function updateUserOrGroupPrivs($name, $node, $adds, $removes, $mode) { if (!(count($adds) || count($removes))) { return; } if ($mode == "user") { $field = "userid"; if (is_numeric($name)) { $id = $name; } else { $id = getUserlistID($name); if (!$id) { $id = addUser($name); } } } else { $field = "usergroupid"; $id = $name; } foreach ($adds as $type) { $typeid = getUserPrivTypeID($type); $query = "INSERT IGNORE INTO userpriv (" . "{$field}, " . "privnodeid, " . "userprivtypeid) " . "VALUES (" . "{$id}, " . "{$node}, " . "{$typeid})"; doQuery($query, 375); } foreach ($removes as $type) { $typeid = getUserPrivTypeID($type); $query = "DELETE FROM userpriv " . "WHERE {$field} = {$id} AND " . "privnodeid = {$node} AND " . "userprivtypeid = {$typeid}"; doQuery($query, 376); } }
function AJchangeUserGroupPrivs() { global $user; $node = processInputVar("activeNode", ARG_NUMERIC); if (!checkUserHasPriv("userGrant", $user["id"], $node)) { $text = "You do not have rights to modify user privileges at this node."; print "alert('{$text}');"; return; } $newusergrpid = processInputVar("item", ARG_NUMERIC); $newpriv = processInputVar('priv', ARG_STRING); $newprivval = processInputVar('value', ARG_STRING); $newusergrp = getUserGroupName($newusergrpid); if ($newusergrp === 0) { $text = "Invalid user group submitted."; print "alert('{$text}');"; return; } $privid = getUserPrivTypeID($newpriv); if (is_null($privid)) { $text = "Invalid user privilege submitted."; print "alert('{$text}');"; return; } # get cascade privs at this node $cascadePrivs = getNodeCascadePrivileges($node, "usergroups"); if ($newprivval == 'true') { // if $newusergrp already has $newpriv cascaded to it, do nothing if (array_key_exists($newusergrp, $cascadePrivs['usergroups']) && in_array($newpriv, $cascadePrivs['usergroups'][$newusergrp]['privs'])) { return; } // add priv $adds = array($newpriv); $removes = array(); } else { // remove priv $adds = array(); $removes = array($newpriv); } updateUserOrGroupPrivs($newusergrpid, $node, $adds, $removes, "group"); $_SESSION['dirtyprivs'] = 1; }