CMXX - Consumer identity

api/v2/post/users.php

@@ -17,7 +17,6 @@ if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} el
 //default whereclause
 list($whereclause,$condition) = getWhereclause('profile',$permission,$partner,'');
 
-
 //SET PARAMETERS FOR QUERY
 $id = (isset($post_content['id'])) ? $post_content['id']: ''; //check for rowID
 $command = ($id == '')? 'insert' : 'update';  //IF rowID = empty then INSERT
@@ -134,6 +133,9 @@ $post_content['userkey'] = (isset($post_content['userkey']) && $post_content['us
 
 //ADD STANDARD PARAMETERS TO ARRAY BASED ON INSERT OR UPDATE
 if ($command == 'update'){ 
+    if (isset($post_content['password'])){ 
+        $post_content['password'] = password_hash($password, PASSWORD_DEFAULT);
+    }
     $post_content['partnerhierarchy'] = $accounthierarchy;
 }
 elseif ($command == 'insert'){
@@ -147,6 +149,28 @@ else {
     //do nothing
 }
 
+//+++++++++++++++++++++++++++++++++++++++++++++
+//RESET VIEW/PERMISSION BASED ON USER PERMISSION
+//+++++++++++++++++++++++++++++++++++++++++++++
+if($post_content['view']){
+    switch ($permission) {
+        case '4':
+            //ADMIN+ no override
+           break;
+        case '3':
+            //ADMINS cannot set ADMIN+ => reset to admin
+            $post_content['view'] = ($post_content['view'] == 5) ? 4 : $post_content['view'];
+            break;
+        default:
+            //OTHERS CANNOT SET HIGHER -> IF SET THEN MANIPULATION EXPECTED -> SET USER to READONLY
+            $post_content['view'] = ($post_content['view'] == 4 || $post_content['view'] == 5) ? 3 : $post_content['view'];
+            break;
+    }
+}
+//+++++++++++++++++++++++++++++++++++++++++++++
+//+++++++++++++++++++++++++++++++++++++++++++++
+
+
 //CREAT NEW ARRAY AND MAP TO CLAUSE
 if(isset($post_content) && $post_content!=''){   
     foreach ($post_content as $key => $var){