From 8cebcc8a5db96b04be18f4ec198defa757e542b8 Mon Sep 17 00:00:00 2001 From: Michael Kaufmann Date: Wed, 13 Feb 2019 21:51:24 +0100 Subject: [PATCH] allow DnsZone functions only if dns-editor is enabled AND the customer is allowed to use it Signed-off-by: Michael Kaufmann --- lib/Froxlor/Api/Commands/DomainZones.php | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/lib/Froxlor/Api/Commands/DomainZones.php b/lib/Froxlor/Api/Commands/DomainZones.php index 78115147..1805af05 100644 --- a/lib/Froxlor/Api/Commands/DomainZones.php +++ b/lib/Froxlor/Api/Commands/DomainZones.php @@ -47,7 +47,11 @@ class DomainZones extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resour public function add() { if (Settings::Get('system.dnsenabled') != '1') { - throw new \Exception("DNS server not enabled on this system", 405); + throw new \Exception("DNS service not enabled on this system", 405); + } + + if ($this->isAdmin() == false && $this->getUserDetail('dnsenabled') != '1') { + throw new \Exception("You cannot access this resource", 405); } $id = $this->getParam('id', true, 0); @@ -307,7 +311,11 @@ class DomainZones extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resour public function get() { if (Settings::Get('system.dnsenabled') != '1') { - throw new \Exception("DNS server not enabled on this system", 405); + throw new \Exception("DNS service not enabled on this system", 405); + } + + if ($this->isAdmin() == false && $this->getUserDetail('dnsenabled') != '1') { + throw new \Exception("You cannot access this resource", 405); } $id = $this->getParam('id', true, 0); @@ -370,7 +378,11 @@ class DomainZones extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resour public function delete() { if (Settings::Get('system.dnsenabled') != '1') { - throw new \Exception("DNS server not enabled on this system", 405); + throw new \Exception("DNS service not enabled on this system", 405); + } + + if ($this->isAdmin() == false && $this->getUserDetail('dnsenabled') != '1') { + throw new \Exception("You cannot access this resource", 405); } $entry_id = $this->getParam('entry_id');