From bddf9b496cf4ae946ecc9ec5249318747e79a6b9 Mon Sep 17 00:00:00 2001 From: Michael Kaufmann Date: Fri, 15 May 2020 09:35:20 +0200 Subject: [PATCH] enable internal api-call to bypass customer_hide_options check in certain situations where it is needed, fixes #803 Signed-off-by: Michael Kaufmann --- lib/Froxlor/Api/ApiCommand.php | 47 +++++++++++++++----- lib/Froxlor/Api/Commands/Emails.php | 3 +- lib/Froxlor/Api/Commands/SubDomains.php | 2 +- lib/Froxlor/Cron/Http/LetsEncrypt/AcmeSh.php | 3 -- tests/Emails/EmailsTest.php | 6 +++ 5 files changed, 46 insertions(+), 15 deletions(-) diff --git a/lib/Froxlor/Api/ApiCommand.php b/lib/Froxlor/Api/ApiCommand.php index 065a9090..77fc415e 100644 --- a/lib/Froxlor/Api/ApiCommand.php +++ b/lib/Froxlor/Api/ApiCommand.php @@ -54,6 +54,13 @@ abstract class ApiCommand extends ApiParameter */ private $mail = null; + /** + * whether the call is an internal one or not + * + * @var boolean + */ + private $internal_call = false; + /** * language strings array * @@ -90,10 +97,12 @@ abstract class ApiCommand extends ApiParameter * optional, array of parameters (var=>value) for the command * @param array $userinfo * optional, passed via WebInterface (instead of $header) + * @param boolean $internal + * optional whether called internally, default false * * @throws \Exception */ - public function __construct($header = null, $params = null, $userinfo = null) + public function __construct($header = null, $params = null, $userinfo = null, $internal = false) { parent::__construct($params); @@ -127,6 +136,9 @@ abstract class ApiCommand extends ApiParameter if ($this->debug) { $this->logger()->logAction(\Froxlor\FroxlorLogger::LOG_ERROR, LOG_DEBUG, "[API] " . get_called_class() . ": " . json_encode($params, JSON_UNESCAPED_SLASHES)); } + + // set internal call flag + $this->internal_call = $internal; } /** @@ -191,13 +203,15 @@ abstract class ApiCommand extends ApiParameter * array of user-data * @param array $params * array of parameters for the command + * @param boolean $internal + * optional whether called internally, default false * * @return ApiCommand * @throws \Exception */ - public static function getLocal($userinfo = null, $params = null) + public static function getLocal($userinfo = null, $params = null, $internal = false) { - return new static(null, $params, $userinfo); + return new static(null, $params, $userinfo, $internal); } /** @@ -210,6 +224,16 @@ abstract class ApiCommand extends ApiParameter return $this->is_admin; } + /** + * internal call flag + * + * @return boolean + */ + protected function isInternal() + { + return $this->internal_call; + } + /** * return field from user-table * @@ -241,7 +265,7 @@ abstract class ApiCommand extends ApiParameter * optional array of placeholders mapped to the actual value which is used in the API commands when executing the statement [internal] * @param boolean $append * optional append to WHERE clause rather then create new one, default false [internal] - * + * * @return string */ protected function getSearchWhere(&$query_fields = array(), $append = false) @@ -304,7 +328,7 @@ abstract class ApiCommand extends ApiParameter * optional, limit resultset, default 0 * @param int $sql_offset * optional, offset for limitation, default 0 - * + * * @return string */ protected function getLimit() @@ -333,7 +357,7 @@ abstract class ApiCommand extends ApiParameter * optional array with index = fieldname and value = ASC|DESC * @param boolean $append * optional append to ORDER BY clause rather then create new one, default false [internal] - * + * * @return string */ protected function getOrderBy($append = false) @@ -417,15 +441,18 @@ abstract class ApiCommand extends ApiParameter * * @param string $command * @param array|null $params - * + * @param boolean $internal + * optional whether called internally, default false + * + * * @return array */ - protected function apiCall($command = null, $params = null) + protected function apiCall($command = null, $params = null, $internal = false) { $_command = explode(".", $command); $module = __NAMESPACE__ . "\Commands\\" . $_command[0]; $function = $_command[1]; - $json_result = $module::getLocal($this->getUserData(), $params)->{$function}(); + $json_result = $module::getLocal($this->getUserData(), $params, $internal)->{$function}(); return json_decode($json_result, true)['data']; } @@ -491,7 +518,7 @@ abstract class ApiCommand extends ApiParameter $customer_ids[] = $customer['customerid']; } } else { - if (! empty($customer_hide_option) && \Froxlor\Settings::IsInList('panel.customer_hide_options', $customer_hide_option)) { + if (!$this->isInternal() && ! empty($customer_hide_option) && \Froxlor\Settings::IsInList('panel.customer_hide_options', $customer_hide_option)) { throw new \Exception("You cannot access this resource", 405); } $customer_ids = array( diff --git a/lib/Froxlor/Api/Commands/Emails.php b/lib/Froxlor/Api/Commands/Emails.php index af1cd0a2..c22989c8 100644 --- a/lib/Froxlor/Api/Commands/Emails.php +++ b/lib/Froxlor/Api/Commands/Emails.php @@ -62,9 +62,10 @@ class Emails extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEnt } // check domain and whether it's an email-enabled domain + // use internal call because the customer might have 'domains' in customer_hide_options $domain_check = $this->apiCall('SubDomains.get', array( 'domainname' => $domain - )); + ), true); if ($domain_check['isemaildomain'] == 0) { \Froxlor\UI\Response::standard_error('maindomainnonexist', $domain, true); } diff --git a/lib/Froxlor/Api/Commands/SubDomains.php b/lib/Froxlor/Api/Commands/SubDomains.php index 18d332a3..3b7fbfb7 100644 --- a/lib/Froxlor/Api/Commands/SubDomains.php +++ b/lib/Froxlor/Api/Commands/SubDomains.php @@ -409,7 +409,7 @@ class SubDomains extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resourc ); } } else { - if (Settings::IsInList('panel.customer_hide_options', 'domains')) { + if (! $this->isInternal() && Settings::IsInList('panel.customer_hide_options', 'domains')) { throw new \Exception("You cannot access this resource", 405); } $result_stmt = Database::prepare(" diff --git a/lib/Froxlor/Cron/Http/LetsEncrypt/AcmeSh.php b/lib/Froxlor/Cron/Http/LetsEncrypt/AcmeSh.php index 59f5f653..4767732d 100644 --- a/lib/Froxlor/Cron/Http/LetsEncrypt/AcmeSh.php +++ b/lib/Froxlor/Cron/Http/LetsEncrypt/AcmeSh.php @@ -437,9 +437,6 @@ class AcmeSh extends \Froxlor\Cron\FroxlorCron AND dom.`iswildcarddomain` = 0 "); $renew_certs = $certificates_stmt->fetchAll(\PDO::FETCH_ASSOC); - if (self::renewFroxlorVhost()) { - // add froxlor to the list of renews - } if ($renew_certs) { return $renew_certs; } diff --git a/tests/Emails/EmailsTest.php b/tests/Emails/EmailsTest.php index c8879414..9e5df92a 100644 --- a/tests/Emails/EmailsTest.php +++ b/tests/Emails/EmailsTest.php @@ -25,6 +25,9 @@ class MailsTest extends TestCase { global $admin_userdata; + // set domains as hidden to test whether the internal flag works + Settings::Set('panel.customer_hide_options', 'domains', true); + // get customer $json_result = Customers::getLocal($admin_userdata, array( 'loginname' => 'test1' @@ -39,6 +42,9 @@ class MailsTest extends TestCase $result = json_decode($json_result, true)['data']; $this->assertEquals("info@test2.local", $result['email_full']); $this->assertEquals(0, $result['iscatchall']); + + // reset setting + Settings::Set('panel.customer_hide_options', '', true); } public function testAdminEmailsAdd()