From 68c79b90136f4e1177256a41d13d594e47dbcf44 Mon Sep 17 00:00:00 2001
From: Christian Boltz <postfixadmin@cboltz.de>
Date: Sat, 12 Nov 2011 21:46:25 +0000
Subject: [PATCH] PFAHandler.php: allow restriction to an admin's domain
 permissions

- new protected variables:
  $admin_username  - if set, restrict $allowed_domains to this admin
  $domain_field    - column containing the domain
  $allowed_domains - if $domain_field is set, this is an array with
                     the domain list
- __construct: new optional parameter $admin_username to restrict
  allowed domains to this admin's permissions
- read_from_db(): handle $allowed_domains
- read_from_db(): fix query if $condition == ""

PS: Yes, I know some people would like to kill me for including
    permission stuff in PFAHandler, but it's the best (and shortest,
    only +20 lines) way to handle it.



git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1266 a1433add-5e2c-0410-b055-b7f2511e0802
---
 model/PFAHandler.php | 22 +++++++++++++++++++++-
 1 file changed, 21 insertions(+), 1 deletion(-)

diff --git a/model/PFAHandler.php b/model/PFAHandler.php
index 9ba78d7e..f9862bd5 100644
--- a/model/PFAHandler.php
+++ b/model/PFAHandler.php
@@ -8,6 +8,9 @@ class PFAHandler {
     protected $new = 0; # 1 on create, otherwise 0
     protected $values = array();
     protected $values_valid = false;
+    protected $admin_username = "";     # if set, restrict $allowed_domains to this admin
+    protected $domain_field = "";       # column containing the domain
+    protected $allowed_domains = false; # if $domain_field is set, this is an array with the domain list
 
     public $errormsg = array();
 
@@ -21,8 +24,20 @@ class PFAHandler {
      * Constructor: fill $struct etc.
      * @param string $new
      */
-    public function __construct($new = 0) {
+    public function __construct($new = 0, $admin_username = "") {
         if ($new) $this->new = 1;
+        $this->admin_username = $admin_username;
+
+        if ($this->domain_field == "") {
+            if ($admin_username != "") die('Attemp to restrict domains without setting $this->domain_field!');
+        } else {
+            if ($admin_username != "") {
+                $this->allowed_domains = list_domains_for_admin($admin_username);
+            } else {
+                $this->allowed_domains = list_domains();
+            }
+        }
+
         $this->initStruct();
         $this->initMsg();
     }
@@ -208,9 +223,14 @@ class PFAHandler {
         if (is_array($condition)) {
             $where = db_where_clause($condition, $this->struct);
         } else {
+            if ($condition == "") $condition = '1=1';
             $where = " WHERE $condition ";
         }
 
+        if ($this->domain_field != "") {
+            $where .= " AND " . db_in_clause($this->domain_field, $this->allowed_domains);
+        }
+
         $query = "SELECT $cols FROM $table $extrafrom $where ORDER BY " . $this->id_field;
         $result = db_query($query);