/s3db3.5.10/s3dbcore/S3QLaction.php
PHP | 1620 lines | 996 code | 393 blank | 231 comment | 235 complexity | 225f697ac6023f0b6003bfefacff959f MD5 | raw file
Large files files are truncated, but you can click here to view the full file
- <?php
- function S3QLaction($s3ql, $timer = array())
- {
-
- extract($s3ql);
- #echo '<pre>';print_r($s3ql);
- #grab a few relevant varuales
- $regexp = $GLOBALS['regexp'];
- $dbstruct = $GLOBALS['dbstruct'];
- #map a few vairables
- $s3map = $GLOBALS['s3map'];
- $format = $s3ql['format'];
- $model = 'nsy'; #this tells us the allowed permission states and the order in which they will make sense
- #Error messages
- extract($GLOBALS['messages']);
-
- #database and user identification
- if(!is_object($db))
- {$db = $_SESSION['db'];
- }
- $key=($_REQUEST['key'])?$_REQUEST['key']:$s3ql['key'];
- $user_id = ($user_id)?$user_id:$_SESSION['user']['account_id'];
- $user_info = s3info('users', $user_id, $db);
- if (!$user_id || !$db) {
- #if (!$key)
- {
- return (formatReturn($GLOBALS['error_codes']['no_permission_message'], 'Please specify user_id and db or a key', $format,''));
- }
- #re-chekc if user provided is the same for key provided
- }
-
- $s3ql = array_diff_key($s3ql, array('db'=>'', 'user_id'=>'')); #take out from the array what needed to be included for wihitn S3DB queries
- if ($s3ql['update']!='') {
- $s3ql['edit'] = $s3ql['update'];#update is closer to SQL, although original was edit. Must keep edit to be backward compatible
- $s3ql=array_filter(array_diff_key($s3ql, array('update'=>1)));
- }
-
- ##Discover if the user is trying to retrieve data from the dictionary as well
- if(eregi('on|^t|true',$s3ql['graph'])){
- $complete = true; #complete will tell s3ql that dictionary terms should be added to the output
- $s3ql = array_delete($s3ql,'graph');
- }
-
- #identify the action
- $possible_actions = array('insert', 'edit', 'delete', 'select', 'update', 'grant');
- foreach ($possible_actions as $someaction) {
- if ($s3ql[$someaction]!='') {
- $action = $someaction;
- }
- }
- if($s3ql['options']!=''){
-
- $opts = str_replace(" ","", $s3ql['options']);
-
- $opts = explode(',' ,$opts);
- $s3ql['options'] = $opts;
- }
- #if there is nothing as action, assume a select
- if ($action=='') {
- $action = 'select';
- }
-
- #identify the target
- if (ereg('(insert|edit|update|delete|grant)', $action)) {
- $s3ql['from'] = ($s3ql[$action]=='')?$_REQUEST[$action]:$s3ql[$action];
- }
- elseif (ereg('(select)', $action)) {
- $s3ql['from'] = ($s3ql['from']=='')?$_REQUEST['from']:$s3ql['from'];
- }
- #if there is no target, assume projects
- if ($s3ql['from']=='') {
- $s3ql['from'] = 'projects';
- }
-
- if($s3ql['from']=='class')
- $s3ql['from']= 'collection';
- if($s3ql['from'] =='instance')
- $s3ql['from'] = 'item';
-
-
- #these are targets ONLY for insert/edit/delete. Select takes plurals... was a bad idea, I know :-( but is much more intuitive :-)
- $possible_targets = array('permission', 'user', 'group', 'key', 'project', 'collection', 'item', 'rule', 'statement', 'filekey');
- #start taking action
- switch ($action) {
- case 'select':
- {
- if($timer) $timer->setMarker('queryStart');
-
- $data = selectQuery(compact('s3ql', 'db','user_id', 'format','complete','model'));
-
- #echo 'data<pre>';print_r($data);exit;
- return ($data);
- break;
- } #Close select queries
-
- case 'insert':
- {
-
-
- #echo '<pre>';print_r($s3ql);exit;
- #map s3ql input to s3db structure requirements
-
- if($s3ql['insert']=='class')
- $s3ql['insert']='collection';
- if($s3ql['insert']=='instance')
- $s3ql['insert']='item';
- if($s3ql['where']['notes']!='')
- $s3ql['where']['notes'] = $s3ql['where']['notes'];
- if($s3ql['where']['value']!='')
- $s3ql['where']['value'] = $s3ql['where']['value'];
- if($s3ql['where']['file_id']!=''){
- $s3ql['where']['statement_id'] = $s3ql['where']['file_id'];
- }
-
-
- ##build inputs and oldvalues for validation and insert functions
- $tranformed = S3QLselectTransform(compact('s3ql', 'db', 'user_id'));
-
- $s3ql= $tranformed['s3ql'];$element = $s3ql['insert'];
-
-
- $element_id = $s3ql['where'][$element.'_id'];
-
- $letter = strtoupper(substr($element,0,1));
- $uid = $letter.$element_id;
- $required = array(
- 'key'=>array(),
- 'project'=>array('project_name'),
- 'collection'=>array('project_id', 'entity'),
- 'rule'=>array('project_id', 'subject_id', 'verb', 'object'),
- 'item'=>array('collection_id'),
- 'statement'=>array('item_id', 'rule_id', 'value'),
- 'file' => array('item_id', 'rule_id', 'filekey'),
- 'user' => array('account_lid', 'account_email'),
- 'group'=>array('account_lid'));
-
- if(!in_array($element, array_keys($required)))
- {
- return (formatReturn($GLOBALS['error_codes']['wrong_input'], $element.' is not a valid S3DB element. Valid elements: key, project, collection, rule, item, statement, file',$format,''));
-
- }
-
- #if a subject is provided instead of a subject id in rule, dont break because of that. Find the subject
- #THIS PART NEEDS TO B HERE BECAUSE IT THE MANDATORY FIELDS ARE 'OR'
- if($element=='rule')
- {
- $s3ql=ruleInputsInfer($s3ql, $db, $user_id);
- }
- elseif($element=='file'){
- //for file, both filekey and value are accepted. If filekey is provided, a file must have been previously uploaded;
- if($s3ql['where']['filekey']=='' && $s3ql['where']['value']!=''){
- //take the value, make a text file, give it a filekey and insert the file
-
- $s3ql=fileUploadFromValue($s3ql, $db, $user_id);
- if(is_array($s3ql) && $s3ql['statement_id']!='') {
- #if(is_bool($s3ql) && $s3ql==true)
- #{
- return (formatReturn($GLOBALS['error_codes']['success'], 'Fragment inserted in file '.$s3ql['file_name'].'.',$format,array('file_id'=>$s3ql['statement_id'])));
- #}
- }
- elseif(!is_array($s3ql)){
- if(is_bool($s3ql) && $s3ql==true)
- {
- return (formatReturn($GLOBALS['error_codes']['success'], 'Fragment inserted in file '.$s3ql['where']['file_name'].'.',$format,''));
- }
- elseif(is_string($s3ql)){
- return (formatReturn($GLOBALS['error_codes']['something_went_wrong'], $s3ql,$format,''));
- }
- else {
- return (formatReturn($GLOBALS['error_codes']['something_went_wrong'], 'File could not be created. You can try to encode the data in the file such that is is compatible with txt.',$format,''));
- }
-
- }
- }
- }
-
-
- #translate some s3ql inputs into s3db names:
- #IS there anythi ng still missing? There are 2 types fo required inputs: thsoe from the user and those into the table. The firstare verified here, the rest are verified in "validation"
- $diff = array();
- foreach ($s3ql['where'] as $where_field=>$where_value) {
- if($where_value=="" && in_array($where_field, $required[$element])){
- array_push($diff, $where_field);
- }
- }
- #$diff=array_diff($required[$element],array_keys($s3ql['where']));
-
- if($element_id=='' && !empty($diff)){
- return formatReturn($GLOBALS['error_codes']['something_missing'],'Please provide all the necessary fields: '.rtrim(array_reduce($required[$element], "comma_split"), ", ").'. '.$syntax_message, $s3ql['format'], '');
-
- }
-
- #echo '<pre>';print_r($required[$element]);eit;
-
-
- #if there is any sort of id, check if user has permissions on that. In case of statement, permission must be checked on both rule and instance
- $inserteable = array(
- #'deployment'=>'deployment_id',
- 'group'=>'group_id',
- 'user'=>'user_id',
- 'project'=>'project_id',
- 'rule'=>'rule_id',
- 'collection'=>'collection_id',
- 'item'=>'item_id',
- 'statement'=>'statement_id',
-
- );
-
-
- #insert overal view
- #element_id is not empty
- #upstream resource provided
- #if all permissions clear up, grant permission to upper on loewer score;
- #upstream resource not provided
- #infer deployment if user, group or project, else nothing to do
- #element_id is empty
- #upstream resources provided
- #all permissions clear up, create new entry.
-
- #scoreTable will allow us to score the elements according to their position in the inheritance model. To nisert an "inserteable" A into an "inserteable" B,
-
- $scoreTable=array_reverse($inserteable, 0);
-
- $scoreTable = array_combine(array_keys($scoreTable), range(1,count($inserteable)));
-
-
- $elementScore = $scoreTable[$element];#check the score of target. All other score will be chacked against this one
-
- #for user, group and project, inserts occur in deployment (local). Except when there is indication on group or any other Id.
- $input_ids = array_intersect($inserteable, array_keys($s3ql['where']));
-
- if(ereg('^(U|G|P)$', $letter) && (count($input_ids)<=1 || count(array_filter(array_diff_key($s3ql['where'], array($element.'_id'=>''))))==0))
- {
-
- $GLOBALS['Did'] = ereg_replace('^D','',$GLOBALS['Did']);
- $s3ql['where']['deployment_id']=($s3ql['where']['deployment_id']!='')?$s3ql['where']['deployment_id']:substr($GLOBALS['Did'], 1, strlen($GLOBALS['Did']));
- $info['D'.$GLOBALS['Did']]=URI('D'.$GLOBALS['Did'], $user_id, $db);
- $permission2add['D'.$GLOBALS['Did']] = $info['D'.$GLOBALS['Did']]['add_data'];
- $core_score['D'.$GLOBALS['Did']] = 8;
-
-
-
- }
-
-
- #echo '<pre>';print_r($input_ids);exit;
- #echo '<pre>';print_r($inserteable);
- #echo '<pre>';print_r($s3ql);exit;
- ############################
- #this next segment finds all the s3ids in the query, and checks permission of user/session on it (user/session beause user ccna be using a group)
- #echo '<pre>';print_r($s3ql);
- if (ereg('^(U|G|P|C|R|I|S|F)$', strtoupper(substr($element, 0,1)))) {
-
- foreach ($inserteable as $s3element=>$id) {
-
- if ($s3ql['where'][$id]!='') {
-
- $element_name = $s3element;
- $id_name = $id;
-
-
- $uid_info=uid(letter($id).$s3ql['where'][$id_name]);
- $Z = compact('s3element', 'diff', 'id', 'scoreTable', 's3ql', 'letter', 'input_ids', 'user_id', 'db', 'format', 'element');
- $element_info = retrieveUIDInfo($Z);
-
- $info[strtoupper(substr($element_name, 0,1)).$s3ql['where'][$id_name]] = $element_info;
- $permission2add[strtoupper(substr($element_name, 0,1)).$s3ql['where'][$id_name]] = $element_info['add_data'];
- $core_score[strtoupper(substr($element_name, 0,1)).$s3ql['where'][$id_name]] = $scoreTable[$element_name];
-
-
-
- #when element id is present (customized elemnt-id, and is the only ID, and id already exists, user cannot recreat it. To update it, he must go through update. That is the only ID that can "Not" exist
- if ($id==$GLOBALS['s3ids'][$element] && !is_array($element_info)){
- #if a particular id was not found and user is trying to customize a new element_id, then user will have permission to add to it.
-
- $permission2add[strtoupper(substr($element_name, 0,1)).$s3ql['where'][$id_name]] = '1';
-
- }
- else
- {
- if(!is_array($element_info) && $uid_info['Did']==$GLOBALS['Did'])#for remote resources, allow insert withour requiring validation.. for now. For inserting projects witha specific uid,
- {
- if($id_name!=$GLOBALS['COREletterInv'][$letter]) #allow the user to create the id in case the required fields are filled
- return (formatReturn($GLOBALS['error_codes']['no_results'], 'Resource '.strtoupper(substr($element_name, 0,1)).$s3ql['where'][$id_name].' was not found', $format,''));
- elseif(!empty($diff))
- $info[$letter.$s3ql['where'][$id]]['to_create']=1;
- }
- }
-
- }
- }
-
- ##array that will have all inputs that are not ids
- $input_literals = array();
- if(is_array($s3ql['where']) && is_array($input_ids))
- {
- $input_literals = array_diff(array_keys($s3ql['where']), $input_ids);
-
- if(in_array('permission_level',$input_literals))
- {$input_literals = array_diff($input_literals,array('permission_level'));}
- }
- ##If there ar any input literals lets, then it is an uid to create
- if(!empty($input_literals)){
- $info[$uid]['to_create']='1';
- }
- #echo '<pre>';print_r($permission2add);
- #echo '<pre>';print_r($core_score);
- #exit;
- #echo '<pre>';print_r($info);exit;
- if(is_array($core_score))
- $result = array_combine($core_score, $permission2add);#score as index and permissions as values
-
- #a group and a user can be inserted in any one resource... as long as user does have permission on the resource
- if(ereg('^(U|G|P)$', $letter) && is_array($result))
- {
-
- if(($result[min(array_keys($result))] || ($user_info['account_type']=='a') && max(array_keys($result))==8) || $user_info['account_id']=='1')
- $result[max(array_keys($result))]='1';
- }
- $has_permission2add = $result[max(array_keys($result))];#this means the highest scored element does NOT have permission to add
-
-
-
- #how many IDS?Min ID is 1; if two, then it can be inserting a statement or adding remote resource on local resource
- #print $info
-
- ####If any s3ids were found, Variable $info was created, and variable $permission2add was created from the first.
-
- #now,interpret what was found.
- #Permissions need to be checek if any ID is supplied that already exists.
- #if (ereg('(group|user|project|collection|rule|item|statement|file)', $element)) {
- if (ereg('(G|U|P|C|R|I|S|F)', strtoupper(substr($element, 0,1)))) {
-
- #if (count($info)=='1' || (count($info)=='2' && $info['D'.$GLOBALS['Did']]!='') || (count($info)=='2' && ereg('^(statement|file)$', $element)) || (count($info)=='2' && !empty($input_literals))) {
- if (count($info)=='1' || (count($info)=='2' && $info['D'.$GLOBALS['Did']]!='') || (count($info)=='2' && ereg('^(statement|file)$', $element)) || (count($info)==2 && !empty($input_literals)) || (count($info)==3 && ereg('^(statement|file)$', $element) && !empty($input_literals))) {
-
- #is this ID from the element we are trying to insert?
- #does it exist?
-
- if($s3ql['where'][$GLOBALS['COREids'][$element]]!='' && isLocal($uid, $db) && !$info[$uid]['is_remote']) {#cannot recreate id. Do nothing.
-
- return(formatReturn($GLOBALS['error_codes']['wrong_input'], $uid.' already exists. Could not recreate it.', $format,''));
-
- }
- elseif (count($info)=='1' && $element_id!='') {
-
- return (formatReturn($GLOBALS['error_codes']['something_missing'], 'Please provide the uid where this '.$element.' should be inserted.', $format,''));
- }
-
-
-
- else {
-
- #take inputs, validate them, check permission on ONE id, create resource. Do the switch cases here.
-
-
-
- if($has_permission2add) {
- #this means the highest value on permission2asd is 1.
-
- if($info[$uid]['to_create']=='1' || $element_id=='') {
-
-
- $create_info = $s3ql['where'];
-
- $inputs = gatherInputs(array('element'=>$element, 'info'=>$info,'to_create'=>$create_info, 'user_id'=>$user_id, 'db'=>$db, 'format'=>$format));
- $info=$inputs;
-
- #echo 'inputs<pre>';print_r($inputs);exit;
- if(!is_array($inputs))
- {
-
- return (formatReturn('3', $inputs, $format,''));
- }
- $validity = validateInputs(compact('element', 'inputs', 'oldvalues', 'info', 'db', 'action', 'key','user_id','format'));
- #echo 'validity<pre>';print_r($validity);exit;
- if($validity[0])
- {
- $key=$s3ql['key'];
- $inserted = insert_s3db(compact('element', 'inputs', 'user_id', 'db', 'key','s3ql'));
- #echo '<pre>';print_r($inserted);exit;
- $msg_return = array('error_code'=>0, 'message'=>$inserted[4], $element.'_id'=>$inserted[$element.'_id']);
-
- //when user requests information, return it as well
- if(is_array($s3ql['options']) && in_array('select',$s3ql['options']) && ereg('json|xml',$format)){
-
- $finalInfo = URIinfo(letter($element).$inserted[$element.'_id'], $user_id, $key, $db);
- $msg_return['select'] = $finalInfo;
- $data = array(0=>$msg_return);
- $cols = array_keys($msg_return);
- $z = compact('data','cols', 'format');
- return outputFormat($z);
- }
- return (formatReturn('0',$inserted[4], $format, array($element.'_id'=>$inserted[$element.'_id'])));
- exit;
-
- }
- else {
- #echo '<pre>';print_r($validity);
- return (formatReturn($validity['error_code'],$validity['message'], $format,''));
- }
- }
- elseif($info[$uid]['is_remote']=='1') {#insert the permission on local
- #remote users an dgroups are inserted ON TABLE
-
- if(ereg('user|group|project', $element))
- {
- if($info[$uid]['error_code']=='1')
- {
- return (formatReturn("5", "User does not have permission on ".$uid.". If this is a remote resource, ask the administrator of the remote deployment to add your user ID (".$GLOBALS['URI'].'/U'.$user_id.") to his list of users", $s3ql['format'],''));
- #return (formatReturn("User does not have permission on ".$uid.". If this is a remote resource, ask the administrator of the remo deployment to add your user ID (".$GLOBALS['URI'].'/U'.$user_id.") to his list of users", $s3ql['format'],''));
- }
- $create_info = $info[$uid];
- $create_info['account_email']=($info[$uid]['account_email']=='')?'s3db@s3db.org':$info[$uid]['account_email'];
- $create_info['account_lid']=($info[$uid]['account_lid']!='')?$info[$uid]['account_lid']:$info[$uid]['account_id'];
- $create_info['user_id'] =$create_info['account_id'];
- $inputs = gatherInputs(array('element'=>$element, 'info'=>$info,'to_create'=>$create_info, 'user_id'=>$user_id, 'db'=>$db, 'format'=>$format));
- #echo '<pre>';print_r($inputs);exit;
- if(!is_array($inputs))
- {return ($inputs);}
-
- $validity = validateInputs(compact('element', 'inputs', 'oldvalues', 'info', 'db', 'action', 'key'));
- #echo '<pre>';print_r($validity);exit;
- if($validity[0])
- { $key=$s3ql['key'];
- $inserted =insert_s3db(compact('element', 'inputs', 'user_id', 'db', 'key'));
- #echo '<pre>';print_r($inserted);
- return (formatReturn('0', $element.' inserted.', $s3ql['format'], array($element.'_id'=>$inserted[$element.'_id'])));
-
- }
- else {
- return (formatReturn($validity['error_code'], $validity['message'], $s3ql['format'],''));
- }
- }
-
- $permission_info = array('uid'=>$uid,'shared_with'=>'U'.$user_id,'permission_level'=>$info[$uid]['acl']);
-
- $permission_added = insert_permission(compact('permission_info', 'db', 'user_id', 'info'));
-
- if(!$permission_added)
- $permission_added = update_permission(compact('permission_info', 'db', 'user_id', 'info'));
- if($permission_added){
- return (formatReturn($GLOBALS['error_codes']['success'], $uid." shared_with in ".$permission_info['shared_with'], $format,''));
- #return $GLOBALS['messages']['success']."<message> ".$uid." shared_with in ".$permission_info['shared_with']."</message>";
- }
- else {
- return (formatReturn($GLOBALS['error_codes']['something_went_wrong'], "Could not share ".$uid." with ".$permission_info['shared_with'], $format,''));
- #return $GLOBALS['messages']['something_went_wrong']."<message>Could not share ".$uid." with ".$permission_info['shared_with']."</message>";
- }
- }
- }
-
- else {
-
- $no_permission_id = array_search('0', $permission2add);
- return (formatReturn($GLOBALS['error_codes']['no_permission_message'], 'User does not have permission to insert in '.$no_permission_id, $format,''));
- exit;
- #return ($GLOBALS['messages']['no_permission_message'].' Reason: <message>User does not have permission to insert in '.$no_permission_id.'</message>');
- }
-
- }
- }
- elseif(count($info)>=2) #NOT a physical insert, but a virtual insert in an existing resource
- {
-
-
- #2 or + ids in info.
- #these IDS can be entity_id OR membership
-
- if($element_id!='' && !$info[$uid]['to_create']) #this automatically means that the second id refers to membership.
- {
- #grant permissions
-
- $shared_with = array_diff(array_keys($permission2add), array($uid));#take uid from the keys of permission2add, that point to the uid we are sharing with
- $shared_with = array_values($shared_with);$shared_with = $shared_with[0];
-
- $add_resource_on_resource = substr(has_permission(compact('uid', 'shared_with'), $db,$user_id), 2,1);
-
-
-
- if(!$has_permission2add){#statement has rule_id and instance_id, user must have permission on both.
- return (formatReturn($GLOBALS['error_codes']['no_permission_message'], 'User does not have permission to insert in resource '.key($permission2add), $format,''));
- #return ($GLOBALS['messages']['no_permission_message'].'<message>User does not have permission to insert in resource '.key($permission2add).'</message>');
- }
- if($result[max(array_keys($result))]=='0' && $result[min(array_keys($result))]=='1' && $add_resource_on_resource!='1' && $element!='user') {
- return (formatReturn($GLOBALS['error_codes']['something_missing'], 'To share '.$uid.' owner of '.$shared_with.' must insert first '.$uid.' in '.$shared_with.'.', $s3ql['format'], ''));
- }
- else {
- #if is remote and user cna insert in resource, must be inserted first
-
- if($info[$uid]['to_create'])
- {
-
- $create_info = $s3ql['where'];
- #echo '<pre>';print_r($create_info); exit;
- $inputs = gatherInputs(array('element'=>$element, 'info'=>$info,'to_create'=>$create_info, 'user_id'=>$user_id, 'format'=>$format));
-
- if(!is_array($inputs))
- return ($inputs);
-
-
- $validity = validateInputs(compact('element', 'inputs', 'oldvalues', 'info', 'db', 'action', 'key'));
-
-
-
- if($validity[0])
- {
- $key=$s3ql['key'];
- $inserted = insert_s3db(compact('element', 'inputs', 'user_id', 'db', 'key'));
- return (formatReturn('0', $element.' inserted.', array($element.'_id'=>$inserted[$element.'_id'], $s3ql['format'])));
- }
- else {
- return ($validity[1]);
- }
-
- }
- if($info[$uid]['is_remote'])
- {
- #the other iD, non element id, should be the upper ID, where user shoulsd already have intert permission
-
- $uid_info = uid_resolve(ereg_replace('^U','',$uid));
- if(letter($uid_info['uid'])=='U'){
- $shared_with = 'U'.$uid_info['condensed'];
- $diff=array_values(array_diff(array_keys($info), array($uid)));
- $uid = $diff[0];
-
- $permission_level = ($s3ql['where']['permission_level']!="")?$s3ql['where']['permission_level']:'ynn';
- $message = $uid." shared with ".$uid_info['condensed'].' with permission_level '.$permission_level;
- }
- else {
- $diff=array_values(array_diff(array_keys($permission2add), array($uid)));
- $shared_with = $diff[0];
- $message = $uid." inserted in ".$shared_with;
- $permission_level = $info[$uid]['acl'];
- }
-
- $permission_info = array('uid'=>$uid,'shared_with'=>$shared_with,'permission_level'=>$permission_level);
-
-
- $permission_added = insert_permission(compact('permission_info', 'db', 'user_id', 'info'));
-
- if(!$permission_added)
- $permission_added = update_permission(compact('permission_info', 'db', 'user_id', 'info'));
-
- if($permission_added){
-
- return formatReturn($GLOBALS['error_codes']['success'], $message , $s3ql['format'], '');
- }
-
- else {
- return (formatReturn($GLOBALS['error_codes']['something_went_wrong'], "Could not share ".$uid." with ".$permission_info['shared_with'], $format,''));
- #return $GLOBALS['messages']['something_went_wrong']."<message>Could not share ".$uid." with ".$permission_info['shared_with']."</message>";
- }
-
- }
- if(!$info[$uid]['to_create'] && $s3ql['where']['permission_level']=='')
- {
- #does it exist already in upper resource?
- $diff=array_diff(array_keys($permission2add), array($uid));
- $shared_with = $diff[0];
-
- if(!ereg('U',$letter)) #user and groups have a different treatment than the rest
- {
- $sql = "select * from s3db_permission where uid = '".$uid."' and shared_with = '".$shared_with."'";
- #$sql = str_replace($GLOBALS['regexp'], '=', select(compact('uid', 'shared_with')));
- }
- else {
- $sql = "select * from s3db_permission where uid = '".$uid."' and shared_with = '".$shared_with."'";
- }
-
-
- $db->query($sql, __LINE__, __FILE__);
-
- if($db->next_record()) {
- return (formatReturn($GLOBALS['error_codes']['repeating_action'], $uid.' already shared with '.$shared_with.'. You can change its level of permission by indicating permission_level.', $s3ql['format'],''));
- }
- }
- }
-
-
- #share according to permissions
- $uid2share = array_search(min($core_score), $core_score);
- $shared_with = array_search(max($core_score), $core_score);
- $uid_info = uid($uid2share);
-
-
- if(($result[max(array_keys($result))]=='1') || ($add_resource_on_resource && $result[min(array_keys($result))]=='1')) #permission to add on upstream resource
- {
- #echo 'ola';exit;
-
- $case ='2';
- $uid_info = uid($uid2share);
-
- if($uid_info['Did']==$GLOBALS['Did'])
- $uid2share = $uid_info['uid'];
- #$uid2share = strtoupper(substr($uid_info['uid'],0,1)).$GLOBALS['Did'].'/'.$uid_info['uid'];
-
- $permission_info = array('uid'=>$uid2share,
- 'shared_with'=>$shared_with,
- 'permission_level'=>($s3ql['where']['permission_level']!='')?$s3ql['where']['permission_level']:$info[$uid2share]['permission_level'],
- );
-
- #echo '<pre>';print_r($permission_info);exit;
-
- $validity = validate_permission(compact('permission_info', 'user_id', 'db', 'info'));#grant project_id permission on rule_id
- #echo $validity;exit;
-
-
-
- if($validity=='0') {
- $permission_added = insert_permission(compact('permission_info', 'db', 'user_id', 'info'));#grant rule_id permission on project_id
- }
- elseif($validity=='2')
- $permission_added = update_permission(compact('permission_info', 'db', 'user_id', 'info'));
- elseif($validity=='6' && ereg('^G', $shared_with) && ereg('^U', $uid))
- {
-
- $permission_added = insert_permission(compact('permission_info', 'db', 'user_id', 'info'));#grant rule_id permission on project_id
- $permission_added = update_permission(compact('permission_info', 'db', 'user_id', 'info'));
- }
- #can insert, special case, quick fix
- elseif($validity=='6')
- return (formatReturn($GLOBALS['error_codes']['no_permission_message'], 'User must have permission '.$permission_info['permission_level'].' or greater to grant permission '.$permission_info['permission_level'].' on '.$permission_info['shared_with'], $format,''));
- elseif($validity=='1'){
- return (formatReturn($GLOBALS['error_codes']['wrong_input'], 'Invalid permission format. Please use the n-s-y or the 0-1-2 model (n/0 - no permission; s/1 - permission on entities created by the user; y/2 - permission. See http://s3db.org/documentation/permissions for more information on permission. ', $format,''));
- }
-
- #return ($GLOBALS['messages']['no_permission_message'].'<message>User must have permission '.$permission_info['permission_level'].' or greater to grant permission '.$permission_info['permission_level'].' on '.$permission_info['shared_with'].'.</message>');
-
-
- }
-
- elseif($result[max(array_keys($result))]=='1' && $result[min(array_keys($result))]=='0') #permission to add on upstream resource
- {
- $case ='1';
-
- if($uid_info['Did']==$GLOBALS['Did'])
- $uid2share= strtoupper(substr($uid_info['uid'],0,1)).$GLOBALS['Did'].'/'.$uid_info['uid'];
-
- $permission_info = array('shared_with'=>$shared_with,
- 'uid'=>$uid2share,
- 'permission_level'=>'001');
-
-
- $permission_added = insert_permission(compact('permission_info', 'db', 'user_id', 'info'));
- if(!$permission_added)
- $permission_added = update_permission(compact('permission_info', 'db', 'user_id', 'info'));
- #This step will leave rule insert pending until owner of the rule comes by and inserts it in project
-
-
- }
-
- if($permission_added)
- {
- #Missing: Create an entry in access_rules with "Pending" statuss
- if($case =='1')
- return (formatReturn($GLOBALS['error_codes']['success'], "Permission on ".$permission_info['uid']." requested and pending.", $format,''));
- #return $GLOBALS['messages']['success']."<message> Permission on ".$permission_info['uid']." requested and pending.</message>";
- else {
- return (formatReturn('0',$permission_info['uid']." inserted in ".$permission_info['shared_with'], $s3ql['format'], ''));
- }
-
- }
- else {
- return (formatReturn($GLOBALS['error_codes']['something_went_wrong'], "Could not share ".$permission_info['uid']." with ".$permission_info['shared_with'], $s3ql['format'],''));
- }
-
-
- }
- elseif($info[$uid]['to_create'] || $info[$uid]['is_remote']) {#insert IF is remote or was asserted to be inserted
-
- if(is_array($info[$uid]) && $info[$uid]['is_remote'])
- $create_info = $info[$uid];
- else
- $create_info = $s3ql['where'];
-
-
- $inputs = gatherInputs(array('element'=>$element, 'to_create'=>$create_info, 'user_id'=>$user_id, 'info'=>$info, 'format'=>$format));
-
-
- #echo '<pre>';print_r($inputs);exit;
- if(!is_array($inputs))
- return ($inputs);
-
- $validity = validateInputs(compact('element', 'inputs', 'oldvalues', 'info', 'db', 'action', 'key'));
- #echo '<pre>';print_r($validity);exit;
- if($validity[0])
- { $key=$s3ql['key'];
- $inserted =insert_s3db(compact('element', 'inputs', 'user_id', 'db', 'key'));
- #echo '<pre>';print_r($inserted);
-
-
- return (formatReturn('0', $element.' inserted.', $format, array($element.'_id'=>$inserted[$element.'_id'])));
-
- }
- else {
- return (formatReturn($validity['error_code'], $validity['message'], $format,''));
- }
-
-
- }
- }
- }
- }
-
-
-
-
- #permissions to add are stored in $permission2add, but when we are inserting an existing idA on an existing idB, we do not need permission to add_data on A, only on B. So the users does not need insert permission on idA, if idA is further down the graph then idB.
- #if there is only 1 id, and there is no insert permission, it can break
-
-
-
- #start some special cases
- switch ($element) {
- case 'key':
- {##INSERT KEY
-
- #when no key is given, generate a random one
- if ($s3ql['where']['key_id']=='')
- $s3ql['where']['key_id'] = random_string('15');
- if($s3ql['where']['expires']=='')
- $s3ql['where']['expires']=date('Y-m-d H:i:s',time() + (1 * 24 * 60 * 60));#expires in 24h
- if ($s3ql['where']['user_id']=='')
- $s3ql['where']['user_id'] = $user_id;
- #user can chose to insert a key for a specific ID, be it group, project, rule or statement (anywhere where permissions can be defined)
-
- $I['inputs'] = $s3ql['where'];
- $I['inputs']['account_id'] = $s3ql['where']['user_id'];
- $I['inputs']=array_delete($I['inputs'],'user_id');
- #$I['inputs'] = array_merge($s3ql['where'], array('account_id'=>$user_id));
-
- $validate = validate_access_key_inputs(array('inputs'=>$I['inputs'], 'db'=>$db, 'user_id'=>$user_id));
-
- switch ($validate)
- {
- case 0:
- {
- return (formatReturn($GLOBALS['error_codes']['something_missing'],'Expiration date is missing', $s3ql['format'], ''));
- break;
- }
- case 1:
- {return (formatReturn($GLOBALS['error_codes']['wrong_input'],'Key is too short. Please input a key longer than 10 char', $s3ql['format'], ''));
- break;
- }
- case 2:
- {return (formatReturn($GLOBALS['error_codes']['wrong_input'],'Invalid date format', $s3ql['format'], ''));
- break;
- }
- case 3:
- {return (formatReturn($GLOBALS['error_codes']['repeating_action'],'Key '.$s3ql['where']['key_id'].' is not valid. Please chose another key', $s3ql['format'], ''));
- break;
- }
- case 4:
- {return (formatReturn($GLOBALS['error_codes']['wrong_input'],'Expiration date must be bigger than present date.', $s3ql['format'], ''));
- break;
- }
-
- case 6:
- {return (formatReturn($GLOBALS['error_codes']['wrong_input'],'UID '.$s3ql['where']['UID'].' does not exist', $s3ql['format'], ''));
- break;
- }
- case 7:
- {return (formatReturn($GLOBALS['error_codes']['no_permission_message'],'UID '.$s3ql['where']['UID'].' does not belong to user.', $s3ql['format'], ''));
- break;
- }
- case 8:
- {return (formatReturn($GLOBALS['error_codes']['wrong_input'],'Please use only numbers and letter in your keys.', $s3ql['format'], ''));
- break;
- }
- case 9:
- {return (formatReturn($GLOBALS['error_codes']['wrong_input'],'You cannot create a key for this user.', $s3ql['format'], ''));
- break;
- }
- case 5:
- {
- add_entry ('access_keys', $I['inputs'], $db);
-
- $output = formatReturn($GLOBALS['error_codes']['success'], 'Key created.',$s3ql['format'], array('key_id'=>$s3ql['where']['key_id'], 'user_id'=>$s3ql['where']['user_id']));
-
- return ($output);
-
- }
-
- }
- break;
- }
-
- case 'file':
- {
- $resource_id = ($s3ql['where']['item_id']!='')?$s3ql['where']['item_id']:$s3ql['where']['instance_id'];
- $rule_id = $s3ql['where']['rule_id'];
-
- $filekey = $s3ql['where']['filekey'];
- $notes = $s3ql['where']['notes'];
-
- if($resource_id=='' ||$rule_id=='' ||$filekey=='')
- {
- return (formatReturn($GLOBALS['error_codes']['something_missing'], 'Please provide all the necessary inputs: rule_id, item_id, filekey', $format,''));
- #return ($GLOBALS['messages']['something_missing'].'<message>Please provide all the necessary inputs: rule_id, item_id, filekey</message>');
-
- }
- #Check permission on inserting statements for specific projects
- #Check permission on inserting statements for specific projects
- $rule_info = $info['R'.$rule_id];
- $instance_info = $info['I'.$resource_id];
-
- #$instance_info = URIinfo('I'.$resource_id, $user_id, $key, $db);
-
- if($rule_info['object']=='UID')
- {
- return (formatReturn($GLOBALS['error_codes']['wrong_input'], 'Please use this query only for rules that do NOT enumerate classes. For inserting on other rules, use the query for insert instance', $format, ''));
- #return $wrong_input."<message>Please use this query only for rules that do NOT enumerate classes. For inserting on other rules, use the query for insert instance</message>";
-
- }
- elseif (!is_array($instance_info)) {
- return (formatReturn($GLOBALS['error_codes']['no_results'], 'Item '.$resource_id.' was not found', $format,''));
- #return ($something_does_not_exist.'<message>Instance '.$resource_id.' was not found</message>');
- }
- elseif ($instance_info['resource_class_id']!=$rule_info['subject_id']) {
- return (formatReturn($GLOBALS['error_codes']['wrong_input'],'Subject of rule does match Class of instance',$format,''));
- #return $wrong_input."<message>Subject of rule does match Class of instance</message>";
- }
- elseif($filekey=='')
- return (formatReturn($GLOBALS['error_codes']['something_missing'], 'Please indicate a filekey for this file',$format,''));
- #return $wrong_input."<message>Please indicate a filekey for this file</message>";
-
-
- #Find out if the file already exists in the tmp directory
- $fileFinalName = get_entry('file_transfer', 'filename', 'filekey', $filekey, $db);
- $file_id = get_entry('file_transfer', 'file_id', 'filekey', $filekey, $db);
- ereg('([A-Za-z0-9]+)\.*([A-Za-z0-9]*)$',$fileFinalName, $tokens);
- $name = $tokens[1];
- $extension= $tokens[2];
- #list($name, $extension) = explode('.', $fileFinalName);
- $maindir = $GLOBALS['s3db_info']['server']['db']['uploads_folder'].$GLOBALS['s3db_info']['server']['db']['uploads_file'].'/tmps3db';
-
- $old_file = $maindir.'/'.$file_id.'.'.$extension;
-
- if(!is_file($old_file))
- return (formatReturn($GLOBALS['error_codes']['something_does_not_exist'], 'File not found, please upload file first.', $format,''));
- #return $something_does_not_exist."<message>File not found, please upload file first.</message>";
- else
- {
-
- #project_id will be that of the rule, except if user does not have permission on it.
- $project_info = URI('P'.$rule_info['project_id'], $user_id, $db);
-
- $project_id = ($s3ql['where']['project_id']!='')?$s3ql['where']['project_id']:(($project_info['add_data'])?$class_info['project_id']:'');
- if($project_id =='')
- #find which of the user projects can insert instances in this class.
- {
- $project_id = $rule_info['project_id'];
- #$user_projects = findUserProjects($user_id, $db);
- // $user_projects = array_map('grab_project_id', $user_projects);
- //
- //
- // #find the projects that can access the rule
- // $allowed_projects = array_filter(explode('_', $rule_info['permission']));
- //
- // $both = array_intersect($allowed_projects, $user_projects);
- //
- // if (is_array($both)) {
- // foreach ($both as $key=>$allowed_project_id) {
- // if(substr(has_permission(array('uid'=>'R'.$rule_id, 'shared_with'=>'P'.$allowed_project_id), $db), 2,1))
- // $project_id = $allowed_project_id;
- // }
- // }
- }
-
-
- if($project_id=='')
- return (formatReturn($GLOBALS['error_codes']['something_went_wrong'], 'Failed to find a project_in for this intance', '', $s3ql['format']));
-
- $value = project_folder_name ($project_id, $db);
- $created_by = $user_id;
- $filesize = filesize($old_file);
- $filename = $fileFinalName;
-
- ##Create the row in the statements table
- $create_info = $s3ql['where'];
- #echo '<pre>';print_r($s3ql);
- $inputs = gatherInputs(array('element'=>'file', 'info'=>$info,'to_create'=>$create_info, 'user_id'=>$user_id, 'db'=>$db, 'format'=>$format));
- $info=$inputs;
-
- if(!is_array($inputs))
- {
- return(formatReturn('3', $inputs, $s3ql['format'],''));
- }
- $validity = validateInputs(compact('element', 'inputs', 'oldvalues', 'info', 'db', 'action', 'key','user_id'));
- #echo '<pre>';print_r($validity);exit;
- if($validity[0])
- {
- $key=$s3ql['key'];
- $inserted = insert_s3db(compact('element', 'inputs', 'user_id', 'db', 'key'));
-
- ##Move the file
- $S = compact('user_id', 'project_id', 'resource_id', 'rule_id', 'value', 'notes', 'created_by', 'filename', 'filesize', 'extension', 'db');
- $S['statement_id']=$inserted['file_id'];
- $S['file_id']=$inserted['file_id'];
- $S['uploadedfile'] = $old_file;
-
- $fileRelocated = movefile2folder($S);
-
- if(!$fileRelocated)#delete the statement
- {$sql = "delete from s3db_statement where statement_id = '".$S['statement_id']."'";
- $db->query($sql, __FILE__, __LINE__);
- #echo $sql;
- return (formatReturn('2', 'File could not be imported. Please try again.', '', $s3ql['format']));
-
- #unlink($old_file);
- }
- else{
- return (formatReturn($GLOBALS['error_codes']['success'], 'File inserted.', $s3ql['format'], array('file_id'=>$inserted['file_id'])));
- #if($s3ql['format']=='')
- # return ('<TABLE><TR><TD>error_code</TD><TD>message</TD><TD>'.$element.'_id</TD></TR><TR><TD>'.ereg_replace('[^(0-9)]', '', $inserted[3]).'</TD><TD>'.$inserted[4].'</TD><TD>'.$inserted[$element.'_id'].'</TD></TR></TABLE>');
-
- #else
- # return ($inserted[1]);
- }
-
- }
- else {
- #echo '<pre>';print_r($validity);
- return (formatReturn(ereg_replace('[^(0-9)]', '', $inserted[3]), $validity[1], $format,''));
- #if($s3ql['format']=='')
- # return ('<TABLE><TR><TD>error_code</TD><TD>message</TD></TR><TR><TD>'.ereg_replace('[^(0-9)]', '', $inserted[3]).'</TD><TD>'.$validity[1].'</TD></TR></TABLE>');
- #else
- #return ($validity[1]);
- }
-
- ##Move the file
- if($statement_inserted)
- {
-
- $S['statement_id']=find_latest_UID('statement', $db);
- $S['uploadedfile'] = $old_file;
- $fileRelocated = movefile2folder($S);
- if ($fileRelocated)
- {
-
- return (formatReturn($GLOBALS['error_codes']['success'], "File inserted", array('file_id'=>$S['file_id']), $s3ql['format']));
-
- }
- else {
- return (formatReturn($GLOBALS['error_codes']['something_went_wrong'], 'Failed to move file', $format,''));
- }
- #else return $something_went_wrong."<message>Failed to move file</message>";
-
-
- }
-
- }
-
- #This ends "is not a file"
- }#This ends insert file
- break;
- }#finish element switch
- break;
- } #Finish insert
- case 'edit':
- {
- if($s3ql['edit']=='class')
- $s3ql['edit']='collection';
- if($s3ql['edit']=='instance')
- $s3ql['edit']='item';
- if($s3ql['set']['notes']!='')
- $s3ql['set']['notes'] = utf8_encode($s3ql['set']['notes']);
- if($s3ql['set']['value']!='')
- $s3ql['set']['value'] = utf8_encode($s3ql['set']['value']);
- #$element = $s3ql[$action];
- $element = $s3ql['edit'];
- #echo 'ola<pre>';print_r($s3ql);exit;
- $set = array('project'=>array('project_name', 'project_description', 'project_owner', 'permission_level'),
- 'collection'=>array('project_id', 'entity', 'notes'),
- 'rule'=>array('project_id', 'subject', 'verb', 'object', 'subject_id', 'verb_id', 'object_id', 'notes', 'validation'),
- 'item'=>array('project_id', 'collection_id', 'notes'),
- 'statement'=>array('project_id', 'item_id', 'rule_id', 'value', 'notes'),
- 'user'=>array('account_lid','account_pwd', 'account_uname', 'account_email', 'account_phone', 'addr1', 'addr2', 'account_type', 'city', 'postal_code', 'state', 'country', 'account_status'),
- 'group'=>array('account_lid'));
-
- $E = compact('db', 'user_id', 's3ql');
-
- #first of all, is this a valid target?
- if(!in_array($s3ql['edit'], array_keys($set)))
- {
- return formatReturn($GLOBALS['error_codes']['wrong_input'], $s3ql['edit']." is not a valid S3DB element. Valid elements: project, collection, rule, item, statement", $s3ql['format'],'');
-
- }
-
- #is there an ID to locate the appropriate resource?
- if($s3ql['where'][$element.'_id'] == '')
- {
- return formatReturn($GLOBALS['error_codes']['something_missing'], 'ID of '.$element.' to edit is missing', $s3ql['format'],'');
-
- }
-
- if($s3ql['set']=='')
- {
- #is it in where?
- $s3ql['set']=array_diff_key($s3ql['where'], array($element.'_id'=>''));
- if($s3ql['set']=='')
- return formatReturn($GLOBALS['error_codes']['something_missing'], 'Please specify what you want to update.'.$syntax_message, $s3ql['format'],'');
-
- }
-
- #interpret input
- $s3map=$GLOBALS['s3map'];
-
-
- foreach ($s3map[$GLOBALS['plurals'][$element]] as $alter_name=>$name) {
- if($s3ql['set'][$alter_name]!='')
- {$s3ql['set'][$name]=$s3ql['set'][$alter_name];
- $s3ql['set']=array_delete($s3ql['set'],$alter_name);
- }
-
- }
-
- $s3ql['set'] = array_diff_key($s3ql['set'], $s3map[$GLOBALS['plurals'][$element]]);
- //$s3ql['set'] = array_filter($s3ql['set']);
-
-
- #detect is something that is something in set that cannot be updated
- $test_set = array_intersect($set[$element], array_keys($s3ql['set']));
- $extra_fields = array_diff(array_keys($s3ql['set']), $test_set);
-
- if(count($s3ql['set'])>count($test_set))#this means that there are fields that don't exist
- foreach ($extra_fields as $field_name) {
-
-
- $output .= 'Warning: '.$field_name.' is not a valid property of '.$element.'. '.$field_name.' will not be updated. Valid properties: '.rtrim(array_reduce($set[$element], 'comma_split'), ', ').'';
- }
-
- #retrieve information about resource
- $element_id = $s3ql['where'][$element.'_id'];
- $uid = strtoupper(substr($element,0,1)).$element_id;
- $e_info=URIinfo($uid, $user_id, $key, $db);
- #echo '<pre>';print_r($e_info);
-
- #If user is editing itself, she can do so.
- if($element=='user' && $element_id==$user_id && $e_info['account_type']!='p')#User can edit his own data
- {$e_info['change']=1;
- }
-
- if(!is_array($e_info))
- return (formatReturn($GLOBALS['error_codes']['something_does_not_exist'], ''.$element.' '.$element_id.' was not found.'));
- elseif(!$e_info['change'])
- return (formatReturn($GLOBALS['error_codes']['no_permission_message'], 'User does not have permission to change this '.$element, $s3ql['format'],''));
-
-
- foreach ($e_info as $field=>$data) {
-
- if(in_array($field, array_keys($s3ql['set'])))
- if(in_array($field, $set[$element]))
- {
-
- $oldvalues[$field] = $e_info[$field];
- $e_info[$field] = $s3ql['set'][$field];
- $inputs[$field] = $s3ql['set'][$field];
- }
-
- }
-
-
- #echo '<pre>';print_r($inputs);
- switch ($element) {
-
-
- case 'user':{##EDIT USER
- $user_to_change_info = get_info('user', $element_id, $db);#this is necessary because password will not come in the $e_info var.
-
- #permission was checked before the switch
-
- #map values
- $s3map = array('login'=>'account_lid',
- 'password'=>'account_pwd',
- 'username'=>'account_uname',
- 'email'=>'account_email',
- 'phone'=>'account_phone',
- 'address'=>'addr1',
- 'address2'=>'addr2',
- 'city'=>'city',
- 'state'=>'state',
- 'postal_code'=>'postal_code',
- 'country'=>'country',
- 'account_type'=>'account_type',
- 'permission_level'=>'permission_level',
- 'created_by'=>'created_by');
- #encript the password
-
- #echo '<pre>';print_r($s3ql);exit;
- if ($s3ql['set']['password']!='' || $s3ql['set']['account_pwd']) {
- $s3ql['set']['password'] = ($s3ql['set']['account_pwd']!='')?md5($s3ql['set']['account_pwd']):md5($s3ql['set']['password']);
- }
- else {
- $s3ql['set']['password']=$user_to_change_info['account_pwd'];
- }
- #echo '<pre>';print_r($s3ql);
- #login, password and email cannot be deleted so if they come empty, fill them out with the old values
- $non_erasable = array('login', 'email', 'username', 'password');
-
- foreach ($non_erasable as $fieldname) {
- if (in_array($fieldname, array_keys($s3ql['set']))) {
- if ($s3ql['set'][$fieldname]=='') {
- return (formatReturn($GLOBALS['error_codes']['wrong_input'], 'login, email, username and password cannot be deleted', $s3ql['format'],''));
- }
- }
- elseif (!in_array($fieldname, array_keys($s3ql['set']))) {
- #then start filling out input with the old values
-
- $inputs[$s3map[$fieldname]] = $e_info[$s3map[$fieldname]];
- }
- }
- #now map the valid values
- foreach (array_keys($s3ql['set']) as $set) {
-
- if (in_array($set, array_keys($s3map))) {
-
- if($s3ql['set'][$set]!='') {
-
- $inputs[$s3map[$set]] =$s3ql['set'][$set];
-
- }
- }
-
- }
- #echo '<pre>';print_r($e_info);
- $inputs['account_type'] = ($s3ql['set']['account_type']!='')?$s3ql['set']['account_type']:$user_to_change_info['account_type'];
- $inputs['account_status'] = ($s3ql['set']['account_status']!='')?$s3ql['set']['account_status']:$user_to_change_info['account_status'];
- $inputs['account_group'] = $inputs['account_type'];
-
- #replace in $e_info the values with the inputs. First clean the existing one, then merge with the new one
- $user_info = array_diff_key($e_info, $inputs);
- $user_info = array_merge($user_info, $inputs);
-
-
- #$validity = validate_user_inputs(array('inputs'=>$inputs, 'imp_user_id'=>$e_info['account_id'], 'db'=>$db, 'action'=>'update'));
- #$validity = validate_user_inputs(array('inputs'=>$inputs, 'imp_user_id'=>$e_info['account_id'], 'db'=>$db, 'action'=>'update'));
- $info=$e_info;
- $inputs['user_id']=$s3ql['where']['user_id'];
-
- #echo '<pre>';print_r($inputs);
- if(!$model) $model = 'nsy';
- $action = 'edit';
- $validity = validateInputs(compact('element','info', 'inputs', 'oldvalues', 'user_id', 'db','model','action'));
- #echo '<pre>';print_r($validity);
- switch($validity['error_code'])
- {
- case 0:
- #echo '<pre>';print_r($user_info); exit;
- if(!update_user(compact('user_info', 'db', 'user_id')))
- {
- #$output .= $something_went_wrong;
- return (formatReturn($GLOBALS['error_codes']['something_went_wrong'], 'User could not be updated. Undetermined reasons.', $s3ql['format'], ''));
- }
- else {
- if($inputs['permission_level']!=""){
- $permission_info = array('uid'=>'U'.$user_id,'shared_with'=>'U'.$info['user_id'],'permission_level'=>$inputs['permission_level']);
-
- update_permission(compact('permission_info', 'db', 'user_id', 'info'));
- }
-
- return (formatReturn($GLOBALS['error_codes']['success'],'User updated', $s3ql['format'],''));
-
- }
- break;
- default :
- return (formatReturn($validity['error_code'],$validity['message'], $s3ql['format'],''));
- break;
-
- }
-
- break;
- }
- case 'group':{##EDIT GROUP
-
- $info = $e_info;
- $group_id = $info['group_id'];
-
- $validity = validateInputs(compact('element', 'inputs', 'oldvalues', 'info', 'db', 'action', 'key'));
- if($validity[0…
Large files files are truncated, but you can click here to view the full file