maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity

correct Admins.update and Admins.delete

Browse Source 
Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
This commit is contained in:
Michael Kaufmann (d00p)
2018-02-25 20:47:36 +01:00
parent c65d95c1ef
commit 5c330505ea
1 changed files with 297 additions and 279 deletions
Download Patch File Download Diff File Expand all files Collapse all files

64
lib/classes/api/commands/class.Admins.php
View File

@@ -124,7 +124,7 @@ class Admins extends ApiCommand implements ResourceEntity
$tickets_see_all = $this->getParam('tickets_see_all', true, 0); $tickets_see_all = $this->getParam('tickets_see_all', true, 0);
$caneditphpsettings = $this->getParam('caneditphpsettings', true, 0); $caneditphpsettings = $this->getParam('caneditphpsettings', true, 0);
$change_serversettings = $this->getParam('change_serversettings', true, 0); $change_serversettings = $this->getParam('change_serversettings', true, 0);
$ipaddress = intval_ressource($this->getParam('ipaddress', true, -1)); $ipaddress = intval_ressource($this->getParam('ipaddress', true, - 1));
// validation // validation
$name = validate($name, 'name', '', '', array(), true); $name = validate($name, 'name', '', '', array(), true);
@@ -156,14 +156,18 @@ class Admins extends ApiCommand implements ResourceEntity
$loginname_check_stmt = Database::prepare(" $loginname_check_stmt = Database::prepare("
SELECT `loginname` FROM `" . TABLE_PANEL_CUSTOMERS . "` WHERE `loginname` = :login SELECT `loginname` FROM `" . TABLE_PANEL_CUSTOMERS . "` WHERE `loginname` = :login
"); ");
$loginname_check = Database::pexecute_first($loginname_check_stmt, array('login' => $loginname), true, true); $loginname_check = Database::pexecute_first($loginname_check_stmt, array(
'login' => $loginname
), true, true);
// Check if an admin with the loginname already exists // Check if an admin with the loginname already exists
// do not check via api as we skip any permission checks for this task // do not check via api as we skip any permission checks for this task
$loginname_check_admin_stmt = Database::prepare(" $loginname_check_admin_stmt = Database::prepare("
SELECT `loginname` FROM `" . TABLE_PANEL_ADMINS . "` WHERE `loginname` = :login SELECT `loginname` FROM `" . TABLE_PANEL_ADMINS . "` WHERE `loginname` = :login
"); ");
$loginname_check_admin = Database::pexecute_first($loginname_check_admin_stmt, array('login' => $loginname), true, true); $loginname_check_admin = Database::pexecute_first($loginname_check_admin_stmt, array(
'login' => $loginname
), true, true);
if ($loginname == '') { if ($loginname == '') {
standard_error(array( standard_error(array(
@@ -306,7 +310,7 @@ class Admins extends ApiCommand implements ResourceEntity
*/ */
public function update() public function update()
{ {
if ($this->isAdmin() && $this->getUserDetail('change_serversettings') == 1) { if ($this->isAdmin()) {
$id = $this->getParam('id', true, 0); $id = $this->getParam('id', true, 0);
$ln_optional = ($id <= 0 ? false : true); $ln_optional = ($id <= 0 ? false : true);
@@ -319,6 +323,7 @@ class Admins extends ApiCommand implements ResourceEntity
$result = json_decode($json_result, true)['data']; $result = json_decode($json_result, true)['data'];
$id = $result['adminid']; $id = $result['adminid'];
if ($this->getUserDetail('change_serversettings') == 1 || $result['adminid'] == $this->getUserDetail('adminid')) {
// parameters // parameters
$name = $this->getParam('name', true, $result['name']); $name = $this->getParam('name', true, $result['name']);
$idna_convert = new idna_convert_wrapper(); $idna_convert = new idna_convert_wrapper();
@@ -330,7 +335,7 @@ class Admins extends ApiCommand implements ResourceEntity
$theme = $this->getParam('theme', true, $result['theme']); $theme = $this->getParam('theme', true, $result['theme']);
// you cannot edit some of the details of yourself // you cannot edit some of the details of yourself
if ($result['adminid'] == $this->getUserDetail('userid')) { if ($result['adminid'] == $this->getUserDetail('adminid')) {
$deactivated = $result['deactivated']; $deactivated = $result['deactivated'];
$customers = $result['customers']; $customers = $result['customers'];
$domains = $result['domains']; $domains = $result['domains'];
@@ -447,41 +452,41 @@ class Admins extends ApiCommand implements ResourceEntity
// check if a resource was set to something lower // check if a resource was set to something lower
// than actually used by the admin/reseller // than actually used by the admin/reseller
$res_warning = ""; $res_warning = "";
if ($customers != $result['customers'] && $customers != -1 && $customers < $result['customers_used']) { if ($customers != $result['customers'] && $customers != - 1 && $customers < $result['customers_used']) {
$res_warning .= sprintf($this->lng['error']['setlessthanalreadyused'], 'customers'); $res_warning .= sprintf($this->lng['error']['setlessthanalreadyused'], 'customers');
} }
if ($domains != $result['domains'] && $domains != -1 && $domains < $result['domains_used']) { if ($domains != $result['domains'] && $domains != - 1 && $domains < $result['domains_used']) {
$res_warning .= sprintf($this->lng['error']['setlessthanalreadyused'], 'domains'); $res_warning .= sprintf($this->lng['error']['setlessthanalreadyused'], 'domains');
} }
if ($diskspace != $result['diskspace'] && ($diskspace / 1024) != -1 && $diskspace < $result['diskspace_used']) { if ($diskspace != $result['diskspace'] && ($diskspace / 1024) != - 1 && $diskspace < $result['diskspace_used']) {
$res_warning .= sprintf($this->lng['error']['setlessthanalreadyused'], 'diskspace'); $res_warning .= sprintf($this->lng['error']['setlessthanalreadyused'], 'diskspace');
} }
if ($traffic != $result['traffic'] && ($traffic / 1024 / 1024) != -1 && $traffic < $result['traffic_used']) { if ($traffic != $result['traffic'] && ($traffic / 1024 / 1024) != - 1 && $traffic < $result['traffic_used']) {
$res_warning .= sprintf($this->lng['error']['setlessthanalreadyused'], 'traffic'); $res_warning .= sprintf($this->lng['error']['setlessthanalreadyused'], 'traffic');
} }
if ($emails != $result['emails'] && $emails != -1 && $emails < $result['emails_used']) { if ($emails != $result['emails'] && $emails != - 1 && $emails < $result['emails_used']) {
$res_warning .= sprintf($this->lng['error']['setlessthanalreadyused'], 'emails'); $res_warning .= sprintf($this->lng['error']['setlessthanalreadyused'], 'emails');
} }
if ($email_accounts != $result['email_accounts'] && $email_accounts != -1 && $email_accounts < $result['email_accounts_used']) { if ($email_accounts != $result['email_accounts'] && $email_accounts != - 1 && $email_accounts < $result['email_accounts_used']) {
$res_warning .= sprintf($this->lng['error']['setlessthanalreadyused'], 'email accounts'); $res_warning .= sprintf($this->lng['error']['setlessthanalreadyused'], 'email accounts');
} }
if ($email_forwarders != $result['email_forwarders'] && $email_forwarders != -1 && $email_forwarders < $result['email_forwarders_used']) { if ($email_forwarders != $result['email_forwarders'] && $email_forwarders != - 1 && $email_forwarders < $result['email_forwarders_used']) {
$res_warning .= sprintf($this->lng['error']['setlessthanalreadyused'], 'email forwarders'); $res_warning .= sprintf($this->lng['error']['setlessthanalreadyused'], 'email forwarders');
} }
if ($email_quota != $result['email_quota'] && $email_quota != -1 && $email_quota < $result['email_quota_used']) { if ($email_quota != $result['email_quota'] && $email_quota != - 1 && $email_quota < $result['email_quota_used']) {
$res_warning .= sprintf($this->lng['error']['setlessthanalreadyused'], 'email quota'); $res_warning .= sprintf($this->lng['error']['setlessthanalreadyused'], 'email quota');
} }
if ($ftps != $result['ftps'] && $ftps != -1 && $ftps < $result['ftps_used']) { if ($ftps != $result['ftps'] && $ftps != - 1 && $ftps < $result['ftps_used']) {
$res_warning .= sprintf($this->lng['error']['setlessthanalreadyused'], 'ftps'); $res_warning .= sprintf($this->lng['error']['setlessthanalreadyused'], 'ftps');
} }
if ($tickets != $result['tickets'] && $tickets != -1 && $tickets < $result['tickets_used']) { if ($tickets != $result['tickets'] && $tickets != - 1 && $tickets < $result['tickets_used']) {
$res_warning .= sprintf($this->lng['error']['setlessthanalreadyused'], 'tickets'); $res_warning .= sprintf($this->lng['error']['setlessthanalreadyused'], 'tickets');
} }
if ($mysqls != $result['mysqls'] && $mysqls != -1 && $mysqls < $result['mysqls_used']) { if ($mysqls != $result['mysqls'] && $mysqls != - 1 && $mysqls < $result['mysqls_used']) {
$res_warning .= sprintf($this->lng['error']['setlessthanalreadyused'], 'mysqls'); $res_warning .= sprintf($this->lng['error']['setlessthanalreadyused'], 'mysqls');
} }
if (!empty($res_warning)) { if (! empty($res_warning)) {
throw new Exception($res_warning, 406); throw new Exception($res_warning, 406);
} }
@@ -556,6 +561,7 @@ class Admins extends ApiCommand implements ResourceEntity
return $this->response(200, "successfull", $result); return $this->response(200, "successfull", $result);
} }
} }
}
throw new Exception("Not allowed to execute given command.", 403); throw new Exception("Not allowed to execute given command.", 403);
} }
@@ -586,36 +592,48 @@ class Admins extends ApiCommand implements ResourceEntity
$id = $result['adminid']; $id = $result['adminid'];
// don't be stupid // don't be stupid
if ($id == $this->getUserDetail('userid')) { if ($id == $this->getUserDetail('adminid')) {
standard_error('youcantdeleteyourself', '', true); standard_error('youcantdeleteyourself', '', true);
} }
$del_stmt = Database::prepare(" $del_stmt = Database::prepare("
DELETE FROM `" . TABLE_PANEL_ADMINS . "` WHERE `adminid` = :adminid DELETE FROM `" . TABLE_PANEL_ADMINS . "` WHERE `adminid` = :adminid
"); ");
Database::pexecute($del_stmt, array('adminid' => $id), true, true); Database::pexecute($del_stmt, array(
'adminid' => $id
), true, true);
$del_stmt = Database::prepare(" $del_stmt = Database::prepare("
DELETE FROM `" . TABLE_PANEL_TRAFFIC_ADMINS . "` WHERE `adminid` = :adminid DELETE FROM `" . TABLE_PANEL_TRAFFIC_ADMINS . "` WHERE `adminid` = :adminid
"); ");
Database::pexecute($del_stmt, array('adminid' => $id), true, true); Database::pexecute($del_stmt, array(
'adminid' => $id
), true, true);
$del_stmt = Database::prepare(" $del_stmt = Database::prepare("
DELETE FROM `" . TABLE_PANEL_DISKSPACE_ADMINS . "` WHERE `adminid` = :adminid DELETE FROM `" . TABLE_PANEL_DISKSPACE_ADMINS . "` WHERE `adminid` = :adminid
"); ");
Database::pexecute($del_stmt, array('adminid' => $id), true, true); Database::pexecute($del_stmt, array(
'adminid' => $id
), true, true);
$upd_stmt = Database::prepare(" $upd_stmt = Database::prepare("
UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET
`adminid` = :userid WHERE `adminid` = :adminid `adminid` = :userid WHERE `adminid` = :adminid
"); ");
Database::pexecute($upd_stmt, array('userid' => $this->getUserDetail('userid'), 'adminid' => $id), true, true); Database::pexecute($upd_stmt, array(
'userid' => $this->getUserDetail('adminid'),
'adminid' => $id
), true, true);
$upd_stmt = Database::prepare(" $upd_stmt = Database::prepare("
UPDATE `" . TABLE_PANEL_DOMAINS . "` SET UPDATE `" . TABLE_PANEL_DOMAINS . "` SET
`adminid` = :userid WHERE `adminid` = :adminid `adminid` = :userid WHERE `adminid` = :adminid
"); ");
Database::pexecute($upd_stmt, array('userid' => $this->getUserDetail('userid'), 'adminid' => $id), true, true); Database::pexecute($upd_stmt, array(
'userid' => $this->getUserDetail('adminid'),
'adminid' => $id
), true, true);
$this->logger()->logAction(ADM_ACTION, LOG_WARNING, "[API] deleted admin '" . $result['loginname'] . "'"); $this->logger()->logAction(ADM_ACTION, LOG_WARNING, "[API] deleted admin '" . $result['loginname'] . "'");
updateCounters(); updateCounters();