forked from hypercities/hypercities
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathqueryPrivilege.php
More file actions
78 lines (65 loc) · 2.9 KB
/
queryPrivilege.php
File metadata and controls
78 lines (65 loc) · 2.9 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
<?php
include_once('includes/connect_db.inc');
include_once('includes/util.inc');
include_once('includes/dbUtil.inc');
include_once("includes/serverSession.inc");
//test case
//$_POST['objectId'] = 14704;
//$_POST['isAdmin'] = 0;
//session_start();
cServerSession::start();
HC_checkReferer();
$HC_POST = HC_cleanInput($_POST, array("objectId" => "int", "isAdmin" => "int"),
array("objectId", "isAdmin"), NULL);
$isAdmin = $HC_POST['isAdmin'];
$objectId = $HC_POST['objectId'];
$sql = "SELECT object_state_id FROM `objects` AS o WHERE o.id = $objectId";
$result = sqlCommand($sql);
$objectState = $result[0]['object_state_id'];
$sql = "SELECT * FROM `objects_users` AS ou, `users` AS u WHERE ou.object_id ="
." $objectId AND u.id = ou.user_id";
$result = sqlCommand($sql);
$dom = new DomDocument('1.0','utf-8');
$folder = $dom->appendChild($dom->createElement('Folder'));
foreach ($result as $row) {
$privilege = $folder->appendChild($dom->createElement('privilege'));
$objectId = $privilege->appendChild($dom->createElement('objectId'));
$objectId->appendChild($dom->createTextNode($row['object_id']));
$userId = $privilege->appendChild($dom->createElement('userId'));
$userId->appendChild($dom->createTextNode($row['userId']));
$username = $privilege->appendChild($dom->createElement('username'));
$username->appendChild($dom->createTextNode($row['nickname']));
$accessId = $privilege->appendChild($dom->createElement('accessId'));
$accessId->appendChild($dom->createTextNode($row['access_right_id']));
}
if($isAdmin) {
//select all users who do not have an objects_users entry for this object
$objectId = $HC_POST['objectId'];
$sql = "SELECT * FROM `users` AS u WHERE u.id NOT IN (SELECT user_id"
." FROM `objects_users` AS ou WHERE ou.object_id = $objectId)";
$result = sqlCommand($sql);
foreach ($result as $row) {
$privilege = $folder->appendChild($dom->createElement('privilege'));
$objectIdNode = $privilege->appendChild($dom->createElement('objectId'));
$objectIdNode->appendChild($dom->createTextNode($objectId));
$userId = $privilege->appendChild($dom->createElement('userId'));
$userId->appendChild($dom->createTextNode($row['id']));
$username = $privilege->appendChild($dom->createElement('username'));
$username->appendChild($dom->createTextNode($row['nickname']));
$accessId = $privilege->appendChild($dom->createElement('accessId'));
//create default access privilege
//default privilege for public object: view
//default privilege for protected object: view
//default privilege for hidden object: none
if ($objectState == HC_OBJECT_PUBLIC)
$accessId->appendChild($dom->createTextNode(1));
else if ($objectState == HC_OBJECT_PRIVATE)
$accessId->appendChild($dom->createTextNode(1));
else if ($objectState == HC_OBJECT_HIDDEN)
$accessId->appendChild($dom->createTextNode(0));
}
}
$dom->formatOutput = true;
header('Content-type: application/xml');
echo $dom->saveXML();
?>