97d952d7f1
Fix a typo
il y a 9 ans
e24da96e58
Add some documentation to access decorators
il y a 9 ans
09bec055fd
Fix domain deletion permissions
il y a 9 ans
c1f9b61dac
Add a simple permission audit script
il y a 9 ans
f8dcef22ef
Fix the manager deletion behaviour
il y a 9 ans
f541a951de
Remove obsolete utils module
il y a 9 ans
713318f097
Clean imports and remove calls to the utils module
il y a 9 ans
ee9a416696
Implement the decorator-based access control for all views
il y a 9 ans
4e4f2b8037
First shot at improving access control, related to #42
...
A couple of things are important to note for this commit:
- it only implements the new access control for alias and admin management
- the access control code is located in access.py
The idea behind simpler access control is auditability. There have been a
couple of bugs related to functions not checking permissions properly. If
checking permissions is as simple as decorating a function, exporting the
permission scheme for an audit should be simple.
Also, this still does not address the information leakage related to 404 errors
when an object does not exist, independently of permissions the user has over
the domain.
il y a 9 ans
3ea3bc1d8e
Enforce permission checks for admin management
il y a 9 ans
e3197f9156
Have the admin interface listen on localhost
il y a 9 ans
8601d5b8db
Fix #49 when deleting a global admin
il y a 9 ans
0d3c75aa89
Fix a migration issue with wildcard aliases
il y a 9 ans
84769cab3e
Switch to form-based confirmations, fixes #20
il y a 9 ans
5a69ada041
Add an action confirmation form, related to #20
il y a 9 ans
58337d7dd6
Set a proper default for spam thresholds
il y a 9 ans
1ce0bf2ef7
Update the user settings view with a slider
il y a 9 ans
6d4243ec66
Adding SQL Like format for aliases
il y a 9 ans
b3d7b657ab
Remove deprecated flask.ext imports
il y a 9 ans
9640d59aca
Fix #25 , serve static resources locally
il y a 9 ans
689c022a4a
Get back to a single forward destination
il y a 9 ans
678a5c8065
Fix #22 , use ellipsis for overflowing text
il y a 9 ans
c07211677c
Fix the default value for comma separated lists
il y a 9 ans
163494cb78
Use readonly attribute instead of disabled
il y a 9 ans
6af7a07e77
Avoid having an empty entry in destionation fields
il y a 9 ans
5581f1b0d9
Related to #19 , fix the alias creation page
il y a 9 ans
dcaf3e3473
Fix #30 , use cascade deletion on domains
il y a 9 ans
49a1281976
Display the alias list properly
il y a 9 ans
5f36e6f4f2
Related to #19 , implement domain specific field and database type
il y a 9 ans
aace1c2d78
Get back to serving CDN assets, related to #25
il y a 9 ans
1673631e69
Fix the columns in the fetch list
il y a 9 ans
f8a220e72a
Serve local assets only
il y a 9 ans
21bec865b3
Fix permission management when editing/deleting fetches
il y a 9 ans
58ec3597ab
Fix te DKIM DNS example
il y a 9 ans
6a3af51785
Add a confirmation modal when regenerating keys
il y a 9 ans
66a1b50cc9
Sign outgoing emails using DKIM
il y a 9 ans
24680957f7
Handle DKIM key generation and storage
il y a 9 ans
2fa8b879db
Display domain SPF and DMARC example entries, fixes #15
il y a 9 ans
5d7b3b981d
Initialize the migration system
il y a 9 ans
215ba74275
Remove non-minimized static assets
il y a 9 ans
4853e54f0b
Replace tagsinput with select2
il y a 9 ans
0668f9abc9
Fix the user create form
il y a 9 ans
5c1441486b
Fix permissions for non-admin users
il y a 9 ans
7f7ff4d722
Fix #9 , do not reuse the flask_login object for updates, query instead
il y a 9 ans
e22f4b29b6
Fix a bug when updating the forward address
il y a 9 ans
82ec86afd8
Do not always add objects to the session before committing
il y a 10 ans
9efc798246
Store the state of reply and forward settings being enabled
il y a 10 ans
493fcf3a58
Use populate_obj to update objects
il y a 10 ans
d3b13c2412
Use SQLAlchemy Session.get instead of filter_by
il y a 10 ans
3eca6864c3
Rename the generic 'address' to 'email'
il y a 10 ans
Victor Felder