systemli · 0x46616c6b · Sep 28, 2024 · Apr 10, 2025 · Apr 10, 2025 · Apr 10, 2025
@@ -17,7 +17,7 @@ jobs:
           fetch-depth: 0
 
       - name: Setup PHP
-        uses: shivammathur/setup-php@v2
+        uses: shivammathur/setup-php@2.32.0
         with:
           php-version: '8.2'
           extensions: openssl, sodium
@@ -92,7 +92,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Setup PHP
-        uses: shivammathur/setup-php@v2
+        uses: shivammathur/setup-php@2.32.0
         with:
           php-version: '8.2'
           extensions: openssl, sodium, mysql
@@ -144,7 +144,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Setup PHP
-        uses: shivammathur/setup-php@v2
+        uses: shivammathur/setup-php@2.32.0
         with:
           php-version: '8.2'
           extensions: openssl, sodium, pgsql

@@ -36,84 +36,18 @@ security:
                       roles: ['ROLE_DOVECOT']
 
     role_hierarchy:
-        # User
-        ROLE_USERLI_ADMIN_USER_READER:
-            - ROLE_USERLI_ADMIN_USER_LIST
-            - ROLE_USERLI_ADMIN_USER_VIEW
-        ROLE_USERLI_ADMIN_USER_EDITOR:
-            - ROLE_USERLI_ADMIN_USER_CREATE
-            - ROLE_USERLI_ADMIN_USER_EDIT
-        ROLE_USERLI_ADMIN_USER_ADMIN:
-            - ROLE_USERLI_ADMIN_USER_LIST
-            - ROLE_USERLI_ADMIN_USER_VIEW
-            - ROLE_USERLI_ADMIN_USER_CREATE
-            - ROLE_USERLI_ADMIN_USER_EDIT
-            - ROLE_USERLI_ADMIN_USER_DELETE
-
-        # Alias
-        ROLE_USERLI_ADMIN_ALIAS_READER:
-            - ROLE_USERLI_ADMIN_ALIAS_LIST
-            - ROLE_USERLI_ADMIN_ALIAS_VIEW
-        ROLE_USERLI_ADMIN_ALIAS_EDITOR:
-            - ROLE_USERLI_ADMIN_ALIAS_CREATE
-            - ROLE_USERLI_ADMIN_ALIAS_EDIT
-        ROLE_USERLI_ADMIN_ALIAS_ADMIN:
-            - ROLE_USERLI_ADMIN_ALIAS_LIST
-            - ROLE_USERLI_ADMIN_ALIAS_VIEW
-            - ROLE_USERLI_ADMIN_ALIAS_CREATE
-            - ROLE_USERLI_ADMIN_ALIAS_EDIT
-            - ROLE_USERLI_ADMIN_ALIAS_DELETE
-
-        # Domain
-        ROLE_USERLI_ADMIN_DOMAIN_READER:
-            - ROLE_USERLI_ADMIN_DOMAIN_LIST
-            - ROLE_USERLI_ADMIN_DOMAIN_VIEW
-        ROLE_USERLI_ADMIN_DOMAIN_EDITOR:
-            - ROLE_USERLI_ADMIN_DOMAIN_CREATE
-            - ROLE_USERLI_ADMIN_DOMAIN_EDIT
-        ROLE_USERLI_ADMIN_DOMAIN_ADMIN:
-            - ROLE_USERLI_ADMIN_DOMAIN_ALL
-
-        # Voucher
-        ROLE_USERLI_ADMIN_VOUCHER_READER:
-            - ROLE_USERLI_ADMIN_VOUCHER_LIST
-            - ROLE_USERLI_ADMIN_VOUCHER_VIEW
-        ROLE_USERLI_ADMIN_VOUCHER_EDITOR:
-            - ROLE_USERLI_ADMIN_VOUCHER_CREATE
-            - ROLE_USERLI_ADMIN_VOUCHER_EDIT
-        ROLE_USERLI_ADMIN_VOUCHER_ADMIN:
-            - ROLE_USERLI_ADMIN_VOUCHER_ALL
-
-        # Reserved Name
-        ROLE_USERLI_ADMIN_RESERVEDNAME_READER:
-            - ROLE_USERLI_ADMIN_RESERVEDNAME_LIST
-            - ROLE_USERLI_ADMIN_RESERVEDNAME_VIEW
-        ROLE_USERLI_ADMIN_RESERVEDNAME_EDITOR:
-            - ROLE_USERLI_ADMIN_RESERVEDNAME_CREATE
-            - ROLE_USERLI_ADMIN_RESERVEDNAME_EDIT
-        ROLE_USERLI_ADMIN_RESERVEDNAME_ADMIN:
-            - ROLE_USERLI_ADMIN_RESERVEDNAME_ALL
-
         # Spam account is always suspicious
         ROLE_SPAM:
             - ROLE_USER
             - ROLE_SUSPICIOUS
-
         ROLE_PERMANENT:
             - ROLE_USER
         ROLE_MULTIPLIER:
             - ROLE_USER
         ROLE_DOMAIN_ADMIN:
             - ROLE_PERMANENT
-            - ROLE_MULTIPLIER
-            - ROLE_SONATA_ADMIN
-            - ROLE_USERLI_ADMIN_USER_ADMIN
-            - ROLE_USERLI_ADMIN_ALIAS_ADMIN
         ROLE_ADMIN:
-            - ROLE_DOMAIN_ADMIN
-            - ROLE_USERLI_ADMIN_DOMAIN_ADMIN
-            - ROLE_USERLI_ADMIN_VOUCHER_ADMIN
-            - ROLE_USERLI_ADMIN_RESERVEDNAME_ADMIN
+            - ROLE_MULTIPLIER
         ROLE_SUPER_ADMIN:
             - ROLE_ADMIN
             - ROLE_ALLOWED_TO_SWITCH
@@ -195,7 +129,8 @@ security:
       - { path: "^/alias", roles: ROLE_USER, allow_if: "!is_granted('ROLE_SPAM')" }
       - { path: "^/account", roles: ROLE_USER, allow_if: "!is_granted('ROLE_SPAM')" }
       - { path: "^/openpgp", roles: ROLE_USER, allow_if: "!is_granted('ROLE_SPAM')" }
-      - { path: "^/admin", roles: ROLE_DOMAIN_ADMIN }
+      - { path: "^/domain", roles: ROLE_DOMAIN_ADMIN }
+      - { path: "^/admin", roles: ROLE_ADMIN }
       - {
           path: "^/api/retention",
           ips: "%env(RETENTION_API_IP_ALLOWLIST)%",

@@ -4,20 +4,22 @@ sonata_admin:
     show_mosaic_button: false
     dashboard:
         blocks:
-          - position: left
-            type: sonata.admin.block.admin_list
-          - position: right
-            type: userli.admin.block.statistics
+            -   position: left
+                type: sonata.admin.block.admin_list
+            -   position: right
+                type: userli.admin.block.statistics
     templates:
         layout: 'Admin/standard_layout.html.twig'
         user_block: 'Admin/user_block.html.twig'
     security:
-        handler: sonata.admin.security.handler.role
+        handler: sonata.admin.security.handler.noop
+        role_admin: ROLE_ADMIN
+        role_super_admin: ROLE_SUPER_ADMIN
 
 sonata_block:
     http_cache: false
-    default_contexts: [cms]
+    default_contexts: [ cms ]
     blocks:
         sonata.admin.block.admin_list:
-            contexts:   [admin]
+            contexts: [ admin ]
         userli.admin.block.statistics: ~
@@ -21,6 +21,8 @@ start:
   openpgp-settings: OpenPGP
   openpgp-settings-desc: Veröffentliche deinen Schlüssel
   openpgp-settings-title: OpenPGP-Schlüssel im Web Key Directory veröffentlichen
+  domain-settings: Domain verwalten
+  domain-settings-desc: Einstellungen für deine Domain
 
 index:
   title: Verwalte dein E-Mail-Konto
@@ -75,11 +77,13 @@ form:
   oclock-by: Uhr von
   actual-password: Aktuelles Passwort
   new-custom-alias: Neue Alias-Adresse
+  new-alias: Neue Alias-Adresse
   plain-password: Neues Passwort
   plain-password_confirmation: Neues Passwort bestätigen
   change-password: Passwort ändern
   delete-account: Konto löschen
   delete-password: Passwort
+  create-alias: Erstelle Alias-Adresse
   create-voucher: Erstelle Einladungscode
   create-custom-alias: Hinzufügen
   create-random-alias: Generiere zufällige Alias-Adresse
@@ -336,3 +340,12 @@ openpgp:
   keyid-label: "Schlüssel-ID:"
   fingerprint-label: "Fingerprint:"
   expiretime-label: "Ablaufdatum:"
+
+domain_settings:
+  title: Domain verwalten
+  intro: Hier kannst du Einstellungen für deine Domain vornehmen.
+  new-account: Neues Konto erstellen
+  new-alias: Neue Alias-Adresse erstellen
+  form-error: Es ist ein Fehler aufgetreten. Bitte überprüfe deine Eingaben.
+  registration-success: Das Konto wurde erfolgreich erstellt.
+  alias-success: Die Alias-Adresse wurde erfolgreich erstellt.
@@ -21,6 +21,8 @@ start:
   openpgp-settings: OpenPGP
   openpgp-settings-desc: Publish your key
   openpgp-settings-title: Publish your OpenPGP key in the Web Key Directory
+  domain-settings: Domain settings
+  domain-settings-desc: Manage your domain
 
 index:
   title: Manage your e-mail account
@@ -75,13 +77,15 @@ form:
   oclock-by: by
   actual-password: Current password
   new-custom-alias: New alias address
+  new-alias: New alias address
   plain-password: New password
   plain-password_confirmation: Confirm new password
   change-password: Change your password
   delete-account: Delete account
   delete-password: Password
   create-voucher: Create invite code
   create-custom-alias: Add
+  create-alias: Add alias address
   create-random-alias: Generate random alias address
   delete-alias: Delete alias address
   generate-recovery-token: Create new recovery token
@@ -327,3 +331,12 @@ openpgp:
   keyid-label: "Key ID:"
   fingerprint-label: "Fingerprint:"
   expiretime-label: "Expiry date:"
+
+domain_settings:
+  title: Domain settings
+  intro: Here you can manage your domain settings.
+  new-account: Create new account
+  new-alias: Create new alias address
+  form-error: An error occurred. Please check your input.
+  registration-success: Account created successfully.
+  alias-success: Alias address created successfully.
@@ -10,7 +10,7 @@ Feature: Admin
       | email               | password | roles             |
       | [email protected]   | asdasd   | ROLE_ADMIN        |
       | [email protected]  | asdasd   | ROLE_DOMAIN_ADMIN |
-      | [email protected] | asdasd   | ROLE_MULTIPLIER      |
+      | [email protected] | asdasd   | ROLE_MULTIPLIER   |
       | [email protected]    | asdasd   | ROLE_USER         |
     And the following Voucher exists:
       | code | user             |
@@ -38,9 +38,7 @@ Feature: Admin
   Scenario: Access to Admin Interface as Domain Admin
     When I am authenticated as "[email protected]"
     And I am on "/admin/dashboard"
-    Then the response status code should be 200
-    And I should see text matching "Logout"
-    And I should see text matching "Return to Index"
+    Then the response status code should be 403
 
   @admin
   Scenario: Access to Admin Interface as Support
@@ -68,11 +66,10 @@ Feature: Admin
   Scenario: Access User List and able to create a User as Domain Admin
     When I am authenticated as "[email protected]"
     And I am on "/admin/user/list"
-    Then the response status code should be 200
-    And I should not see "example.org"
+    Then the response status code should be 403
 
     When I am on "/admin/user/create"
-    Then the response status code should be 200
+    Then the response status code should be 403
 
   @admin
   Scenario: Access User List and able to create a User as Support
@@ -123,10 +120,10 @@ Feature: Admin
   Scenario: Access Alias List and able to create a Alias as Domain Admin
     When I am authenticated as "[email protected]"
     And I am on "/admin/alias/list"
-    Then the response status code should be 200
+    Then the response status code should be 403
 
     When I am on "/admin/alias/create"
-    Then the response status code should be 200
+    Then the response status code should be 403
 
   @admin
   Scenario: Access Alias List and able to create a Alias as Support

@@ -0,0 +1,42 @@
+Feature: Domain
+
+  Background:
+    Given the database is clean
+    And the following Domain exists:
+      | name        |
+      | example.org |
+    And the following User exists:
+      | email              | password | roles             |
+      | [email protected] | asdasd   | ROLE_DOMAIN_ADMIN |
+
+
+  Scenario: Access to Domain Interface as Domain
+    When I am on "/domain/settings"
+    Then I should be on "/login"
+    And the response status code should be 200
+
+    When I am authenticated as "[email protected]"
+    And I am on "/domain/settings"
+    Then the response status code should be 200
+
+  Scenario: Create new account
+    When I am authenticated as "[email protected]"
+    And I am on "/domain/settings"
+    And I fill in the following:
+      | basic_registration_email                | user         |
+      | basic_registration_plainPassword_first  | P4ssW0rd!!!1 |
+      | basic_registration_plainPassword_second | P4ssW0rd!!!1 |
+    And I press "Submit"
+
+    Then I should be on "/domain/settings"
+    And I should see text matching "Account created successfully."
+
+  Scenario: Create new alias
+    When I am authenticated as "[email protected]"
+    And I am on "/domain/settings"
+    And I fill in the following:
+      | alias_alias | test_alias |
+    And I press "Add alias address"
+
+    Then I should be on "/domain/settings"
+    And I should see text matching "Alias address created successfully."
@@ -36,7 +36,7 @@ public function createNavbarRight(): ItemInterface
         if (!$this->authChecker->isGranted('IS_AUTHENTICATED_FULLY')) {
             $menu->addChild('navbar_right.login', ['route' => 'login']);
         } else {
-            if ($this->authChecker->isGranted(Roles::DOMAIN_ADMIN)) {
+            if ($this->authChecker->isGranted(Roles::ADMIN)) {
                 $menu->addChild('navbar_right.admin', ['route' => 'sonata_admin_dashboard']);
             }