summaryrefslogtreecommitdiffstats
path: root/settings/ajax
diff options
context:
space:
mode:
Diffstat (limited to 'settings/ajax')
-rw-r--r--settings/ajax/apps/ocs.php65
-rw-r--r--settings/ajax/changepassword.php17
-rw-r--r--settings/ajax/creategroup.php4
-rw-r--r--settings/ajax/createuser.php29
-rw-r--r--settings/ajax/enableapp.php7
-rw-r--r--settings/ajax/lostpassword.php3
-rw-r--r--settings/ajax/openid.php3
-rw-r--r--settings/ajax/removegroup.php2
-rw-r--r--settings/ajax/removeuser.php10
-rw-r--r--settings/ajax/setlanguage.php3
-rw-r--r--settings/ajax/setquota.php9
-rw-r--r--settings/ajax/togglegroups.php12
-rw-r--r--settings/ajax/togglesubadmins.php19
-rw-r--r--settings/ajax/userlist.php45
14 files changed, 196 insertions, 32 deletions
diff --git a/settings/ajax/apps/ocs.php b/settings/ajax/apps/ocs.php
new file mode 100644
index 00000000000..082f1cfb922
--- /dev/null
+++ b/settings/ajax/apps/ocs.php
@@ -0,0 +1,65 @@
+<?php
+/**
+ * Copyright (c) 2012 Thomas Tanghus <thomas@tanghus.net>
+ * This file is licensed under the Affero General Public License version 3 or
+ * later.
+ * See the COPYING-README file.
+ */
+
+// Init owncloud
+require_once('../../../lib/base.php');
+
+OC_JSON::checkAdminUser();
+
+$l = OC_L10N::get('core');
+
+if(OC_Config::getValue('appstoreenabled', true)==false){
+ OCP\JSON::success(array('type' => 'external', 'data' => array()));
+}
+
+$enabledApps=OC_App::getEnabledApps();
+
+if(is_null($enabledApps)) {
+ OCP\JSON::error(array('data' => array('message' => $l->t('Unable to load list from App Store'))));
+}
+
+$apps=array();
+
+// apps from external repo via OCS
+$catagoryNames=OC_OCSClient::getCategories();
+if(is_array($catagoryNames)){
+ $categories=array_keys($catagoryNames);
+ $page=0;
+ $externalApps=OC_OCSClient::getApplications($categories,$page);
+ foreach($externalApps as $app){
+ // show only external apps that aren't enabled yet
+ $local=false;
+ foreach($enabledApps as $a){
+ if($a == $app['name']) {
+ $local=true;
+ }
+ }
+
+ if(!$local) {
+ if($app['preview']=='') {
+ $pre='trans.png';
+ } else {
+ $pre=$app['preview'];
+ }
+ $apps[]=array(
+ 'name'=>$app['name'],
+ 'id'=>$app['id'],
+ 'active'=>false,
+ 'description'=>$app['description'],
+ 'author'=>$app['personid'],
+ 'license'=>$app['license'],
+ 'preview'=>$pre,
+ 'internal'=>false,
+ 'internallabel'=>'3rd Party App',
+ );
+ }
+ }
+}
+
+OCP\JSON::success(array('type' => 'external', 'data' => $apps));
+
diff --git a/settings/ajax/changepassword.php b/settings/ajax/changepassword.php
index 388885b6fcb..c7cb6512331 100644
--- a/settings/ajax/changepassword.php
+++ b/settings/ajax/changepassword.php
@@ -10,7 +10,20 @@ $oldPassword=isset($_POST["oldpassword"])?$_POST["oldpassword"]:'';
// Check if we are a user
OC_JSON::checkLoggedIn();
-if( (!OC_Group::inGroup( OC_User::getUser(), 'admin' ) && ($username!=OC_User::getUser() || !OC_User::checkPassword($username,$oldPassword)))) {
+OCP\JSON::callCheck();
+
+$userstatus = null;
+if(OC_Group::inGroup(OC_User::getUser(), 'admin')){
+ $userstatus = 'admin';
+}
+if(OC_SubAdmin::isUserAccessible(OC_User::getUser(), $username)){
+ $userstatus = 'subadmin';
+}
+if(OC_User::getUser() == $username && OC_User::checkPassword($username,$oldPassword)){
+ $userstatus = 'user';
+}
+
+if(is_null($userstatus)){
OC_JSON::error( array( "data" => array( "message" => "Authentication error" )));
exit();
}
@@ -22,5 +35,3 @@ if( OC_User::setPassword( $username, $password )){
else{
OC_JSON::error(array("data" => array( "message" => "Unable to change password" )));
}
-
-?>
diff --git a/settings/ajax/creategroup.php b/settings/ajax/creategroup.php
index a7fab1c45be..16cf57aebb7 100644
--- a/settings/ajax/creategroup.php
+++ b/settings/ajax/creategroup.php
@@ -10,6 +10,8 @@ if( !OC_User::isLoggedIn() || !OC_Group::inGroup( OC_User::getUser(), 'admin' ))
exit();
}
+OCP\JSON::callCheck();
+
$groupname = $_POST["groupname"];
// Does the group exist?
@@ -25,5 +27,3 @@ if( OC_Group::createGroup( $groupname )){
else{
OC_JSON::error(array("data" => array( "message" => "Unable to add group" )));
}
-
-?>
diff --git a/settings/ajax/createuser.php b/settings/ajax/createuser.php
index 508b4bf94ca..eaca5b50745 100644
--- a/settings/ajax/createuser.php
+++ b/settings/ajax/createuser.php
@@ -5,14 +5,33 @@ require_once('../../lib/base.php');
OCP\JSON::callCheck();
// Check if we are a user
-if( !OC_User::isLoggedIn() || !OC_Group::inGroup( OC_User::getUser(), 'admin' )){
+if( !OC_User::isLoggedIn() || (!OC_Group::inGroup( OC_User::getUser(), 'admin' ) && !OC_SubAdmin::isSubAdmin(OC_User::getUser()))){
OC_JSON::error(array("data" => array( "message" => "Authentication error" )));
exit();
}
+OCP\JSON::callCheck();
+
+$isadmin = OC_Group::inGroup(OC_User::getUser(),'admin')?true:false;
-$groups = array();
-if( isset( $_POST["groups"] )){
- $groups = $_POST["groups"];
+if($isadmin){
+ $groups = array();
+ if( isset( $_POST["groups"] )){
+ $groups = $_POST["groups"];
+ }
+}else{
+ if(isset( $_POST["groups"] )){
+ $groups = array();
+ foreach($_POST["groups"] as $group){
+ if(OC_SubAdmin::isGroupAccessible(OC_User::getUser(), $group)){
+ $groups[] = $group;
+ }
+ }
+ if(count($groups) == 0){
+ $groups = OC_SubAdmin::getSubAdminsGroups(OC_User::getUser());
+ }
+ }else{
+ $groups = OC_SubAdmin::getSubAdminsGroups(OC_User::getUser());
+ }
}
$username = $_POST["username"];
$password = $_POST["password"];
@@ -36,5 +55,3 @@ try {
} catch (Exception $exception) {
OC_JSON::error(array("data" => array( "message" => $exception->getMessage())));
}
-
-?>
diff --git a/settings/ajax/enableapp.php b/settings/ajax/enableapp.php
index bd53a50210c..fe3922fa02b 100644
--- a/settings/ajax/enableapp.php
+++ b/settings/ajax/enableapp.php
@@ -6,8 +6,9 @@ OC_JSON::checkAdminUser();
OCP\JSON::callCheck();
OC_JSON::setContentTypeHeader();
-if(OC_App::enable($_POST['appid'])){
- OC_JSON::success();
-}else{
+$appid = OC_App::enable($_POST['appid']);
+if($appid !== false) {
+ OC_JSON::success(array('data' => array('appid' => $appid)));
+} else {
OC_JSON::error();
}
diff --git a/settings/ajax/lostpassword.php b/settings/ajax/lostpassword.php
index 976fdff245f..803a424854c 100644
--- a/settings/ajax/lostpassword.php
+++ b/settings/ajax/lostpassword.php
@@ -2,7 +2,6 @@
// Init owncloud
require_once('../../lib/base.php');
-
OC_JSON::checkLoggedIn();
OCP\JSON::callCheck();
@@ -16,5 +15,3 @@ if( isset( $_POST['email'] ) && filter_var( $_POST['email'], FILTER_VALIDATE_EMA
}else{
OC_JSON::error(array("data" => array( "message" => $l->t("Invalid email") )));
}
-
-?> \ No newline at end of file
diff --git a/settings/ajax/openid.php b/settings/ajax/openid.php
index 58d071255c2..bf4ead06020 100644
--- a/settings/ajax/openid.php
+++ b/settings/ajax/openid.php
@@ -6,6 +6,7 @@ require_once('../../lib/base.php');
$l=OC_L10N::get('settings');
OC_JSON::checkLoggedIn();
+OCP\JSON::callCheck();
OC_JSON::checkAppEnabled('user_openid');
// Get data
@@ -16,5 +17,3 @@ if( isset( $_POST['identity'] ) ){
}else{
OC_JSON::error(array("data" => array( "message" => $l->t("Invalid request") )));
}
-
-?>
diff --git a/settings/ajax/removegroup.php b/settings/ajax/removegroup.php
index 19cbe51fd51..f8c2065956c 100644
--- a/settings/ajax/removegroup.php
+++ b/settings/ajax/removegroup.php
@@ -15,5 +15,3 @@ if( OC_Group::deleteGroup( $name )){
else{
OC_JSON::error(array("data" => array( "message" => "Unable to delete group" )));
}
-
-?>
diff --git a/settings/ajax/removeuser.php b/settings/ajax/removeuser.php
index 63388b3ca68..bfab13a68c8 100644
--- a/settings/ajax/removeuser.php
+++ b/settings/ajax/removeuser.php
@@ -3,11 +3,17 @@
// Init owncloud
require_once('../../lib/base.php');
-OC_JSON::checkAdminUser();
+OC_JSON::checkSubAdminUser();
OCP\JSON::callCheck();
$username = $_POST["username"];
+if(!OC_Group::inGroup(OC_User::getUser(), 'admin') && !OC_SubAdmin::isUserAccessible(OC_User::getUser(), $username)){
+ $l = OC_L10N::get('core');
+ OC_JSON::error(array( 'data' => array( 'message' => $l->t('Authentication error') )));
+ exit();
+}
+
// Return Success story
if( OC_User::deleteUser( $username )){
OC_JSON::success(array("data" => array( "username" => $username )));
@@ -15,5 +21,3 @@ if( OC_User::deleteUser( $username )){
else{
OC_JSON::error(array("data" => array( "message" => "Unable to delete user" )));
}
-
-?>
diff --git a/settings/ajax/setlanguage.php b/settings/ajax/setlanguage.php
index bc70d09ac92..54b103cd4fe 100644
--- a/settings/ajax/setlanguage.php
+++ b/settings/ajax/setlanguage.php
@@ -8,6 +8,7 @@ $l=OC_L10N::get('settings');
OC_JSON::checkLoggedIn();
OCP\JSON::callCheck();
+
// Get data
if( isset( $_POST['lang'] ) ){
$languageCodes=OC_L10N::findAvailableLanguages();
@@ -21,5 +22,3 @@ if( isset( $_POST['lang'] ) ){
}else{
OC_JSON::error(array("data" => array( "message" => $l->t("Invalid request") )));
}
-
-?>
diff --git a/settings/ajax/setquota.php b/settings/ajax/setquota.php
index 44c2067824b..2a30b1d97e6 100644
--- a/settings/ajax/setquota.php
+++ b/settings/ajax/setquota.php
@@ -8,11 +8,17 @@
// Init owncloud
require_once('../../lib/base.php');
-OC_JSON::checkAdminUser();
+OC_JSON::checkSubAdminUser();
OCP\JSON::callCheck();
$username = isset($_POST["username"])?$_POST["username"]:'';
+if(($username == '' && !OC_Group::inGroup(OC_User::getUser(), 'admin')) || (!OC_Group::inGroup(OC_User::getUser(), 'admin') && !OC_SubAdmin::isUserAccessible(OC_User::getUser(), $username))){
+ $l = OC_L10N::get('core');
+ OC_JSON::error(array( 'data' => array( 'message' => $l->t('Authentication error') )));
+ exit();
+}
+
//make sure the quota is in the expected format
$quota=$_POST["quota"];
if($quota!='none' and $quota!='default'){
@@ -35,4 +41,3 @@ if($username){
}
OC_JSON::success(array("data" => array( "username" => $username ,'quota'=>$quota)));
-?>
diff --git a/settings/ajax/togglegroups.php b/settings/ajax/togglegroups.php
index 02b2b6319a6..75cd0858bbc 100644
--- a/settings/ajax/togglegroups.php
+++ b/settings/ajax/togglegroups.php
@@ -3,7 +3,7 @@
// Init owncloud
require_once('../../lib/base.php');
-OC_JSON::checkAdminUser();
+OC_JSON::checkSubAdminUser();
OCP\JSON::callCheck();
$success = true;
@@ -11,7 +11,13 @@ $error = "add user to";
$action = "add";
$username = $_POST["username"];
-$group = htmlentities($_POST["group"]);
+$group = OC_Util::sanitizeHTML($_POST["group"]);
+
+if(!OC_Group::inGroup(OC_User::getUser(), 'admin') && (!OC_SubAdmin::isUserAccessible(OC_User::getUser(), $username) || !OC_SubAdmin::isGroupAccessible(OC_User::getUser(), $group))){
+ $l = OC_L10N::get('core');
+ OC_JSON::error(array( 'data' => array( 'message' => $l->t('Authentication error') )));
+ exit();
+}
if(!OC_Group::groupExists($group)){
OC_Group::createGroup($group);
@@ -38,5 +44,3 @@ if( $success ){
else{
OC_JSON::error(array("data" => array( "message" => "Unable to $error group $group" )));
}
-
-?>
diff --git a/settings/ajax/togglesubadmins.php b/settings/ajax/togglesubadmins.php
new file mode 100644
index 00000000000..42db8450302
--- /dev/null
+++ b/settings/ajax/togglesubadmins.php
@@ -0,0 +1,19 @@
+<?php
+
+// Init owncloud
+require_once('../../lib/base.php');
+
+OC_JSON::checkAdminUser();
+OCP\JSON::callCheck();
+
+$username = $_POST["username"];
+$group = OC_Util::sanitizeHTML($_POST["group"]);
+
+// Toggle group
+if(OC_SubAdmin::isSubAdminofGroup($username, $group)){
+ OC_SubAdmin::deleteSubAdmin($username, $group);
+}else{
+ OC_SubAdmin::createSubAdmin($username, $group);
+}
+
+OC_JSON::success(); \ No newline at end of file
diff --git a/settings/ajax/userlist.php b/settings/ajax/userlist.php
new file mode 100644
index 00000000000..b89b8c55ef0
--- /dev/null
+++ b/settings/ajax/userlist.php
@@ -0,0 +1,45 @@
+<?php
+/**
+ * ownCloud
+ *
+ * @author Michael Gapczynski
+ * @copyright 2012 Michael Gapczynski mtgap@owncloud.com
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU AFFERO GENERAL PUBLIC LICENSE for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public
+ * License along with this library. If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+require_once '../../lib/base.php';
+
+OC_JSON::callCheck();
+OC_JSON::checkSubAdminUser();
+if (isset($_GET['offset'])) {
+ $offset = $_GET['offset'];
+} else {
+ $offset = 0;
+}
+$users = array();
+if (OC_Group::inGroup(OC_User::getUser(), 'admin')) {
+ $batch = OC_User::getUsers('', 10, $offset);
+ foreach ($batch as $user) {
+ $users[] = array('name' => $user, 'groups' => join(', ', OC_Group::getUserGroups($user)), 'subadmin' => join(', ',OC_SubAdmin::getSubAdminsGroups($user)), 'quota' => OC_Preferences::getValue($user, 'files', 'quota', 'default'));
+ }
+} else {
+ $groups = OC_SubAdmin::getSubAdminsGroups(OC_User::getUser());
+ $batch = OC_Group::usersInGroups($groups, '', 10, $offset);
+ foreach ($batch as $user) {
+ $users[] = array('name' => $user, 'groups' => join(', ', OC_Group::getUserGroups($user)), 'quota' => OC_Preferences::getValue($user, 'files', 'quota', 'default'));
+ }
+}
+OC_JSON::success(array('data' => $users)); \ No newline at end of file
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-15 00:04:07 +0000