From 1e0510a43d763f429638dcecfca61a6b937d95f0 Mon Sep 17 00:00:00 2001
From: Michael Kaufmann <d00p@froxlor.org>
Date: Sat, 21 Dec 2019 15:12:51 +0100
Subject: [PATCH] fix SysLog.delete(), SysLog.listing() and
 SysLog.listingCount() when called as admin/reseller withouth
 customers_see_all permission

Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
---
 lib/Froxlor/Api/Commands/SysLog.php | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/lib/Froxlor/Api/Commands/SysLog.php b/lib/Froxlor/Api/Commands/SysLog.php
index c10a33bd..c19d6e75 100644
--- a/lib/Froxlor/Api/Commands/SysLog.php
+++ b/lib/Froxlor/Api/Commands/SysLog.php
@@ -55,7 +55,7 @@ class SysLog extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEnt
 			if (count($customer_names) > 0) {
 				$result_stmt = Database::prepare("
 				SELECT * FROM `" . TABLE_PANEL_LOG . "`
-				WHERE `user` = :loginname OR `user` IN (" . implode(', ', $customer_names) . ")" . $this->getSearchWhere($query_fields, true) . $this->getOrderBy() . $this->getLimit());
+				WHERE `user` = :loginname OR `user` IN ('" . implode("', '", $customer_names) . "')" . $this->getSearchWhere($query_fields, true) . $this->getOrderBy() . $this->getLimit());
 			} else {
 				$result_stmt = Database::prepare("
 				SELECT * FROM `" . TABLE_PANEL_LOG . "`
@@ -105,7 +105,7 @@ class SysLog extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEnt
 			if (count($customer_names) > 0) {
 				$result_stmt = Database::prepare("
 					SELECT COUNT(*) as num_logs FROM `" . TABLE_PANEL_LOG . "`
-					WHERE `user` = :loginname OR `user` IN (" . implode(', ', $customer_names) . ")
+					WHERE `user` = :loginname OR `user` IN ('" . implode("', '", $customer_names) . "')
 				");
 			} else {
 				$result_stmt = Database::prepare("
@@ -190,13 +190,12 @@ class SysLog extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEnt
 				}
 				if (count($customer_names) > 0) {
 					$result_stmt = Database::prepare("
-					DELETE FROM `" . TABLE_PANEL_LOG . "` WHERE `date` < :trunc AND `user` = :loginname OR `user` IN (" . implode(', ', $customer_names) . ")
-				");
+						DELETE FROM `" . TABLE_PANEL_LOG . "` WHERE `date` < :trunc AND `user` = :loginname OR `user` IN ('" . implode("', '", $customer_names) . "')
+					");
 				} else {
 					$result_stmt = Database::prepare("
-					SELECT COUNT(*) as num_logs FROM `" . TABLE_PANEL_LOG . "`
-					DELETE FROM `" . TABLE_PANEL_LOG . "` WHERE `date` < :trunc AND `user` = :loginname
-				");
+						DELETE FROM `" . TABLE_PANEL_LOG . "` WHERE `date` < :trunc AND `user` = :loginname
+					");
 				}
 				$params = [
 					'loginname' => $this->getUserDetail('loginname')