From 4e9afd3e6bc8ca16078c3a1adb5900bc48e90a0f Mon Sep 17 00:00:00 2001 From: wrongecho Date: Wed, 2 Oct 2024 08:32:42 +0100 Subject: [PATCH 1/2] Certificates - perms and model Move certificates to the new permissions system Deduplicate add/edit using a model --- post/user/certificate.php | 32 ++++++++------------------------ 1 file changed, 8 insertions(+), 24 deletions(-) diff --git a/post/user/certificate.php b/post/user/certificate.php index a177974b5..732aaca20 100644 --- a/post/user/certificate.php +++ b/post/user/certificate.php @@ -6,17 +6,9 @@ if (isset($_POST['add_certificate'])) { - validateTechRole(); + enforceUserPermission('module_support', 2); - $client_id = intval($_POST['client_id']); - $name = sanitizeInput($_POST['name']); - $description = sanitizeInput($_POST['description']); - $domain = sanitizeInput($_POST['domain']); - $issued_by = sanitizeInput($_POST['issued_by']); - $expire = sanitizeInput($_POST['expire']); - $public_key = sanitizeInput($_POST['public_key']); - $notes = sanitizeInput($_POST['notes']); - $domain_id = intval($_POST['domain_id']); + require_once 'post/user/certificate_model.php'; // Parse public key data for a manually provided public key if (!empty($public_key) && (empty($expire) && empty($issued_by))) { @@ -49,18 +41,10 @@ if (isset($_POST['edit_certificate'])) { - validateTechRole(); + enforceUserPermission('module_support', 2); + require_once 'post/user/certificate_model.php'; $certificate_id = intval($_POST['certificate_id']); - $name = sanitizeInput($_POST['name']); - $description = sanitizeInput($_POST['description']); - $domain = sanitizeInput($_POST['domain']); - $issued_by = sanitizeInput($_POST['issued_by']); - $expire = sanitizeInput($_POST['expire']); - $public_key = sanitizeInput($_POST['public_key']); - $notes = sanitizeInput($_POST['notes']); - $domain_id = intval($_POST['domain_id']); - $client_id = intval($_POST['client_id']); // Parse public key data for a manually provided public key if (!empty($public_key) && (empty($expire) && empty($issued_by))) { @@ -91,7 +75,7 @@ if (isset($_GET['archive_certificate'])) { - validateTechRole(); + enforceUserPermission('module_support', 2); $certificate_id = intval($_GET['archive_certificate']); @@ -115,7 +99,7 @@ if (isset($_GET['delete_certificate'])) { - validateAdminRole(); + enforceUserPermission('module_support', 3); $certificate_id = intval($_GET['delete_certificate']); @@ -138,7 +122,7 @@ } if (isset($_POST['bulk_delete_certificates'])) { - validateAdminRole(); + enforceUserPermission('module_support', 3); validateCSRFToken($_POST['csrf_token']); $count = 0; // Default 0 @@ -169,7 +153,7 @@ if (isset($_POST['export_client_certificates_csv'])) { - validateTechRole(); + enforceUserPermission('module_support'); $client_id = intval($_POST['client_id']); From 4a625183fb21edcbf96f22c28e7109cf57f8bf0c Mon Sep 17 00:00:00 2001 From: wrongecho Date: Wed, 2 Oct 2024 11:26:58 +0100 Subject: [PATCH 2/2] Certificates - perms and model Move certificates to the new permissions system Deduplicate add/edit using a model --- post/user/certificate_model.php | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 post/user/certificate_model.php diff --git a/post/user/certificate_model.php b/post/user/certificate_model.php new file mode 100644 index 000000000..2fc171eca --- /dev/null +++ b/post/user/certificate_model.php @@ -0,0 +1,10 @@ +