Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add possibility to allow/disallow main email, email alias and email forward form portal #1997

Open
wants to merge 5 commits into
base: dev
Choose a base branch
from
Open

Add possibility to allow/disallow main email, email alias and email forward form portal #1997

wants to merge 5 commits into from
+91 −7

Conversation

Josue-T
Copy link
Contributor

@Josue-T Josue-T commented Nov 9, 2024
edited
Loading

PR related to: YunoHost/yunohost-portal#21

The problem

In Yunohost portal, user is always allowed to edit the mail alias and mail forward rule.

In some instance it could be a security issue to allow to edit by example the mail alias.

Solution

Add 3 new Yunohost settings to define if the user is allowed to edit

  • the main email
  • the mail alias
  • the mail forward

PR Status

Tested locally it work

How to test

  • Checkout the branch on yunohost and yunhost-portal
  • Allow the 3 rules in "Tools" > "Yunohost settings" > "Portal" from admin
  • Test that from the yunohost portal, the user can edit everything.
  • Disallow the 3 rules in "Tools" > "Yunohost settings" > "Portal" from admin
  • Test that from the yunohost portal, the user can't edit everything.

@Josue-T Josue-T requested a review from alexAubin November 9, 2024 20:23
@Josue-T Josue-T mentioned this pull request Nov 9, 2024
Open
@Josue-T Josue-T requested review from alexAubin and removed request for alexAubin November 28, 2024 06:53
@zamentur
Copy link
Member

On instances with a lot of users, the problem is that it's possible for a user to define alias like [email protected]... or to create emails near other user emails [email protected] even if [email protected] exists for an other user.

zamentur
zamentur reviewed Jan 29, 2025
View reviewed changes
src/portal.py Outdated Show resolved Hide resolved
zamentur
zamentur reviewed Jan 29, 2025
View reviewed changes
src/settings.py
"allow_edit_email_alias": portal_allow_edit_email_alias,
"allow_edit_email_forward":portal_allow_edit_email_forward
}, sort_keys=True, indent=4
)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this should already managed by ConfigPanel. It doesn't work without ?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The issue currently is that we store 2 config at different places. One global setting which is not accessible by the portal API and an other one more specific to the portal api which is accessible by the portal api (and which is specific to the domain).

The issue currently is that to me this setting is expected to be global it don't really make sens to be different between 2 domain as it's also a security thing. So I added this parameters in the global setting. But this can't be read by the config panel. So it's why I added one global config for the portal API (sychromized from the global setting) so the portal api can read the config.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zamentur zamentur zamentur left review comments

@alexAubin alexAubin Awaiting requested review from alexAubin

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Josue-T @zamentur