diff --git a/pub/api/classes/API.php b/pub/api/classes/API.php index d679d60..a98e9c3 100644 --- a/pub/api/classes/API.php +++ b/pub/api/classes/API.php @@ -39,6 +39,9 @@ class API private $requiredFields = []; private $optionalFields = []; + # Used for the query builder base + public $baseQuery = false; + public function __construct() { # Setup Database connection @@ -222,13 +225,11 @@ class API $field = $builder['where'][0]; $value = $builder['where'][1]; - // Check if the field is allowed (in required or optional) $rules = $requiredFields[$field] ?? $optionalFields[$field] ?? null; if (!$rules) { $this->apiOutput(403, ['error' => "Field not allowed in query: $field"]); } - // Validate and sanitize if (!$this->validateField($value, $rules)) { $this->apiOutput(422, ['error' => "Invalid value for builder field: $field"]); } @@ -682,13 +683,16 @@ class API protected function buildDynamicQuery(string $tableName): array { - $baseQuery = "SELECT * FROM " . $tableName; + if (!$this->baseQuery) { + $this->baseQuery = "SELECT * FROM " . $tableName; + } + $whereClauses = []; $types = ''; $values = []; if (!isset($_GET['builder']) || !is_array($_GET['builder'])) { - return [$baseQuery, $types, $values]; + return [$this->baseQuery, $types, $values]; } foreach ($_GET['builder'] as $builder) { @@ -705,10 +709,10 @@ class API } if (!empty($whereClauses)) { - $baseQuery .= " WHERE " . implode(" AND ", $whereClauses); + $this->baseQuery .= " WHERE " . implode(" AND ", $whereClauses); } - return [$baseQuery, $types, $values]; + return [$this->baseQuery, $types, $values]; } protected function generalGetFunction($query, $types, $params, $returnBoolean, $itemName) diff --git a/pub/bin/pages/servers/pageServerOverview_view.php b/pub/bin/pages/servers/pageServerOverview_view.php index 2c40a05..ec17aba 100644 --- a/pub/bin/pages/servers/pageServerOverview_view.php +++ b/pub/bin/pages/servers/pageServerOverview_view.php @@ -28,16 +28,11 @@ $jsScriptLoadData['multiFilterSelectServers'] = true; # Retrieve Information for the page if (!isset($_GET['del'])) { - $query = "SELECT * FROM servers LEFT JOIN companies ON companies.company_uuid = servers.company_uuid WHERE servers.server_state != 'deleted' ORDER BY server_vm_host_name"; -} else { - $query = "SELECT * FROM servers LEFT JOIN companies ON companies.company_uuid = servers.company_uuid ORDER BY server_vm_host_name"; -} - -$stmt = $GLOBALS['conn']->query($query); -$servers = []; -while ($row = $stmt->fetch_assoc()) { - array_push($servers, $row); -} + if ($GLOBALS['modules_enabled']['customers']) { + $API_servers->baseQuery = "SELECT * FROM servers LEFT JOIN companies ON companies.company_uuid = servers.company_uuid WHERE servers.server_state != 'deleted'"; + } else { + $API_servers->baseQuery = "SELECT * FROM servers WHERE servers.server_state != 'deleted'"; + } $allBackupTypes = []; $allLicenseTypes = []; @@ -94,23 +89,12 @@ if (isset($_COOKIE['serverTableColumns'])) { $showColumns[$CheckedColumn] = true; } } else { - $showColumns['server_hostname'] = true; - $showColumns['company_name'] = true; - $showColumns['server_os'] = true; - $showColumns['server_cpu'] = true; - $showColumns['server_memory'] = true; - $showColumns['server_memory_demand'] = true; - $showColumns['server_disks'] = true; - $showColumns['server_state'] = true; -} - - -function cleanNumber($num) -{ - // If integer value, return without formatting - if (floor($num) == $num) { - return (string)$num; + if ($GLOBALS['modules_enabled']['customers']) { + $API_servers->baseQuery = "SELECT * FROM servers LEFT JOIN companies ON companies.company_uuid = servers.company_uuid"; + } else { + $API_servers->baseQuery = "SELECT * FROM servers"; } +} // Otherwise return trimmed float return rtrim(rtrim(number_format($num, 10, '.', ''), '0'), '.');