mirror of
https://github.com/postfixadmin/postfixadmin.git
synced 2024-09-19 19:22:14 +02:00
type hints etc and todo notes
This commit is contained in:
parent
824ba906b1
commit
8003978ca5
@ -347,25 +347,28 @@ class TotpPf
|
||||
$Exception_domain = $exception['username'];
|
||||
}
|
||||
|
||||
$admin = 0;
|
||||
if (authentication_has_role('global-admin')) {
|
||||
$admin = 2;
|
||||
} elseif (authentication_has_role('admin')) {
|
||||
$admin = 1;
|
||||
} else {
|
||||
$admin = 0;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* @todo rewrite these checks so it's more obvious which is being applied for a global admin, a domain admin or a 'normal' user.
|
||||
* having $admin = 0|1|2 isn't intuitive, is it?
|
||||
*/
|
||||
if (!$admin && strpos($exception['username'], '@') !== false) {
|
||||
$error += 1;
|
||||
throw new \Exception(Config::Lang('pException_user_entire_domain_error'));
|
||||
}
|
||||
|
||||
if (!($admin == 2) && $exception['username'] == null) {
|
||||
$error += 1;
|
||||
throw new \Exception(Config::Lang('pException_user_global_error'));
|
||||
}
|
||||
|
||||
/**
|
||||
* @todo Check we are only allowing someone to delete their own exception, and not someone else's.
|
||||
*/
|
||||
$result = db_delete('totp_exception_address', 'id', $exception['id']);
|
||||
|
||||
if ($result != 1) {
|
||||
|
@ -71,7 +71,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {
|
||||
$fUser = $_POST['fUser'];
|
||||
add_exception($username, $fPass, $fIp, $fDesc, $fUser, $totppf, $PALANG);
|
||||
}
|
||||
if (isset($_POST['fId']) && $_POST['fId'] != '') {
|
||||
if (isset($_POST['fId']) && $_POST['fId'] != '' && is_numeric($_POST['fId'])) {
|
||||
$fId = $_POST['fId'];
|
||||
revoke_exception($username, $fId, $totppf, $PALANG);
|
||||
}
|
||||
@ -138,7 +138,7 @@ function add_exception(string $username, string $fPassword_current, string $fExc
|
||||
}
|
||||
}
|
||||
|
||||
function revoke_exception($username, $id, $totppf, $PALANG)
|
||||
function revoke_exception(string $username, int $id, TotpPf $totppf, array $PALANG)
|
||||
{
|
||||
// No extra password check by design, user might be in a hurry
|
||||
$result = $totppf->deleteException($username, $id);
|
||||
|
Loading…
Reference in New Issue
Block a user