BREAKING: no wildcards for domain names

This feature was ambiguous (in the same way as paths are)
and never used anyway.

2 files changed, 3 insertions, 3 deletions

diff --git a/README.md b/README.md
index e69ed6e..846af72 100644
--- a/README.md
+++ b/README.md
@@ -135,7 +135,7 @@ Keep in mind that:
 - HTTP methods are *case-sensitive*.
 - HTTP query parameters are ignored when matching a request against the rules.
 - Privileges are case-sensitive and treated as is.
-- SQL wildcards (`_` and `%`) are supported for emails, domains, paths.
+- SQL wildcards (`_` and `%`) are supported for emails, paths (this _will_ change in future versions).
 
 
 HTTP headers passed to the back-end server
diff --git a/src/Sproxy/Server/DB.hs b/src/Sproxy/Server/DB.hs
index 984d229..34d6109 100644
--- a/src/Sproxy/Server/DB.hs
+++ b/src/Sproxy/Server/DB.hs
@@ -66,10 +66,10 @@ userGroups db email domain path method =
   withResource db $ \c -> fmap SQLite.fromOnly <$> SQLite.queryNamed c [q|
       SELECT gm."group" FROM group_privilege gp JOIN group_member gm ON gm."group"  = gp."group"
       WHERE :email LIKE gm.email
-      AND :domain LIKE gp.domain
+      AND gp.domain = :domain
       AND gp.privilege IN (
         SELECT privilege FROM privilege_rule
-        WHERE :domain LIKE domain
+        WHERE domain = domain
         AND :path LIKE path
         AND method = :method
         ORDER BY length(path) - length(replace(path, '/', '')) DESC LIMIT 1