tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Ultimas modificaciones 

Former-commit-id: fb7686f1f75c0d033c40d866d777d10f993a9e36
This commit is contained in:
marcos.alconada 2019-04-24 12:01:04 +02:00
parent 2bafba0764
commit 062a68fdaf
2 changed files with 38 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
pandora_console/include/api.php
View File

@ -37,16 +37,10 @@ $api_password = get_parameter('apipass', '');
$password = get_parameter('pass', ''); $password = get_parameter('pass', '');
$user = get_parameter('user', ''); $user = get_parameter('user', '');
$info = get_parameter('info', ''); $info = get_parameter('info', '');
$user_db = get_parameter('user_db', '');
$other = parseOtherParameter($otherSerialize, $otherMode); $other = parseOtherParameter($otherSerialize, $otherMode);
$group_db = get_parameter('group_db', '');
$disable = get_parameter('disable', '');
$id_up = get_parameter('id_up', '');
$id_profile = get_parameter('id_profile', '');
$apiPassword = io_output_password(db_get_value_filter('value', 'tconfig', ['token' => 'api_password'])); $apiPassword = io_output_password(db_get_value_filter('value', 'tconfig', ['token' => 'api_password']));
$correctLogin = false; $correctLogin = false;
$user_in_db = null;
$no_login_msg = ''; $no_login_msg = '';
// Clean unwanted output // Clean unwanted output
@ -151,7 +145,7 @@ if ($correctLogin) {
} }
break; break;
case 'delete_user_profiles': case 'delete_user_permission':
if ($user_db === '') { if ($user_db === '') {
returnError(__('User or group not specified'), __('User, group not specified')); returnError(__('User or group not specified'), __('User, group not specified'));

60
pandora_console/include/functions_api.php
View File

@ -14732,13 +14732,12 @@ function api_set_reset_agent_counts($id, $thrash1, $thrash2, $thrash3)
/** /**
* Functions por get all user to new feature for Carrefour * Functions por get all user to new feature for Carrefour
* It depends of type the method will return csv or json data * It depends of returnType, the method will return csv or json data
* *
* @param string $thrash1 don't use * @param string $thrash1 don't use
* @param string $thrash2 don't use * @param string $thrash2 don't use
* @param string $returnType * @param array $other don't use
* @param other don't use * *@param string $returnType
*
* Example: * Example:
* api.php?op=get&op2=list_all_user&return_type=json&apipass=1234&user=admin&pass=pandora * api.php?op=get&op2=list_all_user&return_type=json&apipass=1234&user=admin&pass=pandora
* @return * @return
@ -14808,13 +14807,12 @@ function api_get_list_all_user($thrash1, $thrash2, $other, $returnType)
/** /**
* Funtion for get all info user to new feature for Carrefour * Funtion for get all info user to new feature for Carrefour
* It depends of type the method will return csv or json data * It depends of returnType, the method will return csv or json data
* *
* @param string $thrash1 don't use * @param string $thrash1 don't use
* @param string $thrash2 don't use * @param string $thrash2 don't use
* @param string $returnType
* @param array $other other[0] = user database * @param array $other other[0] = user database
* * @param string $returnType
* Example * Example
* api.php?op=get&op2=info_user_name&return_type=json&other=admin&other_mode=url_encode_separator_|&apipass=1234&user=admin&pass=pandora * api.php?op=get&op2=info_user_name&return_type=json&other=admin&other_mode=url_encode_separator_|&apipass=1234&user=admin&pass=pandora
* *
@ -14883,15 +14881,14 @@ function api_get_info_user_name($thrash1, $thrash2, $other, $returnType)
/** /**
* Function for get user from a group to new feature for Carrefour. * Function for get user from a group to new feature for Carrefour.
* It depends of type the method will return csv or json data. * It depends of returnType, the method will return csv or json data.
* *
* @param string $thrash1 don't use * @param string $thrash1 don't use
* @param string $thrash2 don't use * @param string $thrash2 don't use
* @param string $returnType
* @param array $other * @param array $other
* $other[0] = id group * $other[0] = id group
* $other[1] = is disabled or not * $other[1] = is disabled or not
* * @param string $returnType
* Example * Example
* api.php?op=get&op2=filter_user_group&return_type=json&other=0|0&other_mode=url_encode_separator_|&apipass=1234&user=admin&pass=pandora * api.php?op=get&op2=filter_user_group&return_type=json&other=0|0&other_mode=url_encode_separator_|&apipass=1234&user=admin&pass=pandora
* *
@ -14970,24 +14967,22 @@ function api_get_filter_user_group($thrash1, $thrash2, $other, $returnType)
/** /**
* Function for delete an user profile for Carrefour new feature * Function for delete an user permission for Carrefour new feature
* The return of this function its only a message * The return of this function its only a message
* *
* @param string $thrash1 don't use * @param string $thrash1 don't use
* @param string $thrash2 don't use * @param string $thrash2 don't use
* @param string $returnType
* @param array $other * @param array $other
* $other[0] = id user * $other[0] = id up
* other[1] = id from tusuario_perfil table (optional) * @param string $returnType
*
* Example * Example
* api.php?op=set&op2=delete_user_profiles&return_type=json&other=usuario|2&other_mode=url_encode_separator_|&apipass=1234&user=admin&pass=pandora * api.php?op=set&op2=delete_user_permission&return_type=json&other=user|2&other_mode=url_encode_separator_|&apipass=1234&user=admin&pass=pandora
* *
* @return void * @return void
*/ */
function api_set_delete_user_profiles($thrash1, $thrash2, $other, $returnType) function api_set_delete_user_permission($thrash1, $thrash2, $other, $returnType)
{ {
global $config; global $config;
@ -14996,15 +14991,13 @@ function api_set_delete_user_profiles($thrash1, $thrash2, $other, $returnType)
return; return;
} }
if ($other['data'][1] == '' || $other['data'][1] == 0) { if ($other['data'][0] != '') {
$values = [ $values = [
'id_usuario' => io_safe_output($other['data'][0]), 'id_up' => io_safe_output($other['data'][0]),
]; ];
} else { } else {
$values = [ returnError('Error_delete', __('User profile could not be deleted.'));
'id_usuario' => io_safe_output($other['data'][0]), return;
'id_up' => io_safe_output($other['data'][1]),
];
} }
$deleted_permission = db_process_sql_delete('tusuario_perfil', $values); $deleted_permission = db_process_sql_delete('tusuario_perfil', $values);
@ -15025,16 +15018,16 @@ function api_set_delete_user_profiles($thrash1, $thrash2, $other, $returnType)
/** /**
* Function for add permission a user to a group for Carrefour new feature * Function for add permission a user to a group for Carrefour new feature
* It depends of type the method will return csv or json data * It depends of returnType, the method will return csv or json data
* *
* @param string $thrash1 don't use * @param string $thrash1 don't use
* @param string $thrash2 don't use * @param string $thrash2 don't use
* @param string $returnType * @param array $other other[0] = user database
* @param array $other other[0] = user database, other[1] = id group * other[1] = id group
* other[2] = id profile * other[2] = id profile
* other [3] = no_hierarchy (if empty = 0) * other[3] = no_hierarchy ( 0 or 1, if empty = 0)
* other[4] = id from tusuario_perfil table (optional) * other[4] = id from tusuario_perfil table (optional)
* * * @param string $returnType
* Example * Example
* api.php?op=set&op2=add_permission_user_to_group&return_type=json&other=admin|0|1|1|20&other_mode=url_encode_separator_|&apipass=1234&user=admin&pass=pandora * api.php?op=set&op2=add_permission_user_to_group&return_type=json&other=admin|0|1|1|20&other_mode=url_encode_separator_|&apipass=1234&user=admin&pass=pandora
* *
@ -15057,6 +15050,15 @@ function api_set_add_permission_user_to_group($thrash1, $thrash2, $other, $retur
$exist_profile = db_get_value_sql($sql); $exist_profile = db_get_value_sql($sql);
if ($other['data'][3] < 0 || $other['data'][3] > 1) {
returnError('Error_insert', __('User profile could not be available.'));
return;
}
if ($other['data'][3] == null) {
$other['data'][3] = 0;
}
$values = [ $values = [
'id_usuario' => $other['data'][0], 'id_usuario' => $other['data'][0],
'id_perfil' => $other['data'][2], 'id_perfil' => $other['data'][2],
@ -15072,7 +15074,7 @@ function api_set_add_permission_user_to_group($thrash1, $thrash2, $other, $retur
if ($exist_profile === $other['data'][4] && $where_id_up !== null) { if ($exist_profile === $other['data'][4] && $where_id_up !== null) {
$sucessfull_insert = db_process_sql_update('tusuario_perfil', $values, $where_id_up); $sucessfull_insert = db_process_sql_update('tusuario_perfil', $values, $where_id_up);
} else { } else {
$sucessfull_insert = db_process_sql_insert('tusuario_perfil', $values); $sucessfull_insert = db_process_sql_intypesert('tusuario_perfil', $values);
} }
if ($sucessfull_insert == false) { if ($sucessfull_insert == false) {