yetangitu/ampache
1
0
Fork 0
mirror of https://github.com/Yetangitu/ampache synced 2025-10-06 03:49:56 +02:00
Code Issues Releases Wiki Activity

added basic MPD user permissions in, I didnt force a level for everyone so any existing setups will be defaulted to DENIED until they update their Localplay Level

Browse source
This commit is contained in:
Karl 'vollmerk' Vollmer 2007-12-10 07:58:34 +00:00
parent 46ffeca144
commit 6cde9118b1
6 changed files with 68 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

3
docs/CHANGELOG
View file

@ -4,6 +4,9 @@
-------------------------------------------------------------------------- --------------------------------------------------------------------------
v.3.4-Alpha4 v.3.4-Alpha4
- Added User and Manager levels to Localplay, determines what the
user in question can do
- Moved Newest * to statistics page
- Database Update, removed useless config options and tweaked a few others - Database Update, removed useless config options and tweaked a few others
- Fixed last of the missing MPD functionality (Volume & Playlist Clear) - Fixed last of the missing MPD functionality (Volume & Playlist Clear)
- Fixed HTTPQ and improved parsing for urls from MPD & HTTPQ - Fixed HTTPQ and improved parsing for urls from MPD & HTTPQ

34
lib/class/access.class.php
View file

@ -181,13 +181,13 @@ class Access {
*/ */
case 'init-xml-rpc': case 'init-xml-rpc':
$sql = "SELECT `id` FROM `access_list`" . $sql = "SELECT `id` FROM `access_list`" .
" WHERE `start` <= '$ip' AND `end` >= '$ip' AND `type`='xml-rpc' AND `level` >= '$level'"; " WHERE `start` <= '$ip' AND `end` >= '$ip' AND `type`='rpc' AND `level` >= '$level'";
break; break;
case 'rpc': case 'rpc':
case 'xml-rpc': case 'xml-rpc':
$sql = "SELECT `id` FROM `access_list`" . $sql = "SELECT `id` FROM `access_list`" .
" WHERE `start` <= '$ip' AND `end` >= '$ip'" . " WHERE `start` <= '$ip' AND `end` >= '$ip'" .
" AND `key` = '$key' AND `level` >= '$level' AND (`type`='xml-rpc' OR `type`='rpc')"; " AND `key` = '$key' AND `level` >= '$level' AND `type`='rpc'";
break; break;
case 'network': case 'network':
case 'interface': case 'interface':
@ -215,6 +215,36 @@ class Access {
} // check_network } // check_network
/**
* check_access
* This is the global 'has_access' function it can check for any 'type' of object
* everything uses the global 0,5,25,50,75,100 stuff. GLOBALS['user'] is always used
*/
public static function check($type,$level) {
$level = intval($level);
// Switch on the type
switch ($type) {
case 'localplay':
// Check their localplay_level
if ($GLOBALS['user']->prefs['localplay_level'] >= $level) {
return true;
}
else {
return false;
}
break;
default:
return false;
break;
} // end switch on type
// Default false
return false;
} // check
/** /**
* validate_type * validate_type
* This cleans up and validates the specified type * This cleans up and validates the specified type

2
lib/init.php
View file

@ -81,7 +81,7 @@ if (!count($results)) {
} }
/** This is the version.... fluf nothing more... **/ /** This is the version.... fluf nothing more... **/
$results['version'] = '3.4-Alpha4 Build (003)'; $results['version'] = '3.4-Alpha4 Build (004)';
$results['int_config_version'] = '6'; $results['int_config_version'] = '6';
$results['raw_web_path'] = $results['web_path']; $results['raw_web_path'] = $results['web_path'];

2
lib/preferences.php
View file

@ -263,9 +263,11 @@ function create_preference_input($name,$value) {
case 'localplay_level': case 'localplay_level':
if ($value == '25') { $is_user = 'selected="selected"'; } if ($value == '25') { $is_user = 'selected="selected"'; }
elseif ($value == '100') { $is_admin = 'selected="selected"'; } elseif ($value == '100') { $is_admin = 'selected="selected"'; }
elseif ($value == '50') { $is_manager = 'selected="selected"'; }
echo "<select name=\"$name\">\n"; echo "<select name=\"$name\">\n";
echo "<option value=\"0\">" . _('Disabled') . "</option>\n"; echo "<option value=\"0\">" . _('Disabled') . "</option>\n";
echo "<option value=\"25\" $is_user>" . _('User') . "</option>\n"; echo "<option value=\"25\" $is_user>" . _('User') . "</option>\n";
echo "<option value=\"50\" $is_manager>" . _('Manager') . "</option>\n";
echo "<option value=\"100\" $is_admin>" . _('Admin') . "</option>\n"; echo "<option value=\"100\" $is_admin>" . _('Admin') . "</option>\n";
echo "</select>\n"; echo "</select>\n";
break; break;

33
server/localplay.ajax.php
View file

@ -27,7 +27,10 @@ if (AJAX_INCLUDE != '1') { exit; }
switch ($_REQUEST['action']) { switch ($_REQUEST['action']) {
case 'set_instance': case 'set_instance':
// Make sure they they are allowed to do this // Make sure they they are allowed to do this
//... ok I don't really know what that means yet if (!Access::check('localplay','5')) {
debug_event('DENIED','Error attempted to set instance without required level','1');
exit;
}
$type = $_REQUEST['instance'] ? 'localplay' : 'stream'; $type = $_REQUEST['instance'] ? 'localplay' : 'stream';
@ -46,7 +49,10 @@ switch ($_REQUEST['action']) {
break; break;
case 'command': case 'command':
// Make sure they are allowed to do this // Make sure they are allowed to do this
// ok I still don't know what that means... but I'm thinking about it if (!Access::check('localplay','50')) {
debug_event('DENIED','Attempted to control Localplay without sufficient access','1');
exit;
}
$localplay = new Localplay($GLOBALS['user']->prefs['localplay_controller']); $localplay = new Localplay($GLOBALS['user']->prefs['localplay_controller']);
$localplay->connect(); $localplay->connect();
@ -92,6 +98,10 @@ switch ($_REQUEST['action']) {
break; break;
case 'delete_track': case 'delete_track':
// Load Connect... yada yada // Load Connect... yada yada
if (!Access::check('localplay','50')) {
debug_event('DENIED','Attempted to delete track without access','1');
exit;
}
$localplay = new Localplay($GLOBALS['user']->prefs['localplay_controller']); $localplay = new Localplay($GLOBALS['user']->prefs['localplay_controller']);
$localplay->connect(); $localplay->connect();
@ -103,9 +113,11 @@ switch ($_REQUEST['action']) {
$results['localplay_playlist_' . $id] = ''; $results['localplay_playlist_' . $id] = '';
break; break;
case 'delete_instance': case 'delete_instance':
// Make sure that you have access to do this... again I really // Make sure that you have access to do this...
// don't know what that means so I'm just going to do nothing fo now if (!Access::check('localplay','75')) {
debug_event('DENIED','Attempted to delete instance without access','1');
exit;
}
// Scrub it in // Scrub it in
$localplay = new Localplay($GLOBALS['user']->prefs['localplay_controller']); $localplay = new Localplay($GLOBALS['user']->prefs['localplay_controller']);
@ -116,6 +128,10 @@ switch ($_REQUEST['action']) {
break; break;
case 'repeat': case 'repeat':
// Make sure that they have access to do this again no clue // Make sure that they have access to do this again no clue
if (!Access::check('localplay','50')) {
debug_event('DENIED','Attempted to set repeat without access','1');
exit;
}
// Scrub her in // Scrub her in
$localplay = new Localplay($GLOBALS['user']->prefs['localplay_controller']); $localplay = new Localplay($GLOBALS['user']->prefs['localplay_controller']);
@ -129,8 +145,11 @@ switch ($_REQUEST['action']) {
break; break;
case 'random': case 'random':
// Make sure that they have access to do this again no clue... seems // Make sure that they have access to do this
// to be a pattern here if (!Access::check('localplay','50')) {
debug_event('DENIED','Attempted to set random without access','1');
exit;
}
// Scrub her in // Scrub her in
$localplay = new Localplay($GLOBALS['user']->prefs['localplay_controller']); $localplay = new Localplay($GLOBALS['user']->prefs['localplay_controller']);

6
templates/sidebar_localplay.inc.php
View file

@ -1,16 +1,18 @@
<ul class="sb2" id="sb_localplay"> <ul class="sb2" id="sb_localplay">
<?php if (Config::get('allow_localplay_playback') AND $GLOBALS['user']->prefs['localplay_controller']) { ?> <?php if (Config::get('allow_localplay_playback') AND $GLOBALS['user']->prefs['localplay_controller'] AND Access::check('localplay','5')) { ?>
<?php <?php
// Little bit of work to be done here // Little bit of work to be done here
$localplay = new Localplay($GLOBALS['user']->prefs['localplay_controller']); $localplay = new Localplay($GLOBALS['user']->prefs['localplay_controller']);
$current_instance = $localplay->current_instance(); $current_instance = $localplay->current_instance();
$class = $current_instance ? '' : ' class="active_instance"'; $class = $current_instance ? '' : ' class="active_instance"';
?> ?>
<?php if ($GLOBALS['user']->has_access('50')) { ?> <?php if (Access::check('localplay','25')) { ?>
<li><h4><?php echo _('Localplay'); ?></h4> <li><h4><?php echo _('Localplay'); ?></h4>
<ul class="sb3" id="sb_localplay_info"> <ul class="sb3" id="sb_localplay_info">
<?php if (Access::check('localplay','75')) { ?>
<li id="sb_localplay_info_add_instance"><a href="<?php echo $web_path; ?>/localplay.php?action=show_add_instance"><?php echo _('Add Instance'); ?></a></li> <li id="sb_localplay_info_add_instance"><a href="<?php echo $web_path; ?>/localplay.php?action=show_add_instance"><?php echo _('Add Instance'); ?></a></li>
<li id="sb_localplay_info_show_instances"><a href="<?php echo $web_path; ?>/localplay.php?action=show_instances"><?php echo _('Show instances'); ?></a></li> <li id="sb_localplay_info_show_instances"><a href="<?php echo $web_path; ?>/localplay.php?action=show_instances"><?php echo _('Show instances'); ?></a></li>
<?php } ?>
<li id="sb_localplay_info_show"><a href="<?php echo $web_path; ?>/localplay.php?action=show_playlist"><?php echo _('Show Playlist'); ?></a></li> <li id="sb_localplay_info_show"><a href="<?php echo $web_path; ?>/localplay.php?action=show_playlist"><?php echo _('Show Playlist'); ?></a></li>
</ul> </ul>
</li> </li>