nextcloud/settings/ajax/togglegroups.php

<?php

OC_JSON::checkSubAdminUser();
OCP\JSON::callCheck();

$success = true;
$username = $_POST["username"];
$group = $_POST["group"];

if($username === OC_User::getUser() && $group === "admin" &&  OC_User::isAdminUser($username)) {
	$l = OC_L10N::get('core');
	OC_JSON::error(array( 'data' => array( 'message' => $l->t('Admins can\'t remove themself from the admin group'))));
	exit();
}

if(!OC_User::isAdminUser(OC_User::getUser())
	&& (!OC_SubAdmin::isUserAccessible(OC_User::getUser(), $username)
		|| !OC_SubAdmin::isGroupAccessible(OC_User::getUser(), $group))) {
	$l = OC_L10N::get('core');
	OC_JSON::error(array( 'data' => array( 'message' => $l->t('Authentication error') )));
	exit();
}

if(!OC_Group::groupExists($group)) {
	OC_Group::createGroup($group);
}

$l = OC_L10N::get('settings');

$error = $l->t("Unable to add user to group %s", $group);
$action = "add";

// Toggle group
if( OC_Group::inGroup( $username, $group )) {
	$action = "remove";
	$error = $l->t("Unable to remove user from group %s", $group);
	$success = OC_Group::removeFromGroup( $username, $group );
	$usersInGroup=OC_Group::usersInGroup($group);
	if(count($usersInGroup) === 0) {
		OC_Group::deleteGroup($group);
	}
}
else{
	$success = OC_Group::addToGroup( $username, $group );
}

// Return Success story
if( $success ) {
	OC_JSON::success(array("data" => array( "username" => $username, "action" => $action, "groupname" => $group )));
}
else{
	OC_JSON::error(array("data" => array( "message" => $error )));
}
User manager still not perfect but the aim is reachable! 2011-04-17 15:15:55 +04:00			`<?php`

fix tooglegroup for subadmins 2012-07-20 17:13:51 +04:00			`OC_JSON::checkSubAdminUser();`
CSRF check in the settings 2012-07-07 17:27:04 +04:00			`OCP\JSON::callCheck();`
User manager still not perfect but the aim is reachable! 2011-04-17 15:15:55 +04:00
User management works good enough for now. Need to do something else ... 2011-04-17 20:05:49 +04:00			`$success = true;`
			`$username = $_POST["username"];`
Group name does't need to be sanitized before storing it in the database It should only be sanitized before display 2012-11-27 23:22:45 +04:00			`$group = $_POST["group"];`
User management works good enough for now. Need to do something else ... 2011-04-17 20:05:49 +04:00
Use !== and === in settings. 2013-04-17 17:32:03 +04:00			`if($username === OC_User::getUser() && $group === "admin" && OC_User::isAdminUser($username)) {`
make some checks server-side 2012-11-28 20:57:31 +04:00			`$l = OC_L10N::get('core');`
			`OC_JSON::error(array( 'data' => array( 'message' => $l->t('Admins can\'t remove themself from the admin group'))));`
			`exit();`
			`}`

Style cleanup settings 2013-02-15 02:29:51 +04:00			`if(!OC_User::isAdminUser(OC_User::getUser())`
			`&& (!OC_SubAdmin::isUserAccessible(OC_User::getUser(), $username)`
			`\|\| !OC_SubAdmin::isGroupAccessible(OC_User::getUser(), $group))) {`
fix tooglegroup for subadmins 2012-07-20 17:13:51 +04:00			`$l = OC_L10N::get('core');`
			`OC_JSON::error(array( 'data' => array( 'message' => $l->t('Authentication error') )));`
			`exit();`
			`}`

Update settings/ajax/togglegroups.php respect coding style 2012-09-04 13:58:07 +04:00			`if(!OC_Group::groupExists($group)) {`
work on user management 2011-08-10 22:51:35 +04:00			`OC_Group::createGroup($group);`
			`}`

Adding missing translation 2012-09-04 22:47:15 +04:00			`$l = OC_L10N::get('settings');`

			`$error = $l->t("Unable to add user to group %s", $group);`
			`$action = "add";`

User management works good enough for now. Need to do something else ... 2011-04-17 20:05:49 +04:00			`// Toggle group`
Update settings/ajax/togglegroups.php respect coding style 2012-09-04 13:58:07 +04:00			`if( OC_Group::inGroup( $username, $group )) {`
More error checking in user management 2011-04-18 14:39:28 +04:00			`$action = "remove";`
Spaces to tabs 2013-01-14 23:30:28 +04:00			`$error = $l->t("Unable to remove user from group %s", $group);`
			`$success = OC_Group::removeFromGroup( $username, $group );`
remove groups if there are no users in them 2011-08-11 12:12:03 +04:00			`$usersInGroup=OC_Group::usersInGroup($group);`
Use !== and === in settings. 2013-04-17 17:32:03 +04:00			`if(count($usersInGroup) === 0) {`
remove groups if there are no users in them 2011-08-11 12:12:03 +04:00			`OC_Group::deleteGroup($group);`
			`}`
User management works good enough for now. Need to do something else ... 2011-04-17 20:05:49 +04:00			`}`
			`else{`
Renaming classes :-) 2011-07-29 23:36:03 +04:00			`$success = OC_Group::addToGroup( $username, $group );`
User management works good enough for now. Need to do something else ... 2011-04-17 20:05:49 +04:00			`}`
User manager still not perfect but the aim is reachable! 2011-04-17 15:15:55 +04:00
			`// Return Success story`
Update settings/ajax/togglegroups.php respect coding style 2012-09-04 13:58:07 +04:00			`if( $success ) {`
Use OC_JSON for json responses Create OC_JSON class, for single point of creating json responses. No real logic change, this just cleans up the code a bit. 2011-09-24 00:22:59 +04:00			`OC_JSON::success(array("data" => array( "username" => $username, "action" => $action, "groupname" => $group )));`
User manager still not perfect but the aim is reachable! 2011-04-17 15:15:55 +04:00			`}`
			`else{`
Adding missing translation 2012-09-04 22:47:15 +04:00			`OC_JSON::error(array("data" => array( "message" => $error )));`
User manager still not perfect but the aim is reachable! 2011-04-17 15:15:55 +04:00			`}`