dbxe
/
fusionpbx
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Improve Ring group context handling 

If the user doesn't have the correct permission then keep the ring_group_context  value from the database
This commit is contained in:
FusionPBX 2024-03-30 08:41:39 -06:00 committed by markjcrane
parent 911888e949
commit 088abe4f4c
1 changed files with 68 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
app/ring_groups/ring_group_edit.php
View File

@ -98,38 +98,41 @@
} }
//delete the user from the ring group //delete the user from the ring group
if ( if ((!empty($_GET["a"])) == "delete"
(!empty($_GET["a"])) == "delete"
&& is_uuid($_REQUEST["user_uuid"]) && is_uuid($_REQUEST["user_uuid"])
&& permission_exists("ring_group_edit") && permission_exists("ring_group_edit")) {
) {
//set the variables //set the variables
$user_uuid = $_REQUEST["user_uuid"]; $user_uuid = $_REQUEST["user_uuid"];
//build array //build array
$array['ring_group_users'][0]['domain_uuid'] = $domain_uuid; $array['ring_group_users'][0]['domain_uuid'] = $domain_uuid;
$array['ring_group_users'][0]['ring_group_uuid'] = $ring_group_uuid; $array['ring_group_users'][0]['ring_group_uuid'] = $ring_group_uuid;
$array['ring_group_users'][0]['user_uuid'] = $user_uuid; $array['ring_group_users'][0]['user_uuid'] = $user_uuid;
//grant temporary permissions //grant temporary permissions
$p = new permissions; $p = new permissions;
$p->add('ring_group_user_delete', 'temp'); $p->add('ring_group_user_delete', 'temp');
//execute delete //execute delete
$database = new database; $database = new database;
$database->app_name = 'ring_groups'; $database->app_name = 'ring_groups';
$database->app_uuid = '1d61fb65-1eec-bc73-a6ee-a6203b4fe6f2'; $database->app_uuid = '1d61fb65-1eec-bc73-a6ee-a6203b4fe6f2';
$database->delete($array); $database->delete($array);
unset($array); unset($array);
//revoke temporary permissions //revoke temporary permissions
$p->delete('ring_group_user_delete', 'temp'); $p->delete('ring_group_user_delete', 'temp');
//save the message to a session variable //save the message to a session variable
message::add($text['message-delete']); message::add($text['message-delete']);
//redirect the browser //redirect the browser
header("Location: ring_group_edit.php?id=$ring_group_uuid"); header("Location: ring_group_edit.php?id=$ring_group_uuid");
exit; exit;
} }
//get total ring group count from the database, check limit, if defined //get total ring group count from the database, check limit, if defined
if ($action == 'add') { if ($action == 'add' && $_SESSION['limit']['ring_groups']['numeric'] ?? '') {
if ($_SESSION['limit']['ring_groups']['numeric'] ?? '') {
$sql = "select count(*) from v_ring_groups "; $sql = "select count(*) from v_ring_groups ";
$sql .= "where domain_uuid = :domain_uuid "; $sql .= "where domain_uuid = :domain_uuid ";
$parameters['domain_uuid'] = $domain_uuid; $parameters['domain_uuid'] = $domain_uuid;
@ -143,7 +146,6 @@
exit; exit;
} }
} }
}
//get http post variables and set them to php variables //get http post variables and set them to php variables
if (count($_POST) > 0) { if (count($_POST) > 0) {
@ -215,30 +217,55 @@
$ring_group_context = $_SESSION['domain_name']; $ring_group_context = $_SESSION['domain_name'];
} }
//if the user doesn't have the correct permission then
//override domain_uuid and ring_group_context values
if ($action == 'update' && is_uuid($ring_group_uuid)) {
$sql = "select * from v_ring_groups ";
$sql .= "where ring_group_uuid = :ring_group_uuid ";
$parameters['ring_group_uuid'] = $ring_group_uuid;
$database = new database;
$row = $database->select($sql, $parameters, 'row');
if (!empty($row)) {
//if (!permission_exists(ring_group_domain')) {
// $domain_uuid = $row["domain_uuid"];
//}
if (!permission_exists('ring_group_context')) {
$ring_group_context = $row["ring_group_context"];
}
}
unset($sql, $parameters, $row);
}
} }
//assign the user to the ring group //assign the user to the ring group
if (!empty($_REQUEST["user_uuid"]) && is_uuid($_REQUEST["id"]) && $_GET["a"] != "delete" && permission_exists("ring_group_edit")) { if (!empty($_REQUEST["user_uuid"]) && is_uuid($_REQUEST["id"]) && $_GET["a"] != "delete" && permission_exists("ring_group_edit")) {
//set the variables //set the variables
$user_uuid = $_REQUEST["user_uuid"]; $user_uuid = $_REQUEST["user_uuid"];
//build array //build array
$array['ring_group_users'][0]['ring_group_user_uuid'] = uuid(); $array['ring_group_users'][0]['ring_group_user_uuid'] = uuid();
$array['ring_group_users'][0]['domain_uuid'] = $domain_uuid; $array['ring_group_users'][0]['domain_uuid'] = $domain_uuid;
$array['ring_group_users'][0]['ring_group_uuid'] = $ring_group_uuid; $array['ring_group_users'][0]['ring_group_uuid'] = $ring_group_uuid;
$array['ring_group_users'][0]['user_uuid'] = $user_uuid; $array['ring_group_users'][0]['user_uuid'] = $user_uuid;
//grant temporary permissions //grant temporary permissions
$p = new permissions; $p = new permissions;
$p->add('ring_group_user_add', 'temp'); $p->add('ring_group_user_add', 'temp');
//execute delete //execute delete
$database = new database; $database = new database;
$database->app_name = 'ring_groups'; $database->app_name = 'ring_groups';
$database->app_uuid = '1d61fb65-1eec-bc73-a6ee-a6203b4fe6f2'; $database->app_uuid = '1d61fb65-1eec-bc73-a6ee-a6203b4fe6f2';
$database->save($array); $database->save($array);
unset($array); unset($array);
//revoke temporary permissions //revoke temporary permissions
$p->delete('ring_group_user_add', 'temp'); $p->delete('ring_group_user_add', 'temp');
//set message //set message
message::add($text['message-add']); message::add($text['message-add']);
//redirect the browser //redirect the browser
header("Location: ring_group_edit.php?id=".urlencode($ring_group_uuid)); header("Location: ring_group_edit.php?id=".urlencode($ring_group_uuid));
exit; exit;