To receive notifications about scheduled maintenance, please subscribe to the mailing-list gitlab-operations@sympa.ethz.ch. You can subscribe to the mailing-list at https://sympa.ethz.ch

Commit ba80497e authored by Reto Da Forno's avatar Reto Da Forno

API updated: list of observers now depends on the user role

parent 25a2648c
<?php include_once('include/presets.php');?>
<?php
if (isset($_POST['q'])) {
$status = array('online');
$userrole = get_user_role($_POST['username']);
if ($userrole == 'internal') {
$status[] = 'internal';
}
if ($userrole == 'admin') {
$status[] = 'develop';
$status[] = 'internal';
}
$status = "('" .join("', '", $status) ."')";
if ($_POST['q'] == 'obs') {
// return a list of the currently available observers
$db = db_connect();
......@@ -17,7 +28,7 @@
LEFT JOIN `flocklab`.`tbl_serv_tg_adapt_types` AS slot3 ON c.tg_adapt_types_fk = slot3.serv_tg_adapt_types_key
LEFT JOIN `flocklab`.`tbl_serv_tg_adapt_list` AS d ON obs.slot_4_tg_adapt_list_fk = d.serv_tg_adapt_list_key
LEFT JOIN `flocklab`.`tbl_serv_tg_adapt_types` AS slot4 ON d.tg_adapt_types_fk = slot4.serv_tg_adapt_types_key
WHERE obs.status='online'
WHERE obs.status IN $status
ORDER BY obs.observer_id;";
$res = mysqli_query($db, $sql);
if (!$res) {
......@@ -51,7 +62,7 @@
LEFT JOIN `flocklab`.`tbl_serv_tg_adapt_types` AS slot3 ON c.tg_adapt_types_fk = slot3.serv_tg_adapt_types_key
LEFT JOIN `flocklab`.`tbl_serv_tg_adapt_list` AS d ON obs.slot_4_tg_adapt_list_fk = d.serv_tg_adapt_list_key
LEFT JOIN `flocklab`.`tbl_serv_tg_adapt_types` AS slot4 ON d.tg_adapt_types_fk = slot4.serv_tg_adapt_types_key
WHERE obs.status='online'
WHERE obs.status IN $status
ORDER BY obs.observer_id;";
$res = mysqli_query($db, $sql);
if (!$res) {
......
......@@ -223,6 +223,26 @@ function get_admin_emails() {
return $admins;
}
/*
##############################################################################
#
# get_user_role
#
# Get the role (access rights) of a user
#
##############################################################################
*/
function get_user_role($username) {
$db = db_connect();
$sql = "SELECT role FROM tbl_serv_users WHERE username = '" . mysqli_real_escape_string($db, $username) . "'";
$rs = mysqli_query($db, $sql) or flocklab_die('Cannot authenticate because: ' . mysqli_error($db));
$rows = mysqli_fetch_array($rs);
if ($rows) {
return $rows['role'];
}
return 'user'; /* default */
}
/*
##############################################################################
#
......
......@@ -333,7 +333,7 @@
<xs:simpleType name="obsIdType">
<xs:restriction base="xs:integer">
<xs:pattern value="001|002|003|004|006|007|008|010|011|013|014|015|016|017|018|019|020|022|023|024|025|026|027|028|029|031|032|033|300|301|302|303"/>
<xs:pattern value="1|2|3|4|6|7|8|10|11|13|14|15|16|17|18|19|20|22|23|24|25|26|27|28|29|31|32|33|001|002|003|004|006|007|008|010|011|013|014|015|016|017|018|019|020|022|023|024|025|026|027|028|029|031|032|033|300|301|302|303"/>
</xs:restriction>
</xs:simpleType>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment