| commit | author | age | ||
| b493d1 | 1 | <?php |
| MC | 2 | |
| 3 | /* | |
| 4 | Copyright (c) 2007 - 2013, Till Brehm, projektfarm Gmbh | |
| 5 | All rights reserved. | |
| 6 | ||
| 7 | Redistribution and use in source and binary forms, with or without modification, | |
| 8 | are permitted provided that the following conditions are met: | |
| 9 | ||
| 10 | * Redistributions of source code must retain the above copyright notice, | |
| 11 | this list of conditions and the following disclaimer. | |
| 12 | * Redistributions in binary form must reproduce the above copyright notice, | |
| 13 | this list of conditions and the following disclaimer in the documentation | |
| 14 | and/or other materials provided with the distribution. | |
| 15 | * Neither the name of ISPConfig nor the names of its contributors | |
| 16 | may be used to endorse or promote products derived from this software without | |
| 17 | specific prior written permission. | |
| 18 | ||
| 19 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND | |
| 20 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED | |
| 21 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | |
| 22 | IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, | |
| 23 | INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, | |
| 24 | BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | |
| 25 | DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY | |
| 26 | OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING | |
| 27 | NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, | |
| 28 | EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
| 29 | ||
| 30 | --UPDATED 08.2009-- | |
| 31 | Full SOAP support for ISPConfig 3.1.4 b | |
| 32 | Updated by Arkadiusz Roch & Artur Edelman | |
| 33 | Copyright (c) Tri-Plex technology | |
| 34 | ||
| 35 | --UPDATED 08.2013-- | |
| 36 | Migrated into new remote classes system | |
| 37 | by Marius Cramer <m.cramer@pixcept.de> | |
| 38 | ||
| 39 | */ | |
| 40 | ||
| 41 | class remoting_admin extends remoting { | |
| 42 | ||
| 43 | /** | |
| 44 | * set record permissions in any table | |
| 45 | * @param string session_id | |
| 46 | * @param string index_field | |
| 47 | * @param string index_value | |
| 48 | * @param array permissions | |
| 49 | * @author "ispcomm", improved by M. Cramer <m.cramer@pixcept.de> | |
| 50 | */ | |
| 51 | public function update_record_permissions($tablename, $index_field, $index_value, $permissions) { | |
| 52 | global $app; | |
| 53 | ||
| 54 | if(!$this->checkPerm($session_id, 'admin_record_permissions')) { | |
| 55 | $this->server->fault('permission_denied', 'You do not have the permissions to access this function.'); | |
| 56 | return false; | |
| 57 | } | |
| 58 | ||
| 59 | foreach($permissions as $key => $value) { // make sure only sys_ fields are updated | |
| 60 | switch($key) { | |
| 61 | case 'sys_userid': | |
| 62 | // check if userid is valid | |
| cc7a82 | 63 | $check = $app->db->queryOneRecord('SELECT userid FROM sys_user WHERE userid = ?', $app->functions->intval($value)); |
| b493d1 | 64 | if(!$check || !$check['userid']) { |
| MC | 65 | $this->server->fault('invalid parameters', $value . ' is no valid sys_userid.'); |
| 66 | return false; | |
| 67 | } | |
| 09549a | 68 | $permissions[$key] = $app->functions->intval($value); |
| b493d1 | 69 | break; |
| MC | 70 | case 'sys_groupid': |
| 71 | // check if groupid is valid | |
| cc7a82 | 72 | $check = $app->db->queryOneRecord('SELECT groupid FROM sys_group WHERE groupid = ?', $app->functions->intval($value)); |
| b493d1 | 73 | if(!$check || !$check['groupid']) { |
| MC | 74 | $this->server->fault('invalid parameters', $value . ' is no valid sys_groupid.'); |
| 75 | return false; | |
| 76 | } | |
| 09549a | 77 | $permissions[$key] = $app->functions->intval($value); |
| b493d1 | 78 | break; |
| MC | 79 | case 'sys_perm_user': |
| 80 | case 'sys_perm_group': | |
| 81 | // check if permissions are valid | |
| 82 | $value = strtolower($value); | |
| 83 | if(!preg_match('/^[riud]+$/', $value)) { | |
| 84 | $this->server->fault('invalid parameters', $value . ' is no valid permission string.'); | |
| 85 | return false; | |
| 86 | } | |
| 87 | ||
| 88 | $newvalue = ''; | |
| 89 | if(strpos($value, 'r') !== false) $newvalue .= 'r'; | |
| 90 | if(strpos($value, 'i') !== false) $newvalue .= 'i'; | |
| 91 | if(strpos($value, 'u') !== false) $newvalue .= 'u'; | |
| 92 | if(strpos($value, 'd') !== false) $newvalue .= 'd'; | |
| 09549a | 93 | $permissions[$key] = $newvalue; |
| b493d1 | 94 | unset($newvalue); |
| MC | 95 | |
| 96 | break; | |
| 97 | default: | |
| 98 | $this->server->fault('invalid parameters', 'Only sys_userid, sys_groupid, sys_perm_user and sys_perm_group parameters can be changed with this function.'); | |
| 99 | break; | |
| 100 | } | |
| 101 | } | |
| 102 | ||
| 103 | return $app->db->datalogUpdate( $tablename, $permissions, $index_field, $index_value ) ; | |
| 104 | } | |
| 105 | ||
| 106 | ||
| 107 | } | |
| 108 | ||
| 109 | ?> | |
