179 lines
6.1 KiB
PHP
179 lines
6.1 KiB
PHP
<?php
|
|
/**
|
|
|
|
|
|
|
|
* @package Campcaster
|
|
* @subpackage StorageServer
|
|
* @copyright 2010 Sourcefabric O.P.S.
|
|
* @license http://www.gnu.org/licenses/gpl.txt
|
|
|
|
*/
|
|
require_once("alib_h.php");
|
|
|
|
#echo"<pre>\nGET:\n"; print_r($_GET); echo"POST:\n"; print_r($_POST); exit;
|
|
|
|
function getPGval($vn, $dfl='')
|
|
{
|
|
return (isset($_POST[$vn])?$_POST[$vn]:(isset($_GET[$vn])?$_GET[$vn]:$dfl));
|
|
}
|
|
|
|
$userid = Alib::GetSessUserId($_REQUEST['alibsid']);
|
|
$login = Alib::GetSessLogin($_REQUEST['alibsid']);
|
|
|
|
$redirUrl="alibExTree.php".(($reid=getPGval('reid', '')) ? "?id=$reid":"");
|
|
$act = getPGval('act', 'nop');
|
|
switch ($act) {
|
|
case "login";
|
|
if ($sessid = Alib::Login($_POST['login'], $_POST['pass'])) {
|
|
setcookie('alibsid', $sessid);
|
|
$redirUrl="alibExTree.php";
|
|
} else {
|
|
$redirUrl="alibExLogin.php"; $_SESSION['alertMsg']='Login failed.';
|
|
}
|
|
break;
|
|
case "logout";
|
|
$r = Alib::Logout($_REQUEST['alibsid']);
|
|
if (PEAR::isError($r)) {
|
|
$_SESSION['alertMsg'] = $r->getMessage().", ".$r->getUserInfo();
|
|
}
|
|
setcookie('alibsid', '');
|
|
$redirUrl="alibExLogin.php";
|
|
break;
|
|
case "addNode";
|
|
if (Alib::CheckPerm($userid, 'addChilds', $_POST['id'])
|
|
&& $_POST['type']!=''
|
|
&& $_POST['name']!='') {
|
|
$position = ($_POST['position']=='I' ? null : $_POST['position']);
|
|
$oid = M2tree::AddObj($_POST['name'], $_POST['type'], $_POST['id']);
|
|
if (PEAR::isError($oid)) {
|
|
$_SESSION['alertMsg'] =
|
|
$oid->getMessage().", ".$oid->getUserInfo();
|
|
} else {
|
|
$r = Alib::AddPerm($userid, '_all', $oid);
|
|
}
|
|
if (PEAR::isError($r)) {
|
|
$_SESSION['alertMsg'] = $r->getMessage().", ".$r->getUserInfo();
|
|
}
|
|
} else {
|
|
$_SESSION['alertMsg'] = 'Access denied.';
|
|
}
|
|
break;
|
|
case "deleteNode";
|
|
if (Alib::CheckPerm($userid, 'delete', $_REQUEST['id'])) {
|
|
Alib::RemoveObj($_GET['id']);
|
|
} else {
|
|
$_SESSION['alertMsg'] = 'Access denied.';
|
|
}
|
|
break;
|
|
case "addPerm";
|
|
$a = ObjClasses::IsClass($_POST['id']) ? 'classes':'editPerms';
|
|
$id = ObjClasses::IsClass($_POST['id']) ? '':$_POST['id'];
|
|
if (Alib::CheckPerm($userid, $a, $id)) {
|
|
Alib::AddPerm(
|
|
$_POST['subj'], $_POST['permAction'],
|
|
$_POST['id'], $_POST['allowDeny']
|
|
);
|
|
} else {
|
|
$_SESSION['alertMsg']='Access denied.';
|
|
}
|
|
$redirUrl = "alibExPerms.php".
|
|
(($reid=getPGval('reid', '')) ? "?id=$reid":"");
|
|
break;
|
|
case "removePerm";
|
|
$a = ObjClasses::IsClass($_REQUEST['oid']) ? 'classes':'editPerms';
|
|
$oid = ObjClasses::IsClass($_REQUEST['oid']) ? NULL:$_REQUEST['oid'];
|
|
if (Alib::CheckPerm($userid, $a, $oid)) {
|
|
Alib::RemovePerm($_GET['permid']);
|
|
} else {
|
|
$_SESSION['alertMsg']='Access denied.';
|
|
}
|
|
$redirUrl =
|
|
($_REQUEST['reurl']==plist ? "alibExPList.php":"alibExPerms.php").
|
|
(($reid=getPGval('reid', '')) ? "?id=$reid":"");
|
|
break;
|
|
case "checkPerm";
|
|
$res = Alib::CheckPerm(
|
|
$_POST['subj'], $_POST['permAction'], $_POST['obj']
|
|
);
|
|
$_SESSION['alertMsg'] = ($res ? "permitted: ":"DENIED: ").
|
|
" {$_POST['permAction']} for ".Subjects::GetSubjName($_POST['subj']).
|
|
" on ".M2tree::GetObjName($_POST['obj']);
|
|
$_SESSION['lastPost']=$_POST;
|
|
$redirUrl = "alibExLogin.php";
|
|
break;
|
|
case "addClass";
|
|
if (Alib::CheckPerm($userid, 'classes')) {
|
|
ObjClasses::AddClass($_POST['name']);
|
|
} else {
|
|
$_SESSION['alertMsg'] = 'Access denied.';
|
|
}
|
|
$redirUrl="alibExCls.php";
|
|
break;
|
|
case "removeClass";
|
|
if (Alib::CheckPerm($userid, 'classes')) {
|
|
ObjClasses::RemoveClassById($_GET['id']);
|
|
} else {
|
|
$_SESSION['alertMsg']='Access denied.';
|
|
}
|
|
$redirUrl = "alibExCls.php";
|
|
break;
|
|
case "addSubj";
|
|
if (Alib::CheckPerm($userid, 'subjects')) {
|
|
Subjects::AddSubj($_POST['login'], $_POST['pass']);
|
|
} else {
|
|
$_SESSION['alertMsg']='Access denied.';
|
|
}
|
|
$redirUrl = "alibExSubj.php";
|
|
break;
|
|
case "removeSubj";
|
|
if (Alib::CheckPerm($userid, 'subjects')) {
|
|
Alib::RemoveSubj($_GET['login']);
|
|
} else {
|
|
$_SESSION['alertMsg']='Access denied.';
|
|
}
|
|
$redirUrl = "alibExSubj.php";
|
|
break;
|
|
case "addSubj2Gr";
|
|
if (Alib::CheckPerm($userid, 'subjects')) {
|
|
Subjects::AddSubjectToGroup($_POST['login'], $_POST['gname']);
|
|
} else {
|
|
$_SESSION['alertMsg'] = 'Access denied.';
|
|
}
|
|
$redirUrl = "alibExSubj.php".
|
|
(($id=getPGval('reid', '')) ? "?id=$reid":"");
|
|
break;
|
|
case "removeSubjFromGr";
|
|
if (Alib::CheckPerm($userid, 'subjects')) {
|
|
Subjects::RemoveSubjectFromGroup($_GET['login'], $_GET['gname']);
|
|
} else {
|
|
$_SESSION['alertMsg']='Access denied.';
|
|
}
|
|
$redirUrl = "alibExSubj.php".
|
|
(($id=getPGval('reid', '')) ? "?id=$reid":"");
|
|
break;
|
|
case "addObj2Class";
|
|
if (Alib::CheckPerm($userid, 'classes')) {
|
|
ObjClasses::AddObjectToClass($_POST['id'], $_POST['oid']);
|
|
} else {
|
|
$_SESSION['alertMsg']='Access denied. X1';
|
|
}
|
|
$redirUrl="alibExCls.php".(($id=getPGval('id', '')) ? "?id=$id":"");
|
|
break;
|
|
case "removeObjFromClass";
|
|
$id = getPGval('id', '');
|
|
if (Alib::CheckPerm($userid, 'classes')) {
|
|
ObjClasses::RemoveObjectFromClass($_GET['oid'], $id);
|
|
} else {
|
|
$_SESSION['alertMsg'] = 'Access denied.';
|
|
}
|
|
$redirUrl = "alibExCls.php".($id ? "?id=$id":"");
|
|
break;
|
|
default:
|
|
$_SESSION['alertMsg']="Unknown method: $act";
|
|
}
|
|
|
|
require_once("alib_f.php");
|
|
|
|
header("Location: $redirUrl");
|
|
?>
|