diff options
Diffstat (limited to '')
-rw-r--r-- | web/xmlrpc.php | 1755 |
1 files changed, 1755 insertions, 0 deletions
diff --git a/web/xmlrpc.php b/web/xmlrpc.php new file mode 100644 index 0000000..fc0c575 --- /dev/null +++ b/web/xmlrpc.php | |||
@@ -0,0 +1,1755 @@ | |||
1 | <?php | ||
2 | // ini_set("display_errors",0); | ||
3 | /* | ||
4 | Actual failures that result in mysql or php errors should be returned as: | ||
5 | |||
6 | return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE)); | ||
7 | |||
8 | Methods that run without errors, but do not have the intended result should return as: | ||
9 | |||
10 | return array('succeed' => 'false', 'message' => 'No Groups Found', 'params' => var_export($params, TRUE)); | ||
11 | |||
12 | or if applicable: | ||
13 | |||
14 | return array('succeed' => 'false', 'message' => 'What went wrong', 'params' => var_export($params, TRUE), 'sql' => $sql); | ||
15 | */ | ||
16 | |||
17 | include("phpxmlrpclib/xmlrpc.inc"); | ||
18 | include("phpxmlrpclib/xmlrpcs.inc"); | ||
19 | |||
20 | include("../config/os_flotsam_config.php"); | ||
21 | include("../config/os_modules_mysql.php"); | ||
22 | |||
23 | |||
24 | $groupPowers = array( | ||
25 | 'None' => '0', | ||
26 | /// <summary>Can send invitations to groups default role</summary> | ||
27 | 'Invite' => '2', | ||
28 | /// <summary>Can eject members from group</summary> | ||
29 | 'Eject' => '4', | ||
30 | /// <summary>Can toggle 'Open Enrollment' and change 'Signup fee'</summary> | ||
31 | 'ChangeOptions' => '8', | ||
32 | /// <summary>Can create new roles</summary> | ||
33 | 'CreateRole' => '16', | ||
34 | /// <summary>Can delete existing roles</summary> | ||
35 | 'DeleteRole' => '32', | ||
36 | /// <summary>Can change Role names, titles and descriptions</summary> | ||
37 | 'RoleProperties' => '64', | ||
38 | /// <summary>Can assign other members to assigners role</summary> | ||
39 | 'AssignMemberLimited' => '128', | ||
40 | /// <summary>Can assign other members to any role</summary> | ||
41 | 'AssignMember' => '256', | ||
42 | /// <summary>Can remove members from roles</summary> | ||
43 | 'RemoveMember' => '512', | ||
44 | /// <summary>Can assign and remove abilities in roles</summary> | ||
45 | 'ChangeActions' => '1024', | ||
46 | /// <summary>Can change group Charter, Insignia, 'Publish on the web' and which | ||
47 | /// members are publicly visible in group member listings</summary> | ||
48 | 'ChangeIdentity' => '2048', | ||
49 | /// <summary>Can buy land or deed land to group</summary> | ||
50 | 'LandDeed' => '4096', | ||
51 | /// <summary>Can abandon group owned land to Governor Linden on mainland, or Estate owner for | ||
52 | /// private estates</summary> | ||
53 | 'LandRelease' => '8192', | ||
54 | /// <summary>Can set land for-sale information on group owned parcels</summary> | ||
55 | 'LandSetSale' => '16384', | ||
56 | /// <summary>Can subdivide and join parcels</summary> | ||
57 | 'LandDivideJoin' => '32768', | ||
58 | /// <summary>Can join group chat sessions</summary> | ||
59 | 'JoinChat' => '65536', | ||
60 | /// <summary>Can toggle "Show in Find Places" and set search category</summary> | ||
61 | 'FindPlaces' => '131072', | ||
62 | /// <summary>Can change parcel name, description, and 'Publish on web' settings</summary> | ||
63 | 'LandChangeIdentity' => '262144', | ||
64 | /// <summary>Can set the landing point and teleport routing on group land</summary> | ||
65 | 'SetLandingPoint' => '524288', | ||
66 | /// <summary>Can change music and media settings</summary> | ||
67 | 'ChangeMedia' => '1048576', | ||
68 | /// <summary>Can toggle 'Edit Terrain' option in Land settings</summary> | ||
69 | 'LandEdit' => '2097152', | ||
70 | /// <summary>Can toggle various About Land > Options settings</summary> | ||
71 | 'LandOptions' => '4194304', | ||
72 | /// <summary>Can always terraform land, even if parcel settings have it turned off</summary> | ||
73 | 'AllowEditLand' => '8388608', | ||
74 | /// <summary>Can always fly while over group owned land</summary> | ||
75 | 'AllowFly' => '16777216', | ||
76 | /// <summary>Can always rez objects on group owned land</summary> | ||
77 | 'AllowRez' => '33554432', | ||
78 | /// <summary>Can always create landmarks for group owned parcels</summary> | ||
79 | 'AllowLandmark' => '67108864', | ||
80 | /// <summary>Can use voice chat in Group Chat sessions</summary> | ||
81 | 'AllowVoiceChat' => '134217728', | ||
82 | /// <summary>Can set home location on any group owned parcel</summary> | ||
83 | 'AllowSetHome' => '268435456', | ||
84 | /// <summary>Can modify public access settings for group owned parcels</summary> | ||
85 | 'LandManageAllowed' => '536870912', | ||
86 | /// <summary>Can manager parcel ban lists on group owned land</summary> | ||
87 | 'LandManageBanned' => '1073741824', | ||
88 | /// <summary>Can manage pass list sales information</summary> | ||
89 | 'LandManagePasses' => '2147483648', | ||
90 | /// <summary>Can eject and freeze other avatars on group owned land</summary> | ||
91 | 'LandEjectAndFreeze' => '4294967296', | ||
92 | /// <summary>Can return objects set to group</summary> | ||
93 | 'ReturnGroupSet' => '8589934592', | ||
94 | /// <summary>Can return non-group owned/set objects</summary> | ||
95 | 'ReturnNonGroup' => '17179869184', | ||
96 | /// <summary>Can landscape using Linden plants</summary> | ||
97 | 'LandGardening' => '34359738368', | ||
98 | /// <summary>Can deed objects to group</summary> | ||
99 | 'DeedObject' => '68719476736', | ||
100 | /// <summary>Can moderate group chat sessions</summary> | ||
101 | 'ModerateChat' => '137438953472', | ||
102 | /// <summary>Can move group owned objects</summary> | ||
103 | 'ObjectManipulate' => '274877906944', | ||
104 | /// <summary>Can set group owned objects for-sale</summary> | ||
105 | 'ObjectSetForSale' => '549755813888', | ||
106 | /// <summary>Pay group liabilities and receive group dividends</summary> | ||
107 | 'Accountable' => '1099511627776', | ||
108 | /// <summary>Can send group notices</summary> | ||
109 | 'SendNotices' => '4398046511104', | ||
110 | /// <summary>Can receive group notices</summary> | ||
111 | 'ReceiveNotices' => '8796093022208', | ||
112 | /// <summary>Can create group proposals</summary> | ||
113 | 'StartProposal' => '17592186044416', | ||
114 | /// <summary>Can vote on group proposals</summary> | ||
115 | 'VoteOnProposal' => '35184372088832', | ||
116 | /// <summary>Can return group owned objects</summary> | ||
117 | 'ReturnGroupOwned' => '281474976710656', | ||
118 | /// <summary>Members are visible to non-owners</summary> | ||
119 | 'RoleMembersVisible' => '140737488355328' | ||
120 | ); | ||
121 | |||
122 | $uuidZero = "00000000-0000-0000-0000-000000000000"; | ||
123 | |||
124 | $groupDBCon = mysql_connect($DB_HOST,$DB_USER,$DB_PASSWORD); | ||
125 | if (!$groupDBCon) | ||
126 | { | ||
127 | die('Could not connect: ' . mysql_error()); | ||
128 | } | ||
129 | mysql_select_db($DB_NAME, $groupDBCon); | ||
130 | |||
131 | // This is filled in by secure() | ||
132 | $requestingAgent = $uuidZero; | ||
133 | |||
134 | function test() | ||
135 | { | ||
136 | return array('name' => 'Joe','age' => 27); | ||
137 | } | ||
138 | |||
139 | // Use a common signature for all the group functions -> struct foo($struct) | ||
140 | $common_sig = array(array($xmlrpcStruct, $xmlrpcStruct)); | ||
141 | |||
142 | function createGroup($params) | ||
143 | { | ||
144 | if( is_array($error = secureRequest($params, TRUE)) ) | ||
145 | { | ||
146 | return $error; | ||
147 | } | ||
148 | |||
149 | global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon; | ||
150 | |||
151 | $groupID = $params["GroupID"]; | ||
152 | $name = $params["Name"]; | ||
153 | $charter = $params["Charter"]; | ||
154 | $insigniaID = $params["InsigniaID"]; | ||
155 | $founderID = $params["FounderID"]; | ||
156 | $membershipFee = $params["MembershipFee"]; | ||
157 | $openEnrollment = $params["OpenEnrollment"]; | ||
158 | $showInList = $params["ShowInList"]; | ||
159 | $allowPublish = $params["AllowPublish"]; | ||
160 | $maturePublish = $params["MaturePublish"]; | ||
161 | $ownerRoleID = $params["OwnerRoleID"]; | ||
162 | $everyonePowers = $params["EveryonePowers"]; | ||
163 | $ownersPowers = $params["OwnersPowers"]; | ||
164 | |||
165 | $escapedParams = array_map("mysql_real_escape_string", $params); | ||
166 | $escapedGroupID = $escapedParams["GroupID"]; | ||
167 | $escapedName = $escapedParams["Name"]; | ||
168 | $escapedCharter = $escapedParams["Charter"]; | ||
169 | $escapedInsigniaID = $escapedParams["InsigniaID"]; | ||
170 | $escapedFounderID = $escapedParams["FounderID"]; | ||
171 | $escapedMembershipFee = $escapedParams["MembershipFee"]; | ||
172 | $escapedOpenEnrollment = $escapedParams["OpenEnrollment"]; | ||
173 | $escapedShowInList = $escapedParams["ShowInList"]; | ||
174 | $escapedAllowPublish = $escapedParams["AllowPublish"]; | ||
175 | $escapedMaturePublish = $escapedParams["MaturePublish"]; | ||
176 | $escapedOwnerRoleID = $escapedParams["OwnerRoleID"]; | ||
177 | |||
178 | // Create group | ||
179 | $sql = "INSERT INTO osgroup | ||
180 | (GroupID, Name, Charter, InsigniaID, FounderID, MembershipFee, OpenEnrollment, ShowInList, AllowPublish, MaturePublish, OwnerRoleID) | ||
181 | VALUES | ||
182 | ('$escapedGroupID', '$escapedName', '$escapedCharter', '$escapedInsigniaID', '$escapedFounderID', $escapedMembershipFee, $escapedOpenEnrollment, $escapedShowInList, $escapedAllowPublish, $escapedMaturePublish, '$escapedOwnerRoleID')"; | ||
183 | |||
184 | if (!mysql_query($sql, $groupDBCon)) | ||
185 | { | ||
186 | return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE)); | ||
187 | } | ||
188 | |||
189 | // Create Everyone Role | ||
190 | // NOTE: FIXME: This is a temp fix until the libomv enum for group powers is fixed in OpenSim | ||
191 | |||
192 | $result = _addRoleToGroup(array('GroupID' => $groupID, 'RoleID' => $uuidZero, 'Name' => 'Everyone', 'Description' => 'Everyone in the group is in the everyone role.', 'Title' => "Member of $name", 'Powers' => $everyonePowers)); | ||
193 | if( isset($result['error']) ) | ||
194 | { | ||
195 | return $result; | ||
196 | } | ||
197 | |||
198 | // Create Owner Role | ||
199 | $result = _addRoleToGroup(array('GroupID' => $groupID, 'RoleID' => $ownerRoleID, 'Name' => 'Owners', 'Description' => "Owners of $name", 'Title' => "Owner of $name", 'Powers' => $ownersPowers)); | ||
200 | if( isset($result['error']) ) | ||
201 | { | ||
202 | return $result; | ||
203 | } | ||
204 | |||
205 | // Add founder to group, will automatically place them in the Everyone Role, also places them in specified Owner Role | ||
206 | $result = _addAgentToGroup(array('AgentID' => $founderID, 'GroupID' => $groupID, 'RoleID' => $ownerRoleID)); | ||
207 | if( isset($result['error']) ) | ||
208 | { | ||
209 | return $result; | ||
210 | } | ||
211 | |||
212 | // Select the owner's role for the founder | ||
213 | $result = _setAgentGroupSelectedRole(array('AgentID' => $founderID, 'RoleID' => $ownerRoleID, 'GroupID' => $groupID)); | ||
214 | if( isset($result['error']) ) | ||
215 | { | ||
216 | return $result; | ||
217 | } | ||
218 | |||
219 | // Set the new group as the founder's active group | ||
220 | $result = _setAgentActiveGroup(array('AgentID' => $founderID, 'GroupID' => $groupID)); | ||
221 | if( isset($result['error']) ) | ||
222 | { | ||
223 | return $result; | ||
224 | } | ||
225 | |||
226 | return getGroup(array("GroupID"=>$groupID)); | ||
227 | } | ||
228 | |||
229 | // Private method, does not include security, to only be called from places that have already verified security | ||
230 | function _addRoleToGroup($params) | ||
231 | { | ||
232 | $everyonePowers = 8796495740928; // This should now be fixed, when libomv was updated... | ||
233 | |||
234 | global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers; | ||
235 | $groupID = mysql_real_escape_string( $params['GroupID'] ); | ||
236 | $roleID = mysql_real_escape_string( $params['RoleID'] ); | ||
237 | $name = mysql_real_escape_string( $params['Name'] ); | ||
238 | $desc = mysql_real_escape_string( $params['Description'] ); | ||
239 | $title = mysql_real_escape_string( $params['Title'] ); | ||
240 | $powers = mysql_real_escape_string( $params['Powers'] ); | ||
241 | |||
242 | if( !isset($powers) || ($powers == 0) || ($powers == '') ) | ||
243 | { | ||
244 | $powers = $everyonePowers; | ||
245 | } | ||
246 | |||
247 | $sql = " INSERT INTO osrole (GroupID, RoleID, Name, Description, Title, Powers) VALUES " | ||
248 | ." ('$groupID', '$roleID', '$name', '$desc', '$title', $powers)"; | ||
249 | |||
250 | if (!mysql_query($sql, $groupDBCon)) | ||
251 | { | ||
252 | return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error() | ||
253 | , 'method' => 'addRoleToGroup' | ||
254 | , 'params' => var_export($params, TRUE)); | ||
255 | } | ||
256 | |||
257 | return array("success" => "true"); | ||
258 | } | ||
259 | |||
260 | function addRoleToGroup($params) | ||
261 | { | ||
262 | if( is_array($error = secureRequest($params, TRUE)) ) | ||
263 | { | ||
264 | return $error; | ||
265 | } | ||
266 | |||
267 | global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers; | ||
268 | $groupID = $params['GroupID']; | ||
269 | |||
270 | // Verify the requesting agent has permission | ||
271 | if( is_array($error = checkGroupPermission($groupID, $groupPowers['CreateRole'])) ) | ||
272 | { | ||
273 | return $error; | ||
274 | } | ||
275 | |||
276 | return _addRoleToGroup($params); | ||
277 | } | ||
278 | |||
279 | function updateGroupRole($params) | ||
280 | { | ||
281 | if( is_array($error = secureRequest($params, TRUE)) ) | ||
282 | { | ||
283 | return $error; | ||
284 | } | ||
285 | |||
286 | global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers; | ||
287 | $groupID = mysql_real_escape_string( $params['GroupID'] ); | ||
288 | $roleID = mysql_real_escape_string( $params['RoleID'] ); | ||
289 | $name = mysql_real_escape_string( $params['Name'] ); | ||
290 | $desc = mysql_real_escape_string( $params['Description'] ); | ||
291 | $title = mysql_real_escape_string( $params['Title'] ); | ||
292 | $powers = mysql_real_escape_string( $params['Powers'] ); | ||
293 | |||
294 | // Verify the requesting agent has permission | ||
295 | if( is_array($error = checkGroupPermission($groupID, $groupPowers['RoleProperties'])) ) | ||
296 | { | ||
297 | return $error; | ||
298 | } | ||
299 | |||
300 | $sql = " UPDATE osrole SET RoleID = '$roleID' "; | ||
301 | if( isset($params['Name']) ) | ||
302 | { | ||
303 | $sql .= ", Name = '$name'"; | ||
304 | } | ||
305 | if( isset($params['Description']) ) | ||
306 | { | ||
307 | $sql .= ", Description = '$desc'"; | ||
308 | } | ||
309 | if( isset($params['Title']) ) | ||
310 | { | ||
311 | $sql .= ", Title = '$title'"; | ||
312 | } | ||
313 | if( isset($params['Powers']) ) | ||
314 | { | ||
315 | $sql .= ", Powers = $powers"; | ||
316 | } | ||
317 | |||
318 | $sql .= " WHERE GroupID = '$groupID' AND RoleID = '$roleID'"; | ||
319 | |||
320 | if (!mysql_query($sql, $groupDBCon)) | ||
321 | { | ||
322 | return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE)); | ||
323 | } | ||
324 | |||
325 | return array("success" => "true"); | ||
326 | } | ||
327 | |||
328 | function removeRoleFromGroup($params) | ||
329 | { | ||
330 | if( is_array($error = secureRequest($params, TRUE)) ) | ||
331 | { | ||
332 | return $error; | ||
333 | } | ||
334 | |||
335 | global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers; | ||
336 | $groupID = mysql_real_escape_string( $params['GroupID'] ); | ||
337 | $roleID = mysql_real_escape_string( $params['RoleID'] ); | ||
338 | |||
339 | if( is_array($error = checkGroupPermission($groupID, $groupPowers['RoleProperties'])) ) | ||
340 | { | ||
341 | return $error; | ||
342 | } | ||
343 | |||
344 | /// 1. Remove all members from Role | ||
345 | /// 2. Set selected Role to uuidZero for anyone that had the role selected | ||
346 | /// 3. Delete roll | ||
347 | |||
348 | $sql = "DELETE FROM osgrouprolemembership WHERE GroupID = '$groupID' AND RoleID = '$roleID'"; | ||
349 | if (!mysql_query($sql, $groupDBCon)) | ||
350 | { | ||
351 | return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE)); | ||
352 | } | ||
353 | |||
354 | $sql = "UPDATE osgroupmembership SET SelectedRoleID = '$uuidZero' WHERE GroupID = '$groupID' AND SelectedRoleID = '$roleID'"; | ||
355 | if (!mysql_query($sql, $groupDBCon)) | ||
356 | { | ||
357 | return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE)); | ||
358 | } | ||
359 | |||
360 | $sql = "DELETE FROM osrole WHERE GroupID = '$groupID' AND RoleID = '$roleID'"; | ||
361 | if (!mysql_query($sql, $groupDBCon)) | ||
362 | { | ||
363 | return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE)); | ||
364 | } | ||
365 | |||
366 | return array("success" => "true"); | ||
367 | } | ||
368 | |||
369 | function getGroup($params) | ||
370 | { | ||
371 | if( is_array($error = secureRequest($params, FALSE)) ) | ||
372 | { | ||
373 | return $error; | ||
374 | } | ||
375 | |||
376 | return _getGroup($params); | ||
377 | } | ||
378 | |||
379 | function _getGroup($params) | ||
380 | { | ||
381 | global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon; | ||
382 | $sql = " SELECT osgroup.GroupID, osgroup.Name, Charter, InsigniaID, FounderID, MembershipFee, OpenEnrollment, ShowInList, AllowPublish, MaturePublish, OwnerRoleID" | ||
383 | ." , count(osrole.RoleID) as GroupRolesCount, count(osgroupmembership.AgentID) as GroupMembershipCount " | ||
384 | ." FROM osgroup " | ||
385 | ." LEFT JOIN osrole ON (osgroup.GroupID = osrole.GroupID)" | ||
386 | ." LEFT JOIN osgroupmembership ON (osgroup.GroupID = osgroupmembership.GroupID)" | ||
387 | ." WHERE "; | ||
388 | |||
389 | if( isset($params['GroupID']) ) | ||
390 | { | ||
391 | $sql .= "osgroup.GroupID = '" . mysql_real_escape_string($params['GroupID']). "'"; | ||
392 | } | ||
393 | else if( isset($params['Name']) ) | ||
394 | { | ||
395 | $sql .= "osgroup.Name = '" . mysql_real_escape_string($params['Name']) . "'"; | ||
396 | } | ||
397 | else | ||
398 | { | ||
399 | return array("error" => "Must specify GroupID or Name"); | ||
400 | } | ||
401 | |||
402 | $sql .= " GROUP BY osgroup.GroupID, osgroup.name, charter, insigniaID, founderID, membershipFee, openEnrollment, showInList, allowPublish, maturePublish, ownerRoleID"; | ||
403 | |||
404 | $result = mysql_query($sql, $groupDBCon); | ||
405 | |||
406 | if (!$result) | ||
407 | { | ||
408 | return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE)); | ||
409 | } | ||
410 | |||
411 | if (mysql_num_rows($result) == 0) | ||
412 | { | ||
413 | return array('succeed' => 'false', 'error' => 'Group Not Found', 'params' => var_export($params, TRUE), 'sql' => $sql); | ||
414 | } | ||
415 | |||
416 | return mysql_fetch_assoc($result); | ||
417 | } | ||
418 | |||
419 | function updateGroup($params) | ||
420 | { | ||
421 | if( is_array($error = secureRequest($params, TRUE)) ) | ||
422 | { | ||
423 | return $error; | ||
424 | } | ||
425 | |||
426 | global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers; | ||
427 | $groupID = mysql_real_escape_string( $params["GroupID"] ); | ||
428 | $charter = mysql_real_escape_string( $params["Charter"] ); | ||
429 | $insigniaID = mysql_real_escape_string( $params["InsigniaID"] ); | ||
430 | $membershipFee = mysql_real_escape_string( $params["MembershipFee"] ); | ||
431 | $openEnrollment = mysql_real_escape_string( $params["OpenEnrollment"] ); | ||
432 | $showInList = mysql_real_escape_string( $params["ShowInList"] ); | ||
433 | $allowPublish = mysql_real_escape_string( $params["AllowPublish"] ); | ||
434 | $maturePublish = mysql_real_escape_string( $params["MaturePublish"] ); | ||
435 | |||
436 | if( is_array($error = checkGroupPermission($groupID, $groupPowers['ChangeOptions'])) ) | ||
437 | { | ||
438 | return $error; | ||
439 | } | ||
440 | |||
441 | // Create group | ||
442 | $sql = "UPDATE osgroup | ||
443 | SET | ||
444 | Charter = '$charter' | ||
445 | , InsigniaID = '$insigniaID' | ||
446 | , MembershipFee = $membershipFee | ||
447 | , OpenEnrollment= $openEnrollment | ||
448 | , ShowInList = $showInList | ||
449 | , AllowPublish = $allowPublish | ||
450 | , MaturePublish = $maturePublish | ||
451 | WHERE | ||
452 | GroupID = '$groupID'"; | ||
453 | |||
454 | if (!mysql_query($sql, $groupDBCon)) | ||
455 | { | ||
456 | return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE)); | ||
457 | } | ||
458 | |||
459 | return array('success' => 'true'); | ||
460 | } | ||
461 | |||
462 | function findGroups($params) | ||
463 | { | ||
464 | if( is_array($error = secureRequest($params, FALSE)) ) | ||
465 | { | ||
466 | return $error; | ||
467 | } | ||
468 | |||
469 | global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon; | ||
470 | $search = mysql_real_escape_string( $params['Search'] ); | ||
471 | |||
472 | $sql = " SELECT osgroup.GroupID, osgroup.Name, count(osgroupmembership.AgentID) as Members " | ||
473 | ." FROM osgroup LEFT JOIN osgroupmembership ON (osgroup.GroupID = osgroupmembership.GroupID) " | ||
474 | ." WHERE " | ||
475 | ." ( MATCH (osgroup.name) AGAINST ('$search' IN BOOLEAN MODE)" | ||
476 | ." OR osgroup.name LIKE '%$search%'" | ||
477 | ." OR osgroup.name REGEXP '$search'" | ||
478 | ." ) AND ShowInList = 1" | ||
479 | ." GROUP BY osgroup.GroupID, osgroup.Name"; | ||
480 | |||
481 | $result = mysql_query($sql, $groupDBCon); | ||
482 | |||
483 | if (!$result) | ||
484 | { | ||
485 | return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE)); | ||
486 | } | ||
487 | |||
488 | if( mysql_num_rows($result) == 0 ) | ||
489 | { | ||
490 | return array('succeed' => 'false', 'error' => 'No groups found.', 'params' => var_export($params, TRUE), 'sql' => $sql); | ||
491 | } | ||
492 | |||
493 | $results = array(); | ||
494 | |||
495 | while ($row = mysql_fetch_assoc($result)) | ||
496 | { | ||
497 | $groupID = $row['GroupID']; | ||
498 | $results[$groupID] = $row; | ||
499 | } | ||
500 | |||
501 | return array('results' => $results, 'success' => TRUE); | ||
502 | } | ||
503 | |||
504 | function _setAgentActiveGroup($params) | ||
505 | { | ||
506 | global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon; | ||
507 | $agentID = mysql_real_escape_string( $params['AgentID'] ); | ||
508 | $groupID = mysql_real_escape_string( $params['GroupID'] ); | ||
509 | |||
510 | $sql = " UPDATE osagent " | ||
511 | ." SET ActiveGroupID = '$groupID'" | ||
512 | ." WHERE AgentID = '$agentID'"; | ||
513 | |||
514 | if (!mysql_query($sql, $groupDBCon)) | ||
515 | { | ||
516 | return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE)); | ||
517 | } | ||
518 | |||
519 | if( mysql_affected_rows() == 0 ) | ||
520 | { | ||
521 | $sql = " INSERT INTO osagent (ActiveGroupID, AgentID) VALUES " | ||
522 | ." ('$groupID', '$agentID')"; | ||
523 | |||
524 | if (!mysql_query($sql, $groupDBCon)) | ||
525 | { | ||
526 | return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE)); | ||
527 | } | ||
528 | } | ||
529 | |||
530 | return array("success" => "true"); | ||
531 | } | ||
532 | |||
533 | function setAgentActiveGroup($params) | ||
534 | { | ||
535 | if( is_array($error = secureRequest($params, TRUE)) ) | ||
536 | { | ||
537 | return $error; | ||
538 | } | ||
539 | |||
540 | global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon; | ||
541 | $agentID = $params['AgentID']; | ||
542 | $groupID = $params['GroupID']; | ||
543 | |||
544 | if( isset($requestingAgent) && ($requestingAgent != $uuidZero) && ($requestingAgent != $agentID) ) | ||
545 | { | ||
546 | return array('error' => "Agent can only change their own Selected Group Role", 'params' => var_export($params, TRUE)); | ||
547 | } | ||
548 | |||
549 | return _setAgentActiveGroup($params); | ||
550 | } | ||
551 | |||
552 | function addAgentToGroup($params) | ||
553 | { | ||
554 | if( is_array($error = secureRequest($params, TRUE)) ) | ||
555 | { | ||
556 | return $error; | ||
557 | } | ||
558 | |||
559 | global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers; | ||
560 | $groupID = $params["GroupID"]; | ||
561 | $agentID = $params["AgentID"]; | ||
562 | |||
563 | if( is_array($error = checkGroupPermission($groupID, $groupPowers['AssignMember'])) ) | ||
564 | { | ||
565 | // If they don't have direct permission, check to see if the group is marked for open enrollment | ||
566 | $groupInfo = _getGroup( array ('GroupID' => $groupID) ); | ||
567 | |||
568 | if( isset($groupInfo['error'])) | ||
569 | { | ||
570 | return $groupInfo; | ||
571 | } | ||
572 | |||
573 | if($groupInfo['OpenEnrollment'] != 1) | ||
574 | { | ||
575 | $escapedAgentID = mysql_real_escape_string($agentID); | ||
576 | $escapedGroupID = mysql_real_escape_string($groupID); | ||
577 | |||
578 | // Group is not open enrollment, check if the specified agentid has an invite | ||
579 | $sql = " SELECT GroupID, RoleID, AgentID FROM osgroupinvite" | ||
580 | ." WHERE osgroupinvite.AgentID = '$escapedAgentID' AND osgroupinvite.GroupID = '$escapedGroupID'"; | ||
581 | |||
582 | $results = mysql_query($sql, $groupDBCon); | ||
583 | if (!$results) | ||
584 | { | ||
585 | return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE)); | ||
586 | } | ||
587 | |||
588 | if( mysql_num_rows($results) == 1 ) | ||
589 | { | ||
590 | // if there is an invite, make sure we're adding the user to the role specified in the invite | ||
591 | $inviteInfo = mysql_fetch_assoc($results); | ||
592 | $params['RoleID'] = $inviteInfo['RoleID']; | ||
593 | } | ||
594 | else | ||
595 | { | ||
596 | // Not openenrollment, not invited, return permission denied error | ||
597 | return $error; | ||
598 | } | ||
599 | } | ||
600 | } | ||
601 | |||
602 | return _addAgentToGroup($params); | ||
603 | } | ||
604 | |||
605 | // Private method, does not include security, to only be called from places that have already verified security | ||
606 | function _addAgentToGroup($params) | ||
607 | { | ||
608 | global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon; | ||
609 | $agentID = $params["AgentID"]; | ||
610 | $groupID = $params["GroupID"]; | ||
611 | |||
612 | $roleID = $uuidZero; | ||
613 | if( isset($params["RoleID"]) ) | ||
614 | { | ||
615 | $roleID = $params["RoleID"]; | ||
616 | } | ||
617 | |||
618 | $escapedAgentID = mysql_real_escape_string($agentID); | ||
619 | $escapedGroupID = mysql_real_escape_string($groupID); | ||
620 | $escapedRoleID = mysql_real_escape_string($roleID); | ||
621 | |||
622 | // Check if agent already a member | ||
623 | $sql = " SELECT count(AgentID) as isMember FROM osgroupmembership WHERE AgentID = '$escapedAgentID' AND GroupID = '$escapedGroupID'"; | ||
624 | $result = mysql_query($sql, $groupDBCon); | ||
625 | if (!$result) | ||
626 | { | ||
627 | return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE)); | ||
628 | } | ||
629 | |||
630 | // If not a member, add membership, select role (defaults to uuidZero, or everyone role) | ||
631 | if( mysql_result($result, 0) == 0 ) | ||
632 | { | ||
633 | $sql = " INSERT INTO osgroupmembership (GroupID, AgentID, Contribution, ListInProfile, AcceptNotices, SelectedRoleID) VALUES " | ||
634 | ."('$escapedGroupID','$escapedAgentID', 0, 1, 1,'$escapedRoleID')"; | ||
635 | |||
636 | if (!mysql_query($sql, $groupDBCon)) | ||
637 | { | ||
638 | return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE)); | ||
639 | } | ||
640 | } | ||
641 | |||
642 | // Make sure they're in the Everyone role | ||
643 | $result = _addAgentToGroupRole(array("GroupID" => $groupID, "RoleID" => $uuidZero, "AgentID" => $agentID)); | ||
644 | if( isset($result['error']) ) | ||
645 | { | ||
646 | return $result; | ||
647 | } | ||
648 | |||
649 | // Make sure they're in specified role, if they were invited | ||
650 | if( $roleID != $uuidZero ) | ||
651 | { | ||
652 | $result = _addAgentToGroupRole(array("GroupID" => $groupID, "RoleID" => $roleID, "AgentID" => $agentID)); | ||
653 | if( isset($result['error']) ) | ||
654 | { | ||
655 | return $result; | ||
656 | } | ||
657 | } | ||
658 | |||
659 | //Set the role they were invited to as their selected role | ||
660 | _setAgentGroupSelectedRole(array('AgentID' => $agentID, 'RoleID' => $roleID, 'GroupID' => $groupID)); | ||
661 | |||
662 | // Set the group as their active group. | ||
663 | // _setAgentActiveGroup(array("GroupID" => $groupID, "AgentID" => $agentID)); | ||
664 | |||
665 | return array("success" => "true"); | ||
666 | } | ||
667 | |||
668 | function removeAgentFromGroup($params) | ||
669 | { | ||
670 | if( is_array($error = secureRequest($params, TRUE)) ) | ||
671 | { | ||
672 | return $error; | ||
673 | } | ||
674 | |||
675 | global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers; | ||
676 | $agentID = $params["AgentID"]; | ||
677 | $groupID = $params["GroupID"]; | ||
678 | |||
679 | // An agent is always allowed to remove themselves from a group -- so only check if the requesting agent is different then the agent being removed. | ||
680 | if( $agentID != $requestingAgent ) | ||
681 | { | ||
682 | if( is_array($error = checkGroupPermission($groupID, $groupPowers['RemoveMember'])) ) | ||
683 | { | ||
684 | return $error; | ||
685 | } | ||
686 | } | ||
687 | |||
688 | $escapedAgentID = mysql_real_escape_string($agentID); | ||
689 | $escapedGroupID = mysql_real_escape_string($groupID); | ||
690 | |||
691 | // 1. If group is agent's active group, change active group to uuidZero | ||
692 | // 2. Remove Agent from group (osgroupmembership) | ||
693 | // 3. Remove Agent from all of the groups roles (osgrouprolemembership) | ||
694 | |||
695 | $sql = " UPDATE osagent " | ||
696 | ." SET ActiveGroupID = '$uuidZero'" | ||
697 | ." WHERE AgentID = '$escapedAgentID' AND ActiveGroupID = '$escapedGroupID'"; | ||
698 | |||
699 | if (!mysql_query($sql, $groupDBCon)) | ||
700 | { | ||
701 | return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE)); | ||
702 | } | ||
703 | |||
704 | $sql = " DELETE FROM osgroupmembership " | ||
705 | ." WHERE AgentID = '$agentID' AND GroupID = '$groupID'"; | ||
706 | if (!mysql_query($sql, $groupDBCon)) | ||
707 | { | ||
708 | return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE)); | ||
709 | } | ||
710 | |||
711 | $sql = " DELETE FROM osgrouprolemembership " | ||
712 | ." WHERE AgentID = '$escapedAgentID' AND GroupID = '$escapedGroupID'"; | ||
713 | if (!mysql_query($sql, $groupDBCon)) | ||
714 | { | ||
715 | return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE)); | ||
716 | } | ||
717 | |||
718 | return array("success" => "true"); | ||
719 | } | ||
720 | |||
721 | function _addAgentToGroupRole($params) | ||
722 | { | ||
723 | global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon; | ||
724 | $agentID = mysql_real_escape_string($params["AgentID"]); | ||
725 | $groupID = mysql_real_escape_string($params["GroupID"]); | ||
726 | $roleID = mysql_real_escape_string($params["RoleID"]); | ||
727 | |||
728 | // Check if agent already a member | ||
729 | $sql = " SELECT count(AgentID) as isMember FROM osgrouprolemembership WHERE AgentID = '$agentID' AND RoleID = '$roleID' AND GroupID = '$groupID'"; | ||
730 | $result = mysql_query($sql, $groupDBCon); | ||
731 | if (!$result) | ||
732 | { | ||
733 | return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE)); | ||
734 | } | ||
735 | |||
736 | if( mysql_result($result, 0) == 0 ) | ||
737 | { | ||
738 | $sql = " INSERT INTO osgrouprolemembership (GroupID, RoleID, AgentID) VALUES " | ||
739 | ."('$groupID', '$roleID', '$agentID')"; | ||
740 | |||
741 | if (!mysql_query($sql, $groupDBCon)) | ||
742 | { | ||
743 | return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE)); | ||
744 | } | ||
745 | } | ||
746 | |||
747 | return array("success" => "true"); | ||
748 | } | ||
749 | |||
750 | function addAgentToGroupRole($params) | ||
751 | { | ||
752 | if( is_array($error = secureRequest($params, TRUE)) ) | ||
753 | { | ||
754 | return $error; | ||
755 | } | ||
756 | |||
757 | global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers; | ||
758 | $agentID = $params["AgentID"]; | ||
759 | $groupID = $params["GroupID"]; | ||
760 | $roleID = $params["RoleID"]; | ||
761 | |||
762 | $escapedAgentID = mysql_real_escape_string($agentID); | ||
763 | $escapedGroupID = mysql_real_escape_string($groupID); | ||
764 | $escapedRoleID = mysql_real_escape_string($roleID); | ||
765 | |||
766 | // Check if being assigned to Owners role, assignments to an owners role can only be requested by owners. | ||
767 | $sql = " SELECT OwnerRoleID, osgrouprolemembership.AgentID " | ||
768 | ." FROM osgroup LEFT JOIN osgrouprolemembership ON (osgroup.GroupID = osgrouprolemembership.GroupID AND osgroup.OwnerRoleID = osgrouprolemembership.RoleID) " | ||
769 | ." WHERE osgrouprolemembership.AgentID = '" . mysql_real_escape_string($requestingAgent) . "' AND osgroup.GroupID = '$escapedGroupID'"; | ||
770 | |||
771 | $results = mysql_query($sql, $groupDBCon); | ||
772 | if (!$results) | ||
773 | { | ||
774 | return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE)); | ||
775 | } | ||
776 | |||
777 | if( mysql_num_rows($results) == 0 ) | ||
778 | { | ||
779 | return array('error' => "Group ($groupID) not found or Agent ($agentID) is not in the owner's role", 'params' => var_export($params, TRUE)); | ||
780 | } | ||
781 | |||
782 | $ownerRoleInfo = mysql_fetch_assoc($results); | ||
783 | if( ($ownerRoleInfo['OwnerRoleID'] == $roleID) && ($ownerRoleInfo['AgentID'] != $requestingAgent) ) | ||
784 | { | ||
785 | return array('error' => "Requesting agent $requestingAgent is not a member of the Owners Role and cannot add members to the owners role.", 'params' => var_export($params, TRUE)); | ||
786 | } | ||
787 | |||
788 | if( is_array($error = checkGroupPermission($groupID, $groupPowers['AssignMember'])) ) | ||
789 | { | ||
790 | return $error; | ||
791 | } | ||
792 | |||
793 | return _addAgentToGroupRole($params); | ||
794 | } | ||
795 | |||
796 | function removeAgentFromGroupRole($params) | ||
797 | { | ||
798 | if( is_array($error = secureRequest($params, TRUE)) ) | ||
799 | { | ||
800 | return $error; | ||
801 | } | ||
802 | |||
803 | global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers; | ||
804 | $agentID = mysql_real_escape_string($params["AgentID"]); | ||
805 | $groupID = mysql_real_escape_string($params["GroupID"]); | ||
806 | $roleID = mysql_real_escape_string($params["RoleID"]); | ||
807 | |||
808 | if( is_array($error = checkGroupPermission($groupID, $groupPowers['AssignMember'])) ) | ||
809 | { | ||
810 | return $error; | ||
811 | } | ||
812 | |||
813 | // If agent has this role selected, change their selection to everyone (uuidZero) role | ||
814 | $sql = " UPDATE osgroupmembership SET SelectedRoleID = '$uuidZero' WHERE AgentID = '$agentID' AND GroupID = '$groupID' AND SelectedRoleID = '$roleID'"; | ||
815 | $result = mysql_query($sql, $groupDBCon); | ||
816 | if (!$result) | ||
817 | { | ||
818 | return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE)); | ||
819 | } | ||
820 | |||
821 | $sql = " DELETE FROM osgrouprolemembership WHERE AgentID = '$agentID' AND GroupID = '$groupID' AND RoleID = '$roleID'"; | ||
822 | |||
823 | if (!mysql_query($sql, $groupDBCon)) | ||
824 | { | ||
825 | return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE)); | ||
826 | } | ||
827 | |||
828 | return array("success" => "true"); | ||
829 | } | ||
830 | |||
831 | function _setAgentGroupSelectedRole($params) | ||
832 | { | ||
833 | global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon; | ||
834 | $agentID = mysql_real_escape_string($params["AgentID"]); | ||
835 | $groupID = mysql_real_escape_string($params["GroupID"]); | ||
836 | $roleID = mysql_real_escape_string($params["RoleID"]); | ||
837 | |||
838 | $sql = " UPDATE osgroupmembership SET SelectedRoleID = '$roleID' WHERE AgentID = '$agentID' AND GroupID = '$groupID'"; | ||
839 | $result = mysql_query($sql, $groupDBCon); | ||
840 | if (!$result) | ||
841 | { | ||
842 | return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE)); | ||
843 | } | ||
844 | |||
845 | return array('success' => 'true'); | ||
846 | } | ||
847 | |||
848 | function setAgentGroupSelectedRole($params) | ||
849 | { | ||
850 | if( is_array($error = secureRequest($params, TRUE)) ) | ||
851 | { | ||
852 | return $error; | ||
853 | } | ||
854 | |||
855 | global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon; | ||
856 | $agentID = $params["AgentID"]; | ||
857 | $groupID = $params["GroupID"]; | ||
858 | $roleID = $params["RoleID"]; | ||
859 | |||
860 | if( isset($requestingAgent) && ($requestingAgent != $uuidZero) && ($requestingAgent != $agentID) ) | ||
861 | { | ||
862 | return array('error' => "Agent can only change their own Selected Group Role", 'params' => var_export($params, TRUE)); | ||
863 | } | ||
864 | |||
865 | return _setAgentGroupSelectedRole($params); | ||
866 | } | ||
867 | |||
868 | function getAgentGroupMembership($params) | ||
869 | { | ||
870 | if( is_array($error = secureRequest($params, FALSE)) ) | ||
871 | { | ||
872 | return $error; | ||
873 | } | ||
874 | |||
875 | global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon; | ||
876 | $groupID = mysql_real_escape_string($params['GroupID']); | ||
877 | $agentID = mysql_real_escape_string($params['AgentID']); | ||
878 | |||
879 | $sql = " SELECT osgroup.GroupID, osgroup.Name as GroupName, osgroup.Charter, osgroup.InsigniaID, osgroup.FounderID, osgroup.MembershipFee, osgroup.OpenEnrollment, osgroup.ShowInList, osgroup.AllowPublish, osgroup.MaturePublish" | ||
880 | ." , osgroupmembership.Contribution, osgroupmembership.ListInProfile, osgroupmembership.AcceptNotices" | ||
881 | ." , osgroupmembership.SelectedRoleID, osrole.Title" | ||
882 | ." , osagent.ActiveGroupID " | ||
883 | ." FROM osgroup JOIN osgroupmembership ON (osgroup.GroupID = osgroupmembership.GroupID)" | ||
884 | ." JOIN osrole ON (osgroupmembership.SelectedRoleID = osrole.RoleID AND osgroupmembership.GroupID = osrole.GroupID)" | ||
885 | ." JOIN osagent ON (osagent.AgentID = osgroupmembership.AgentID)" | ||
886 | ." WHERE osgroup.GroupID = '$groupID' AND osgroupmembership.AgentID = '$agentID'"; | ||
887 | |||
888 | $groupmembershipResult = mysql_query($sql, $groupDBCon); | ||
889 | if (!$groupmembershipResult) | ||
890 | { | ||
891 | return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE)); | ||
892 | } | ||
893 | |||
894 | if( mysql_num_rows($groupmembershipResult) == 0 ) | ||
895 | { | ||
896 | return array('succeed' => 'false', 'error' => 'None Found', 'params' => var_export($params, TRUE), 'sql' => $sql); | ||
897 | } | ||
898 | |||
899 | $groupMembershipInfo = mysql_fetch_assoc($groupmembershipResult); | ||
900 | |||
901 | $sql = " SELECT BIT_OR(osrole.Powers) AS GroupPowers" | ||
902 | ." FROM osgrouprolemembership JOIN osrole ON (osgrouprolemembership.GroupID = osrole.GroupID AND osgrouprolemembership.RoleID = osrole.RoleID)" | ||
903 | ." WHERE osgrouprolemembership.GroupID = '$groupID' AND osgrouprolemembership.AgentID = '$agentID'"; | ||
904 | $groupPowersResult = mysql_query($sql, $groupDBCon); | ||
905 | if (!$groupPowersResult) | ||
906 | { | ||
907 | return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE)); | ||
908 | } | ||
909 | $groupPowersInfo = mysql_fetch_assoc($groupPowersResult); | ||
910 | |||
911 | return array_merge($groupMembershipInfo, $groupPowersInfo); | ||
912 | } | ||
913 | |||
914 | function getAgentGroupMemberships($params) | ||
915 | { | ||
916 | if( is_array($error = secureRequest($params, FALSE)) ) | ||
917 | { | ||
918 | return $error; | ||
919 | } | ||
920 | |||
921 | global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon; | ||
922 | $agentID = mysql_real_escape_string($params['AgentID']); | ||
923 | |||
924 | $sql = " SELECT osgroup.GroupID, osgroup.Name as GroupName, osgroup.Charter, osgroup.InsigniaID, osgroup.FounderID, osgroup.MembershipFee, osgroup.OpenEnrollment, osgroup.ShowInList, osgroup.AllowPublish, osgroup.MaturePublish" | ||
925 | ." , osgroupmembership.Contribution, osgroupmembership.ListInProfile, osgroupmembership.AcceptNotices" | ||
926 | ." , osgroupmembership.SelectedRoleID, osrole.Title" | ||
927 | ." , IFNULL(osagent.ActiveGroupID, '$uuidZero') AS ActiveGroupID" | ||
928 | ." FROM osgroup JOIN osgroupmembership ON (osgroup.GroupID = osgroupmembership.GroupID)" | ||
929 | ." JOIN osrole ON (osgroupmembership.SelectedRoleID = osrole.RoleID AND osgroupmembership.GroupID = osrole.GroupID)" | ||
930 | ." LEFT JOIN osagent ON (osagent.AgentID = osgroupmembership.AgentID)" | ||
931 | ." WHERE osgroupmembership.AgentID = '$agentID'"; | ||
932 | |||
933 | $groupmembershipResults = mysql_query($sql, $groupDBCon); | ||
934 | if (!$groupmembershipResults) | ||
935 | { | ||
936 | return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE)); | ||
937 | } | ||
938 | |||
939 | if( mysql_num_rows($groupmembershipResults) == 0 ) | ||
940 | { | ||
941 | return array('succeed' => 'false', 'error' => 'No Memberships', 'params' => var_export($params, TRUE), 'sql' => $sql); | ||
942 | } | ||
943 | |||
944 | $groupResults = array(); | ||
945 | while($groupMembershipInfo = mysql_fetch_assoc($groupmembershipResults)) | ||
946 | { | ||
947 | $groupID = $groupMembershipInfo['GroupID']; | ||
948 | $sql = " SELECT BIT_OR(osrole.Powers) AS GroupPowers" | ||
949 | ." FROM osgrouprolemembership JOIN osrole ON (osgrouprolemembership.GroupID = osrole.GroupID AND osgrouprolemembership.RoleID = osrole.RoleID)" | ||
950 | ." WHERE osgrouprolemembership.GroupID = '$groupID' AND osgrouprolemembership.AgentID = '$agentID'"; | ||
951 | $groupPowersResult = mysql_query($sql, $groupDBCon); | ||
952 | if (!$groupPowersResult) | ||
953 | { | ||
954 | return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE)); | ||
955 | } | ||
956 | $groupPowersInfo = mysql_fetch_assoc($groupPowersResult); | ||
957 | $groupResults[$groupID] = array_merge($groupMembershipInfo, $groupPowersInfo); | ||
958 | } | ||
959 | |||
960 | return $groupResults; | ||
961 | } | ||
962 | |||
963 | // Parameters should not already be mysql_real_escape_string() escaped | ||
964 | function canAgentViewRoleMembers( $agentID, $groupID, $roleID ) | ||
965 | { | ||
966 | global $membersVisibleTo, $groupDBCon; | ||
967 | |||
968 | if( $membersVisibleTo == 'All' ) | ||
969 | return true; | ||
970 | |||
971 | $agentID = mysql_real_escape_string($agentID); | ||
972 | $groupID = mysql_real_escape_string($groupID); | ||
973 | $roleID = mysql_real_escape_string($roleID); | ||
974 | |||
975 | $sql = " SELECT CASE WHEN min(OwnerRoleMembership.AgentID) IS NOT NULL THEN 1 ELSE 0 END AS IsOwner "; | ||
976 | $sql .= " FROM osgroup JOIN osgroupmembership ON (osgroup.GroupID = osgroupmembership.GroupID AND osgroupmembership.AgentID = '$agentID')"; | ||
977 | $sql .= " LEFT JOIN osgrouprolemembership AS OwnerRoleMembership ON (OwnerRoleMembership.GroupID = osgroup.GroupID "; | ||
978 | $sql .= " AND OwnerRoleMembership.RoleID = osgroup.OwnerRoleID "; | ||
979 | $sql .= " AND OwnerRoleMembership.AgentID = '$agentID')"; | ||
980 | $sql .= " WHERE osgroup.GroupID = '$groupID' GROUP BY osgroup.GroupID"; | ||
981 | |||
982 | $viewMemberResults = mysql_query($sql, $groupDBCon); | ||
983 | if (!$viewMemberResults) | ||
984 | { | ||
985 | return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error()); | ||
986 | } | ||
987 | |||
988 | if (mysql_num_rows($viewMemberResults) == 0) | ||
989 | { | ||
990 | return false; | ||
991 | } | ||
992 | |||
993 | $viewMemberInfo = mysql_fetch_assoc($viewMemberResults); | ||
994 | |||
995 | switch( $membersVisibleTo ) | ||
996 | { | ||
997 | case 'Group': | ||
998 | // if we get to here, there is at least one row, so they are a member of the group | ||
999 | return true; | ||
1000 | case 'Owners': | ||
1001 | default: | ||
1002 | return $viewMemberInfo['IsOwner']; | ||
1003 | } | ||
1004 | } | ||
1005 | |||
1006 | function getGroupMembers($params) | ||
1007 | { | ||
1008 | if( is_array($error = secureRequest($params, FALSE)) ) | ||
1009 | { | ||
1010 | return $error; | ||
1011 | } | ||
1012 | |||
1013 | global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers; | ||
1014 | $groupID = $params['GroupID']; | ||
1015 | $escapedGroupID = mysql_real_escape_string($groupID); | ||
1016 | |||
1017 | $sql = " SELECT osgroupmembership.AgentID" | ||
1018 | ." , osgroupmembership.Contribution, osgroupmembership.ListInProfile, osgroupmembership.AcceptNotices" | ||
1019 | ." , osgroupmembership.SelectedRoleID, osrole.Title" | ||
1020 | ." , CASE WHEN OwnerRoleMembership.AgentID IS NOT NULL THEN 1 ELSE 0 END AS IsOwner" | ||
1021 | ." FROM osgroup JOIN osgroupmembership ON (osgroup.GroupID = osgroupmembership.GroupID)" | ||
1022 | ." JOIN osrole ON (osgroupmembership.SelectedRoleID = osrole.RoleID AND osgroupmembership.GroupID = osrole.GroupID)" | ||
1023 | ." JOIN osrole AS OwnerRole ON (osgroup.OwnerRoleID = OwnerRole.RoleID AND osgroup.GroupID = OwnerRole.GroupID)" | ||
1024 | ." LEFT JOIN osgrouprolemembership AS OwnerRoleMembership ON (osgroup.OwnerRoleID = OwnerRoleMembership.RoleID | ||
1025 | AND (osgroup.GroupID = OwnerRoleMembership.GroupID) | ||
1026 | AND (osgroupmembership.AgentID = OwnerRoleMembership.AgentID))" | ||
1027 | ." WHERE osgroup.GroupID = '$escapedGroupID'"; | ||
1028 | |||
1029 | $groupmemberResults = mysql_query($sql, $groupDBCon); | ||
1030 | if (!$groupmemberResults) | ||
1031 | { | ||
1032 | return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE)); | ||
1033 | } | ||
1034 | |||
1035 | if (mysql_num_rows($groupmemberResults) == 0) | ||
1036 | { | ||
1037 | return array('succeed' => 'false', 'error' => 'No Group Members found', 'params' => var_export($params, TRUE), 'sql' => $sql); | ||
1038 | } | ||
1039 | |||
1040 | $roleMembersVisibleBit = $groupPowers['RoleMembersVisible']; | ||
1041 | $canViewAllGroupRoleMembers = canAgentViewRoleMembers($requestingAgent, $groupID, ''); | ||
1042 | |||
1043 | $memberResults = array(); | ||
1044 | while ($memberInfo = mysql_fetch_assoc($groupmemberResults)) | ||
1045 | { | ||
1046 | $agentID = $memberInfo['AgentID']; | ||
1047 | $sql = " SELECT BIT_OR(osrole.Powers) AS AgentPowers, ( BIT_OR(osrole.Powers) & $roleMembersVisibleBit) as MemberVisible" | ||
1048 | ." FROM osgrouprolemembership JOIN osrole ON (osgrouprolemembership.GroupID = osrole.GroupID AND osgrouprolemembership.RoleID = osrole.RoleID)" | ||
1049 | ." WHERE osgrouprolemembership.GroupID = '$escapedGroupID' AND osgrouprolemembership.AgentID = '$agentID'"; | ||
1050 | $memberPowersResult = mysql_query($sql, $groupDBCon); | ||
1051 | if (!$memberPowersResult) | ||
1052 | { | ||
1053 | return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE)); | ||
1054 | } | ||
1055 | |||
1056 | $memberPowersCount = mysql_num_rows($memberPowersResult); | ||
1057 | error_log("Found $memberPowersCount rows for agent $agentID for requesting agent $requestingAgent"); | ||
1058 | |||
1059 | if ($memberPowersCount == 0) | ||
1060 | { | ||
1061 | if ($canViewAllGroupRoleMembers || $agentID == $requestingAgent) | ||
1062 | { | ||
1063 | $memberResults[$agentID] = array_merge($memberInfo, array('AgentPowers' => 0)); | ||
1064 | } | ||
1065 | else | ||
1066 | { | ||
1067 | // if can't view all group role members and there is no Member Visible bit, then don't return this member's info | ||
1068 | unset($memberResults[$agentID]); | ||
1069 | } | ||
1070 | } | ||
1071 | else | ||
1072 | { | ||
1073 | $memberPowersInfo = mysql_fetch_assoc($memberPowersResult); | ||
1074 | if ($memberPowersInfo['MemberVisible'] || $canViewAllGroupRoleMembers || $agentID == $requestingAgent) | ||
1075 | { | ||
1076 | $memberResults[$agentID] = array_merge($memberInfo, $memberPowersInfo); | ||
1077 | } | ||
1078 | else | ||
1079 | { | ||
1080 | // if can't view all group role members and there is no Member Visible bit, then don't return this member's info | ||
1081 | unset($memberResults[$agentID]); | ||
1082 | } | ||
1083 | } | ||
1084 | } | ||
1085 | |||
1086 | error_log("Returning " . count($memberResults) . " visible members for group $groupID for agent $agentID"); | ||
1087 | |||
1088 | if (count($memberResults) == 0) | ||
1089 | { | ||
1090 | return array('succeed' => 'false', 'error' => 'No Visible Group Members found', 'params' => var_export($params, TRUE), 'sql' => $sql); | ||
1091 | } | ||
1092 | |||
1093 | return $memberResults; | ||
1094 | } | ||
1095 | |||
1096 | function getAgentActiveMembership($params) | ||
1097 | { | ||
1098 | if( is_array($error = secureRequest($params, FALSE)) ) | ||
1099 | { | ||
1100 | return $error; | ||
1101 | } | ||
1102 | |||
1103 | global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon; | ||
1104 | $agentID = mysql_real_escape_string($params['AgentID']); | ||
1105 | |||
1106 | $sql = " SELECT osgroup.GroupID, osgroup.Name as GroupName, osgroup.Charter, osgroup.InsigniaID, osgroup.FounderID, osgroup.MembershipFee, osgroup.OpenEnrollment, osgroup.ShowInList, osgroup.AllowPublish, osgroup.MaturePublish" | ||
1107 | ." , osgroupmembership.Contribution, osgroupmembership.ListInProfile, osgroupmembership.AcceptNotices" | ||
1108 | ." , osgroupmembership.SelectedRoleID, osrole.Title" | ||
1109 | ." , osagent.ActiveGroupID " | ||
1110 | ." FROM osagent JOIN osgroup ON (osgroup.GroupID = osagent.ActiveGroupID)" | ||
1111 | ." JOIN osgroupmembership ON (osgroup.GroupID = osgroupmembership.GroupID AND osagent.AgentID = osgroupmembership.AgentID)" | ||
1112 | ." JOIN osrole ON (osgroupmembership.SelectedRoleID = osrole.RoleID AND osgroupmembership.GroupID = osrole.GroupID)" | ||
1113 | ." WHERE osagent.AgentID = '$agentID'"; | ||
1114 | |||
1115 | $groupmembershipResult = mysql_query($sql, $groupDBCon); | ||
1116 | if (!$groupmembershipResult) | ||
1117 | { | ||
1118 | return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE)); | ||
1119 | } | ||
1120 | if (mysql_num_rows($groupmembershipResult) == 0) | ||
1121 | { | ||
1122 | return array('succeed' => 'false', 'error' => 'No Active Group Specified', 'params' => var_export($params, TRUE), 'sql' => $sql); | ||
1123 | } | ||
1124 | $groupMembershipInfo = mysql_fetch_assoc($groupmembershipResult); | ||
1125 | |||
1126 | $groupID = $groupMembershipInfo['GroupID']; | ||
1127 | $sql = " SELECT BIT_OR(osrole.Powers) AS GroupPowers" | ||
1128 | ." FROM osgrouprolemembership JOIN osrole ON (osgrouprolemembership.GroupID = osrole.GroupID AND osgrouprolemembership.RoleID = osrole.RoleID)" | ||
1129 | ." WHERE osgrouprolemembership.GroupID = '$groupID' AND osgrouprolemembership.AgentID = '$agentID'"; | ||
1130 | $groupPowersResult = mysql_query($sql, $groupDBCon); | ||
1131 | if (!$groupPowersResult) | ||
1132 | { | ||
1133 | return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE)); | ||
1134 | } | ||
1135 | $groupPowersInfo = mysql_fetch_assoc($groupPowersResult); | ||
1136 | |||
1137 | return array_merge($groupMembershipInfo, $groupPowersInfo); | ||
1138 | } | ||
1139 | |||
1140 | function getAgentRoles($params) | ||
1141 | { | ||
1142 | if( is_array($error = secureRequest($params, FALSE)) ) | ||
1143 | { | ||
1144 | return $error; | ||
1145 | } | ||
1146 | |||
1147 | global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon; | ||
1148 | $agentID = mysql_real_escape_string($params['AgentID']); | ||
1149 | |||
1150 | $sql = " SELECT " | ||
1151 | ." osrole.RoleID, osrole.GroupID, osrole.Title, osrole.Name, osrole.Description, osrole.Powers" | ||
1152 | ." , CASE WHEN osgroupmembership.SelectedRoleID = osrole.RoleID THEN 1 ELSE 0 END AS Selected" | ||
1153 | ." FROM osgroupmembership JOIN osgrouprolemembership ON (osgroupmembership.GroupID = osgrouprolemembership.GroupID AND osgroupmembership.AgentID = osgrouprolemembership.AgentID)" | ||
1154 | ." JOIN osrole ON ( osgrouprolemembership.RoleID = osrole.RoleID AND osgrouprolemembership.GroupID = osrole.GroupID)" | ||
1155 | ." LEFT JOIN osagent ON (osagent.AgentID = osgroupmembership.AgentID)" | ||
1156 | ." WHERE osgroupmembership.AgentID = '$agentID'"; | ||
1157 | |||
1158 | if( isset($params['GroupID']) ) | ||
1159 | { | ||
1160 | $groupID = $params['GroupID']; | ||
1161 | $sql .= " AND osgroupmembership.GroupID = '$groupID'"; | ||
1162 | } | ||
1163 | |||
1164 | $roleResults = mysql_query($sql, $groupDBCon); | ||
1165 | if (!$roleResults) | ||
1166 | { | ||
1167 | return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE)); | ||
1168 | } | ||
1169 | |||
1170 | if( mysql_num_rows($roleResults) == 0 ) | ||
1171 | { | ||
1172 | return array('succeed' => 'false', 'error' => 'None found', 'params' => var_export($params, TRUE), 'sql' => $sql); | ||
1173 | } | ||
1174 | |||
1175 | $roles = array(); | ||
1176 | while($role = mysql_fetch_assoc($roleResults)) | ||
1177 | { | ||
1178 | $ID = $role['GroupID'].$role['RoleID']; | ||
1179 | $roles[$ID] = $role; | ||
1180 | } | ||
1181 | |||
1182 | return $roles; | ||
1183 | } | ||
1184 | |||
1185 | function getGroupRoles($params) | ||
1186 | { | ||
1187 | if( is_array($error = secureRequest($params, FALSE)) ) | ||
1188 | { | ||
1189 | return $error; | ||
1190 | } | ||
1191 | |||
1192 | global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon; | ||
1193 | $groupID = mysql_real_escape_string($params['GroupID']); | ||
1194 | |||
1195 | $sql = " SELECT " | ||
1196 | ." osrole.RoleID, osrole.Name, osrole.Title, osrole.Description, osrole.Powers, count(osgrouprolemembership.AgentID) as Members" | ||
1197 | ." FROM osrole LEFT JOIN osgrouprolemembership ON (osrole.GroupID = osgrouprolemembership.GroupID AND osrole.RoleID = osgrouprolemembership.RoleID)" | ||
1198 | ." WHERE osrole.GroupID = '$groupID'" | ||
1199 | ." GROUP BY osrole.RoleID, osrole.Name, osrole.Title, osrole.Description, osrole.Powers"; | ||
1200 | |||
1201 | $roleResults = mysql_query($sql, $groupDBCon); | ||
1202 | if (!$roleResults) | ||
1203 | { | ||
1204 | return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE)); | ||
1205 | } | ||
1206 | |||
1207 | if( mysql_num_rows($roleResults) == 0 ) | ||
1208 | { | ||
1209 | return array('succeed' => 'false', 'error' => 'No roles found for group', 'params' => var_export($params, TRUE), 'sql' => $sql); | ||
1210 | } | ||
1211 | |||
1212 | $roles = array(); | ||
1213 | while($role = mysql_fetch_assoc($roleResults)) | ||
1214 | { | ||
1215 | $RoleID = $role['RoleID']; | ||
1216 | $roles[$RoleID] = $role; | ||
1217 | } | ||
1218 | |||
1219 | return $roles; | ||
1220 | } | ||
1221 | |||
1222 | function getGroupRoleMembers($params) | ||
1223 | { | ||
1224 | if( is_array($error = secureRequest($params, FALSE)) ) | ||
1225 | { | ||
1226 | return $error; | ||
1227 | } | ||
1228 | |||
1229 | global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers; | ||
1230 | $groupID = $params['GroupID']; | ||
1231 | |||
1232 | $roleMembersVisibleBit = $groupPowers['RoleMembersVisible']; | ||
1233 | $canViewAllGroupRoleMembers = canAgentViewRoleMembers($requestingAgent, $groupID, ''); | ||
1234 | |||
1235 | $escapedGroupID = mysql_real_escape_string($groupID); | ||
1236 | |||
1237 | $sql = " SELECT " | ||
1238 | ." osrole.RoleID, osgrouprolemembership.AgentID" | ||
1239 | ." , (osrole.Powers & $roleMembersVisibleBit) as MemberVisible" | ||
1240 | ." FROM osrole JOIN osgrouprolemembership ON (osrole.GroupID = osgrouprolemembership.GroupID AND osrole.RoleID = osgrouprolemembership.RoleID)" | ||
1241 | ." WHERE osrole.GroupID = '$escapedGroupID'"; | ||
1242 | |||
1243 | $memberResults = mysql_query($sql, $groupDBCon); | ||
1244 | if (!$memberResults) | ||
1245 | { | ||
1246 | return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE)); | ||
1247 | } | ||
1248 | |||
1249 | if( mysql_num_rows($memberResults) == 0 ) | ||
1250 | { | ||
1251 | return array('succeed' => 'false', 'error' => 'No role memberships found for group', 'params' => var_export($params, TRUE), 'sql' => $sql); | ||
1252 | } | ||
1253 | |||
1254 | $members = array(); | ||
1255 | while($member = mysql_fetch_assoc($memberResults)) | ||
1256 | { | ||
1257 | if( $canViewAllGroupRoleMembers || $member['MemberVisible'] || ($member['AgentID'] == $requestingAgent) ) | ||
1258 | { | ||
1259 | $Key = $member['AgentID'] . $member['RoleID']; | ||
1260 | $members[$Key ] = $member; | ||
1261 | } | ||
1262 | } | ||
1263 | |||
1264 | if( count($members) == 0 ) | ||
1265 | { | ||
1266 | return array('succeed' => 'false', 'error' => 'No role memberships visible for group', 'params' => var_export($params, TRUE), 'sql' => $sql); | ||
1267 | } | ||
1268 | |||
1269 | return $members; | ||
1270 | } | ||
1271 | |||
1272 | function setAgentGroupInfo($params) | ||
1273 | { | ||
1274 | if( is_array($error = secureRequest($params, TRUE)) ) | ||
1275 | { | ||
1276 | return $error; | ||
1277 | } | ||
1278 | |||
1279 | global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon; | ||
1280 | |||
1281 | if (isset($params['AgentID'])) { | ||
1282 | $agentID = mysql_real_escape_string($params['AgentID']); | ||
1283 | } else { | ||
1284 | $agentID = ""; | ||
1285 | } | ||
1286 | if (isset($params['GroupID'])) { | ||
1287 | $groupID = mysql_real_escape_string($params['GroupID']); | ||
1288 | } else { | ||
1289 | $groupID = ""; | ||
1290 | } | ||
1291 | if (isset($params['SelectedRoleID'])) { | ||
1292 | $roleID = mysql_real_escape_string($params['SelectedRoleID']); | ||
1293 | } else { | ||
1294 | $roleID = ""; | ||
1295 | } | ||
1296 | if (isset($params['AcceptNotices'])) { | ||
1297 | $acceptNotices = mysql_real_escape_string($params['AcceptNotices']); | ||
1298 | } else { | ||
1299 | $acceptNotices = 1; | ||
1300 | } | ||
1301 | if (isset($params['ListInProfile'])) { | ||
1302 | $listInProfile = mysql_real_escape_string($params['ListInProfile']); | ||
1303 | } else { | ||
1304 | $listInProfile = 0; | ||
1305 | } | ||
1306 | |||
1307 | if( isset($requestingAgent) && ($requestingAgent != $uuidZero) && ($requestingAgent != $agentID) ) | ||
1308 | { | ||
1309 | return array('error' => "Agent can only change their own group info", 'params' => var_export($params, TRUE)); | ||
1310 | } | ||
1311 | |||
1312 | $sql = " UPDATE " | ||
1313 | ." osgroupmembership" | ||
1314 | ." SET " | ||
1315 | ." AgentID = '$agentID'"; | ||
1316 | |||
1317 | if( isset($params['SelectedRoleID']) ) | ||
1318 | { | ||
1319 | $sql .=" , SelectedRoleID = '$roleID'"; | ||
1320 | } | ||
1321 | if( isset($params['AcceptNotices']) ) | ||
1322 | { | ||
1323 | $sql .=" , AcceptNotices = $acceptNotices"; | ||
1324 | } | ||
1325 | if( isset($params['ListInProfile']) ) | ||
1326 | { | ||
1327 | $sql .=" , ListInProfile = $listInProfile"; | ||
1328 | } | ||
1329 | |||
1330 | $sql .=" WHERE osgroupmembership.GroupID = '$groupID' AND osgroupmembership.AgentID = '$agentID'"; | ||
1331 | |||
1332 | $memberResults = mysql_query($sql, $groupDBCon); | ||
1333 | if (!$memberResults) | ||
1334 | { | ||
1335 | return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE)); | ||
1336 | } | ||
1337 | |||
1338 | return array('success'=> 'true'); | ||
1339 | } | ||
1340 | |||
1341 | function getGroupNotices($params) | ||
1342 | { | ||
1343 | if( is_array($error = secureRequest($params, FALSE)) ) | ||
1344 | { | ||
1345 | return $error; | ||
1346 | } | ||
1347 | |||
1348 | global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon; | ||
1349 | $groupID = mysql_real_escape_string($params['GroupID']); | ||
1350 | |||
1351 | $sql = " SELECT " | ||
1352 | ." GroupID, NoticeID, Timestamp, FromName, Subject, Message, BinaryBucket" | ||
1353 | ." FROM osgroupnotice" | ||
1354 | ." WHERE osgroupnotice.GroupID = '$groupID'"; | ||
1355 | |||
1356 | $results = mysql_query($sql, $groupDBCon); | ||
1357 | if (!$results) | ||
1358 | { | ||
1359 | return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE)); | ||
1360 | } | ||
1361 | |||
1362 | if( mysql_num_rows($results) == 0 ) | ||
1363 | { | ||
1364 | return array('succeed' => 'false', 'error' => 'No Notices', 'params' => var_export($params, TRUE), 'sql' => $sql); | ||
1365 | } | ||
1366 | |||
1367 | $notices = array(); | ||
1368 | while($notice = mysql_fetch_assoc($results)) | ||
1369 | { | ||
1370 | $NoticeID = $notice['NoticeID']; | ||
1371 | $notices[$NoticeID] = $notice; | ||
1372 | } | ||
1373 | |||
1374 | return $notices; | ||
1375 | } | ||
1376 | |||
1377 | function getGroupNotice($params) | ||
1378 | { | ||
1379 | if( is_array($error = secureRequest($params, FALSE)) ) | ||
1380 | { | ||
1381 | return $error; | ||
1382 | } | ||
1383 | |||
1384 | global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon; | ||
1385 | $noticeID = mysql_real_escape_string($params['NoticeID']); | ||
1386 | |||
1387 | $sql = " SELECT " | ||
1388 | ." GroupID, NoticeID, Timestamp, FromName, Subject, Message, BinaryBucket" | ||
1389 | ." FROM osgroupnotice" | ||
1390 | ." WHERE osgroupnotice.NoticeID = '$noticeID'"; | ||
1391 | |||
1392 | $results = mysql_query($sql, $groupDBCon); | ||
1393 | if (!$results) | ||
1394 | { | ||
1395 | return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE)); | ||
1396 | } | ||
1397 | |||
1398 | if( mysql_num_rows($results) == 0 ) | ||
1399 | { | ||
1400 | return array('succeed' => 'false', 'error' => 'Group Notice Not Found', 'params' => var_export($params, TRUE), 'sql' => $sql); | ||
1401 | } | ||
1402 | |||
1403 | return mysql_fetch_assoc($results); | ||
1404 | } | ||
1405 | |||
1406 | function addGroupNotice($params) | ||
1407 | { | ||
1408 | if( is_array($error = secureRequest($params, TRUE)) ) | ||
1409 | { | ||
1410 | return $error; | ||
1411 | } | ||
1412 | |||
1413 | global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers; | ||
1414 | $groupID = mysql_real_escape_string($params['GroupID']); | ||
1415 | $noticeID = mysql_real_escape_string($params['NoticeID']); | ||
1416 | $fromName = mysql_real_escape_string($params['FromName']); | ||
1417 | $subject = mysql_real_escape_string($params['Subject']); | ||
1418 | $binaryBucket = mysql_real_escape_string($params['BinaryBucket']); | ||
1419 | $message = mysql_real_escape_string($params['Message']); | ||
1420 | $timeStamp = mysql_real_escape_string($params['TimeStamp']); | ||
1421 | |||
1422 | if( is_array($error = checkGroupPermission($groupID, $groupPowers['SendNotices'])) ) | ||
1423 | { | ||
1424 | return $error; | ||
1425 | } | ||
1426 | |||
1427 | $sql = " INSERT INTO osgroupnotice" | ||
1428 | ." (GroupID, NoticeID, Timestamp, FromName, Subject, Message, BinaryBucket)" | ||
1429 | ." VALUES " | ||
1430 | ." ('$groupID', '$noticeID', $timeStamp, '$fromName', '$subject', '$message', '$binaryBucket')"; | ||
1431 | |||
1432 | $results = mysql_query($sql, $groupDBCon); | ||
1433 | if (!$results) | ||
1434 | { | ||
1435 | return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE)); | ||
1436 | } | ||
1437 | |||
1438 | return array('success' => 'true'); | ||
1439 | } | ||
1440 | |||
1441 | function addAgentToGroupInvite($params) | ||
1442 | { | ||
1443 | if( is_array($error = secureRequest($params, TRUE)) ) | ||
1444 | { | ||
1445 | return $error; | ||
1446 | } | ||
1447 | |||
1448 | global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers; | ||
1449 | |||
1450 | if( is_array($error = checkGroupPermission($params['GroupID'], $groupPowers['Invite'])) ) | ||
1451 | { | ||
1452 | return $error; | ||
1453 | } | ||
1454 | |||
1455 | $inviteID = mysql_real_escape_string($params['InviteID']); | ||
1456 | $groupID = mysql_real_escape_string($params['GroupID']); | ||
1457 | $roleID = mysql_real_escape_string($params['RoleID']); | ||
1458 | $agentID = mysql_real_escape_string($params['AgentID']); | ||
1459 | |||
1460 | // Remove any existing invites for this agent to this group | ||
1461 | $sql = " DELETE FROM osgroupinvite" | ||
1462 | ." WHERE osgroupinvite.AgentID = '$agentID' AND osgroupinvite.GroupID = '$groupID'"; | ||
1463 | |||
1464 | $results = mysql_query($sql, $groupDBCon); | ||
1465 | if (!$results) | ||
1466 | { | ||
1467 | return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE)); | ||
1468 | } | ||
1469 | |||
1470 | // Add new invite for this agent to this group for the specifide role | ||
1471 | $sql = " INSERT INTO osgroupinvite" | ||
1472 | ." (InviteID, GroupID, RoleID, AgentID) VALUES ('$inviteID', '$groupID', '$roleID', '$agentID')"; | ||
1473 | |||
1474 | $results = mysql_query($sql, $groupDBCon); | ||
1475 | if (!$results) | ||
1476 | { | ||
1477 | return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE)); | ||
1478 | } | ||
1479 | |||
1480 | return array('success' => 'true'); | ||
1481 | } | ||
1482 | |||
1483 | function getAgentToGroupInvite($params) | ||
1484 | { | ||
1485 | if( is_array($error = secureRequest($params, FALSE)) ) | ||
1486 | { | ||
1487 | return $error; | ||
1488 | } | ||
1489 | |||
1490 | global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon; | ||
1491 | $inviteID = mysql_real_escape_string($params['InviteID']); | ||
1492 | |||
1493 | $sql = " SELECT GroupID, RoleID, AgentID FROM osgroupinvite" | ||
1494 | ." WHERE osgroupinvite.InviteID = '$inviteID'"; | ||
1495 | |||
1496 | $results = mysql_query($sql, $groupDBCon); | ||
1497 | if (!$results) | ||
1498 | { | ||
1499 | return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE)); | ||
1500 | } | ||
1501 | |||
1502 | if( mysql_num_rows($results) == 1 ) | ||
1503 | { | ||
1504 | $inviteInfo = mysql_fetch_assoc($results); | ||
1505 | $groupID = $inviteInfo['GroupID']; | ||
1506 | $roleID = $inviteInfo['RoleID']; | ||
1507 | $agentID = $inviteInfo['AgentID']; | ||
1508 | |||
1509 | return array('success' => 'true', 'GroupID'=>$groupID, 'RoleID'=>$roleID, 'AgentID'=>$agentID); | ||
1510 | } | ||
1511 | else | ||
1512 | { | ||
1513 | return array('succeed' => 'false', 'error' => 'Invitation not found', 'params' => var_export($params, TRUE), 'sql' => $sql); | ||
1514 | } | ||
1515 | } | ||
1516 | |||
1517 | function removeAgentToGroupInvite($params) | ||
1518 | { | ||
1519 | if( is_array($error = secureRequest($params, TRUE)) ) | ||
1520 | { | ||
1521 | return $error; | ||
1522 | } | ||
1523 | |||
1524 | global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon; | ||
1525 | $inviteID = mysql_real_escape_string($params['InviteID']); | ||
1526 | |||
1527 | $sql = " DELETE FROM osgroupinvite" | ||
1528 | ." WHERE osgroupinvite.InviteID = '$inviteID'"; | ||
1529 | |||
1530 | $results = mysql_query($sql, $groupDBCon); | ||
1531 | if (!$results) | ||
1532 | { | ||
1533 | return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE)); | ||
1534 | } | ||
1535 | |||
1536 | return array('success' => 'true'); | ||
1537 | } | ||
1538 | |||
1539 | function secureRequest($params, $write = FALSE) | ||
1540 | { | ||
1541 | global $groupWriteKey, $groupReadKey, $verifiedReadKey, $verifiedWriteKey, $groupRequireAgentAuthForWrite, $requestingAgent; | ||
1542 | global $overrideAgentUserService; | ||
1543 | |||
1544 | // Cache this for access by other security functions | ||
1545 | $requestingAgent = $params['RequestingAgentID']; | ||
1546 | |||
1547 | if( isset($groupReadKey) && ($groupReadKey != '') && (!isset($verifiedReadKey) || ($verifiedReadKey !== TRUE)) ) | ||
1548 | { | ||
1549 | if( !isset($params['ReadKey']) || ($params['ReadKey'] != $groupReadKey ) ) | ||
1550 | { | ||
1551 | return array('error' => "Invalid (or No) Read Key Specified", 'params' => var_export($params, TRUE)); | ||
1552 | } | ||
1553 | else | ||
1554 | { | ||
1555 | $verifiedReadKey = TRUE; | ||
1556 | } | ||
1557 | } | ||
1558 | |||
1559 | if( ($write == TRUE) && isset($groupWriteKey) && ($groupWriteKey != '') && (!isset($verifiedWriteKey) || ($verifiedWriteKey !== TRUE)) ) | ||
1560 | { | ||
1561 | if( !isset($params['WriteKey']) || ($params['WriteKey'] != $groupWriteKey ) ) | ||
1562 | { | ||
1563 | return array('error' => "Invalid (or No) Write Key Specified", 'params' => var_export($params, TRUE)); | ||
1564 | } | ||
1565 | else | ||
1566 | { | ||
1567 | $verifiedWriteKey = TRUE; | ||
1568 | } | ||
1569 | } | ||
1570 | |||
1571 | if( ($write == TRUE) && isset($groupRequireAgentAuthForWrite) && ($groupRequireAgentAuthForWrite == TRUE) ) | ||
1572 | { | ||
1573 | // Note: my brain can't do boolean logic this morning, so just putting this here instead of integrating with line above. | ||
1574 | // If the write key has already been verified for this request, don't check it again. This comes into play with methods that call other methods, such as CreateGroup() which calls Addrole() | ||
1575 | if( isset($verifiedWriteKey) && ($verifiedWriteKey !== TRUE)) | ||
1576 | { | ||
1577 | return TRUE; | ||
1578 | } | ||
1579 | |||
1580 | if( !isset($params['RequestingAgentID']) | ||
1581 | || !isset($params['RequestingAgentUserService']) | ||
1582 | || !isset($params['RequestingSessionID']) ) | ||
1583 | { | ||
1584 | return array('error' => "Requesting AgentID and SessionID must be specified", 'params' => var_export($params, TRUE)); | ||
1585 | } | ||
1586 | |||
1587 | // NOTE: an AgentID and SessionID of $uuidZero will likely be a region making a request, that is not tied to a specific agent making the request. | ||
1588 | |||
1589 | $UserService = $params['RequestingAgentUserService']; | ||
1590 | if( isset($overrideAgentUserService) && ($overrideAgentUserService != "") ) | ||
1591 | { | ||
1592 | $UserService = $overrideAgentUserService; | ||
1593 | } | ||
1594 | |||
1595 | $client = new xmlrpc_client($UserService); | ||
1596 | $client->return_type = 'phpvals'; | ||
1597 | |||
1598 | $verifyParams = new xmlrpcval(array('avatar_uuid' => new xmlrpcval($params['RequestingAgentID'], 'string') | ||
1599 | ,'session_id' => new xmlrpcval($params['RequestingSessionID'], 'string')) | ||
1600 | , 'struct'); | ||
1601 | |||
1602 | $message = new xmlrpcmsg("check_auth_session", array($verifyParams)); | ||
1603 | $resp = $client->send($message, 5); | ||
1604 | if ($resp->faultCode()) | ||
1605 | { | ||
1606 | return array('error' => "Error validating AgentID and SessionID" | ||
1607 | , 'xmlrpcerror'=> $resp->faultString() | ||
1608 | , 'params' => var_export($params, TRUE)); | ||
1609 | } | ||
1610 | |||
1611 | $verifyReturn = $resp->value(); | ||
1612 | |||
1613 | if( !isset($verifyReturn['auth_session']) || ($verifyReturn['auth_session'] != 'TRUE') ) | ||
1614 | { | ||
1615 | return array('error' => "UserService.check_auth_session() did not return TRUE" | ||
1616 | , 'userservice' => var_export($verifyReturn, TRUE) | ||
1617 | , 'params' => var_export($params, TRUE)); | ||
1618 | |||
1619 | } | ||
1620 | } | ||
1621 | |||
1622 | return TRUE; | ||
1623 | } | ||
1624 | |||
1625 | function checkGroupPermission($GroupID, $Permission) | ||
1626 | { | ||
1627 | global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers; | ||
1628 | |||
1629 | if( !isset($Permission) || ($Permission == 0) ) | ||
1630 | { | ||
1631 | return array('error' => 'No Permission value specified for checkGroupPermission' | ||
1632 | , 'Permission' => $Permission); | ||
1633 | } | ||
1634 | |||
1635 | // If it isn't set to true, then always return true, otherwise verify they have perms | ||
1636 | if( !isset($groupEnforceGroupPerms) || ($groupEnforceGroupPerms != TRUE) ) | ||
1637 | { | ||
1638 | return true; | ||
1639 | } | ||
1640 | |||
1641 | if( !isset($requestingAgent) || ($requestingAgent == $uuidZero) ) | ||
1642 | { | ||
1643 | return array('error' => 'Requesting agent was either not specified or not validated.' | ||
1644 | , 'requestingAgent' => $requestingAgent); | ||
1645 | } | ||
1646 | |||
1647 | $params = array('AgentID' => $requestingAgent, 'GroupID' => $GroupID); | ||
1648 | $reqAgentMembership = getAgentGroupMembership($params); | ||
1649 | |||
1650 | if( isset($reqAgentMembership['error'] ) ) | ||
1651 | { | ||
1652 | return array('error' => 'Could not get agent membership for group' | ||
1653 | , 'params' => var_export($params, TRUE) | ||
1654 | , 'nestederror' => $reqAgentMembership['error']); | ||
1655 | } | ||
1656 | |||
1657 | // Worlds ugliest bitwise operation, EVER | ||
1658 | $PermMask = $reqAgentMembership['GroupPowers']; | ||
1659 | $PermValue = $Permission; | ||
1660 | |||
1661 | global $groupDBCon; | ||
1662 | $sql = " SELECT $PermMask & $PermValue AS Allowed"; | ||
1663 | $results = mysql_query($sql, $groupDBCon); | ||
1664 | if (!$results) | ||
1665 | { | ||
1666 | echo print_r( array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error())); | ||
1667 | } | ||
1668 | $PermMasked = mysql_result($results, 0); | ||
1669 | |||
1670 | if( $PermMasked != $Permission ) | ||
1671 | { | ||
1672 | $permNames = array_flip($groupPowers); | ||
1673 | |||
1674 | return array('error' => 'Agent does not have group power to ' . $Permission .'('.$permNames[$Permission].')' | ||
1675 | , 'PermMasked' => $PermMasked | ||
1676 | , 'params' => var_export($params, TRUE) | ||
1677 | , 'permBitMaskSql' => $sql | ||
1678 | , 'Permission' => $Permission); | ||
1679 | } | ||
1680 | |||
1681 | /* | ||
1682 | return array('error' => 'Reached end' | ||
1683 | , 'reqAgentMembership' => var_export($reqAgentMembership, TRUE) | ||
1684 | , 'GroupID' => $GroupID | ||
1685 | , 'Permission' => $Permission | ||
1686 | , 'PermMasked' => $PermMasked | ||
1687 | ); | ||
1688 | */ | ||
1689 | return TRUE; | ||
1690 | } | ||
1691 | |||
1692 | |||
1693 | $s = new xmlrpc_server(array( | ||
1694 | "test" => array("function" => "test") | ||
1695 | , "groups.createGroup" => array("function" => "createGroup", "signature" => $common_sig) | ||
1696 | , "groups.updateGroup" => array("function" => "updateGroup", "signature" => $common_sig) | ||
1697 | , "groups.getGroup" => array("function" => "getGroup", "signature" => $common_sig) | ||
1698 | , "groups.findGroups" => array("function" => "findGroups", "signature" => $common_sig) | ||
1699 | |||
1700 | , "groups.getGroupRoles" => array("function" => "getGroupRoles", "signature" => $common_sig) | ||
1701 | , "groups.addRoleToGroup" => array("function" => "addRoleToGroup", "signature" => $common_sig) | ||
1702 | , "groups.removeRoleFromGroup" => array("function" => "removeRoleFromGroup", "signature" => $common_sig) | ||
1703 | , "groups.updateGroupRole" => array("function" => "updateGroupRole", "signature" => $common_sig) | ||
1704 | , "groups.getGroupRoleMembers" => array("function" => "getGroupRoleMembers", "signature" => $common_sig) | ||
1705 | |||
1706 | , "groups.setAgentGroupSelectedRole" => array("function" => "setAgentGroupSelectedRole", "signature" => $common_sig) | ||
1707 | , "groups.addAgentToGroupRole" => array("function" => "addAgentToGroupRole", "signature" => $common_sig) | ||
1708 | , "groups.removeAgentFromGroupRole" => array("function" => "removeAgentFromGroupRole", "signature" => $common_sig) | ||
1709 | |||
1710 | , "groups.getGroupMembers" => array("function" => "getGroupMembers", "signature" => $common_sig) | ||
1711 | , "groups.addAgentToGroup" => array("function" => "addAgentToGroup", "signature" => $common_sig) | ||
1712 | , "groups.removeAgentFromGroup" => array("function" => "removeAgentFromGroup", "signature" => $common_sig) | ||
1713 | , "groups.setAgentGroupInfo" => array("function" => "setAgentGroupInfo", "signature" => $common_sig) | ||
1714 | |||
1715 | , "groups.addAgentToGroupInvite" => array("function" => "addAgentToGroupInvite", "signature" => $common_sig) | ||
1716 | , "groups.getAgentToGroupInvite" => array("function" => "getAgentToGroupInvite", "signature" => $common_sig) | ||
1717 | , "groups.removeAgentToGroupInvite" => array("function" => "removeAgentToGroupInvite", "signature" => $common_sig) | ||
1718 | |||
1719 | , "groups.setAgentActiveGroup" => array("function" => "setAgentActiveGroup", "signature" => $common_sig) | ||
1720 | , "groups.getAgentGroupMembership" => array("function" => "getAgentGroupMembership", "signature" => $common_sig) | ||
1721 | , "groups.getAgentGroupMemberships" => array("function" => "getAgentGroupMemberships", "signature" => $common_sig) | ||
1722 | , "groups.getAgentActiveMembership" => array("function" => "getAgentActiveMembership", "signature" => $common_sig) | ||
1723 | , "groups.getAgentRoles" => array("function" => "getAgentRoles", "signature" => $common_sig) | ||
1724 | |||
1725 | , "groups.getGroupNotices" => array("function" => "getGroupNotices", "signature" => $common_sig) | ||
1726 | , "groups.getGroupNotice" => array("function" => "getGroupNotice", "signature" => $common_sig) | ||
1727 | , "groups.addGroupNotice" => array("function" => "addGroupNotice", "signature" => $common_sig) | ||
1728 | |||
1729 | |||
1730 | |||
1731 | |||
1732 | ), false); | ||
1733 | |||
1734 | $s->functions_parameters_type = 'phpvals'; | ||
1735 | if (isset($debugXMLRPC) && $debugXMLRPC > 0 && isset($debugXMLRPCFile) && $debugXMLRPCFile != "") | ||
1736 | { | ||
1737 | $s->setDebug($debugXMLRPC); | ||
1738 | } | ||
1739 | $s->service(); | ||
1740 | |||
1741 | if (isset($debugXMLRPC) && $debugXMLRPC > 0 && isset($debugXMLRPCFile) && $debugXMLRPCFile != "") | ||
1742 | { | ||
1743 | $f = fopen($debugXMLRPCFile,"a"); | ||
1744 | fwrite($f,"\n----- " . date("Y-m-d H:i:s") . " -----\n"); | ||
1745 | $debugInfo = $s->serializeDebug(); | ||
1746 | $debugInfo = split("\n",$debugInfo); | ||
1747 | unset($debugInfo[0]); | ||
1748 | unset($debugInfo[count($debugInfo) -1]); | ||
1749 | $debugInfo = join("\n",$debugInfo); | ||
1750 | fwrite($f,base64_decode($debugInfo)); | ||
1751 | fclose($f); | ||
1752 | } | ||
1753 | |||
1754 | mysql_close($groupDBCon); | ||
1755 | ?> | ||