コード例 #1
0
require_once api_get_path(LIBRARY_PATH) . 'group_portal_manager.lib.php';

$group_id = intval($_GET['id']);
$topic_id = intval($_GET['topic_id']);
$message_id = intval($_GET['msg_id']);

//todo @this validation could be in a function in group_portal_manager
if (empty($group_id)) {
    api_not_allowed(true);
} else {
    $group_info = GroupPortalManager::get_group_data($group_id);
    if (empty($group_info)) {
        api_not_allowed(true);
    }
    $is_member = GroupPortalManager::is_group_member($group_id);
    if ($group_info['visibility'] == GROUP_PERMISSION_CLOSED && !$is_member) {
        api_not_allowed(true);
    }
}

if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'delete') {
    $group_role = GroupPortalManager::get_user_group_role(
        api_get_user_id(),
        $group_id
    );

    if (api_is_platform_admin() || in_array(
            $group_role,
            array(GROUP_USER_PERMISSION_ADMIN, GROUP_USER_PERMISSION_MODERATOR)
        )
コード例 #2
0
    $add_type = Security::remove_XSS($_REQUEST['add_type']);
}

//checking for extra field with filter on
require_once api_get_path(LIBRARY_PATH) . 'group_portal_manager.lib.php';

//todo @this validation could be in a function in group_portal_manager
if (empty($group_id)) {
    api_not_allowed();
} else {
    $group_info = GroupPortalManager::get_group_data($group_id);
    if (empty($group_info)) {
        api_not_allowed();
    }
    //only admin or moderator can do that
    if (!GroupPortalManager::is_group_member($group_id)) {
        api_not_allowed();
    }
}

function search_users($needle, $type)
{
    global $tbl_user, $tbl_group_rel_user, $group_id;
    $xajax_response = new XajaxResponse();
    $return = '';

    if (!empty($needle) && !empty($type)) {

        // xajax send utf8 datas... datas in db can be non-utf8 datas
        $charset = api_get_system_encoding();
        $needle = Database::escape_string($needle);