From 715e5f7a642902d6aada70fbd7ddd863faf0f69b Mon Sep 17 00:00:00 2001 From: "Michael Kaufmann (d00p)" Date: Mon, 19 Mar 2018 10:45:12 +0100 Subject: [PATCH] fix update of domain as admin if domain is a std-subdomain; fix update of mysql-entry; add CustomerBackups-ApiCommand Signed-off-by: Michael Kaufmann (d00p) --- customer_extras.php | 68 +++------ .../api/commands/class.CustomerBackups.php | 139 ++++++++++++++++++ lib/classes/api/commands/class.Domains.php | 3 +- lib/classes/api/commands/class.Mysqls.php | 12 +- 4 files changed, 159 insertions(+), 63 deletions(-) create mode 100644 lib/classes/api/commands/class.CustomerBackups.php diff --git a/customer_extras.php b/customer_extras.php index 0124b9b8..80bb01db 100644 --- a/customer_extras.php +++ b/customer_extras.php @@ -331,74 +331,42 @@ if ($page == 'overview') { { if ($action == 'abort' && isset($_POST['send']) && $_POST['send'] == 'send') { $log->logAction(USR_ACTION, LOG_NOTICE, "customer_extras::backup - aborted scheduled backupjob"); - $entry = isset($_POST['backup_job_entry']) ? (int)$_POST['backup_job_entry'] : 0; - if ($entry > 0) { - $del_stmt = Database::prepare("DELETE FROM `".TABLE_PANEL_TASKS."` WHERE `id` = :tid"); - Database::pexecute($del_stmt, array('tid' => $entry)); - standard_success('backupaborted'); + try { + CustomerBackups::getLocal($userinfo, $_POST)->delete(); + } catch (Exception $e) { + dynamic_error($e->getMessage()); } + standard_success('backupaborted'); redirectTo($filename, array('page' => $page, 'action' => '', 's' => $s)); } if ($action == '') { $log->logAction(USR_ACTION, LOG_NOTICE, "viewed customer_extras::backup"); // check whether there is a backup-job for this customer - $sel_stmt = Database::prepare("SELECT * FROM `".TABLE_PANEL_TASKS."` WHERE `type` = '20'"); - Database::pexecute($sel_stmt); + try { + $json_result = CustomerBackups::getLocal($userinfo)->listing(); + } catch (Exception $e) { + dynamic_error($e->getMessage()); + } + $result = json_decode($json_result, true)['data']; $existing_backupJob = null; - while ($entry = $sel_stmt->fetch()) + if ($result['count'] > 0) { - $data = unserialize($entry['data']); - if ($data['customerid'] == $userinfo['customerid']) { - $existing_backupJob = $entry; - break; - } + $existing_backupJob = array_shift($result['list']); } if (isset($_POST['send']) && $_POST['send'] == 'send') { - - if (! $_POST['path']) { - standard_error('invalidpath'); + try { + CustomerBackups::getLocal($userinfo, $_POST)->add(); + } catch (Exception $e) { + dynamic_error($e->getMessage()); } - - $path = makeCorrectDir(validate($_POST['path'], 'path')); - $path = makeCorrectDir($userinfo['documentroot'] . '/' . $path); - - $backup_dbs = isset($_POST['backup_dbs']) ? intval($_POST['backup_dbs']) : 0; - $backup_mail = isset($_POST['backup_mail']) ? intval($_POST['backup_mail']) : 0; - $backup_web = isset($_POST['backup_web']) ? intval($_POST['backup_web']) : 0; - - if ($backup_dbs != '1') { - $backup_dbs = '0'; - } - - if ($backup_mail != '1') { - $backup_mail = '0'; - } - - if ($backup_web != '1') { - $backup_web = '0'; - } - - $task_data = array( - 'customerid' => $userinfo['customerid'], - 'uid' => $userinfo['guid'], - 'gid' => $userinfo['guid'], - 'loginname' => $userinfo['loginname'], - 'destdir' => $path, - 'backup_dbs' => $backup_dbs, - 'backup_mail' => $backup_mail, - 'backup_web' => $backup_web - ); - // schedule backup job - inserttask('20', $task_data); - standard_success('backupscheduled'); } else { if (!empty($existing_backupJob)) { $action = "abort"; - $row = unserialize($entry['data']); + $row = $existing_backupJob['data']; $row['path'] = makeCorrectDir(str_replace($userinfo['documentroot'], "/", $row['destdir'])); $row['backup_web'] = ($row['backup_web'] == '1') ? $lng['panel']['yes'] : $lng['panel']['no']; $row['backup_mail'] = ($row['backup_mail'] == '1') ? $lng['panel']['yes'] : $lng['panel']['no']; diff --git a/lib/classes/api/commands/class.CustomerBackups.php b/lib/classes/api/commands/class.CustomerBackups.php new file mode 100644 index 00000000..5744a954 --- /dev/null +++ b/lib/classes/api/commands/class.CustomerBackups.php @@ -0,0 +1,139 @@ + (2010-) + * @license GPLv2 http://files.froxlor.org/misc/COPYING.txt + * @package API + * @since 0.10.0 + * + */ +class CustomerBackups extends ApiCommand implements ResourceEntity +{ + + private function validateAccess() + { + if (Settings::Get('system.backupenabled') != 1) { + throw new Exception("You cannot access this resource", 405); + } + if ($this->isAdmin() == false && Settings::IsInList('panel.customer_hide_options', 'extras')) { + throw new Exception("You cannot access this resource", 405); + } + if ($this->isAdmin() == false && Settings::IsInList('panel.customer_hide_options', 'extras.backup')) { + throw new Exception("You cannot access this resource", 405); + } + } + + public function add() + { + $this->validateAccess(); + + // required parameter + $path = $this->getParam('path'); + + // parameter + $backup_dbs = $this->getParam('backup_dbs', true, 0); + $backup_mail = $this->getParam('backup_mail', true, 0); + $backup_web = $this->getParam('backup_web', true, 0); + + // get customer data + $customer = $this->getCustomerData(); + + // validation + $path = makeCorrectDir(validate($path, 'path', '', '', array(), true)); + $userpath = $path; + $path = makeCorrectDir($customer['documentroot'] . '/' . $path); + + if ($backup_dbs != '1') { + $backup_dbs = '0'; + } + + if ($backup_mail != '1') { + $backup_mail = '0'; + } + + if ($backup_web != '1') { + $backup_web = '0'; + } + + $task_data = array( + 'customerid' => $customer['customerid'], + 'uid' => $customer['guid'], + 'gid' => $customer['guid'], + 'loginname' => $customer['loginname'], + 'destdir' => $path, + 'backup_dbs' => $backup_dbs, + 'backup_mail' => $backup_mail, + 'backup_web' => $backup_web + ); + // schedule backup job + inserttask('20', $task_data); + + $this->logger()->logAction($this->isAdmin() ? ADM_ACTION : USR_ACTION, LOG_NOTICE, "[API] added customer-backup job for '" . $customer['loginname'] . "'. Target directory: " . $userpath); + return $this->response(200, "successfull", $task_data); + } + + public function get() + { + throw new Exception('You cannot get a planned backup. Try CustomerBackups.listing()', 303); + } + + public function update() + { + throw new Exception('You cannot update a planned backup. You need to delete it and re-add it.', 303); + } + + public function listing() + { + $this->validateAccess(); + + $customer_ids = $this->getAllowedCustomerIds('extras.backup'); + + // check whether there is a backup-job for this customer + $sel_stmt = Database::prepare("SELECT * FROM `" . TABLE_PANEL_TASKS . "` WHERE `type` = '20'"); + Database::pexecute($sel_stmt); + $result = array(); + while ($entry = $sel_stmt->fetch(PDO::FETCH_ASSOC)) { + $entry['data'] = unserialize($entry['data']); + if (in_array($entry['data']['customerid'], $customer_ids)) { + $result[] = $entry; + } + } + $this->logger()->logAction($this->isAdmin() ? ADM_ACTION : USR_ACTION, LOG_NOTICE, "[API] list customer-backups"); + return $this->response(200, "successfull", array( + 'count' => count($result), + 'list' => $result + )); + } + + public function delete() + { + // get planned backups + $result = $this->apiCall('CustomerBackups.listing', $this->getParamList()); + + $entry = $this->getParam('backup_job_entry'); + $customer_ids = $this->getAllowedCustomerIds('extras.backup'); + + if ($result['count'] > 0 && $entry > 0) { + // prepare statement + $del_stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_TASKS . "` WHERE `id` = :tid"); + // check for the correct job + foreach ($result['list'] as $backupjob) { + if ($backupjob['id'] == $entry) { + Database::pexecute($del_stmt, array( + 'tid' => $entry + )); + return $this->response(200, "successfull", true); + } + } + } + throw new Exception('Backup job with id #' . $entry . ' could not be found', 404); + } +} diff --git a/lib/classes/api/commands/class.Domains.php b/lib/classes/api/commands/class.Domains.php index 364198a7..76f620c7 100644 --- a/lib/classes/api/commands/class.Domains.php +++ b/lib/classes/api/commands/class.Domains.php @@ -626,8 +626,7 @@ class Domains extends ApiCommand implements ResourceEntity // get requested domain $result = $this->apiCall('Domains.get', array( 'id' => $id, - 'domainname' => $domainname, - 'no_std_subdomain' => true + 'domainname' => $domainname )); $id = $result['id']; diff --git a/lib/classes/api/commands/class.Mysqls.php b/lib/classes/api/commands/class.Mysqls.php index a68f57eb..080b3e1a 100644 --- a/lib/classes/api/commands/class.Mysqls.php +++ b/lib/classes/api/commands/class.Mysqls.php @@ -305,17 +305,7 @@ class Mysqls extends ApiCommand implements ResourceEntity // validation $password = validate($password, 'password', '', '', array(), true); $databasedescription = validate(trim($databasedescription), 'description', '', '', array(), true); - - // validate whether the dbserver exists - $dbserver = validate($dbserver, html_entity_decode($this->lng['mysql']['mysql_server']), '', '', 0, true); - Database::needRoot(true, $dbserver); - Database::needSqlData(); - $sql_root = Database::getSqlData(); - Database::needRoot(false); - if (! isset($sql_root) || ! is_array($sql_root)) { - throw new ErrorException("Database server with index #" . $dbserver . " is unknown", 404); - } - + // get needed customer info to reduce the mysql-usage-counter by one $customer = $this->getCustomerData();