SF.net SVN: postfixadmin:[1265] trunk/functions.inc.php
Brought to you by:
christian_boltz,
gingerdog
From: <chr...@us...> - 2011-11-12 20:44:41
|
Revision: 1265 http://postfixadmin.svn.sourceforge.net/postfixadmin/?rev=1265&view=rev Author: christian_boltz Date: 2011-11-12 20:44:35 +0000 (Sat, 12 Nov 2011) Log Message: ----------- functions.inc.php - list_domains_for_admin(): - rewrite to work for superadmins also (will list all domains now instead of "ALL"), which means we can drop the admin vs. superadmin check at various places - escape_string $username Modified Paths: -------------- trunk/functions.inc.php Modified: trunk/functions.inc.php =================================================================== --- trunk/functions.inc.php 2011-11-12 19:48:27 UTC (rev 1264) +++ trunk/functions.inc.php 2011-11-12 20:44:35 UTC (rev 1265) @@ -773,17 +773,24 @@ function list_domains_for_admin ($username) { global $CONF; global $table_domain, $table_domain_admins; + + $E_username = escape_string($username); + + $query = "SELECT $table_domain.domain FROM $table_domain "; + $condition[] = "$table_domain.domain != 'ALL'"; + + $result = db_query ("SELECT username FROM $table_domain_admins WHERE username='$E_username' AND domain='ALL'"); + if ($result['rows'] < 1) { # not a superadmin + $query .= " LEFT JOIN $table_domain_admins ON $table_domain.domain=$table_domain_admins.domain "; + $condition[] = "$table_domain_admins.username='$E_username' "; + $condition[] = "$table_domain.active='" . db_get_boolean(true) . "'"; # TODO: does it really make sense to exclude inactive... + $condition[] = "$table_domain.backupmx='" . db_get_boolean(False) . "'"; # TODO: ... and backupmx domains for non-superadmins? + } + + $query .= " WHERE " . join(' AND ', $condition); + $query .= " ORDER BY $table_domain.domain"; + $list = array (); - // does $username need escaping here? - $active_sql = db_get_boolean(True); - $backupmx_sql = db_get_boolean(False); - $query = "SELECT $table_domain.domain, $table_domain_admins.username FROM $table_domain - LEFT JOIN $table_domain_admins ON $table_domain.domain=$table_domain_admins.domain - WHERE $table_domain_admins.username='$username' - AND $table_domain.active='$active_sql' - AND $table_domain.backupmx='$backupmx_sql' - ORDER BY $table_domain_admins.domain"; - $result = db_query ($query); if ($result['rows'] > 0) { $i = 0; This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |