isAdmin()) { UI::exitError(getMLText("admin_tools"),getMLText("access_denied")); } if (isset($_POST["action"])) $action=$_POST["action"]; else $action=NULL; // add new role --------------------------------------------------------- if ($action == "addrole") { /* Check if the form data comes for a trusted request */ if(!checkFormKey('addrole')) { UI::exitError(getMLText("admin_tools"),getMLText("invalid_request_token")); } $name = $_POST["name"]; $role = preg_replace('/[^0-2]+/', '', $_POST["role"]); if (is_object($dms->getRoleByName($name))) { UI::exitError(getMLText("admin_tools"),getMLText("role_exists")); } $newRole = $dms->addRole($name, $role); if ($newRole) { } else UI::exitError(getMLText("admin_tools"),getMLText("access_denied")); $roleid=$newRole->getID(); $session->setSplashMsg(array('type'=>'success', 'msg'=>getMLText('splash_add_role'))); add_log_line(".php&action=addrole&name=".$name); } // delete role ------------------------------------------------------------ else if ($action == "removerole") { /* Check if the form data comes for a trusted request */ if(!checkFormKey('removerole')) { UI::exitError(getMLText("admin_tools"),getMLText("invalid_request_token")); } if (isset($_POST["roleid"])) { $roleid = $_POST["roleid"]; } if (!isset($roleid) || !is_numeric($roleid) || intval($roleid)<1) { UI::exitError(getMLText("admin_tools"),getMLText("invalid_role_id")); } $roleToRemove = $dms->getRole($roleid); if (!is_object($roleToRemove)) { UI::exitError(getMLText("admin_tools"),getMLText("invalid_role_id")); } if (!$roleToRemove->remove()) { UI::exitError(getMLText("admin_tools"),getMLText("error_occured")); } add_log_line(".php&action=removerole&roleid=".$roleid); $session->setSplashMsg(array('type'=>'success', 'msg'=>getMLText('splash_rm_role'))); $roleid=-1; } // modify role ------------------------------------------------------------ else if ($action == "editrole") { /* Check if the form data comes for a trusted request */ if(!checkFormKey('editrole')) { UI::exitError(getMLText("admin_tools"),getMLText("invalid_request_token")); } if (!isset($_POST["roleid"]) || !is_numeric($_POST["roleid"]) || intval($_POST["roleid"])<1) { UI::exitError(getMLText("admin_tools"),getMLText("invalid_role_id")); } $roleid=$_POST["roleid"]; $editedRole = $dms->getRole($roleid); if (!is_object($editedRole)) { UI::exitError(getMLText("admin_tools"),getMLText("invalid_role_id")); } $name = $_POST["name"]; $role = preg_replace('/[^0-2]+/', '', $_POST["role"]); $noaccess = isset($_POST['noaccess']) ? $_POST['noaccess'] : null; if ($editedRole->getName() != $name) $editedRole->setName($name); if ($editedRole->getRole() != $role) $editedRole->setRole($role); $editedRole->setNoAccess($noaccess); $session->setSplashMsg(array('type'=>'success', 'msg'=>getMLText('splash_edit_role'))); add_log_line(".php&action=editrole&roleid=".$roleid); } else UI::exitError(getMLText("admin_tools"),getMLText("unknown_command")); header("Location:../out/out.RoleMgr.php?roleid=".$roleid); ?>