[GH-ISSUE #181] Non Super-admin can change domain quota #142

New issue

Closed

opened 2026-02-26 09:36:16 +03:00 by kerem · 2 comments

kerem commented 2026-02-26 09:36:16 +03:00

Owner

Copy link

Originally created by @fabiorauber on GitHub (Apr 14, 2016).
Original GitHub issue: https://github.com/opensolutions/ViMbAdmin/issues/181

A non super-admin user can change the max quota for the domain for which he is admin. I believe this is a bug, because the Wiki on Quotas describes max quota as:

NB: maxquota does not define a maximum allowed quota over the entire domain. It just sets an upper limit that non-super admins can set per mailbox.

Well, if the super admin sets the quota on example.com to be 500MB, a non super-admin of example.com can change the quota to 1GB first and the proceed to create 1GB mailboxes.

Originally created by @fabiorauber on GitHub (Apr 14, 2016). Original GitHub issue: https://github.com/opensolutions/ViMbAdmin/issues/181 A non super-admin user can change the max quota for the domain for which he is admin. I believe this is a bug, because the Wiki on Quotas describes max quota as: _NB: maxquota does not define a maximum allowed quota over the entire domain. It just sets an upper limit that non-super admins can set per mailbox._ Well, if the super admin sets the quota on example.com to be 500MB, a non super-admin of example.com can change the quota to 1GB first and the proceed to create 1GB mailboxes.

kerem closed this issue 2026-02-26 09:36:16 +03:00

kerem commented 2026-02-26 09:36:16 +03:00

Author

Owner

Copy link

@PhrozenByte commented on GitHub (Apr 14, 2016):

IMHO domain admins (non super admins) shouldn't be able to edit domains whatsoever. They should be able to manage mailboxes and aliases and activate/deactivate the domain (i.e. the actions a domain admin can take on the domain overview without navigating to the edit page), but nothing else.

<!-- gh-comment-id:210141360 --> @PhrozenByte commented on GitHub (Apr 14, 2016): IMHO domain admins (non super admins) shouldn't be able to edit domains whatsoever. They should be able to manage mailboxes and aliases and activate/deactivate the domain (i.e. the actions a domain admin can take on the domain overview without navigating to the edit page), but nothing else.

kerem commented 2026-02-26 09:36:17 +03:00

Author

Owner

Copy link

@click commented on GitHub (Aug 2, 2016):

This is the same as reported in ticket #30, which was closed - @barryo, in the case of non-admins viewing the domain details for quota, might it be easier to just print the value, and not using a editbox?
Verified that the issue still exists in 3.0.15 / master.

<!-- gh-comment-id:237084387 --> @click commented on GitHub (Aug 2, 2016): This is the same as reported in ticket #30, which was closed - @barryo, in the case of non-admins viewing the domain details for quota, might it be easier to just print the value, and not using a editbox? Verified that the issue still exists in 3.0.15 / master.

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

dependabot/composer/smarty/smarty-4.3.1

v2

3.4.1

3.4.0

3.3.0

3.2.1

3.2.0

3.1.1

3.1.0

3.0.15

3.0.14

3.0.13

3.0.12

3.0.11

2.2.4

3.0.10

3.0.9

3.0.8

3.0.7

3.0.6

3.0.5

3.0.4

3.0.3

3.0.2

3.0.1

3.0.0

2.2.3

2.2.2

2.2.1

2.2.0

2.1.0

2.0.8

2.0.7

2.0.6

2.0.5

2.0.4

2.0.3

2.0.2

2.0.1

2.0.0

0.3.4

0.3.3

0.3.2

0.3.1

0.3

Labels

Clear labels   

bug

  

feature

  

feature

  

improvement

  

improvement

  

pull-request

Mirrored from GitHub Pull Request

No labels

bug

feature

feature

improvement

improvement

pull-request

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/ViMbAdmin-opensolutions#142

No description provided.