From ceb8619552f2d135ca83741a0d35b8c9e3b5495c Mon Sep 17 00:00:00 2001
From: "Michael Kaufmann (d00p)" <d00p@froxlor.org>
Date: Mon, 26 Feb 2018 12:15:48 +0100
Subject: [PATCH] preparations for assign-multiple-ips-to-an-admin in Api, not
 in webinterface yet

Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
---
 install/froxlor.sql                           |  2 +-
 .../updates/froxlor/0.10/update_0.10.inc.php  | 14 +++++++
 lib/classes/api/commands/class.Admins.php     | 10 ++---
 .../api/commands/class.IpsAndPorts.php        | 41 +++++++++++++------
 4 files changed, 48 insertions(+), 19 deletions(-)

diff --git a/install/froxlor.sql b/install/froxlor.sql
index 8fb1e8e8..cf40bfc3 100644
--- a/install/froxlor.sql
+++ b/install/froxlor.sql
@@ -95,7 +95,7 @@ CREATE TABLE `panel_admins` (
   `name` varchar(255) NOT NULL default '',
   `email` varchar(255) NOT NULL default '',
   `def_language` varchar(255) NOT NULL default '',
-  `ip` tinyint(4) NOT NULL default '-1',
+  `ip` varchar(500) NOT NULL default '-1',
   `customers` int(15) NOT NULL default '0',
   `customers_used` int(15) NOT NULL default '0',
   `customers_see_all` tinyint(1) NOT NULL default '0',
diff --git a/install/updates/froxlor/0.10/update_0.10.inc.php b/install/updates/froxlor/0.10/update_0.10.inc.php
index 1748ecc3..25b35a6f 100644
--- a/install/updates/froxlor/0.10/update_0.10.inc.php
+++ b/install/updates/froxlor/0.10/update_0.10.inc.php
@@ -51,4 +51,18 @@ if (isFroxlorVersion('0.10.0')) {
 	showUpdateStep("Adding new default-ssl-ip setting");
 	Settings::AddNew('system.defaultsslip', '');
 	lastStepStatus(0);
+
+	showUpdateStep("Altering admin ip's field to allow multiple ip addresses");
+	// get all admins for updating the new field
+	$sel_stmt = Database::prepare("SELECT adminid, ip FROM `panel_admins`");
+	Database::pexecute($sel_stmt);
+	$all_admins = $sel_stmt->fetchAll(PDO::FETCH_ASSOC);
+	Database::query("ALTER TABLE `panel_admins` MODIFY `ip` varchar(500) NOT NULL default '-1';");
+	$upd_stmt = Database::prepare("UPDATE `panel_admins` SET `ip` = :ip WHERE `adminid` = :adminid");
+	foreach ($all_admins as $adm) {
+		if ($admin['ip'] != -1) {
+			Database::pexecute($upd_stmt, array('ip' => json_encode($adm['ip']), 'adminid' => $adm['adminid']));
+		}
+	}
+	lastStepStatus(0);
 }
diff --git a/lib/classes/api/commands/class.Admins.php b/lib/classes/api/commands/class.Admins.php
index 12f648e3..f5780ea3 100644
--- a/lib/classes/api/commands/class.Admins.php
+++ b/lib/classes/api/commands/class.Admins.php
@@ -124,7 +124,7 @@ class Admins extends ApiCommand implements ResourceEntity
 			$tickets_see_all = $this->getParam('tickets_see_all', true, 0);
 			$caneditphpsettings = $this->getParam('caneditphpsettings', true, 0);
 			$change_serversettings = $this->getParam('change_serversettings', true, 0);
-			$ipaddress = intval_ressource($this->getParam('ipaddress', true, - 1));
+			$ipaddress = $this->getParam('ipaddress', true, -1);
 			
 			// validation
 			$name = validate($name, 'name', '', '', array(), true);
@@ -244,7 +244,7 @@ class Admins extends ApiCommand implements ResourceEntity
 					'tickets' => $tickets,
 					'tickets_see_all' => $tickets_see_all,
 					'mysqls' => $mysqls,
-					'ip' => $ipaddress,
+					'ip' => empty($ipaddress) ? "" : (is_array($ipaddress) && $ipaddress > 0 ? json_encode($ipaddress) : -1),
 					'theme' => $_theme,
 					'custom_notes' => $custom_notes,
 					'custom_notes_show' => $custom_notes_show
@@ -354,7 +354,7 @@ class Admins extends ApiCommand implements ResourceEntity
 					$change_serversettings = $result['change_serversettings'];
 					$diskspace = $result['diskspace'];
 					$traffic = $result['traffic'];
-					$ipaddress = $result['ip'];
+					$ipaddress = ($result['ip'] != -1 ? json_decode($result['ip'], true) : -1);
 				} else {
 					$deactivated = $this->getParam('deactivated', true, $result['deactivated']);
 					
@@ -377,7 +377,7 @@ class Admins extends ApiCommand implements ResourceEntity
 					$tickets_see_all = $this->getParam('tickets_see_all', true, $result['tickets_see_all']);
 					$caneditphpsettings = $this->getParam('caneditphpsettings', true, $result['caneditphpsettings']);
 					$change_serversettings = $this->getParam('change_serversettings', true, $result['change_serversettings']);
-					$ipaddress = intval_ressource($this->getParam('ipaddress', true, $result['ip']));
+					$ipaddress = $this->getParam('ipaddress', true, ($result['ip'] != -1 ? json_decode($result['ip'], true) : -1));
 					
 					$diskspace = $diskspace * 1024;
 					$traffic = $traffic * 1024 * 1024;
@@ -512,7 +512,7 @@ class Admins extends ApiCommand implements ResourceEntity
 						'tickets' => $tickets,
 						'tickets_see_all' => $tickets_see_all,
 						'mysqls' => $mysqls,
-						'ip' => $ipaddress,
+						'ip' => empty($ipaddress) ? "" : (is_array($ipaddress) && $ipaddress > 0 ? json_encode($ipaddress) : -1),
 						'deactivated' => $deactivated,
 						'custom_notes' => $custom_notes,
 						'custom_notes_show' => $custom_notes_show,
diff --git a/lib/classes/api/commands/class.IpsAndPorts.php b/lib/classes/api/commands/class.IpsAndPorts.php
index 32ab79a3..a2bb599f 100644
--- a/lib/classes/api/commands/class.IpsAndPorts.php
+++ b/lib/classes/api/commands/class.IpsAndPorts.php
@@ -27,10 +27,14 @@ class IpsAndPorts extends ApiCommand implements ResourceEntity
 	 */
 	public function list()
 	{
-		if ($this->isAdmin() && $this->getUserDetail('change_serversettings')) {
+		if ($this->isAdmin() && ($this->getUserDetail('change_serversettings') || ! empty($this->getUserDetail('ip')))) {
 			$this->logger()->logAction(ADM_ACTION, LOG_NOTICE, "[API] list ips and ports");
+			$ip_where = "";
+			if (!empty($this->getUserDetail('ip')) && $this->getUserDetail('ip') != -1) {
+				$ip_where = "WHERE `id` IN (".implode(", ", json_decode($this->getUserDetail('ip'), true)).")";
+			}
 			$result_stmt = Database::prepare("
-				SELECT * FROM `" . TABLE_PANEL_IPSANDPORTS . "` ORDER BY `ip` ASC, `port` ASC
+				SELECT * FROM `" . TABLE_PANEL_IPSANDPORTS . "` " . $ip_where . " ORDER BY `ip` ASC, `port` ASC
 			");
 			Database::pexecute($result_stmt, null, true, true);
 			$result = array();
@@ -50,16 +54,21 @@ class IpsAndPorts extends ApiCommand implements ResourceEntity
 	 *
 	 * @param int $id
 	 *        	ip-port-id
-	 *
+	 *        	
 	 * @access admin
 	 * @throws Exception
 	 * @return array
 	 */
 	public function get()
 	{
-		if ($this->isAdmin() && $this->getUserDetail('change_serversettings')) {
+		if ($this->isAdmin() && ($this->getUserDetail('change_serversettings') || ! empty($this->getUserDetail('ip')))) {
 			$id = $this->getParam('id');
-			$this->logger()->logAction(ADM_ACTION, LOG_NOTICE, "[API] get ip and port #" . $id);
+			if (!empty($this->getUserDetail('ip')) && $this->getUserDetail('ip') != -1) {
+				$allowed_ips = json_decode($this->getUserDetail('ip'), true);
+				if (!in_array($id, $allowed_ips)) {
+					throw new Exception("You cannot access this resource", 405);
+				}
+			}
 			$result_stmt = Database::prepare("
 				SELECT * FROM `" . TABLE_PANEL_IPSANDPORTS . "` WHERE `id` = :id
 			");
@@ -67,6 +76,7 @@ class IpsAndPorts extends ApiCommand implements ResourceEntity
 				'id' => $id
 			), true, true);
 			if ($result) {
+				$this->logger()->logAction(ADM_ACTION, LOG_NOTICE, "[API] get ip " . $result['ip'] . " " . $result['port']);
 				return $this->response(200, "successfull", $result);
 			}
 			throw new Exception("IP/port with id #" . $id . " could not be found", 404);
@@ -204,7 +214,12 @@ class IpsAndPorts extends ApiCommand implements ResourceEntity
 				$ip = '[' . $ip . ']';
 			}
 			$this->logger()->logAction(ADM_ACTION, LOG_WARNING, "[API] added IP/port '" . $ip . ":" . $port . "'");
-			return $this->response(200, "successfull", $ins_data);
+			// get ip for return-array
+			$json_result = IpsAndPorts::getLocal($this->getUserData(), array(
+				'id' => $ins_data['id']
+			))->get();
+			$result = json_decode($json_result, true)['data'];
+			return $this->response(200, "successfull", $result);
 		}
 		throw new Exception("Not allowed to execute given command.", 403);
 	}
@@ -220,7 +235,7 @@ class IpsAndPorts extends ApiCommand implements ResourceEntity
 	 */
 	public function update()
 	{
-		if ($this->isAdmin() && $this->getUserDetail('change_serversettings')) {
+		if ($this->isAdmin() && ($this->getUserDetail('change_serversettings') || ! empty($this->getUserDetail('ip')))) {
 			$id = $this->getParam('id');
 			
 			$json_result = IpsAndPorts::getLocal($this->getUserData(), array(
@@ -368,7 +383,7 @@ class IpsAndPorts extends ApiCommand implements ResourceEntity
 	 *
 	 * @param int $id
 	 *        	ip-port-id
-	 *
+	 *        	
 	 * @access admin
 	 * @throws Exception
 	 * @return array
@@ -411,17 +426,17 @@ class IpsAndPorts extends ApiCommand implements ResourceEntity
 						if ($result['ip'] != '') {
 							
 							$del_stmt = Database::prepare("
-							DELETE FROM `" . TABLE_PANEL_IPSANDPORTS . "`
-							WHERE `id` = :id
-						");
+								DELETE FROM `" . TABLE_PANEL_IPSANDPORTS . "`
+								WHERE `id` = :id
+							");
 							Database::pexecute($del_stmt, array(
 								'id' => $id
 							));
 							
 							// also, remove connections to domains (multi-stack)
 							$del_stmt = Database::prepare("
-							DELETE FROM `" . TABLE_DOMAINTOIP . "` WHERE `id_ipandports` = :id
-						");
+								DELETE FROM `" . TABLE_DOMAINTOIP . "` WHERE `id_ipandports` = :id
+							");
 							Database::pexecute($del_stmt, array(
 								'id' => $id
 							));