diff options
Diffstat (limited to 'server/ajax.server.php')
| -rw-r--r-- | server/ajax.server.php | 36 |
1 files changed, 32 insertions, 4 deletions
diff --git a/server/ajax.server.php b/server/ajax.server.php index 9ea93b3c..b8b71aae 100644 --- a/server/ajax.server.php +++ b/server/ajax.server.php @@ -62,9 +62,8 @@ switch ($_REQUEST['action']) { /* Controls the editing of objects */ case 'show_edit_object': - if (!$GLOBALS['user']->has_access('50')) { - exit; - } + // Set the default required level + $level = '50'; switch ($_GET['type']) { case 'album': @@ -87,6 +86,15 @@ switch ($_REQUEST['action']) { $radio = new Radio($_GET['id']); $radio->format(); break; + case 'playlist': + $key = 'playlist_row_' . $_GET['id']; + $playlist = new Playlist($_GET['id']); + $playlist->format(); + // If the current user is the owner, only user is required + if ($playlist->user == $GLOBALS['user']->id) { + $level = '25'; + } + break; default: $key = 'rfc3514'; echo xml_from_array(array($key=>'0x1')); @@ -94,6 +102,11 @@ switch ($_REQUEST['action']) { break; } // end switch on type + // Make sure they got them rights + if (!$GLOBALS['user']->has_access($level)) { + exit; + } + ob_start(); require Config::get('prefix') . '/templates/show_edit_' . $_GET['type'] . '_row.inc.php'; $results[$key] = ob_get_contents(); @@ -101,8 +114,18 @@ switch ($_REQUEST['action']) { echo xml_from_array($results); break; case 'edit_object': + + $level = '50'; + + if ($_POST['type'] = 'playlist') { + $playlist = new Playlist($_POST['id']); + if ($GLOBALS['user']->id == $playlist->user) { + $level = '25'; + } + } + // Make sure we've got them rights - if (!$GLOBALS['user']->has_access('50')) { + if (!$GLOBALS['user']->has_access($level)) { exit; } @@ -131,6 +154,11 @@ switch ($_REQUEST['action']) { $song->update($_POST); $song->format(); break; + case 'playlist': + $key = 'playlist_row_' . $_POST['id']; + $playlist->update($_POST); + $playlist->format(); + break; case 'live_stream': $key = 'live_stream_' . $_POST['id']; Radio::update($_POST); |