added basic MPD user permissions in, I didnt force a level for everyone so any existing setups will be defaulted to DENIED until they update their Localplay Level

6 files changed, 68 insertions, 12 deletions

diff --git a/docs/CHANGELOG b/docs/CHANGELOG
index db6f5c59..95ec6f89 100755
--- a/docs/CHANGELOG
+++ b/docs/CHANGELOG
@@ -4,6 +4,9 @@
 
 --------------------------------------------------------------------------
   v.3.4-Alpha4 
+	- Added User and Manager levels to Localplay, determines what the
+		user in question can do
+	- Moved Newest * to statistics page
 	- Database Update, removed useless config options and tweaked a few others
 	- Fixed last of the missing MPD functionality (Volume & Playlist Clear)
 	- Fixed HTTPQ and improved parsing for urls from MPD & HTTPQ
diff --git a/lib/class/access.class.php b/lib/class/access.class.php
index 59289c7c..3e8331e3 100644
--- a/lib/class/access.class.php
+++ b/lib/class/access.class.php
@@ -181,13 +181,13 @@ class Access {
 			 */
 			case 'init-xml-rpc':
 				$sql = "SELECT `id` FROM `access_list`" .
-					" WHERE `start` <= '$ip' AND `end` >= '$ip' AND `type`='xml-rpc' AND `level` >= '$level'";
+					" WHERE `start` <= '$ip' AND `end` >= '$ip' AND `type`='rpc' AND `level` >= '$level'";
 			break;
 			case 'rpc': 
 			case 'xml-rpc':
 				$sql = "SELECT `id` FROM `access_list`" . 
 					" WHERE `start` <= '$ip' AND `end` >= '$ip'" . 
-					" AND  `key` = '$key' AND `level` >= '$level' AND (`type`='xml-rpc' OR `type`='rpc')";
+					" AND  `key` = '$key' AND `level` >= '$level' AND `type`='rpc'";
 			break;
 			case 'network':
 			case 'interface':
@@ -216,6 +216,36 @@ class Access {
 	} // check_network
 
 	/**
+	 * check_access
+	 * This is the global 'has_access' function it can check for any 'type' of object
+	 * everything uses the global 0,5,25,50,75,100 stuff. GLOBALS['user'] is always used
+	 */
+	public static function check($type,$level) { 
+
+		$level = intval($level); 
+
+		// Switch on the type
+		switch ($type) { 
+			case 'localplay': 
+				// Check their localplay_level 
+				if ($GLOBALS['user']->prefs['localplay_level'] >= $level) { 
+					return true; 
+				} 
+				else { 
+					return false; 
+				} 
+			break;
+			default:
+				return false; 
+			break; 
+		} // end switch on type
+
+		// Default false
+		return false; 
+
+	} // check
+
+	/**
 	 * validate_type
 	 * This cleans up and validates the specified type
 	 */
diff --git a/lib/init.php b/lib/init.php
index 0342b01f..4611e4f0 100644
--- a/lib/init.php
+++ b/lib/init.php
@@ -81,7 +81,7 @@ if (!count($results)) {
 } 
 
 /** This is the version.... fluf nothing more... **/
-$results['version']		= '3.4-Alpha4 Build (003)';
+$results['version']		= '3.4-Alpha4 Build (004)';
 $results['int_config_version']	= '6'; 
 
 $results['raw_web_path']	= $results['web_path'];
diff --git a/lib/preferences.php b/lib/preferences.php
index 793b1db4..6a5b2bd5 100644
--- a/lib/preferences.php
+++ b/lib/preferences.php
@@ -263,9 +263,11 @@ function create_preference_input($name,$value) {
 		case 'localplay_level':
 			if ($value == '25') { $is_user = 'selected="selected"'; } 
 			elseif ($value == '100') { $is_admin = 'selected="selected"'; } 
+			elseif ($value == '50') { $is_manager = 'selected="selected"'; } 
 			echo "<select name=\"$name\">\n";
 			echo "<option value=\"0\">" . _('Disabled') . "</option>\n";
 			echo "<option value=\"25\" $is_user>" . _('User') . "</option>\n";
+			echo "<option value=\"50\" $is_manager>" . _('Manager') . "</option>\n";
 			echo "<option value=\"100\" $is_admin>" . _('Admin') . "</option>\n";
 			echo "</select>\n";
 		break;
diff --git a/server/localplay.ajax.php b/server/localplay.ajax.php
index ad572d23..405812f2 100644
--- a/server/localplay.ajax.php
+++ b/server/localplay.ajax.php
@@ -27,7 +27,10 @@ if (AJAX_INCLUDE != '1') { exit; }
 switch ($_REQUEST['action']) { 
 	case 'set_instance': 
 		// Make sure they they are allowed to do this
-		//... ok I don't really know what that means yet
+		if (!Access::check('localplay','5')) { 
+			debug_event('DENIED','Error attempted to set instance without required level','1'); 
+			exit; 
+		} 	
 
 		$type = $_REQUEST['instance'] ? 'localplay' : 'stream';
 
@@ -46,7 +49,10 @@ switch ($_REQUEST['action']) {
 	break;
 	case 'command': 
 		// Make sure they are allowed to do this
-		// ok I still don't know what that means... but I'm thinking about it
+		if (!Access::check('localplay','50')) { 
+			debug_event('DENIED','Attempted to control Localplay without sufficient access','1'); 
+			exit;
+		} 
 
 		$localplay = new Localplay($GLOBALS['user']->prefs['localplay_controller']); 
 		$localplay->connect(); 
@@ -92,6 +98,10 @@ switch ($_REQUEST['action']) {
 	break; 
 	case 'delete_track': 
 		// Load Connect... yada yada
+		if (!Access::check('localplay','50')) { 
+			debug_event('DENIED','Attempted to delete track without access','1'); 
+			exit; 
+		} 
 		$localplay = new Localplay($GLOBALS['user']->prefs['localplay_controller']); 
 		$localplay->connect(); 
 
@@ -103,9 +113,11 @@ switch ($_REQUEST['action']) {
 		$results['localplay_playlist_' . $id] = ''; 
 	break; 
 	case 'delete_instance': 
-		// Make sure that you have access to do this... again I really 
-		// don't know what that means so I'm just going to do nothing fo now
-		
+		// Make sure that you have access to do this...
+		if (!Access::check('localplay','75')) { 
+			debug_event('DENIED','Attempted to delete instance without access','1'); 
+			exit; 
+		} 
 
 		// Scrub it in
 		$localplay = new Localplay($GLOBALS['user']->prefs['localplay_controller']); 
@@ -116,6 +128,10 @@ switch ($_REQUEST['action']) {
 	break; 
 	case 'repeat': 
 		// Make sure that they have access to do this again no clue
+		if (!Access::check('localplay','50')) { 
+			debug_event('DENIED','Attempted to set repeat without access','1'); 
+			exit; 
+		} 
 		
 		// Scrub her in 
 		$localplay = new Localplay($GLOBALS['user']->prefs['localplay_controller']); 
@@ -129,8 +145,11 @@ switch ($_REQUEST['action']) {
 
 	break;
 	case 'random': 
-		// Make sure that they have access to do this again no clue... seems
-		// to be a pattern here
+		// Make sure that they have access to do this
+		if (!Access::check('localplay','50')) { 
+			debug_event('DENIED','Attempted to set random without access','1'); 
+			exit; 
+		} 
 		
 		// Scrub her in
 		$localplay = new Localplay($GLOBALS['user']->prefs['localplay_controller']); 
diff --git a/templates/sidebar_localplay.inc.php b/templates/sidebar_localplay.inc.php
index 073dad9e..8bce5a2a 100644
--- a/templates/sidebar_localplay.inc.php
+++ b/templates/sidebar_localplay.inc.php
@@ -1,16 +1,18 @@
 <ul class="sb2" id="sb_localplay">
-<?php if (Config::get('allow_localplay_playback') AND $GLOBALS['user']->prefs['localplay_controller']) { ?>
+<?php if (Config::get('allow_localplay_playback') AND $GLOBALS['user']->prefs['localplay_controller'] AND Access::check('localplay','5')) { ?>
 <?php
 	// Little bit of work to be done here
 	$localplay = new Localplay($GLOBALS['user']->prefs['localplay_controller']); 
 	$current_instance = $localplay->current_instance(); 
 	$class = $current_instance ? '' : ' class="active_instance"';
 ?>
-<?php if ($GLOBALS['user']->has_access('50')) { ?>
+<?php if (Access::check('localplay','25')) { ?>
   <li><h4><?php echo _('Localplay'); ?></h4>
     <ul class="sb3" id="sb_localplay_info">
+<?php if (Access::check('localplay','75')) { ?>
 	<li id="sb_localplay_info_add_instance"><a href="<?php echo $web_path; ?>/localplay.php?action=show_add_instance"><?php echo _('Add Instance'); ?></a></li>
 	<li id="sb_localplay_info_show_instances"><a href="<?php echo $web_path; ?>/localplay.php?action=show_instances"><?php echo _('Show instances'); ?></a></li>
+<?php } ?>
 	<li id="sb_localplay_info_show"><a href="<?php echo $web_path; ?>/localplay.php?action=show_playlist"><?php echo _('Show Playlist'); ?></a></li>
     </ul>
   </li>