-
Notifications
You must be signed in to change notification settings - Fork 285
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Missing validation for forward creation? #572
Comments
I wouldn't expect the domain omission to be the problem. |
the code implies your user doesn't have permission to edit the alias; does it have permission to modify the domain in question? |
Yes, I created the forwards while logged in as the user that is unable to edit them. Lines 263 to 273 in 5207253
I think this is what causes the issue, as I created |
when I login as an admin for a specific domain (in my case, just 'example.com' - so NOT a superadmin) - I see the same - where I can't edit e.g default aliases that were added when the domain was created. |
So at least for me, if i'm not a super-admin and the alias target is one of the ones defined in `special_aliases' ( https://github.com/postfixadmin/postfixadmin/blob/master/config.inc.php#L268 ) then edit permission is removed. |
the code that's turning off editability is here - postfixadmin/model/AliasHandler.php Line 346 in 52ed517
|
Looks like a different page compared to the admin one. Is perhaps address validation only implemented for the user one?
I unchecked the option to automatically create default aliases when I added the domain as superadmin. As default aliases are only supposed to be modifiable by a superadmin (unless |
I accidentally created a few forwards without specifying the domain, resulting in the following:
I'm unable to edit 3 out of 4 entries. Crafting the edit link and submitting changes:
If I log in as superadmin I'm able to edit all forwards.
Please note that the domain omission doesn't seem to be the cause because after adding it as superuser I'm still unable to edit the forward from the "normal" admin account.
The text was updated successfully, but these errors were encountered: