function XMLRPCremoveUsersFromGroup($name, $affiliation, $users) { global $user, $findAffilFuncs; if (!in_array('groupAdmin', $user['privileges'])) { return array('status' => 'error', 'errorcode' => 16, 'errormsg' => 'access denied for managing user groups'); } $validate = array('name' => $name, 'affiliation' => $affiliation); $rc = validateAPIgroupInput($validate, 1); if ($rc['status'] == 'error') { return $rc; } $query = "SELECT ownerid, " . "editusergroupid AS editgroupid " . "FROM usergroup " . "WHERE id = {$rc['id']}"; $qh = doQuery($query, 101); if (!($row = mysql_fetch_assoc($qh))) { return array('status' => 'error', 'errorcode' => 18, 'errormsg' => 'user group with submitted name and affiliation does not exist'); } # if not owner and not member of managing group, no access if ($user['id'] != $row['ownerid'] && !array_key_exists($row['editgroupid'], $user['groups'])) { return array('status' => 'error', 'errorcode' => 28, 'errormsg' => 'access denied to user group with submitted name and affiliation'); } $fails = array(); foreach ($users as $_user) { if (empty($_user)) { continue; } $esc_user = mysql_escape_string($_user); # check that affiliation of user can be determined because getUserlistID # will abort if it can't find it $affilok = 0; foreach ($findAffilFuncs as $func) { if ($func($_user, $dump)) { $affilok = 1; } } if (!$affilok) { $fails[] = $_user; continue; } $userid = getUserlistID($esc_user, 1); if (is_null($userid)) { $fails[] = $_user; } else { deleteUserGroupMember($userid, $rc['id']); } } if (count($fails)) { $cnt = 'some'; $code = 36; if (count($fails) == count($users)) { $cnt = 'any'; $code = 37; } return array('status' => 'warning', 'failedusers' => $fails, 'warningcode' => $code, 'warningmsg' => "failed to remove {$cnt} users from user group"); } return array('status' => 'success'); }
function XMLRPCaddResourceGroup($name, $managingGroup, $type) { global $user; if (!in_array("groupAdmin", $user['privileges'])) { return array('status' => 'error', 'errorcode' => 16, 'errormsg' => 'access denied for managing groups'); } $validate = array('managingGroup' => $managingGroup); $rc = validateAPIgroupInput($validate, 0); if ($rc['status'] == 'error') { return $rc; } if ($typeid = getResourceTypeID($type)) { if (checkForGroupName($name, 'resource', '', $typeid)) { return array('status' => 'error', 'errorcode' => 76, 'errormsg' => 'resource group already exists'); } if (get_magic_quotes_gpc()) { $name = stripslashes($name); } if (!preg_match('/^[-a-zA-Z0-9_\\. ]{3,30}$/', $name)) { return array('status' => 'error', 'errorcode' => 87, 'errormsg' => 'Name must be between 3 and 30 characters and can only contain letters, numbers, spaces, and these characters: - . _'); } $name = mysql_real_escape_string($name); $data = array('type' => 'resource', 'ownergroup' => $rc['managingGroupID'], 'resourcetypeid' => $typeid, 'name' => $name); if (!addGroup($data)) { return array('status' => 'error', 'errorcode' => 26, 'errormsg' => 'failure while adding group to database'); } } else { return array('status' => 'error', 'errorcode' => 68, 'errormsg' => 'invalid resource type'); } return array('status' => 'success'); }