iwebadmin: corrected defines used for role based access

iwebadmin-x/command.c

@@ -1,5 +1,5 @@
 /*
- * $Id: command.c,v 1.15 2024-05-30 22:56:37+05:30 Cprogrammer Exp mbhangui $
+ * $Id: command.c,v 1.16 2024-05-31 19:57:42+05:30 Cprogrammer Exp mbhangui $
  * Copyright (C) 1999-2004 Inter7 Internet Technologies, Inc. 
  *
  * This program is free software; you can redistribute it and/or modify
@@ -194,74 +194,6 @@ process_commands(const char *cmmd)
 	}
 #endif
 	else
-	if (!str_diff(cmmd, "showlistmod")) {
-		GetValue(TmpCGI, &ActionUser, "modu=");
-		show_list_group("show_moderators.html");
-	} else
-	if (!str_diff(cmmd, "addlistmod")) {
-		GetValue(TmpCGI, &ActionUser, "modu=");
-		if (user_limits.perm_maillist_moderators & VLIMIT_DISABLE_CREATE) {
-			copy_status_mesg(html_text[341]);
-			show_menu();
-			iclose();
-			iweb_exit(0);
-		} else
-			addlistgroup("add_listmod.html");
-	} else
-	if (!str_diff(cmmd, "addlistmodnow")) {
-		GetValue(TmpCGI, &ActionUser, "modu=");
-		GetValue(TmpCGI, &Newu, "newu=");
-		if (user_limits.perm_maillist_moderators & VLIMIT_DISABLE_CREATE) {
-			copy_status_mesg(html_text[341]);
-			show_menu();
-			iclose();
-			iweb_exit(0);
-		} else
-			addlistgroupnow(1);
-	} else
-	if (!str_diff(cmmd, "dellistmod")) {
-		GetValue(TmpCGI, &ActionUser, "modu=");
-		if (user_limits.perm_maillist_moderators & VLIMIT_DISABLE_DELETE) {
-			copy_status_mesg(html_text[343]);
-			show_menu();
-			iclose();
-			iweb_exit(0);
-		} else
-			dellistgroup("del_listmod.html");
-	} else
-	if (!str_diff(cmmd, "dellistmodnow")) {
-		GetValue(TmpCGI, &ActionUser, "modu=");
-		GetValue(TmpCGI, &Newu, "newu=");
-		if (user_limits.perm_maillist_moderators & VLIMIT_DISABLE_DELETE) {
-			copy_status_mesg(html_text[343]);
-			show_menu();
-			iclose();
-			iweb_exit(0);
-		} else
-			dellistgroupnow(1);
-	} else
-	if (!str_diff(cmmd, "showlistdig")) {
-		GetValue(TmpCGI, &ActionUser, "modu=");
-		show_list_group("show_digest_subscribers.html");
-	} else
-	if (!str_diff(cmmd, "addlistdig")) {
-		GetValue(TmpCGI, &ActionUser, "modu=");
-		addlistgroup("add_listdig.html");
-	} else
-	if (!str_diff(cmmd, "addlistdignow")) {
-		GetValue(TmpCGI, &ActionUser, "modu=");
-		GetValue(TmpCGI, &Newu, "newu=");
-		addlistgroupnow(2);
-	} else
-	if (!str_diff(cmmd, "dellistdig")) {
-		GetValue(TmpCGI, &ActionUser, "modu=");
-		dellistgroup("del_listdig.html");
-	} else
-	if (!str_diff(cmmd, "dellistdignow")) {
-		GetValue(TmpCGI, &ActionUser, "modu=");
-		GetValue(TmpCGI, &Newu, "newu=");
-		dellistgroupnow(2);
-	} else
 	if (!str_diff(cmmd, "moduser")) {
 		GetValue(TmpCGI, &ActionUser, "moduser=");
 		if (user_limits.perm_account & VLIMIT_DISABLE_MODIFY) {
@@ -430,7 +362,7 @@ process_commands(const char *cmmd)
 	} else
 	if (!str_diff(cmmd, "addlistuser")) {
 		GetValue(TmpCGI, &ActionUser, "modu=");
-		if (user_limits.perm_maillist_users & VLIMIT_DISABLE_DELETE) {
+		if (user_limits.perm_maillist_users & VLIMIT_DISABLE_CREATE) {
 			copy_status_mesg(html_text[338]);
 			show_menu();
 			iclose();
@@ -441,7 +373,7 @@ process_commands(const char *cmmd)
 	if (!str_diff(cmmd, "addlistusernow")) {
 		GetValue(TmpCGI, &ActionUser, "modu=");
 		GetValue(TmpCGI, &Newu, "newu=");
-		if (user_limits.perm_maillist_users & VLIMIT_DISABLE_DELETE) {
+		if (user_limits.perm_maillist_users & VLIMIT_DISABLE_CREATE) {
 			copy_status_mesg(html_text[338]);
 			show_menu();
 			iclose();
@@ -470,6 +402,98 @@ process_commands(const char *cmmd)
 		} else
 			dellistgroupnow(0);
 	} else
+	if (!str_diff(cmmd, "showlistdig")) {
+		GetValue(TmpCGI, &ActionUser, "modu=");
+		show_list_group("show_digest_subscribers.html");
+	} else
+	if (!str_diff(cmmd, "addlistdig")) {
+		GetValue(TmpCGI, &ActionUser, "modu=");
+		if (user_limits.perm_maillist_users & VLIMIT_DISABLE_CREATE) {
+			copy_status_mesg(html_text[338]);
+			show_menu();
+			iclose();
+			iweb_exit(0);
+		} else
+			addlistgroup("add_listdig.html");
+	} else
+	if (!str_diff(cmmd, "addlistdignow")) {
+		GetValue(TmpCGI, &ActionUser, "modu=");
+		GetValue(TmpCGI, &Newu, "newu=");
+		if (user_limits.perm_maillist_users & VLIMIT_DISABLE_CREATE) {
+			copy_status_mesg(html_text[338]);
+			show_menu();
+			iclose();
+			iweb_exit(0);
+		} else
+			addlistgroupnow(2);
+	} else
+	if (!str_diff(cmmd, "dellistdig")) {
+		GetValue(TmpCGI, &ActionUser, "modu=");
+		if (user_limits.perm_maillist_users & VLIMIT_DISABLE_DELETE) {
+			copy_status_mesg(html_text[340]);
+			show_menu();
+			iclose();
+			iweb_exit(0);
+		} else
+			dellistgroup("del_listdig.html");
+	} else
+	if (!str_diff(cmmd, "dellistdignow")) {
+		GetValue(TmpCGI, &ActionUser, "modu=");
+		GetValue(TmpCGI, &Newu, "newu=");
+		if (user_limits.perm_maillist_users & VLIMIT_DISABLE_DELETE) {
+			copy_status_mesg(html_text[340]);
+			show_menu();
+			iclose();
+			iweb_exit(0);
+		} else
+			dellistgroupnow(2);
+	} else
+	if (!str_diff(cmmd, "showlistmod")) {
+		GetValue(TmpCGI, &ActionUser, "modu=");
+		show_list_group("show_moderators.html");
+	} else
+	if (!str_diff(cmmd, "addlistmod")) {
+		GetValue(TmpCGI, &ActionUser, "modu=");
+		if (user_limits.perm_maillist_moderators & VLIMIT_DISABLE_CREATE) {
+			copy_status_mesg(html_text[341]);
+			show_menu();
+			iclose();
+			iweb_exit(0);
+		} else
+			addlistgroup("add_listmod.html");
+	} else
+	if (!str_diff(cmmd, "addlistmodnow")) {
+		GetValue(TmpCGI, &ActionUser, "modu=");
+		GetValue(TmpCGI, &Newu, "newu=");
+		if (user_limits.perm_maillist_moderators & VLIMIT_DISABLE_CREATE) {
+			copy_status_mesg(html_text[341]);
+			show_menu();
+			iclose();
+			iweb_exit(0);
+		} else
+			addlistgroupnow(1);
+	} else
+	if (!str_diff(cmmd, "dellistmod")) {
+		GetValue(TmpCGI, &ActionUser, "modu=");
+		if (user_limits.perm_maillist_moderators & VLIMIT_DISABLE_DELETE) {
+			copy_status_mesg(html_text[343]);
+			show_menu();
+			iclose();
+			iweb_exit(0);
+		} else
+			dellistgroup("del_listmod.html");
+	} else
+	if (!str_diff(cmmd, "dellistmodnow")) {
+		GetValue(TmpCGI, &ActionUser, "modu=");
+		GetValue(TmpCGI, &Newu, "newu=");
+		if (user_limits.perm_maillist_moderators & VLIMIT_DISABLE_DELETE) {
+			copy_status_mesg(html_text[343]);
+			show_menu();
+			iclose();
+			iweb_exit(0);
+		} else
+			dellistgroupnow(1);
+	} else
 	if (!str_diff(cmmd, "addautorespond")) {
 		if (user_limits.perm_autoresponder & VLIMIT_DISABLE_CREATE) {
 			copy_status_mesg(html_text[332]);
@@ -517,7 +541,7 @@ process_commands(const char *cmmd)
 	} else
 	if (!str_diff(cmmd, "delautorespond")) {
 		GetValue(TmpCGI, &ActionUser, "modu=");
-		if (user_limits.perm_autoresponder & VLIMIT_DISABLE_MODIFY) {
+		if (user_limits.perm_autoresponder & VLIMIT_DISABLE_DELETE) {
 			copy_status_mesg(html_text[334]);
 			iclose();
 			show_menu();
@@ -527,7 +551,7 @@ process_commands(const char *cmmd)
 	} else
 	if (!str_diff(cmmd, "delautorespondnow")) {
 		GetValue(TmpCGI, &ActionUser, "modu=");
-		if (user_limits.perm_autoresponder & VLIMIT_DISABLE_MODIFY) {
+		if (user_limits.perm_autoresponder & VLIMIT_DISABLE_DELETE) {
 			copy_status_mesg(html_text[334]);
 			iclose();
 			show_menu();

iwebadmin-x/doc/ChangeLog

@@ -28,9 +28,10 @@ Release @version@-@release@ Start 28/07/2023 End 24/05/2024
 15. iwebadmin.c: refactored code
 16. Makefile.am: enabled auto dependency tracking
 17. template.c: removed uneccessary output on descriptor 2
-- 32/05/2024
+- 31/05/2024
 18. iwebadmin.spec, debian/*.dsc.in: updated indimail, indimail-devel minimum
     version requirement
+19. command.c: corrected defines used for role based access
 
 * Tue Jan 31 2023 03:34:39 +0000 Manvendra Bhangui <iwebadmin@indimail.org> 2.1.1-1.1%{?dist}
 Release 2.1.1-1.1 Start 14/09/2022 End 31/01/2023

iwebadmin-x/iwebadmin.1

@@ -12,14 +12,56 @@ with virtual domains. It provides admin for adding/deleting users, Aliases,
 Forwards, ezmlm Mailing lists and Autoresponders. It also features automatic
 International language support via the language settings on their browser.
 
+\fBiwebadmin\fR allows role based administration. You can use
+\fBvlimit\fR(1) to set the roles. Typically the usage will be
+
+.EX
+  \fBvlimit\fR -\fIperm\fR \fIrole\fR \fIuser@domain\fR
+.EE
+
+Here \fIperm\fR is one of following
+
+.EX
+  -p \fIrole\fR - for create, modify, delete permissions on user accounts
+  -a \fIrole\fR - for create, modify, delete permissions on aliases
+  -f \fIrole\fR - for create, modify, delete permissions on forwards
+  -r \fIrole\fR - for create, modify, delete permissions on autoresponders
+  -l \fIrole\fR - for create, modify, delete permissions on mailinglists
+  -u \fIrole\fR - for create, modify, delete permissions on mailinglist
+            users and mailing list digest users.
+  -o \fIrole\fR - for create, modify, delete permissions on mailinglist
+            moderators
+.EE
+
+and \fIrole\fR is one of the following
+
+.EX
+  0 - Allow all roles
+  a - Deny all roles
+  c - Deny create role
+  m - Deny modify role
+  d - Deny delete role
+.EE
+
+The command
+
+\fBvlimit\fR -p d \fIuser@domain\fR
+
+will deny user \fIuser@domain\fR to delete any user when using
+the \fBiwebadmin\fR web interface. You can use the command
+
+\fBvlimit\fR -s \fIuser@domain\fR
+
+to see the current role configured for \fIuser@domain\fR
+
+
 iwebadmin is configured to run under a web server. See README on instructions
 to set this up. It uses configuration file /etc/indimail/iwebadmin-conf to
 set various options as given below.
 
-.TP
+.TP 4
 .I no-fortune
-
-Unset disply of fortune cookies on the main page
+Unset display of fortune cookies on the main page
 
 .TP
 .I no-ezmlm
@@ -60,3 +102,7 @@ a relatve path to the document root.
 /usr/share/doc/iwebadmin/COPYING
 /usr/share/doc/iwebadmin/README-hooks.md
 /usr/share/doc/iwebadmin/README.md
+
+.SH SEE ALSO
+vlimit(1), vadduser(1), vpasswd(1), vmoduser(1), vsetuserquota(1),
+valias(1), indimail(7)

iwebadmin-x/iwebadmin.spec.in

@@ -59,7 +59,7 @@ BuildRequires: glibc glibc-devel procps cpio
 BuildRequires: sed gettext-devel
 BuildRequires: findutils libqmail-devel libgsasl-devel
 BuildRequires: gzip autoconf automake libtool
-BuildRequires indimail-devel > 3.4.6
+BuildRequires: indimail-devel > 3.4.6
 %if %noperms == 0
 %if 0%{?suse_version} >= 1120
 Requires: permissions