dbxe
/
fusionpbx
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

- Update call block permissions 

The call_block_all permission was pulling double duty. 
- Changed the code to use call_block_all only for SHOW ALL to call block across all domains.
- Permission call_block_extension will be used instead for the purpose of showing the extension list. 
- If someone doesn't call_block_permission then their assigned extensions will be use with each call block item they add.
This commit is contained in:
FusionPBX 2024-07-18 17:13:22 -06:00 committed by GitHub
parent dcf1f9d17c
commit 8beecfbb89
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 14 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
app/call_block/app_config.php
View File

@ -5,7 +5,7 @@
$apps[$x]['uuid'] = "9ed63276-e085-4897-839c-4f2e36d92d6c";
$apps[$x]['category'] = "Switch";
$apps[$x]['subcategory'] = "";
$apps[$x]['version'] = "1.0";
$apps[$x]['version'] = "1.1";
$apps[$x]['license'] = "Mozilla Public License 1.1";
$apps[$x]['url'] = "http://www.fusionpbx.com";
$apps[$x]['description']['en-us'] = "A tool to block incoming numbers.";
@ -73,7 +73,6 @@
$y++;
$apps[$x]['permissions'][$y]['name'] = "call_block_all";
$apps[$x]['permissions'][$y]['groups'][] = "superadmin";
$apps[$x]['permissions'][$y]['groups'][] = "admin";
$y++;
$apps[$x]['permissions'][$y]['name'] = "call_block_extension";
$apps[$x]['permissions'][$y]['groups'][] = "superadmin";
@ -202,4 +201,4 @@
$apps[$x]['db'][$y]['fields'][$z]['type']['mysql'] = "char(36)";
$apps[$x]['db'][$y]['fields'][$z]['description']['en-us'] = "";
?>
?>

9
app/call_block/call_block.php
View File

@ -103,8 +103,7 @@
$sql = "select count(*) from view_call_block ";
$sql .= "where true ";
if ($show == "all" && permission_exists('call_block_all')) {
//$sql .= "and (domain_uuid = :domain_uuid or domain_uuid is null) ";
//$parameters['domain_uuid'] = $_SESSION['domain_uuid'];
//show all records across all domains
}
else {
$sql .= "and ( ";
@ -115,7 +114,7 @@
$sql .= ") ";
$parameters['domain_uuid'] = $_SESSION['domain_uuid'];
}
if (!permission_exists('call_block_all') && !empty($_SESSION['user']['extension'])) {
if (!permission_exists('call_block_extension') && !empty($_SESSION['user']['extension'])) {
$sql .= "and extension_uuid in (";
$x = 0;
foreach ($_SESSION['user']['extension'] as $field) {
@ -181,7 +180,7 @@
$sql .= ") ";
$parameters['domain_uuid'] = $_SESSION['domain_uuid'];
}
if (!permission_exists('call_block_all') && !empty($_SESSION['user']['extension']) && count($_SESSION['user']['extension']) > 0) {
if (!permission_exists('call_block_extension') && !empty($_SESSION['user']['extension']) && count($_SESSION['user']['extension']) > 0) {
$sql .= "and extension_uuid in (";
$x = 0;
foreach ($_SESSION['user']['extension'] as $field) {
@ -403,4 +402,4 @@
//include the footer
require_once "resources/footer.php";
?>
?>

12
app/call_block/call_block_edit.php
View File

@ -75,7 +75,7 @@
$action_array = explode(':', $_POST["call_block_action"]);
$call_block_app = $action_array[0];
$call_block_data = $action_array[1] ?? null;
//sanitize the data
$extension_uuid = preg_replace("#[^a-fA-F0-9./]#", "", $extension_uuid);
$call_block_country_code = preg_replace('#[^0-9./]#', '', $call_block_country_code ?? '');
@ -176,7 +176,7 @@
}
//if user doesn't have call block all then use the assigned extension_uuid
if (!permission_exists('call_block_all')) {
if (!permission_exists('call_block_extension')) {
$extension_uuid = $_SESSION['user']['extension'][0]['extension_uuid'];
}
@ -422,7 +422,7 @@ if (permission_exists('call_block_all') || permission_exists('call_block_ring_gr
echo "</td>\n";
echo "</tr>\n";
if (permission_exists('call_block_all')) {
if (permission_exists('call_block_extension')) {
echo "<tr>\n";
echo "<td width='30%' class='vncell' valign='top' align='left' nowrap='nowrap'>\n";
echo " ".$text['label-extension']."\n";
@ -612,7 +612,7 @@ if (permission_exists('call_block_all') || permission_exists('call_block_ring_gr
if (empty($_REQUEST["id"])) {
//without block all permission, limit to assigned extension(s)
if (!permission_exists('call_block_all') && !empty($_SESSION['user']['extension'])) {
if (!permission_exists('call_block_extension') && !empty($_SESSION['user']['extension'])) {
foreach ($_SESSION['user']['extension'] as $assigned_extension) {
$assigned_extensions[$assigned_extension['extension_uuid']] = $assigned_extension['user'];
}
@ -658,7 +658,7 @@ if (permission_exists('call_block_all') || permission_exists('call_block_ring_gr
echo button::create(['type'=>'button','id'=>'action_bar_sub_button_back','label'=>$text['button-back'],'icon'=>$_SESSION['theme']['button_icon_back'],'collapse'=>'hide-xs','style'=>'display: none;','link'=>'call_block.php']);
if ($result) {
$select_margin = 'margin-left: 15px;';
if (permission_exists('call_block_all')) {
if (permission_exists('call_block_extension')) {
echo "<select class='formfld' style='".$select_margin."' name='extension_uuid'>\n";
echo " <option value='' disabled='disabled'>".$text['label-extension']."</option>\n";
echo " <option value='' selected='selected'>".$text['label-all']."</option>\n";
@ -812,4 +812,4 @@ if (permission_exists('call_block_all') || permission_exists('call_block_ring_gr
//include the footer
require_once "resources/footer.php";
?>
?>

4
app/call_block/resources/classes/call_block.php
View File

@ -317,7 +317,7 @@ if (!class_exists('call_block')) {
foreach ($rows as $x => $row) {
//build insert array
if (permission_exists('call_block_all')) {
if (permission_exists('call_block_extension')) {
$array['call_block'][$x]['call_block_uuid'] = uuid();
$array['call_block'][$x]['domain_uuid'] = $_SESSION['domain_uuid'];
$array['call_block'][$x]['call_block_direction'] = $this->call_block_direction;
@ -431,4 +431,4 @@ if (!class_exists('call_block')) {
} //class
}
?>
?>