 0;
|
||||
$attr['acl_quarantine_attachments'] = 0;
|
||||
@@ -3103,7 +3108,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
|
||||
$active = (isset($_data['active'])) ? intval($_data['active']) : $is_now['active'];
|
||||
(int)$force_pw_update = (isset($_data['force_pw_update'])) ? intval($_data['force_pw_update']) : intval($is_now['attributes']['force_pw_update']);
|
||||
(int)$force_tfa = (isset($_data['force_tfa'])) ? intval($_data['force_tfa']) : intval($is_now['attributes']['force_tfa']);
|
||||
(int)$sogo_access = (isset($_data['sogo_access']) && hasACLAccess("sogo_access")) ? intval($_data['sogo_access']) : intval($is_now['attributes']['sogo_access']);
|
||||
(int)$sogo_redirection = (isset($_data['sogo_redirection'])) ? intval($_data['sogo_redirection']) : intval($is_now['attributes']['sogo_redirection']);
|
||||
(int)$imap_access = (isset($_data['imap_access']) && hasACLAccess("protocol_access")) ? intval($_data['imap_access']) : intval($is_now['attributes']['imap_access']);
|
||||
(int)$pop3_access = (isset($_data['pop3_access']) && hasACLAccess("protocol_access")) ? intval($_data['pop3_access']) : intval($is_now['attributes']['pop3_access']);
|
||||
(int)$smtp_access = (isset($_data['smtp_access']) && hasACLAccess("protocol_access")) ? intval($_data['smtp_access']) : intval($is_now['attributes']['smtp_access']);
|
||||
@@ -3399,7 +3404,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
|
||||
`authsource` = :authsource,
|
||||
`attributes` = JSON_SET(`attributes`, '$.force_pw_update', :force_pw_update),
|
||||
`attributes` = JSON_SET(`attributes`, '$.force_tfa', :force_tfa),
|
||||
`attributes` = JSON_SET(`attributes`, '$.sogo_access', :sogo_access),
|
||||
`attributes` = JSON_SET(`attributes`, '$.sogo_redirection', :sogo_redirection),
|
||||
`attributes` = JSON_SET(`attributes`, '$.imap_access', :imap_access),
|
||||
`attributes` = JSON_SET(`attributes`, '$.sieve_access', :sieve_access),
|
||||
`attributes` = JSON_SET(`attributes`, '$.pop3_access', :pop3_access),
|
||||
@@ -3417,7 +3422,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
|
||||
':attribute_hash' => $attribute_hash,
|
||||
':force_pw_update' => $force_pw_update,
|
||||
':force_tfa' => $force_tfa,
|
||||
':sogo_access' => $sogo_access,
|
||||
':sogo_redirection' => $sogo_redirection,
|
||||
':imap_access' => $imap_access,
|
||||
':pop3_access' => $pop3_access,
|
||||
':sieve_access' => $sieve_access,
|
||||
@@ -3789,7 +3794,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
|
||||
$attr["rl_frame"] = (!empty($_data['rl_frame'])) ? $_data['rl_frame'] : $is_now['rl_frame'];
|
||||
$attr["rl_value"] = (!empty($_data['rl_value'])) ? $_data['rl_value'] : $is_now['rl_value'];
|
||||
$attr["force_pw_update"] = isset($_data['force_pw_update']) ? intval($_data['force_pw_update']) : $is_now['force_pw_update'];
|
||||
$attr["sogo_access"] = isset($_data['sogo_access']) ? intval($_data['sogo_access']) : $is_now['sogo_access'];
|
||||
$attr["sogo_redirection"] = isset($_data['sogo_redirection']) ? intval($_data['sogo_redirection']) : $is_now['sogo_redirection'];
|
||||
$attr["active"] = isset($_data['active']) ? intval($_data['active']) : $is_now['active'];
|
||||
$attr["tls_enforce_in"] = isset($_data['tls_enforce_in']) ? intval($_data['tls_enforce_in']) : $is_now['tls_enforce_in'];
|
||||
$attr["tls_enforce_out"] = isset($_data['tls_enforce_out']) ? intval($_data['tls_enforce_out']) : $is_now['tls_enforce_out'];
|
||||
@@ -3817,6 +3822,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
|
||||
$attr['acl_syncjobs'] = (in_array('syncjobs', $_data['acl'])) ? 1 : 0;
|
||||
$attr['acl_eas_reset'] = (in_array('eas_reset', $_data['acl'])) ? 1 : 0;
|
||||
$attr['acl_sogo_profile_reset'] = (in_array('sogo_profile_reset', $_data['acl'])) ? 1 : 0;
|
||||
$attr['acl_sogo_access'] = (in_array('sogo_access', $_data['acl'])) ? 1 : 0;
|
||||
$attr['acl_pushover'] = (in_array('pushover', $_data['acl'])) ? 1 : 0;
|
||||
$attr['acl_quarantine'] = (in_array('quarantine', $_data['acl'])) ? 1 : 0;
|
||||
$attr['acl_quarantine_attachments'] = (in_array('quarantine_attachments', $_data['acl'])) ? 1 : 0;
|
||||
|
||||
@@ -4,7 +4,7 @@ function init_db_schema()
|
||||
try {
|
||||
global $pdo;
|
||||
|
||||
$db_version = "19022026_1220";
|
||||
$db_version = "12032026_1300";
|
||||
|
||||
$stmt = $pdo->query("SHOW TABLES LIKE 'versions'");
|
||||
$num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
|
||||
@@ -506,6 +506,7 @@ function init_db_schema()
|
||||
"syncjobs" => "TINYINT(1) NOT NULL DEFAULT '0'",
|
||||
"eas_reset" => "TINYINT(1) NOT NULL DEFAULT '1'",
|
||||
"sogo_profile_reset" => "TINYINT(1) NOT NULL DEFAULT '0'",
|
||||
"sogo_access" => "TINYINT(1) NOT NULL DEFAULT '1'",
|
||||
"pushover" => "TINYINT(1) NOT NULL DEFAULT '1'",
|
||||
// quarantine is for quarantine actions, todo: rename
|
||||
"quarantine" => "TINYINT(1) NOT NULL DEFAULT '1'",
|
||||
@@ -705,7 +706,7 @@ function init_db_schema()
|
||||
"syncjobs" => "TINYINT(1) NOT NULL DEFAULT '1'",
|
||||
"quarantine" => "TINYINT(1) NOT NULL DEFAULT '1'",
|
||||
"login_as" => "TINYINT(1) NOT NULL DEFAULT '1'",
|
||||
"sogo_access" => "TINYINT(1) NOT NULL DEFAULT '1'",
|
||||
"sogo_redirection" => "TINYINT(1) NOT NULL DEFAULT '1'",
|
||||
"app_passwds" => "TINYINT(1) NOT NULL DEFAULT '1'",
|
||||
"bcc_maps" => "TINYINT(1) NOT NULL DEFAULT '1'",
|
||||
"pushover" => "TINYINT(1) NOT NULL DEFAULT '0'",
|
||||
@@ -1397,7 +1398,10 @@ function init_db_schema()
|
||||
$pdo->query("UPDATE `admin` SET `attributes` = JSON_SET(`attributes`, '$.force_tfa', \"0\") WHERE JSON_VALUE(`attributes`, '$.force_tfa') IS NULL;");
|
||||
$pdo->query("UPDATE `admin` SET `attributes` = JSON_SET(`attributes`, '$.force_pw_update', \"0\") WHERE JSON_VALUE(`attributes`, '$.force_pw_update') IS NULL;");
|
||||
$pdo->query("UPDATE `mailbox` SET `attributes` = JSON_SET(`attributes`, '$.sieve_access', \"1\") WHERE JSON_VALUE(`attributes`, '$.sieve_access') IS NULL;");
|
||||
$pdo->query("UPDATE `mailbox` SET `attributes` = JSON_SET(`attributes`, '$.sogo_access', \"1\") WHERE JSON_VALUE(`attributes`, '$.sogo_access') IS NULL;");
|
||||
// Migrate sogo_access attribute to sogo_redirection
|
||||
$pdo->query("UPDATE `mailbox` SET `attributes` = JSON_SET(`attributes`, '$.sogo_redirection', JSON_VALUE(`attributes`, '$.sogo_access')) WHERE JSON_VALUE(`attributes`, '$.sogo_access') IS NOT NULL;");
|
||||
$pdo->query("UPDATE `mailbox` SET `attributes` = JSON_REMOVE(`attributes`, '$.sogo_access') WHERE JSON_VALUE(`attributes`, '$.sogo_access') IS NOT NULL;");
|
||||
$pdo->query("UPDATE `mailbox` SET `attributes` = JSON_SET(`attributes`, '$.sogo_redirection', \"1\") WHERE JSON_VALUE(`attributes`, '$.sogo_redirection') IS NULL;");
|
||||
$pdo->query("UPDATE `mailbox` SET `attributes` = JSON_SET(`attributes`, '$.imap_access', \"1\") WHERE JSON_VALUE(`attributes`, '$.imap_access') IS NULL;");
|
||||
$pdo->query("UPDATE `mailbox` SET `attributes` = JSON_SET(`attributes`, '$.pop3_access', \"1\") WHERE JSON_VALUE(`attributes`, '$.pop3_access') IS NULL;");
|
||||
$pdo->query("UPDATE `mailbox` SET `attributes` = JSON_SET(`attributes`, '$.smtp_access', \"1\") WHERE JSON_VALUE(`attributes`, '$.smtp_access') IS NULL;");
|
||||
@@ -1421,6 +1425,10 @@ function init_db_schema()
|
||||
// Fix domain_admins
|
||||
$pdo->query("DELETE FROM `domain_admins` WHERE `domain` = 'ALL';");
|
||||
|
||||
// Migrate template sogo_access to sogo_redirection
|
||||
$pdo->query("UPDATE `templates` SET `attributes` = JSON_SET(`attributes`, '$.sogo_redirection', JSON_VALUE(`attributes`, '$.sogo_access')) WHERE `type` = 'mailbox' AND JSON_VALUE(`attributes`, '$.sogo_access') IS NOT NULL;");
|
||||
$pdo->query("UPDATE `templates` SET `attributes` = JSON_REMOVE(`attributes`, '$.sogo_access') WHERE `type` = 'mailbox' AND JSON_VALUE(`attributes`, '$.sogo_access') IS NOT NULL;");
|
||||
|
||||
// add default templates
|
||||
$default_domain_template = array(
|
||||
"template" => "Default",
|
||||
@@ -1456,7 +1464,7 @@ function init_db_schema()
|
||||
"rl_value" => "",
|
||||
"force_pw_update" => intval($GLOBALS['MAILBOX_DEFAULT_ATTRIBUTES']['force_pw_update']),
|
||||
"force_tfa" => intval($GLOBALS['MAILBOX_DEFAULT_ATTRIBUTES']['force_tfa']),
|
||||
"sogo_access" => intval($GLOBALS['MAILBOX_DEFAULT_ATTRIBUTES']['sogo_access']),
|
||||
"sogo_redirection" => intval($GLOBALS['MAILBOX_DEFAULT_ATTRIBUTES']['sogo_redirection']),
|
||||
"active" => 1,
|
||||
"tls_enforce_in" => intval($GLOBALS['MAILBOX_DEFAULT_ATTRIBUTES']['tls_enforce_in']),
|
||||
"tls_enforce_out" => intval($GLOBALS['MAILBOX_DEFAULT_ATTRIBUTES']['tls_enforce_out']),
|
||||
@@ -1472,6 +1480,7 @@ function init_db_schema()
|
||||
"acl_syncjobs" => 0,
|
||||
"acl_eas_reset" => 1,
|
||||
"acl_sogo_profile_reset" => 0,
|
||||
"acl_sogo_access" => 1,
|
||||
"acl_pushover" => 1,
|
||||
"acl_quarantine" => 1,
|
||||
"acl_quarantine_attachments" => 1,
|
||||
|
||||
@@ -81,8 +81,9 @@ if (isset($_POST["verify_tfa_login"])) {
|
||||
header("Location: /");
|
||||
die();
|
||||
}
|
||||
if (intval($user_details['attributes']['sogo_access']) == 1 &&
|
||||
if (intval($user_details['attributes']['sogo_redirection']) == 1 &&
|
||||
intval($user_details['attributes']['force_pw_update']) != 1 &&
|
||||
hasACLAccess('sogo_access') &&
|
||||
getenv('SKIP_SOGO') != "y" &&
|
||||
!$is_dual) {
|
||||
header("Location: /SOGo/so/");
|
||||
@@ -161,8 +162,9 @@ if (isset($_POST["login_user"]) && isset($_POST["pass_user"])) {
|
||||
header("Location: /");
|
||||
die();
|
||||
}
|
||||
if (intval($user_details['attributes']['sogo_access']) == 1 &&
|
||||
if (intval($user_details['attributes']['sogo_redirection']) == 1 &&
|
||||
intval($user_details['attributes']['force_pw_update']) != 1 &&
|
||||
hasACLAccess('sogo_access') &&
|
||||
getenv('SKIP_SOGO') != "y" &&
|
||||
!$is_dual) {
|
||||
header("Location: /SOGo/so/");
|
||||
|
||||
@@ -196,8 +196,8 @@ $MAILBOX_DEFAULT_ATTRIBUTES['force_pw_update'] = false;
|
||||
// Force 2FA enrollment at next login
|
||||
$MAILBOX_DEFAULT_ATTRIBUTES['force_tfa'] = false;
|
||||
|
||||
// Enable SOGo access - Users will be redirected to SOGo after login (set to false to disable redirect by default)
|
||||
$MAILBOX_DEFAULT_ATTRIBUTES['sogo_access'] = true;
|
||||
// Enable SOGo redirection - Users will be redirected to SOGo after login (set to false to disable redirect by default)
|
||||
$MAILBOX_DEFAULT_ATTRIBUTES['sogo_redirection'] = true;
|
||||
|
||||
// How to handle tagged emails
|
||||
// none - No special handling
|
||||
|
||||
Reference in New Issue
Block a user