maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity

remove unnecessary parameter-checks as they will never happen; make Customers.update callable for customers

Browse Source 
Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
This commit is contained in:
Michael Kaufmann (d00p)
2018-02-25 15:02:58 +01:00
parent 243b68cc37
commit a222114d0a
6 changed files with 488 additions and 552 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
lib/classes/api/commands/class.Mysqls.php
View File

@@ -238,13 +238,9 @@ class Mysqls extends ApiCommand implements ResourceEntity
{
$id = $this->getParam('id', true, 0);
$dn_optional = ($id <= 0 ? false : true);
$dbname = $this->getParam('dbname', $dn_optional, '');
$dbname = trim($this->getParam('dbname', $dn_optional, ''));
$dbserver = $this->getParam('mysql_server', true, - 1);
if ($id <= 0 && empty($dbname)) {
throw new Exception("Either 'id' or 'dbname' parameter must be given", 406);
}
if ($this->isAdmin()) {
if ($this->getUserDetail('customers_see_all') != 1) {
// if it's a reseller or an admin who cannot see all customers, we need to check
@@ -341,13 +337,9 @@ class Mysqls extends ApiCommand implements ResourceEntity
{
$id = $this->getParam('id', true, 0);
$dn_optional = ($id <= 0 ? false : true);
$dbname = $this->getParam('dbname', $dn_optional, '');
$dbname = trim($this->getParam('dbname', $dn_optional, ''));
$dbserver = $this->getParam('mysql_server', true, - 1);
if ($id <= 0 && empty($dbname)) {
throw new Exception("Either 'id' or 'dbname' parameter must be given", 406);
}
if ($this->isAdmin() == false && Settings::IsInList('panel.customer_hide_options', 'mysql')) {
throw new Exception("You cannot access this resource", 405);
}
@@ -549,13 +541,9 @@ class Mysqls extends ApiCommand implements ResourceEntity
{
$id = $this->getParam('id', true, 0);
$dn_optional = ($id <= 0 ? false : true);
$dbname = $this->getParam('dbname', $dn_optional, '');
$dbname = trim($this->getParam('dbname', $dn_optional, ''));
$dbserver = $this->getParam('mysql_server', true, - 1);
if ($id <= 0 && empty($dbname)) {
throw new Exception("Either 'id' or 'dbname' parameter must be given", 406);
}
if ($this->isAdmin() == false && Settings::IsInList('panel.customer_hide_options', 'mysql')) {
throw new Exception("You cannot access this resource", 405);
}