added the RESTRICTED_AUDITOR option to restrict auditors to their own domain

This commit is contained in:
SJ 2012-11-26 21:12:28 +01:00
parent c0420fed0a
commit e1f8ea3ed0
2 changed files with 56 additions and 21 deletions

View File

@ -20,6 +20,7 @@ define('SEARCH_RESULT_CHECKBOX_CHECKED', 1);
define('HELPER_URL', ''); define('HELPER_URL', '');
define('ENABLE_SYSLOG', 0); define('ENABLE_SYSLOG', 0);
define('REWRITE_MESSAGE_ID', 0); define('REWRITE_MESSAGE_ID', 0);
define('RESTRICTED_AUDITOR', 0);
define('GOOGLE_CLIENT_ID', 'xxxxxxxxxxx'); define('GOOGLE_CLIENT_ID', 'xxxxxxxxxxx');
define('GOOGLE_CLIENT_SECRET', 'xxxxxxxxxxxxx'); define('GOOGLE_CLIENT_SECRET', 'xxxxxxxxxxxxx');
define('GOOGLE_DEVELOPER_KEY', 'xxxxxxxxxxxx'); define('GOOGLE_DEVELOPER_KEY', 'xxxxxxxxxxxx');

View File

@ -175,11 +175,21 @@ class ModelSearchSearch extends Model {
if(Registry::get('auditor_user') == 1 || ENABLE_FOLDER_RESTRICTIONS == 1) { if(Registry::get('auditor_user') == 1 || ENABLE_FOLDER_RESTRICTIONS == 1) {
if($from == '' && $to == '') { return ""; } $domain_restrictions = '';
if($f && $t) { return "($f & $t)"; } if(RESTRICTED_AUDITOR == 1) {
else if($f) { return "($f)"; } $domain_restrictions = ' (@todomain ' . $this->fix_email_address_for_sphinx($_SESSION['domain']) . ' | @fromdomain ' . $this->fix_email_address_for_sphinx($_SESSION['domain']) . ')';
else if($t) { return "($t)"; } }
if($from == '' && $to == '') { return $domain_restrictions; }
if(RESTRICTED_AUDITOR == 1) {
$domain_restrictions = " & $domain_restrictions";
}
if($f && $t) { return "($f & $t) $domain_restrictions"; }
else if($f) { return "($f) $domain_restrictions"; }
else if($t) { return "($t) $domain_restrictions"; }
} }
@ -527,18 +537,25 @@ class ModelSearchSearch extends Model {
if($id == '') { return 0; } if($id == '') { return 0; }
if(Registry::get('auditor_user') == 1) { return 1; } if(Registry::get('auditor_user') == 1 && RESTRICTED_AUDITOR == 0) { return 1; }
array_push($arr, $id); array_push($arr, $id);
while(list($k, $v) = each($_SESSION['emails'])) { if(Registry::get('auditor_user') == 1 && RESTRICTED_AUDITOR == 1) {
if(validemail($v) == 1) { $q = "?";
$q .= ",?"; array_push($a, $_SESSION['domain']);
array_push($a, $v); }
else {
while(list($k, $v) = each($_SESSION['emails'])) {
if(validemail($v) == 1) {
$q .= ",?";
array_push($a, $v);
}
} }
$q = preg_replace("/^\,/", "", $q);
} }
$q = preg_replace("/^\,/", "", $q);
$arr = array_merge($arr, $a, $a); $arr = array_merge($arr, $a, $a);
@ -547,7 +564,12 @@ class ModelSearchSearch extends Model {
if(isset($query->row['folder']) && in_array($query->row['folder'], $_SESSION['folders'])) { return 1; } if(isset($query->row['folder']) && in_array($query->row['folder'], $_SESSION['folders'])) { return 1; }
} }
else { else {
$query = $this->db->query("SELECT id FROM " . VIEW_MESSAGES . " WHERE id=? AND ( `from` IN ($q) OR `to` IN ($q) )", $arr); if(Registry::get('auditor_user') == 1 && RESTRICTED_AUDITOR == 1) {
$query = $this->db->query("SELECT id FROM " . VIEW_MESSAGES . " WHERE id=? AND ( `fromdomain` IN ($q) OR `todomain` IN ($q) )", $arr);
} else {
$query = $this->db->query("SELECT id FROM " . VIEW_MESSAGES . " WHERE id=? AND ( `from` IN ($q) OR `to` IN ($q) )", $arr);
}
if(isset($query->row['id'])) { return 1; } if(isset($query->row['id'])) { return 1; }
} }
@ -570,28 +592,40 @@ class ModelSearchSearch extends Model {
$q2 = preg_replace("/^\,/", "", $q2); $q2 = preg_replace("/^\,/", "", $q2);
if(Registry::get('auditor_user') == 0) { if(Registry::get('auditor_user') == 1 && RESTRICTED_AUDITOR == 1) {
while(list($k, $v) = each($_SESSION['emails'])) { $q = "?";
if(validemail($v) == 1) { array_push($a, $_SESSION['domain']);
$q .= ",?"; }
array_push($a, $v); else {
if(Registry::get('auditor_user') == 0) {
while(list($k, $v) = each($_SESSION['emails'])) {
if(validemail($v) == 1) {
$q .= ",?";
array_push($a, $v);
}
} }
} }
$q = preg_replace("/^\,/", "", $q);
} }
$q = preg_replace("/^\,/", "", $q); if(Registry::get('auditor_user') == 1 && RESTRICTED_AUDITOR == 0) {
if(Registry::get('auditor_user') == 1) {
$query = $this->db->query("SELECT id FROM `" . TABLE_META . "` WHERE `id` IN ($q2)", $arr); $query = $this->db->query("SELECT id FROM `" . TABLE_META . "` WHERE `id` IN ($q2)", $arr);
} else { }
else {
if(ENABLE_FOLDER_RESTRICTIONS == 1) { if(ENABLE_FOLDER_RESTRICTIONS == 1) {
$query = $this->sphx->query("SELECT id, folder FROM " . SPHINX_MAIN_INDEX . " WHERE id IN (" . implode(",", $id) . ")"); $query = $this->sphx->query("SELECT id, folder FROM " . SPHINX_MAIN_INDEX . " WHERE id IN (" . implode(",", $id) . ")");
} }
else { else {
$arr = array_merge($arr, $a, $a); $arr = array_merge($arr, $a, $a);
$query = $this->db->query("SELECT id FROM `" . VIEW_MESSAGES . "` WHERE `id` IN ($q2) AND ( `from` IN ($q) OR `to` IN ($q) )", $arr); if(Registry::get('auditor_user') == 1 && RESTRICTED_AUDITOR == 1) {
$query = $this->db->query("SELECT id FROM `" . VIEW_MESSAGES . "` WHERE `id` IN ($q2) AND ( `fromdomain` IN ($q) OR `todomain` IN ($q) )", $arr);
} else {
$query = $this->db->query("SELECT id FROM `" . VIEW_MESSAGES . "` WHERE `id` IN ($q2) AND ( `from` IN ($q) OR `to` IN ($q) )", $arr);
}
} }
} }