41 lines
1.3 KiB
PHP
41 lines
1.3 KiB
PHP
<?php
|
|
session_start();
|
|
require('../incl/const.php');
|
|
require('../class/database.php');
|
|
require('../class/access_groups.php');
|
|
|
|
$result = ['success' => false, 'message' => 'Error while processing your request!'];
|
|
|
|
if(isset($_SESSION['user']) && $_SESSION['user']->accesslevel == 'Admin') {
|
|
$database = new Database(DB_HOST, DB_NAME, DB_USER, DB_PASS, DB_PORT, DB_SCMA);
|
|
$obj = new access_group_Class($database->getConn(), $_SESSION['user']->id);
|
|
$id = isset($_POST['id']) ? intval($_POST['id']) : 0;
|
|
|
|
if(($id > 0) && !$obj->isOwnedByUs($id)){
|
|
$result = ['success' => false, 'message' => 'Action not allowed!'];
|
|
|
|
}else if(isset($_POST['save'])) {
|
|
$newId = 0;
|
|
|
|
if($id) { // update
|
|
$obj->update($_POST);
|
|
}
|
|
else { // insert
|
|
$newId = $obj->create($_POST);
|
|
}
|
|
|
|
$result = ['success' => true, 'message' => 'Data Successfully Saved!', 'id' => $newId];
|
|
|
|
} else if(isset($_POST['delete']) && ($id != 1)) {
|
|
|
|
if($obj->delete($id)){
|
|
$result = ['success' => true, 'message' => 'Group Successfully Deleted!'];
|
|
}else{
|
|
$result = ['success' => false,'message' => 'Failed to delete group!'];
|
|
}
|
|
}
|
|
}
|
|
|
|
echo json_encode($result);
|
|
?>
|