Compare commits
7 Commits
a7e3c54a89
...
c918884a79
| Author | SHA1 | Date | |
|---|---|---|---|
| c918884a79 | |||
| f2383e1c86 | |||
| db377bcc08 | |||
| b7dcbaf290 | |||
| b227cfb2c5 | |||
| b93f4d2e9c | |||
| b088314c38 |
@@ -120,4 +120,13 @@ class API_permissions extends API
|
||||
|
||||
return $access_rights;
|
||||
}
|
||||
|
||||
public function getUserGroupPermissions()
|
||||
{
|
||||
list($query, $types, $params) = $this->buildDynamicQuery('system_user_group_permissions');
|
||||
|
||||
$items = $this->generalGetFunction($query, $types, $params, false, 'userGroupPermissions');
|
||||
|
||||
return ($items);
|
||||
}
|
||||
}
|
||||
@@ -18,4 +18,14 @@ class API_portalsettings extends API
|
||||
$this->apiOutput(200, ['success' => 'portal settings updated successfully.']);
|
||||
}
|
||||
}
|
||||
|
||||
public function getPortalSettings()
|
||||
{
|
||||
|
||||
list($query, $types, $params) = $this->buildDynamicQuery('system_settings');
|
||||
|
||||
$items = $this->generalGetFunction($query, $types, $params, false, 'Settings');
|
||||
|
||||
return ($items);
|
||||
}
|
||||
}
|
||||
@@ -11,6 +11,7 @@ class API_servers extends API
|
||||
{
|
||||
public function getServers($returnBoolean = false)
|
||||
{
|
||||
|
||||
list($query, $types, $params) = $this->buildDynamicQuery('servers');
|
||||
|
||||
$items = $this->generalGetFunction($query, $types, $params, $returnBoolean, 'Server');
|
||||
|
||||
@@ -12,7 +12,7 @@ class API_system_modules extends API
|
||||
{
|
||||
list($query, $types, $params) = $this->buildDynamicQuery('system_modules');
|
||||
|
||||
$items = $this->generalGetFunction($query, $types, $params, $returnBoolean, 'Permission');
|
||||
$items = $this->generalGetFunction($query, $types, $params, $returnBoolean, 'Modules');
|
||||
|
||||
return $items;
|
||||
}
|
||||
|
||||
@@ -6,7 +6,6 @@ session_start();
|
||||
|
||||
require_once $_SERVER['DOCUMENT_ROOT'] . '/api/classes/API_companies.php';
|
||||
|
||||
|
||||
# Check permissions
|
||||
$API_companies = new API_companies();
|
||||
|
||||
|
||||
@@ -7,7 +7,16 @@ require_once $_SERVER['DOCUMENT_ROOT'] . '/api/classes/API_portalsettings.php';
|
||||
|
||||
$API_portalsettings = new API_portalsettings();
|
||||
|
||||
if ($API_portalsettings->request_method === 'PUT') {
|
||||
if ($API_portalsettings->request_method === 'GET') {
|
||||
$API_portalsettings->checkPermissions('admin-portalsettings', 'RO');
|
||||
|
||||
$portalSettings = $API_portalsettings->getPortalSettings();
|
||||
if ($portalSettings !== null) {
|
||||
unset($portalSettings[0]["mail_smtp_pass"]);
|
||||
}
|
||||
|
||||
$API_portalsettings->apiOutput($code = 200, ['success' => $portalSettings]);
|
||||
} elseif ($API_portalsettings->request_method === 'PUT') {
|
||||
|
||||
# Edit the portal settings of the platform
|
||||
|
||||
|
||||
@@ -11,7 +11,11 @@ $API_permissions = new API_permissions();
|
||||
$API_usergroups = new API_usergroups();
|
||||
|
||||
if ($API_permissions->request_method === 'GET') {
|
||||
# to be made, get all the access-rights and implement the builder
|
||||
$API_usergroups->checkPermissions('admin-access-control-permissions', 'RO');
|
||||
|
||||
$permissions = $API_permissions->getUserGroupPermissions();
|
||||
|
||||
$API_permissions->apiOutput($code = 200, ['success' => $permissions]);
|
||||
|
||||
} elseif ($API_permissions->request_method === 'PUT') {
|
||||
# when called from the frontend will not be forwarding to a url since when its called from the frontend it doesnt need a redirection
|
||||
|
||||
@@ -8,16 +8,11 @@ require_once $_SERVER['DOCUMENT_ROOT'] . '/api/classes/API_system_modules.php';
|
||||
$API_system_modules = new API_system_modules();
|
||||
|
||||
if ($API_system_modules->request_method === 'GET') {
|
||||
# this part here is not tested (the whole GET part)
|
||||
$API_system_modules->checkPermissions('admin-modules', 'RO');
|
||||
|
||||
$requiredFields = [];
|
||||
$API_system_modules->validateData($requiredFields);
|
||||
|
||||
$modules = $API_system_modules->getModules();
|
||||
|
||||
$API_system_modules->apiOutput($code = 200, ['success' => $modules], '');
|
||||
|
||||
} elseif ($API_system_modules->request_method === 'PUT') {
|
||||
# Enable or disable a module
|
||||
$API_system_modules->checkPermissions('admin-modules', 'RW');
|
||||
|
||||
@@ -9,24 +9,11 @@ require_once $_SERVER['DOCUMENT_ROOT'] . '/api/classes/API_permissions.php';
|
||||
$API_permissions = new API_permissions();
|
||||
|
||||
if ($API_permissions->request_method === 'GET') {
|
||||
|
||||
# Retrieve all the permissions a user and return them.
|
||||
$API_permissions->checkPermissions('admin-access-control-permissions', 'RO');
|
||||
|
||||
$requiredFields = [];
|
||||
$optionalFields = [
|
||||
'permission_uuid' => ['type' => 'uuid'],
|
||||
'permission_name' => ['type' => 'string'],
|
||||
'permission_slugify' => ['type' => 'slugify'],
|
||||
'permission_description' => ['type' => 'string'],
|
||||
'permission_create_timestamp' => ['type' => 'timestamp'],
|
||||
'permission_modified_timestamp' => ['type' => 'timestamp']
|
||||
];
|
||||
$API_permissions->validateData($requiredFields, $optionalFields);
|
||||
$permissions = $API_permissions->getPermission();
|
||||
|
||||
$API_permissions->apiOutput($code = 200, $permissions, 'permission_retrieved');
|
||||
|
||||
$API_permissions->apiOutput($code = 200, ['success' => $permissions], 'permission_retrieved');
|
||||
} elseif ($API_permissions->request_method === 'POST') {
|
||||
|
||||
# Only superuser can create permission due to fact that the backend needs programming when setting a permission
|
||||
|
||||
@@ -9,9 +9,11 @@ require_once $_SERVER['DOCUMENT_ROOT'] . '/api/classes/API_usergroups.php';
|
||||
$API_usergroups = new API_usergroups();
|
||||
|
||||
if ($API_usergroups->request_method === 'GET') {
|
||||
$API_usergroups->checkPermissions('admin-access-control-user-groups', 'RO');
|
||||
|
||||
# GET a user group(s)
|
||||
$userGroups = $API_usergroups->getUserGroup();
|
||||
|
||||
$API_usergroups->apiOutput($code = 200, ['success' => $userGroups], '');
|
||||
} elseif ($API_usergroups->request_method === 'POST') {
|
||||
|
||||
# Create a new user group
|
||||
|
||||
@@ -8,8 +8,27 @@ require_once $_SERVER['DOCUMENT_ROOT'] . '/api/classes/API_users.php';
|
||||
$API_users = new API_users();
|
||||
|
||||
if ($API_users->request_method === 'GET') {
|
||||
#echo json_encode($api->getAllUsers());
|
||||
$API_users->checkPermissions('admin-access-admins', 'RO');
|
||||
|
||||
$users = $API_users->getUser();
|
||||
|
||||
$removeFields = [
|
||||
'user_profile_picture_thumbnail',
|
||||
'user_password',
|
||||
'user_password_reset_token',
|
||||
'user_two_factor_secret',
|
||||
'user_profile_picture',
|
||||
'user_profile_picture_thumbnail'
|
||||
];
|
||||
|
||||
foreach ($users as &$user) {
|
||||
foreach ($removeFields as $field) {
|
||||
unset($user[$field]);
|
||||
}
|
||||
}
|
||||
unset($user);
|
||||
|
||||
$API_users->apiOutput($code = 200, ['success' => $users], '');
|
||||
|
||||
} elseif ($API_users->request_method === 'POST') {
|
||||
# create a new user
|
||||
|
||||
@@ -13,7 +13,13 @@ if (!$GLOBALS['modules_enabled']['servers']) {
|
||||
exit;
|
||||
}
|
||||
|
||||
if ($API_servers->request_method === 'POST') {
|
||||
if ($API_servers->request_method === 'GET') {
|
||||
$API_servers->checkPermissions('servers', 'RO');
|
||||
|
||||
$servers = $API_servers->getServers();
|
||||
|
||||
$API_servers->apiOutput($code = 200, ['success' => $servers], '');
|
||||
} elseif ($API_servers->request_method === 'POST') {
|
||||
$API_servers->checkPermissions('servers', 'RW');
|
||||
|
||||
$requiredFields = [
|
||||
|
||||
@@ -19,7 +19,7 @@ if ($API_apitoken->request_method === 'GET') {
|
||||
|
||||
$API_apitoken->validateData($requiredFields);
|
||||
|
||||
$API_apitoken->checkTokenPermissions($API_apitoken->data['user_uuid']);
|
||||
$API_apitoken->checkTokenPermissions();
|
||||
|
||||
$apitokens = $API_apitoken->getTokens();
|
||||
|
||||
|
||||
@@ -3,3 +3,8 @@ UPDATE `sentri`.`system_permissions` SET `permission_name`='office-stompjes-cans
|
||||
UPDATE `sentri`.`system_permissions` SET `permission_name`='office-stompjes' WHERE `permission_uuid`='11abc93d-c265-11f0-95da-7e99ed98b725';
|
||||
UPDATE `sentri`.`system_permissions` SET `permission_slugify`='office-stompjes' WHERE `permission_uuid`='11abc93d-c265-11f0-95da-7e99ed98b725';
|
||||
UPDATE `sentri`.`system_permissions` SET `permission_slugify`='office-stompjes-canstomp' WHERE `permission_uuid`='5f284b11-de7c-11f0-9d57-00155d00153f';
|
||||
UPDATE `sentri`.`system_permissions` SET `permission_description`='Users with read-write (RW) permissions can stomp other users content but cannot delete stomps. Read-only (RO) permissions have no effect.' WHERE `permission_uuid`='5f284b11-de7c-11f0-9d57-00155d00153f';
|
||||
UPDATE `sentri`.`system_permissions` SET `permission_description`='Grants access to modify the mail settings. It is advisable to restrict this permission to only the highest-level administrators.' WHERE `permission_uuid`='7588d486-3100-11f0-9300-7e99ed98b725';
|
||||
UPDATE `sentri`.`system_permissions` SET `permission_description`='Grants access to modify the global settings. It is advisable to restrict this permission to only the highest-level administrators.' WHERE `permission_uuid`='1d018159-3109-11f0-9300-7e99ed98b725';
|
||||
UPDATE `sentri`.`system_permissions` SET `permission_description`='Grants access to manage groups. Read/Write (RW) access allows users to create, modify, and delete groups. Read-Only (RO) access permits viewing groups without making changes.' WHERE `permission_uuid`='32541357-3814-11f0-9300-7e99ed98b725';
|
||||
UPDATE `sentri`.`system_permissions` SET `permission_description`='superuser can create or delete permissions, regardless of a group's Read-Write (RW) access. While RW access allows a group to modify all existing permissions, it does not permit the creation or deletion of them. Use caution when assigning RW access only the highest-level administrative group should be granted this permission, as it effectively provides control over the entire portal.' WHERE `permission_uuid`='32541357-3814-11f0-9300-7e99ed98b725';
|
||||
|
||||
Reference in New Issue
Block a user