From 1744ff986dbcbb5fed546e12033a351a3f4ce0c7 Mon Sep 17 00:00:00 2001 From: SJ Date: Sun, 12 Aug 2012 15:09:13 +0200 Subject: [PATCH] auditor can restore emails only to mydomain addresses --- webui/controller/message/restore.php | 2 +- webui/model/search/search.php | 16 +++++++++++++++- 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/webui/controller/message/restore.php b/webui/controller/message/restore.php index a21c6b05..658a9d6a 100644 --- a/webui/controller/message/restore.php +++ b/webui/controller/message/restore.php @@ -42,7 +42,7 @@ class ControllerMessageRestore extends Controller { /* send the email to all the recipients of the original email if we are admin or auditor users */ - if(Registry::get('admin_user') == 1 || Registry::get('auditor_user') == 1) { + if(Registry::get('auditor_user') == 1) { $rcpt = $this->model_search_search->get_message_recipients($this->data['id']); } else { diff --git a/webui/model/search/search.php b/webui/model/search/search.php index 3471970e..78463104 100644 --- a/webui/model/search/search.php +++ b/webui/model/search/search.php @@ -405,13 +405,27 @@ class ModelSearchSearch extends Model { public function get_message_recipients($id = '') { $rcpt = array(); + $domains = array(); if(Registry::get('auditor_user') == 0) { return $rcpt; } + $query = $this->db->query("SELECT `domain` FROM " . TABLE_DOMAIN); + foreach($query->rows as $q) { + array_push($domains, $q['domain']); + } + $query = $this->db->query("SELECT `to` FROM " . VIEW_MESSAGES . " WHERE piler_id=?", array($id)); foreach($query->rows as $q) { - array_push($rcpt, $q['to']); + $mydomain = 0; + + foreach ($domains as $domain) { + if(preg_match("/\@$domain$/", $q['to'])) { $mydomain = 1; break; } + } + + if($mydomain == 1) { + array_push($rcpt, $q['to']); + } } return $rcpt;