diff options
| author | Karl 'vollmerk' Vollmer <vollmer@ampache.org> | 2007-12-10 07:58:34 +0000 |
|---|---|---|
| committer | Karl 'vollmerk' Vollmer <vollmer@ampache.org> | 2007-12-10 07:58:34 +0000 |
| commit | 6cde9118b11c0ca82ef415ea30a54db1b30fc1ce (patch) | |
| tree | 2a4c7398906c27fd0114486c48107943b3405a18 /server | |
| parent | 46ffeca144b7ef44572a5805061da246c8be5f3c (diff) | |
| download | ampache-6cde9118b11c0ca82ef415ea30a54db1b30fc1ce.tar.gz ampache-6cde9118b11c0ca82ef415ea30a54db1b30fc1ce.tar.bz2 ampache-6cde9118b11c0ca82ef415ea30a54db1b30fc1ce.zip | |
added basic MPD user permissions in, I didnt force a level for everyone so any existing setups will be defaulted to DENIED until they update their Localplay Level
Diffstat (limited to 'server')
| -rw-r--r-- | server/localplay.ajax.php | 33 |
1 files changed, 26 insertions, 7 deletions
diff --git a/server/localplay.ajax.php b/server/localplay.ajax.php index ad572d23..405812f2 100644 --- a/server/localplay.ajax.php +++ b/server/localplay.ajax.php @@ -27,7 +27,10 @@ if (AJAX_INCLUDE != '1') { exit; } switch ($_REQUEST['action']) { case 'set_instance': // Make sure they they are allowed to do this - //... ok I don't really know what that means yet + if (!Access::check('localplay','5')) { + debug_event('DENIED','Error attempted to set instance without required level','1'); + exit; + } $type = $_REQUEST['instance'] ? 'localplay' : 'stream'; @@ -46,7 +49,10 @@ switch ($_REQUEST['action']) { break; case 'command': // Make sure they are allowed to do this - // ok I still don't know what that means... but I'm thinking about it + if (!Access::check('localplay','50')) { + debug_event('DENIED','Attempted to control Localplay without sufficient access','1'); + exit; + } $localplay = new Localplay($GLOBALS['user']->prefs['localplay_controller']); $localplay->connect(); @@ -92,6 +98,10 @@ switch ($_REQUEST['action']) { break; case 'delete_track': // Load Connect... yada yada + if (!Access::check('localplay','50')) { + debug_event('DENIED','Attempted to delete track without access','1'); + exit; + } $localplay = new Localplay($GLOBALS['user']->prefs['localplay_controller']); $localplay->connect(); @@ -103,9 +113,11 @@ switch ($_REQUEST['action']) { $results['localplay_playlist_' . $id] = ''; break; case 'delete_instance': - // Make sure that you have access to do this... again I really - // don't know what that means so I'm just going to do nothing fo now - + // Make sure that you have access to do this... + if (!Access::check('localplay','75')) { + debug_event('DENIED','Attempted to delete instance without access','1'); + exit; + } // Scrub it in $localplay = new Localplay($GLOBALS['user']->prefs['localplay_controller']); @@ -116,6 +128,10 @@ switch ($_REQUEST['action']) { break; case 'repeat': // Make sure that they have access to do this again no clue + if (!Access::check('localplay','50')) { + debug_event('DENIED','Attempted to set repeat without access','1'); + exit; + } // Scrub her in $localplay = new Localplay($GLOBALS['user']->prefs['localplay_controller']); @@ -129,8 +145,11 @@ switch ($_REQUEST['action']) { break; case 'random': - // Make sure that they have access to do this again no clue... seems - // to be a pattern here + // Make sure that they have access to do this + if (!Access::check('localplay','50')) { + debug_event('DENIED','Attempted to set random without access','1'); + exit; + } // Scrub her in $localplay = new Localplay($GLOBALS['user']->prefs['localplay_controller']); |