code reduction; added unit-tests for Certificates-Command; minor fixes here and there
Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
This commit is contained in:
Michael Kaufmann (d00p)
@@ -414,6 +414,49 @@ abstract class ApiCommand
|
||||
return $json_response;
|
||||
}
|
||||
|
||||
/**
|
||||
* returns an array of customers the current user can access
|
||||
*
|
||||
* @param string $customer_hide_option optional, when called as customer, some options might be hidden due to the panel.customer_hide_options ettings
|
||||
*
|
||||
* @throws Exception
|
||||
* @return array
|
||||
*/
|
||||
protected function getAllowedCustomerIds($customer_hide_option = '')
|
||||
{
|
||||
$customer_ids = array();
|
||||
if ($this->isAdmin()) {
|
||||
// if we're an admin, list all ftp-users of all the admins customers
|
||||
// or optionally for one specific customer identified by id or loginname
|
||||
$customerid = $this->getParam('customerid', true, 0);
|
||||
$loginname = $this->getParam('loginname', true, '');
|
||||
|
||||
if (! empty($customerid) || ! empty($loginname)) {
|
||||
$_result = $this->apiCall('Customers.get', array(
|
||||
'id' => $customerid,
|
||||
'loginname' => $loginname
|
||||
));
|
||||
$custom_list_result = array(
|
||||
$_result
|
||||
);
|
||||
} else {
|
||||
$_custom_list_result = $this->apiCall('Customers.listing');
|
||||
$custom_list_result = $_custom_list_result['list'];
|
||||
}
|
||||
foreach ($custom_list_result as $customer) {
|
||||
$customer_ids[] = $customer['customerid'];
|
||||
}
|
||||
} else {
|
||||
if (!empty($customer_hide_option) && Settings::IsInList('panel.customer_hide_options', $customer_hide_option)) {
|
||||
throw new Exception("You cannot access this resource", 405);
|
||||
}
|
||||
$customer_ids = array(
|
||||
$this->getUserDetail('customerid')
|
||||
);
|
||||
}
|
||||
return $customer_ids;
|
||||
}
|
||||
|
||||
/**
|
||||
* increase/decrease a resource field for customers/admins
|
||||
*
|
||||
|
||||
@@ -50,18 +50,27 @@ class Certificates extends ApiCommand implements ResourceEntity
|
||||
'id' => $domainid,
|
||||
'domainname' => $domainname
|
||||
));
|
||||
$domainid = $domain['id'];
|
||||
|
||||
// parameters
|
||||
$ssl_cert_file = $this->getParam('ssl_cert_file');
|
||||
$ssl_key_file = $this->getParam('ssl_key_file');
|
||||
$ssl_ca_file = $this->getParam('ssl_ca_file', true, '');
|
||||
$ssl_cert_chainfile = $this->getParam('ssl_cert_chainfile', true, '');
|
||||
$this->addOrUpdateCertificate($domain['id'], $ssl_cert_file, $ssl_key_file, $ssl_ca_file, $ssl_cert_chainfile, true);
|
||||
$idna_convert = new idna_convert_wrapper();
|
||||
$this->logger()->logAction($this->isAdmin() ? ADM_ACTION : USR_ACTION, LOG_INFO, "[API] added ssl-certificate for '" . $domain['domain'] . "'");
|
||||
|
||||
// validate whether the domain does not already have an entry
|
||||
$result = $this->apiCall('Certificates.get', array(
|
||||
'id' => $domain['id']
|
||||
'id' => $domainid
|
||||
));
|
||||
return $this->response(200, "successfull", $result);
|
||||
if (empty($result)) {
|
||||
$this->addOrUpdateCertificate($domain['id'], $ssl_cert_file, $ssl_key_file, $ssl_ca_file, $ssl_cert_chainfile, true);
|
||||
$this->logger()->logAction($this->isAdmin() ? ADM_ACTION : USR_ACTION, LOG_INFO, "[API] added ssl-certificate for '" . $domain['domain'] . "'");
|
||||
$result = $this->apiCall('Certificates.get', array(
|
||||
'id' => $domain['id']
|
||||
));
|
||||
return $this->response(200, "successfull", $result);
|
||||
}
|
||||
throw new Exception("Domain '" . $domain['domain'] . "' already has a certificate. Did you mean to call update?", 406);
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -448,43 +448,14 @@ class Ftps extends ApiCommand implements ResourceEntity
|
||||
*/
|
||||
public function listing()
|
||||
{
|
||||
if ($this->isAdmin()) {
|
||||
// if we're an admin, list all ftp-users of all the admins customers
|
||||
// or optionally for one specific customer identified by id or loginname
|
||||
$customerid = $this->getParam('customerid', true, 0);
|
||||
$loginname = $this->getParam('loginname', true, '');
|
||||
|
||||
if (! empty($customerid) || ! empty($loginname)) {
|
||||
$_result = $this->apiCall('Customers.get', array(
|
||||
'id' => $customerid,
|
||||
'loginname' => $loginname
|
||||
));
|
||||
$custom_list_result = array(
|
||||
$_result
|
||||
);
|
||||
} else {
|
||||
$_custom_list_result = $this->apiCall('Customers.listing');
|
||||
$custom_list_result = $_custom_list_result['list'];
|
||||
}
|
||||
$customer_ids = array();
|
||||
foreach ($custom_list_result as $customer) {
|
||||
$customer_ids[] = $customer['customerid'];
|
||||
}
|
||||
} else {
|
||||
if (Settings::IsInList('panel.customer_hide_options', 'ftp')) {
|
||||
throw new Exception("You cannot access this resource", 405);
|
||||
}
|
||||
$customer_ids = array(
|
||||
$this->getUserDetail('customerid')
|
||||
);
|
||||
}
|
||||
$customer_ids = $this->getAllowedCustomerIds('ftp');
|
||||
$result = array();
|
||||
$params['customerid'] = implode(", ", $customer_ids);
|
||||
$result_stmt = Database::prepare("
|
||||
SELECT * FROM `" . TABLE_FTP_USERS . "`
|
||||
WHERE `customerid` IN (:customerid)
|
||||
");
|
||||
Database::pexecute($result_stmt, $params);
|
||||
Database::pexecute($result_stmt, $params, true, true);
|
||||
while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
|
||||
$result[] = $row;
|
||||
}
|
||||
|
||||
@@ -425,36 +425,7 @@ class Mysqls extends ApiCommand implements ResourceEntity
|
||||
{
|
||||
$result = array();
|
||||
$dbserver = $this->getParam('mysql_server', true, - 1);
|
||||
if ($this->isAdmin()) {
|
||||
// if we're an admin, list all databases of all the admins customers
|
||||
// or optionally for one specific customer identified by id or loginname
|
||||
$customerid = $this->getParam('customerid', true, 0);
|
||||
$loginname = $this->getParam('loginname', true, '');
|
||||
|
||||
if (! empty($customer_id) || ! empty($loginname)) {
|
||||
$customer = $this->apiCall('Customers.get', array(
|
||||
'id' => $customerid,
|
||||
'loginname' => $loginname
|
||||
));
|
||||
$custom_list_result = array(
|
||||
$customer
|
||||
);
|
||||
} else {
|
||||
$_custom_list_result = $this->apiCall('Customers.listing');
|
||||
$custom_list_result = $_custom_list_result['list'];
|
||||
}
|
||||
$customer_ids = array();
|
||||
foreach ($custom_list_result as $customer) {
|
||||
$customer_ids[] = $customer['customerid'];
|
||||
}
|
||||
} else {
|
||||
if (Settings::IsInList('panel.customer_hide_options', 'mysql')) {
|
||||
throw new Exception("You cannot access this resource", 405);
|
||||
}
|
||||
$customer_ids = array(
|
||||
$this->getUserDetail('customerid')
|
||||
);
|
||||
}
|
||||
$customer_ids = $this->getAllowedCustomerIds('mysql');
|
||||
$result_stmt = Database::prepare("
|
||||
SELECT * FROM `" . TABLE_PANEL_DATABASES . "`
|
||||
WHERE `customerid`= :customerid AND `dbserver` = :dbserver
|
||||
|
||||
@@ -247,6 +247,7 @@ class SubDomains extends ApiCommand implements ResourceEntity
|
||||
$stmt = Database::prepare("
|
||||
INSERT INTO `" . TABLE_PANEL_DOMAINS . "` SET
|
||||
`customerid` = :customerid,
|
||||
`adminid` = :adminid,
|
||||
`domain` = :domain,
|
||||
`documentroot` = :documentroot,
|
||||
`aliasdomain` = :aliasdomain,
|
||||
@@ -268,6 +269,7 @@ class SubDomains extends ApiCommand implements ResourceEntity
|
||||
");
|
||||
$params = array(
|
||||
"customerid" => $customer['customerid'],
|
||||
"adminid" => $customer['adminid'],
|
||||
"domain" => $completedomain,
|
||||
"documentroot" => $path,
|
||||
"aliasdomain" => $aliasdomain != 0 ? $aliasdomain : null,
|
||||
|
||||
Reference in New Issue
Block a user