SF.net SVN: postfixadmin:[1265] trunk/functions.inc.php

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Revision: 1265
          http://postfixadmin.svn.sourceforge.net/postfixadmin/?rev=1265&view=rev
Author:   christian_boltz
Date:     2011-11-12 20:44:35 +0000 (Sat, 12 Nov 2011)
Log Message:
-----------
functions.inc.php - list_domains_for_admin():
- rewrite to work for superadmins also (will list all domains now
  instead of "ALL"), which means we can drop the admin vs. superadmin
  check at various places
- escape_string $username

Modified Paths:
--------------
    trunk/functions.inc.php

Modified: trunk/functions.inc.php
===================================================================

--- trunk/functions.inc.php	2011-11-12 19:48:27 UTC (rev 1264)
+++ trunk/functions.inc.php	2011-11-12 20:44:35 UTC (rev 1265)
@@ -773,17 +773,24 @@
 function list_domains_for_admin ($username) {
     global $CONF;
     global $table_domain, $table_domain_admins;
+
+    $E_username = escape_string($username);
+
+    $query = "SELECT $table_domain.domain FROM $table_domain ";
+    $condition[] = "$table_domain.domain != 'ALL'";
+
+    $result = db_query ("SELECT username FROM $table_domain_admins WHERE username='$E_username' AND domain='ALL'");
+    if ($result['rows'] < 1) { # not a superadmin
+        $query .= " LEFT JOIN $table_domain_admins ON $table_domain.domain=$table_domain_admins.domain ";
+        $condition[] = "$table_domain_admins.username='$E_username' ";
+        $condition[] = "$table_domain.active='"   . db_get_boolean(true)  . "'"; # TODO: does it really make sense to exclude inactive...
+        $condition[] = "$table_domain.backupmx='" . db_get_boolean(False) . "'"; # TODO: ... and backupmx domains for non-superadmins?
+    }
+
+    $query .= " WHERE " . join(' AND ', $condition);
+    $query .= " ORDER BY $table_domain.domain";
+
     $list = array ();
-    // does $username need escaping here?
-    $active_sql = db_get_boolean(True);
-    $backupmx_sql = db_get_boolean(False);
-    $query = "SELECT $table_domain.domain, $table_domain_admins.username FROM $table_domain 
-        LEFT JOIN $table_domain_admins ON $table_domain.domain=$table_domain_admins.domain 
-        WHERE $table_domain_admins.username='$username' 
-        AND $table_domain.active='$active_sql'
-        AND $table_domain.backupmx='$backupmx_sql'
-        ORDER BY $table_domain_admins.domain";
-
     $result = db_query ($query);
     if ($result['rows'] > 0) {
         $i = 0;

This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.



