check for given customer loginname/id before anything happens in Mysqls.add/update/delete when called as admin; fixes #749
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
This commit is contained in:
Michael Kaufmann
@@ -34,7 +34,9 @@ class Mysqls extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEnt
|
|||||||
* @param bool $sendinfomail
|
* @param bool $sendinfomail
|
||||||
* optional, send created resource-information to customer, default: false
|
* optional, send created resource-information to customer, default: false
|
||||||
* @param int $customerid
|
* @param int $customerid
|
||||||
* required when called as admin, not needed when called as customer
|
* optional, admin-only, the customer-id
|
||||||
|
* @param string $loginname
|
||||||
|
* optional, admin-only, the loginname
|
||||||
*
|
*
|
||||||
* @access admin, customer
|
* @access admin, customer
|
||||||
* @throws \Exception
|
* @throws \Exception
|
||||||
@@ -42,8 +44,6 @@ class Mysqls extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEnt
|
|||||||
*/
|
*/
|
||||||
public function add()
|
public function add()
|
||||||
{
|
{
|
||||||
if ($this->getUserDetail('mysqls_used') < $this->getUserDetail('mysqls') || $this->getUserDetail('mysqls') == '-1') {
|
|
||||||
|
|
||||||
// required paramters
|
// required paramters
|
||||||
$password = $this->getParam('mysql_password');
|
$password = $this->getParam('mysql_password');
|
||||||
|
|
||||||
@@ -51,6 +51,8 @@ class Mysqls extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEnt
|
|||||||
$dbserver = $this->getParam('mysql_server', true, 0);
|
$dbserver = $this->getParam('mysql_server', true, 0);
|
||||||
$databasedescription = $this->getParam('description', true, '');
|
$databasedescription = $this->getParam('description', true, '');
|
||||||
$sendinfomail = $this->getBoolParam('sendinfomail', true, 0);
|
$sendinfomail = $this->getBoolParam('sendinfomail', true, 0);
|
||||||
|
// get needed customer info to reduce the mysql-usage-counter by one
|
||||||
|
$customer = $this->getCustomerData('mysqls');
|
||||||
|
|
||||||
// validation
|
// validation
|
||||||
$password = \Froxlor\Validate\Validate::validate($password, 'password', '', '', array(), true);
|
$password = \Froxlor\Validate\Validate::validate($password, 'password', '', '', array(), true);
|
||||||
@@ -71,9 +73,6 @@ class Mysqls extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEnt
|
|||||||
$sendinfomail = 0;
|
$sendinfomail = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
// get needed customer info to reduce the mysql-usage-counter by one
|
|
||||||
$customer = $this->getCustomerData('mysqls');
|
|
||||||
|
|
||||||
$newdb_params = array(
|
$newdb_params = array(
|
||||||
'loginname' => ($this->isAdmin() ? $customer['loginname'] : $this->getUserDetail('loginname')),
|
'loginname' => ($this->isAdmin() ? $customer['loginname'] : $this->getUserDetail('loginname')),
|
||||||
'mysql_lastaccountnumber' => ($this->isAdmin() ? $customer['mysql_lastaccountnumber'] : $this->getUserDetail('mysql_lastaccountnumber'))
|
'mysql_lastaccountnumber' => ($this->isAdmin() ? $customer['mysql_lastaccountnumber'] : $this->getUserDetail('mysql_lastaccountnumber'))
|
||||||
@@ -168,8 +167,6 @@ class Mysqls extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEnt
|
|||||||
));
|
));
|
||||||
return $this->response(200, "successfull", $result);
|
return $this->response(200, "successfull", $result);
|
||||||
}
|
}
|
||||||
throw new \Exception("No more resources available", 406);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* return a mysql database entry by either id or dbname
|
* return a mysql database entry by either id or dbname
|
||||||
@@ -276,6 +273,10 @@ class Mysqls extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEnt
|
|||||||
* optional, update password for the database
|
* optional, update password for the database
|
||||||
* @param string $description
|
* @param string $description
|
||||||
* optional, description for database
|
* optional, description for database
|
||||||
|
* @param int $customerid
|
||||||
|
* optional, admin-only, the customer-id
|
||||||
|
* @param string $loginname
|
||||||
|
* optional, admin-only, the loginname
|
||||||
*
|
*
|
||||||
* @access admin, customer
|
* @access admin, customer
|
||||||
* @throws \Exception
|
* @throws \Exception
|
||||||
@@ -287,6 +288,7 @@ class Mysqls extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEnt
|
|||||||
$dn_optional = ($id <= 0 ? false : true);
|
$dn_optional = ($id <= 0 ? false : true);
|
||||||
$dbname = $this->getParam('dbname', $dn_optional, '');
|
$dbname = $this->getParam('dbname', $dn_optional, '');
|
||||||
$dbserver = $this->getParam('mysql_server', true, - 1);
|
$dbserver = $this->getParam('mysql_server', true, - 1);
|
||||||
|
$customer = $this->getCustomerData();
|
||||||
|
|
||||||
if ($this->isAdmin() == false && Settings::IsInList('panel.customer_hide_options', 'mysql')) {
|
if ($this->isAdmin() == false && Settings::IsInList('panel.customer_hide_options', 'mysql')) {
|
||||||
throw new \Exception("You cannot access this resource", 405);
|
throw new \Exception("You cannot access this resource", 405);
|
||||||
@@ -307,9 +309,6 @@ class Mysqls extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEnt
|
|||||||
$password = \Froxlor\Validate\Validate::validate($password, 'password', '', '', array(), true);
|
$password = \Froxlor\Validate\Validate::validate($password, 'password', '', '', array(), true);
|
||||||
$databasedescription = \Froxlor\Validate\Validate::validate(trim($databasedescription), 'description', '', '', array(), true);
|
$databasedescription = \Froxlor\Validate\Validate::validate(trim($databasedescription), 'description', '', '', array(), true);
|
||||||
|
|
||||||
// get needed customer info to reduce the mysql-usage-counter by one
|
|
||||||
$customer = $this->getCustomerData();
|
|
||||||
|
|
||||||
if ($password != '') {
|
if ($password != '') {
|
||||||
// validate password
|
// validate password
|
||||||
$password = \Froxlor\System\Crypt::validatePassword($password, true);
|
$password = \Froxlor\System\Crypt::validatePassword($password, true);
|
||||||
@@ -380,8 +379,7 @@ class Mysqls extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEnt
|
|||||||
$query_fields = array();
|
$query_fields = array();
|
||||||
$result_stmt = Database::prepare("
|
$result_stmt = Database::prepare("
|
||||||
SELECT * FROM `" . TABLE_PANEL_DATABASES . "`
|
SELECT * FROM `" . TABLE_PANEL_DATABASES . "`
|
||||||
WHERE `customerid`= :customerid AND `dbserver` = :dbserver". $this->getSearchWhere($query_fields, true) . $this->getOrderBy() . $this->getLimit()
|
WHERE `customerid`= :customerid AND `dbserver` = :dbserver" . $this->getSearchWhere($query_fields, true) . $this->getOrderBy() . $this->getLimit());
|
||||||
);
|
|
||||||
if ($dbserver < 0) {
|
if ($dbserver < 0) {
|
||||||
// use all dbservers
|
// use all dbservers
|
||||||
$dbservers_stmt = Database::query("SELECT DISTINCT `dbserver` FROM `" . TABLE_PANEL_DATABASES . "`");
|
$dbservers_stmt = Database::query("SELECT DISTINCT `dbserver` FROM `" . TABLE_PANEL_DATABASES . "`");
|
||||||
@@ -459,6 +457,10 @@ class Mysqls extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEnt
|
|||||||
* optional, the databasename
|
* optional, the databasename
|
||||||
* @param int $mysql_server
|
* @param int $mysql_server
|
||||||
* optional, specify database-server, default is none
|
* optional, specify database-server, default is none
|
||||||
|
* @param int $customerid
|
||||||
|
* optional, admin-only, the customer-id
|
||||||
|
* @param string $loginname
|
||||||
|
* optional, admin-only, the loginname
|
||||||
*
|
*
|
||||||
* @access admin, customer
|
* @access admin, customer
|
||||||
* @throws \Exception
|
* @throws \Exception
|
||||||
@@ -470,6 +472,7 @@ class Mysqls extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEnt
|
|||||||
$dn_optional = ($id <= 0 ? false : true);
|
$dn_optional = ($id <= 0 ? false : true);
|
||||||
$dbname = $this->getParam('dbname', $dn_optional, '');
|
$dbname = $this->getParam('dbname', $dn_optional, '');
|
||||||
$dbserver = $this->getParam('mysql_server', true, - 1);
|
$dbserver = $this->getParam('mysql_server', true, - 1);
|
||||||
|
$customer = $this->getCustomerData();
|
||||||
|
|
||||||
if ($this->isAdmin() == false && Settings::IsInList('panel.customer_hide_options', 'mysql')) {
|
if ($this->isAdmin() == false && Settings::IsInList('panel.customer_hide_options', 'mysql')) {
|
||||||
throw new \Exception("You cannot access this resource", 405);
|
throw new \Exception("You cannot access this resource", 405);
|
||||||
@@ -496,7 +499,6 @@ class Mysqls extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEnt
|
|||||||
), true, true);
|
), true, true);
|
||||||
|
|
||||||
// get needed customer info to reduce the mysql-usage-counter by one
|
// get needed customer info to reduce the mysql-usage-counter by one
|
||||||
$customer = $this->getCustomerData();
|
|
||||||
$mysql_used = $customer['mysqls_used'];
|
$mysql_used = $customer['mysqls_used'];
|
||||||
|
|
||||||
// reduce mysql-usage-counter
|
// reduce mysql-usage-counter
|
||||||
|
|||||||
Reference in New Issue
Block a user