From 4c45f65801688881b0a9a1709cfa1a5f03d2cfc4 Mon Sep 17 00:00:00 2001 From: Ralf Becker Date: Wed, 5 Feb 2014 20:20:02 +0000 Subject: [PATCH] mail config to deny access to certain features --- mail/inc/class.mail_hooks.inc.php | 66 ++++++++++++++++++++---- mail/inc/class.mail_ui.inc.php | 19 ++++++- mail/templates/default/config.tpl | 84 +++++++++++++++++++++++-------- 3 files changed, 136 insertions(+), 33 deletions(-) diff --git a/mail/inc/class.mail_hooks.inc.php b/mail/inc/class.mail_hooks.inc.php index d407fc3803..a3dc855eeb 100644 --- a/mail/inc/class.mail_hooks.inc.php +++ b/mail/inc/class.mail_hooks.inc.php @@ -512,7 +512,7 @@ class mail_hooks 'xmlrpc' => False, 'admin' => False ), - 'prefpreventmanagefolders' => array( + /*'prefpreventmanagefolders' => array( 'type' => 'select', 'label' => 'Prevent managing folders', 'help' => 'Do you want to prevent the managing of folders (creation, accessrights AND subscribtion)?', @@ -571,7 +571,7 @@ class mail_hooks 'xmlrpc' => True, 'admin' => False, 'forced' => '0', - ), + ),*/ 'notavailableautofolders' => array( 'type' => 'multiselect', 'label' => 'do not auto create folders', @@ -691,15 +691,18 @@ class mail_hooks } // create account wizard - $file += array( - 'create new account' => "javascript:egw_openWindowCentered2('" . - egw::link('/index.php', array('menuaction' => 'mail.mail_wizard.add'), ''). - "','_blank',640,480,'yes')", - ); - - if ($preferences['prefcontroltestconnection'] <> 'none') $file['Test Connection'] = egw::link('/index.php','menuaction=mail.mail_ui.TestConnection&appname=mail'); - - + if (self::access('createaccount')) + { + $file += array( + 'create new account' => "javascript:egw_openWindowCentered2('" . + egw::link('/index.php', array('menuaction' => 'mail.mail_wizard.add'), ''). + "','_blank',640,480,'yes')", + ); + } + if (self::access('testconnection')) + { + $file['Test Connection'] = egw::link('/index.php','menuaction=mail.mail_ui.TestConnection&appname=mail'); + } // display them all display_sidebox($appname,$menu_title,$file); @@ -862,4 +865,45 @@ class mail_hooks egw_cache::setCache(egw_cache::INSTANCE,'email','notified_mail_uids'.trim($GLOBALS['egw_info']['user']['account_id']),$notified_mail_uidsCache, $expiration=60*60*24*2); return true; } + + /** + * Hook returning options for deny_* groups + * + * @param string $name function name + * @param array $arguments + * @return string html + */ + public static function __callStatic($name, $arguments) + { + if (substr($name, 0, 5) != 'deny_') + { + throw new egw_exception_wrong_parameter("No method $name!"); + } + $accountsel = new uiaccountsel(); + + return ''. + $accountsel->selection('newsettings['.$name.']', 'deny_prefs', $arguments[0][$name], 'groups', 4); + } + + /** + * Check if current user has access to a specific feature + * + * Example: if (!mail_hooks::access("managerfolders")) return; + * + * @param string $feature "createaccounts", "managefolders", "forwards", "notifications", "filters", + * "notificationformailviaemail", "editfilterrules", "absentnotice", "testconnection", "aclmanagement" + * @return boolean true if user has access, false if not + */ + public static function access($feature) + { + static $config=null; + if (!isset($config)) $config = (array)config::read('mail'); + + if (!empty($config['deny_'.$feature])) + { + $denied_groups = explode(',', $config['deny_'.$feature]); + return array_intersect($denied_groups, $GLOBALS['egw']->accounts->memberships($GLOBALS['egw_info']['user']['account_id'], true)); + } + return true; + } } diff --git a/mail/inc/class.mail_ui.inc.php b/mail/inc/class.mail_ui.inc.php index 205ef761d9..2f4230baba 100644 --- a/mail/inc/class.mail_ui.inc.php +++ b/mail/inc/class.mail_ui.inc.php @@ -410,12 +410,27 @@ class mail_ui ); } - if (!$this->mail_bo->icServer->queryCapability('ACL')) unset($tree_actions['edit_acl']); - if (!$this->mail_bo->icServer->acc_sieve_enabled) + // enforce global (group-specific) ACL + if (!$this->mail_bo->icServer->queryCapability('ACL') || !mail_hooks::access('aclmanagement')) + { + unset($tree_actions['edit_acl']); + } + if (!$this->mail_bo->icServer->acc_sieve_enabled || !mail_hooks::access('editfilterrules')) { unset($tree_actions['sieve']); + } + if (!$this->mail_bo->icServer->acc_sieve_enabled || !mail_hooks::access('absentnotice')) + { unset($tree_actions['vacation']); } + if (!mail_hooks::access('managefolders')) + { + unset($tree_actions['add']); + unset($tree_actions['move']); + unset($tree_actions['delete']); + unset($tree_actions['subscribe']); + unset($tree_actions['unsubscribe']); + } $etpl->setElementAttribute(self::$nm_index.'[foldertree]','actions', $tree_actions); diff --git a/mail/templates/default/config.tpl b/mail/templates/default/config.tpl index 2cb0737447..b1b9e1e192 100755 --- a/mail/templates/default/config.tpl +++ b/mail/templates/default/config.tpl @@ -11,10 +11,13 @@ -  {lang_felamimail} - {lang_acl} + {lang_General} -  {lang_display_of_identities}: + + {lang_display_of_identities}
+ {lang_how_should_the_available_information_on_identities_be_displayed} + - -  {lang_how_should_the_available_information_on_identities_be_displayed} + + {lang_Deny_certain_groups_access_to_following_features} -  {lang_restrict_acl_management}: - - + + {lang_Create_new_account} + {call_mail_hooks::deny_createaccount} -  {lang_effective_only_if_server_supports_ACL_at_all} + + {lang_Prevent_managing_folders}
+ {lang_Do_you_want_to_prevent_the_managing_of_folders_(creation,_accessrights_AND_subscribtion)?} + + {call_mail_hooks::deny_managefolders} + + + + {lang_Prevent_managing_forwards}
+ {lang_Do_you_want_to_prevent_the_editing/setup_for_forwarding_of_mails_via_settings_(,_even_if_SIEVE_is_enabled)?} + + {call_mail_hooks::deny_forwards} + + + + {lang_Prevent_managing_notifications}
+ {lang_Do_you_want_to_prevent_the_editing/setup_of_notification_by_mail_to_other_emailadresses_if_emails_arrive_(,_even_if_SIEVE_is_enabled)?} + + {call_mail_hooks::deny_notificationformailviaemail} + + + + {lang_Prevent_managing_filters}
+ {lang_Do_you_want_to_prevent_the_editing/setup_of_filter_rules_(,_even_if_SIEVE_is_enabled)?} + + {call_mail_hooks::deny_editfilterrules} + + + + {lang_Prevent_managing_vacation_notice}
+ {lang_Do_you_want_to_prevent_the_editing/setup_of_the_absent/vacation_notice_(,_even_if_SIEVE_is_enabled)?} + + {call_mail_hooks::deny_absentnotice} + + + + {lang_Test_connection}
+ {lang_Show_Test_Connection_section_and_control_the_level_of_info_displayed??} + + {call_mail_hooks::deny_testconnection} + + + + {lang_restrict_acl_management}
+ {lang_effective_only_if_server_supports_ACL_at_all} + + {call_mail_hooks::deny_aclmanagement} -  {lang_felamimail} - {lang_sieve} + {lang_felamimail} - {lang_sieve} -  {lang_vacation_notice}: + + {lang_vacation_notice}
+ {lang_provide_a_default_vacation_text,_(used_on_new_vacation_messages_when_there_was_no_message_set_up_previously)} + - - -  {lang_provide_a_default_vacation_text,_(used_on_new_vacation_messages_when_there_was_no_message_set_up_previously)} - - - - + + {submit}{cancel}