method, "list")) { $this->ListGroup(); } if (!strcasecmp($this->method, "get")) { $this->GetGroup(); } if (!strcasecmp($this->method, "get_dsm_group")) { $this->GetDSMGroup(); } if (!strcasecmp($this->method, "getmember")) { $this->GetGroupMember(); } if (!strcasecmp($this->method, "create")) { $this->CreateGroup(); } if (!strcasecmp($this->method, "delete")) { $this->DeleteGroup(); } if (!strcasecmp($this->method, "editmember")) { $this->EditMember(); } if (!strcasecmp($this->method, "edit")) { $this->EditGroup(); } } private function ListGroup() { $ret = false; $resp = array(); /* set params */ $offset = isset($_REQUEST['offset']) ? $_REQUEST['offset'] : 0; $limit = isset($_REQUEST['limit']) ? $_REQUEST['limit'] : 15; $search = isset($_REQUEST['query']) ? $_REQUEST['query'] : ''; $groups = $this->GetAllGroups($offset, $limit, $search); $resp['totalCount'] = $groups['totalCount']; $resp['groups'] = $groups['all_groups']; $this->SetResponse($resp); $ret = true; End: return $ret; } private function GetGroupPublicShareRight($gid) { $query = "SELECT * FROM " . SHARED_ALBUM_GROUP_PRIVILEGE_TABLE_NAME . " WHERE groupid = ?"; $sqlParam = array($gid); $db_result = PHOTO_DB_Query($query, $sqlParam); if (($row = PHOTO_DB_FetchRow($db_result))) { return 'on'; } else { return 'off'; } } private function UpdateGroupPublicShareRight($gid, $public_share) { if ($public_share === 'true') { $query = "INSERT INTO " . SHARED_ALBUM_GROUP_PRIVILEGE_TABLE_NAME . " VALUES (?)"; } else { $query = "DELETE FROM " . SHARED_ALBUM_GROUP_PRIVILEGE_TABLE_NAME . " WHERE groupid = (?)"; } $sqlParam = array($gid); $db_result = PHOTO_DB_Query($query, $sqlParam); } private function GetGroup() { $ret = false; $resp = array(); if (!isset($_REQUEST['id'])) { $this->SetError(PHOTOSTATION_PERMISSION_BAD_PARAMS); goto End; } if ($_SESSION[SYNOPHOTO_ADMIN_USER]['use_dsm_account']) { $this->SetError(PHOTOSTATION_PERMISSION_BAD_PARAMS); goto End; } /* set params */ $id = $_REQUEST['id']; $query = "SELECT * FROM photo_group WHERE groupid = ?"; $sqlParam = array($id); $db_result = PHOTO_DB_Query($query, $sqlParam); if (false === ($row = PHOTO_DB_FetchRow($db_result))) { $this->SetError(PHOTOSTATION_PERMISSION_BAD_PARAMS); goto End; } $resp['groupid'] = $row['groupid']; $resp['groupname'] = $row['groupname']; $resp['description'] = $row['description']; $resp['public_share'] = $this->GetGroupPublicShareRight($id); $this->SetResponse($resp); $ret = true; End: return $ret; } private function GetDSMGroup() { $ret = false; $resp = array(); if (!isset($_REQUEST['id'])) { $this->SetError(PHOTOSTATION_PERMISSION_BAD_PARAMS); goto End; } /* set params */ $id = $_REQUEST['id']; $resp['public_share'] = $this->GetGroupPublicShareRight($id); $this->SetResponse($resp); $ret = true; End: return $ret; } private function GetGroupMember() { $ret = false; $resp = array(); if (!isset($_REQUEST['id'])) { $this->SetError(PHOTOSTATION_PERMISSION_BAD_PARAMS); goto End; } if ($_SESSION[SYNOPHOTO_ADMIN_USER]['use_dsm_account']) { $this->SetError(PHOTOSTATION_PERMISSION_BAD_PARAMS); goto End; } /* set params */ $id = $_REQUEST['id']; $start = isset($_REQUEST['offset']) ? $_REQUEST['offset'] : 0; $limit = isset($_REQUEST['limit']) ? $_REQUEST['limit'] : 15; $limitOffsetString = PHOTO_DB_GetLimitOffsetString($limit, $start); $query = "SELECT A.userid, A.username, A.description, B.groupid FROM photo_user A LEFT JOIN photo_user_group B ON A.userid = B.userid AND B.groupid = ? $limitOffsetString"; $sqlParam = array($id); $db_result = PHOTO_DB_Query($query, $sqlParam); $resp['users'] = array(); while($row = PHOTO_DB_FetchRow($db_result)) { $item = array(); $item['id'] = $row['userid']; $item['username'] = $row['username']; $item['description'] = $row['description']; $item['add'] = $id == $row['groupid']; $resp['users'][] = $item; } $query = "SELECT count(*) FROM photo_user"; $db_result = PHOTO_DB_Query($query); $row = PHOTO_DB_FetchRow($db_result); $resp['totalCount'] = $row[0]; $this->SetResponse($resp); $ret = true; End: return $ret; } private function CreateGroup() { $ret = false; $resp = array(); if (!isset($_REQUEST['groupname'])) { $this->SetError(PHOTOSTATION_PERMISSION_BAD_PARAMS); goto End; } if ($_SESSION[SYNOPHOTO_ADMIN_USER]['use_dsm_account']) { $this->SetError(PHOTOSTATION_PERMISSION_BAD_PARAMS); goto End; } /* set params */ $groupname = $_REQUEST['groupname']; $description = isset($_REQUEST['description']) ? $_REQUEST['description'] : ''; $query = "SELECT MAX(groupid) FROM photo_group"; $db_result = PHOTO_DB_Query($query); $max_gid = PHOTO_DB_FetchRow($db_result); $new_gid = $max_gid[0] + 1; $query = "INSERT INTO photo_group (groupid, groupname, description) VALUES (?, ?, ?)"; $sqlParam = array($new_gid, $groupname, $description); PHOTO_DB_Query($query, $sqlParam); $this->UpdateGroupPublicShareRight($new_id, $_REQUEST['public_share']); $resp['id'] = $new_gid; $this->SetResponse($resp); $ret = true; End: return $ret; } private function EditMember() { $ret = false; $resp = array(); if (!isset($_REQUEST['id'])) { $this->SetError(PHOTOSTATION_PERMISSION_BAD_PARAMS); goto End; } if ($_SESSION[SYNOPHOTO_ADMIN_USER]['use_dsm_account']) { $this->SetError(PHOTOSTATION_PERMISSION_BAD_PARAMS); goto End; } /* set params */ $gid = $_REQUEST['id']; $addList = isset($_REQUEST['group_user_add']) ? $_REQUEST['group_user_add'] : ''; $deleteList = isset($_REQUEST['group_user_delete']) ? $_REQUEST['group_user_delete'] : ''; $this->DeleteUserFromGroup($gid, $deleteList); $this->AddUserToGroup($gid, $addList); $this->SetResponse($resp); $ret = true; End: return $ret; } private function DeleteUserFromGroup($gid, $users) { if ($gid == null || $gid == "" || $users == null || $users == "") { return; } $ids = explode(',', $users); foreach ($ids as $id) { if ('' === $id) { continue; } $query = "DELETE FROM photo_user_group WHERE userid = ? AND groupid = ?"; $sqlParam = array($id, $gid); $db_result = PHOTO_DB_Query($query, $sqlParam); } } private function AddUserToGroup($gid, $users) { if ($gid == null || $gid == "" || $users == null || $users == "") { return; } $ids = explode(',', $users); foreach ($ids as $id) { if ('' === $id) { continue; } $query = "SELECT MAX(id) FROM photo_user_group"; $db_result = PHOTO_DB_Query($query); $max_id = PHOTO_DB_FetchRow($db_result); $new_id = $max_id[0] + 1; $query = "INSERT INTO photo_user_group (id, userid, groupid) VALUES (?, ?, ?)"; $sqlParam = array($new_id, $id, $gid); $db_result = PHOTO_DB_Query($query, $sqlParam); } } private function EditGroup() { $ret = false; $resp = array(); if (!isset($_REQUEST['id'])) { $this->SetError(PHOTOSTATION_PERMISSION_BAD_PARAMS); goto End; } /* set params */ $id = $_REQUEST['id']; $description = isset($_REQUEST['description']) ? $_REQUEST['description'] : null; $this->UpdateGroupPublicShareRight($id, $_REQUEST['public_share']); if ($_SESSION[SYNOPHOTO_ADMIN_USER]['use_dsm_account']) { $this->SetResponse($resp); goto End; } if (isset($_REQUEST['description'])) { $query = "UPDATE photo_group set description = ? where groupid = ?"; $sqlParam = array($description, $id); $db_result = PHOTO_DB_Query($query, $sqlParam); } $this->SetResponse($resp); $ret = true; End: return $ret; } private function DeleteGroup() { $ret = false; $resp = array(); if (!isset($_REQUEST['id'])) { $this->SetError(PHOTOSTATION_PERMISSION_BAD_PARAMS); goto End; } /* set params */ $gid = $_REQUEST['id']; $query = "DELETE FROM photo_group WHERE groupid = ?"; $sqlParam = array($gid); PHOTO_DB_Query($query, $sqlParam); $this->SetResponse($resp); $ret = true; End: return $ret; } private function GetAllGroups($start, $limit, $search) { if ($_SESSION[SYNOPHOTO_ADMIN_USER]['use_dsm_account']) { return $this->GetAllDSMGroup($start, $limit, $search); } $i = 0; $limitOffsetString = PHOTO_DB_GetLimitOffsetString($limit, $start); $query = "SELECT * FROM photo_group WHERE groupname LIKE ? ORDER BY groupname ASC $limitOffsetString"; $db_result = PHOTO_DB_Query($query, array("%$search%")); $result = array('all_groups' => array()); while ($row = PHOTO_DB_FetchRow($db_result)) { $result['all_groups'][$i]['groupid'] = $row['groupid']; $result['all_groups'][$i]['groupname'] = $row['groupname']; $result['all_groups'][$i]['description'] = $row['description']; $i ++; } $query = "SELECT count(*) FROM photo_group WHERE groupname LIKE ?"; $db_result = PHOTO_DB_Query($query, array("%$search%")); $row = PHOTO_DB_FetchRow($db_result); $result['totalCount'] = $row[0]; return $result; } private function GetAllDSMGroup($start, $limit, $query = '') { $command = "/usr/syno/bin/synophoto_dsm_user --group " . escapeshellarg($query); @exec($command, $pListGroupCount, $retval); if (0 > $retval) { $result['totalCount'] = 0; return $result; } $result['totalCount'] = $pListGroupCount[0]; $command = "/usr/syno/bin/synophoto_dsm_user --group " . escapeshellarg($start) . " " . escapeshellarg($limit) . " ASC:" . escapeshellarg($query); @exec($command, $pListGroupName, $retval); if (0 !== $retval) { $result['totalCount'] = 0; return $result; } $i = 0; $result['all_groups'] = array(); foreach ($pListGroupName as $group_str) { $group_info = split(',', $group_str); $result['all_groups'][$i]['groupid'] = $group_info[0]; $result['all_groups'][$i]['groupname'] = $group_info[1]; $result['all_groups'][$i]['description'] = htmlspecialchars($group_info[2], ENT_QUOTES); $result['all_groups'][$i]['disable'] = 'true' === $group_info[3] ? 't' : 'f'; $i ++; } return $result; } } $api = new GroupAPI(); $api->Run();