search

OpenXE-org / OpenXE

OpenXE - Free Open Source ERP based on Xentral
Other
53 stars 26 forks source link

API permissions #36

Closed OpenXE-ERP closed 10 months ago

OpenXE-ERP commented 1 year ago

Fill table api_permissions (empty right now) for use of api.

Reverse engineer permission key entries from API.

creatronics-de commented 11 months ago

It would work but with current implementations of MariaDB, it can't. Why? in class.mysql.php in UpdateArr (and in other funktions, too), the key column is sent to the server without quotes. just change $sqla[] = $key." = '".($escape?$this->real_escape_string($value):$value)."' "; to $sqla[] = "`".$key."` = '".($escape?$this->real_escape_string($value):$value)."' "; and the data could be created.

In my case, i temporarily added

$this->fillApiPermissions(); within the __construct function and called any api function like /www/index.php?module=api&action=AuftragCreate&hash=f49831bc9cdc97aedaf2ea83655967&id=&api_id=1

et voila, the table is filled with data.

here the inserts: `/ -- Query: SELECT FROM oxe_test.api_permission LIMIT 0, 2000

-- Date: 2023-12-15 01:40 */ INSERT INTO api_permission (id,key,group) VALUES (213,'standard_accountlist','accounts'); INSERT INTO api_permission (id,key,group) VALUES (214,'standard_accountlogin','accounts'); INSERT INTO api_permission (id,key,group) VALUES (215,'standard_accountcreate','accounts'); INSERT INTO api_permission (id,key,group) VALUES (216,'standard_accountedit','accounts'); INSERT INTO api_permission (id,key,group) VALUES (217,'standard_adresseaccountsget','accounts'); INSERT INTO api_permission (id,key,group) VALUES (218,'standard_adressecreate','addresses'); INSERT INTO api_permission (id,key,group) VALUES (219,'standard_adresseedit','addresses'); INSERT INTO api_permission (id,key,group) VALUES (220,'standard_adresseget','addresses'); INSERT INTO api_permission (id,key,group) VALUES (221,'standard_adresselisteget','addresses'); INSERT INTO api_permission (id,key,group) VALUES (222,'standard_adressegruppenget','addresses'); INSERT INTO api_permission (id,key,group) VALUES (223,'create_address','addresses'); INSERT INTO api_permission (id,key,group) VALUES (224,'list_addresses','addresses'); INSERT INTO api_permission (id,key,group) VALUES (225,'view_address','addresses'); INSERT INTO api_permission (id,key,group) VALUES (226,'edit_address','addresses'); INSERT INTO api_permission (id,key,group) VALUES (227,'create_address_type','address_types'); INSERT INTO api_permission (id,key,group) VALUES (228,'list_address_types','address_types'); INSERT INTO api_permission (id,key,group) VALUES (229,'view_address_type','address_types'); INSERT INTO api_permission (id,key,group) VALUES (230,'edit_address_type','address_types'); INSERT INTO api_permission (id,key,group) VALUES (231,'standard_artikelcreate','articles'); INSERT INTO api_permission (id,key,group) VALUES (232,'standard_artikeledit','articles'); INSERT INTO api_permission (id,key,group) VALUES (233,'standard_artikelget','articles'); INSERT INTO api_permission (id,key,group) VALUES (234,'standard_artikellist','articles'); INSERT INTO api_permission (id,key,group) VALUES (235,'standard_artikelstueckliste','articles'); INSERT INTO api_permission (id,key,group) VALUES (236,'standard_artikelstuecklistecreate','articles'); INSERT INTO api_permission (id,key,group) VALUES (237,'standard_artikelstuecklisteedit','articles'); INSERT INTO api_permission (id,key,group) VALUES (238,'standard_artikelstuecklistelist','articles'); INSERT INTO api_permission (id,key,group) VALUES (239,'standard_artikelkontingenteget','articles'); INSERT INTO api_permission (id,key,group) VALUES (240,'standard_preiseedit','articles'); INSERT INTO api_permission (id,key,group) VALUES (241,'list_articles','articles'); INSERT INTO api_permission (id,key,group) VALUES (242,'view_article','articles'); INSERT INTO api_permission (id,key,group) VALUES (243,'standard_artikelkategorienlist','article_categories'); INSERT INTO api_permission (id,key,group) VALUES (244,'create_article_category','article_categories'); INSERT INTO api_permission (id,key,group) VALUES (245,'list_article_categories','article_categories'); INSERT INTO api_permission (id,key,group) VALUES (246,'view_article_category','article_categories'); INSERT INTO api_permission (id,key,group) VALUES (247,'edit_article_category','article_categories'); INSERT INTO api_permission (id,key,group) VALUES (248,'standard_ansprechpartnercreate','contacts'); INSERT INTO api_permission (id,key,group) VALUES (249,'standard_ansprechpartneredit','contacts'); INSERT INTO api_permission (id,key,group) VALUES (250,'standard_adressekontaktcreate','contacts'); INSERT INTO api_permission (id,key,group) VALUES (251,'standard_adressekontaktedit','contacts'); INSERT INTO api_permission (id,key,group) VALUES (252,'standard_adressekontaktget','contacts'); INSERT INTO api_permission (id,key,group) VALUES (253,'standard_adressekontaktlist','contacts'); INSERT INTO api_permission (id,key,group) VALUES (254,'create_country','countries'); INSERT INTO api_permission (id,key,group) VALUES (255,'list_countries','countries'); INSERT INTO api_permission (id,key,group) VALUES (256,'view_country','countries'); INSERT INTO api_permission (id,key,group) VALUES (257,'edit_country','countries'); INSERT INTO api_permission (id,key,group) VALUES (258,'standard_gutschriftget','credit_memos'); INSERT INTO api_permission (id,key,group) VALUES (259,'standard_gutschriftedit','credit_memos'); INSERT INTO api_permission (id,key,group) VALUES (260,'standard_gutschriftcreate','credit_memos'); INSERT INTO api_permission (id,key,group) VALUES (261,'standard_gutschriftfreigabe','credit_memos'); INSERT INTO api_permission (id,key,group) VALUES (262,'standard_gutschriftversenden','credit_memos'); INSERT INTO api_permission (id,key,group) VALUES (263,'standard_gutschriftarchivieren','credit_memos'); INSERT INTO api_permission (id,key,group) VALUES (264,'list_credit_memos','credit_memos'); INSERT INTO api_permission (id,key,group) VALUES (265,'view_credit_memo','credit_memos'); INSERT INTO api_permission (id,key,group) VALUES (266,'create_crm_document','crm_documents'); INSERT INTO api_permission (id,key,group) VALUES (267,'list_crm_documents','crm_documents'); INSERT INTO api_permission (id,key,group) VALUES (268,'view_crm_document','crm_documents'); INSERT INTO api_permission (id,key,group) VALUES (269,'edit_crm_document','crm_documents'); INSERT INTO api_permission (id,key,group) VALUES (270,'delete_crm_document','crm_documents'); INSERT INTO api_permission (id,key,group) VALUES (271,'standard_lieferadressecreate','delivery_addresses'); INSERT INTO api_permission (id,key,group) VALUES (272,'standard_lieferadresseedit','delivery_addresses'); INSERT INTO api_permission (id,key,group) VALUES (273,'create_delivery_address','delivery_addresses'); INSERT INTO api_permission (id,key,group) VALUES (274,'list_delivery_addresses','delivery_addresses'); INSERT INTO api_permission (id,key,group) VALUES (275,'view_delivery_address','delivery_addresses'); INSERT INTO api_permission (id,key,group) VALUES (276,'edit_delivery_address','delivery_addresses'); INSERT INTO api_permission (id,key,group) VALUES (277,'delete_delivery_address','delivery_addresses'); INSERT INTO api_permission (id,key,group) VALUES (278,'standard_lieferscheinget','delivery_note'); INSERT INTO api_permission (id,key,group) VALUES (279,'standard_lieferscheinedit','delivery_note'); INSERT INTO api_permission (id,key,group) VALUES (280,'standard_lieferscheincreate','delivery_note'); INSERT INTO api_permission (id,key,group) VALUES (281,'standard_lieferscheinfreigabe','delivery_note'); INSERT INTO api_permission (id,key,group) VALUES (282,'standard_lieferscheinversenden','delivery_note'); INSERT INTO api_permission (id,key,group) VALUES (283,'standard_lieferscheinarchivieren','delivery_note'); INSERT INTO api_permission (id,key,group) VALUES (284,'list_delivery_notes','delivery_note'); INSERT INTO api_permission (id,key,group) VALUES (285,'view_delivery_note','delivery_note'); INSERT INTO api_permission (id,key,group) VALUES (286,'standard_belegelist','documents'); INSERT INTO api_permission (id,key,group) VALUES (287,'standard_belegpdf','documents'); INSERT INTO api_permission (id,key,group) VALUES (288,'standard_belegpdfheader','documents'); INSERT INTO api_permission (id,key,group) VALUES (289,'standard_mappingget','documents'); INSERT INTO api_permission (id,key,group) VALUES (290,'standard_mappingset','documents'); INSERT INTO api_permission (id,key,group) VALUES (291,'list_documents','documents'); INSERT INTO api_permission (id,key,group) VALUES (292,'standard_angebotzuauftrag','document_actions'); INSERT INTO api_permission (id,key,group) VALUES (293,'standard_auftragzurechnung','document_actions'); INSERT INTO api_permission (id,key,group) VALUES (294,'standard_weiterfuehrenauftragzurechnung','document_actions'); INSERT INTO api_permission (id,key,group) VALUES (295,'standard_weiterfuehrenrechnungzugutschrift','document_actions'); INSERT INTO api_permission (id,key,group) VALUES (296,'standard_dateilist','files'); INSERT INTO api_permission (id,key,group) VALUES (297,'standard_dateivorschau','files'); INSERT INTO api_permission (id,key,group) VALUES (298,'standard_dateidownload','files'); INSERT INTO api_permission (id,key,group) VALUES (299,'standard_dateiheader','files'); INSERT INTO api_permission (id,key,group) VALUES (300,'standard_shopimages','files'); INSERT INTO api_permission (id,key,group) VALUES (301,'create_file','files'); INSERT INTO api_permission (id,key,group) VALUES (302,'list_files','files'); INSERT INTO api_permission (id,key,group) VALUES (303,'view_file','files'); INSERT INTO api_permission (id,key,group) VALUES (304,'handle_assets','files'); INSERT INTO api_permission (id,key,group) VALUES (305,'handle_navision','gobnav'); INSERT INTO api_permission (id,key,group) VALUES (306,'standard_gruppecreate','groups'); INSERT INTO api_permission (id,key,group) VALUES (307,'standard_gruppeedit','groups'); INSERT INTO api_permission (id,key,group) VALUES (308,'standard_gruppeget','groups'); INSERT INTO api_permission (id,key,group) VALUES (309,'standard_gruppenlist','groups'); INSERT INTO api_permission (id,key,group) VALUES (310,'create_group','groups'); INSERT INTO api_permission (id,key,group) VALUES (311,'list_groups','groups'); INSERT INTO api_permission (id,key,group) VALUES (312,'view_group','groups'); INSERT INTO api_permission (id,key,group) VALUES (313,'edit_group','groups'); INSERT INTO api_permission (id,key,group) VALUES (314,'standard_rechnungget','invoices'); INSERT INTO api_permission (id,key,group) VALUES (315,'standard_rechnungedit','invoices'); INSERT INTO api_permission (id,key,group) VALUES (316,'standard_rechnungcreate','invoices'); INSERT INTO api_permission (id,key,group) VALUES (317,'standard_rechnungversenden','invoices'); INSERT INTO api_permission (id,key,group) VALUES (318,'standard_rechnungfreigabe','invoices'); INSERT INTO api_permission (id,key,group) VALUES (319,'standard_rechnungarchivieren','invoices'); INSERT INTO api_permission (id,key,group) VALUES (320,'standard_rechnungversendetmarkieren','invoices'); INSERT INTO api_permission (id,key,group) VALUES (321,'standard_rechnungalsbezahltmarkieren','invoices'); INSERT INTO api_permission (id,key,group) VALUES (322,'list_invoices','invoices'); INSERT INTO api_permission (id,key,group) VALUES (323,'view_invoice','invoices'); INSERT INTO api_permission (id,key,group) VALUES (324,'delete_invoice','invoices'); INSERT INTO api_permission (id,key,group) VALUES (325,'mobile_app_communication','mobile_app'); INSERT INTO api_permission (id,key,group) VALUES (326,'handle_opentrans','opentrans'); INSERT INTO api_permission (id,key,group) VALUES (327,'standard_auftragcreate','orders'); INSERT INTO api_permission (id,key,group) VALUES (328,'standard_auftragedit','orders'); INSERT INTO api_permission (id,key,group) VALUES (329,'standard_auftragget','orders'); INSERT INTO api_permission (id,key,group) VALUES (330,'standard_auftragfreigabe','orders'); INSERT INTO api_permission (id,key,group) VALUES (331,'standard_auftragabschliessen','orders'); INSERT INTO api_permission (id,key,group) VALUES (332,'standard_auftragversenden','orders'); INSERT INTO api_permission (id,key,group) VALUES (333,'standard_auftragarchivieren','orders'); INSERT INTO api_permission (id,key,group) VALUES (334,'list_orders','orders'); INSERT INTO api_permission (id,key,group) VALUES (335,'view_order','orders'); INSERT INTO api_permission (id,key,group) VALUES (336,'create_payment_method','payment_methods'); INSERT INTO api_permission (id,key,group) VALUES (337,'list_payment_methods','payment_methods'); INSERT INTO api_permission (id,key,group) VALUES (338,'view_payment_method','payment_methods'); INSERT INTO api_permission (id,key,group) VALUES (339,'edit_payment_method','payment_methods'); INSERT INTO api_permission (id,key,group) VALUES (340,'standard_projektliste','projects'); INSERT INTO api_permission (id,key,group) VALUES (341,'standard_projektget','projects'); INSERT INTO api_permission (id,key,group) VALUES (342,'standard_projektcreate','projects'); INSERT INTO api_permission (id,key,group) VALUES (343,'standard_projektedit','projects'); INSERT INTO api_permission (id,key,group) VALUES (344,'create_property','properties'); INSERT INTO api_permission (id,key,group) VALUES (345,'list_property','properties'); INSERT INTO api_permission (id,key,group) VALUES (346,'view_property','properties'); INSERT INTO api_permission (id,key,group) VALUES (347,'edit_property','properties'); INSERT INTO api_permission (id,key,group) VALUES (348,'delete_property','properties'); INSERT INTO api_permission (id,key,group) VALUES (349,'create_property_value','property_values'); INSERT INTO api_permission (id,key,group) VALUES (350,'list_property_value','property_values'); INSERT INTO api_permission (id,key,group) VALUES (351,'view_property_value','property_values'); INSERT INTO api_permission (id,key,group) VALUES (352,'edit_property_value','property_values'); INSERT INTO api_permission (id,key,group) VALUES (353,'delete_property_value','property_values'); INSERT INTO api_permission (id,key,group) VALUES (354,'standard_angebotcreate','quotes'); INSERT INTO api_permission (id,key,group) VALUES (355,'standard_angebotedit','quotes'); INSERT INTO api_permission (id,key,group) VALUES (356,'standard_angebotget','quotes'); INSERT INTO api_permission (id,key,group) VALUES (357,'standard_angebotfreigabe','quotes'); INSERT INTO api_permission (id,key,group) VALUES (358,'standard_angebotversenden','quotes'); INSERT INTO api_permission (id,key,group) VALUES (359,'standard_angebotarchivieren','quotes'); INSERT INTO api_permission (id,key,group) VALUES (360,'list_quotes','quotes'); INSERT INTO api_permission (id,key,group) VALUES (361,'view_quote','quotes'); INSERT INTO api_permission (id,key,group) VALUES (362,'standard_exportvorlageget','reports'); INSERT INTO api_permission (id,key,group) VALUES (363,'standard_berichteget','reports'); INSERT INTO api_permission (id,key,group) VALUES (364,'view_report','reports'); INSERT INTO api_permission (id,key,group) VALUES (365,'create_resubmission','resubmissions'); INSERT INTO api_permission (id,key,group) VALUES (366,'list_resubmissions','resubmissions'); INSERT INTO api_permission (id,key,group) VALUES (367,'view_resubmission','resubmissions'); INSERT INTO api_permission (id,key,group) VALUES (368,'edit_resubmission','resubmissions'); INSERT INTO api_permission (id,key,group) VALUES (369,'standard_retoureget','returns'); INSERT INTO api_permission (id,key,group) VALUES (370,'standard_retoureedit','returns'); INSERT INTO api_permission (id,key,group) VALUES (371,'standard_retourecreate','returns'); INSERT INTO api_permission (id,key,group) VALUES (372,'create_scanned_document','scanned_documents'); INSERT INTO api_permission (id,key,group) VALUES (373,'list_scanned_documents','scanned_documents'); INSERT INTO api_permission (id,key,group) VALUES (374,'view_scanned_document','scanned_documents'); INSERT INTO api_permission (id,key,group) VALUES (375,'create_shipping_method','shipping_methods'); INSERT INTO api_permission (id,key,group) VALUES (376,'list_shipping_methods','shipping_methods'); INSERT INTO api_permission (id,key,group) VALUES (377,'view_shipping_method','shipping_methods'); INSERT INTO api_permission (id,key,group) VALUES (378,'edit_shipping_method','shipping_methods'); INSERT INTO api_permission (id,key,group) VALUES (379,'communicate_with_shop','shop_communication'); INSERT INTO api_permission (id,key,group) VALUES (380,'view_storage_batch','storage'); INSERT INTO api_permission (id,key,group) VALUES (381,'view_storage_best_before','storage'); INSERT INTO api_permission (id,key,group) VALUES (382,'standard_adresseaboartikelcreate','subscriptions'); INSERT INTO api_permission (id,key,group) VALUES (383,'standard_adresseaboartikeledit','subscriptions'); INSERT INTO api_permission (id,key,group) VALUES (384,'standard_adresseaboartikelget','subscriptions'); INSERT INTO api_permission (id,key,group) VALUES (385,'standard_adresseaboartikellist','subscriptions'); INSERT INTO api_permission (id,key,group) VALUES (386,'create_subscription','subscriptions'); INSERT INTO api_permission (id,key,group) VALUES (387,'list_subscriptions','subscriptions'); INSERT INTO api_permission (id,key,group) VALUES (388,'view_subscription','subscriptions'); INSERT INTO api_permission (id,key,group) VALUES (389,'edit_subscription','subscriptions'); INSERT INTO api_permission (id,key,group) VALUES (390,'delete_subscription','subscriptions'); INSERT INTO api_permission (id,key,group) VALUES (391,'standard_adresseabogruppecreate','subscription_groups'); INSERT INTO api_permission (id,key,group) VALUES (392,'standard_adresseabogruppeedit','subscription_groups'); INSERT INTO api_permission (id,key,group) VALUES (393,'standard_adresseabogruppeget','subscription_groups'); INSERT INTO api_permission (id,key,group) VALUES (394,'standard_adresseabogruppelist','subscription_groups'); INSERT INTO api_permission (id,key,group) VALUES (395,'create_subscription_group','subscription_groups'); INSERT INTO api_permission (id,key,group) VALUES (396,'list_subscription_groups','subscription_groups'); INSERT INTO api_permission (id,key,group) VALUES (397,'view_subscription_group','subscription_groups'); INSERT INTO api_permission (id,key,group) VALUES (398,'edit_subscription_group','subscription_groups'); INSERT INTO api_permission (id,key,group) VALUES (399,'standard_bestellungget','supply_orders'); INSERT INTO api_permission (id,key,group) VALUES (400,'standard_bestellungedit','supply_orders'); INSERT INTO api_permission (id,key,group) VALUES (401,'standard_bestellungcreate','supply_orders'); INSERT INTO api_permission (id,key,group) VALUES (402,'standard_bestellungfreigabe','supply_orders'); INSERT INTO api_permission (id,key,group) VALUES (403,'standard_etikettendrucker','system_settings'); INSERT INTO api_permission (id,key,group) VALUES (404,'standard_servertimeget','system_settings'); INSERT INTO api_permission (id,key,group) VALUES (405,'create_tax_rate','tax_rates'); INSERT INTO api_permission (id,key,group) VALUES (406,'list_tax_rates','tax_rates'); INSERT INTO api_permission (id,key,group) VALUES (407,'view_tax_rate','tax_rates'); INSERT INTO api_permission (id,key,group) VALUES (408,'edit_tax_rate','tax_rates'); INSERT INTO api_permission (id,key,group) VALUES (409,'standard_stechuhrstatusget','employee_interactions'); INSERT INTO api_permission (id,key,group) VALUES (410,'standard_stechuhrstatusset','employee_interactions'); INSERT INTO api_permission (id,key,group) VALUES (411,'standard_stechuhrsummary','employee_interactions'); INSERT INTO api_permission (id,key,group) VALUES (412,'standard_zeiterfassungget','employee_interactions'); INSERT INTO api_permission (id,key,group) VALUES (413,'standard_zeiterfassungcreate','employee_interactions'); INSERT INTO api_permission (id,key,group) VALUES (414,'standard_zeiterfassungedit','employee_interactions'); INSERT INTO api_permission (id,key,group) VALUES (415,'standard_zeiterfassungdelete','employee_interactions'); INSERT INTO api_permission (id,key,group) VALUES (416,'standard_reisekostenversenden','employee_interactions'); INSERT INTO api_permission (id,key,group) VALUES (417,'standard_sessionstart','employee_interactions'); INSERT INTO api_permission (id,key,group) VALUES (418,'standard_sessionclose','employee_interactions'); INSERT INTO api_permission (id,key,group) VALUES (419,'create_tracking_number','tracking_numbers'); INSERT INTO api_permission (id,key,group) VALUES (420,'list_tracking_numbers','tracking_numbers'); INSERT INTO api_permission (id,key,group) VALUES (421,'view_tracking_number','tracking_numbers'); INSERT INTO api_permission (id,key,group) VALUES (422,'edit_tracking_number','tracking_numbers'); INSERT INTO api_permission (id,key,group) VALUES (423,'standard_benutzercreate','users'); INSERT INTO api_permission (id,key,group) VALUES (424,'standard_benutzeredit','users'); INSERT INTO api_permission (id,key,group) VALUES (425,'standard_benutzerget','users'); INSERT INTO api_permission (id,key,group) VALUES (426,'standard_benutzerlist','users'); INSERT INTO api_permission (id,key,group) VALUES (427,'standard_benutzergetrfid','users'); INSERT INTO api_permission (id,key,group) VALUES (428,'standard_custom','custom');`