$errors[] = getlocal("no_such_operator"); } else { if (isset($_POST['op'])) { if (!is_capable($can_administrate, $operator)) { $errors[] = getlocal('page_agent.cannot_modify'); } $new_permissions = isset($op['iperm']) ? $op['iperm'] : 0; foreach ($permission_ids as $perm => $id) { if (verifyparam("permissions{$id}", "/^on\$/", "") == "on") { $new_permissions |= 1 << $perm; } else { $new_permissions &= ~(1 << $perm); } } if (count($errors) == 0) { update_operator_permissions($op['operatorid'], $new_permissions); if ($opId && $_SESSION["{$mysqlprefix}operator"] && $operator['operatorid'] == $opId) { $_SESSION["{$mysqlprefix}operator"]['iperm'] = $new_permissions; } header("Location: {$webimroot}/operator/permissions.php?op={$opId}&stored"); exit; } } } $page['permissionsList'] = get_permission_list(); $page['formpermissions'] = array(""); $page['currentop'] = $op ? topage(get_operator_name($op)) . " (" . $op['vclogin'] . ")" : "-not found-"; if ($op) { foreach ($permission_ids as $perm => $id) { if (is_capable($perm, $op)) { $page['formpermissions'][] = $id;
/** * Processes submitting of the form which is generated in * {@link \Mibew\Controller\Operator\PermissionsController::showFormAction()} * method. * * @param Request $request Incoming request. * @return string Rendered page content. * @throws NotFoundException If the operator with specified ID is not found * in the system. */ public function submitFormAction(Request $request) { csrf_check_token($request); $operator = $this->getOperator(); $op_id = $request->attributes->getInt('operator_id'); // Check if the target operator exists $op = operator_by_id($op_id); if (!$op) { throw new NotFoundException('The operator is not found.'); } $new_permissions = isset($op['iperm']) ? $op['iperm'] : 0; foreach (permission_ids() as $perm => $id) { if ($request->request->get('permissions' . $id) == 'on') { $new_permissions |= 1 << $perm; } else { $new_permissions &= ~(1 << $perm); } } // Update operator's permissions in the database and in cached // authentication manager data if it is needed. update_operator_permissions($op['operatorid'], $new_permissions); if ($operator['operatorid'] == $op_id) { $operator['iperm'] = $new_permissions; $this->getAuthenticationManager()->setOperator($operator); } // Redirect the current operator to the same page using GET method. $redirect_to = $this->generateUrl('operator_permissions', array('operator_id' => $op_id, 'stored' => true)); return $this->redirect($redirect_to); }