From 90bee4977612bef81e40a35f643b40830715ee6c Mon Sep 17 00:00:00 2001
From: Jesse Norell <jesse@kci.net>
Date: Thu, 14 Jan 2021 10:09:28 -0700
Subject: [PATCH] allow client to use mail blacklist

---
 .../web/mail/form/mail_blacklist.tform.php    |  3 ++
 .../web/mail/form/mail_whitelist.tform.php    |  2 +-
 .../web/mail/list/mail_blacklist.list.php     | 13 +++++-
 .../web/mail/list/mail_whitelist.list.php     | 27 +++++------
 interface/web/mail/mail_blacklist_del.php     |  3 --
 interface/web/mail/mail_blacklist_edit.php    | 46 +++++++++++--------
 interface/web/mail/mail_blacklist_list.php    |  2 -
 interface/web/mail/mail_whitelist_edit.php    |  1 -
 8 files changed, 53 insertions(+), 44 deletions(-)

diff --git a/interface/web/mail/form/mail_blacklist.tform.php b/interface/web/mail/form/mail_blacklist.tform.php
index 957f35b95b..df29fbd6d9 100644
--- a/interface/web/mail/form/mail_blacklist.tform.php
+++ b/interface/web/mail/form/mail_blacklist.tform.php
@@ -112,5 +112,8 @@ $form["tabs"]['blacklist'] = array (
 	)
 );
 
+if (! $app->auth->is_admin()) {
+	$form['tabs']['blacklist']['fields']['type']['value'] = array('recipient' => 'Recipient', 'sender' => 'Sender');
+}
 
 ?>
diff --git a/interface/web/mail/form/mail_whitelist.tform.php b/interface/web/mail/form/mail_whitelist.tform.php
index d4b9baf742..8b570e449d 100644
--- a/interface/web/mail/form/mail_whitelist.tform.php
+++ b/interface/web/mail/form/mail_whitelist.tform.php
@@ -119,7 +119,7 @@ $form["tabs"]['whitelist'] = array (
 );
 
 if (! $app->auth->is_admin()) {
-	$form["tabs"]['whitelist']['fields']['type']['value'] = array('recipient' => 'Recipient', 'sender' => 'Sender');
+	$form['tabs']['whitelist']['fields']['type']['value'] = array('recipient' => 'Recipient', 'sender' => 'Sender');
 }
 
 
diff --git a/interface/web/mail/list/mail_blacklist.list.php b/interface/web/mail/list/mail_blacklist.list.php
index a2f3997fd7..6f92c0465f 100644
--- a/interface/web/mail/list/mail_blacklist.list.php
+++ b/interface/web/mail/list/mail_blacklist.list.php
@@ -78,10 +78,20 @@ $liste["item"][] = array( 'field'  => "source",
 	'op'  => "like",
 	'prefix' => "%",
 	'suffix' => "%",
+	'datasource' => array (  'type' => 'SQL',
+		'querystring' => 'SELECT access_id,source FROM mail_access WHERE {AUTHSQL} ORDER BY source',
+		'keyfield'=> 'access_id',
+		'valuefield'=> 'source'
+	),
 	'width'  => "",
 	'value'  => "");
 
 
+if ($app->auth->is_admin()) {
+	$type_values[] = array('recipient' => 'Recipient', 'sender' => 'Sender', 'client' => 'Client');
+} else {
+	$type_values[] = array('recipient' => 'Recipient', 'sender' => 'Sender');
+}
 $liste["item"][] = array( 'field'  => "type",
 	'datatype' => "VARCHAR",
 	'formtype' => "SELECT",
@@ -89,7 +99,6 @@ $liste["item"][] = array( 'field'  => "type",
 	'prefix' => "",
 	'suffix' => "",
 	'width'  => "",
-	'value'  => array('recipient' => 'Recipient', 'sender' => 'Sender', 'client' => 'Client'));
-
+	'value'  => $type_values);
 
 ?>
diff --git a/interface/web/mail/list/mail_whitelist.list.php b/interface/web/mail/list/mail_whitelist.list.php
index 61f1d9f261..e8a345c10e 100644
--- a/interface/web/mail/list/mail_whitelist.list.php
+++ b/interface/web/mail/list/mail_whitelist.list.php
@@ -86,24 +86,19 @@ $liste["item"][] = array( 'field'  => "source",
 	'width'  => "",
 	'value'  => "");
 
+
 if ($app->auth->is_admin()) {
-	$liste["item"][] = array( 'field'  => "type",
-		'datatype' => "VARCHAR",
-		'formtype' => "SELECT",
-		'op'  => "=",
-		'prefix' => "",
-		'suffix' => "",
-		'width'  => "",
-		'value'  => array('recipient' => 'recipient_txt', 'sender' => 'sender_txt', 'client' => 'client_txt'));
+	$type_values[] = array('recipient' => 'Recipient', 'sender' => 'Sender', 'client' => 'Client');
 } else {
-	$liste["item"][] = array( 'field'  => "type",
-		'datatype' => "VARCHAR",
-		'formtype' => "SELECT",
-		'op'  => "=",
-		'prefix' => "",
-		'suffix' => "",
-		'width'  => "",
-		'value'  => array('recipient' => 'recipient_txt', 'sender' => 'sender_txt'));
+	$type_values[] = array('recipient' => 'Recipient', 'sender' => 'Sender');
 }
+$liste["item"][] = array( 'field'  => "type",
+	'datatype' => "VARCHAR",
+	'formtype' => "SELECT",
+	'op'  => "=",
+	'prefix' => "",
+	'suffix' => "",
+	'width'  => "",
+	'value'  => $type_values);
 
 ?>
diff --git a/interface/web/mail/mail_blacklist_del.php b/interface/web/mail/mail_blacklist_del.php
index aa671c4887..3cb83a50a0 100644
--- a/interface/web/mail/mail_blacklist_del.php
+++ b/interface/web/mail/mail_blacklist_del.php
@@ -42,9 +42,6 @@ $tform_def_file = "form/mail_blacklist.tform.php";
 require_once '../../lib/config.inc.php';
 require_once '../../lib/app.inc.php';
 
-
-if($_SESSION["s"]["user"]["typ"] != 'admin') $app->error('This function needs admin privileges');
-
 //* Check permissions for module
 $app->auth->check_module_permissions('mail');
 
diff --git a/interface/web/mail/mail_blacklist_edit.php b/interface/web/mail/mail_blacklist_edit.php
index b86729b919..1ad8d6affd 100644
--- a/interface/web/mail/mail_blacklist_edit.php
+++ b/interface/web/mail/mail_blacklist_edit.php
@@ -50,36 +50,44 @@ $app->load('tform_actions');
 
 class page_action extends tform_actions {
 
-	function onShowNew() {
-		global $app, $conf;
-
-		if($_SESSION["s"]["user"]["typ"] != 'admin') die('This function needs admin privileges');
-		parent::onShowNew();
-	}
-
+	protected $client_allowed_types = array( 'recipient', 'sender' );
 
 	function onBeforeUpdate() {
 		global $app, $conf;
 
-		if($_SESSION["s"]["user"]["typ"] != 'admin') die('This function needs admin privileges');
-
 		//* Check if the server has been changed
-		// We do this only for the admin or reseller users, as normal clients can not change the server ID anyway
-		if($_SESSION["s"]["user"]["typ"] == 'admin' || $app->auth->has_clients($_SESSION['s']['user']['userid'])) {
-			$rec = $app->db->queryOneRecord("SELECT server_id from mail_access WHERE access_id = ?", $this->id);
-			if($rec['server_id'] != $this->dataRecord["server_id"]) {
-				//* Add a error message and switch back to old server
-				$app->tform->errorMessage .= $app->lng('The Server can not be changed.');
-				$this->dataRecord["server_id"] = $rec['server_id'];
-			}
-			unset($rec);
+		$rec = $app->db->queryOneRecord("SELECT server_id from mail_access WHERE access_id = ?", $this->id);
+		if($rec['server_id'] != $this->dataRecord["server_id"]) {
+			//* Add a error message and switch back to old server
+			$app->tform->errorMessage .= $app->lng('The Server can not be changed.');
+			$this->dataRecord["server_id"] = $rec['server_id'];
 		}
+		unset($rec);
 	}
 
 	function onSubmit() {
 		global $app, $conf;
 
-		if($_SESSION["s"]["user"]["typ"] != 'admin') die('This function needs admin privileges');
+		// Non-admin checks
+		if($_SESSION["s"]["user"]["typ"] != 'admin') {
+			// Non-admin can only use type 'sender' or 'recipient' and address must belong to the client's domains
+			if(! in_array($this->dataRecord["type"], $this->client_allowed_types)) {
+				$app->tform->errorMessage .= $app->lng('Blacklist type requires admin permissions');
+			}
+			// address must be valid email
+			if(! filter_var( $this->dataRecord["source"], FILTER_VALIDATE_EMAIL )) {
+				$app->tform->errorMessage .= $app->lng('Invalid address: must be a valid email address');
+			}
+			$tmp = explode('@', $this->dataRecord["source"]);
+			$domain = trim( array_pop($tmp) );
+			$AUTHSQL = $app->tform->getAuthSQL('r');
+			$rec = $app->db->queryOneRecord("SELECT domain_id from mail_domain WHERE ${AUTHSQL} AND domain = ?", $domain);
+			// address must belong to the client's domains
+			if(! (is_array($rec) && isset($rec['domain_id']) && is_numeric($rec['domain_id']))) {
+				$app->tform->errorMessage .= $app->lng('Invalid address: you have no permission for this domain.');
+			}
+			unset($rec);
+		}
 		
 		if(substr($this->dataRecord['source'], 0, 1) === '@') $this->dataRecord['source'] = substr($this->dataRecord['source'], 1);
 		
diff --git a/interface/web/mail/mail_blacklist_list.php b/interface/web/mail/mail_blacklist_list.php
index ecb24d867c..cf1e50ddaa 100644
--- a/interface/web/mail/mail_blacklist_list.php
+++ b/interface/web/mail/mail_blacklist_list.php
@@ -12,8 +12,6 @@ $list_def_file = "list/mail_blacklist.list.php";
 * End Form configuration
 ******************************************/
 
-if($_SESSION["s"]["user"]["typ"] != 'admin') $app->error('This function needs admin privileges');
-
 //* Check permissions for module
 $app->auth->check_module_permissions('mail');
 
diff --git a/interface/web/mail/mail_whitelist_edit.php b/interface/web/mail/mail_whitelist_edit.php
index 37aaf25754..52106c1882 100644
--- a/interface/web/mail/mail_whitelist_edit.php
+++ b/interface/web/mail/mail_whitelist_edit.php
@@ -56,7 +56,6 @@ class page_action extends tform_actions {
 		global $app, $conf;
 
 		//* Check if the server has been changed
-		// We do this only for the admin or reseller users, as normal clients can not change the server ID anyway
 		$rec = $app->db->queryOneRecord("SELECT server_id from mail_access WHERE access_id = ?", $this->id);
 		if($rec['server_id'] != $this->dataRecord["server_id"]) {
 			//* Add a error message and switch back to old server
-- 
GitLab