From 3cebc3a5fc5a6e76b80f712fc4f7a48c2c92d61e Mon Sep 17 00:00:00 2001 From: tbrehm <t.brehm@ispconfig.org> Date: Fri, 10 Jul 2009 07:33:29 -0400 Subject: [PATCH] Fixed: FS#776 - Client's limits do not apply for it's own client Improved client and reseller limit checks --- interface/lib/classes/tform.inc.php | 57 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 files changed, 57 insertions(+), 0 deletions(-) diff --git a/interface/lib/classes/tform.inc.php b/interface/lib/classes/tform.inc.php index 33103a0..ec37de2 100644 --- a/interface/lib/classes/tform.inc.php +++ b/interface/lib/classes/tform.inc.php @@ -1148,6 +1148,63 @@ } } + + function checkClientLimit($limit_name,$sql_where = '') { + global $app; + + $check_passed = true; + $limit_name = $app->db->quote($limit_name); + if($limit_name == '') $app->error('Limit name missing in function checkClientLimit.'); + + // Get the limits of the client that is currently logged in + $client_group_id = $_SESSION["s"]["user"]["default_group"]; + $client = $app->db->queryOneRecord("SELECT $limit_name as number, parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id"); + + // Check if the user may add another item + if($client["number"] >= 0) { + $sql = "SELECT count(".$this->formDef['db_table_idx'].") as number FROM ".$this->formDef['db_table']." WHERE ".$this->getAuthSQL('u'); + if($sql_where != '') $sql .= ' and '.$sql_where; + $tmp = $app->db->queryOneRecord($sql); + if($tmp["number"] >= $client["number"]) $check_passed = false; + } + + return $check_passed; + } + + function checkResellerLimit($limit_name,$sql_where = '') { + global $app; + + $check_passed = true; + $limit_name = $app->db->quote($limit_name); + if($limit_name == '') $app->error('Limit name missing in function checkClientLimit.'); + + // Get the limits of the client that is currently logged in + $client_group_id = $_SESSION["s"]["user"]["default_group"]; + $client = $app->db->queryOneRecord("SELECT parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id"); + + //* If the client belongs to a reseller, we will check against the reseller Limit too + if($client['parent_client_id'] != 0) { + + //* first we need to know the groups of this reseller + $tmp = $app->db->queryOneRecord("SELECT userid, groups FROM sys_user WHERE client_id = ".$client['parent_client_id']); + $reseller_groups = $tmp["groups"]; + $reseller_userid = $tmp["userid"]; + + // Get the limits of the reseller of the logged in client + $client_group_id = $_SESSION["s"]["user"]["default_group"]; + $reseller = $app->db->queryOneRecord("SELECT $limit_name as number FROM client WHERE client_id = ".$client['parent_client_id']); + + // Check if the user may add another item + if($reseller["number"] >= 0) { + $sql = "SELECT count(".$this->formDef['db_table_idx'].") as number FROM ".$this->formDef['db_table']." WHERE (sys_groupid IN (".$reseller_groups.") or sys_userid = ".$reseller_userid.")"; + if($sql_where != '') $sql .= ' and '.$sql_where; + $tmp = $app->db->queryOneRecord($sql); + if($tmp["number"] >= $reseller["number"]) $check_passed = false; + } + } + + return $check_passed; + } } -- Gitblit v1.9.1