Esempio n. 1
0
function updateUserOrGroupPrivs($name, $node, $adds, $removes, $mode)
{
    if (!(count($adds) || count($removes))) {
        return;
    }
    if ($mode == "user") {
        $field = "userid";
        if (is_numeric($name)) {
            $id = $name;
        } else {
            $id = getUserlistID($name);
            if (!$id) {
                $id = addUser($name);
            }
        }
    } else {
        $field = "usergroupid";
        $id = $name;
    }
    foreach ($adds as $type) {
        $typeid = getUserPrivTypeID($type);
        $query = "INSERT IGNORE INTO userpriv (" . "{$field}, " . "privnodeid, " . "userprivtypeid) " . "VALUES (" . "{$id}, " . "{$node}, " . "{$typeid})";
        doQuery($query, 375);
    }
    foreach ($removes as $type) {
        $typeid = getUserPrivTypeID($type);
        $query = "DELETE FROM userpriv " . "WHERE {$field} = {$id} AND " . "privnodeid = {$node} AND " . "userprivtypeid = {$typeid}";
        doQuery($query, 376);
    }
}
Esempio n. 2
0
function AJchangeUserGroupPrivs()
{
    global $user;
    $node = processInputVar("activeNode", ARG_NUMERIC);
    if (!checkUserHasPriv("userGrant", $user["id"], $node)) {
        $text = "You do not have rights to modify user privileges at this node.";
        print "alert('{$text}');";
        return;
    }
    $newusergrpid = processInputVar("item", ARG_NUMERIC);
    $newpriv = processInputVar('priv', ARG_STRING);
    $newprivval = processInputVar('value', ARG_STRING);
    $newusergrp = getUserGroupName($newusergrpid);
    if ($newusergrp === 0) {
        $text = "Invalid user group submitted.";
        print "alert('{$text}');";
        return;
    }
    $privid = getUserPrivTypeID($newpriv);
    if (is_null($privid)) {
        $text = "Invalid user privilege submitted.";
        print "alert('{$text}');";
        return;
    }
    # get cascade privs at this node
    $cascadePrivs = getNodeCascadePrivileges($node, "usergroups");
    if ($newprivval == 'true') {
        // if $newusergrp already has $newpriv cascaded to it, do nothing
        if (array_key_exists($newusergrp, $cascadePrivs['usergroups']) && in_array($newpriv, $cascadePrivs['usergroups'][$newusergrp]['privs'])) {
            return;
        }
        // add priv
        $adds = array($newpriv);
        $removes = array();
    } else {
        // remove priv
        $adds = array();
        $removes = array($newpriv);
    }
    updateUserOrGroupPrivs($newusergrpid, $node, $adds, $removes, "group");
    $_SESSION['dirtyprivs'] = 1;
}