Updated SQLdump and minor fixes in tform libraries.

interface/lib/classes/tform.inc.php

@@ -644,11 +644,11 @@ class tform {
                 if(count($this->formDef['tabs'][$tab]['fields']) == 0) return '';
 
                 // checking permissions
-                if($this->formDef['auth'] == 'yes') {
+                if($this->formDef['auth'] == 'yes' && $_SESSION["s"]["user"]["typ"] != 'admin') {
                         if($action == "INSERT") {
                                 if(!$this->checkPerm($primary_id,'i')) $this->errorMessage .= "Insert denied.<br>\r\n";
                         } else {
-                                if(!$this->checkPerm($primary_id,'u')) $this->errorMessage .= "Insert denied.<br>\r\n";
+                                if(!$this->checkPerm($primary_id,'u')) $this->errorMessage .= "Update denied.<br>\r\n";
                         }
                 }
 

interface/lib/classes/tform_actions.inc.php

@@ -485,10 +485,10 @@ class tform_actions {
 
                 // bestehenden Datensatz anzeigen
                 if($app->tform->errorMessage == '') {
-                        if($app->tform->formDef['auth'] == 'no') {
-                                $sql = "SELECT * FROM ".$app->tform->formDef['db_table']." WHERE ".$app->tform->formDef['db_table_idx']." = ".$this->id;
+                        if($app->tform->formDef['auth'] == 'yes' && $_SESSION["s"]["user"]["typ"] != 'admin') {
+                        	$sql = "SELECT * FROM ".$app->tform->formDef['db_table']." WHERE ".$app->tform->formDef['db_table_idx']." = ".$this->id." AND ".$app->tform->getAuthSQL('u');
                         } else {
-                                $sql = "SELECT * FROM ".$app->tform->formDef['db_table']." WHERE ".$app->tform->formDef['db_table_idx']." = ".$this->id." AND ".$app->tform->getAuthSQL('u');
+                        	$sql = "SELECT * FROM ".$app->tform->formDef['db_table']." WHERE ".$app->tform->formDef['db_table_idx']." = ".$this->id;
                         }
                         if(!$record = $app->db->queryOneRecord($sql)) $app->error($app->lng('error_no_view_permission'));
                 } else {

interface/web/mail/mail_domain_edit.php

@@ -133,18 +133,21 @@ class page_action extends tform_actions {
 		global $app, $conf;
 		
 		// make sure that the record belongs to the clinet group and not the admin group when a dmin inserts it
+		// also make sure that the user can not delete domain created by a admin
 		if($_SESSION["s"]["user"]["typ"] == 'admin' && isset($this->dataRecord["client_group_id"])) {
 			$client_group_id = intval($this->dataRecord["client_group_id"]);
-			$app->db->query("UPDATE mail_domain SET sys_groupid = $client_group_id WHERE domain_id = ".$this->id);
+			$app->db->query("UPDATE mail_domain SET sys_groupid = $client_group_id, sys_perm_group = 'ru' WHERE domain_id = ".$this->id);
 		}
 	}
 	
 	function onAfterUpdate() {
 		global $app, $conf;
 		
+		// make sure that the record belongs to the clinet group and not the admin group when a dmin inserts it
+		// also make sure that the user can not delete domain created by a admin
 		if($_SESSION["s"]["user"]["typ"] == 'admin' && isset($this->dataRecord["client_group_id"])) {
 			$client_group_id = intval($this->dataRecord["client_group_id"]);
-			$app->db->query("UPDATE mail_domain SET sys_groupid = $client_group_id WHERE domain_id = ".$this->id);
+			$app->db->query("UPDATE mail_domain SET sys_groupid = $client_group_id, sys_perm_group = 'ru' WHERE domain_id = ".$this->id);
 		}
 	}