diff --git a/CHANGES b/CHANGES index 4f185baf4..faed875e9 100644 --- a/CHANGES +++ b/CHANGES @@ -2399,3 +2399,6 @@ * backups: fix issue where mail backups where not cleaned up * notifications: fix automatic app update notifications +[7.1.0] +* Add mail manager role + diff --git a/src/server.js b/src/server.js index 4b3ed03ce..dd7e18c6e 100644 --- a/src/server.js +++ b/src/server.js @@ -86,6 +86,7 @@ function initializeExpressSync() { const authorizeAdmin = routes.accesscontrol.authorize(users.ROLE_ADMIN); const authorizeOperator = routes.accesscontrol.authorizeOperator; const authorizeUserManager = routes.accesscontrol.authorize(users.ROLE_USER_MANAGER); + const authorizeMailManager = routes.accesscontrol.authorize(users.ROLE_MAIL_MANAGER); // public routes router.post('/api/v1/cloudron/setup', json, routes.provision.setupTokenAuth, routes.provision.providerTokenAuth, routes.provision.setup); // only available until no-domain @@ -265,8 +266,8 @@ function initializeExpressSync() { // email routes router.get ('/api/v1/mailserver/eventlog', token, authorizeOwner, routes.mailserver.proxy); - router.get ('/api/v1/mailserver/usage', token, authorizeAdmin, routes.mailserver.proxy); router.post('/api/v1/mailserver/clear_eventlog', token, authorizeOwner, routes.mailserver.proxy); + router.use ('/api/v1/mailserver/files/*', token, authorizeOwner, routes.filemanager.proxy('mail')); router.get ('/api/v1/mailserver/location', token, authorizeAdmin, routes.mailserver.getLocation); router.post('/api/v1/mailserver/location', json, token, authorizeAdmin, routes.mailserver.setLocation); router.get ('/api/v1/mailserver/max_email_size', token, authorizeAdmin, routes.mailserver.proxy); @@ -279,29 +280,29 @@ function initializeExpressSync() { router.post('/api/v1/mailserver/dnsbl_config', token, authorizeAdmin, routes.mailserver.proxy); router.get ('/api/v1/mailserver/solr_config', token, authorizeAdmin, routes.mailserver.proxy); router.post('/api/v1/mailserver/solr_config', token, authorizeAdmin, routes.mailserver.proxy, routes.mailserver.restart); - router.use ('/api/v1/mailserver/files/*', token, authorizeOwner, routes.filemanager.proxy('mail')); + router.get ('/api/v1/mailserver/usage', token, authorizeMailManager, routes.mailserver.proxy); - router.get ('/api/v1/mail/:domain', token, authorizeAdmin, routes.mail.getDomain); - router.get ('/api/v1/mail/:domain/status', token, authorizeAdmin, routes.mail.getStatus); - router.post('/api/v1/mail/:domain/mail_from_validation', json, token, authorizeAdmin, routes.mail.setMailFromValidation); - router.post('/api/v1/mail/:domain/catch_all', json, token, authorizeAdmin, routes.mail.setCatchAllAddress); - router.post('/api/v1/mail/:domain/relay', json, token, authorizeAdmin, routes.mail.setMailRelay); + router.get ('/api/v1/mail/:domain', token, authorizeMailManager, routes.mail.getDomain); router.post('/api/v1/mail/:domain/enable', json, token, authorizeAdmin, routes.mail.setMailEnabled); - router.post('/api/v1/mail/:domain/banner', json, token, authorizeAdmin, routes.mail.setBanner); - router.post('/api/v1/mail/:domain/send_test_mail', json, token, authorizeAdmin, routes.mail.sendTestMail); - router.get ('/api/v1/mail/:domain/mailbox_count', token, authorizeAdmin, routes.mail.getMailboxCount); - router.get ('/api/v1/mail/:domain/mailboxes', token, authorizeAdmin, routes.mail.listMailboxes); - router.get ('/api/v1/mail/:domain/mailboxes/:name', token, authorizeAdmin, routes.mail.getMailbox); - router.post('/api/v1/mail/:domain/mailboxes', json, token, authorizeAdmin, routes.mail.addMailbox); - router.post('/api/v1/mail/:domain/mailboxes/:name', json, token, authorizeAdmin, routes.mail.updateMailbox); - router.del ('/api/v1/mail/:domain/mailboxes/:name', json, token, authorizeAdmin, routes.mail.delMailbox); - router.get ('/api/v1/mail/:domain/mailboxes/:name/aliases', token, authorizeAdmin, routes.mail.getAliases); - router.put ('/api/v1/mail/:domain/mailboxes/:name/aliases', json, token, authorizeAdmin, routes.mail.setAliases); - router.get ('/api/v1/mail/:domain/lists', token, authorizeAdmin, routes.mail.getLists); - router.post('/api/v1/mail/:domain/lists', json, token, authorizeAdmin, routes.mail.addList); - router.get ('/api/v1/mail/:domain/lists/:name', token, authorizeAdmin, routes.mail.getList); - router.post('/api/v1/mail/:domain/lists/:name', json, token, authorizeAdmin, routes.mail.updateList); - router.del ('/api/v1/mail/:domain/lists/:name', token, authorizeAdmin, routes.mail.delList); + router.get ('/api/v1/mail/:domain/status', token, authorizeMailManager, routes.mail.getStatus); + router.post('/api/v1/mail/:domain/mail_from_validation', json, token, authorizeAdmin, routes.mail.setMailFromValidation); + router.post('/api/v1/mail/:domain/catch_all', json, token, authorizeMailManager, routes.mail.setCatchAllAddress); + router.post('/api/v1/mail/:domain/relay', json, token, authorizeAdmin, routes.mail.setMailRelay); + router.post('/api/v1/mail/:domain/banner', json, token, authorizeMailManager, routes.mail.setBanner); + router.post('/api/v1/mail/:domain/send_test_mail', json, token, authorizeMailManager, routes.mail.sendTestMail); + router.get ('/api/v1/mail/:domain/mailbox_count', token, authorizeMailManager, routes.mail.getMailboxCount); + router.get ('/api/v1/mail/:domain/mailboxes', token, authorizeMailManager, routes.mail.listMailboxes); + router.get ('/api/v1/mail/:domain/mailboxes/:name', token, authorizeMailManager, routes.mail.getMailbox); + router.post('/api/v1/mail/:domain/mailboxes', json, token, authorizeMailManager, routes.mail.addMailbox); + router.post('/api/v1/mail/:domain/mailboxes/:name', json, token, authorizeMailManager, routes.mail.updateMailbox); + router.del ('/api/v1/mail/:domain/mailboxes/:name', json, token, authorizeMailManager, routes.mail.delMailbox); + router.get ('/api/v1/mail/:domain/mailboxes/:name/aliases', token, authorizeMailManager, routes.mail.getAliases); + router.put ('/api/v1/mail/:domain/mailboxes/:name/aliases', json, token, authorizeMailManager, routes.mail.setAliases); + router.get ('/api/v1/mail/:domain/lists', token, authorizeMailManager, routes.mail.getLists); + router.post('/api/v1/mail/:domain/lists', json, token, authorizeMailManager, routes.mail.addList); + router.get ('/api/v1/mail/:domain/lists/:name', token, authorizeMailManager, routes.mail.getList); + router.post('/api/v1/mail/:domain/lists/:name', json, token, authorizeMailManager, routes.mail.updateList); + router.del ('/api/v1/mail/:domain/lists/:name', token, authorizeMailManager, routes.mail.delList); // support routes router.post('/api/v1/support/ticket', json, token, authorizeAdmin, routes.support.canCreateTicket, routes.support.createTicket); diff --git a/src/users.js b/src/users.js index f1165c65b..52cb18866 100644 --- a/src/users.js +++ b/src/users.js @@ -55,11 +55,12 @@ exports = module.exports = { ROLE_ADMIN: 'admin', ROLE_USER: 'user', ROLE_USER_MANAGER: 'usermanager', + ROLE_MAIL_MANAGER: 'mailmanager', ROLE_OWNER: 'owner', compareRoles, }; -const ORDERED_ROLES = [ exports.ROLE_USER, exports.ROLE_USER_MANAGER, exports.ROLE_ADMIN, exports.ROLE_OWNER ]; +const ORDERED_ROLES = [ exports.ROLE_USER, exports.ROLE_USER_MANAGER, exports.ROLE_MAIL_MANAGER, exports.ROLE_ADMIN, exports.ROLE_OWNER ]; // the avatar field is special and not added here to reduce response sizes const USERS_FIELDS = [ 'id', 'username', 'email', 'fallbackEmail', 'password', 'salt', 'creationTime', 'inviteToken', 'resetToken', 'displayName',