mirror/postfixadmin
0
0
Fork 0
mirror of https://github.com/postfixadmin/postfixadmin.git synced 2024-09-19 19:22:14 +02:00
Code

type hints etc and todo notes

Browse Source
This commit is contained in:
David Goodwin 2023-12-23 21:55:50 +00:00
parent 824ba906b1
commit 8003978ca5
2 changed files with 10 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
model/TotpPf.php
View File

@ -347,25 +347,28 @@ class TotpPf
$Exception_domain = $exception['username'];
}
$admin = 0;
if (authentication_has_role('global-admin')) {
$admin = 2;
} elseif (authentication_has_role('admin')) {
$admin = 1;
} else {
$admin = 0;
}
/**
* @todo rewrite these checks so it's more obvious which is being applied for a global admin, a domain admin or a 'normal' user.
* having $admin = 0|1|2 isn't intuitive, is it?
*/
if (!$admin && strpos($exception['username'], '@') !== false) {
$error += 1;
throw new \Exception(Config::Lang('pException_user_entire_domain_error'));
}
if (!($admin == 2) && $exception['username'] == null) {
$error += 1;
throw new \Exception(Config::Lang('pException_user_global_error'));
}
/**
* @todo Check we are only allowing someone to delete their own exception, and not someone else's.
*/
$result = db_delete('totp_exception_address', 'id', $exception['id']);
if ($result != 1) {

4
public/users/totp-exceptions.php
View File

@ -71,7 +71,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {
$fUser = $_POST['fUser'];
add_exception($username, $fPass, $fIp, $fDesc, $fUser, $totppf, $PALANG);
}
if (isset($_POST['fId']) && $_POST['fId'] != '') {
if (isset($_POST['fId']) && $_POST['fId'] != '' && is_numeric($_POST['fId'])) {
$fId = $_POST['fId'];
revoke_exception($username, $fId, $totppf, $PALANG);
}
@ -138,7 +138,7 @@ function add_exception(string $username, string $fPassword_current, string $fExc
}
}
function revoke_exception($username, $id, $totppf, $PALANG)
function revoke_exception(string $username, int $id, TotpPf $totppf, array $PALANG)
{
// No extra password check by design, user might be in a hurry
$result = $totppf->deleteException($username, $id);