Make client protection configurable (#4048)

Author: thom

interface/lib/plugins/sites_web_vhost_domain_plugin.inc.php

@@ -46,12 +46,18 @@ function sites_web_vhost_domain_edit($event_name, $page_form) {
 		$vhostdomain_type = 'domain';
 		if($page_form->dataRecord['type'] == 'vhostalias') $vhostdomain_type = 'aliasdomain';
 		elseif($page_form->dataRecord['type'] == 'vhostsubdomain') $vhostdomain_type = 'subdomain';
-		
-		// make sure that the record belongs to the clinet group and not the admin group when a dmin inserts it
-		// also make sure that the user can not delete domain created by a admin
+
+		// make sure that the record belongs to the client group and not the admin group when a admin inserts it
+		// also make sure that the user can not delete domain created by a admin if client protection is enabled
 		if($_SESSION["s"]["user"]["typ"] == 'admin' && isset($page_form->dataRecord["client_group_id"])) {
 			$client_group_id = $app->functions->intval($page_form->dataRecord["client_group_id"]);
-			$app->db->query("UPDATE web_domain SET sys_groupid = ?, sys_perm_group = 'ru' WHERE domain_id = ?", $client_group_id, $page_form->id);
+			$app->uses('getconf');
+	  	$global_config = $app->getconf->get_global_config('sites');
+	  	if($global_config['client_protection'] == 'y') {
+		    $app->db->query("UPDATE web_domain SET sys_groupid = ?, sys_perm_group = 'ru' WHERE domain_id = ?", $client_group_id, $this->id);
+			} else {
+				$app->db->query("UPDATE web_domain SET sys_groupid = ?, sys_perm_group = 'riud' WHERE domain_id = ?", $client_group_id, $this->id);
+			}
 		}
 		if($app->auth->has_clients($_SESSION['s']['user']['userid']) && isset($page_form->dataRecord["client_group_id"])) {
 			$client_group_id = $app->functions->intval($page_form->dataRecord["client_group_id"]);
@@ -62,7 +68,7 @@ function sites_web_vhost_domain_edit($event_name, $page_form) {
 		$web_config = $app->getconf->get_server_config($app->functions->intval($page_form->dataRecord['server_id']), 'web');
 		if(isset($app->tform) && is_object($app->tform)) $web_rec = $app->tform->getDataRecord($page_form->id);
 		else $web_rec = $app->remoting_lib->getDataRecord($page_form->id);
-		
+
 		if($vhostdomain_type == 'domain') {
 			$document_root = str_replace("[website_id]", $page_form->id, $web_config["website_path"]);
 			$document_root = str_replace("[website_idhash_1]", $this->id_hash($page_form->id, 1), $document_root);
@@ -97,7 +103,7 @@ function sites_web_vhost_domain_edit($event_name, $page_form) {
 			$document_root    = str_replace("[client_idhash_2]", $this->id_hash($client_id, 2), $document_root);
 			$document_root    = str_replace("[client_idhash_3]", $this->id_hash($client_id, 3), $document_root);
 			$document_root    = str_replace("[client_idhash_4]", $this->id_hash($client_id, 4), $document_root);
-			
+
 			if($event_name == 'sites:web_vhost_domain:on_after_update') {
 				if(($_SESSION["s"]["user"]["typ"] == 'admin' || $app->auth->has_clients($_SESSION['s']['user']['userid'])) &&  isset($page_form->dataRecord["client_group_id"]) && $page_form->dataRecord["client_group_id"] != $page_form->oldDataRecord["sys_groupid"]) {
 
@@ -280,7 +286,7 @@ function sites_web_vhost_domain_edit($event_name, $page_form) {
 				$php_open_basedir    = str_replace("[website_path]", $document_root, $web_config["php_open_basedir"]);
 				$php_open_basedir    = str_replace("[website_domain]", $app->functions->idn_encode($page_form->dataRecord['domain']), $php_open_basedir);
 				$htaccess_allow_override  = $web_config["htaccess_allow_override"];
-				
+
 				$sql = "UPDATE web_domain SET system_user = ?, system_group = ?, document_root = ?, allow_override = ?, php_open_basedir = ?  WHERE domain_id = ?";
 				$app->db->query($sql, $system_user, $system_group, $document_root, $htaccess_allow_override, $php_open_basedir, $page_form->id);
 			}

interface/lib/plugins/vm_openvz_plugin.inc.php

@@ -38,7 +38,7 @@ function openvz_vm_insert($event_name, $page_form) {
 		$this->oldDataRecord = $page_form->oldDataRecord;
 
 		// make sure that the record belongs to the clinet group and not the admin group when admin inserts it
-		// also make sure that the user can not delete domain created by a admin
+		// also make sure that the user can not delete domain created by a admin if client protection is enabled
 		if($_SESSION["s"]["user"]["typ"] == 'admin' && isset($this->dataRecord["client_group_id"])) {
 			$client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]);
 			$app->db->query("UPDATE openvz_vm SET sys_groupid = ? WHERE vm_id = ?", $client_group_id, $this->id);
@@ -87,7 +87,7 @@ function openvz_vm_update($event_name, $page_form) {
 		$this->oldDataRecord = $page_form->oldDataRecord;
 
 		// make sure that the record belongs to the clinet group and not the admin group when a admin inserts it
-		// also make sure that the user can not delete domain created by a admin
+		// also make sure that the user can not delete domain created by a admin if client protection is enabled
 		if($_SESSION["s"]["user"]["typ"] == 'admin' && isset($this->dataRecord["client_group_id"])) {
 			$client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]);
 			$app->db->query("UPDATE openvz_vm SET sys_groupid = ? WHERE vm_id = ?", $client_group_id, $this->id);

interface/web/client/domain_edit.php

@@ -197,7 +197,7 @@ function onAfterInsert() {
 		global $app, $conf;
 
 		// make sure that the record belongs to the client group and not the admin group when admin inserts it
-		// also make sure that the user can not delete domain created by a admin
+		// also make sure that the user can not delete domain created by a admin if client protection is enabled
 		if(($_SESSION["s"]["user"]["typ"] == 'admin' && isset($this->dataRecord["client_group_id"])) || ($_SESSION["s"]["user"]["typ"] != 'admin' && $app->auth->has_clients($_SESSION['s']['user']['userid']))) {
 			$client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]);
 			$app->db->query("UPDATE domain SET sys_groupid = ?, sys_perm_group = 'ru' WHERE domain_id = ?", $client_group_id, $this->id);
@@ -215,7 +215,7 @@ function onAfterUpdate() {
 		}
 
 		// make sure that the record belongs to the client group and not the admin group when admin inserts it
-		// also make sure that the user can not delete domain created by a admin
+		// also make sure that the user can not delete domain created by a admin if client protection is enabled
 		if(isset($this->dataRecord["client_group_id"])) {
 			$client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]);
 			$app->db->query("UPDATE domain SET sys_groupid = ?, sys_perm_group = 'ru' WHERE domain_id = ?", $client_group_id, $this->id);

interface/web/mail/mail_mailinglist_edit.php

@@ -198,7 +198,7 @@ function onAfterInsert() {
 		global $app, $conf;
 
 		// make sure that the record belongs to the client group and not the admin group when a dmin inserts it
-		// also make sure that the user can not delete domain created by a admin
+		// also make sure that the user can not delete domain created by a admin if client protection is enabled
 		if($_SESSION["s"]["user"]["typ"] == 'admin' && isset($this->dataRecord["client_group_id"])) {
 			$client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]);
 			$app->db->query("UPDATE mail_mailinglist SET sys_groupid = ?, sys_perm_group = 'ru' WHERE mailinglist_id = ?", $client_group_id, $this->id);
@@ -235,7 +235,7 @@ function onAfterUpdate() {
 		global $app, $conf;
 
 		// make sure that the record belongs to the clinet group and not the admin group when admin inserts it
-		// also make sure that the user can not delete domain created by a admin
+		// also make sure that the user can not delete domain created by a admin if client protection is enabled
 		if($_SESSION["s"]["user"]["typ"] == 'admin' && isset($this->dataRecord["client_group_id"])) {
 			$client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]);
 			$app->db->query("UPDATE mail_mailinglist SET sys_groupid = ?, sys_perm_group = 'ru' WHERE mailinglist_id = ?", $client_group_id, $this->id);

interface/web/mail/xmpp_domain_edit.php

@@ -318,7 +318,7 @@ function onAfterInsert() {
         global $app, $conf;
 
         // make sure that the record belongs to the client group and not the admin group when admin inserts it
-        // also make sure that the user can not delete domain created by a admin
+        // also make sure that the user can not delete domain created by a admin if client protection is enabled
         if($_SESSION["s"]["user"]["typ"] == 'admin' && isset($this->dataRecord["client_group_id"])) {
             $client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]);
             $app->db->query("UPDATE xmpp_domain SET sys_groupid = ?, sys_perm_group = 'ru' WHERE domain_id = ?", $client_group_id, $this->id);

interface/web/sites/web_vhost_domain_edit.php

@@ -1377,14 +1377,14 @@ function onAfterInsert() {
 		global $app, $conf;
 
 		// make sure that the record belongs to the client group and not the admin group when admin inserts it
-		// also make sure that the user can not delete domain created by a admin
+		// also make sure that the user can not delete domain created by a admin if client protection is enabled
 		if($_SESSION["s"]["user"]["typ"] == 'admin' && isset($this->dataRecord["client_group_id"])) {
   	  $client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]);
 	  	$app->uses('getconf');
-	  	$global_config = $app->getconf->get_global_config('global');
+	  	$global_config = $app->getconf->get_global_config('sites');
 	  	if($global_config['client_protection'] == 'y') {
 		    $app->db->query("UPDATE web_domain SET sys_groupid = ?, sys_perm_group = 'ru' WHERE domain_id = ?", $client_group_id, $this->id);
-			  else
+			} else {
 				$app->db->query("UPDATE web_domain SET sys_groupid = ?, sys_perm_group = 'riud' WHERE domain_id = ?", $client_group_id, $this->id);
 			}
 		}