Beispiel #1
0
 /**
  * allowed - test if the command and the user are allowed
  */
 static function allowed($service_name)
 {
     global $mod;
     if (!is_array($mod[$service_name])) {
         header("HTTP/1.1: 403 Forbidden");
         echo "The operation '" . $service_name . "' is not defined";
         exit;
     }
     if (in_array("*", $mod[$service_name])) {
         return true;
     }
     if (in_array(auth_get_class(), $mod[$service_name])) {
         return true;
     }
     header("HTTP/1.1: 403 Forbidden");
     echo "The operation is not allowed for the authenticated user";
     exit;
 }
Beispiel #2
0
        echo json_encode(true);
        exit;
    case "logout":
        if (!logout()) {
            header("HTTP/1.1: 417 Expectation Failed");
            echo "User log out failed";
            exit;
        }
        header('Content-type: application/json');
        header("HTTP/1.1: 401 Unauthorized");
        echo json_encode(true);
        exit;
    case "getUser":
        if ($anonymous_access == true) {
            header('Content-type: application/json');
            echo json_encode(array("username" => "guest", "userclass" => "guest"));
            exit;
        }
        if (!array_key_exists("login", $_SESSION)) {
            header("HTTP/1.1: 401 Unauthorized");
            echo "User not authenticated";
            exit;
        }
        header('Content-type: application/json');
        echo json_encode(array("username" => $_SESSION['login'], "userclass" => auth_get_class()));
        break;
    default:
        header("HTTP/1.1: 400 Bad Request");
        echo "Bad command";
        exit;
}
Beispiel #3
0
         break;
     }
     $ret = copyFiles($assetsLCL . arg("path"), $assetsLCL . arg("target"));
     if (!$ret) {
         $err = $ERR_FILE_PERMISSION;
         break;
     }
     break;
 case "spider":
     $ret = spider($assetsLCL . arg("path"), $assetsLCL);
     if (!$ret) {
         $err = $ERR_FILE_NOT_FOUND;
     }
     break;
 case "touch":
     if (!in_array(auth_get_class(), array("admin", "supervisor", "dirprod"))) {
         $err = $ERR_PERMISSION;
         break;
     }
     $ret = touch($assetsLCL . arg("path"));
     if (!$ret) {
         $err = $ERR_FILE_PERMISSION;
     }
     break;
     #case "rm":
     #case "mv":
     #case "mkdir":
     #case "touch":
     #case "chmod":
     #case "chgroup":
 #case "rm":