only let admin select php-configs that the customer is allowed to use to avoid unwanted php-config changes when customer edits domain, refs #514

Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
2018-02-09 13:57:23 +01:00
parent 4d3fa6eca5
commit 5612720342
4 changed files with 74 additions and 3 deletions
--- a/admin_domains.php
+++ b/admin_domains.php
@@ -2209,12 +2209,19 @@ if ($page == 'domains' || $page == 'overview') {
 					FROM `" . TABLE_PANEL_PHPCONFIGS . "` c
 					LEFT JOIN `" . TABLE_PANEL_FPMDAEMONS . "` fc ON fc.id = c.fpmsettingid
 				");
+				$c_allowed_configs = getCustomerDetail($result['customerid'], 'allowed_phpconfigs');
+				if (!empty($c_allowed_configs)) {
+					$c_allowed_configs = json_decode($c_allowed_configs, true);
+				} else {
+					$c_allowed_configs = array();
+				}

 				while ($phpconfigs_row = $phpconfigs_result_stmt->fetch(PDO::FETCH_ASSOC)) {
+					$disabled = !empty($c_allowed_configs) && !in_array($phpconfigs_row['id'], $c_allowed_configs);
 					if ((int) Settings::Get('phpfpm.enabled') == 1) {
-						$phpconfigs .= makeoption($phpconfigs_row['description'] . " [".$phpconfigs_row['interpreter']."]", $phpconfigs_row['id'], $result['phpsettingid'], true, true);
+						$phpconfigs .= makeoption($phpconfigs_row['description'] . " [".$phpconfigs_row['interpreter']."]", $phpconfigs_row['id'], $result['phpsettingid'], true, true, null, $disabled);
 					} else {
-						$phpconfigs .= makeoption($phpconfigs_row['description'], $phpconfigs_row['id'], $result['phpsettingid'], true, true);
+						$phpconfigs .= makeoption($phpconfigs_row['description'], $phpconfigs_row['id'], $result['phpsettingid'], true, true, null, $disabled);
 					}
 				}

@@ -2231,6 +2238,13 @@ if ($page == 'domains' || $page == 'overview') {
 				eval("echo \"" . getTemplate("domains/domains_edit") . "\";");
 			}
 		}
+	} elseif ($action == 'jqGetCustomerPHPConfigs') {
+		
+		$customerid = intval($_POST['customerid']);
+		$allowed_phpconfigs = getCustomerDetail($customerid, 'allowed_phpconfigs');
+		echo !empty($allowed_phpconfigs) ? $allowed_phpconfigs : json_encode(array());
+		exit;
+		
 	} elseif ($action == 'import') {

 		if (isset($_POST['send']) && $_POST['send'] == 'send') {
--- a/lib/functions/output/function.makeoption.php
+++ b/lib/functions/output/function.makeoption.php
@@ -29,7 +29,7 @@
 * @author Florian Lippert <flo@syscp.org>
 */

-function makeoption($title, $value, $selvalue = NULL, $title_trusted = false, $value_trusted = false, $id = NULL)
+function makeoption($title, $value, $selvalue = NULL, $title_trusted = false, $value_trusted = false, $id = NULL, $disabled = false)
 {
 	if($selvalue !== NULL
 	   && ((is_array($selvalue) && in_array($value, $selvalue)) || $value == $selvalue))
@@ -41,6 +41,10 @@ function makeoption($title, $value, $selvalue = NULL, $title_trusted = false, $v
 		$selected = '';
 	}
 	
+	if ($disabled) {
+		$selected .= ' disabled="disabled"';
+	}
+
 	if(!$title_trusted)
 	{
 		$title = htmlspecialchars($title);
--- a/templates/Sparkle/admin/domains/domains_add.tpl
+++ b/templates/Sparkle/admin/domains/domains_add.tpl
@@ -6,6 +6,7 @@ $header
 				{$title}
 			</h2>
 		</header>
+		<script type="text/javascript" src="templates/{$theme}/assets/js/domains.js"></script>

 		<section>

--- a/templates/Sparkle/assets/js/domains.js
+++ b/templates/Sparkle/assets/js/domains.js
@@ -0,0 +1,52 @@
+$(document).ready(function() {
+
+	var getUrlParameter = function getUrlParameter(sParam) {
+	    var sPageURL = decodeURIComponent(window.location.search.substring(1)),
+	        sURLVariables = sPageURL.split('&'),
+	        sParameterName,
+	        i;
+
+	    for (i = 0; i < sURLVariables.length; i++) {
+	        sParameterName = sURLVariables[i].split('=');
+
+	        if (sParameterName[0] === sParam) {
+	            return sParameterName[1] === undefined ? true : sParameterName[1];
+	        }
+	    }
+	};
+
+	/**
+	 * disable unusable php-configuration by customer settings
+	 */
+	$('#customerid').change(function() {
+		var cid = $(this).val();
+		var sid = getUrlParameter('s');
+		var page = getUrlParameter('page');
+
+		$.ajax({
+	        url: "admin_domains.php?s="+sid+"&page="+page+"&action=jqGetCustomerPHPConfigs",
+	        type: "POST",
+	        data: {
+	            customerid: cid
+	        },
+	        dataType: "json",
+	        success: function(json) {
+	        	if (json.length > 0) {
+                    $('#phpsettingid option').each(function() {
+                        var pid = $(this).val();
+                        $(this).attr("disabled", "disabled");
+                        for (i in json) {
+                        	if (pid == json[i]) {
+                            	$(this).removeAttr("disabled");
+                            }
+                        } 
+                    });
+	        	}
+	        },
+	        error: function(a, b) {
+	            console.log(a, b);
+	        }
+	    });
+	});
+
+});