Add UI option

Author: Kristan Kenney

web/edit/server/index.php

@@ -695,6 +695,16 @@
         }
     }
 
+    // Change RESTRICTED_ADMIN
+    if (empty($_SESSION['error_msg'])) {
+        if ($_POST['v_restrict_admin'] != $_SESSION['RESTRICTED_ADMIN']) {
+            exec (HESTIA_CMD."v-change-sys-config-value RESTRICTED_ADMIN ".escapeshellarg($_POST['v_restrict_admin']), $output, $return_var);
+            check_return_code($return_var,$output);
+            unset($output);
+            if (empty($_SESSION['error_msg'])) $v_enforce_subdomain_ownership = $_POST['v_restrict_admin'];
+            $v_security_adv = 'yes';
+        }
+    }
     // Change login style
     if (empty($_SESSION['error_msg'])) {
         if ($_POST['v_login_style'] != $_SESSION['LOGIN_STYLE']) {

web/templates/admin/edit_server.html

@@ -1024,6 +1024,22 @@
                                                 <br><br>
                                             </td>
                                         </tr>
+                                        <? if (($_SESSION['userContext'] === "admin") && ($_SESSION['user'] === 'admin')) {?>
+                                            <tr>
+                                                <td class="vst-text input-label">
+                                                    <?php print _('Restrict access to System Administrator account');?>
+                                                </td>
+                                            </tr>
+                                            <tr>
+                                                <td>
+                                                    <select class="vst-list" name="v_restrict_admin">
+                                                        <option value='yes'><?php print _('yes'); ?></option>
+                                                        <option value='no' <?php if($_SESSION['RESTRICTED_ADMIN'] == 'no') echo 'selected' ?> ><?php print _('no'); ?></option>
+                                                    </select>
+                                                    <br><br>
+                                                </td>
+                                            </tr>
+                                        <?}?>
                                         <tr>
                                             <td class="vst-text input-label">
                                                 <?php print _('Inactive session timeout');?> (<?php print _('Minutes');?>)

web/templates/admin/list_db.html

@@ -46,7 +46,7 @@
                   <button type="submit" class="l-sort-toolbar__filter-apply" onclick="return doSearch('/search/')" value="" title="<?=_('Search')?>"><i class="fas fa-search"></i></button>
                 </form>
               </td>
-              <? if (($_SESSION['userContext'] === 'admin') && ($_SESSION['look'] === 'admin')) {?>
+              <? if (($_SESSION['userContext'] === 'admin') && ($_SESSION['look'] === 'admin') && ($_SESSION['RESTRICTED_ADMIN'] === 'yes')) {?>
                 <!-- Hide bulk actions for domain items when impersonating 'admin' account-->
               <? } else { ?>
                 <td>

web/templates/admin/list_dns.html

@@ -27,7 +27,7 @@
                   <button type="submit" class="l-sort-toolbar__filter-apply" onclick="return doSearch('/search/')" value="" title="<?=_('Search')?>"><i class="fas fa-search"></i></button>
                 </form>
               </td>
-              <? if (($_SESSION['userContext'] === 'admin') && ($_SESSION['look'] === 'admin')) {?>
+              <? if (($_SESSION['userContext'] === 'admin') && ($_SESSION['look'] === 'admin') && ($_SESSION['RESTRICTED_ADMIN'] === 'yes')) {?>
                 <!-- Hide bulk actions for domain items when impersonating 'admin' account-->
               <? } else { ?>
                 <td>

web/templates/admin/list_log.html

@@ -1,20 +1,29 @@
 <div class="l-center">
   <div class="l-sort clearfix noselect">
     <div class="l-unit-toolbar__buttonstrip">
-      <a href="/edit/user/?user=<?php echo $user; ?>&token=<?=$_SESSION['token']?>" id="btn-back" class="ui-button cancel" dir="ltr"><i class="fas fa-arrow-left status-icon blue"></i><?=_('Back')?></a>
+      <? if (($_SESSION['userContext'] === 'admin') && ($_SESSION['look'] === 'admin')) {?>
+        <a href="/list/user/" id="btn-back" class="ui-button cancel" dir="ltr"><i class="fas fa-arrow-left status-icon blue"></i><?=_('Back')?></a>
+      <? } else { ?>
+        <a href="/edit/user/?user=<?php echo $user; ?>&token=<?=$_SESSION['token']?>" id="btn-back" class="ui-button cancel" dir="ltr"><i class="fas fa-arrow-left status-icon blue"></i><?=_('Back')?></a>
+      <? } ?>
+      
       <a href="/list/log/auth/" id="btn-list" class="ui-button cancel" dir="ltr" title="<?=_('Login history');?>"><i class="fas fa-binoculars status-icon green"></i><?=_('Login history')?></a>
     </div>
     <div class="l-unit-toolbar__buttonstrip float-right">
       <a href="javascript:location.reload();" class="ui-button cancel" dir="ltr"><i class="fas fa-redo status-icon green"></i><?=_('Refresh')?></a>
+    <? if (($_SESSION['userContext'] === 'admin') && ($_SESSION['look'] === 'admin') && ($_SESSION['RESTRICTED_ADMIN'] === 'yes')) {?>
+      <!-- Hide delete buttons-->
+    <? } else { ?>
       <div class="actions-panel display-inline-block" key-action="js">
         <a class="data-controls do_delete ui-button danger cancel">
           <i class="do_delete fas fa-times-circle status-icon red"></i><?=_('Delete')?>
           <input type="hidden" name="delete_url" value="/delete/log/?token=<?=$_SESSION['token']?>" />
             <div class="confirmation-text-delete hidden" title="<?=_('Confirmation')?>">
               <p class="confirmation"><?=_('DELETE_LOGS_CONFIRMATION')?></p>
             </div>
-        </a>
-      </div>
+          </a>
+        </div>
+      <? } ?>
     </div>
   </div>
 </div>

web/templates/admin/list_log_auth.html

@@ -5,15 +5,19 @@
     </div>
     <div class="l-unit-toolbar__buttonstrip float-right">
       <a href="javascript:location.reload();" class="ui-button cancel" dir="ltr"><i class="fas fa-redo status-icon green"></i><?=_('Refresh')?></a>
-      <div class="actions-panel display-inline-block" key-action="js">
-        <a class="data-controls do_delete ui-button danger cancel">
-          <i class="do_delete fas fa-times-circle status-icon red"></i><?=_('Delete')?>
-          <input type="hidden" name="delete_url" value="/delete/log/auth/?token=<?=$_SESSION['token']?>" />
-            <div class="confirmation-text-delete hidden" title="<?=_('Confirmation')?>">
-              <p class="confirmation"><?=_('DELETE_LOGS_CONFIRMATION')?></p>
-            </div>
-        </a>
-      </div>
+      <? if (($_SESSION['userContext'] === 'admin') && ($_SESSION['look'] === 'admin') && ($_SESSION['RESTRICTED_ADMIN'] === 'yes')) {?>
+              <!-- Hide delete buttons-->
+      <? } else { ?>
+        <div class="actions-panel display-inline-block" key-action="js">
+          <a class="data-controls do_delete ui-button danger cancel">
+            <i class="do_delete fas fa-times-circle status-icon red"></i><?=_('Delete')?>
+            <input type="hidden" name="delete_url" value="/delete/log/auth/?token=<?=$_SESSION['token']?>" />
+              <div class="confirmation-text-delete hidden" title="<?=_('Confirmation')?>">
+                <p class="confirmation"><?=_('DELETE_LOGS_CONFIRMATION')?></p>
+              </div>
+          </a>
+        </div>
+      <? } ?>
     </div>
   </div>
 </div>

web/templates/admin/list_web.html

@@ -1,7 +1,7 @@
     <div class="l-center">
       <div class="l-sort clearfix noselect">
         <div class="l-unit-toolbar__buttonstrip">
-          <? if (($_SESSION['userContext'] === 'admin') && ($_SESSION['RESTRICTED_ADMIN'] === 'yes')) {?>
+          <? if (($_SESSION['userContext'] === 'admin') && ($_SESSION['look'] === 'admin') && ($_SESSION['RESTRICTED_ADMIN'] === 'yes')) {?>
             <!-- Hide item creation button when impersonating 'admin' account -->
           <? } else {?>
             <a href="/add/web/" id="btn-create" class="ui-button cancel" dir="ltr"><i class="fas fa-plus-circle status-icon green"></i><?=_('Add Web Domain')?></a>

web/templates/admin/panel.html

@@ -45,9 +45,11 @@
 			<? } ?>
 			<? if (($_SESSION['userContext'] === 'admin') && (isset($_SESSION['look']) && ($user == 'admin'))) {?>
 				<!-- Hide 'edit user' entry point from other administrators for default 'admin' account-->
+				<div class="l-menu__item"><a href="/list/log/" title="<?_('Logs')?>" class="l-profile__username"><i class="fas fa-history"></i></a></div>
 			<? } else { ?>
 				<div class="l-menu__item"><a href="/edit/user/?user=<?php echo $user; ?>&token=<?=$_SESSION['token']?>" title="<?=htmlspecialchars($user)?> (<?=htmlspecialchars($panel[$user]['NAME'])?>)" class="l-profile__username"><i class="fas fa-user-edit"></i></a></div>
 			<? } ?>
+
 			<?php if ((isset($panel[$user]['ROLE'])) && (!empty($panel[$user]['ROLE'])) && ($panel[$user]['ROLE'] === "admin")) {?>
 				<div class="l-menu__item"><a href="https://github.com/hestiacp/hestiacp/issues/" rel="noopener" target="_new" title="Submit a bug report" class="l-profile__help"><i class="fas fa-exclamation-triangle"></i></a></div>
 			<?php } ?>