Allow rmdom on subdomains of those on the user's ACL

[hcoop/domtool2.git] / src / main.sml

diff --git a/src/main.sml b/src/main.sml
index 67e8dc0..02bb485 100644 (file)
--- a/src/main.sml
+++ b/src/main.sml
@@ -1283,7 +1283,8 @@ fun service () =
                               | MsgRmdom doms =>
                                 doIt (fn () =>
                                          if Acl.query {user = user, class = "priv", value = "all"}
-                                            orelse List.all (fn dom => Acl.query {user = user, class = "domain", value = dom}) doms then
+                                            orelse List.all (fn dom => Domain.validDomain dom
+                                                                       andalso Acl.queryDomain {user = user, domain = dom}) doms then
                                              (Domain.rmdom doms;
                                               (*app (fn dom =>
                                                       Acl.revokeFromAll {class = "domain", value = dom}) doms;