? 615294-enforce.patch
Index: domain.module
===================================================================
RCS file: /cvs/drupal-contrib/contributions/modules/domain/domain.module,v
retrieving revision 1.40.2.34
diff -u -p -r1.40.2.34 domain.module
--- domain.module	23 Oct 2009 17:56:58 -0000	1.40.2.34
+++ domain.module	31 Oct 2009 18:49:06 -0000
@@ -1444,6 +1444,26 @@ function domain_warning_check($form_id) 
 }
 
 /**
+ * Implement hook_db_rewrite_sql().
+ *
+ * If enabled, force admins to use Domain Access rules.
+ */
+function domain_db_rewrite_sql($query, $primary_table, $primary_field, $args) {
+  global $_domain;
+  $admin_force = variable_get('domain_force_admin', FALSE);
+  // In any of the following cases, do not enforce any rules.
+  if (!$admin_force || empty($query) || $primary_field != 'nid' || !user_access('administer nodes') || domain_grant_all()) {
+    return;
+  }
+  $domain_id = (int) $_domain['domain_id'];
+  $return = array(
+    'join' => "INNER JOIN {domain_access} da_admin ON $primary_table.nid = da_admin.nid",
+    'where' => "(da_admin.gid = 0 AND da_admin.realm = 'domain_site') OR (da_admin.gid = $domain_id AND da_admin.realm = 'domain_id')",
+  );
+  return $return;
+}
+
+/**
  * Implement hook_node_access_explain for devel.module
  */
 function domain_node_access_explain($row) {
Index: domain_admin.inc
===================================================================
RCS file: /cvs/drupal-contrib/contributions/modules/domain/Attic/domain_admin.inc,v
retrieving revision 1.29.2.13
diff -u -p -r1.29.2.13 domain_admin.inc
--- domain_admin.inc	23 Oct 2009 17:56:58 -0000	1.29.2.13
+++ domain_admin.inc	31 Oct 2009 18:49:08 -0000
@@ -194,6 +194,15 @@ function domain_configure_form($user_sub
     '#description' => t('If set, users with the <em>set domain access</em> permission will be able to view the node access rules for each node. See the README for more details.')
   );
 
+  $form['domain_behavior']['domain_force_admin'] = array(
+    '#type' => 'radios',
+    '#title' => t('Enforce rules on administrators'),
+    '#required' => TRUE,
+    '#default_value' => variable_get('domain_force_admin', 0),
+    '#options' => array(0 => t('Do not enforce'), 1 => t('Restrict node views for administrators')),
+    '#description' => t('If set, users with the <em>administer nodes</em> permission and user 1 <em>will view the site with Domain Access restrictions enforced</em>. See the README for more details.')
+  );
+
   $options = array(
     'id' => t('Creation order, oldest > newest'),
     'rid' => t('Creation order, newest > oldest'),