aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/web/xmlrpc.php
diff options
context:
space:
mode:
authorDavid Walter Seikel2016-11-03 21:44:39 +1000
committerDavid Walter Seikel2016-11-03 21:44:39 +1000
commit134f86e8d5c414409631b25b8c6f0ee45fbd8631 (patch)
tree216b89d3fb89acfb81be1e440c25c41ab09fa96d /web/xmlrpc.php
parentMore changing to production grid. Double oops. (diff)
downloadopensim-SC_OLD-134f86e8d5c414409631b25b8c6f0ee45fbd8631.zip
opensim-SC_OLD-134f86e8d5c414409631b25b8c6f0ee45fbd8631.tar.gz
opensim-SC_OLD-134f86e8d5c414409631b25b8c6f0ee45fbd8631.tar.bz2
opensim-SC_OLD-134f86e8d5c414409631b25b8c6f0ee45fbd8631.tar.xz
Initial update to OpenSim 0.8.2.1 source code.
Diffstat (limited to 'web/xmlrpc.php')
-rw-r--r--web/xmlrpc.php1755
1 files changed, 0 insertions, 1755 deletions
diff --git a/web/xmlrpc.php b/web/xmlrpc.php
deleted file mode 100644
index fc0c575..0000000
--- a/web/xmlrpc.php
+++ /dev/null
@@ -1,1755 +0,0 @@
1<?php
2// ini_set("display_errors",0);
3 /*
4 Actual failures that result in mysql or php errors should be returned as:
5
6 return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
7
8 Methods that run without errors, but do not have the intended result should return as:
9
10 return array('succeed' => 'false', 'message' => 'No Groups Found', 'params' => var_export($params, TRUE));
11
12 or if applicable:
13
14 return array('succeed' => 'false', 'message' => 'What went wrong', 'params' => var_export($params, TRUE), 'sql' => $sql);
15 */
16
17 include("phpxmlrpclib/xmlrpc.inc");
18 include("phpxmlrpclib/xmlrpcs.inc");
19
20 include("../config/os_flotsam_config.php");
21 include("../config/os_modules_mysql.php");
22
23
24 $groupPowers = array(
25 'None' => '0',
26 /// <summary>Can send invitations to groups default role</summary>
27 'Invite' => '2',
28 /// <summary>Can eject members from group</summary>
29 'Eject' => '4',
30 /// <summary>Can toggle 'Open Enrollment' and change 'Signup fee'</summary>
31 'ChangeOptions' => '8',
32 /// <summary>Can create new roles</summary>
33 'CreateRole' => '16',
34 /// <summary>Can delete existing roles</summary>
35 'DeleteRole' => '32',
36 /// <summary>Can change Role names, titles and descriptions</summary>
37 'RoleProperties' => '64',
38 /// <summary>Can assign other members to assigners role</summary>
39 'AssignMemberLimited' => '128',
40 /// <summary>Can assign other members to any role</summary>
41 'AssignMember' => '256',
42 /// <summary>Can remove members from roles</summary>
43 'RemoveMember' => '512',
44 /// <summary>Can assign and remove abilities in roles</summary>
45 'ChangeActions' => '1024',
46 /// <summary>Can change group Charter, Insignia, 'Publish on the web' and which
47 /// members are publicly visible in group member listings</summary>
48 'ChangeIdentity' => '2048',
49 /// <summary>Can buy land or deed land to group</summary>
50 'LandDeed' => '4096',
51 /// <summary>Can abandon group owned land to Governor Linden on mainland, or Estate owner for
52 /// private estates</summary>
53 'LandRelease' => '8192',
54 /// <summary>Can set land for-sale information on group owned parcels</summary>
55 'LandSetSale' => '16384',
56 /// <summary>Can subdivide and join parcels</summary>
57 'LandDivideJoin' => '32768',
58 /// <summary>Can join group chat sessions</summary>
59 'JoinChat' => '65536',
60 /// <summary>Can toggle "Show in Find Places" and set search category</summary>
61 'FindPlaces' => '131072',
62 /// <summary>Can change parcel name, description, and 'Publish on web' settings</summary>
63 'LandChangeIdentity' => '262144',
64 /// <summary>Can set the landing point and teleport routing on group land</summary>
65 'SetLandingPoint' => '524288',
66 /// <summary>Can change music and media settings</summary>
67 'ChangeMedia' => '1048576',
68 /// <summary>Can toggle 'Edit Terrain' option in Land settings</summary>
69 'LandEdit' => '2097152',
70 /// <summary>Can toggle various About Land > Options settings</summary>
71 'LandOptions' => '4194304',
72 /// <summary>Can always terraform land, even if parcel settings have it turned off</summary>
73 'AllowEditLand' => '8388608',
74 /// <summary>Can always fly while over group owned land</summary>
75 'AllowFly' => '16777216',
76 /// <summary>Can always rez objects on group owned land</summary>
77 'AllowRez' => '33554432',
78 /// <summary>Can always create landmarks for group owned parcels</summary>
79 'AllowLandmark' => '67108864',
80 /// <summary>Can use voice chat in Group Chat sessions</summary>
81 'AllowVoiceChat' => '134217728',
82 /// <summary>Can set home location on any group owned parcel</summary>
83 'AllowSetHome' => '268435456',
84 /// <summary>Can modify public access settings for group owned parcels</summary>
85 'LandManageAllowed' => '536870912',
86 /// <summary>Can manager parcel ban lists on group owned land</summary>
87 'LandManageBanned' => '1073741824',
88 /// <summary>Can manage pass list sales information</summary>
89 'LandManagePasses' => '2147483648',
90 /// <summary>Can eject and freeze other avatars on group owned land</summary>
91 'LandEjectAndFreeze' => '4294967296',
92 /// <summary>Can return objects set to group</summary>
93 'ReturnGroupSet' => '8589934592',
94 /// <summary>Can return non-group owned/set objects</summary>
95 'ReturnNonGroup' => '17179869184',
96 /// <summary>Can landscape using Linden plants</summary>
97 'LandGardening' => '34359738368',
98 /// <summary>Can deed objects to group</summary>
99 'DeedObject' => '68719476736',
100 /// <summary>Can moderate group chat sessions</summary>
101 'ModerateChat' => '137438953472',
102 /// <summary>Can move group owned objects</summary>
103 'ObjectManipulate' => '274877906944',
104 /// <summary>Can set group owned objects for-sale</summary>
105 'ObjectSetForSale' => '549755813888',
106 /// <summary>Pay group liabilities and receive group dividends</summary>
107 'Accountable' => '1099511627776',
108 /// <summary>Can send group notices</summary>
109 'SendNotices' => '4398046511104',
110 /// <summary>Can receive group notices</summary>
111 'ReceiveNotices' => '8796093022208',
112 /// <summary>Can create group proposals</summary>
113 'StartProposal' => '17592186044416',
114 /// <summary>Can vote on group proposals</summary>
115 'VoteOnProposal' => '35184372088832',
116 /// <summary>Can return group owned objects</summary>
117 'ReturnGroupOwned' => '281474976710656',
118 /// <summary>Members are visible to non-owners</summary>
119 'RoleMembersVisible' => '140737488355328'
120 );
121
122 $uuidZero = "00000000-0000-0000-0000-000000000000";
123
124 $groupDBCon = mysql_connect($DB_HOST,$DB_USER,$DB_PASSWORD);
125 if (!$groupDBCon)
126 {
127 die('Could not connect: ' . mysql_error());
128 }
129 mysql_select_db($DB_NAME, $groupDBCon);
130
131 // This is filled in by secure()
132 $requestingAgent = $uuidZero;
133
134 function test()
135 {
136 return array('name' => 'Joe','age' => 27);
137 }
138
139 // Use a common signature for all the group functions -> struct foo($struct)
140 $common_sig = array(array($xmlrpcStruct, $xmlrpcStruct));
141
142 function createGroup($params)
143 {
144 if( is_array($error = secureRequest($params, TRUE)) )
145 {
146 return $error;
147 }
148
149 global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon;
150
151 $groupID = $params["GroupID"];
152 $name = $params["Name"];
153 $charter = $params["Charter"];
154 $insigniaID = $params["InsigniaID"];
155 $founderID = $params["FounderID"];
156 $membershipFee = $params["MembershipFee"];
157 $openEnrollment = $params["OpenEnrollment"];
158 $showInList = $params["ShowInList"];
159 $allowPublish = $params["AllowPublish"];
160 $maturePublish = $params["MaturePublish"];
161 $ownerRoleID = $params["OwnerRoleID"];
162 $everyonePowers = $params["EveryonePowers"];
163 $ownersPowers = $params["OwnersPowers"];
164
165 $escapedParams = array_map("mysql_real_escape_string", $params);
166 $escapedGroupID = $escapedParams["GroupID"];
167 $escapedName = $escapedParams["Name"];
168 $escapedCharter = $escapedParams["Charter"];
169 $escapedInsigniaID = $escapedParams["InsigniaID"];
170 $escapedFounderID = $escapedParams["FounderID"];
171 $escapedMembershipFee = $escapedParams["MembershipFee"];
172 $escapedOpenEnrollment = $escapedParams["OpenEnrollment"];
173 $escapedShowInList = $escapedParams["ShowInList"];
174 $escapedAllowPublish = $escapedParams["AllowPublish"];
175 $escapedMaturePublish = $escapedParams["MaturePublish"];
176 $escapedOwnerRoleID = $escapedParams["OwnerRoleID"];
177
178 // Create group
179 $sql = "INSERT INTO osgroup
180 (GroupID, Name, Charter, InsigniaID, FounderID, MembershipFee, OpenEnrollment, ShowInList, AllowPublish, MaturePublish, OwnerRoleID)
181 VALUES
182 ('$escapedGroupID', '$escapedName', '$escapedCharter', '$escapedInsigniaID', '$escapedFounderID', $escapedMembershipFee, $escapedOpenEnrollment, $escapedShowInList, $escapedAllowPublish, $escapedMaturePublish, '$escapedOwnerRoleID')";
183
184 if (!mysql_query($sql, $groupDBCon))
185 {
186 return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
187 }
188
189 // Create Everyone Role
190 // NOTE: FIXME: This is a temp fix until the libomv enum for group powers is fixed in OpenSim
191
192 $result = _addRoleToGroup(array('GroupID' => $groupID, 'RoleID' => $uuidZero, 'Name' => 'Everyone', 'Description' => 'Everyone in the group is in the everyone role.', 'Title' => "Member of $name", 'Powers' => $everyonePowers));
193 if( isset($result['error']) )
194 {
195 return $result;
196 }
197
198 // Create Owner Role
199 $result = _addRoleToGroup(array('GroupID' => $groupID, 'RoleID' => $ownerRoleID, 'Name' => 'Owners', 'Description' => "Owners of $name", 'Title' => "Owner of $name", 'Powers' => $ownersPowers));
200 if( isset($result['error']) )
201 {
202 return $result;
203 }
204
205 // Add founder to group, will automatically place them in the Everyone Role, also places them in specified Owner Role
206 $result = _addAgentToGroup(array('AgentID' => $founderID, 'GroupID' => $groupID, 'RoleID' => $ownerRoleID));
207 if( isset($result['error']) )
208 {
209 return $result;
210 }
211
212 // Select the owner's role for the founder
213 $result = _setAgentGroupSelectedRole(array('AgentID' => $founderID, 'RoleID' => $ownerRoleID, 'GroupID' => $groupID));
214 if( isset($result['error']) )
215 {
216 return $result;
217 }
218
219 // Set the new group as the founder's active group
220 $result = _setAgentActiveGroup(array('AgentID' => $founderID, 'GroupID' => $groupID));
221 if( isset($result['error']) )
222 {
223 return $result;
224 }
225
226 return getGroup(array("GroupID"=>$groupID));
227 }
228
229 // Private method, does not include security, to only be called from places that have already verified security
230 function _addRoleToGroup($params)
231 {
232 $everyonePowers = 8796495740928; // This should now be fixed, when libomv was updated...
233
234 global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers;
235 $groupID = mysql_real_escape_string( $params['GroupID'] );
236 $roleID = mysql_real_escape_string( $params['RoleID'] );
237 $name = mysql_real_escape_string( $params['Name'] );
238 $desc = mysql_real_escape_string( $params['Description'] );
239 $title = mysql_real_escape_string( $params['Title'] );
240 $powers = mysql_real_escape_string( $params['Powers'] );
241
242 if( !isset($powers) || ($powers == 0) || ($powers == '') )
243 {
244 $powers = $everyonePowers;
245 }
246
247 $sql = " INSERT INTO osrole (GroupID, RoleID, Name, Description, Title, Powers) VALUES "
248 ." ('$groupID', '$roleID', '$name', '$desc', '$title', $powers)";
249
250 if (!mysql_query($sql, $groupDBCon))
251 {
252 return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error()
253 , 'method' => 'addRoleToGroup'
254 , 'params' => var_export($params, TRUE));
255 }
256
257 return array("success" => "true");
258 }
259
260 function addRoleToGroup($params)
261 {
262 if( is_array($error = secureRequest($params, TRUE)) )
263 {
264 return $error;
265 }
266
267 global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers;
268 $groupID = $params['GroupID'];
269
270 // Verify the requesting agent has permission
271 if( is_array($error = checkGroupPermission($groupID, $groupPowers['CreateRole'])) )
272 {
273 return $error;
274 }
275
276 return _addRoleToGroup($params);
277 }
278
279 function updateGroupRole($params)
280 {
281 if( is_array($error = secureRequest($params, TRUE)) )
282 {
283 return $error;
284 }
285
286 global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers;
287 $groupID = mysql_real_escape_string( $params['GroupID'] );
288 $roleID = mysql_real_escape_string( $params['RoleID'] );
289 $name = mysql_real_escape_string( $params['Name'] );
290 $desc = mysql_real_escape_string( $params['Description'] );
291 $title = mysql_real_escape_string( $params['Title'] );
292 $powers = mysql_real_escape_string( $params['Powers'] );
293
294 // Verify the requesting agent has permission
295 if( is_array($error = checkGroupPermission($groupID, $groupPowers['RoleProperties'])) )
296 {
297 return $error;
298 }
299
300 $sql = " UPDATE osrole SET RoleID = '$roleID' ";
301 if( isset($params['Name']) )
302 {
303 $sql .= ", Name = '$name'";
304 }
305 if( isset($params['Description']) )
306 {
307 $sql .= ", Description = '$desc'";
308 }
309 if( isset($params['Title']) )
310 {
311 $sql .= ", Title = '$title'";
312 }
313 if( isset($params['Powers']) )
314 {
315 $sql .= ", Powers = $powers";
316 }
317
318 $sql .= " WHERE GroupID = '$groupID' AND RoleID = '$roleID'";
319
320 if (!mysql_query($sql, $groupDBCon))
321 {
322 return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
323 }
324
325 return array("success" => "true");
326 }
327
328 function removeRoleFromGroup($params)
329 {
330 if( is_array($error = secureRequest($params, TRUE)) )
331 {
332 return $error;
333 }
334
335 global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers;
336 $groupID = mysql_real_escape_string( $params['GroupID'] );
337 $roleID = mysql_real_escape_string( $params['RoleID'] );
338
339 if( is_array($error = checkGroupPermission($groupID, $groupPowers['RoleProperties'])) )
340 {
341 return $error;
342 }
343
344 /// 1. Remove all members from Role
345 /// 2. Set selected Role to uuidZero for anyone that had the role selected
346 /// 3. Delete roll
347
348 $sql = "DELETE FROM osgrouprolemembership WHERE GroupID = '$groupID' AND RoleID = '$roleID'";
349 if (!mysql_query($sql, $groupDBCon))
350 {
351 return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
352 }
353
354 $sql = "UPDATE osgroupmembership SET SelectedRoleID = '$uuidZero' WHERE GroupID = '$groupID' AND SelectedRoleID = '$roleID'";
355 if (!mysql_query($sql, $groupDBCon))
356 {
357 return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
358 }
359
360 $sql = "DELETE FROM osrole WHERE GroupID = '$groupID' AND RoleID = '$roleID'";
361 if (!mysql_query($sql, $groupDBCon))
362 {
363 return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
364 }
365
366 return array("success" => "true");
367 }
368
369 function getGroup($params)
370 {
371 if( is_array($error = secureRequest($params, FALSE)) )
372 {
373 return $error;
374 }
375
376 return _getGroup($params);
377 }
378
379 function _getGroup($params)
380 {
381 global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon;
382 $sql = " SELECT osgroup.GroupID, osgroup.Name, Charter, InsigniaID, FounderID, MembershipFee, OpenEnrollment, ShowInList, AllowPublish, MaturePublish, OwnerRoleID"
383 ." , count(osrole.RoleID) as GroupRolesCount, count(osgroupmembership.AgentID) as GroupMembershipCount "
384 ." FROM osgroup "
385 ." LEFT JOIN osrole ON (osgroup.GroupID = osrole.GroupID)"
386 ." LEFT JOIN osgroupmembership ON (osgroup.GroupID = osgroupmembership.GroupID)"
387 ." WHERE ";
388
389 if( isset($params['GroupID']) )
390 {
391 $sql .= "osgroup.GroupID = '" . mysql_real_escape_string($params['GroupID']). "'";
392 }
393 else if( isset($params['Name']) )
394 {
395 $sql .= "osgroup.Name = '" . mysql_real_escape_string($params['Name']) . "'";
396 }
397 else
398 {
399 return array("error" => "Must specify GroupID or Name");
400 }
401
402 $sql .= " GROUP BY osgroup.GroupID, osgroup.name, charter, insigniaID, founderID, membershipFee, openEnrollment, showInList, allowPublish, maturePublish, ownerRoleID";
403
404 $result = mysql_query($sql, $groupDBCon);
405
406 if (!$result)
407 {
408 return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
409 }
410
411 if (mysql_num_rows($result) == 0)
412 {
413 return array('succeed' => 'false', 'error' => 'Group Not Found', 'params' => var_export($params, TRUE), 'sql' => $sql);
414 }
415
416 return mysql_fetch_assoc($result);
417 }
418
419 function updateGroup($params)
420 {
421 if( is_array($error = secureRequest($params, TRUE)) )
422 {
423 return $error;
424 }
425
426 global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers;
427 $groupID = mysql_real_escape_string( $params["GroupID"] );
428 $charter = mysql_real_escape_string( $params["Charter"] );
429 $insigniaID = mysql_real_escape_string( $params["InsigniaID"] );
430 $membershipFee = mysql_real_escape_string( $params["MembershipFee"] );
431 $openEnrollment = mysql_real_escape_string( $params["OpenEnrollment"] );
432 $showInList = mysql_real_escape_string( $params["ShowInList"] );
433 $allowPublish = mysql_real_escape_string( $params["AllowPublish"] );
434 $maturePublish = mysql_real_escape_string( $params["MaturePublish"] );
435
436 if( is_array($error = checkGroupPermission($groupID, $groupPowers['ChangeOptions'])) )
437 {
438 return $error;
439 }
440
441 // Create group
442 $sql = "UPDATE osgroup
443 SET
444 Charter = '$charter'
445 , InsigniaID = '$insigniaID'
446 , MembershipFee = $membershipFee
447 , OpenEnrollment= $openEnrollment
448 , ShowInList = $showInList
449 , AllowPublish = $allowPublish
450 , MaturePublish = $maturePublish
451 WHERE
452 GroupID = '$groupID'";
453
454 if (!mysql_query($sql, $groupDBCon))
455 {
456 return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
457 }
458
459 return array('success' => 'true');
460 }
461
462 function findGroups($params)
463 {
464 if( is_array($error = secureRequest($params, FALSE)) )
465 {
466 return $error;
467 }
468
469 global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon;
470 $search = mysql_real_escape_string( $params['Search'] );
471
472 $sql = " SELECT osgroup.GroupID, osgroup.Name, count(osgroupmembership.AgentID) as Members "
473 ." FROM osgroup LEFT JOIN osgroupmembership ON (osgroup.GroupID = osgroupmembership.GroupID) "
474 ." WHERE "
475 ." ( MATCH (osgroup.name) AGAINST ('$search' IN BOOLEAN MODE)"
476 ." OR osgroup.name LIKE '%$search%'"
477 ." OR osgroup.name REGEXP '$search'"
478 ." ) AND ShowInList = 1"
479 ." GROUP BY osgroup.GroupID, osgroup.Name";
480
481 $result = mysql_query($sql, $groupDBCon);
482
483 if (!$result)
484 {
485 return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
486 }
487
488 if( mysql_num_rows($result) == 0 )
489 {
490 return array('succeed' => 'false', 'error' => 'No groups found.', 'params' => var_export($params, TRUE), 'sql' => $sql);
491 }
492
493 $results = array();
494
495 while ($row = mysql_fetch_assoc($result))
496 {
497 $groupID = $row['GroupID'];
498 $results[$groupID] = $row;
499 }
500
501 return array('results' => $results, 'success' => TRUE);
502 }
503
504 function _setAgentActiveGroup($params)
505 {
506 global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon;
507 $agentID = mysql_real_escape_string( $params['AgentID'] );
508 $groupID = mysql_real_escape_string( $params['GroupID'] );
509
510 $sql = " UPDATE osagent "
511 ." SET ActiveGroupID = '$groupID'"
512 ." WHERE AgentID = '$agentID'";
513
514 if (!mysql_query($sql, $groupDBCon))
515 {
516 return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
517 }
518
519 if( mysql_affected_rows() == 0 )
520 {
521 $sql = " INSERT INTO osagent (ActiveGroupID, AgentID) VALUES "
522 ." ('$groupID', '$agentID')";
523
524 if (!mysql_query($sql, $groupDBCon))
525 {
526 return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
527 }
528 }
529
530 return array("success" => "true");
531 }
532
533 function setAgentActiveGroup($params)
534 {
535 if( is_array($error = secureRequest($params, TRUE)) )
536 {
537 return $error;
538 }
539
540 global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon;
541 $agentID = $params['AgentID'];
542 $groupID = $params['GroupID'];
543
544 if( isset($requestingAgent) && ($requestingAgent != $uuidZero) && ($requestingAgent != $agentID) )
545 {
546 return array('error' => "Agent can only change their own Selected Group Role", 'params' => var_export($params, TRUE));
547 }
548
549 return _setAgentActiveGroup($params);
550 }
551
552 function addAgentToGroup($params)
553 {
554 if( is_array($error = secureRequest($params, TRUE)) )
555 {
556 return $error;
557 }
558
559 global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers;
560 $groupID = $params["GroupID"];
561 $agentID = $params["AgentID"];
562
563 if( is_array($error = checkGroupPermission($groupID, $groupPowers['AssignMember'])) )
564 {
565 // If they don't have direct permission, check to see if the group is marked for open enrollment
566 $groupInfo = _getGroup( array ('GroupID' => $groupID) );
567
568 if( isset($groupInfo['error']))
569 {
570 return $groupInfo;
571 }
572
573 if($groupInfo['OpenEnrollment'] != 1)
574 {
575 $escapedAgentID = mysql_real_escape_string($agentID);
576 $escapedGroupID = mysql_real_escape_string($groupID);
577
578 // Group is not open enrollment, check if the specified agentid has an invite
579 $sql = " SELECT GroupID, RoleID, AgentID FROM osgroupinvite"
580 ." WHERE osgroupinvite.AgentID = '$escapedAgentID' AND osgroupinvite.GroupID = '$escapedGroupID'";
581
582 $results = mysql_query($sql, $groupDBCon);
583 if (!$results)
584 {
585 return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
586 }
587
588 if( mysql_num_rows($results) == 1 )
589 {
590 // if there is an invite, make sure we're adding the user to the role specified in the invite
591 $inviteInfo = mysql_fetch_assoc($results);
592 $params['RoleID'] = $inviteInfo['RoleID'];
593 }
594 else
595 {
596 // Not openenrollment, not invited, return permission denied error
597 return $error;
598 }
599 }
600 }
601
602 return _addAgentToGroup($params);
603 }
604
605 // Private method, does not include security, to only be called from places that have already verified security
606 function _addAgentToGroup($params)
607 {
608 global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon;
609 $agentID = $params["AgentID"];
610 $groupID = $params["GroupID"];
611
612 $roleID = $uuidZero;
613 if( isset($params["RoleID"]) )
614 {
615 $roleID = $params["RoleID"];
616 }
617
618 $escapedAgentID = mysql_real_escape_string($agentID);
619 $escapedGroupID = mysql_real_escape_string($groupID);
620 $escapedRoleID = mysql_real_escape_string($roleID);
621
622 // Check if agent already a member
623 $sql = " SELECT count(AgentID) as isMember FROM osgroupmembership WHERE AgentID = '$escapedAgentID' AND GroupID = '$escapedGroupID'";
624 $result = mysql_query($sql, $groupDBCon);
625 if (!$result)
626 {
627 return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
628 }
629
630 // If not a member, add membership, select role (defaults to uuidZero, or everyone role)
631 if( mysql_result($result, 0) == 0 )
632 {
633 $sql = " INSERT INTO osgroupmembership (GroupID, AgentID, Contribution, ListInProfile, AcceptNotices, SelectedRoleID) VALUES "
634 ."('$escapedGroupID','$escapedAgentID', 0, 1, 1,'$escapedRoleID')";
635
636 if (!mysql_query($sql, $groupDBCon))
637 {
638 return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
639 }
640 }
641
642 // Make sure they're in the Everyone role
643 $result = _addAgentToGroupRole(array("GroupID" => $groupID, "RoleID" => $uuidZero, "AgentID" => $agentID));
644 if( isset($result['error']) )
645 {
646 return $result;
647 }
648
649 // Make sure they're in specified role, if they were invited
650 if( $roleID != $uuidZero )
651 {
652 $result = _addAgentToGroupRole(array("GroupID" => $groupID, "RoleID" => $roleID, "AgentID" => $agentID));
653 if( isset($result['error']) )
654 {
655 return $result;
656 }
657 }
658
659 //Set the role they were invited to as their selected role
660 _setAgentGroupSelectedRole(array('AgentID' => $agentID, 'RoleID' => $roleID, 'GroupID' => $groupID));
661
662 // Set the group as their active group.
663 // _setAgentActiveGroup(array("GroupID" => $groupID, "AgentID" => $agentID));
664
665 return array("success" => "true");
666 }
667
668 function removeAgentFromGroup($params)
669 {
670 if( is_array($error = secureRequest($params, TRUE)) )
671 {
672 return $error;
673 }
674
675 global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers;
676 $agentID = $params["AgentID"];
677 $groupID = $params["GroupID"];
678
679 // An agent is always allowed to remove themselves from a group -- so only check if the requesting agent is different then the agent being removed.
680 if( $agentID != $requestingAgent )
681 {
682 if( is_array($error = checkGroupPermission($groupID, $groupPowers['RemoveMember'])) )
683 {
684 return $error;
685 }
686 }
687
688 $escapedAgentID = mysql_real_escape_string($agentID);
689 $escapedGroupID = mysql_real_escape_string($groupID);
690
691 // 1. If group is agent's active group, change active group to uuidZero
692 // 2. Remove Agent from group (osgroupmembership)
693 // 3. Remove Agent from all of the groups roles (osgrouprolemembership)
694
695 $sql = " UPDATE osagent "
696 ." SET ActiveGroupID = '$uuidZero'"
697 ." WHERE AgentID = '$escapedAgentID' AND ActiveGroupID = '$escapedGroupID'";
698
699 if (!mysql_query($sql, $groupDBCon))
700 {
701 return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
702 }
703
704 $sql = " DELETE FROM osgroupmembership "
705 ." WHERE AgentID = '$agentID' AND GroupID = '$groupID'";
706 if (!mysql_query($sql, $groupDBCon))
707 {
708 return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
709 }
710
711 $sql = " DELETE FROM osgrouprolemembership "
712 ." WHERE AgentID = '$escapedAgentID' AND GroupID = '$escapedGroupID'";
713 if (!mysql_query($sql, $groupDBCon))
714 {
715 return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
716 }
717
718 return array("success" => "true");
719 }
720
721 function _addAgentToGroupRole($params)
722 {
723 global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon;
724 $agentID = mysql_real_escape_string($params["AgentID"]);
725 $groupID = mysql_real_escape_string($params["GroupID"]);
726 $roleID = mysql_real_escape_string($params["RoleID"]);
727
728 // Check if agent already a member
729 $sql = " SELECT count(AgentID) as isMember FROM osgrouprolemembership WHERE AgentID = '$agentID' AND RoleID = '$roleID' AND GroupID = '$groupID'";
730 $result = mysql_query($sql, $groupDBCon);
731 if (!$result)
732 {
733 return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
734 }
735
736 if( mysql_result($result, 0) == 0 )
737 {
738 $sql = " INSERT INTO osgrouprolemembership (GroupID, RoleID, AgentID) VALUES "
739 ."('$groupID', '$roleID', '$agentID')";
740
741 if (!mysql_query($sql, $groupDBCon))
742 {
743 return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
744 }
745 }
746
747 return array("success" => "true");
748 }
749
750 function addAgentToGroupRole($params)
751 {
752 if( is_array($error = secureRequest($params, TRUE)) )
753 {
754 return $error;
755 }
756
757 global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers;
758 $agentID = $params["AgentID"];
759 $groupID = $params["GroupID"];
760 $roleID = $params["RoleID"];
761
762 $escapedAgentID = mysql_real_escape_string($agentID);
763 $escapedGroupID = mysql_real_escape_string($groupID);
764 $escapedRoleID = mysql_real_escape_string($roleID);
765
766 // Check if being assigned to Owners role, assignments to an owners role can only be requested by owners.
767 $sql = " SELECT OwnerRoleID, osgrouprolemembership.AgentID "
768 ." FROM osgroup LEFT JOIN osgrouprolemembership ON (osgroup.GroupID = osgrouprolemembership.GroupID AND osgroup.OwnerRoleID = osgrouprolemembership.RoleID) "
769 ." WHERE osgrouprolemembership.AgentID = '" . mysql_real_escape_string($requestingAgent) . "' AND osgroup.GroupID = '$escapedGroupID'";
770
771 $results = mysql_query($sql, $groupDBCon);
772 if (!$results)
773 {
774 return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
775 }
776
777 if( mysql_num_rows($results) == 0 )
778 {
779 return array('error' => "Group ($groupID) not found or Agent ($agentID) is not in the owner's role", 'params' => var_export($params, TRUE));
780 }
781
782 $ownerRoleInfo = mysql_fetch_assoc($results);
783 if( ($ownerRoleInfo['OwnerRoleID'] == $roleID) && ($ownerRoleInfo['AgentID'] != $requestingAgent) )
784 {
785 return array('error' => "Requesting agent $requestingAgent is not a member of the Owners Role and cannot add members to the owners role.", 'params' => var_export($params, TRUE));
786 }
787
788 if( is_array($error = checkGroupPermission($groupID, $groupPowers['AssignMember'])) )
789 {
790 return $error;
791 }
792
793 return _addAgentToGroupRole($params);
794 }
795
796 function removeAgentFromGroupRole($params)
797 {
798 if( is_array($error = secureRequest($params, TRUE)) )
799 {
800 return $error;
801 }
802
803 global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers;
804 $agentID = mysql_real_escape_string($params["AgentID"]);
805 $groupID = mysql_real_escape_string($params["GroupID"]);
806 $roleID = mysql_real_escape_string($params["RoleID"]);
807
808 if( is_array($error = checkGroupPermission($groupID, $groupPowers['AssignMember'])) )
809 {
810 return $error;
811 }
812
813 // If agent has this role selected, change their selection to everyone (uuidZero) role
814 $sql = " UPDATE osgroupmembership SET SelectedRoleID = '$uuidZero' WHERE AgentID = '$agentID' AND GroupID = '$groupID' AND SelectedRoleID = '$roleID'";
815 $result = mysql_query($sql, $groupDBCon);
816 if (!$result)
817 {
818 return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
819 }
820
821 $sql = " DELETE FROM osgrouprolemembership WHERE AgentID = '$agentID' AND GroupID = '$groupID' AND RoleID = '$roleID'";
822
823 if (!mysql_query($sql, $groupDBCon))
824 {
825 return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
826 }
827
828 return array("success" => "true");
829 }
830
831 function _setAgentGroupSelectedRole($params)
832 {
833 global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon;
834 $agentID = mysql_real_escape_string($params["AgentID"]);
835 $groupID = mysql_real_escape_string($params["GroupID"]);
836 $roleID = mysql_real_escape_string($params["RoleID"]);
837
838 $sql = " UPDATE osgroupmembership SET SelectedRoleID = '$roleID' WHERE AgentID = '$agentID' AND GroupID = '$groupID'";
839 $result = mysql_query($sql, $groupDBCon);
840 if (!$result)
841 {
842 return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
843 }
844
845 return array('success' => 'true');
846 }
847
848 function setAgentGroupSelectedRole($params)
849 {
850 if( is_array($error = secureRequest($params, TRUE)) )
851 {
852 return $error;
853 }
854
855 global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon;
856 $agentID = $params["AgentID"];
857 $groupID = $params["GroupID"];
858 $roleID = $params["RoleID"];
859
860 if( isset($requestingAgent) && ($requestingAgent != $uuidZero) && ($requestingAgent != $agentID) )
861 {
862 return array('error' => "Agent can only change their own Selected Group Role", 'params' => var_export($params, TRUE));
863 }
864
865 return _setAgentGroupSelectedRole($params);
866 }
867
868 function getAgentGroupMembership($params)
869 {
870 if( is_array($error = secureRequest($params, FALSE)) )
871 {
872 return $error;
873 }
874
875 global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon;
876 $groupID = mysql_real_escape_string($params['GroupID']);
877 $agentID = mysql_real_escape_string($params['AgentID']);
878
879 $sql = " SELECT osgroup.GroupID, osgroup.Name as GroupName, osgroup.Charter, osgroup.InsigniaID, osgroup.FounderID, osgroup.MembershipFee, osgroup.OpenEnrollment, osgroup.ShowInList, osgroup.AllowPublish, osgroup.MaturePublish"
880 ." , osgroupmembership.Contribution, osgroupmembership.ListInProfile, osgroupmembership.AcceptNotices"
881 ." , osgroupmembership.SelectedRoleID, osrole.Title"
882 ." , osagent.ActiveGroupID "
883 ." FROM osgroup JOIN osgroupmembership ON (osgroup.GroupID = osgroupmembership.GroupID)"
884 ." JOIN osrole ON (osgroupmembership.SelectedRoleID = osrole.RoleID AND osgroupmembership.GroupID = osrole.GroupID)"
885 ." JOIN osagent ON (osagent.AgentID = osgroupmembership.AgentID)"
886 ." WHERE osgroup.GroupID = '$groupID' AND osgroupmembership.AgentID = '$agentID'";
887
888 $groupmembershipResult = mysql_query($sql, $groupDBCon);
889 if (!$groupmembershipResult)
890 {
891 return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
892 }
893
894 if( mysql_num_rows($groupmembershipResult) == 0 )
895 {
896 return array('succeed' => 'false', 'error' => 'None Found', 'params' => var_export($params, TRUE), 'sql' => $sql);
897 }
898
899 $groupMembershipInfo = mysql_fetch_assoc($groupmembershipResult);
900
901 $sql = " SELECT BIT_OR(osrole.Powers) AS GroupPowers"
902 ." FROM osgrouprolemembership JOIN osrole ON (osgrouprolemembership.GroupID = osrole.GroupID AND osgrouprolemembership.RoleID = osrole.RoleID)"
903 ." WHERE osgrouprolemembership.GroupID = '$groupID' AND osgrouprolemembership.AgentID = '$agentID'";
904 $groupPowersResult = mysql_query($sql, $groupDBCon);
905 if (!$groupPowersResult)
906 {
907 return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
908 }
909 $groupPowersInfo = mysql_fetch_assoc($groupPowersResult);
910
911 return array_merge($groupMembershipInfo, $groupPowersInfo);
912 }
913
914 function getAgentGroupMemberships($params)
915 {
916 if( is_array($error = secureRequest($params, FALSE)) )
917 {
918 return $error;
919 }
920
921 global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon;
922 $agentID = mysql_real_escape_string($params['AgentID']);
923
924 $sql = " SELECT osgroup.GroupID, osgroup.Name as GroupName, osgroup.Charter, osgroup.InsigniaID, osgroup.FounderID, osgroup.MembershipFee, osgroup.OpenEnrollment, osgroup.ShowInList, osgroup.AllowPublish, osgroup.MaturePublish"
925 ." , osgroupmembership.Contribution, osgroupmembership.ListInProfile, osgroupmembership.AcceptNotices"
926 ." , osgroupmembership.SelectedRoleID, osrole.Title"
927 ." , IFNULL(osagent.ActiveGroupID, '$uuidZero') AS ActiveGroupID"
928 ." FROM osgroup JOIN osgroupmembership ON (osgroup.GroupID = osgroupmembership.GroupID)"
929 ." JOIN osrole ON (osgroupmembership.SelectedRoleID = osrole.RoleID AND osgroupmembership.GroupID = osrole.GroupID)"
930 ." LEFT JOIN osagent ON (osagent.AgentID = osgroupmembership.AgentID)"
931 ." WHERE osgroupmembership.AgentID = '$agentID'";
932
933 $groupmembershipResults = mysql_query($sql, $groupDBCon);
934 if (!$groupmembershipResults)
935 {
936 return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
937 }
938
939 if( mysql_num_rows($groupmembershipResults) == 0 )
940 {
941 return array('succeed' => 'false', 'error' => 'No Memberships', 'params' => var_export($params, TRUE), 'sql' => $sql);
942 }
943
944 $groupResults = array();
945 while($groupMembershipInfo = mysql_fetch_assoc($groupmembershipResults))
946 {
947 $groupID = $groupMembershipInfo['GroupID'];
948 $sql = " SELECT BIT_OR(osrole.Powers) AS GroupPowers"
949 ." FROM osgrouprolemembership JOIN osrole ON (osgrouprolemembership.GroupID = osrole.GroupID AND osgrouprolemembership.RoleID = osrole.RoleID)"
950 ." WHERE osgrouprolemembership.GroupID = '$groupID' AND osgrouprolemembership.AgentID = '$agentID'";
951 $groupPowersResult = mysql_query($sql, $groupDBCon);
952 if (!$groupPowersResult)
953 {
954 return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
955 }
956 $groupPowersInfo = mysql_fetch_assoc($groupPowersResult);
957 $groupResults[$groupID] = array_merge($groupMembershipInfo, $groupPowersInfo);
958 }
959
960 return $groupResults;
961 }
962
963 // Parameters should not already be mysql_real_escape_string() escaped
964 function canAgentViewRoleMembers( $agentID, $groupID, $roleID )
965 {
966 global $membersVisibleTo, $groupDBCon;
967
968 if( $membersVisibleTo == 'All' )
969 return true;
970
971 $agentID = mysql_real_escape_string($agentID);
972 $groupID = mysql_real_escape_string($groupID);
973 $roleID = mysql_real_escape_string($roleID);
974
975 $sql = " SELECT CASE WHEN min(OwnerRoleMembership.AgentID) IS NOT NULL THEN 1 ELSE 0 END AS IsOwner ";
976 $sql .= " FROM osgroup JOIN osgroupmembership ON (osgroup.GroupID = osgroupmembership.GroupID AND osgroupmembership.AgentID = '$agentID')";
977 $sql .= " LEFT JOIN osgrouprolemembership AS OwnerRoleMembership ON (OwnerRoleMembership.GroupID = osgroup.GroupID ";
978 $sql .= " AND OwnerRoleMembership.RoleID = osgroup.OwnerRoleID ";
979 $sql .= " AND OwnerRoleMembership.AgentID = '$agentID')";
980 $sql .= " WHERE osgroup.GroupID = '$groupID' GROUP BY osgroup.GroupID";
981
982 $viewMemberResults = mysql_query($sql, $groupDBCon);
983 if (!$viewMemberResults)
984 {
985 return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error());
986 }
987
988 if (mysql_num_rows($viewMemberResults) == 0)
989 {
990 return false;
991 }
992
993 $viewMemberInfo = mysql_fetch_assoc($viewMemberResults);
994
995 switch( $membersVisibleTo )
996 {
997 case 'Group':
998 // if we get to here, there is at least one row, so they are a member of the group
999 return true;
1000 case 'Owners':
1001 default:
1002 return $viewMemberInfo['IsOwner'];
1003 }
1004 }
1005
1006 function getGroupMembers($params)
1007 {
1008 if( is_array($error = secureRequest($params, FALSE)) )
1009 {
1010 return $error;
1011 }
1012
1013 global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers;
1014 $groupID = $params['GroupID'];
1015 $escapedGroupID = mysql_real_escape_string($groupID);
1016
1017 $sql = " SELECT osgroupmembership.AgentID"
1018 ." , osgroupmembership.Contribution, osgroupmembership.ListInProfile, osgroupmembership.AcceptNotices"
1019 ." , osgroupmembership.SelectedRoleID, osrole.Title"
1020 ." , CASE WHEN OwnerRoleMembership.AgentID IS NOT NULL THEN 1 ELSE 0 END AS IsOwner"
1021 ." FROM osgroup JOIN osgroupmembership ON (osgroup.GroupID = osgroupmembership.GroupID)"
1022 ." JOIN osrole ON (osgroupmembership.SelectedRoleID = osrole.RoleID AND osgroupmembership.GroupID = osrole.GroupID)"
1023 ." JOIN osrole AS OwnerRole ON (osgroup.OwnerRoleID = OwnerRole.RoleID AND osgroup.GroupID = OwnerRole.GroupID)"
1024 ." LEFT JOIN osgrouprolemembership AS OwnerRoleMembership ON (osgroup.OwnerRoleID = OwnerRoleMembership.RoleID
1025 AND (osgroup.GroupID = OwnerRoleMembership.GroupID)
1026 AND (osgroupmembership.AgentID = OwnerRoleMembership.AgentID))"
1027 ." WHERE osgroup.GroupID = '$escapedGroupID'";
1028
1029 $groupmemberResults = mysql_query($sql, $groupDBCon);
1030 if (!$groupmemberResults)
1031 {
1032 return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
1033 }
1034
1035 if (mysql_num_rows($groupmemberResults) == 0)
1036 {
1037 return array('succeed' => 'false', 'error' => 'No Group Members found', 'params' => var_export($params, TRUE), 'sql' => $sql);
1038 }
1039
1040 $roleMembersVisibleBit = $groupPowers['RoleMembersVisible'];
1041 $canViewAllGroupRoleMembers = canAgentViewRoleMembers($requestingAgent, $groupID, '');
1042
1043 $memberResults = array();
1044 while ($memberInfo = mysql_fetch_assoc($groupmemberResults))
1045 {
1046 $agentID = $memberInfo['AgentID'];
1047 $sql = " SELECT BIT_OR(osrole.Powers) AS AgentPowers, ( BIT_OR(osrole.Powers) & $roleMembersVisibleBit) as MemberVisible"
1048 ." FROM osgrouprolemembership JOIN osrole ON (osgrouprolemembership.GroupID = osrole.GroupID AND osgrouprolemembership.RoleID = osrole.RoleID)"
1049 ." WHERE osgrouprolemembership.GroupID = '$escapedGroupID' AND osgrouprolemembership.AgentID = '$agentID'";
1050 $memberPowersResult = mysql_query($sql, $groupDBCon);
1051 if (!$memberPowersResult)
1052 {
1053 return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
1054 }
1055
1056 $memberPowersCount = mysql_num_rows($memberPowersResult);
1057 error_log("Found $memberPowersCount rows for agent $agentID for requesting agent $requestingAgent");
1058
1059 if ($memberPowersCount == 0)
1060 {
1061 if ($canViewAllGroupRoleMembers || $agentID == $requestingAgent)
1062 {
1063 $memberResults[$agentID] = array_merge($memberInfo, array('AgentPowers' => 0));
1064 }
1065 else
1066 {
1067 // if can't view all group role members and there is no Member Visible bit, then don't return this member's info
1068 unset($memberResults[$agentID]);
1069 }
1070 }
1071 else
1072 {
1073 $memberPowersInfo = mysql_fetch_assoc($memberPowersResult);
1074 if ($memberPowersInfo['MemberVisible'] || $canViewAllGroupRoleMembers || $agentID == $requestingAgent)
1075 {
1076 $memberResults[$agentID] = array_merge($memberInfo, $memberPowersInfo);
1077 }
1078 else
1079 {
1080 // if can't view all group role members and there is no Member Visible bit, then don't return this member's info
1081 unset($memberResults[$agentID]);
1082 }
1083 }
1084 }
1085
1086 error_log("Returning " . count($memberResults) . " visible members for group $groupID for agent $agentID");
1087
1088 if (count($memberResults) == 0)
1089 {
1090 return array('succeed' => 'false', 'error' => 'No Visible Group Members found', 'params' => var_export($params, TRUE), 'sql' => $sql);
1091 }
1092
1093 return $memberResults;
1094 }
1095
1096 function getAgentActiveMembership($params)
1097 {
1098 if( is_array($error = secureRequest($params, FALSE)) )
1099 {
1100 return $error;
1101 }
1102
1103 global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon;
1104 $agentID = mysql_real_escape_string($params['AgentID']);
1105
1106 $sql = " SELECT osgroup.GroupID, osgroup.Name as GroupName, osgroup.Charter, osgroup.InsigniaID, osgroup.FounderID, osgroup.MembershipFee, osgroup.OpenEnrollment, osgroup.ShowInList, osgroup.AllowPublish, osgroup.MaturePublish"
1107 ." , osgroupmembership.Contribution, osgroupmembership.ListInProfile, osgroupmembership.AcceptNotices"
1108 ." , osgroupmembership.SelectedRoleID, osrole.Title"
1109 ." , osagent.ActiveGroupID "
1110 ." FROM osagent JOIN osgroup ON (osgroup.GroupID = osagent.ActiveGroupID)"
1111 ." JOIN osgroupmembership ON (osgroup.GroupID = osgroupmembership.GroupID AND osagent.AgentID = osgroupmembership.AgentID)"
1112 ." JOIN osrole ON (osgroupmembership.SelectedRoleID = osrole.RoleID AND osgroupmembership.GroupID = osrole.GroupID)"
1113 ." WHERE osagent.AgentID = '$agentID'";
1114
1115 $groupmembershipResult = mysql_query($sql, $groupDBCon);
1116 if (!$groupmembershipResult)
1117 {
1118 return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
1119 }
1120 if (mysql_num_rows($groupmembershipResult) == 0)
1121 {
1122 return array('succeed' => 'false', 'error' => 'No Active Group Specified', 'params' => var_export($params, TRUE), 'sql' => $sql);
1123 }
1124 $groupMembershipInfo = mysql_fetch_assoc($groupmembershipResult);
1125
1126 $groupID = $groupMembershipInfo['GroupID'];
1127 $sql = " SELECT BIT_OR(osrole.Powers) AS GroupPowers"
1128 ." FROM osgrouprolemembership JOIN osrole ON (osgrouprolemembership.GroupID = osrole.GroupID AND osgrouprolemembership.RoleID = osrole.RoleID)"
1129 ." WHERE osgrouprolemembership.GroupID = '$groupID' AND osgrouprolemembership.AgentID = '$agentID'";
1130 $groupPowersResult = mysql_query($sql, $groupDBCon);
1131 if (!$groupPowersResult)
1132 {
1133 return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
1134 }
1135 $groupPowersInfo = mysql_fetch_assoc($groupPowersResult);
1136
1137 return array_merge($groupMembershipInfo, $groupPowersInfo);
1138 }
1139
1140 function getAgentRoles($params)
1141 {
1142 if( is_array($error = secureRequest($params, FALSE)) )
1143 {
1144 return $error;
1145 }
1146
1147 global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon;
1148 $agentID = mysql_real_escape_string($params['AgentID']);
1149
1150 $sql = " SELECT "
1151 ." osrole.RoleID, osrole.GroupID, osrole.Title, osrole.Name, osrole.Description, osrole.Powers"
1152 ." , CASE WHEN osgroupmembership.SelectedRoleID = osrole.RoleID THEN 1 ELSE 0 END AS Selected"
1153 ." FROM osgroupmembership JOIN osgrouprolemembership ON (osgroupmembership.GroupID = osgrouprolemembership.GroupID AND osgroupmembership.AgentID = osgrouprolemembership.AgentID)"
1154 ." JOIN osrole ON ( osgrouprolemembership.RoleID = osrole.RoleID AND osgrouprolemembership.GroupID = osrole.GroupID)"
1155 ." LEFT JOIN osagent ON (osagent.AgentID = osgroupmembership.AgentID)"
1156 ." WHERE osgroupmembership.AgentID = '$agentID'";
1157
1158 if( isset($params['GroupID']) )
1159 {
1160 $groupID = $params['GroupID'];
1161 $sql .= " AND osgroupmembership.GroupID = '$groupID'";
1162 }
1163
1164 $roleResults = mysql_query($sql, $groupDBCon);
1165 if (!$roleResults)
1166 {
1167 return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
1168 }
1169
1170 if( mysql_num_rows($roleResults) == 0 )
1171 {
1172 return array('succeed' => 'false', 'error' => 'None found', 'params' => var_export($params, TRUE), 'sql' => $sql);
1173 }
1174
1175 $roles = array();
1176 while($role = mysql_fetch_assoc($roleResults))
1177 {
1178 $ID = $role['GroupID'].$role['RoleID'];
1179 $roles[$ID] = $role;
1180 }
1181
1182 return $roles;
1183 }
1184
1185 function getGroupRoles($params)
1186 {
1187 if( is_array($error = secureRequest($params, FALSE)) )
1188 {
1189 return $error;
1190 }
1191
1192 global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon;
1193 $groupID = mysql_real_escape_string($params['GroupID']);
1194
1195 $sql = " SELECT "
1196 ." osrole.RoleID, osrole.Name, osrole.Title, osrole.Description, osrole.Powers, count(osgrouprolemembership.AgentID) as Members"
1197 ." FROM osrole LEFT JOIN osgrouprolemembership ON (osrole.GroupID = osgrouprolemembership.GroupID AND osrole.RoleID = osgrouprolemembership.RoleID)"
1198 ." WHERE osrole.GroupID = '$groupID'"
1199 ." GROUP BY osrole.RoleID, osrole.Name, osrole.Title, osrole.Description, osrole.Powers";
1200
1201 $roleResults = mysql_query($sql, $groupDBCon);
1202 if (!$roleResults)
1203 {
1204 return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
1205 }
1206
1207 if( mysql_num_rows($roleResults) == 0 )
1208 {
1209 return array('succeed' => 'false', 'error' => 'No roles found for group', 'params' => var_export($params, TRUE), 'sql' => $sql);
1210 }
1211
1212 $roles = array();
1213 while($role = mysql_fetch_assoc($roleResults))
1214 {
1215 $RoleID = $role['RoleID'];
1216 $roles[$RoleID] = $role;
1217 }
1218
1219 return $roles;
1220 }
1221
1222 function getGroupRoleMembers($params)
1223 {
1224 if( is_array($error = secureRequest($params, FALSE)) )
1225 {
1226 return $error;
1227 }
1228
1229 global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers;
1230 $groupID = $params['GroupID'];
1231
1232 $roleMembersVisibleBit = $groupPowers['RoleMembersVisible'];
1233 $canViewAllGroupRoleMembers = canAgentViewRoleMembers($requestingAgent, $groupID, '');
1234
1235 $escapedGroupID = mysql_real_escape_string($groupID);
1236
1237 $sql = " SELECT "
1238 ." osrole.RoleID, osgrouprolemembership.AgentID"
1239 ." , (osrole.Powers & $roleMembersVisibleBit) as MemberVisible"
1240 ." FROM osrole JOIN osgrouprolemembership ON (osrole.GroupID = osgrouprolemembership.GroupID AND osrole.RoleID = osgrouprolemembership.RoleID)"
1241 ." WHERE osrole.GroupID = '$escapedGroupID'";
1242
1243 $memberResults = mysql_query($sql, $groupDBCon);
1244 if (!$memberResults)
1245 {
1246 return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
1247 }
1248
1249 if( mysql_num_rows($memberResults) == 0 )
1250 {
1251 return array('succeed' => 'false', 'error' => 'No role memberships found for group', 'params' => var_export($params, TRUE), 'sql' => $sql);
1252 }
1253
1254 $members = array();
1255 while($member = mysql_fetch_assoc($memberResults))
1256 {
1257 if( $canViewAllGroupRoleMembers || $member['MemberVisible'] || ($member['AgentID'] == $requestingAgent) )
1258 {
1259 $Key = $member['AgentID'] . $member['RoleID'];
1260 $members[$Key ] = $member;
1261 }
1262 }
1263
1264 if( count($members) == 0 )
1265 {
1266 return array('succeed' => 'false', 'error' => 'No role memberships visible for group', 'params' => var_export($params, TRUE), 'sql' => $sql);
1267 }
1268
1269 return $members;
1270 }
1271
1272 function setAgentGroupInfo($params)
1273 {
1274 if( is_array($error = secureRequest($params, TRUE)) )
1275 {
1276 return $error;
1277 }
1278
1279 global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon;
1280
1281 if (isset($params['AgentID'])) {
1282 $agentID = mysql_real_escape_string($params['AgentID']);
1283 } else {
1284 $agentID = "";
1285 }
1286 if (isset($params['GroupID'])) {
1287 $groupID = mysql_real_escape_string($params['GroupID']);
1288 } else {
1289 $groupID = "";
1290 }
1291 if (isset($params['SelectedRoleID'])) {
1292 $roleID = mysql_real_escape_string($params['SelectedRoleID']);
1293 } else {
1294 $roleID = "";
1295 }
1296 if (isset($params['AcceptNotices'])) {
1297 $acceptNotices = mysql_real_escape_string($params['AcceptNotices']);
1298 } else {
1299 $acceptNotices = 1;
1300 }
1301 if (isset($params['ListInProfile'])) {
1302 $listInProfile = mysql_real_escape_string($params['ListInProfile']);
1303 } else {
1304 $listInProfile = 0;
1305 }
1306
1307 if( isset($requestingAgent) && ($requestingAgent != $uuidZero) && ($requestingAgent != $agentID) )
1308 {
1309 return array('error' => "Agent can only change their own group info", 'params' => var_export($params, TRUE));
1310 }
1311
1312 $sql = " UPDATE "
1313 ." osgroupmembership"
1314 ." SET "
1315 ." AgentID = '$agentID'";
1316
1317 if( isset($params['SelectedRoleID']) )
1318 {
1319 $sql .=" , SelectedRoleID = '$roleID'";
1320 }
1321 if( isset($params['AcceptNotices']) )
1322 {
1323 $sql .=" , AcceptNotices = $acceptNotices";
1324 }
1325 if( isset($params['ListInProfile']) )
1326 {
1327 $sql .=" , ListInProfile = $listInProfile";
1328 }
1329
1330 $sql .=" WHERE osgroupmembership.GroupID = '$groupID' AND osgroupmembership.AgentID = '$agentID'";
1331
1332 $memberResults = mysql_query($sql, $groupDBCon);
1333 if (!$memberResults)
1334 {
1335 return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
1336 }
1337
1338 return array('success'=> 'true');
1339 }
1340
1341 function getGroupNotices($params)
1342 {
1343 if( is_array($error = secureRequest($params, FALSE)) )
1344 {
1345 return $error;
1346 }
1347
1348 global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon;
1349 $groupID = mysql_real_escape_string($params['GroupID']);
1350
1351 $sql = " SELECT "
1352 ." GroupID, NoticeID, Timestamp, FromName, Subject, Message, BinaryBucket"
1353 ." FROM osgroupnotice"
1354 ." WHERE osgroupnotice.GroupID = '$groupID'";
1355
1356 $results = mysql_query($sql, $groupDBCon);
1357 if (!$results)
1358 {
1359 return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
1360 }
1361
1362 if( mysql_num_rows($results) == 0 )
1363 {
1364 return array('succeed' => 'false', 'error' => 'No Notices', 'params' => var_export($params, TRUE), 'sql' => $sql);
1365 }
1366
1367 $notices = array();
1368 while($notice = mysql_fetch_assoc($results))
1369 {
1370 $NoticeID = $notice['NoticeID'];
1371 $notices[$NoticeID] = $notice;
1372 }
1373
1374 return $notices;
1375 }
1376
1377 function getGroupNotice($params)
1378 {
1379 if( is_array($error = secureRequest($params, FALSE)) )
1380 {
1381 return $error;
1382 }
1383
1384 global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon;
1385 $noticeID = mysql_real_escape_string($params['NoticeID']);
1386
1387 $sql = " SELECT "
1388 ." GroupID, NoticeID, Timestamp, FromName, Subject, Message, BinaryBucket"
1389 ." FROM osgroupnotice"
1390 ." WHERE osgroupnotice.NoticeID = '$noticeID'";
1391
1392 $results = mysql_query($sql, $groupDBCon);
1393 if (!$results)
1394 {
1395 return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
1396 }
1397
1398 if( mysql_num_rows($results) == 0 )
1399 {
1400 return array('succeed' => 'false', 'error' => 'Group Notice Not Found', 'params' => var_export($params, TRUE), 'sql' => $sql);
1401 }
1402
1403 return mysql_fetch_assoc($results);
1404 }
1405
1406 function addGroupNotice($params)
1407 {
1408 if( is_array($error = secureRequest($params, TRUE)) )
1409 {
1410 return $error;
1411 }
1412
1413 global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers;
1414 $groupID = mysql_real_escape_string($params['GroupID']);
1415 $noticeID = mysql_real_escape_string($params['NoticeID']);
1416 $fromName = mysql_real_escape_string($params['FromName']);
1417 $subject = mysql_real_escape_string($params['Subject']);
1418 $binaryBucket = mysql_real_escape_string($params['BinaryBucket']);
1419 $message = mysql_real_escape_string($params['Message']);
1420 $timeStamp = mysql_real_escape_string($params['TimeStamp']);
1421
1422 if( is_array($error = checkGroupPermission($groupID, $groupPowers['SendNotices'])) )
1423 {
1424 return $error;
1425 }
1426
1427 $sql = " INSERT INTO osgroupnotice"
1428 ." (GroupID, NoticeID, Timestamp, FromName, Subject, Message, BinaryBucket)"
1429 ." VALUES "
1430 ." ('$groupID', '$noticeID', $timeStamp, '$fromName', '$subject', '$message', '$binaryBucket')";
1431
1432 $results = mysql_query($sql, $groupDBCon);
1433 if (!$results)
1434 {
1435 return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
1436 }
1437
1438 return array('success' => 'true');
1439 }
1440
1441 function addAgentToGroupInvite($params)
1442 {
1443 if( is_array($error = secureRequest($params, TRUE)) )
1444 {
1445 return $error;
1446 }
1447
1448 global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers;
1449
1450 if( is_array($error = checkGroupPermission($params['GroupID'], $groupPowers['Invite'])) )
1451 {
1452 return $error;
1453 }
1454
1455 $inviteID = mysql_real_escape_string($params['InviteID']);
1456 $groupID = mysql_real_escape_string($params['GroupID']);
1457 $roleID = mysql_real_escape_string($params['RoleID']);
1458 $agentID = mysql_real_escape_string($params['AgentID']);
1459
1460 // Remove any existing invites for this agent to this group
1461 $sql = " DELETE FROM osgroupinvite"
1462 ." WHERE osgroupinvite.AgentID = '$agentID' AND osgroupinvite.GroupID = '$groupID'";
1463
1464 $results = mysql_query($sql, $groupDBCon);
1465 if (!$results)
1466 {
1467 return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
1468 }
1469
1470 // Add new invite for this agent to this group for the specifide role
1471 $sql = " INSERT INTO osgroupinvite"
1472 ." (InviteID, GroupID, RoleID, AgentID) VALUES ('$inviteID', '$groupID', '$roleID', '$agentID')";
1473
1474 $results = mysql_query($sql, $groupDBCon);
1475 if (!$results)
1476 {
1477 return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
1478 }
1479
1480 return array('success' => 'true');
1481 }
1482
1483 function getAgentToGroupInvite($params)
1484 {
1485 if( is_array($error = secureRequest($params, FALSE)) )
1486 {
1487 return $error;
1488 }
1489
1490 global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon;
1491 $inviteID = mysql_real_escape_string($params['InviteID']);
1492
1493 $sql = " SELECT GroupID, RoleID, AgentID FROM osgroupinvite"
1494 ." WHERE osgroupinvite.InviteID = '$inviteID'";
1495
1496 $results = mysql_query($sql, $groupDBCon);
1497 if (!$results)
1498 {
1499 return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
1500 }
1501
1502 if( mysql_num_rows($results) == 1 )
1503 {
1504 $inviteInfo = mysql_fetch_assoc($results);
1505 $groupID = $inviteInfo['GroupID'];
1506 $roleID = $inviteInfo['RoleID'];
1507 $agentID = $inviteInfo['AgentID'];
1508
1509 return array('success' => 'true', 'GroupID'=>$groupID, 'RoleID'=>$roleID, 'AgentID'=>$agentID);
1510 }
1511 else
1512 {
1513 return array('succeed' => 'false', 'error' => 'Invitation not found', 'params' => var_export($params, TRUE), 'sql' => $sql);
1514 }
1515 }
1516
1517 function removeAgentToGroupInvite($params)
1518 {
1519 if( is_array($error = secureRequest($params, TRUE)) )
1520 {
1521 return $error;
1522 }
1523
1524 global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon;
1525 $inviteID = mysql_real_escape_string($params['InviteID']);
1526
1527 $sql = " DELETE FROM osgroupinvite"
1528 ." WHERE osgroupinvite.InviteID = '$inviteID'";
1529
1530 $results = mysql_query($sql, $groupDBCon);
1531 if (!$results)
1532 {
1533 return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
1534 }
1535
1536 return array('success' => 'true');
1537 }
1538
1539 function secureRequest($params, $write = FALSE)
1540 {
1541 global $groupWriteKey, $groupReadKey, $verifiedReadKey, $verifiedWriteKey, $groupRequireAgentAuthForWrite, $requestingAgent;
1542 global $overrideAgentUserService;
1543
1544 // Cache this for access by other security functions
1545 $requestingAgent = $params['RequestingAgentID'];
1546
1547 if( isset($groupReadKey) && ($groupReadKey != '') && (!isset($verifiedReadKey) || ($verifiedReadKey !== TRUE)) )
1548 {
1549 if( !isset($params['ReadKey']) || ($params['ReadKey'] != $groupReadKey ) )
1550 {
1551 return array('error' => "Invalid (or No) Read Key Specified", 'params' => var_export($params, TRUE));
1552 }
1553 else
1554 {
1555 $verifiedReadKey = TRUE;
1556 }
1557 }
1558
1559 if( ($write == TRUE) && isset($groupWriteKey) && ($groupWriteKey != '') && (!isset($verifiedWriteKey) || ($verifiedWriteKey !== TRUE)) )
1560 {
1561 if( !isset($params['WriteKey']) || ($params['WriteKey'] != $groupWriteKey ) )
1562 {
1563 return array('error' => "Invalid (or No) Write Key Specified", 'params' => var_export($params, TRUE));
1564 }
1565 else
1566 {
1567 $verifiedWriteKey = TRUE;
1568 }
1569 }
1570
1571 if( ($write == TRUE) && isset($groupRequireAgentAuthForWrite) && ($groupRequireAgentAuthForWrite == TRUE) )
1572 {
1573 // Note: my brain can't do boolean logic this morning, so just putting this here instead of integrating with line above.
1574 // If the write key has already been verified for this request, don't check it again. This comes into play with methods that call other methods, such as CreateGroup() which calls Addrole()
1575 if( isset($verifiedWriteKey) && ($verifiedWriteKey !== TRUE))
1576 {
1577 return TRUE;
1578 }
1579
1580 if( !isset($params['RequestingAgentID'])
1581 || !isset($params['RequestingAgentUserService'])
1582 || !isset($params['RequestingSessionID']) )
1583 {
1584 return array('error' => "Requesting AgentID and SessionID must be specified", 'params' => var_export($params, TRUE));
1585 }
1586
1587 // NOTE: an AgentID and SessionID of $uuidZero will likely be a region making a request, that is not tied to a specific agent making the request.
1588
1589 $UserService = $params['RequestingAgentUserService'];
1590 if( isset($overrideAgentUserService) && ($overrideAgentUserService != "") )
1591 {
1592 $UserService = $overrideAgentUserService;
1593 }
1594
1595 $client = new xmlrpc_client($UserService);
1596 $client->return_type = 'phpvals';
1597
1598 $verifyParams = new xmlrpcval(array('avatar_uuid' => new xmlrpcval($params['RequestingAgentID'], 'string')
1599 ,'session_id' => new xmlrpcval($params['RequestingSessionID'], 'string'))
1600 , 'struct');
1601
1602 $message = new xmlrpcmsg("check_auth_session", array($verifyParams));
1603 $resp = $client->send($message, 5);
1604 if ($resp->faultCode())
1605 {
1606 return array('error' => "Error validating AgentID and SessionID"
1607 , 'xmlrpcerror'=> $resp->faultString()
1608 , 'params' => var_export($params, TRUE));
1609 }
1610
1611 $verifyReturn = $resp->value();
1612
1613 if( !isset($verifyReturn['auth_session']) || ($verifyReturn['auth_session'] != 'TRUE') )
1614 {
1615 return array('error' => "UserService.check_auth_session() did not return TRUE"
1616 , 'userservice' => var_export($verifyReturn, TRUE)
1617 , 'params' => var_export($params, TRUE));
1618
1619 }
1620 }
1621
1622 return TRUE;
1623 }
1624
1625 function checkGroupPermission($GroupID, $Permission)
1626 {
1627 global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers;
1628
1629 if( !isset($Permission) || ($Permission == 0) )
1630 {
1631 return array('error' => 'No Permission value specified for checkGroupPermission'
1632 , 'Permission' => $Permission);
1633 }
1634
1635 // If it isn't set to true, then always return true, otherwise verify they have perms
1636 if( !isset($groupEnforceGroupPerms) || ($groupEnforceGroupPerms != TRUE) )
1637 {
1638 return true;
1639 }
1640
1641 if( !isset($requestingAgent) || ($requestingAgent == $uuidZero) )
1642 {
1643 return array('error' => 'Requesting agent was either not specified or not validated.'
1644 , 'requestingAgent' => $requestingAgent);
1645 }
1646
1647 $params = array('AgentID' => $requestingAgent, 'GroupID' => $GroupID);
1648 $reqAgentMembership = getAgentGroupMembership($params);
1649
1650 if( isset($reqAgentMembership['error'] ) )
1651 {
1652 return array('error' => 'Could not get agent membership for group'
1653 , 'params' => var_export($params, TRUE)
1654 , 'nestederror' => $reqAgentMembership['error']);
1655 }
1656
1657 // Worlds ugliest bitwise operation, EVER
1658 $PermMask = $reqAgentMembership['GroupPowers'];
1659 $PermValue = $Permission;
1660
1661 global $groupDBCon;
1662 $sql = " SELECT $PermMask & $PermValue AS Allowed";
1663 $results = mysql_query($sql, $groupDBCon);
1664 if (!$results)
1665 {
1666 echo print_r( array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error()));
1667 }
1668 $PermMasked = mysql_result($results, 0);
1669
1670 if( $PermMasked != $Permission )
1671 {
1672 $permNames = array_flip($groupPowers);
1673
1674 return array('error' => 'Agent does not have group power to ' . $Permission .'('.$permNames[$Permission].')'
1675 , 'PermMasked' => $PermMasked
1676 , 'params' => var_export($params, TRUE)
1677 , 'permBitMaskSql' => $sql
1678 , 'Permission' => $Permission);
1679 }
1680
1681 /*
1682 return array('error' => 'Reached end'
1683 , 'reqAgentMembership' => var_export($reqAgentMembership, TRUE)
1684 , 'GroupID' => $GroupID
1685 , 'Permission' => $Permission
1686 , 'PermMasked' => $PermMasked
1687 );
1688 */
1689 return TRUE;
1690 }
1691
1692
1693 $s = new xmlrpc_server(array(
1694 "test" => array("function" => "test")
1695 , "groups.createGroup" => array("function" => "createGroup", "signature" => $common_sig)
1696 , "groups.updateGroup" => array("function" => "updateGroup", "signature" => $common_sig)
1697 , "groups.getGroup" => array("function" => "getGroup", "signature" => $common_sig)
1698 , "groups.findGroups" => array("function" => "findGroups", "signature" => $common_sig)
1699
1700 , "groups.getGroupRoles" => array("function" => "getGroupRoles", "signature" => $common_sig)
1701 , "groups.addRoleToGroup" => array("function" => "addRoleToGroup", "signature" => $common_sig)
1702 , "groups.removeRoleFromGroup" => array("function" => "removeRoleFromGroup", "signature" => $common_sig)
1703 , "groups.updateGroupRole" => array("function" => "updateGroupRole", "signature" => $common_sig)
1704 , "groups.getGroupRoleMembers" => array("function" => "getGroupRoleMembers", "signature" => $common_sig)
1705
1706 , "groups.setAgentGroupSelectedRole" => array("function" => "setAgentGroupSelectedRole", "signature" => $common_sig)
1707 , "groups.addAgentToGroupRole" => array("function" => "addAgentToGroupRole", "signature" => $common_sig)
1708 , "groups.removeAgentFromGroupRole" => array("function" => "removeAgentFromGroupRole", "signature" => $common_sig)
1709
1710 , "groups.getGroupMembers" => array("function" => "getGroupMembers", "signature" => $common_sig)
1711 , "groups.addAgentToGroup" => array("function" => "addAgentToGroup", "signature" => $common_sig)
1712 , "groups.removeAgentFromGroup" => array("function" => "removeAgentFromGroup", "signature" => $common_sig)
1713 , "groups.setAgentGroupInfo" => array("function" => "setAgentGroupInfo", "signature" => $common_sig)
1714
1715 , "groups.addAgentToGroupInvite" => array("function" => "addAgentToGroupInvite", "signature" => $common_sig)
1716 , "groups.getAgentToGroupInvite" => array("function" => "getAgentToGroupInvite", "signature" => $common_sig)
1717 , "groups.removeAgentToGroupInvite" => array("function" => "removeAgentToGroupInvite", "signature" => $common_sig)
1718
1719 , "groups.setAgentActiveGroup" => array("function" => "setAgentActiveGroup", "signature" => $common_sig)
1720 , "groups.getAgentGroupMembership" => array("function" => "getAgentGroupMembership", "signature" => $common_sig)
1721 , "groups.getAgentGroupMemberships" => array("function" => "getAgentGroupMemberships", "signature" => $common_sig)
1722 , "groups.getAgentActiveMembership" => array("function" => "getAgentActiveMembership", "signature" => $common_sig)
1723 , "groups.getAgentRoles" => array("function" => "getAgentRoles", "signature" => $common_sig)
1724
1725 , "groups.getGroupNotices" => array("function" => "getGroupNotices", "signature" => $common_sig)
1726 , "groups.getGroupNotice" => array("function" => "getGroupNotice", "signature" => $common_sig)
1727 , "groups.addGroupNotice" => array("function" => "addGroupNotice", "signature" => $common_sig)
1728
1729
1730
1731
1732 ), false);
1733
1734 $s->functions_parameters_type = 'phpvals';
1735 if (isset($debugXMLRPC) && $debugXMLRPC > 0 && isset($debugXMLRPCFile) && $debugXMLRPCFile != "")
1736 {
1737 $s->setDebug($debugXMLRPC);
1738 }
1739 $s->service();
1740
1741 if (isset($debugXMLRPC) && $debugXMLRPC > 0 && isset($debugXMLRPCFile) && $debugXMLRPCFile != "")
1742 {
1743 $f = fopen($debugXMLRPCFile,"a");
1744 fwrite($f,"\n----- " . date("Y-m-d H:i:s") . " -----\n");
1745 $debugInfo = $s->serializeDebug();
1746 $debugInfo = split("\n",$debugInfo);
1747 unset($debugInfo[0]);
1748 unset($debugInfo[count($debugInfo) -1]);
1749 $debugInfo = join("\n",$debugInfo);
1750 fwrite($f,base64_decode($debugInfo));
1751 fclose($f);
1752 }
1753
1754 mysql_close($groupDBCon);
1755?>