allow admins without change-serversettings to adjust dkim flag of domains, hide webserver-ssl-options for new domains if no default ssl-ip-addresses are selected in the settings; adjust visibility of possibly required dns entries for admins (domain edit)

Signed-off-by: Michael Kaufmann <d00p@froxlor.org>

lib/Froxlor/Api/Commands/Domains.php

@@ -201,7 +201,7 @@ class Domains extends ApiCommand implements ResourceEntity
 	 * @param string $zonefile
 	 *            optional, custom dns zone filename (only of nameserver is activated), default empty (auto-generated)
 	 * @param bool $dkim
-	 *            optional, currently not in use, default 0 (false)
+	 *            optional, whether this domain should use dkim if antispam is activated, default 0 (false)
 	 * @param string $specialsettings
 	 *            optional, custom webserver vhost-content which is added to the generated vhost, default empty
 	 * @param string $ssl_specialsettings
@@ -474,7 +474,6 @@ class Domains extends ApiCommand implements ResourceEntity
 					}
 					$caneditdomain = '1';
 					$zonefile = '';
-					$dkim = '0';
 					$specialsettings = '';
 					$ssl_specialsettings = '';
 					$include_specialsettings = 0;
@@ -550,8 +549,11 @@ class Domains extends ApiCommand implements ResourceEntity
 					}
 				}
 				if (Settings::Get('system.use_ssl') == "1" && $sslenabled == 1 && empty($ssl_ipandports)) {
-					// enabled ssl for the domain but no ssl ip/port is selected
-					Response::standardError('nosslippportgiven', '', true);
+					// if this is a customer standard-subdomain, we simply ignore this and disable ssl-related settings (see if-statement below)
+					if (!$is_stdsubdomain) {
+						// enabled ssl for the domain but no ssl ip/port is selected
+						Response::standardError('nosslippportgiven', '', true);
+					}
 				}
 				if (Settings::Get('system.use_ssl') == "0" || empty($ssl_ipandports)) {
 					$ssl_redirect = 0;
@@ -1088,7 +1090,7 @@ class Domains extends ApiCommand implements ResourceEntity
 	 * @param string $zonefile
 	 *            optional, custom dns zone filename (only of nameserver is activated), default empty (auto-generated)
 	 * @param bool $dkim
-	 *            optional, currently not in use, default 0 (false)
+	 *            optional, whether this domain should use dkim if antispam is activated, default 0 (false)
 	 * @param string $specialsettings
 	 *            optional, custom webserver vhost-content which is added to the generated vhost, default empty
 	 * @param string $ssl_specialsettings
@@ -1460,7 +1462,6 @@ class Domains extends ApiCommand implements ResourceEntity
 			} else {
 				$isbinddomain = $result['isbinddomain'];
 				$zonefile = $result['zonefile'];
-				$dkim = $result['dkim'];
 				$specialsettings = $result['specialsettings'];
 				$ssl_specialsettings = $result['ssl_specialsettings'];
 				$include_specialsettings = $result['include_specialsettings'];

lib/formfields/admin/domains/formfield.domains_add.php

@@ -193,7 +193,7 @@ return [
 						'label' => lng('admin.domain_sslenabled'),
 						'type' => 'checkbox',
 						'value' => '1',
-						'checked' => !empty($ssl_ipsandports)
+						'checked' => !empty(Settings::Get('system.defaultsslip'))
 					],
 					'no_ssl_available_info' => [
 						'visible' => empty($ssl_ipsandports),

lib/formfields/admin/domains/formfield.domains_edit.php

@@ -437,7 +437,7 @@ return [
 			'section_d' => [
 				'title' => lng('admin.nameserversettings'),
 				'image' => 'icons/domain_edit.png',
-				'visible' => ($userinfo['change_serversettings'] == '1' || ($userinfo['change_serversettings'] == '0' && $result['isbinddomain'] == '0')) && (Settings::Get('system.bind_enable') == '1' || $result['isemaildomain'] == '1'),
+				'visible' => ($userinfo['change_serversettings'] == '1' && Settings::Get('system.bind_enable') == '1') || ($result['isemaildomain'] == '1' && (Settings::Get('spf.use_spf') == '1' || Settings::Get('dmarc.use_dmarc') == '1' || (Settings::Get('antispam.activated') == '1' && $result['dkim'] == '1' && $result['dkim_pubkey'] != ''))),
 				'fields' => [
 					'isbinddomain' => [
 						'visible' => $userinfo['change_serversettings'] == '1' && Settings::Get('system.bind_enable') == '1',
@@ -454,19 +454,19 @@ return [
 						'value' => $result['zonefile']
 					],
 					'spf_entry' => [
-						'visible' => ($result['isbinddomain'] == '0' && Settings::Get('spf.use_spf') == '1' && $result['isemaildomain'] == '1'),
+						'visible' => (Settings::Get('spf.use_spf') == '1' && $result['isemaildomain'] == '1'),
 						'label' => lng('antispam.required_spf_dns'),
 						'type' => 'longtext',
 						'value' => (string)(new \Froxlor\Dns\DnsEntry('@', 'TXT', \Froxlor\Dns\Dns::encloseTXTContent(Settings::Get('spf.spf_entry'))))
 					],
 					'dmarc_entry' => [
-						'visible' => ($result['isbinddomain'] == '0' && Settings::Get('dmarc.use_dmarc') == '1' && $result['isemaildomain'] == '1'),
+						'visible' => (Settings::Get('dmarc.use_dmarc') == '1' && $result['isemaildomain'] == '1'),
 						'label' => lng('antispam.required_dmarc_dns'),
 						'type' => 'longtext',
 						'value' => (string)(new \Froxlor\Dns\DnsEntry('_dmarc', 'TXT', \Froxlor\Dns\Dns::encloseTXTContent(Settings::Get('dmarc.dmarc_entry'))))
 					],
 					'dkim_entry' => [
-						'visible' => ($result['isbinddomain'] == '0'  && Settings::Get('antispam.activated') == '1' && $result['dkim'] == '1' && $result['dkim_pubkey'] != '' && $result['isemaildomain'] == '1'),
+						'visible' => (Settings::Get('antispam.activated') == '1' && $result['dkim'] == '1' && $result['dkim_pubkey'] != '' && $result['isemaildomain'] == '1'),
 						'label' => lng('antispam.required_dkim_dns'),
 						'type' => 'longtext',
 						'value' => (string)(new \Froxlor\Dns\DnsEntry('dkim' . $result['dkim_id'] . '._domainkey', 'TXT', \Froxlor\Dns\Dns::encloseTXTContent('v=DKIM1; k=rsa; p='.trim($result['dkim_pubkey']))))