function handler_ajax_modify($page) { S::assert_xsrf_token(); if (!S::user()->hasRights(Group::from('qdj'), Rights::admin())) { return PL_FORBIDDEN; } $qdj = new QDJ(Json::i('id')); $page->jsonAssign('success', false); if (Json::has('date')) { $date = Json::t('date'); if (!$date) { $qdj->date(false); $page->jsonAssign('success', true); } else { try { $qdj->date(new FrankizDateTime($date)); $page->jsonAssign('success', true); } catch (Exception $e) { } } } else { if (Json::has('delete')) { if (Json::b('delete')) { $qdj->delete(); $page->jsonAssign('success', true); } } } return PL_JSON; }
function handler_group_ajax_admin_rights($page) { S::assert_xsrf_token(); $group = Group::fromId(Json::i('gid')); $user = User::fromId(Json::i('uid')); if ($group && $user) { if (S::user()->isMe($user) && !S::user()->isAdmin()) { $page->jsonAssign('msg', 'On ne peut pas changer ses propres droits'); } else { if (S::user()->hasRights($group, Rights::admin()) || S::user()->isWeb()) { $group->select(GroupSelect::subscribe()); $rights = new Rights(Json::s('rights')); $caste = $group->caste($rights); if ($caste->userfilter()) { $page->jsonAssign('msg', 'Ce droit est défini de manière logique.'); } else { // Log the event if involving admin rights if ($rights->isMe(Rights::admin())) { S::logger()->log('groups/admin/rights', array('gid' => $group->id(), 'uid' => $user->id(), 'cid' => $caste->id(), 'add' => Json::b('add'))); } if (Json::b('add')) { $caste->addUser($user); } else { $caste->removeUser($user); } } } } } return PL_JSON; }