From 169a4800b139038072d65159a2cb4a31ace78420 Mon Sep 17 00:00:00 2001
From: Herman van Rink <rink@initfour.nl>
Date: Fri, 20 Dec 2019 15:10:45 +0100
Subject: [PATCH] Prepare the limits table to be show for an admin or reseller
 but with client data, #5372

---
 interface/lib/classes/tform_base.inc.php    | 20 +++++++++++++-----
 interface/web/dashboard/dashlets/limits.php | 23 ++++++++++++++-------
 2 files changed, 31 insertions(+), 12 deletions(-)

diff --git a/interface/lib/classes/tform_base.inc.php b/interface/lib/classes/tform_base.inc.php
index e6174d2da7..15219c5110 100644
--- a/interface/lib/classes/tform_base.inc.php
+++ b/interface/lib/classes/tform_base.inc.php
@@ -1548,17 +1548,27 @@ class tform_base {
 		return true;
 	}
 
-	function getAuthSQL($perm, $table = '') {
-		if($_SESSION["s"]["user"]["typ"] == 'admin' || $_SESSION['s']['user']['mailuser_id'] > 0) {
+       function getAuthSQL($perm, $table = '', $userid = NULL, $groups  = NULL) {
+               if(($_SESSION["s"]["user"]["typ"] == 'admin' || $_SESSION['s']['user']['mailuser_id'] > 0 ) && $userid == NULL && $groups == NULL) {
 			return '1';
 		} else {
 			if ($table != ''){
 				$table = ' ' . $table . '.';
 			}
-			$groups = ( $_SESSION["s"]["user"]["groups"] ) ? $_SESSION["s"]["user"]["groups"] : 0;
 			$sql = '(';
-			$sql .= "(" . $table . "sys_userid = ".$_SESSION["s"]["user"]["userid"]." AND " . $table . "sys_perm_user like '%$perm%') OR  ";
-			$sql .= "(" . $table . "sys_groupid IN (".$groups.") AND " . $table ."sys_perm_group like '%$perm%') OR ";
+                       if ($userid === NULL) {
+                               $userid = $_SESSION["s"]["user"]["userid"];
+                       }
+                       if ($userid > 0) {
+                               $sql .= "(" . $table . "sys_userid = ".$userid." AND " . $table . "sys_perm_user like '%$perm%') OR  ";
+                       }
+
+                       if ($groups === NULL) {
+                               $groups = ( $_SESSION["s"]["user"]["groups"] ) ? $_SESSION["s"]["user"]["groups"] : 0;
+                       }
+                       if ($groups > 0) {
+                               $sql .= "(" . $table . "sys_groupid IN (".$groups.") AND " . $table ."sys_perm_group like '%$perm%') OR ";
+                       }
 			$sql .= $table . "sys_perm_other like '%$perm%'";
 			$sql .= ')';
 
diff --git a/interface/web/dashboard/dashlets/limits.php b/interface/web/dashboard/dashlets/limits.php
index 62cd2db358..a85d877e8b 100644
--- a/interface/web/dashboard/dashlets/limits.php
+++ b/interface/web/dashboard/dashlets/limits.php
@@ -2,7 +2,7 @@
 
 class dashlet_limits {
 
-	function show() {
+       function show($limit_to_client_id = 0) {
 		global $app, $conf;
 
 		$limits = array();
@@ -148,6 +148,12 @@ class dashlet_limits {
 			$client = $app->db->queryOneRecord("SELECT * FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
 		}
 
+               if ($limit_to_client_id == 0 || !$app->auth->is_admin()) {
+                       $client_id = $_SESSION['s']['user']['client_id'];
+               } else {
+                       $client_id = $limit_to_client_id;
+               }
+
 		$rows = array();
 		foreach($limits as $limit) {
 			$field = $limit['field'];
@@ -159,10 +165,10 @@ class dashlet_limits {
 			if($value != 0 || $value == $wb['unlimited_txt']) {
 				$value_formatted = ($value == '-1')?$wb['unlimited_txt']:$value;
 				if($limit['q_type']!=''){
-					$usage = $this->_get_assigned_quota($limit) . " MB";
+                                       $usage = $this->_get_assigned_quota($limit, $client_id) . " MB";
 					$value_formatted = ($value == '-1')?$wb['unlimited_txt']:$value . " MB";
 				}
-				else $usage = $this->_get_limit_usage($limit);
+                               else $usage = $this->_get_limit_usage($limit, $client_id);
 				$percentage = ($value == '-1' || $value == 0 ? 0 : round(100 * $usage / $value));
 				$rows[] = array('field' => $field,
 					'field_txt' => $wb[$field.'_txt'],
@@ -181,23 +187,26 @@ class dashlet_limits {
 
 	}
 
-	function _get_limit_usage($limit) {
+       function _get_limit_usage($limit, $limit_to_client_id) {
 		global $app;
 
 		$sql = "SELECT count(sys_userid) as number FROM ?? WHERE ";
 		if($limit['db_where'] != '') $sql .= $limit['db_where']." AND ";
-		$sql .= $app->tform->getAuthSQL('r');
+               $sql .= $app->tform->getAuthSQL('r', '', $limit_to_client_id);
+               // TEST to show reseller data.
+               //$sql .= $app->tform->getAuthSQL('r', '', 0, '3,28,39');
+               //echo $sql;
 		$rec = $app->db->queryOneRecord($sql, $limit['db_table']);
 		return $rec['number'];
 
 	}
 	
-	function _get_assigned_quota($limit) {
+       function _get_assigned_quota($limit, $limit_to_client_id) {
 		global $app;
 
 		$sql = "SELECT sum(??) as number FROM ?? WHERE ";
 		if($limit['db_where'] != '') $sql .= $limit['db_where']." AND ";
-		$sql .= $app->tform->getAuthSQL('r');
+               $sql .= $app->tform->getAuthSQL('r', '', $limit_to_client_id);
 		$rec = $app->db->queryOneRecord($sql, $limit['q_type'], $limit['db_table']);
 		if($limit['db_table']=='mail_user') $quotaMB = $rec['number'] / 1048576; // Mail quota is in bytes, must be converted to MB
 		else $quotaMB = $rec['number'];
-- 
GitLab