require_once api_get_path(LIBRARY_PATH) . 'group_portal_manager.lib.php';
$group_id = intval($_GET['id']);
$topic_id = intval($_GET['topic_id']);
$message_id = intval($_GET['msg_id']);
//todo @this validation could be in a function in group_portal_manager
if (empty($group_id)) {
api_not_allowed(true);
} else {
$group_info = GroupPortalManager::get_group_data($group_id);
if (empty($group_info)) {
api_not_allowed(true);
}
$is_member = GroupPortalManager::is_group_member($group_id);
if ($group_info['visibility'] == GROUP_PERMISSION_CLOSED && !$is_member) {
api_not_allowed(true);
}
}
if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'delete') {
$group_role = GroupPortalManager::get_user_group_role(
api_get_user_id(),
$group_id
);
if (api_is_platform_admin() || in_array(
$group_role,
array(GROUP_USER_PERMISSION_ADMIN, GROUP_USER_PERMISSION_MODERATOR)
)
$add_type = Security::remove_XSS($_REQUEST['add_type']);
}
//checking for extra field with filter on
require_once api_get_path(LIBRARY_PATH) . 'group_portal_manager.lib.php';
//todo @this validation could be in a function in group_portal_manager
if (empty($group_id)) {
api_not_allowed();
} else {
$group_info = GroupPortalManager::get_group_data($group_id);
if (empty($group_info)) {
api_not_allowed();
}
//only admin or moderator can do that
if (!GroupPortalManager::is_group_member($group_id)) {
api_not_allowed();
}
}
function search_users($needle, $type)
{
global $tbl_user, $tbl_group_rel_user, $group_id;
$xajax_response = new XajaxResponse();
$return = '';
if (!empty($needle) && !empty($type)) {
// xajax send utf8 datas... datas in db can be non-utf8 datas
$charset = api_get_system_encoding();
$needle = Database::escape_string($needle);
