add possibility to enable/disable api access on a per user base
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
This commit is contained in:
Michael Kaufmann
@@ -97,6 +97,8 @@ class Admins extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEnt
|
||||
* optional, default auto-generated
|
||||
* @param string $def_language
|
||||
* optional, default is system-default language
|
||||
* @param bool $api_allowed
|
||||
* optional, default is true if system setting api.enabled is true, else false
|
||||
* @param string $custom_notes
|
||||
* optional, default empty
|
||||
* @param bool $custom_notes_show
|
||||
@@ -171,6 +173,7 @@ class Admins extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEnt
|
||||
|
||||
// parameters
|
||||
$def_language = $this->getParam('def_language', true, Settings::Get('panel.standardlanguage'));
|
||||
$api_allowed = $this->getBoolParam('api_allowed', true, Settings::Get('api.enabled'));
|
||||
$custom_notes = $this->getParam('custom_notes', true, '');
|
||||
$custom_notes_show = $this->getBoolParam('custom_notes_show', true, 0);
|
||||
$password = $this->getParam('admin_password', true, '');
|
||||
@@ -271,6 +274,7 @@ class Admins extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEnt
|
||||
'name' => $name,
|
||||
'email' => $email,
|
||||
'lang' => $def_language,
|
||||
'api_allowed' => $api_allowed,
|
||||
'change_serversettings' => $change_serversettings,
|
||||
'customers' => $customers,
|
||||
'customers_see_all' => $customers_see_all,
|
||||
@@ -299,6 +303,7 @@ class Admins extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEnt
|
||||
`name` = :name,
|
||||
`email` = :email,
|
||||
`def_language` = :lang,
|
||||
`api_allowed` = :api_allowed,
|
||||
`change_serversettings` = :change_serversettings,
|
||||
`customers` = :customers,
|
||||
`customers_see_all` = :customers_see_all,
|
||||
@@ -350,6 +355,8 @@ class Admins extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEnt
|
||||
* optional, default auto-generated
|
||||
* @param string $def_language
|
||||
* optional, default is system-default language
|
||||
* @param bool $api_allowed
|
||||
* optional, default is true if system setting api.enabled is true, else false
|
||||
* @param string $custom_notes
|
||||
* optional, default empty
|
||||
* @param string $theme
|
||||
@@ -444,6 +451,7 @@ class Admins extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEnt
|
||||
|
||||
// you cannot edit some of the details of yourself
|
||||
if ($result['adminid'] == $this->getUserDetail('adminid')) {
|
||||
$api_allowed = $result['api_allowed'];
|
||||
$deactivated = $result['deactivated'];
|
||||
$customers = $result['customers'];
|
||||
$domains = $result['domains'];
|
||||
@@ -462,6 +470,7 @@ class Admins extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEnt
|
||||
$traffic = $result['traffic'];
|
||||
$ipaddress = ($result['ip'] != - 1 ? json_decode($result['ip'], true) : - 1);
|
||||
} else {
|
||||
$api_allowed = $this->getBoolParam('api_allowed', true, $result['api_allowed']);
|
||||
$deactivated = $this->getBoolParam('deactivated', true, $result['deactivated']);
|
||||
|
||||
$dec_places = Settings::Get('panel.decimal_places');
|
||||
@@ -578,6 +587,7 @@ class Admins extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEnt
|
||||
'name' => $name,
|
||||
'email' => $email,
|
||||
'lang' => $def_language,
|
||||
'api_allowed' => $api_allowed,
|
||||
'change_serversettings' => $change_serversettings,
|
||||
'customers' => $customers,
|
||||
'customers_see_all' => $customers_see_all,
|
||||
@@ -607,6 +617,7 @@ class Admins extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEnt
|
||||
`name` = :name,
|
||||
`email` = :email,
|
||||
`def_language` = :lang,
|
||||
`api_allowed` = :api_allowed,
|
||||
`change_serversettings` = :change_serversettings,
|
||||
`customers` = :customers,
|
||||
`customers_see_all` = :customers_see_all,
|
||||
@@ -793,7 +804,7 @@ class Admins extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEnt
|
||||
* @param string $extra
|
||||
* optional, default empty
|
||||
* @param int $increase_by
|
||||
* optional, default 1
|
||||
* optional, default 1
|
||||
*/
|
||||
public static function increaseUsage($adminid = 0, $resource = null, $extra = '', $increase_by = 1)
|
||||
{
|
||||
@@ -808,7 +819,7 @@ class Admins extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEnt
|
||||
* @param string $extra
|
||||
* optional, default empty
|
||||
* @param int $decrease_by
|
||||
* optional, default 1
|
||||
* optional, default 1
|
||||
*/
|
||||
public static function decreaseUsage($adminid = 0, $resource = null, $extra = '', $decrease_by = 1)
|
||||
{
|
||||
|
||||
@@ -136,6 +136,8 @@ class Customers extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resource
|
||||
* optional
|
||||
* @param string $def_language,
|
||||
* optional, default is system-default language
|
||||
* @param bool $api_allowed
|
||||
* optional, default is true if system setting api.enabled is true, else false
|
||||
* @param int $gender
|
||||
* optional, 0 = no-gender, 1 = male, 2 = female
|
||||
* @param string $custom_notes
|
||||
@@ -229,6 +231,7 @@ class Customers extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resource
|
||||
$fax = $this->getParam('fax', true, '');
|
||||
$customernumber = $this->getParam('customernumber', true, '');
|
||||
$def_language = $this->getParam('def_language', true, Settings::Get('panel.standardlanguage'));
|
||||
$api_allowed = $this->getBoolParam('api_allowed', true, Settings::Get('api.enabled'));
|
||||
$gender = (int) $this->getParam('gender', true, 0);
|
||||
$custom_notes = $this->getParam('custom_notes', true, '');
|
||||
$custom_notes_show = $this->getBoolParam('custom_notes_show', true, 0);
|
||||
@@ -388,26 +391,6 @@ class Customers extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resource
|
||||
\Froxlor\UI\Response::standard_error('documentrootexists', $documentroot, true);
|
||||
}
|
||||
|
||||
if ($createstdsubdomain != '1') {
|
||||
$createstdsubdomain = '0';
|
||||
}
|
||||
|
||||
if ($phpenabled != '0') {
|
||||
$phpenabled = '1';
|
||||
}
|
||||
|
||||
if ($perlenabled != '0') {
|
||||
$perlenabled = '1';
|
||||
}
|
||||
|
||||
if ($dnsenabled != '0') {
|
||||
$dnsenabled = '1';
|
||||
}
|
||||
|
||||
if ($logviewenabled != '0') {
|
||||
$logviewenabled = '1';
|
||||
}
|
||||
|
||||
if ($password == '') {
|
||||
$password = \Froxlor\System\Crypt::generatePassword();
|
||||
}
|
||||
@@ -430,6 +413,7 @@ class Customers extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resource
|
||||
'email' => $email,
|
||||
'customerno' => $customernumber,
|
||||
'lang' => $def_language,
|
||||
'api_allowed' => $api_allowed,
|
||||
'docroot' => $documentroot,
|
||||
'guid' => $guid,
|
||||
'diskspace' => $diskspace,
|
||||
@@ -470,6 +454,7 @@ class Customers extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resource
|
||||
`email` = :email,
|
||||
`customernumber` = :customerno,
|
||||
`def_language` = :lang,
|
||||
`api_allowed` = :api_allowed,
|
||||
`documentroot` = :docroot,
|
||||
`guid` = :guid,
|
||||
`diskspace` = :diskspace,
|
||||
@@ -755,6 +740,8 @@ class Customers extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resource
|
||||
* optional
|
||||
* @param string $def_language,
|
||||
* optional, default is system-default language
|
||||
* @param bool $api_allowed
|
||||
* optional, default is true if system setting api.enabled is true, else false
|
||||
* @param int $gender
|
||||
* optional, 0 = no-gender, 1 = male, 2 = female
|
||||
* @param string $custom_notes
|
||||
@@ -857,6 +844,7 @@ class Customers extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resource
|
||||
$fax = $this->getParam('fax', true, $result['fax']);
|
||||
$customernumber = $this->getParam('customernumber', true, $result['customernumber']);
|
||||
$def_language = $this->getParam('def_language', true, $result['def_language']);
|
||||
$api_allowed = $this->getBoolParam('api_allowed', true, $result['api_allowed']);
|
||||
$gender = (int) $this->getParam('gender', true, $result['gender']);
|
||||
$custom_notes = $this->getParam('custom_notes', true, $result['custom_notes']);
|
||||
$custom_notes_show = $this->getBoolParam('custom_notes_show', true, $result['custom_notes_show']);
|
||||
@@ -999,30 +987,10 @@ class Customers extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resource
|
||||
\Froxlor\System\Cronjob::inserttask('1');
|
||||
}
|
||||
|
||||
if ($deactivated != '1') {
|
||||
$deactivated = '0';
|
||||
}
|
||||
|
||||
if ($phpenabled != '0') {
|
||||
$phpenabled = '1';
|
||||
}
|
||||
|
||||
if ($perlenabled != '0') {
|
||||
$perlenabled = '1';
|
||||
}
|
||||
|
||||
if ($dnsenabled != '0') {
|
||||
$dnsenabled = '1';
|
||||
}
|
||||
|
||||
if ($phpenabled != $result['phpenabled'] || $perlenabled != $result['perlenabled']) {
|
||||
\Froxlor\System\Cronjob::inserttask('1');
|
||||
}
|
||||
|
||||
if ($logviewenabled != '0') {
|
||||
$logviewenabled = '1';
|
||||
}
|
||||
|
||||
// activate/deactivate customer services
|
||||
if ($deactivated != $result['deactivated']) {
|
||||
|
||||
@@ -1166,7 +1134,8 @@ class Customers extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resource
|
||||
'dnsenabled' => $dnsenabled,
|
||||
'logviewenabled' => $logviewenabled,
|
||||
'custom_notes' => $custom_notes,
|
||||
'custom_notes_show' => $custom_notes_show
|
||||
'custom_notes_show' => $custom_notes_show,
|
||||
'api_allowed' => $api_allowed
|
||||
);
|
||||
$upd_data = $upd_data + $admin_upd_data;
|
||||
}
|
||||
@@ -1207,7 +1176,8 @@ class Customers extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resource
|
||||
`dnsenabled` = :dnsenabled,
|
||||
`logviewenabled` = :logviewenabled,
|
||||
`custom_notes` = :custom_notes,
|
||||
`custom_notes_show` = :custom_notes_show";
|
||||
`custom_notes_show` = :custom_notes_show,
|
||||
`api_allowed` = :api_allowed";
|
||||
$upd_query .= $admin_upd_query;
|
||||
}
|
||||
$upd_query .= " WHERE `customerid` = :customerid";
|
||||
|
||||
@@ -55,13 +55,20 @@ class FroxlorRPC
|
||||
*/
|
||||
private static function validateAuth($key, $secret)
|
||||
{
|
||||
$sel_stmt = \Froxlor\Database\Database::prepare("SELECT * FROM `api_keys` WHERE `apikey` = :ak AND `secret` = :as");
|
||||
$sel_stmt = \Froxlor\Database\Database::prepare("
|
||||
SELECT ak.*, a.api_allowed as admin_api_allowed, c.api_allowed as cust_api_allowed
|
||||
FROM `api_keys` ak
|
||||
LEFT JOIN `panel_admins` a ON a.adminid = ak.adminid
|
||||
LEFT JOIN `panel_customers` c ON c.customerid = ak.customerid
|
||||
WHERE `apikey` = :ak AND `secret` = :as
|
||||
");
|
||||
$result = \Froxlor\Database\Database::pexecute_first($sel_stmt, array(
|
||||
'ak' => $key,
|
||||
'as' => $secret
|
||||
), true, true);
|
||||
if ($result) {
|
||||
if ($result['apikey'] == $key && $result['secret'] == $secret && ($result['valid_until'] == - 1 || $result['valid_until'] >= time())) {
|
||||
if ($result['apikey'] == $key && $result['secret'] == $secret && ($result['valid_until'] == - 1 || $result['valid_until'] >= time()) && (($result['customerid'] == 0 && $result['admin_api_allowed'] == 1) || ($result['customerid'] > 0 && $result['cust_api_allowed'] == 1))) {
|
||||
// get user to check whether api call is allowed
|
||||
if (! empty($result['allowed_from'])) {
|
||||
// @todo allow specification and validating of whole subnets later
|
||||
$ip_list = explode(",", $result['allowed_from']);
|
||||
|
||||
@@ -10,7 +10,7 @@ final class Froxlor
|
||||
const VERSION = '0.10.0';
|
||||
|
||||
// Database version (YYYYMMDDC where C is a daily counter)
|
||||
const DBVERSION = '201910030';
|
||||
const DBVERSION = '201910090';
|
||||
|
||||
// Distribution branding-tag (used for Debian etc.)
|
||||
const BRANDING = '';
|
||||
|
||||
@@ -44,6 +44,21 @@ return array(
|
||||
'label' => $lng['login']['language'],
|
||||
'type' => 'select',
|
||||
'select_var' => $language_options
|
||||
),
|
||||
'api_allowed' => array(
|
||||
'label' => $lng['usersettings']['api_allowed']['title'],
|
||||
'desc' => $lng['usersettings']['api_allowed']['description'],
|
||||
'type' => 'checkbox',
|
||||
'values' => array(
|
||||
array(
|
||||
'label' => $lng['panel']['yes'],
|
||||
'value' => '1'
|
||||
)
|
||||
),
|
||||
'value' => array(
|
||||
'1'
|
||||
),
|
||||
'visible' => (\Froxlor\Settings::Get('api.enabled') == '1' ? true : false)
|
||||
)
|
||||
)
|
||||
),
|
||||
|
||||
@@ -59,6 +59,21 @@ return array(
|
||||
'type' => 'select',
|
||||
'select_var' => $language_options,
|
||||
'visible' => ($result['adminid'] == $userinfo['userid'] ? false : true)
|
||||
),
|
||||
'api_allowed' => array(
|
||||
'label' => $lng['usersettings']['api_allowed']['title'],
|
||||
'desc' => $lng['usersettings']['api_allowed']['description'],
|
||||
'type' => 'checkbox',
|
||||
'values' => array(
|
||||
array(
|
||||
'label' => $lng['panel']['yes'],
|
||||
'value' => '1'
|
||||
)
|
||||
),
|
||||
'value' => array(
|
||||
$result['api_allowed']
|
||||
),
|
||||
'visible' => (\Froxlor\Settings::Get('api.enabled') == '1' ? true : false)
|
||||
)
|
||||
)
|
||||
),
|
||||
|
||||
@@ -81,6 +81,21 @@ return array(
|
||||
'label' => $lng['login']['language'],
|
||||
'type' => 'select',
|
||||
'select_var' => $language_options
|
||||
),
|
||||
'api_allowed' => array(
|
||||
'label' => $lng['usersettings']['api_allowed']['title'],
|
||||
'desc' => $lng['usersettings']['api_allowed']['description'],
|
||||
'type' => 'checkbox',
|
||||
'values' => array(
|
||||
array(
|
||||
'label' => $lng['panel']['yes'],
|
||||
'value' => '1'
|
||||
)
|
||||
),
|
||||
'value' => array(
|
||||
'1'
|
||||
),
|
||||
'visible' => (\Froxlor\Settings::Get('api.enabled') == '1' ? true : false)
|
||||
)
|
||||
)
|
||||
),
|
||||
@@ -294,9 +309,9 @@ return array(
|
||||
'values' => $phpconfigs,
|
||||
'value' => ((int) \Froxlor\Settings::Get('system.mod_fcgid') == 1 ? array(
|
||||
\Froxlor\Settings::Get('system.mod_fcgid_defaultini')
|
||||
) : (int) \Froxlor\Settings::Get('phpfpm.enabled') == 1 ? array(
|
||||
) : ((int) \Froxlor\Settings::Get('phpfpm.enabled') == 1 ? array(
|
||||
\Froxlor\Settings::Get('phpfpm.defaultini')
|
||||
) : array()),
|
||||
) : array())),
|
||||
'is_array' => 1
|
||||
),
|
||||
'perlenabled' => array(
|
||||
|
||||
@@ -74,6 +74,21 @@ return array(
|
||||
'label' => $lng['login']['language'],
|
||||
'type' => 'select',
|
||||
'select_var' => $language_options
|
||||
),
|
||||
'api_allowed' => array(
|
||||
'label' => $lng['usersettings']['api_allowed']['title'],
|
||||
'desc' => $lng['usersettings']['api_allowed']['description'],
|
||||
'type' => 'checkbox',
|
||||
'values' => array(
|
||||
array(
|
||||
'label' => $lng['panel']['yes'],
|
||||
'value' => '1'
|
||||
)
|
||||
),
|
||||
'value' => array(
|
||||
$result['api_allowed']
|
||||
),
|
||||
'visible' => (\Froxlor\Settings::Get('api.enabled') == '1' ? true : false)
|
||||
)
|
||||
)
|
||||
),
|
||||
|
||||
Reference in New Issue
Block a user