dsfdsf
This commit is contained in:
@@ -1325,7 +1325,7 @@ class ApiKernel
|
||||
|
||||
private function handleAccountProfileGet(): void
|
||||
{
|
||||
$user = $this->authService->requireAuth();
|
||||
$user = $this->ensureAuthUserHydrated($this->authService->requireAuth());
|
||||
$customerId = (int)($user['customer_id'] ?? 0);
|
||||
$settings = $customerId ? $this->ensureSettingsTokens($customerId, $this->getCustomerSettings($customerId)) : [];
|
||||
$this->respond([
|
||||
@@ -2016,6 +2016,59 @@ class ApiKernel
|
||||
];
|
||||
}
|
||||
|
||||
private function ensureAuthUserHydrated(array $user): array
|
||||
{
|
||||
$role = (string)($user['role'] ?? '');
|
||||
$hasOwnerFlag = isset($user['permissions']['owner']);
|
||||
if ($role !== '' && $hasOwnerFlag) {
|
||||
return $user;
|
||||
}
|
||||
$userId = (int)($user['id'] ?? 0);
|
||||
if ($userId <= 0 || !$this->pdo) {
|
||||
if ($role === '') $user['role'] = 'user';
|
||||
if (!$hasOwnerFlag) {
|
||||
$user['permissions']['owner'] = ($user['role'] ?? '') === 'owner';
|
||||
}
|
||||
return $user;
|
||||
}
|
||||
|
||||
try {
|
||||
$cols = $this->authUserColumns();
|
||||
$table = $cols['table'];
|
||||
$dbCols = $this->tableColumns($table);
|
||||
$where = sprintf('`%s` = :id', $cols['col_id']);
|
||||
$params = [':id' => $userId];
|
||||
$customerId = (int)($user['customer_id'] ?? 0);
|
||||
if ($customerId > 0 && $this->columnExists($dbCols, $cols['col_customer'])) {
|
||||
$where .= sprintf(' AND `%s` = :cid', $cols['col_customer']);
|
||||
$params[':cid'] = $customerId;
|
||||
}
|
||||
$sql = sprintf('SELECT `%s` FROM `%s` WHERE %s LIMIT 1', $cols['col_role'], $table, $where);
|
||||
$stmt = $this->pdo->prepare($sql);
|
||||
$stmt->execute($params);
|
||||
$row = $stmt->fetch();
|
||||
if ($row && isset($row[$cols['col_role']])) {
|
||||
$roleValue = $this->sanitizeRole((string)$row[$cols['col_role']]);
|
||||
$user['role'] = $roleValue;
|
||||
$user['permissions']['owner'] = ($roleValue === 'owner');
|
||||
$_SESSION['auth']['role'] = $roleValue;
|
||||
$_SESSION['auth']['permissions']['owner'] = ($roleValue === 'owner');
|
||||
} else {
|
||||
if ($role === '') $user['role'] = 'user';
|
||||
if (!$hasOwnerFlag) {
|
||||
$user['permissions']['owner'] = ($user['role'] ?? '') === 'owner';
|
||||
}
|
||||
}
|
||||
} catch (Throwable $e) {
|
||||
if ($role === '') $user['role'] = 'user';
|
||||
if (!$hasOwnerFlag) {
|
||||
$user['permissions']['owner'] = ($user['role'] ?? '') === 'owner';
|
||||
}
|
||||
}
|
||||
|
||||
return $user;
|
||||
}
|
||||
|
||||
private function columnExists(array $columns, string $name): bool
|
||||
{
|
||||
if ($name === '') return false;
|
||||
|
||||
Reference in New Issue
Block a user