✨ Add Domain Admin Settings

config/packages/security.yaml

@@ -21,84 +21,18 @@ security:
                       roles: ['ROLE_KEYCLOAK']
 
     role_hierarchy:
-        # User
-        ROLE_USERLI_ADMIN_USER_READER:
-            - ROLE_USERLI_ADMIN_USER_LIST
-            - ROLE_USERLI_ADMIN_USER_VIEW
-        ROLE_USERLI_ADMIN_USER_EDITOR:
-            - ROLE_USERLI_ADMIN_USER_CREATE
-            - ROLE_USERLI_ADMIN_USER_EDIT
-        ROLE_USERLI_ADMIN_USER_ADMIN:
-            - ROLE_USERLI_ADMIN_USER_LIST
-            - ROLE_USERLI_ADMIN_USER_VIEW
-            - ROLE_USERLI_ADMIN_USER_CREATE
-            - ROLE_USERLI_ADMIN_USER_EDIT
-            - ROLE_USERLI_ADMIN_USER_DELETE
-
-        # Alias
-        ROLE_USERLI_ADMIN_ALIAS_READER:
-            - ROLE_USERLI_ADMIN_ALIAS_LIST
-            - ROLE_USERLI_ADMIN_ALIAS_VIEW
-        ROLE_USERLI_ADMIN_ALIAS_EDITOR:
-            - ROLE_USERLI_ADMIN_ALIAS_CREATE
-            - ROLE_USERLI_ADMIN_ALIAS_EDIT
-        ROLE_USERLI_ADMIN_ALIAS_ADMIN:
-            - ROLE_USERLI_ADMIN_ALIAS_LIST
-            - ROLE_USERLI_ADMIN_ALIAS_VIEW
-            - ROLE_USERLI_ADMIN_ALIAS_CREATE
-            - ROLE_USERLI_ADMIN_ALIAS_EDIT
-            - ROLE_USERLI_ADMIN_ALIAS_DELETE
-
-        # Domain
-        ROLE_USERLI_ADMIN_DOMAIN_READER:
-            - ROLE_USERLI_ADMIN_DOMAIN_LIST
-            - ROLE_USERLI_ADMIN_DOMAIN_VIEW
-        ROLE_USERLI_ADMIN_DOMAIN_EDITOR:
-            - ROLE_USERLI_ADMIN_DOMAIN_CREATE
-            - ROLE_USERLI_ADMIN_DOMAIN_EDIT
-        ROLE_USERLI_ADMIN_DOMAIN_ADMIN:
-            - ROLE_USERLI_ADMIN_DOMAIN_ALL
-
-        # Voucher
-        ROLE_USERLI_ADMIN_VOUCHER_READER:
-            - ROLE_USERLI_ADMIN_VOUCHER_LIST
-            - ROLE_USERLI_ADMIN_VOUCHER_VIEW
-        ROLE_USERLI_ADMIN_VOUCHER_EDITOR:
-            - ROLE_USERLI_ADMIN_VOUCHER_CREATE
-            - ROLE_USERLI_ADMIN_VOUCHER_EDIT
-        ROLE_USERLI_ADMIN_VOUCHER_ADMIN:
-            - ROLE_USERLI_ADMIN_VOUCHER_ALL
-
-        # Reserved Name
-        ROLE_USERLI_ADMIN_RESERVEDNAME_READER:
-            - ROLE_USERLI_ADMIN_RESERVEDNAME_LIST
-            - ROLE_USERLI_ADMIN_RESERVEDNAME_VIEW
-        ROLE_USERLI_ADMIN_RESERVEDNAME_EDITOR:
-            - ROLE_USERLI_ADMIN_RESERVEDNAME_CREATE
-            - ROLE_USERLI_ADMIN_RESERVEDNAME_EDIT
-        ROLE_USERLI_ADMIN_RESERVEDNAME_ADMIN:
-            - ROLE_USERLI_ADMIN_RESERVEDNAME_ALL
-
         # Spam account is always suspicious
         ROLE_SPAM:
             - ROLE_USER
             - ROLE_SUSPICIOUS
-
         ROLE_PERMANENT:
             - ROLE_USER
         ROLE_MULTIPLIER:
             - ROLE_USER
         ROLE_DOMAIN_ADMIN:
             - ROLE_PERMANENT
-            - ROLE_MULTIPLIER
-            - ROLE_SONATA_ADMIN
-            - ROLE_USERLI_ADMIN_USER_ADMIN
-            - ROLE_USERLI_ADMIN_ALIAS_ADMIN
         ROLE_ADMIN:
-            - ROLE_DOMAIN_ADMIN
-            - ROLE_USERLI_ADMIN_DOMAIN_ADMIN
-            - ROLE_USERLI_ADMIN_VOUCHER_ADMIN
-            - ROLE_USERLI_ADMIN_RESERVEDNAME_ADMIN
+            - ROLE_MULTIPLIER
         ROLE_SUPER_ADMIN:
             - ROLE_ADMIN
             - ROLE_ALLOWED_TO_SWITCH
@@ -162,7 +96,8 @@ security:
       - { path: "^/alias", roles: ROLE_USER, allow_if: "!is_granted('ROLE_SPAM')" }
       - { path: "^/account", roles: ROLE_USER, allow_if: "!is_granted('ROLE_SPAM')" }
       - { path: "^/openpgp", roles: ROLE_USER, allow_if: "!is_granted('ROLE_SPAM')" }
-      - { path: "^/admin", roles: ROLE_DOMAIN_ADMIN }
+      - { path: "^/domain", roles: ROLE_DOMAIN_ADMIN }
+      - { path: "^/admin", roles: ROLE_ADMIN }
       - {
           path: "^/api/keycloak",
           ips: "%env(KEYCLOAK_API_IP_ALLOWLIST)%",

config/packages/sonata_admin.yaml

@@ -1,23 +1,25 @@
 sonata_admin:
-    title: Userli
-    title_logo: 'build/images/logo_small.png'
-    show_mosaic_button: false
-    dashboard:
-        blocks:
-          - position: left
-            type: sonata.admin.block.admin_list
-          - position: right
-            type: userli.admin.block.statistics
-    templates:
-        layout: 'Admin/standard_layout.html.twig'
-        user_block: 'Admin/user_block.html.twig'
-    security:
-        handler: sonata.admin.security.handler.role
+  title: Userli
+  title_logo: 'build/images/logo_small.png'
+  show_mosaic_button: false
+  dashboard:
+    blocks:
+      - position: left
+        type: sonata.admin.block.admin_list
+      - position: right
+        type: userli.admin.block.statistics
+  templates:
+    layout: 'Admin/standard_layout.html.twig'
+    user_block: 'Admin/user_block.html.twig'
+  security:
+    handler: sonata.admin.security.handler.noop
+    role_admin: ROLE_ADMIN
+    role_super_admin: ROLE_SUPER_ADMIN
 
 sonata_block:
-    http_cache: false
-    default_contexts: [cms]
-    blocks:
-        sonata.admin.block.admin_list:
-            contexts:   [admin]
-        userli.admin.block.statistics: ~
+  http_cache: false
+  default_contexts: [ cms ]
+  blocks:
+    sonata.admin.block.admin_list:
+      contexts: [ admin ]
+    userli.admin.block.statistics: ~

default_translations/de/messages.de.yml

@@ -21,6 +21,8 @@ start:
   openpgp-settings: OpenPGP
   openpgp-settings-desc: Veröffentliche deinen Schlüssel
   openpgp-settings-title: OpenPGP-Schlüssel im Web Key Directory veröffentlichen
+  domain-settings: Domain verwalten
+  domain-settings-desc: Einstellungen für deine Domain
 
 index:
   title: Verwalte dein E-Mail-Konto
@@ -75,11 +77,13 @@ form:
   oclock-by: Uhr von
   actual-password: Aktuelles Passwort
   new-custom-alias: Neue Alias-Adresse
+  new-alias: Neue Alias-Adresse
   plain-password: Neues Passwort
   plain-password_confirmation: Neues Passwort bestätigen
   change-password: Passwort ändern
   delete-account: Konto löschen
   delete-password: Passwort
+  create-alias: Erstelle Alias-Adresse
   create-voucher: Erstelle Einladungscode
   create-custom-alias: Hinzufügen
   create-random-alias: Generiere zufällige Alias-Adresse
@@ -336,3 +340,12 @@ openpgp:
   keyid-label: "Schlüssel-ID:"
   fingerprint-label: "Fingerprint:"
   expiretime-label: "Ablaufdatum:"
+
+domain_settings:
+  title: Domain verwalten
+  intro: Hier kannst du Einstellungen für deine Domain vornehmen.
+  new-account: Neues Konto erstellen
+  new-alias: Neue Alias-Adresse erstellen
+  form-error: Es ist ein Fehler aufgetreten. Bitte überprüfe deine Eingaben.
+  registration-success: Das Konto wurde erfolgreich erstellt.
+  alias-success: Die Alias-Adresse wurde erfolgreich erstellt.

default_translations/en/messages.en.yml

@@ -21,6 +21,8 @@ start:
   openpgp-settings: OpenPGP
   openpgp-settings-desc: Publish your key
   openpgp-settings-title: Publish your OpenPGP key in the Web Key Directory
+  domain-settings: Domain settings
+  domain-settings-desc: Manage your domain
 
 index:
   title: Manage your e-mail account
@@ -75,13 +77,15 @@ form:
   oclock-by: by
   actual-password: Current password
   new-custom-alias: New alias address
+  new-alias: New alias address
   plain-password: New password
   plain-password_confirmation: Confirm new password
   change-password: Change your password
   delete-account: Delete account
   delete-password: Password
   create-voucher: Create invite code
   create-custom-alias: Add
+  create-alias: Add alias address
   create-random-alias: Generate random alias address
   delete-alias: Delete alias address
   generate-recovery-token: Create new recovery token
@@ -327,3 +331,12 @@ openpgp:
   keyid-label: "Key ID:"
   fingerprint-label: "Fingerprint:"
   expiretime-label: "Expiry date:"
+
+domain_settings:
+  title: Domain settings
+  intro: Here you can manage your domain settings.
+  new-account: Create new account
+  new-alias: Create new alias address
+  form-error: An error occurred. Please check your input.
+  registration-success: Account created successfully.
+  alias-success: Alias address created successfully.

features/admin.feature

@@ -10,7 +10,7 @@ Feature: Admin
       | email               | password | roles             |
       | louis@example.org   | asdasd   | ROLE_ADMIN        |
       | domain@example.com  | asdasd   | ROLE_DOMAIN_ADMIN |
-      | support@example.org | asdasd   | ROLE_MULTIPLIER      |
+      | support@example.org | asdasd   | ROLE_MULTIPLIER   |
       | user@example.org    | asdasd   | ROLE_USER         |
     And the following Voucher exists:
       | code | user             |
@@ -38,9 +38,7 @@ Feature: Admin
   Scenario: Access to Admin Interface as Domain Admin
     When I am authenticated as "[email protected]"
     And I am on "/admin/dashboard"
-    Then the response status code should be 200
-    And I should see text matching "Logout"
-    And I should see text matching "Return to Index"
+    Then the response status code should be 403
 
   @admin
   Scenario: Access to Admin Interface as Support
@@ -68,11 +66,10 @@ Feature: Admin
   Scenario: Access User List and able to create a User as Domain Admin
     When I am authenticated as "[email protected]"
     And I am on "/admin/user/list"
-    Then the response status code should be 200
-    And I should not see "example.org"
+    Then the response status code should be 403
 
     When I am on "/admin/user/create"
-    Then the response status code should be 200
+    Then the response status code should be 403
 
   @admin
   Scenario: Access User List and able to create a User as Support
@@ -123,10 +120,10 @@ Feature: Admin
   Scenario: Access Alias List and able to create a Alias as Domain Admin
     When I am authenticated as "[email protected]"
     And I am on "/admin/alias/list"
-    Then the response status code should be 200
+    Then the response status code should be 403
 
     When I am on "/admin/alias/create"
-    Then the response status code should be 200
+    Then the response status code should be 403
 
   @admin
   Scenario: Access Alias List and able to create a Alias as Support

features/domain.feature

@@ -0,0 +1,42 @@
+Feature: Domain
+
+  Background:
+    Given the database is clean
+    And the following Domain exists:
+      | name        |
+      | example.org |
+    And the following User exists:
+      | email              | password | roles             |
+      | domain@example.org | asdasd   | ROLE_DOMAIN_ADMIN |
+
+
+  Scenario: Access to Domain Interface as Domain
+    When I am on "/domain/settings"
+    Then I should be on "/login"
+    And the response status code should be 200
+
+    When I am authenticated as "[email protected]"
+    And I am on "/domain/settings"
+    Then the response status code should be 200
+
+  Scenario: Create new account
+    When I am authenticated as "[email protected]"
+    And I am on "/domain/settings"
+    And I fill in the following:
+      | basic_registration_email                | user         |
+      | basic_registration_plainPassword_first  | P4ssW0rd!!!1 |
+      | basic_registration_plainPassword_second | P4ssW0rd!!!1 |
+    And I press "Submit"
+
+    Then I should be on "/domain/settings"
+    And I should see text matching "Account created successfully."
+
+  Scenario: Create new alias
+    When I am authenticated as "[email protected]"
+    And I am on "/domain/settings"
+    And I fill in the following:
+      | alias_alias | test_alias |
+    And I press "Add alias address"
+
+    Then I should be on "/domain/settings"
+    And I should see text matching "Alias address created successfully."

src/Builder/MenuBuilder.php

@@ -36,7 +36,7 @@ public function createNavbarRight(): ItemInterface
         if (!$this->authChecker->isGranted('IS_AUTHENTICATED_FULLY')) {
             $menu->addChild('navbar_right.login', ['route' => 'login']);
         } else {
-            if ($this->authChecker->isGranted(Roles::DOMAIN_ADMIN)) {
+            if ($this->authChecker->isGranted(Roles::ADMIN)) {
                 $menu->addChild('navbar_right.admin', ['route' => 'sonata_admin_dashboard']);
             }