dmarc-srg icon indicating copy to clipboard operation
dmarc-srg copied to clipboard

Published 20 hours ago verified publisher icon liuch

Feature Request - User management

Open mbsouth opened this issue 1 year ago • 7 comments

I love this tool, great work!

One feature I'm missing is managing users and mapping domains to those users. This would allow users to log in and view their domain reports.

Another feature would be if users had a certain number of domains available and could specify them themselves (users would then have to take care of DNS records themselves)

mbsouth avatar Jun 02 '23 13:06 mbsouth

I planned to add support for user management, but as a restriction on access to existing features without mapping domains to users. The feature you suggested is more than just a feature of a personal mail server tool. I'll think it over.

liuch avatar Jun 04 '23 22:06 liuch

Repost from #87

I do not want to host many instances of DmarcSrg. I need to have a way to give a credential to users of domain/domains XYZ so they do not have access to the other ones.

Can we make:

  • a multi password config that each of them has a filter for the allowed domains
  • a user/password table with domains by user
  • a user/password config that each of them has a filter for the allowed domains

What solution would be best ?

williamdes avatar Jul 02 '23 18:07 williamdes

@liuch said in #87

I think it would be better to have tables users and user_domains or something. The admin user is configured in the config file, other users is in tables. What do you think about this?

I think user domains table would be good would the admin config disappear?

williamdes avatar Jul 02 '23 18:07 williamdes

would the admin config disappear?

Would not. The main reason is that the administrator can access the web interface when the database structure is not initialized.

liuch avatar Jul 02 '23 18:07 liuch

Repost from #87

I do not want to host many instances of DmarcSrg. I need to have a way to give a credential to users of domain/domains XYZ so they do not have access to the other ones.

Can we make:

* a multi password config that each of them has a filter for the allowed domains

* a user/password table with domains by user

* a user/password config that each of them has a filter for the allowed domains

What solution would be best ?

I think users should not be allowed to add domain themselves or else they could gain access to unwanted information. Only admin should allow a domain to a user.

SteelPC avatar Jul 21 '23 18:07 SteelPC

Yes. I think so. Maybe I'll add a special role for this with some checks. By the way, I have already started writing code to implement user management.

liuch avatar Jul 21 '23 19:07 liuch

This commit 6e8674b7c47d69fbe884bbed68f25f3655b8f04b contains initial implementation of user management.

  • Each user has its own settings.
  • The user's access level affects the functionality available to the user.
  • Mapping users to domains has not been implemented yet.

I am going to gradually complete the functionality.

added: See config/conf.sample.php ($admin section) for some details.

liuch avatar Aug 13 '23 23:08 liuch

This commit is a continuation of the user management implementation. Brief highlights:

  • Admin has access to all the domains with no limitation;
  • Any domain can be assigned to one or more users (only admin can do this);
  • Users with manager access level can add and remove their domains. If a domain already exists, it will be assigned to this user. Instead of deleting, domains are unassigned. Admin can finally remove them.
  • utils/summary_report.php now has a parameter user that allows you to get summary reports for all domains of a specified user.
  • Other small things.

I'll post the documentation a little later.

liuch avatar Apr 25 '24 19:04 liuch

I'll post the documentation a little later.

Done.

liuch avatar May 01 '24 00:05 liuch