-
-
Notifications
You must be signed in to change notification settings - Fork 790
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add impersonation feature for admins to webmail #3163
base: master
Are you sure you want to change the base?
Conversation
Thanks for submitting this pull request. bors try Note: if this build fails, read this. |
tryBuild succeeded: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This PR looks interesting. I can imagine that many people find this an interesting feature.
The functionality appears to work fine. When trying to visit the webmail/ url when logged in with a non-admin user, you receive a 403 error (As expected).
Since new elements are added to the UI (extra buttons for a user on the user list), it must be added to the documentation.
webadminstration.rst. More specifically here:
Mailu/docs/webadministration.rst
Line 315 in efb3892
This page is also accessible for domain managers. On the users page new users can be added via the Add user button (top right of page). For existing users the following options are available via the columns Actions and User settings (from left to right) |
When using roundcube a banner is displayed in top with the information that you are impersonating an user. However this is missing for snappymaill.
If you don't know how to add a banner for SnappyMail, then I recommend creating a discussion here asking how to do this:
https://github.com/the-djmaze/snappymail/discussions
bdb7128
to
b6b668c
Compare
Thank you for the suggestion. I know added the information on the new buttons to the documentation there.
Yes, I had skipped snappymail since I was unable to correctly configure it for local testing (see #3162). Having had a look again now into snappymail, it seems to me that snappymail does not provide a straight-forward API to easily add a simple banner when logged in as another user the same way as with roundcibe. So I'm a bit skeptical whether the effort required to implement this analogously to roundcube is really worth it... @nextgens is adding the same banner to snappymail a hard requirement for this PR? Would there be maybe another way than a banner to notify the user which may be easier to implement in snappymail? And besides this: is there anything else blocking this PR from being merged? |
Can't we just frame the webmails when impersonation is in use? |
see discussion in Mailu#3106
This allows admins to login to webmail as another user. The impersonating user is also passed to the webmail container in the X-Remote-Original-User header. see discussion in Mailu#3106
action=login has no effect without task=login so the authenticate hook was never actually called in these situations
Now the currently logged-in user might change when an admin user is impersonating another user. In that case roundcube must go trigger its internal login again.
b6b668c
to
a8dbc5c
Compare
@nextgens I (rebased and) added a PoC for a framed webmail with impersonation in a8dbc5c. But in my opinion framing does not provide the best user experience and can be confusing. Because the webmailer will use the same session cookie with and without framing. So having an open tab with the admin user's normal mailbox while opening another user's mailbox with impersonation will also switch the session in the open tab to the other user's mailbox - but without the alert. Also, having the impersonated mailbox opened in a frame (especially when keeping the mailu admin navigation as in this PoC, but that can easily be removed, though) could imply to the user that impersonation is only active in that window... So, I'd rather let the webmailer itself handle everything instead. But let me know which route you want to go here, and I can update the PR accordingly. |
What type of PR?
Feature
What does this PR do?
This adds a button to the user list for admins to open the webmailer as another user.
Related issue(s)
Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
In case of feature or enhancement: documentation updated accordingly