make a privileges column in the users table and mark the first user as an admin

management/daemon.py

@@ -1,12 +1,14 @@
 #!/usr/bin/python3
 
-import os, os.path, re
+import os, os.path, re, json
 
-from flask import Flask, request, render_template, abort
+from flask import Flask, request, render_template, abort, Response
 app = Flask(__name__)
 
 import auth, utils
-from mailconfig import get_mail_users, add_mail_user, set_mail_password, remove_mail_user, get_mail_aliases, get_mail_domains, add_mail_alias, remove_mail_alias
+from mailconfig import get_mail_users, add_mail_user, set_mail_password, remove_mail_user
+from mailconfig import get_mail_user_privileges, add_remove_mail_user_privilege
+from mailconfig import get_mail_aliases, get_mail_domains, add_mail_alias, remove_mail_alias
 
 env = utils.load_environment()
 
@@ -29,7 +31,11 @@ def index():
 
 @app.route('/mail/users')
 def mail_users():
-    return "".join(x+"\n" for x in get_mail_users(env))
+	if request.args.get("format", "") == "json":
+		users = get_mail_users(env, as_json=True)
+		return Response(json.dumps(users), status=200, mimetype='application/json')
+	else:
+		return "".join(x+"\n" for x in get_mail_users(env))
 
 @app.route('/mail/users/add', methods=['POST'])
 def mail_users_add():
@@ -43,6 +49,22 @@ def mail_users_password():
 def mail_users_remove():
 	return remove_mail_user(request.form.get('email', ''), env)
 
+
+@app.route('/mail/users/privileges')
+def mail_user_privs():
+	privs = get_mail_user_privileges(request.args.get('email', ''), env)
+	if isinstance(privs, tuple): return privs # error
+	return "\n".join(privs)
+
+@app.route('/mail/users/privileges/add', methods=['POST'])
+def mail_user_privs_add():
+	return add_remove_mail_user_privilege(request.form.get('email', ''), request.form.get('privilege', ''), "add", env)
+
+@app.route('/mail/users/privileges/remove', methods=['POST'])
+def mail_user_privs_remove():
+	return add_remove_mail_user_privilege(request.form.get('email', ''), request.form.get('privilege', ''), "remove", env)
+
+
 @app.route('/mail/aliases')
 def mail_aliases():
     return "".join(x+"\t"+y+"\n" for x, y in get_mail_aliases(env))

management/mailconfig.py

@@ -46,10 +46,16 @@ def open_database(env, with_connection=False):
 	else:
 		return conn, conn.cursor()
 
-def get_mail_users(env):
+def get_mail_users(env, as_json=False):
 	c = open_database(env)
-	c.execute('SELECT email FROM users')
-	return [row[0] for row in c.fetchall()]
+	c.execute('SELECT email, privileges FROM users')
+	if not as_json:
+		return [row[0] for row in c.fetchall()]
+	else:
+		return [
+			{ "email": row[0], "privileges": parse_privs(row[1]) }
+			for row in c.fetchall()
+			 ]
 
 def get_mail_aliases(env):
 	c = open_database(env)
@@ -122,6 +128,40 @@ def remove_mail_user(email, env):
 	# Update things in case any domains are removed.
 	return kick(env, "mail user removed")
 
+def parse_privs(value):
+	return [p for p in value.split("\n") if p.strip() != ""]
+
+def get_mail_user_privileges(email, env):
+	c = open_database(env)
+	c.execute('SELECT privileges FROM users WHERE email=?', (email,))
+	rows = c.fetchall()
+	if len(rows) != 1:
+		return ("That's not a user (%s)." % email, 400)
+	return parse_privs(rows[0][0])
+
+def add_remove_mail_user_privilege(email, priv, action, env):
+	if "\n" in priv or priv.strip() == "":
+		return ("That's not a valid privilege (%s)." % priv, 400)
+
+	privs = get_mail_user_privileges(email, env)
+	if isinstance(privs, tuple): return privs # error
+
+	if action == "add":
+		if priv not in privs:
+			privs.append(priv)
+	elif action == "remove":
+		privs = [p for p in privs if p != priv]
+	else:
+		return ("Invalid action.", 400)
+
+	conn, c = open_database(env, with_connection=True)
+	c.execute("UPDATE users SET privileges=? WHERE email=?", ("\n".join(privs), email))
+	if c.rowcount != 1:
+		return ("Something went wrong.", 400)
+	conn.commit()
+
+	return "OK"
+
 def add_mail_alias(source, destination, env, do_kick=True):
 	if not validate_email(source, mode='alias'):
 		return ("Invalid email address.", 400)