Browse code

show domain details to systemuser without customer permissions

Bernd Wurst authored on31/07/2019 07:31:20
Showing2 changed files
... ...
@@ -46,27 +46,31 @@ $section = 'domains_domains';
46 46
 // Block zuständiger Useraccount
47 47
 
48 48
 $is_current_user = true;
49
-$useraccounts = list_useraccounts();
50
-if (have_role(ROLE_CUSTOMER) && count($useraccounts) > 1) {
51
-    if ($dom->useraccount != $_SESSION['userinfo']['uid']) {
49
+$is_current_customer = false;
50
+if (have_role(ROLE_CUSTOMER) && isset($_SESSION['customerinfo']['customerno']) && ($dom->kunde == $_SESSION['customerinfo']['customerno'])) {
51
+    $is_current_customer = true;
52
+    $useraccounts = list_useraccounts();
53
+    if (count($useraccounts) > 1) {
54
+        if ($dom->useraccount != $_SESSION['userinfo']['uid']) {
55
+            $is_current_user = false;
56
+        }
57
+        // Mehrere User vorhanden
58
+        $options = array();
59
+        foreach ($useraccounts as $u) {
60
+            $options[$u['uid']] = $u['username'];
61
+        }
62
+        if (!array_key_exists($dom->useraccount, $options)) {
63
+            $options[$dom->useraccount] = $dom->useraccount;
64
+        }
65
+        output('<h4>Zuständiges Benutzerkonto</h4>');
66
+        $form = '<p>Diese Domain nutzen im Benutzerkonto '.html_select('domainuser', $options, $dom->useraccount).' <input type="submit" name="submit" value="Änderung speichern"></p>';
67
+        output(html_form('update-user', 'update', 'action=chguser&id='.$dom->id, $form));
68
+    } elseif (!have_role(ROLE_SYSTEMUSER) || $dom->useraccount != $_SESSION['userinfo']['uid']) {
69
+        // Kunde hat keine mehreren User, Domain ist trotzdem in einem anderen Useraccount
52 70
         $is_current_user = false;
71
+        output('<h4>Zuständiges Benutzerkonto</h4>');
72
+        output('<p>Diese Domain wird im Benutzerkonto mit der User-ID #'.$dom->useraccount.' verwendet.</p>');
53 73
     }
54
-    // Mehrere User vorhanden
55
-    $options = array();
56
-    foreach ($useraccounts as $u) {
57
-        $options[$u['uid']] = $u['username'];
58
-    }
59
-    if (!array_key_exists($dom->useraccount, $options)) {
60
-        $options[$dom->useraccount] = $dom->useraccount;
61
-    }
62
-    output('<h4>Zuständiges Benutzerkonto</h4>');
63
-    $form = '<p>Diese Domain nutzen im Benutzerkonto '.html_select('domainuser', $options, $dom->useraccount).' <input type="submit" name="submit" value="Änderung speichern"></p>';
64
-    output(html_form('update-user', 'update', 'action=chguser&id='.$dom->id, $form));
65
-} elseif (!have_role(ROLE_SYSTEMUSER) || $dom->useraccount != $_SESSION['userinfo']['uid']) {
66
-    // Kunde hat keine mehreren User, Domain ist trotzdem in einem anderen Useraccount
67
-    $is_current_user = false;
68
-    output('<h4>Zuständiges Benutzerkonto</h4>');
69
-    output('<p>Diese Domain wird im Benutzerkonto mit der User-ID #'.$dom->useraccount.' verwendet.</p>');
70 74
 }
71 75
 
72 76
 
... ...
@@ -140,7 +144,7 @@ if ($is_current_user) {
140 144
 
141 145
 // Block Domain-Inhaber
142 146
 
143
-if (have_role(ROLE_CUSTOMER) && config('http.net-apikey') && $dom->provider == 'terions' && ($dom->cancel_date === null || $dom->cancel_date > date('Y-m-d'))) {
147
+if ($is_current_customer && config('http.net-apikey') && $dom->provider == 'terions' && ($dom->cancel_date === null || $dom->cancel_date > date('Y-m-d'))) {
144 148
     use_module('contacts');
145 149
     require_once('contacts.php');
146 150
     require_once('domainapi.php');
... ...
@@ -211,7 +215,7 @@ if (have_role(ROLE_CUSTOMER) && config('http.net-apikey') && $dom->provider == '
211 215
 
212 216
 // Block Externe Domain umziehen
213 217
 
214
-if (have_role(ROLE_CUSTOMER) && config('http.net-apikey')) {
218
+if ($is_current_customer && config('http.net-apikey')) {
215 219
     if ($dom->status == 'prereg') {
216 220
         output('<h4>Domain-Registrierung abschließen</h4>
217 221
                 <p>'.internal_link('domainreg', 'Domain registrieren', "domain={$dom->fqdn}").'</p>');
... ...
@@ -227,10 +231,10 @@ if (have_role(ROLE_CUSTOMER) && config('http.net-apikey')) {
227 231
 // Block Domain löschen/kündigen
228 232
 
229 233
 $domain_in_use = mailman_subdomains($dom->id) || mail_in_use($dom->id) || web_in_use($dom->id) || $dom->jabber == 1;
230
-if (!$domain_in_use && ($dom->status == 'prereg' || $dom->status == 'pretransfer' || $dom->status == 'transferfailed' || $dom->status == 'external')) {
234
+if ($is_current_customer && !$domain_in_use && ($dom->status == 'prereg' || $dom->status == 'pretransfer' || $dom->status == 'transferfailed' || $dom->status == 'external')) {
231 235
     output('<h4>Domain wieder entfernen</h4>');
232 236
     output('<p class="delete">'.internal_link('save', 'Die Domain '.$dom->fqdn.' entfernen', 'action=delete&domain='.$dom->id).'</p>');
233
-} elseif (have_role(ROLE_CUSTOMER) && config('http.net-apikey') && $dom->provider == 'terions' && (!$dom->cancel_date || ($dom->cancel_date > date('Y-m-d')))) {
237
+} elseif ($is_current_customer && config('http.net-apikey') && $dom->provider == 'terions' && (!$dom->cancel_date || ($dom->cancel_date > date('Y-m-d')))) {
234 238
     require_once('domainapi.php');
235 239
     output('<h4>Domain kündigen</h4>');
236 240
     $info = api_download_domain($dom->id);
... ...
@@ -117,9 +117,7 @@ foreach ($user_domains as $domain) {
117 117
         $punycode = '';
118 118
     }
119 119
     $domainname = "{$domain->fqdn}{$punycode}";
120
-    if (have_role(ROLE_CUSTOMER) && $status != 'foreign') {
121
-        $domainname = internal_link('detail', $domainname, 'id='.$domain->id);
122
-    }
120
+    $domainname = internal_link('detail', $domainname, 'id='.$domain->id);
123 121
     output("  <div class=\"domain-item {$status} {$locked}\"><p class=\"domainname\">{$domainname}</p><p class=\"regdate\">{$regdate}</p><p class=\"domain-usage\">Verwendung: {$features}{$mailserver_lock}</p></div>\n");
124 122
 }
125 123
 output('</div>');