mirror of
https://github.com/Yetangitu/ampache
synced 2025-10-06 03:49:56 +02:00
added basic MPD user permissions in, I didnt force a level for everyone so any existing setups will be defaulted to DENIED until they update their Localplay Level
This commit is contained in:
Karl 'vollmerk' Vollmer
parent
46ffeca144
commit
6cde9118b1
6 changed files with 68 additions and 12 deletions
|
|
@ -4,6 +4,9 @@
|
|||
|
||||
--------------------------------------------------------------------------
|
||||
v.3.4-Alpha4
|
||||
- Added User and Manager levels to Localplay, determines what the
|
||||
user in question can do
|
||||
- Moved Newest * to statistics page
|
||||
- Database Update, removed useless config options and tweaked a few others
|
||||
- Fixed last of the missing MPD functionality (Volume & Playlist Clear)
|
||||
- Fixed HTTPQ and improved parsing for urls from MPD & HTTPQ
|
||||
|
|
|
|||
|
|
@ -181,13 +181,13 @@ class Access {
|
|||
*/
|
||||
case 'init-xml-rpc':
|
||||
$sql = "SELECT `id` FROM `access_list`" .
|
||||
" WHERE `start` <= '$ip' AND `end` >= '$ip' AND `type`='xml-rpc' AND `level` >= '$level'";
|
||||
" WHERE `start` <= '$ip' AND `end` >= '$ip' AND `type`='rpc' AND `level` >= '$level'";
|
||||
break;
|
||||
case 'rpc':
|
||||
case 'xml-rpc':
|
||||
$sql = "SELECT `id` FROM `access_list`" .
|
||||
" WHERE `start` <= '$ip' AND `end` >= '$ip'" .
|
||||
" AND `key` = '$key' AND `level` >= '$level' AND (`type`='xml-rpc' OR `type`='rpc')";
|
||||
" AND `key` = '$key' AND `level` >= '$level' AND `type`='rpc'";
|
||||
break;
|
||||
case 'network':
|
||||
case 'interface':
|
||||
|
|
@ -215,6 +215,36 @@ class Access {
|
|||
|
||||
} // check_network
|
||||
|
||||
/**
|
||||
* check_access
|
||||
* This is the global 'has_access' function it can check for any 'type' of object
|
||||
* everything uses the global 0,5,25,50,75,100 stuff. GLOBALS['user'] is always used
|
||||
*/
|
||||
public static function check($type,$level) {
|
||||
|
||||
$level = intval($level);
|
||||
|
||||
// Switch on the type
|
||||
switch ($type) {
|
||||
case 'localplay':
|
||||
// Check their localplay_level
|
||||
if ($GLOBALS['user']->prefs['localplay_level'] >= $level) {
|
||||
return true;
|
||||
}
|
||||
else {
|
||||
return false;
|
||||
}
|
||||
break;
|
||||
default:
|
||||
return false;
|
||||
break;
|
||||
} // end switch on type
|
||||
|
||||
// Default false
|
||||
return false;
|
||||
|
||||
} // check
|
||||
|
||||
/**
|
||||
* validate_type
|
||||
* This cleans up and validates the specified type
|
||||
|
|
|
|||
|
|
@ -81,7 +81,7 @@ if (!count($results)) {
|
|||
}
|
||||
|
||||
/** This is the version.... fluf nothing more... **/
|
||||
$results['version'] = '3.4-Alpha4 Build (003)';
|
||||
$results['version'] = '3.4-Alpha4 Build (004)';
|
||||
$results['int_config_version'] = '6';
|
||||
|
||||
$results['raw_web_path'] = $results['web_path'];
|
||||
|
|
|
|||
|
|
@ -263,9 +263,11 @@ function create_preference_input($name,$value) {
|
|||
case 'localplay_level':
|
||||
if ($value == '25') { $is_user = 'selected="selected"'; }
|
||||
elseif ($value == '100') { $is_admin = 'selected="selected"'; }
|
||||
elseif ($value == '50') { $is_manager = 'selected="selected"'; }
|
||||
echo "<select name=\"$name\">\n";
|
||||
echo "<option value=\"0\">" . _('Disabled') . "</option>\n";
|
||||
echo "<option value=\"25\" $is_user>" . _('User') . "</option>\n";
|
||||
echo "<option value=\"50\" $is_manager>" . _('Manager') . "</option>\n";
|
||||
echo "<option value=\"100\" $is_admin>" . _('Admin') . "</option>\n";
|
||||
echo "</select>\n";
|
||||
break;
|
||||
|
|
|
|||
|
|
@ -27,7 +27,10 @@ if (AJAX_INCLUDE != '1') { exit; }
|
|||
switch ($_REQUEST['action']) {
|
||||
case 'set_instance':
|
||||
// Make sure they they are allowed to do this
|
||||
//... ok I don't really know what that means yet
|
||||
if (!Access::check('localplay','5')) {
|
||||
debug_event('DENIED','Error attempted to set instance without required level','1');
|
||||
exit;
|
||||
}
|
||||
|
||||
$type = $_REQUEST['instance'] ? 'localplay' : 'stream';
|
||||
|
||||
|
|
@ -46,7 +49,10 @@ switch ($_REQUEST['action']) {
|
|||
break;
|
||||
case 'command':
|
||||
// Make sure they are allowed to do this
|
||||
// ok I still don't know what that means... but I'm thinking about it
|
||||
if (!Access::check('localplay','50')) {
|
||||
debug_event('DENIED','Attempted to control Localplay without sufficient access','1');
|
||||
exit;
|
||||
}
|
||||
|
||||
$localplay = new Localplay($GLOBALS['user']->prefs['localplay_controller']);
|
||||
$localplay->connect();
|
||||
|
|
@ -92,6 +98,10 @@ switch ($_REQUEST['action']) {
|
|||
break;
|
||||
case 'delete_track':
|
||||
// Load Connect... yada yada
|
||||
if (!Access::check('localplay','50')) {
|
||||
debug_event('DENIED','Attempted to delete track without access','1');
|
||||
exit;
|
||||
}
|
||||
$localplay = new Localplay($GLOBALS['user']->prefs['localplay_controller']);
|
||||
$localplay->connect();
|
||||
|
||||
|
|
@ -103,9 +113,11 @@ switch ($_REQUEST['action']) {
|
|||
$results['localplay_playlist_' . $id] = '';
|
||||
break;
|
||||
case 'delete_instance':
|
||||
// Make sure that you have access to do this... again I really
|
||||
// don't know what that means so I'm just going to do nothing fo now
|
||||
|
||||
// Make sure that you have access to do this...
|
||||
if (!Access::check('localplay','75')) {
|
||||
debug_event('DENIED','Attempted to delete instance without access','1');
|
||||
exit;
|
||||
}
|
||||
|
||||
// Scrub it in
|
||||
$localplay = new Localplay($GLOBALS['user']->prefs['localplay_controller']);
|
||||
|
|
@ -116,6 +128,10 @@ switch ($_REQUEST['action']) {
|
|||
break;
|
||||
case 'repeat':
|
||||
// Make sure that they have access to do this again no clue
|
||||
if (!Access::check('localplay','50')) {
|
||||
debug_event('DENIED','Attempted to set repeat without access','1');
|
||||
exit;
|
||||
}
|
||||
|
||||
// Scrub her in
|
||||
$localplay = new Localplay($GLOBALS['user']->prefs['localplay_controller']);
|
||||
|
|
@ -129,8 +145,11 @@ switch ($_REQUEST['action']) {
|
|||
|
||||
break;
|
||||
case 'random':
|
||||
// Make sure that they have access to do this again no clue... seems
|
||||
// to be a pattern here
|
||||
// Make sure that they have access to do this
|
||||
if (!Access::check('localplay','50')) {
|
||||
debug_event('DENIED','Attempted to set random without access','1');
|
||||
exit;
|
||||
}
|
||||
|
||||
// Scrub her in
|
||||
$localplay = new Localplay($GLOBALS['user']->prefs['localplay_controller']);
|
||||
|
|
|
|||
|
|
@ -1,16 +1,18 @@
|
|||
<ul class="sb2" id="sb_localplay">
|
||||
<?php if (Config::get('allow_localplay_playback') AND $GLOBALS['user']->prefs['localplay_controller']) { ?>
|
||||
<?php if (Config::get('allow_localplay_playback') AND $GLOBALS['user']->prefs['localplay_controller'] AND Access::check('localplay','5')) { ?>
|
||||
<?php
|
||||
// Little bit of work to be done here
|
||||
$localplay = new Localplay($GLOBALS['user']->prefs['localplay_controller']);
|
||||
$current_instance = $localplay->current_instance();
|
||||
$class = $current_instance ? '' : ' class="active_instance"';
|
||||
?>
|
||||
<?php if ($GLOBALS['user']->has_access('50')) { ?>
|
||||
<?php if (Access::check('localplay','25')) { ?>
|
||||
<li><h4><?php echo _('Localplay'); ?></h4>
|
||||
<ul class="sb3" id="sb_localplay_info">
|
||||
<?php if (Access::check('localplay','75')) { ?>
|
||||
<li id="sb_localplay_info_add_instance"><a href="<?php echo $web_path; ?>/localplay.php?action=show_add_instance"><?php echo _('Add Instance'); ?></a></li>
|
||||
<li id="sb_localplay_info_show_instances"><a href="<?php echo $web_path; ?>/localplay.php?action=show_instances"><?php echo _('Show instances'); ?></a></li>
|
||||
<?php } ?>
|
||||
<li id="sb_localplay_info_show"><a href="<?php echo $web_path; ?>/localplay.php?action=show_playlist"><?php echo _('Show Playlist'); ?></a></li>
|
||||
</ul>
|
||||
</li>
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue