server/settings/ajax/togglegroups.php
Lukas Reschke a7df23ceba Manually type-case all AJAX files
This enforces proper types on POST and GET arguments where I considered it sensible. I didn't update some as I don't know what kind of values they would support 🙈

Fixes https://github.com/owncloud/core/issues/14196 for core
2015-02-13 13:33:20 +01:00

53 lines
1.5 KiB
PHP

<?php
OC_JSON::checkSubAdminUser();
OCP\JSON::callCheck();
$success = true;
$username = (string)$_POST['username'];
$group = (string)$_POST['group'];
if($username === OC_User::getUser() && $group === "admin" && OC_User::isAdminUser($username)) {
$l = \OC::$server->getL10N('core');
OC_JSON::error(array( 'data' => array( 'message' => $l->t('Admins can\'t remove themself from the admin group'))));
exit();
}
if(!OC_User::isAdminUser(OC_User::getUser())
&& (!OC_SubAdmin::isUserAccessible(OC_User::getUser(), $username)
|| !OC_SubAdmin::isGroupAccessible(OC_User::getUser(), $group))) {
$l = \OC::$server->getL10N('core');
OC_JSON::error(array( 'data' => array( 'message' => $l->t('Authentication error') )));
exit();
}
if(!OC_Group::groupExists($group)) {
OC_Group::createGroup($group);
}
$l = \OC::$server->getL10N('settings');
$error = $l->t("Unable to add user to group %s", $group);
$action = "add";
// Toggle group
if( OC_Group::inGroup( $username, $group )) {
$action = "remove";
$error = $l->t("Unable to remove user from group %s", $group);
$success = OC_Group::removeFromGroup( $username, $group );
$usersInGroup=OC_Group::usersInGroup($group);
if(count($usersInGroup) === 0) {
OC_Group::deleteGroup($group);
}
}
else{
$success = OC_Group::addToGroup( $username, $group );
}
// Return Success story
if( $success ) {
OC_JSON::success(array("data" => array( "username" => $username, "action" => $action, "groupname" => $group )));
}
else{
OC_JSON::error(array("data" => array( "message" => $error )));
}