|
From: SourceForge.net <no...@so...> - 2011-01-05 18:53:17
|
Patches item #2686611, was opened at 2009-03-14 00:48 Message generated for change (Settings changed) made by christian_boltz You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937966&aid=2686611&group_id=191583 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. >Category: Core >Group: SVN (please specify revision!) Status: Open Resolution: None Priority: 5 Private: No Submitted By: Christian Boltz (christian_boltz) Assigned to: Nobody/Anonymous (nobody) Summary: allow disabling changing password / forwarding for users Initial Comment: Comment from libertytrek in https://sourceforge.net/tracker2/?func=detail&atid=937966&aid=2678293&group_id=191583 ---------------------------------------------------------------------- I actually don't WANT the users to be able to change their passwords for one server I manage... passwords are assigned and periodically changed... I had to modify the users template to remove the code allowing them to change their passwords AND the code allowing them to create forwarders (this was being heavily abused)... but I did want them to still be able to manage their vacation message... ---------------------------------------------------------------------- @libertytrek: come on - it isn't that difficult ;-) There are two methods to disable code sections based on a $CONF variable: a) if you want to disable a small section (for example the menu entry), wrap it in an if block: if (boolconf('users_password_control')) { ... code printing the menu item ... } b) to disable the whole file, add the following section at the beginning if( !boolconf('users_password_control') ) { header("Location: " . $CONF['postfix_admin_url'] . "/users/main.php"); exit(0); } And yes, I really want to see a patch from you. Even if it isn't perfect, it makes it easier for me than doing all the needed changes myself. At least I see which code sections need to be changed ;-) ---------------------------------------------------------------------- Comment By: Christian Boltz (christian_boltz) Date: 2011-01-05 19:53 Message: Looks like people not involved with a tracker item are not allowed to submit patches :-/ therefore libertytrek mailed them to me. Thanks! The patches (against 2.3.x) look good, however a user could still change his alias or password by just entering "edit-alias.php" or "password.php" in the browser. I'm quite sure that's not what you want *g* Solution: add a check as described in part b) of the summary. No need to submit a patch for this, I can do it myself ;-) ---------------------------------------------------------------------- Comment By: Charles (libertytrek) Date: 2011-01-03 23:57 Message: Ummm... now what... i can't attach any files... what am i missing? ---------------------------------------------------------------------- Comment By: Charles (libertytrek) Date: 2011-01-03 23:56 Message: Ok... almost two years to complete my first two itty bitty patches... not too promising... ;) ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937966&aid=2686611&group_id=191583 |
