? 227947-redirect.patch
? 615258-path-source.patch
? 615294-enforce.patch
Index: domain.admin.inc
===================================================================
RCS file: /cvs/drupal-contrib/contributions/modules/domain/domain.admin.inc,v
retrieving revision 1.38
diff -u -p -r1.38 domain.admin.inc
--- domain.admin.inc	24 Oct 2009 16:18:52 -0000	1.38
+++ domain.admin.inc	27 Oct 2009 21:17:36 -0000
@@ -189,6 +189,15 @@ function domain_configure_form($form_sta
     '#description' => t('If set, users with the <em>set domain access</em> permission will be able to view the node access rules for each node. See the README for more details.')
   );
 
+  $form['domain_behavior']['domain_force_admin'] = array(
+    '#type' => 'radios',
+    '#title' => t('Enforce rules on administrators'),
+    '#required' => TRUE,
+    '#default_value' => variable_get('domain_force_admin', 0),
+    '#options' => array(0 => t('Do not enforce'), 1 => t('Restrict node views for administrators')),
+    '#description' => t('If set, users with the <em>administer nodes</em> permission and user 1 <em>will view the site with Domain Access restrictions enforced</em>. See the README for more details.')
+  );
+
   $options = array(
     'id' => t('Creation order, oldest > newest'),
     'rid' => t('Creation order, newest > oldest'),
Index: domain.module
===================================================================
RCS file: /cvs/drupal-contrib/contributions/modules/domain/domain.module,v
retrieving revision 1.130
diff -u -p -r1.130 domain.module
--- domain.module	27 Oct 2009 13:17:55 -0000	1.130
+++ domain.module	27 Oct 2009 21:17:39 -0000
@@ -2258,3 +2258,23 @@ function domain_simpletest() {
   $tests = file_scan_directory($dir, '\.test$');
   return array_keys($tests);
 }
+
+/**
+ * Implement hook_db_rewrite_sql().
+ *
+ * If enabled, force admins to use Domain Access rules.
+ */
+function domain_db_rewrite_sql($query, $primary_table, $primary_field, $args) {
+  global $_domain;
+  $admin_force = variable_get('domain_force_admin', FALSE);
+  // In any of the following cases, do not enforce any rules.
+  if (!$admin_force || empty($query) || $primary_field != 'nid' || !user_access('administer nodes') || domain_grant_all()) {
+    return;
+  }
+  $domain_id = (int) $_domain['domain_id'];
+  $return = array(
+    'join' => "INNER JOIN {domain_access} da_admin ON $primary_table.nid = da_admin.nid",
+    'where' => "(da_admin.gid = 0 AND da_admin.realm = 'domain_site') OR (da_admin.gid = $domain_id AND da_admin.realm = 'domain_id')",
+  );
+  return $return;
+}