From c51b27a9c91eb305a36e47c5d97f959a7ca40e4c Mon Sep 17 00:00:00 2001 From: Christian Boltz Date: Sat, 3 Nov 2007 22:24:34 +0000 Subject: [PATCH] merged overview.php into list-domain.php and list-virtual.php list-domain.php: - added several admin/superadmin switches and permission checks - merged GET and POST code - Note: still different templates for superadmins (admin_list-domain.tpl) and admins (overview-get.tpl) because of large layout difference list-virtual.php: - added several admin/superadmin switches and permission checks - added check for admins without any domains (redirects to domain list, which can handle this situation) - migrated FIXME from overview.php -> David, please review the query and remove the FIXME afterwards overview.php: - DELETED - no longer needed overview.tpl: - RENAMED overview.tpl to list-virtual.tpl - removed admin/superadmin filename switch - removed $incpath switch for images menu.tpl: - menu for domain admins now has "domain list" and "virtual list" instead of "overview" delete.php, edit-active.php, edit-alias.php, edit-mailbox.php, search.php: - changed redirect to list-virtual.php overview-get.tpl: - changed link to list-virtual.php main.tpl: - changed overview link to list-domain.php git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@181 a1433add-5e2c-0410-b055-b7f2511e0802 --- delete.php | 4 +- edit-active.php | 7 +- edit-alias.php | 6 +- edit-mailbox.php | 6 +- list-domain.php | 58 ++--- list-virtual.php | 29 ++- overview.php | 249 ------------------- search.php | 9 +- templates/{overview.tpl => list-virtual.tpl} | 28 +-- templates/main.tpl | 2 +- templates/menu.tpl | 7 +- templates/overview-get.tpl | 2 +- 12 files changed, 69 insertions(+), 338 deletions(-) delete mode 100644 overview.php rename templates/{overview.tpl => list-virtual.tpl} (89%) diff --git a/delete.php b/delete.php index 80b6573f..81e33d39 100644 --- a/delete.php +++ b/delete.php @@ -149,9 +149,7 @@ elseif ($fTable == "alias" or $fTable == "mailbox") if ($error != 1) { if ($CONF['database_type'] == "pgsql") db_query('COMMIT'); - $url = "overview.php"; - if (authentication_has_role('global-admin')) $url = "list-virtual.php"; - header ("Location: $url?domain=$fDomain"); + header ("Location: list-virtual.php?domain=$fDomain"); exit; } else { $tMessage = $PALANG['pDelete_delete_error'] . "$fDelete (physical mail)!"; diff --git a/edit-active.php b/edit-active.php index 6cc56c19..a52f108f 100644 --- a/edit-active.php +++ b/edit-active.php @@ -78,7 +78,6 @@ if ($_SERVER['REQUEST_METHOD'] == "GET") if ($error != 1) { if ( preg_match( "/^list-virtual.php.*/", $fReturn ) || - preg_match( "/^overview.php.*/", $fReturn ) || preg_match( "/^search.php.*/", $fReturn ) ) { //$fReturn appears OK, jump there @@ -86,11 +85,7 @@ if ($_SERVER['REQUEST_METHOD'] == "GET") } else { - if (authentication_has_role('global-admin')) { - header ("Location: list-virtual.php?domain=$fDomain"); - } else { - header ("Location: overview.php?domain=$fDomain"); - } + header ("Location: list-virtual.php?domain=$fDomain"); } exit; } diff --git a/edit-alias.php b/edit-alias.php index 80b85636..c48ab2e1 100644 --- a/edit-alias.php +++ b/edit-alias.php @@ -118,11 +118,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") { db_log ($SESSID_USERNAME, $fDomain, 'edit_alias', "$fAddress -> $goto"); - if (authentication_has_role('global-admin')) { - header ("Location: list-virtual.php?domain=$fDomain"); - } else { - header ("Location: overview.php?domain=$fDomain"); - } + header ("Location: list-virtual.php?domain=$fDomain"); exit; } } diff --git a/edit-mailbox.php b/edit-mailbox.php index aa894715..5f3d61a0 100644 --- a/edit-mailbox.php +++ b/edit-mailbox.php @@ -144,11 +144,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") else { db_log ($SESSID_USERNAME, $fDomain, 'edit_mailbox', $fUsername); - if (authentication_has_role('global-admin')) { - header ("Location: list-virtual.php?domain=$fDomain"); - } else { - header ("Location: overview.php?domain=$fDomain"); - } + header ("Location: list-virtual.php?domain=$fDomain"); exit; } } diff --git a/list-domain.php b/list-domain.php index 8def8851..0765d262 100644 --- a/list-domain.php +++ b/list-domain.php @@ -27,40 +27,27 @@ require_once('common.php'); -authentication_require_role('global-admin'); +authentication_require_role('admin'); -$list_admins = list_admins (); - -if ($_SERVER['REQUEST_METHOD'] == "GET") { - if (isset ($_GET['username'])) { - $fUsername = escape_string ($_GET['username']); - $list_domains = list_domains_for_admin ($fUsername); - if ($list_domains != 0) - { - for ($i = 0; $i < sizeof ($list_domains); $i++) - { - $domain_properties[$i] = get_domain_properties ($list_domains[$i]); - } - } - } - else - { - $list_domains = list_domains (); - if ((is_array ($list_domains) and sizeof ($list_domains) > 0)) - for ($i = 0; $i < sizeof ($list_domains); $i++) - { - $domain_properties[$i] = get_domain_properties ($list_domains[$i]); - } - } +if (authentication_has_role('global-admin')) { + $list_admins = list_admins (); + $is_superadmin = 1; +} else { + $list_admins = array(authentication_get_username()); + $is_superadmin = 0; } -if ($_SERVER['REQUEST_METHOD'] == "POST") -{ - if (isset ($_POST['fUsername'])) - { - $fUsername = escape_string ($_POST['fUsername']); - $list_domains = list_domains_for_admin ($fUsername); - } +if ($_SERVER['REQUEST_METHOD'] == "POST" && $is_superadmin && isset ($_POST['fUsername'])) { + $fUsername = escape_string ($_POST['fUsername']); + $list_domains = list_domains_for_admin ($fUsername); +} elseif ($_SERVER['REQUEST_METHOD'] == "GET" && $is_superadmin && isset ($_GET['username'])) { + $fUsername = escape_string ($_GET['username']); + $list_domains = list_domains_for_admin ($fUsername); +} elseif ($is_superadmin) { + $list_domains = list_domains (); +} else { + $list_domains = list_domains_for_admin(authentication_get_username()); +} if (!empty ($list_domains)) { @@ -69,10 +56,15 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") $domain_properties[$i] = get_domain_properties ($list_domains[$i]); } } -} +#} include ("templates/header.tpl"); include ("templates/menu.tpl"); -include ("templates/admin_list-domain.tpl"); + +if ($is_superadmin) { + include ("templates/admin_list-domain.tpl"); +} else { + include ("templates/overview-get.tpl"); +} include ("templates/footer.tpl"); ?> diff --git a/list-virtual.php b/list-virtual.php index 232a13e2..506a3fd4 100644 --- a/list-virtual.php +++ b/list-virtual.php @@ -15,7 +15,7 @@ * File: list-virtual.php * List virtual users for a domain. * - * Template File: overview.tpl + * Template File: list-virtual.tpl * * Template Variables: * @@ -31,10 +31,15 @@ require_once('common.php'); -authentication_require_role('global-admin'); - -$list_domains = list_domains (); +authentication_require_role('admin'); +if (authentication_has_role('global-admin')) { + $list_domains = list_domains (); + $is_superadmin = 1; +} else { + $list_domains = list_domains_for_admin(authentication_get_username()); + $is_superadmin = 0; +} $tAlias = array(); $tMailbox = array(); @@ -52,11 +57,20 @@ else if (isset ($_POST['limit'])) $fDisplay = intval ($_POST['limit']); } +if (count($list_domains) == 0) { +# die("no domains"); + header("Location: list-domain.php"); # no domains (for this admin at least) - redirect to domain list +} if ((is_array ($list_domains) and sizeof ($list_domains) > 0)) if (empty ($fDomain)) $fDomain = $list_domains[0]; -if ((is_array ($list_domains) and sizeof ($list_domains) > 0)) if (empty ($fDomain)) $fDomain = $list_domains[1]; +if ((is_array ($list_domains) and sizeof ($list_domains) > 0)) if (empty ($fDomain)) $fDomain = $list_domains[1]; # TODO: should never happen?!? ($fDomain should already be filled by the line above) + +if (!check_owner(authentication_get_username(), $fDomain)) { +# die($PALANG['invalid_parameter']); + header("Location: list-domain.php"); # domain not owned by this admin +} $query = "SELECT $table_alias.address,$table_alias.goto,$table_alias.modified,$table_alias.active FROM $table_alias LEFT JOIN $table_mailbox ON $table_alias.address=$table_mailbox.username WHERE $table_alias.domain='$fDomain' AND $table_mailbox.maildir IS NULL ORDER BY $table_alias.address LIMIT $fDisplay, $page_size"; if ('pgsql'==$CONF['database_type']) @@ -83,6 +97,7 @@ if ($CONF['vacation_control_admin'] == 'YES') $query = ("SELECT $table_mailbox.*, $table_vacation.active AS v_active FROM $table_mailbox LEFT JOIN $table_vacation ON $table_mailbox.username=$table_vacation.email WHERE $table_mailbox.domain='$fDomain' ORDER BY $table_mailbox.username LIMIT $fDisplay, $page_size"); if ('pgsql'==$CONF['database_type']) { + //TODO/FIXME: postgres query needs to be rewrited $query = "SELECT *,extract(epoch from created) as uts_created,extract(epoch from modified) as uts_modified FROM $table_mailbox WHERE domain='$fDomain' ORDER BY username LIMIT $page_size OFFSET $fDisplay"; } } @@ -106,7 +121,7 @@ if ($result['rows'] > 0) $row['created']=gmstrftime('%c %Z',$row['uts_created']); $row['modified']=gmstrftime('%c %Z',$row['uts_modified']); $row['active']=('t'==$row['active']) ? 1 : 0; - $row['v_active'] = 1; // default to off... + $row['v_active'] = 1; // default to off... TODO: 1 is NOT off if(isset($row['v_active'])) { /* key may not be present in results due to query from above */ $row['v_active']=('t'==$row['v_active']) ? 1 : 0; } @@ -157,7 +172,7 @@ if (isset ($limit)) { include ("templates/header.tpl"); include ("templates/menu.tpl"); -include ("templates/overview.tpl"); +include ("templates/list-virtual.tpl"); include ("templates/footer.tpl"); /* vim: set expandtab softtabstop=3 tabstop=3 shiftwidth=3: */ diff --git a/overview.php b/overview.php deleted file mode 100644 index 3fc345c5..00000000 --- a/overview.php +++ /dev/null @@ -1,249 +0,0 @@ - 0) - { - while ($row = db_array ($result['result'])) - { - if ('pgsql'==$CONF['database_type']) - { - $row['modified']=gmstrftime('%c %Z',$row['modified']); - $row['active']=('t'==$row['active']) ? 1 : 0; - } - $tAlias[] = $row; - } - } - - if ($CONF['vacation_control_admin'] == 'YES') - { - $query = ("SELECT $table_mailbox.*, $table_vacation.active AS v_active FROM $table_mailbox LEFT JOIN $table_vacation ON $table_mailbox.username=$table_vacation.email WHERE $table_mailbox.domain='$fDomain' ORDER BY $table_mailbox.username LIMIT $limitSql"); - if ('pgsql'==$CONF['database_type']) - { - //FIXME: postgres query needs to be rewrited - $query = "SELECT *,extract(epoch from created) as uts_created,extract(epoch from modified) as uts_modified FROM $table_mailbox WHERE domain='$fDomain' ORDER BY username LIMIT $limitSql"; - } - } - else - { - $query = "SELECT * FROM $table_mailbox WHERE domain='$fDomain' ORDER BY username LIMIT $limitSql"; - if ('pgsql'==$CONF['database_type']) - { - $query = "SELECT *,extract(epoch from created) as uts_created,extract(epoch from modified) as uts_modified FROM $table_mailbox WHERE domain='$fDomain' ORDER BY username LIMIT $limitSql"; - } - } - - $result = db_query ($query); - if ($result['rows'] > 0) - { - while ($row = db_array ($result['result'])) - { - if ('pgsql'==$CONF['database_type']) - { - $row['created']=gmstrftime('%c %Z',$row['uts_created']); - $row['modified']=gmstrftime('%c %Z',$row['uts_modified']); - $row['active']=('t'==$row['active']) ? 1 : 0; - if(isset($row['v_active'])) { - $row['v_active']=('t'==$row['v_active']) ? 1 : 0; - } - else { - $row['v_active'] = -1 ; //unknown; broken query above.. - } - unset($row['uts_created']); - unset($row['uts_modified']); - } - $tMailbox[] = $row; - } - } - $template = "overview.tpl"; - } - else - { - $template = "overview-get.tpl"; - } - - $tDomain = $fDomain; - - if (isset ($limit)) - { - if ($fDisplay >= $page_size) - { - $tDisplay_back_show = 1; - $tDisplay_back = $fDisplay - $page_size; - } - if (($limit['alias_count'] > $page_size) or ($limit['mailbox_count'] > $page_size)) - { - $tDisplay_up_show = 1; - } - if ((($fDisplay + $page_size) < $limit['alias_count']) or (($fDisplay + $page_size) < $limit['mailbox_count'])) - { - $tDisplay_next_show = 1; - $tDisplay_next = $fDisplay + $page_size; - } - } - - include ("./templates/header.tpl"); - include ("./templates/menu.tpl"); - include ("./templates/$template"); - include ("./templates/footer.tpl"); -} - -if ($_SERVER['REQUEST_METHOD'] == "POST") -{ - $fDisplay = 0; - $page_size = $CONF['page_size']; - - if (isset ($_POST['limit'])) $fDisplay = escape_string ($_POST['limit']); - if (isset ($_POST['domain'])) $fDomain = escape_string ($_POST['fDomain']); - - if (check_owner ($SESSID_USERNAME, escape_string ($_POST['fDomain']))) - { - $limitSql=('pgsql'==$CONF['database_type']) ? "$page_size OFFSET $fDisplay" : "$fDisplay, $page_size"; - - if ($CONF['alias_control_admin'] == "YES") - { - $query = "SELECT address,goto,modified,active FROM $table_alias WHERE domain='$fDomain' ORDER BY address LIMIT $limitSql"; - if ('pgsql'==$CONF['database_type']) - { - $query = "SELECT address,goto,extract(epoch from modified) as modified,active FROM $table_alias WHERE domain='$fDomain' ORDER BY address LIMIT $limitSql"; - } - } - else - { - $query = "SELECT $table_alias.address,$table_alias.goto,$table_alias.modified,$table_alias.active FROM $table_alias LEFT JOIN $table_mailbox ON $table_alias.address=$table_mailbox.username WHERE $table_alias.domain='$fDomain' AND $table_mailbox.maildir IS NULL ORDER BY $table_alias.address LIMIT $limitSql"; - if ('pgsql'==$CONF['database_type']) - { - $query="SELECT address,goto,extract(epoch from modified) as modified,active FROM $table_alias WHERE domain='$fDomain' AND NOT EXISTS(SELECT 1 FROM $table_mailbox WHERE username=$table_alias.address) ORDER BY address LIMIT $limitSql"; - } - } - - $result = db_query ("$query"); - if ($result['rows'] > 0) - { - while ($row = db_array ($result['result'])) - { - if ('pgsql'==$CONF['database_type']) - { - $row['modified']=gmstrftime('%c %Z',$row['modified']); - $row['active']=('t'==$row['active']) ? 1 : 0; - } - $tAlias[] = $row; - } - } - - $query = "SELECT * FROM $table_mailbox WHERE domain='$fDomain' ORDER BY username LIMIT $limitSql"; - if ('pgsql'==$CONF['database_type']) - { - $query = "SELECT *,,extract(epoch from created) as uts_created,extract(epoch from modified) as uts_modified FROM $table_mailbox WHERE domain='$fDomain' ORDER BY username LIMIT $limitSql"; - } - $result = db_query ($query); - if ($result['rows'] > 0) - { - while ($row = db_array ($result['result'])) - { - if ('pgsql'==$CONF['database_type']) - { - $row['created']=gmstrftime('%c %Z',$row['uts_created']); - $row['modified']=gmstrftime('%c %Z',$row['uts_modified']); - $row['active']=('t'==$row['active']) ? 1 : 0; - } - $tMailbox[] = $row; - } - } - } - - if (isset ($limit)) - { - if ($fDisplay >= $page_size) - { - $tDisplay_back_show = 1; - $tDisplay_back = $fDisplay - $page_size; - } - if (($limit['alias_count'] > $page_size) or ($limit['mailbox_count'] > $page_size)) - { - $tDisplay_up_show = 1; - } - if ((($fDisplay + $page_size) < $limit['alias_count']) or (($fDisplay + $page_size) < $limit['mailbox_count'])) - { - $tDisplay_next_show = 1; - $tDisplay_next = $fDisplay + $page_size; - } - } - - include ("./templates/header.tpl"); - include ("./templates/menu.tpl"); - include ("./templates/overview.tpl"); - include ("./templates/footer.tpl"); -} -/* vim: set expandtab softtabstop=3 tabstop=3 shiftwidth=3: */ -?> diff --git a/search.php b/search.php index 65e8e40d..c5559ee1 100644 --- a/search.php +++ b/search.php @@ -59,14 +59,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") if (empty ($fSearch) /* && !empty ($fGo) */) { - if (authentication_has_role('global-admin')) - { - header("Location: list-virtual.php?domain=" . $fDomain ) && exit; - } - else - { - header("Location: overview.php?domain=" . $fDomain ) && exit; - } + header("Location: list-virtual.php?domain=" . $fDomain ) && exit; } if ($CONF['alias_control_admin'] == "YES") diff --git a/templates/overview.tpl b/templates/list-virtual.tpl similarity index 89% rename from templates/overview.tpl rename to templates/list-virtual.tpl index b32daff8..a267bde1 100644 --- a/templates/overview.tpl +++ b/templates/list-virtual.tpl @@ -3,13 +3,7 @@