Restrict global address book to specific users

[IzzySoft]

First: congrats to this plugin – exactly what I was looking for!

Now: Domain address books can be restricted to the resp. domain, which is fine with me. I'd like to use the Global address book (all domains), but not expose it to everyone. Use case: staff members/admins should be able to see users of all domains, "normal users" should not. While this would be easy if staff members were all in one domain where no "normal users" are in, that doesn't always match: either other users are part of the same domain as their admins, or both are split across multiple domains.

Possible approaches:

• with PostfixAdmin used (as in my case), the domain_admins table (i.e. a view on it) could be used, restricting the book to members of this table with active=1 AND domain='ALL' (full view of all domains) resp. active=1 AND domain=<domain> (selective view for subset of domains)
• if the first cannot be used, the same might be done with a table that's manually populated
• another possibility would be introducing a $config['_sql_gb_data_allowed_users'] setting, where all allowed users ("admin staff members") are listed explicitly. If set (and not NULL), this could either override the other hidden/allowed settings ("staff only") or be added to those (to e.g. allow one full domain plus users from this list regardless of their domain). For simplicity I'd vouch for the latter, as the former can be achieved easily using $config['_sql_gb_read_hidden'] = array('*'); if I got that right.

I'd be fine with either approach (the last one is probably easiest to achieve, and should cover most cases unless staff numbers are high – though the first approach might be easier to manage, as one cannot forget to add new/remove "old" staff members).

Feasible? Would you consider this? Or is it even possible already, and I just didn't see it? Thanks in advance!

[t3chguy]

I understand what you mean, essentially similar to my own use except for domains which mix both admins and users. I will have a think about the best course of action and if I can find the time will implement it for you

[t3chguy]

I'm thinking of adding a way of adding SQL commands to the config under the sql_xx_xxxx* so that instead of an array you'll be able to define a string which will be executed under the same MySQL Connection and then you can define your own view to achieve what you want.

Ideally I'd rewrite this plugin from scratch to be completely dynamic where you could have multiple very modular and customizable global/domain/etc books but currently it is rather restrictive, but for this I definitely do not have time.

[t3chguy]

To be fair, it is possible to use SQL to populate the config already, since it is just a PHP file you can reference rcube::get_instance()->db to use Roundcube's SQL Connection. But since this is not very user-friendly I have began slow work on refactoring for a v3.

[IzzySoft]

Thanks for the fast response! Sounds great. I won't go the "not very user-friendly" way now (it's not that urgent for me, and might instead complicate future updates, plus there are more urgent issues I have to attend to currently) but rather wait for your solution then. So I'm looking forward to that 😇

[t3chguy]

Please note that this will be pretty much an entire re-write so your config will need be scrapped and re-written from scratch anyway.

[IzzySoft]

Sure. But this way I haven't to do it twice ;)

[t3chguy]

You can monitor my progress on the Development branch

[IzzySoft]

Thanks again! Before "bumping" the issue I'll check there #D But as I wrote, I'm still quite busy with the other components of my new server, so no need to hurry – you already impressed me with your response times 😺

So, and this time I hope to hit the right button in the first place 🙈

[t3chguy]

in theory the Global Addressbook works in the Development branch, not got around to testing anything other than the basics, a lot of the programming I do is theoretical until pre-release when I get to testing haha

[IzzySoft]

Wow, that was fast! If no changes to the database are required, just let me know when I shall start testing. Hints are welcome then, too, of course (what to test, what changed with configuration/setup, things to consider on "replace"). My current Roundcube installation is not yet productive, so there're no much things in danger here.