Rechtebechebung für User mit Sudorechte

2025-10-19 23:24:16 +02:00 · 2025-10-19 23:24:16 +02:00 · 260570b5a8
parent 127497b5cf
commit 260570b5a8
3 changed files with 71 additions and 41 deletions
--- a/app/Models/Domain.php
+++ b/app/Models/Domain.php
@ -7,6 +7,8 @@ use Illuminate\Database\Eloquent\Relations\HasMany;
 class Domain extends Model
 {
    public $afterCommit = true;
    protected $fillable = [
        'domain','description','tags',
        'is_active','is_system','is_server',
--- a/app/Observers/DomainObserver.php
+++ b/app/Observers/DomainObserver.php
@ -37,6 +37,37 @@ class DomainObserver
            );
        }
    }
    /**
     * Beim Löschen alle DKIM-Selector dieser Domain aus OpenDKIM entfernen.
     */
    public function deleted(Domain $domain): void
    {
        try {
            $svc = app(\App\Services\DkimService::class);
            foreach ($domain->dkimKeys as $key) {
                $svc->removeForDomain($domain, $key->selector);
            }
            // Local storage wegräumen (kein Root nötig)
            $path = storage_path("app/private/dkim/{$domain->domain}");
            if (is_dir($path)) {
                \Illuminate\Support\Facades\File::deleteDirectory($path);
            }
            Log::info("Domain deleted + DKIM cleaned", ['domain' => $domain->domain]);
        } catch (\Throwable $e) {
            Log::error("Domain delete cleanup failed", ['domain'=>$domain->domain,'error'=>$e->getMessage()]);
        }
    }
    public function forceDeleted(Domain $domain): void
    {
        $this->deleted($domain);
    }
    //    public function created(Domain $domain): void
 //    {
 //        if ($domain->is_server) {
@ -63,30 +94,6 @@ class DomainObserver
 //        );
 //    }
    /**
     * Beim Löschen alle DKIM-Selector dieser Domain aus OpenDKIM entfernen.
     */
    public function deleted(Domain $domain): void
    {
        try {
            $svc = app(\App\Services\DkimService::class);
            foreach ($domain->dkimKeys as $key) {
                $svc->removeForDomain($domain, $key->selector);
            }
            // Local storage wegräumen (kein Root nötig)
            $path = storage_path("app/private/dkim/{$domain->domain}");
            if (is_dir($path)) {
                \Illuminate\Support\Facades\File::deleteDirectory($path);
            }
            Log::info("Domain deleted + DKIM cleaned", ['domain' => $domain->domain]);
        } catch (\Throwable $e) {
            Log::error("Domain delete cleanup failed", ['domain'=>$domain->domain,'error'=>$e->getMessage()]);
        }
    }
 //    public function deleted(Domain $domain): void
 //    {
 //        try {
@ -113,9 +120,4 @@ class DomainObserver
 //            ]);
 //        }
 //    }
    public function forceDeleted(Domain $domain): void
    {
        $this->deleted($domain);
    }
 }
--- a/app/Services/DkimService.php
+++ b/app/Services/DkimService.php
@ -159,24 +159,50 @@ class DkimService
        return $san;
    }
    // selector optional: wenn null → alle Selector der Domain löschen
    public function removeForDomain(Domain|string $domain, ?string $selector = null): void
    {
-        $name = $domain instanceof \App\Models\Domain ? $domain->domain : $domain;
+        $name = $domain instanceof Domain ? $domain->domain : $domain;
        $selector = $selector ?: (string) config('mailpool.defaults.dkim_selector', 'mwl1');
-        // Root-Helper ausführen
+        if (is_null($selector)) {
-        $p = Process::run([
+            // alle Selector aus DB holen und nacheinander entfernen
-            'sudo','-n','/usr/local/sbin/mailwolt-remove-dkim',
+            $keys = $domain instanceof Domain
-            $name, $selector
+                ? $domain->dkimKeys()->pluck('selector')->all()
-        ]);
+                : \App\Models\DkimKey::whereHas('domain', fn($q) => $q->where('domain', $name))
-        if (!$p->successful()) {
+                    ->pluck('selector')->all();
-            throw new \RuntimeException('mailwolt-remove-dkim failed: '.$p->errorOutput());
+
            $keys = $keys ?: ['mwl1']; // notfalls versuchen wir Standard
        } else {
            $keys = [$selector];
        }
-        // OpenDKIM neu laden
+        foreach ($keys as $sel) {
-        Process::run(['sudo','-n','/usr/bin/systemctl','reload','opendkim']);
+            Process::run(['sudo','-n','/usr/local/sbin/mailwolt-remove-dkim',$name,$sel]);
        }
        // Dienst neu laden (ohne Fehler abbrechen)
        Process::run(['sudo','-n','/bin/systemctl','reload','opendkim']);
    }
 //    public function removeForDomain(Domain|string $domain, ?string $selector = null): void
 //    {
 //        $name = $domain instanceof \App\Models\Domain ? $domain->domain : $domain;
 //        $selector = $selector ?: (string) config('mailpool.defaults.dkim_selector', 'mwl1');
 //
 //        // Root-Helper ausführen
 //        $p = Process::run([
 //            'sudo','-n','/usr/local/sbin/mailwolt-remove-dkim',
 //            $name, $selector
 //        ]);
 //        if (!$p->successful()) {
 //            throw new \RuntimeException('mailwolt-remove-dkim failed: '.$p->errorOutput());
 //        }
 //
 //        // OpenDKIM neu laden
 //        Process::run(['sudo','-n','/usr/bin/systemctl','reload','opendkim']);
 //    }
 //    public function removeForDomain(Domain|string $domain): void
 //    {
 //        $domainName = $domain instanceof Domain ? $domain->domain : $domain;