correct Admins.update and Admins.delete
Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
This commit is contained in:
Michael Kaufmann (d00p)
@@ -156,14 +156,18 @@ class Admins extends ApiCommand implements ResourceEntity
|
|||||||
$loginname_check_stmt = Database::prepare("
|
$loginname_check_stmt = Database::prepare("
|
||||||
SELECT `loginname` FROM `" . TABLE_PANEL_CUSTOMERS . "` WHERE `loginname` = :login
|
SELECT `loginname` FROM `" . TABLE_PANEL_CUSTOMERS . "` WHERE `loginname` = :login
|
||||||
");
|
");
|
||||||
$loginname_check = Database::pexecute_first($loginname_check_stmt, array('login' => $loginname), true, true);
|
$loginname_check = Database::pexecute_first($loginname_check_stmt, array(
|
||||||
|
'login' => $loginname
|
||||||
|
), true, true);
|
||||||
|
|
||||||
// Check if an admin with the loginname already exists
|
// Check if an admin with the loginname already exists
|
||||||
// do not check via api as we skip any permission checks for this task
|
// do not check via api as we skip any permission checks for this task
|
||||||
$loginname_check_admin_stmt = Database::prepare("
|
$loginname_check_admin_stmt = Database::prepare("
|
||||||
SELECT `loginname` FROM `" . TABLE_PANEL_ADMINS . "` WHERE `loginname` = :login
|
SELECT `loginname` FROM `" . TABLE_PANEL_ADMINS . "` WHERE `loginname` = :login
|
||||||
");
|
");
|
||||||
$loginname_check_admin = Database::pexecute_first($loginname_check_admin_stmt, array('login' => $loginname), true, true);
|
$loginname_check_admin = Database::pexecute_first($loginname_check_admin_stmt, array(
|
||||||
|
'login' => $loginname
|
||||||
|
), true, true);
|
||||||
|
|
||||||
if ($loginname == '') {
|
if ($loginname == '') {
|
||||||
standard_error(array(
|
standard_error(array(
|
||||||
@@ -306,7 +310,7 @@ class Admins extends ApiCommand implements ResourceEntity
|
|||||||
*/
|
*/
|
||||||
public function update()
|
public function update()
|
||||||
{
|
{
|
||||||
if ($this->isAdmin() && $this->getUserDetail('change_serversettings') == 1) {
|
if ($this->isAdmin()) {
|
||||||
|
|
||||||
$id = $this->getParam('id', true, 0);
|
$id = $this->getParam('id', true, 0);
|
||||||
$ln_optional = ($id <= 0 ? false : true);
|
$ln_optional = ($id <= 0 ? false : true);
|
||||||
@@ -319,6 +323,7 @@ class Admins extends ApiCommand implements ResourceEntity
|
|||||||
$result = json_decode($json_result, true)['data'];
|
$result = json_decode($json_result, true)['data'];
|
||||||
$id = $result['adminid'];
|
$id = $result['adminid'];
|
||||||
|
|
||||||
|
if ($this->getUserDetail('change_serversettings') == 1 || $result['adminid'] == $this->getUserDetail('adminid')) {
|
||||||
// parameters
|
// parameters
|
||||||
$name = $this->getParam('name', true, $result['name']);
|
$name = $this->getParam('name', true, $result['name']);
|
||||||
$idna_convert = new idna_convert_wrapper();
|
$idna_convert = new idna_convert_wrapper();
|
||||||
@@ -330,7 +335,7 @@ class Admins extends ApiCommand implements ResourceEntity
|
|||||||
$theme = $this->getParam('theme', true, $result['theme']);
|
$theme = $this->getParam('theme', true, $result['theme']);
|
||||||
|
|
||||||
// you cannot edit some of the details of yourself
|
// you cannot edit some of the details of yourself
|
||||||
if ($result['adminid'] == $this->getUserDetail('userid')) {
|
if ($result['adminid'] == $this->getUserDetail('adminid')) {
|
||||||
$deactivated = $result['deactivated'];
|
$deactivated = $result['deactivated'];
|
||||||
$customers = $result['customers'];
|
$customers = $result['customers'];
|
||||||
$domains = $result['domains'];
|
$domains = $result['domains'];
|
||||||
@@ -556,6 +561,7 @@ class Admins extends ApiCommand implements ResourceEntity
|
|||||||
return $this->response(200, "successfull", $result);
|
return $this->response(200, "successfull", $result);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
}
|
||||||
throw new Exception("Not allowed to execute given command.", 403);
|
throw new Exception("Not allowed to execute given command.", 403);
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -586,36 +592,48 @@ class Admins extends ApiCommand implements ResourceEntity
|
|||||||
$id = $result['adminid'];
|
$id = $result['adminid'];
|
||||||
|
|
||||||
// don't be stupid
|
// don't be stupid
|
||||||
if ($id == $this->getUserDetail('userid')) {
|
if ($id == $this->getUserDetail('adminid')) {
|
||||||
standard_error('youcantdeleteyourself', '', true);
|
standard_error('youcantdeleteyourself', '', true);
|
||||||
}
|
}
|
||||||
|
|
||||||
$del_stmt = Database::prepare("
|
$del_stmt = Database::prepare("
|
||||||
DELETE FROM `" . TABLE_PANEL_ADMINS . "` WHERE `adminid` = :adminid
|
DELETE FROM `" . TABLE_PANEL_ADMINS . "` WHERE `adminid` = :adminid
|
||||||
");
|
");
|
||||||
Database::pexecute($del_stmt, array('adminid' => $id), true, true);
|
Database::pexecute($del_stmt, array(
|
||||||
|
'adminid' => $id
|
||||||
|
), true, true);
|
||||||
|
|
||||||
$del_stmt = Database::prepare("
|
$del_stmt = Database::prepare("
|
||||||
DELETE FROM `" . TABLE_PANEL_TRAFFIC_ADMINS . "` WHERE `adminid` = :adminid
|
DELETE FROM `" . TABLE_PANEL_TRAFFIC_ADMINS . "` WHERE `adminid` = :adminid
|
||||||
");
|
");
|
||||||
Database::pexecute($del_stmt, array('adminid' => $id), true, true);
|
Database::pexecute($del_stmt, array(
|
||||||
|
'adminid' => $id
|
||||||
|
), true, true);
|
||||||
|
|
||||||
$del_stmt = Database::prepare("
|
$del_stmt = Database::prepare("
|
||||||
DELETE FROM `" . TABLE_PANEL_DISKSPACE_ADMINS . "` WHERE `adminid` = :adminid
|
DELETE FROM `" . TABLE_PANEL_DISKSPACE_ADMINS . "` WHERE `adminid` = :adminid
|
||||||
");
|
");
|
||||||
Database::pexecute($del_stmt, array('adminid' => $id), true, true);
|
Database::pexecute($del_stmt, array(
|
||||||
|
'adminid' => $id
|
||||||
|
), true, true);
|
||||||
|
|
||||||
$upd_stmt = Database::prepare("
|
$upd_stmt = Database::prepare("
|
||||||
UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET
|
UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET
|
||||||
`adminid` = :userid WHERE `adminid` = :adminid
|
`adminid` = :userid WHERE `adminid` = :adminid
|
||||||
");
|
");
|
||||||
Database::pexecute($upd_stmt, array('userid' => $this->getUserDetail('userid'), 'adminid' => $id), true, true);
|
Database::pexecute($upd_stmt, array(
|
||||||
|
'userid' => $this->getUserDetail('adminid'),
|
||||||
|
'adminid' => $id
|
||||||
|
), true, true);
|
||||||
|
|
||||||
$upd_stmt = Database::prepare("
|
$upd_stmt = Database::prepare("
|
||||||
UPDATE `" . TABLE_PANEL_DOMAINS . "` SET
|
UPDATE `" . TABLE_PANEL_DOMAINS . "` SET
|
||||||
`adminid` = :userid WHERE `adminid` = :adminid
|
`adminid` = :userid WHERE `adminid` = :adminid
|
||||||
");
|
");
|
||||||
Database::pexecute($upd_stmt, array('userid' => $this->getUserDetail('userid'), 'adminid' => $id), true, true);
|
Database::pexecute($upd_stmt, array(
|
||||||
|
'userid' => $this->getUserDetail('adminid'),
|
||||||
|
'adminid' => $id
|
||||||
|
), true, true);
|
||||||
|
|
||||||
$this->logger()->logAction(ADM_ACTION, LOG_WARNING, "[API] deleted admin '" . $result['loginname'] . "'");
|
$this->logger()->logAction(ADM_ACTION, LOG_WARNING, "[API] deleted admin '" . $result['loginname'] . "'");
|
||||||
updateCounters();
|
updateCounters();
|
||||||
|
|||||||
Reference in New Issue
Block a user