function getGroupRoleMembers($params) { if (is_array($error = secureRequest($params, FALSE))) { return $error; } global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers; $groupID = $params['GroupID']; $roleMembersVisibleBit = $groupPowers['RoleMembersVisible']; $canViewAllGroupRoleMembers = canAgentViewRoleMembers($requestingAgent, $groupID, ''); $sql = " SELECT " . " osrole.RoleID, osgrouprolemembership.AgentID" . " , (osrole.Powers & {$roleMembersVisibleBit}) as MemberVisible" . " FROM osrole JOIN osgrouprolemembership ON (osrole.GroupID = osgrouprolemembership.GroupID AND osrole.RoleID = osgrouprolemembership.RoleID)" . " WHERE osrole.GroupID = '{$groupID}'"; $memberResults = mysql_query($sql, $groupDBCon); if (!$memberResults) { return array('error' => "Could not successfully run query ({$sql}) from DB: " . mysql_error(), 'params' => var_export($params, TRUE)); } $members = array(); while ($member = mysql_fetch_assoc($memberResults)) { if ($canViewAllGroupRoleMembers || $MemberVisible['MemberVisible'] || $member['AgentID'] == $requestingAgent) { $Key = $member['AgentID'] . $member['RoleID']; $members[$Key] = $member; } } return $members; }
function getGroupRoleMembers($params) { global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers; $groupID = $params['GroupID']; $roleMembersVisibleBit = $groupPowers['RoleMembersVisible']; $canViewAllGroupRoleMembers = canAgentViewRoleMembers($requestingAgent, $groupID, ''); $escapedGroupID = mysql_real_escape_string($groupID); $sql = " SELECT " . " osrole.RoleID, osgrouprolemembership.AgentID" . " , (osrole.Powers & {$roleMembersVisibleBit}) as MemberVisible" . " FROM osrole JOIN osgrouprolemembership ON (osrole.GroupID = osgrouprolemembership.GroupID AND osrole.RoleID = osgrouprolemembership.RoleID)" . " WHERE osrole.GroupID = '{$escapedGroupID}'"; $memberResults = mysql_query($sql, $groupDBCon); if (!$memberResults) { return array('error' => "Could not successfully run query ({$sql}) from DB: " . mysql_error(), 'params' => var_export($params, TRUE)); } if (mysql_num_rows($memberResults) == 0) { return array('succeed' => 'false', 'error' => 'No role memberships found for group', 'params' => var_export($params, TRUE), 'sql' => $sql); } $members = array(); while ($member = mysql_fetch_assoc($memberResults)) { if ($canViewAllGroupRoleMembers || $member['MemberVisible'] || $member['AgentID'] == $requestingAgent) { $Key = $member['AgentID'] . $member['RoleID']; $members[$Key] = $member; } } if (count($members) == 0) { return array('succeed' => 'false', 'error' => 'No role memberships visible for group', 'params' => var_export($params, TRUE), 'sql' => $sql); } return $members; }