[Web] Add "alias_domains" ACL to prevent alias domains to add alias domains (by default!)

[Web] Edit alias domains: use select menu
[Web] Minor fixes

data/web/edit.php

@@ -413,7 +413,15 @@ if (isset($_SESSION['mailcow_cc_role'])) {
             <div class="form-group">
               <label class="control-label col-sm-2" for="target_domain"><?=$lang['edit']['target_domain'];?></label>
               <div class="col-sm-10">
-                <input type="text" class="form-control" name="target_domain" value="<?=htmlspecialchars($result['target_domain']);?>">
+                <select class="full-width-select" data-live-search="true" id="addSelectDomain" name="target_domain" required>
+                <?php
+                foreach (mailbox('get', 'domains') as $domain):
+                ?>
+                  <option <?=($result['target_domain'] != $domain) ?: 'selected';?>><?=htmlspecialchars($domain);?></option>
+                <?php
+                endforeach;
+                ?>
+                </select>
               </div>
             </div>
             <div class="form-group">

data/web/inc/functions.mailbox.inc.php

@@ -621,6 +621,14 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
           $alias_domains  = array_map('trim', preg_split( "/( |,|;|\n)/", $_data['alias_domain']));
           $alias_domains = array_filter($alias_domains);
           $target_domain = idn_to_ascii(strtolower(trim($_data['target_domain'])));
+          if (!isset($_SESSION['acl']['alias_domains']) || $_SESSION['acl']['alias_domains'] != "1" ) {
+            $_SESSION['return'][] = array(
+              'type' => 'danger',
+              'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
+              'msg' => 'access_denied'
+            );
+            return false;
+          }
           if (!is_valid_domain_name($target_domain)) {
             $_SESSION['return'][] = array(
               'type' => 'danger',
@@ -698,6 +706,9 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
               );
               return false;
             }
+            if (!empty(intval($_data['rl_value']))) {
+              ratelimit('edit', 'domain', array('rl_value' => $_data['rl_value'], 'rl_frame' => $_data['rl_frame'], 'object' => $alias_domain));
+            }
             $_SESSION['return'][] = array(
               'type' => 'success',
               'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),

data/web/inc/init_db.inc.php

@@ -3,7 +3,7 @@ function init_db_schema() {
   try {
     global $pdo;
 
-    $db_version = "03112018_1117";
+    $db_version = "14112018_0717";
 
     $stmt = $pdo->query("SHOW TABLES LIKE 'versions'");
     $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
@@ -436,6 +436,7 @@ function init_db_schema() {
           "filters" => "TINYINT(1) NOT NULL DEFAULT '1'",
           "ratelimit" => "TINYINT(1) NOT NULL DEFAULT '1'",
           "spam_policy" => "TINYINT(1) NOT NULL DEFAULT '1'",
+          "alias_domains" => "TINYINT(1) NOT NULL DEFAULT '0'",
           ),
         "keys" => array(
           "primary" => array(

data/web/js/mailcow.js

@@ -109,7 +109,11 @@ $(document).ready(function() {
   });
 
   // Disable disallowed inputs
-  $('[data-acl="0"]').each(function(){
+  $('[data-acl="0"]').each(function(event){
+    if ($(this).is("a")) {
+      $(this).removeAttr("data-toggle");
+      $(this).removeAttr("data-target");
+    }
     if ($(this).hasClass('btn-group')) {
       $(this).find('a').each(function(){
         $(this).removeClass('dropdown-toggle')

data/web/lang/lang.de.php

@@ -378,6 +378,7 @@ $lang['acl']['syncjobs'] = 'Sync Jobs';
 $lang['acl']['eas_reset'] = 'EAS-Cache zurücksetzen';
 $lang['acl']['sogo_profile_reset'] = 'SOGo Profil zurücksetzen';
 $lang['acl']['quarantine'] = 'Quarantäne';
+$lang['acl']['alias_domains'] = 'Alias-Domains hinzufügen';
 $lang['acl']['login_as'] = 'Einloggen als Mailbox-Benutzer';
 $lang['acl']['bcc_maps'] = 'BCC Maps';
 $lang['acl']['filters'] = 'Filter';

data/web/lang/lang.en.php

@@ -389,6 +389,7 @@ $lang['acl']['syncjobs'] = 'Sync jobs';
 $lang['acl']['eas_reset'] = 'Reset EAS devices';
 $lang['acl']['sogo_profile_reset'] = 'Reset SOGo profile';
 $lang['acl']['quarantine'] = 'Quarantine';
+$lang['acl']['alias_domains'] = 'Add alias domains';
 $lang['acl']['login_as'] = 'Login as mailbox user';
 $lang['acl']['bcc_maps'] = 'BCC maps';
 $lang['acl']['filters'] = 'Filters';

data/web/mailbox.php

@@ -139,7 +139,7 @@ $_SESSION['return_to'] = $_SERVER['REQUEST_URI'];
                   <li role="separator" class="divider"></li>
                   <li><a data-action="delete_selected" data-id="alias-domain" data-api-url='delete/alias-domain' href="#"><?=$lang['mailbox']['remove'];?></a></li>
                 </ul>
-                <a class="btn btn-sm btn-success" href="#" data-toggle="modal" data-target="#addAliasDomainModal"><span class="glyphicon glyphicon-plus"></span> <?=$lang['mailbox']['add_domain_alias'];?></a>
+                <a class="btn btn-sm btn-success" href="#" data-acl="<?=$_SESSION['acl']['alias_domains'];?>" data-toggle="modal" data-target="#addAliasDomainModal"><span class="glyphicon glyphicon-plus"></span> <?=$lang['mailbox']['add_domain_alias'];?></a>
               </div>
             </div>
           </div>

data/web/modals/mailbox.php

@@ -131,7 +131,7 @@ if (!isset($_SESSION['mailcow_cc_role'])) {
 					</div>
           <hr>
 					<div class="form-group">
-						<label class="control-label col-sm-2" for="quota">Ratelimit</label>
+						<label class="control-label col-sm-2" for="rl_frame">Ratelimit</label>
             <div class="col-sm-7">
             <input name="rl_value" type="number" value="<?=(!empty($rl['value'])) ? $rl['value'] : null;?>" class="form-control" placeholder="disabled">
             </div>
@@ -326,6 +326,20 @@ if (!isset($_SESSION['mailcow_cc_role'])) {
 							</div>
 						</div>
 					</div>
+          <hr>
+					<div class="form-group">
+						<label class="control-label col-sm-2" for="rl_frame">Ratelimit</label>
+            <div class="col-sm-7">
+            <input name="rl_value" type="number" value="<?=(!empty($rl['value'])) ? $rl['value'] : null;?>" class="form-control" placeholder="disabled">
+            </div>
+            <div class="col-sm-3">
+            <select name="rl_frame" class="form-control">
+              <option value="s" <?=(isset($rl['frame']) && $rl['frame'] == 's') ? 'selected' : null;?>>msgs / second</option>
+              <option value="m" <?=(isset($rl['frame']) && $rl['frame'] == 'm') ? 'selected' : null;?>>msgs / minute</option>
+              <option value="h" <?=(isset($rl['frame']) && $rl['frame'] == 'h') ? 'selected' : null;?>>msgs / hour</option>
+            </select>
+            </div>
+          </div>
 					<div class="form-group">
 						<div class="col-sm-offset-2 col-sm-10">
               <button class="btn btn-default" data-action="add_item" data-id="add_alias_domain" data-api-url='add/alias-domain' data-api-attr='{}' href="#"><?=$lang['admin']['add'];?></button>