mirror of
https://bitbucket.org/jsuto/piler.git
synced 2025-01-13 13:10:11 +01:00
added the RESTRICTED_AUDITOR option to restrict auditors to their own domain
This commit is contained in:
parent
c0420fed0a
commit
e1f8ea3ed0
@ -20,6 +20,7 @@ define('SEARCH_RESULT_CHECKBOX_CHECKED', 1);
|
|||||||
define('HELPER_URL', '');
|
define('HELPER_URL', '');
|
||||||
define('ENABLE_SYSLOG', 0);
|
define('ENABLE_SYSLOG', 0);
|
||||||
define('REWRITE_MESSAGE_ID', 0);
|
define('REWRITE_MESSAGE_ID', 0);
|
||||||
|
define('RESTRICTED_AUDITOR', 0);
|
||||||
define('GOOGLE_CLIENT_ID', 'xxxxxxxxxxx');
|
define('GOOGLE_CLIENT_ID', 'xxxxxxxxxxx');
|
||||||
define('GOOGLE_CLIENT_SECRET', 'xxxxxxxxxxxxx');
|
define('GOOGLE_CLIENT_SECRET', 'xxxxxxxxxxxxx');
|
||||||
define('GOOGLE_DEVELOPER_KEY', 'xxxxxxxxxxxx');
|
define('GOOGLE_DEVELOPER_KEY', 'xxxxxxxxxxxx');
|
||||||
|
@ -175,11 +175,21 @@ class ModelSearchSearch extends Model {
|
|||||||
|
|
||||||
|
|
||||||
if(Registry::get('auditor_user') == 1 || ENABLE_FOLDER_RESTRICTIONS == 1) {
|
if(Registry::get('auditor_user') == 1 || ENABLE_FOLDER_RESTRICTIONS == 1) {
|
||||||
if($from == '' && $to == '') { return ""; }
|
$domain_restrictions = '';
|
||||||
|
|
||||||
if($f && $t) { return "($f & $t)"; }
|
if(RESTRICTED_AUDITOR == 1) {
|
||||||
else if($f) { return "($f)"; }
|
$domain_restrictions = ' (@todomain ' . $this->fix_email_address_for_sphinx($_SESSION['domain']) . ' | @fromdomain ' . $this->fix_email_address_for_sphinx($_SESSION['domain']) . ')';
|
||||||
else if($t) { return "($t)"; }
|
}
|
||||||
|
|
||||||
|
if($from == '' && $to == '') { return $domain_restrictions; }
|
||||||
|
|
||||||
|
if(RESTRICTED_AUDITOR == 1) {
|
||||||
|
$domain_restrictions = " & $domain_restrictions";
|
||||||
|
}
|
||||||
|
|
||||||
|
if($f && $t) { return "($f & $t) $domain_restrictions"; }
|
||||||
|
else if($f) { return "($f) $domain_restrictions"; }
|
||||||
|
else if($t) { return "($t) $domain_restrictions"; }
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -527,10 +537,15 @@ class ModelSearchSearch extends Model {
|
|||||||
|
|
||||||
if($id == '') { return 0; }
|
if($id == '') { return 0; }
|
||||||
|
|
||||||
if(Registry::get('auditor_user') == 1) { return 1; }
|
if(Registry::get('auditor_user') == 1 && RESTRICTED_AUDITOR == 0) { return 1; }
|
||||||
|
|
||||||
array_push($arr, $id);
|
array_push($arr, $id);
|
||||||
|
|
||||||
|
if(Registry::get('auditor_user') == 1 && RESTRICTED_AUDITOR == 1) {
|
||||||
|
$q = "?";
|
||||||
|
array_push($a, $_SESSION['domain']);
|
||||||
|
}
|
||||||
|
else {
|
||||||
while(list($k, $v) = each($_SESSION['emails'])) {
|
while(list($k, $v) = each($_SESSION['emails'])) {
|
||||||
if(validemail($v) == 1) {
|
if(validemail($v) == 1) {
|
||||||
$q .= ",?";
|
$q .= ",?";
|
||||||
@ -539,6 +554,8 @@ class ModelSearchSearch extends Model {
|
|||||||
}
|
}
|
||||||
|
|
||||||
$q = preg_replace("/^\,/", "", $q);
|
$q = preg_replace("/^\,/", "", $q);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
$arr = array_merge($arr, $a, $a);
|
$arr = array_merge($arr, $a, $a);
|
||||||
|
|
||||||
@ -547,7 +564,12 @@ class ModelSearchSearch extends Model {
|
|||||||
if(isset($query->row['folder']) && in_array($query->row['folder'], $_SESSION['folders'])) { return 1; }
|
if(isset($query->row['folder']) && in_array($query->row['folder'], $_SESSION['folders'])) { return 1; }
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
|
if(Registry::get('auditor_user') == 1 && RESTRICTED_AUDITOR == 1) {
|
||||||
|
$query = $this->db->query("SELECT id FROM " . VIEW_MESSAGES . " WHERE id=? AND ( `fromdomain` IN ($q) OR `todomain` IN ($q) )", $arr);
|
||||||
|
} else {
|
||||||
$query = $this->db->query("SELECT id FROM " . VIEW_MESSAGES . " WHERE id=? AND ( `from` IN ($q) OR `to` IN ($q) )", $arr);
|
$query = $this->db->query("SELECT id FROM " . VIEW_MESSAGES . " WHERE id=? AND ( `from` IN ($q) OR `to` IN ($q) )", $arr);
|
||||||
|
}
|
||||||
|
|
||||||
if(isset($query->row['id'])) { return 1; }
|
if(isset($query->row['id'])) { return 1; }
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -570,6 +592,11 @@ class ModelSearchSearch extends Model {
|
|||||||
|
|
||||||
$q2 = preg_replace("/^\,/", "", $q2);
|
$q2 = preg_replace("/^\,/", "", $q2);
|
||||||
|
|
||||||
|
if(Registry::get('auditor_user') == 1 && RESTRICTED_AUDITOR == 1) {
|
||||||
|
$q = "?";
|
||||||
|
array_push($a, $_SESSION['domain']);
|
||||||
|
}
|
||||||
|
else {
|
||||||
if(Registry::get('auditor_user') == 0) {
|
if(Registry::get('auditor_user') == 0) {
|
||||||
while(list($k, $v) = each($_SESSION['emails'])) {
|
while(list($k, $v) = each($_SESSION['emails'])) {
|
||||||
if(validemail($v) == 1) {
|
if(validemail($v) == 1) {
|
||||||
@ -579,20 +606,27 @@ class ModelSearchSearch extends Model {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
$q = preg_replace("/^\,/", "", $q);
|
$q = preg_replace("/^\,/", "", $q);
|
||||||
|
}
|
||||||
|
|
||||||
if(Registry::get('auditor_user') == 1) {
|
|
||||||
|
if(Registry::get('auditor_user') == 1 && RESTRICTED_AUDITOR == 0) {
|
||||||
$query = $this->db->query("SELECT id FROM `" . TABLE_META . "` WHERE `id` IN ($q2)", $arr);
|
$query = $this->db->query("SELECT id FROM `" . TABLE_META . "` WHERE `id` IN ($q2)", $arr);
|
||||||
} else {
|
}
|
||||||
|
else {
|
||||||
|
|
||||||
if(ENABLE_FOLDER_RESTRICTIONS == 1) {
|
if(ENABLE_FOLDER_RESTRICTIONS == 1) {
|
||||||
$query = $this->sphx->query("SELECT id, folder FROM " . SPHINX_MAIN_INDEX . " WHERE id IN (" . implode(",", $id) . ")");
|
$query = $this->sphx->query("SELECT id, folder FROM " . SPHINX_MAIN_INDEX . " WHERE id IN (" . implode(",", $id) . ")");
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
$arr = array_merge($arr, $a, $a);
|
$arr = array_merge($arr, $a, $a);
|
||||||
|
if(Registry::get('auditor_user') == 1 && RESTRICTED_AUDITOR == 1) {
|
||||||
|
$query = $this->db->query("SELECT id FROM `" . VIEW_MESSAGES . "` WHERE `id` IN ($q2) AND ( `fromdomain` IN ($q) OR `todomain` IN ($q) )", $arr);
|
||||||
|
} else {
|
||||||
$query = $this->db->query("SELECT id FROM `" . VIEW_MESSAGES . "` WHERE `id` IN ($q2) AND ( `from` IN ($q) OR `to` IN ($q) )", $arr);
|
$query = $this->db->query("SELECT id FROM `" . VIEW_MESSAGES . "` WHERE `id` IN ($q2) AND ( `from` IN ($q) OR `to` IN ($q) )", $arr);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if($query->num_rows > 0) {
|
if($query->num_rows > 0) {
|
||||||
|
Loading…
Reference in New Issue
Block a user