c02faada94
Remove deprecated references to flask_wtf.Form, fix #72
8 years ago
525089a531
Do not leak information about existing domains or users
8 years ago
2cb4a44b5a
Display fetchmail errors to the user, fixes #23
8 years ago
97d952d7f1
Fix a typo
8 years ago
e24da96e58
Add some documentation to access decorators
8 years ago
09bec055fd
Fix domain deletion permissions
8 years ago
c1f9b61dac
Add a simple permission audit script
8 years ago
f8dcef22ef
Fix the manager deletion behaviour
8 years ago
f541a951de
Remove obsolete utils module
8 years ago
713318f097
Clean imports and remove calls to the utils module
8 years ago
ee9a416696
Implement the decorator-based access control for all views
8 years ago
4e4f2b8037
First shot at improving access control, related to #42
...
A couple of things are important to note for this commit:
- it only implements the new access control for alias and admin management
- the access control code is located in access.py
The idea behind simpler access control is auditability. There have been a
couple of bugs related to functions not checking permissions properly. If
checking permissions is as simple as decorating a function, exporting the
permission scheme for an audit should be simple.
Also, this still does not address the information leakage related to 404 errors
when an object does not exist, independently of permissions the user has over
the domain.
8 years ago
3ea3bc1d8e
Enforce permission checks for admin management
8 years ago
e3197f9156
Have the admin interface listen on localhost
8 years ago
8601d5b8db
Fix #49 when deleting a global admin
8 years ago
0d3c75aa89
Fix a migration issue with wildcard aliases
8 years ago
84769cab3e
Switch to form-based confirmations, fixes #20
8 years ago
5a69ada041
Add an action confirmation form, related to #20
8 years ago
58337d7dd6
Set a proper default for spam thresholds
8 years ago
1ce0bf2ef7
Update the user settings view with a slider
8 years ago
6d4243ec66
Adding SQL Like format for aliases
8 years ago
b3d7b657ab
Remove deprecated flask.ext imports
8 years ago
9640d59aca
Fix #25 , serve static resources locally
8 years ago
689c022a4a
Get back to a single forward destination
8 years ago
678a5c8065
Fix #22 , use ellipsis for overflowing text
8 years ago
c07211677c
Fix the default value for comma separated lists
8 years ago
163494cb78
Use readonly attribute instead of disabled
8 years ago
6af7a07e77
Avoid having an empty entry in destionation fields
8 years ago
5581f1b0d9
Related to #19 , fix the alias creation page
8 years ago
dcaf3e3473
Fix #30 , use cascade deletion on domains
8 years ago
49a1281976
Display the alias list properly
8 years ago
5f36e6f4f2
Related to #19 , implement domain specific field and database type
8 years ago
aace1c2d78
Get back to serving CDN assets, related to #25
8 years ago
1673631e69
Fix the columns in the fetch list
8 years ago
f8a220e72a
Serve local assets only
8 years ago
21bec865b3
Fix permission management when editing/deleting fetches
8 years ago
58ec3597ab
Fix te DKIM DNS example
8 years ago
6a3af51785
Add a confirmation modal when regenerating keys
8 years ago
66a1b50cc9
Sign outgoing emails using DKIM
8 years ago
24680957f7
Handle DKIM key generation and storage
8 years ago
2fa8b879db
Display domain SPF and DMARC example entries, fixes #15
8 years ago
5d7b3b981d
Initialize the migration system
8 years ago
215ba74275
Remove non-minimized static assets
8 years ago
4853e54f0b
Replace tagsinput with select2
8 years ago
0668f9abc9
Fix the user create form
8 years ago
5c1441486b
Fix permissions for non-admin users
8 years ago
7f7ff4d722
Fix #9 , do not reuse the flask_login object for updates, query instead
8 years ago
e22f4b29b6
Fix a bug when updating the forward address
8 years ago
82ec86afd8
Do not always add objects to the session before committing
8 years ago
9efc798246
Store the state of reply and forward settings being enabled
8 years ago
Pierre Jaury