I am trying to obtain the standard permissions for when an admin creates some service (i.e. domain/spam filter etc) for a client, that is sys_userid = admin or reseller id sys_groupid = client sys_perm_user = riud sys_perm_group = ru I can't find the proper parameters in the parameters array for the remoting api. Thank you.
Your scheme is not correct: sys_userid = sys_userid from sys_user column, this is not the client or admin id, even if it might b idetical on some systems sys_groupid = groupid from sys_group column. The permissions are set automatically, you cant pass them via params array.
Till, thank you for pointing out the mappings (I knew about them, but it happens that on my system the id's are the same, so I mix them in my mind easily). So, how to I obtain the effect of creating a (mail) domain owned by the admin user, but with permissions for the client to add/delete mailboxes, with no permissions to delete the whole domain, via remoting api? I see that if I set the client_id to the client, all permissions are assigned to the client, and the client is able to delete the domain and all mailboxes underneath with 2 clicks (ask me how I know this...). thanks.
There is no api function to mimic the behaviour of the interface. I would recommend to add a new api function instaed then doing it by sql. Somthing like: update_record_permissions($table,$index_field,$index_value,$permissions) { ..... } were $permissins is a array containing the sys_* fields of a record.
proposed addition Till, Here's my proposed addition to the remoting api. I hope the approach is right. There's a new privilege required, that I named admin_record_permissions. admin to mark it as a superuser privilege (you can change ownership of anything) and record_permission to denote the operation. Code: // This will update the record permissions for a record in any table. public function update_record_permissions($tablename, $index_field, $index_value, $permissions) { global $app; if(!$this->checkPerm($session_id, 'admin_record_permissions')) { $this->server->fault('permission_denied', 'You do not have the permissions to access this function.'); return false; } foreach ( $permissions as $key => $value ) { // make sure only sys_ fields are updated if ( !preg_match('/^sys_.+/', $key )) { $this->server->fault('invalid parameters', 'Only sys_* parameters can be changed with this function.'); } } return $app->db->datalogUpdate( $tablename, $permissions, $index_field, $index_value ) ; }
Thanks for sharing your code! The function looks fine, I've added it to the bugtracker for incusion in ispconfig. If you like to share code and improve ISPConfig or fix bugs, then you might want to get an account in our git server: http://git.ispconfig.org/ there you can make a ispconfig fork under your own user and propose change or fixes by submitting a merge request in gitlab. We will then review the requests or comment on them in gitlab and merge them into the master branch.