From da546af22e724f81f441417aaff11b24e6051267 Mon Sep 17 00:00:00 2001
From: Tom Hughes <tom@compton.nu>
Date: Tue, 6 Jul 2021 10:12:51 +0100
Subject: [PATCH] Allow acls to match on parent domains

---
 app/models/acl.rb       | 10 +++++++++-
 test/models/acl_test.rb |  2 ++
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/app/models/acl.rb b/app/models/acl.rb
index 90dd7f3cf..a65c3a35a 100644
--- a/app/models/acl.rb
+++ b/app/models/acl.rb
@@ -23,7 +23,15 @@ class Acl < ApplicationRecord
   def self.match(address, options = {})
     acls = Acl.where("address >>= ?", address)
 
-    acls = acls.or(Acl.where(:domain => options[:domain])) if options[:domain]
+    if options[:domain]
+      labels = options[:domain].split(".")
+
+      until labels.empty?
+        acls = acls.or(Acl.where(:domain => labels.join(".")))
+        labels.shift
+      end
+    end
+
     acls = acls.or(Acl.where(:mx => options[:mx])) if options[:mx]
 
     acls
diff --git a/test/models/acl_test.rb b/test/models/acl_test.rb
index ad17fc1b0..49f065612 100644
--- a/test/models/acl_test.rb
+++ b/test/models/acl_test.rb
@@ -16,8 +16,10 @@ class AclTest < ActiveSupport::TestCase
 
   def test_no_account_creation_by_domain
     assert_not Acl.no_account_creation("192.168.1.1", :domain => "example.com")
+    assert_not Acl.no_account_creation("192.168.1.1", :domain => "test.example.com")
     create(:acl, :domain => "example.com", :k => "no_account_creation")
     assert Acl.no_account_creation("192.168.1.1", :domain => "example.com")
+    assert Acl.no_account_creation("192.168.1.1", :domain => "test.example.com")
   end
 
   def test_no_account_creation_by_mx
-- 
2.45.1