mirror of
https://github.com/tuxis-ie/nsedit.git
synced 2025-04-20 20:13:40 +03:00
121 lines
4 KiB
PHP
121 lines
4 KiB
PHP
<?php
|
|
|
|
include_once('includes/config.inc.php');
|
|
include_once('includes/session.inc.php');
|
|
include_once('includes/misc.inc.php');
|
|
|
|
if (!is_csrf_safe()) {
|
|
header('Status: 403');
|
|
header('Location: ./index.php');
|
|
jtable_respond(null, 'error', "Authentication required");
|
|
}
|
|
|
|
$zoneid = isset($_GET['zoneid']) ? $_GET['zoneid'] : '';
|
|
|
|
if (!is_adminuser()) {
|
|
header('Status: 403');
|
|
jtable_respond(null, 'error', "You need admin privileges to get here");
|
|
}
|
|
|
|
if (!isset($_GET['action'])) {
|
|
header('Status: 400');
|
|
jtable_respond(null, 'error', 'No action given');
|
|
}
|
|
|
|
switch ($_GET['action']) {
|
|
|
|
case "list":
|
|
|
|
if ($zoneid != '') {
|
|
$permissions = get_zone_permissions($zoneid);
|
|
jtable_respond($permissions);
|
|
} else {
|
|
jtable_respond(null, 'error', 'Zone id required');
|
|
}
|
|
break;
|
|
|
|
case "add":
|
|
$type = isset($_POST['type']) ? $_POST['type'] : '';
|
|
$value = isset($_POST['value']) ? $_POST['value'] : '';
|
|
$permissions = isset($_POST['permissions']) ? $_POST['permissions'] : '';
|
|
$zone = isset($_GET['zoneid']) ? $_GET['zoneid'] : '';
|
|
|
|
if ($zoneid != '') {
|
|
if($type == 'user') {
|
|
if (user_exists($value)) {
|
|
$userid=get_user_id($value);
|
|
if(!is_null(user_permissions($zone,$userid))) {
|
|
jtable_respond(null, 'error', "User already has permissions set for this zone");
|
|
} elseif(!is_null($id=set_permissions($userid,null,$zone,$permissions))) {
|
|
$entry = array('id' => $id, 'type' => 'user', 'value' => $value, 'permissions' => $permissions);
|
|
jtable_respond($entry, 'single');
|
|
} else {
|
|
jtable_respond(null, 'error', "Failed to set permissions");
|
|
}
|
|
} else {
|
|
jtable_respond(null, 'error', "User doesn't exist");
|
|
}
|
|
} else {
|
|
if (group_exists($value)) {
|
|
$groupid=get_group_id($value);
|
|
if(!is_null(group_permissions($zone,$groupid))) {
|
|
jtable_respond(null, 'error', "Group already has permissions set for this zone");
|
|
} elseif(!is_null($id=set_permissions(null,$groupid,$zone,$permissions))) {
|
|
$entry = array('id' => $id, 'type' => 'group', 'value' => $value, 'permissions' => $permissions);
|
|
jtable_respond($entry, 'single');
|
|
} else {
|
|
jtable_respond(null, 'error', "Failed to set permissions");
|
|
}
|
|
} else {
|
|
jtable_respond(null, 'error', "Group doesn't exist");
|
|
}
|
|
}
|
|
} else {
|
|
jtable_respond(null, 'error', 'Zone not specified');
|
|
}
|
|
break;
|
|
|
|
case "remove":
|
|
$id = isset($_POST['id']) ? $_POST['id'] : '';
|
|
|
|
if ($id != '') {
|
|
if(remove_permissions($id)) {
|
|
jtable_respond(null, 'delete');
|
|
} else {
|
|
jtable_respond(null, 'error', "Failed to remove permissions");
|
|
}
|
|
} else {
|
|
jtable_respond(null, 'error', 'ID not specified');
|
|
}
|
|
break;
|
|
|
|
case "update":
|
|
$id = isset($_POST['id']) ? $_POST['id'] : '';
|
|
$permissions = isset($_POST['permissions']) ? intval($_POST['permissions']) : 0;
|
|
if ($id != '') {
|
|
if(update_permissions($id,$permissions)) {
|
|
$result = array('id' => $id, 'permissions' => $permissions);
|
|
jtable_respond($result, 'single');
|
|
} else {
|
|
jtable_respond(null, 'error', 'Failed to set permissions');
|
|
}
|
|
} else {
|
|
jtable_respond(null, 'error', 'ID not specified');
|
|
}
|
|
|
|
case "autocomplete":
|
|
$type = isset($_GET['type']) ? $_GET['type'] : '';
|
|
$term = isset($_GET['term']) ? $_GET['term'] : '';
|
|
if($type == 'user') {
|
|
$users=get_usernames_filtered($term);
|
|
print json_encode($users);
|
|
} else {
|
|
$groups=get_groups_filtered($term);
|
|
print json_encode($groups);
|
|
}
|
|
break;
|
|
|
|
default:
|
|
jtable_respond(null, 'error', 'Invalid action');
|
|
break;
|
|
}
|