function account_getDurationWriteability($auth, $where)
{
//Superuser check
if (account_isSuperuser($auth)) {
return PRIV_ALL;
}
//Global write all
if ($auth['permissions']['global']['perm_player_write'] == PRIV_ALL) {
return PRIV_ALL;
}
//Local write all
if (isset($auth['permissions']['players'][$where['player_id']]['perm_player_write']) && $auth['permissions']['players'][$where['player_id']]['perm_player_write'] == PRIV_ALL) {
return PRIV_ALL;
}
//Global write own check
if ($auth['permissions']['global']['perm_player_write'] == PRIV_MINE) {
return PRIV_MINE;
}
//Local write own check
if (isset($auth['permissions']['players'][$where['player_id']]['perm_player_write']) && $auth['permissions']['players'][$where['player_id']]['perm_player_write'] == PRIV_MINE) {
return PRIV_MINE;
}
return PRIV_NONE;
}
function db_restricted_fetchPlayers($dbh, $auth)
{
//If user is superuser or has sufficient global player_read, no restriction, just run the empty fetch
if (account_isSuperuser($auth) || $auth['permissions']['global']['perm_player_read'] >= PRIV_MINE) {
return db_fetchPlayers($dbh, array());
}
//Otherwise, restrict it to players the user in $auth has read>mine on
$array = array();
$stmt = $dbh->prepare("\n\t\tSELECT *\n\t\tFROM `players`\n\t\tINNER JOIN `privs_players` ON `privs_players`.`player_id` = `players`.`player_id`\n\t\tWHERE `user_id` = :user_id\n\t\tAND `perm_player_read` >= :perm_player_read\n\t;");
$stmt->bindValue(':user_id', $auth['user']['user_id']);
$stmt->bindValue(':perm_player_read', PRIV_MINE);
if ($stmt->execute()) {
while ($row = $stmt->fetch(PDO::FETCH_ASSOC)) {
$array[] = $row;
}
}
return $array;
}
