-
Notifications
You must be signed in to change notification settings - Fork 1
/
share.php
43 lines (33 loc) · 1.29 KB
/
share.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
<?php
require_once('inc_db.php');
require_once('inc_session.php');
$action=trim($_REQUEST['action']);
$id=$_REQUEST['id']+0;
if (userID()<1) die(json_encode(array('error'=>'User is not signed in, please sign in.')));
if ($action=='getusers')
{
$perm=access_rights($id);
if ($perm=='') $res=array('error'=>'You do not have sufficient access rights for the given diagram.');
else
{
$users=array();
$result=execQuery("SELECT * FROM shares WHERE diagramID=".$id." ORDER BY id");
while($row=mysqli_fetch_assoc($result)) $users[]=array("user"=>$row['email'], "perm"=>$row['perm']);
$res=array('ok'=>true, "users"=>$users);
}
echo json_encode($res);
}
if ($action=='setusers')
{
$perm=access_rights($id);
if ($perm=='' || $perm=='ro') die(json_encode(array('error'=>'You do not have rights to modify the settings')));
// owner or user with writable access can modify share settings
$perm=$_REQUEST['perm'];
execQuery("DELETE FROM shares WHERE diagramID=".$id);
foreach($perm as $p)
{
if ($p['email']!='')
execQuery("INSERT IGNORE INTO shares SET email=\"".mysqli_escape($p['email'])."\", perm=\"".mysqli_escape($p['perm'])."\", diagramID=".$id);
}
}
?>