Maildomain created by admin wont belong to client

Discussion in 'ISPConfig 3 Priority Support' started by atle, Mar 3, 2021.

  1. atle

    atle Member HowtoForge Supporter

    When a Mail domain is created by admin through gui, the wedomain sys_userid wont be the one of the client, only sys_groupid becomes that.

    Is this by design?

    This causes some problems, amongst other with API,
    PHP:
    $session->mail_domain_get(['sys_userid' => $sys_userid]);
    wont return any result. Client wont be able to delete mail domain either.



    [​IMG]

    [​IMG]
     
    Last edited: Mar 3, 2021
  2. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    It is by design, as the are times when you don't want a client to be able to break things, so you create them as admin to prevent that. I believe you have to change the database fields to switch ownership currently, there has never been an interface in the ui to do that.

    There was a setting added to turn off client protection, but iirc it only affects websites, not mail and other entities, which have to be changed manually - but you could give it a try. I believe the implementation was to revert ownership of all websites (and anything else it might change) to the user (rather than change underlying permission checks), so keep that in mind if you intend to test the feature and possibly go back (ie. you will need to again set admin ownership of any sites you wish to be protected from the client).
     
  3. atle

    atle Member HowtoForge Supporter

    Oki, thanks for your reply, now I know, just need to take it into consideration in our API integration. Fix it via db is ok.
     
  4. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

  5. atle

    atle Member HowtoForge Supporter

    If you are referring to me, my fix is to fix is to use

    PHP:
    $session->mail_domain_get(['sys_groupid' => $sys_groupid]);
    instead, and catch if sys_usedid is different and fix manually directly in the db.
    btw, I tried to disable "client protection", but no change of behaviour wrt mail domains.
     
    Last edited: Mar 4, 2021
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    That's the right solution and the way ISPConfig GUI handles this as well. The sys_userid is the user id of the creator of an item. The owner (client) is defined by the group ID (sys_groupid), so if you want to get all items owned by a specifix client, filter them by sys_groupid.

    To turn off (or not turn on) admin protection for a website, sys_userid must be set to the user id of the client's user (not the sys_userid of the admin), and sys_perm_other must be set to 'riud' instead of 'ru'.
     
    atle likes this.

Share This Page