dsfdsf
This commit is contained in:
@@ -1325,7 +1325,7 @@ class ApiKernel
|
|||||||
|
|
||||||
private function handleAccountProfileGet(): void
|
private function handleAccountProfileGet(): void
|
||||||
{
|
{
|
||||||
$user = $this->authService->requireAuth();
|
$user = $this->ensureAuthUserHydrated($this->authService->requireAuth());
|
||||||
$customerId = (int)($user['customer_id'] ?? 0);
|
$customerId = (int)($user['customer_id'] ?? 0);
|
||||||
$settings = $customerId ? $this->ensureSettingsTokens($customerId, $this->getCustomerSettings($customerId)) : [];
|
$settings = $customerId ? $this->ensureSettingsTokens($customerId, $this->getCustomerSettings($customerId)) : [];
|
||||||
$this->respond([
|
$this->respond([
|
||||||
@@ -2016,6 +2016,59 @@ class ApiKernel
|
|||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private function ensureAuthUserHydrated(array $user): array
|
||||||
|
{
|
||||||
|
$role = (string)($user['role'] ?? '');
|
||||||
|
$hasOwnerFlag = isset($user['permissions']['owner']);
|
||||||
|
if ($role !== '' && $hasOwnerFlag) {
|
||||||
|
return $user;
|
||||||
|
}
|
||||||
|
$userId = (int)($user['id'] ?? 0);
|
||||||
|
if ($userId <= 0 || !$this->pdo) {
|
||||||
|
if ($role === '') $user['role'] = 'user';
|
||||||
|
if (!$hasOwnerFlag) {
|
||||||
|
$user['permissions']['owner'] = ($user['role'] ?? '') === 'owner';
|
||||||
|
}
|
||||||
|
return $user;
|
||||||
|
}
|
||||||
|
|
||||||
|
try {
|
||||||
|
$cols = $this->authUserColumns();
|
||||||
|
$table = $cols['table'];
|
||||||
|
$dbCols = $this->tableColumns($table);
|
||||||
|
$where = sprintf('`%s` = :id', $cols['col_id']);
|
||||||
|
$params = [':id' => $userId];
|
||||||
|
$customerId = (int)($user['customer_id'] ?? 0);
|
||||||
|
if ($customerId > 0 && $this->columnExists($dbCols, $cols['col_customer'])) {
|
||||||
|
$where .= sprintf(' AND `%s` = :cid', $cols['col_customer']);
|
||||||
|
$params[':cid'] = $customerId;
|
||||||
|
}
|
||||||
|
$sql = sprintf('SELECT `%s` FROM `%s` WHERE %s LIMIT 1', $cols['col_role'], $table, $where);
|
||||||
|
$stmt = $this->pdo->prepare($sql);
|
||||||
|
$stmt->execute($params);
|
||||||
|
$row = $stmt->fetch();
|
||||||
|
if ($row && isset($row[$cols['col_role']])) {
|
||||||
|
$roleValue = $this->sanitizeRole((string)$row[$cols['col_role']]);
|
||||||
|
$user['role'] = $roleValue;
|
||||||
|
$user['permissions']['owner'] = ($roleValue === 'owner');
|
||||||
|
$_SESSION['auth']['role'] = $roleValue;
|
||||||
|
$_SESSION['auth']['permissions']['owner'] = ($roleValue === 'owner');
|
||||||
|
} else {
|
||||||
|
if ($role === '') $user['role'] = 'user';
|
||||||
|
if (!$hasOwnerFlag) {
|
||||||
|
$user['permissions']['owner'] = ($user['role'] ?? '') === 'owner';
|
||||||
|
}
|
||||||
|
}
|
||||||
|
} catch (Throwable $e) {
|
||||||
|
if ($role === '') $user['role'] = 'user';
|
||||||
|
if (!$hasOwnerFlag) {
|
||||||
|
$user['permissions']['owner'] = ($user['role'] ?? '') === 'owner';
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return $user;
|
||||||
|
}
|
||||||
|
|
||||||
private function columnExists(array $columns, string $name): bool
|
private function columnExists(array $columns, string $name): bool
|
||||||
{
|
{
|
||||||
if ($name === '') return false;
|
if ($name === '') return false;
|
||||||
|
|||||||
Reference in New Issue
Block a user