function handler_ajax_todo_add($page) { S::assert_xsrf_token(); if (Json::has('tobedone')) { XDB::execute('INSERT INTO todo SET uid = {?}, sent = NOW(), checked = 0, tobedone = {?}', S::user()->id(), Json::s('tobedone')); if (XDB::affectedRows() > 0) { $page->jsonAssign('todo_id', XDB::insertId()); } else { $page->jsonAssign('error', "Impossible d'ajouter une nouvelle tâche"); } } else { $page->jsonAssign('error', "Requête invalide"); } return PL_JSON; }
function handler_group_ajax_admin_rights($page) { S::assert_xsrf_token(); $group = Group::fromId(Json::i('gid')); $user = User::fromId(Json::i('uid')); if ($group && $user) { if (S::user()->isMe($user) && !S::user()->isAdmin()) { $page->jsonAssign('msg', 'On ne peut pas changer ses propres droits'); } else { if (S::user()->hasRights($group, Rights::admin()) || S::user()->isWeb()) { $group->select(GroupSelect::subscribe()); $rights = new Rights(Json::s('rights')); $caste = $group->caste($rights); if ($caste->userfilter()) { $page->jsonAssign('msg', 'Ce droit est défini de manière logique.'); } else { // Log the event if involving admin rights if ($rights->isMe(Rights::admin())) { S::logger()->log('groups/admin/rights', array('gid' => $group->id(), 'uid' => $user->id(), 'cid' => $caste->id(), 'add' => Json::b('add'))); } if (Json::b('add')) { $caste->addUser($user); } else { $caste->removeUser($user); } } } } } return PL_JSON; }