Play images and video from Synology PhotoStation server

group.php 10KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407
  1. <?PHP
  2. require_once('group.inc.php');
  3. class GroupAPI extends WebAPI
  4. {
  5. function __construct()
  6. {
  7. parent::__construct(SZ_WEBAPI_API_DESCRIPTION_PATH);
  8. }
  9. protected function Process()
  10. {
  11. /* if not admin, returns directly */
  12. csSYNOPhotoMisc::CheckSessionTimeOut();
  13. if (!strcasecmp($this->method, "list")) {
  14. $this->ListGroup();
  15. }
  16. if (!strcasecmp($this->method, "get")) {
  17. $this->GetGroup();
  18. }
  19. if (!strcasecmp($this->method, "get_dsm_group")) {
  20. $this->GetDSMGroup();
  21. }
  22. if (!strcasecmp($this->method, "getmember")) {
  23. $this->GetGroupMember();
  24. }
  25. if (!strcasecmp($this->method, "create")) {
  26. $this->CreateGroup();
  27. }
  28. if (!strcasecmp($this->method, "delete")) {
  29. $this->DeleteGroup();
  30. }
  31. if (!strcasecmp($this->method, "editmember")) {
  32. $this->EditMember();
  33. }
  34. if (!strcasecmp($this->method, "edit")) {
  35. $this->EditGroup();
  36. }
  37. }
  38. private function ListGroup()
  39. {
  40. $ret = false;
  41. $resp = array();
  42. /* set params */
  43. $offset = isset($_REQUEST['offset']) ? $_REQUEST['offset'] : 0;
  44. $limit = isset($_REQUEST['limit']) ? $_REQUEST['limit'] : 15;
  45. $search = isset($_REQUEST['query']) ? $_REQUEST['query'] : '';
  46. $groups = $this->GetAllGroups($offset, $limit, $search);
  47. $resp['totalCount'] = $groups['totalCount'];
  48. $resp['groups'] = $groups['all_groups'];
  49. $this->SetResponse($resp);
  50. $ret = true;
  51. End:
  52. return $ret;
  53. }
  54. private function GetGroupPublicShareRight($gid)
  55. {
  56. $query = "SELECT * FROM " . SHARED_ALBUM_GROUP_PRIVILEGE_TABLE_NAME . " WHERE groupid = ?";
  57. $sqlParam = array($gid);
  58. $db_result = PHOTO_DB_Query($query, $sqlParam);
  59. if (($row = PHOTO_DB_FetchRow($db_result))) {
  60. return 'on';
  61. } else {
  62. return 'off';
  63. }
  64. }
  65. private function UpdateGroupPublicShareRight($gid, $public_share) {
  66. if ($public_share === 'true') {
  67. $query = "INSERT INTO " . SHARED_ALBUM_GROUP_PRIVILEGE_TABLE_NAME . " VALUES (?)";
  68. } else {
  69. $query = "DELETE FROM " . SHARED_ALBUM_GROUP_PRIVILEGE_TABLE_NAME . " WHERE groupid = (?)";
  70. }
  71. $sqlParam = array($gid);
  72. $db_result = PHOTO_DB_Query($query, $sqlParam);
  73. }
  74. private function GetGroup()
  75. {
  76. $ret = false;
  77. $resp = array();
  78. if (!isset($_REQUEST['id'])) {
  79. $this->SetError(PHOTOSTATION_PERMISSION_BAD_PARAMS);
  80. goto End;
  81. }
  82. if ($_SESSION[SYNOPHOTO_ADMIN_USER]['use_dsm_account']) {
  83. $this->SetError(PHOTOSTATION_PERMISSION_BAD_PARAMS);
  84. goto End;
  85. }
  86. /* set params */
  87. $id = $_REQUEST['id'];
  88. $query = "SELECT * FROM photo_group WHERE groupid = ?";
  89. $sqlParam = array($id);
  90. $db_result = PHOTO_DB_Query($query, $sqlParam);
  91. if (false === ($row = PHOTO_DB_FetchRow($db_result))) {
  92. $this->SetError(PHOTOSTATION_PERMISSION_BAD_PARAMS);
  93. goto End;
  94. }
  95. $resp['groupid'] = $row['groupid'];
  96. $resp['groupname'] = $row['groupname'];
  97. $resp['description'] = $row['description'];
  98. $resp['public_share'] = $this->GetGroupPublicShareRight($id);
  99. $this->SetResponse($resp);
  100. $ret = true;
  101. End:
  102. return $ret;
  103. }
  104. private function GetDSMGroup() {
  105. $ret = false;
  106. $resp = array();
  107. if (!isset($_REQUEST['id'])) {
  108. $this->SetError(PHOTOSTATION_PERMISSION_BAD_PARAMS);
  109. goto End;
  110. }
  111. /* set params */
  112. $id = $_REQUEST['id'];
  113. $resp['public_share'] = $this->GetGroupPublicShareRight($id);
  114. $this->SetResponse($resp);
  115. $ret = true;
  116. End:
  117. return $ret;
  118. }
  119. private function GetGroupMember()
  120. {
  121. $ret = false;
  122. $resp = array();
  123. if (!isset($_REQUEST['id'])) {
  124. $this->SetError(PHOTOSTATION_PERMISSION_BAD_PARAMS);
  125. goto End;
  126. }
  127. if ($_SESSION[SYNOPHOTO_ADMIN_USER]['use_dsm_account']) {
  128. $this->SetError(PHOTOSTATION_PERMISSION_BAD_PARAMS);
  129. goto End;
  130. }
  131. /* set params */
  132. $id = $_REQUEST['id'];
  133. $start = isset($_REQUEST['offset']) ? $_REQUEST['offset'] : 0;
  134. $limit = isset($_REQUEST['limit']) ? $_REQUEST['limit'] : 15;
  135. $limitOffsetString = PHOTO_DB_GetLimitOffsetString($limit, $start);
  136. $query = "SELECT A.userid, A.username, A.description, B.groupid FROM photo_user A LEFT JOIN photo_user_group B ON A.userid = B.userid AND B.groupid = ? $limitOffsetString";
  137. $sqlParam = array($id);
  138. $db_result = PHOTO_DB_Query($query, $sqlParam);
  139. $resp['users'] = array();
  140. while($row = PHOTO_DB_FetchRow($db_result)) {
  141. $item = array();
  142. $item['id'] = $row['userid'];
  143. $item['username'] = $row['username'];
  144. $item['description'] = $row['description'];
  145. $item['add'] = $id == $row['groupid'];
  146. $resp['users'][] = $item;
  147. }
  148. $query = "SELECT count(*) FROM photo_user";
  149. $db_result = PHOTO_DB_Query($query);
  150. $row = PHOTO_DB_FetchRow($db_result);
  151. $resp['totalCount'] = $row[0];
  152. $this->SetResponse($resp);
  153. $ret = true;
  154. End:
  155. return $ret;
  156. }
  157. private function CreateGroup()
  158. {
  159. $ret = false;
  160. $resp = array();
  161. if (!isset($_REQUEST['groupname'])) {
  162. $this->SetError(PHOTOSTATION_PERMISSION_BAD_PARAMS);
  163. goto End;
  164. }
  165. if ($_SESSION[SYNOPHOTO_ADMIN_USER]['use_dsm_account']) {
  166. $this->SetError(PHOTOSTATION_PERMISSION_BAD_PARAMS);
  167. goto End;
  168. }
  169. /* set params */
  170. $groupname = $_REQUEST['groupname'];
  171. $description = isset($_REQUEST['description']) ? $_REQUEST['description'] : '';
  172. $query = "SELECT MAX(groupid) FROM photo_group";
  173. $db_result = PHOTO_DB_Query($query);
  174. $max_gid = PHOTO_DB_FetchRow($db_result);
  175. $new_gid = $max_gid[0] + 1;
  176. $query = "INSERT INTO photo_group (groupid, groupname, description) VALUES (?, ?, ?)";
  177. $sqlParam = array($new_gid, $groupname, $description);
  178. PHOTO_DB_Query($query, $sqlParam);
  179. $this->UpdateGroupPublicShareRight($new_id, $_REQUEST['public_share']);
  180. $resp['id'] = $new_gid;
  181. $this->SetResponse($resp);
  182. $ret = true;
  183. End:
  184. return $ret;
  185. }
  186. private function EditMember()
  187. {
  188. $ret = false;
  189. $resp = array();
  190. if (!isset($_REQUEST['id'])) {
  191. $this->SetError(PHOTOSTATION_PERMISSION_BAD_PARAMS);
  192. goto End;
  193. }
  194. if ($_SESSION[SYNOPHOTO_ADMIN_USER]['use_dsm_account']) {
  195. $this->SetError(PHOTOSTATION_PERMISSION_BAD_PARAMS);
  196. goto End;
  197. }
  198. /* set params */
  199. $gid = $_REQUEST['id'];
  200. $addList = isset($_REQUEST['group_user_add']) ? $_REQUEST['group_user_add'] : '';
  201. $deleteList = isset($_REQUEST['group_user_delete']) ? $_REQUEST['group_user_delete'] : '';
  202. $this->DeleteUserFromGroup($gid, $deleteList);
  203. $this->AddUserToGroup($gid, $addList);
  204. $this->SetResponse($resp);
  205. $ret = true;
  206. End:
  207. return $ret;
  208. }
  209. private function DeleteUserFromGroup($gid, $users)
  210. {
  211. if ($gid == null || $gid == "" || $users == null || $users == "") {
  212. return;
  213. }
  214. $ids = explode(',', $users);
  215. foreach ($ids as $id) {
  216. if ('' === $id) {
  217. continue;
  218. }
  219. $query = "DELETE FROM photo_user_group WHERE userid = ? AND groupid = ?";
  220. $sqlParam = array($id, $gid);
  221. $db_result = PHOTO_DB_Query($query, $sqlParam);
  222. }
  223. }
  224. private function AddUserToGroup($gid, $users)
  225. {
  226. if ($gid == null || $gid == "" || $users == null || $users == "") {
  227. return;
  228. }
  229. $ids = explode(',', $users);
  230. foreach ($ids as $id) {
  231. if ('' === $id) {
  232. continue;
  233. }
  234. $query = "SELECT MAX(id) FROM photo_user_group";
  235. $db_result = PHOTO_DB_Query($query);
  236. $max_id = PHOTO_DB_FetchRow($db_result);
  237. $new_id = $max_id[0] + 1;
  238. $query = "INSERT INTO photo_user_group (id, userid, groupid) VALUES (?, ?, ?)";
  239. $sqlParam = array($new_id, $id, $gid);
  240. $db_result = PHOTO_DB_Query($query, $sqlParam);
  241. }
  242. }
  243. private function EditGroup()
  244. {
  245. $ret = false;
  246. $resp = array();
  247. if (!isset($_REQUEST['id'])) {
  248. $this->SetError(PHOTOSTATION_PERMISSION_BAD_PARAMS);
  249. goto End;
  250. }
  251. /* set params */
  252. $id = $_REQUEST['id'];
  253. $description = isset($_REQUEST['description']) ? $_REQUEST['description'] : null;
  254. $this->UpdateGroupPublicShareRight($id, $_REQUEST['public_share']);
  255. if ($_SESSION[SYNOPHOTO_ADMIN_USER]['use_dsm_account']) {
  256. $this->SetResponse($resp);
  257. goto End;
  258. }
  259. if (isset($_REQUEST['description'])) {
  260. $query = "UPDATE photo_group set description = ? where groupid = ?";
  261. $sqlParam = array($description, $id);
  262. $db_result = PHOTO_DB_Query($query, $sqlParam);
  263. }
  264. $this->SetResponse($resp);
  265. $ret = true;
  266. End:
  267. return $ret;
  268. }
  269. private function DeleteGroup() {
  270. $ret = false;
  271. $resp = array();
  272. if (!isset($_REQUEST['id'])) {
  273. $this->SetError(PHOTOSTATION_PERMISSION_BAD_PARAMS);
  274. goto End;
  275. }
  276. /* set params */
  277. $gid = $_REQUEST['id'];
  278. $query = "DELETE FROM photo_group WHERE groupid = ?";
  279. $sqlParam = array($gid);
  280. PHOTO_DB_Query($query, $sqlParam);
  281. $this->SetResponse($resp);
  282. $ret = true;
  283. End:
  284. return $ret;
  285. }
  286. private function GetAllGroups($start, $limit, $search)
  287. {
  288. if ($_SESSION[SYNOPHOTO_ADMIN_USER]['use_dsm_account']) {
  289. return $this->GetAllDSMGroup($start, $limit, $search);
  290. }
  291. $i = 0;
  292. $limitOffsetString = PHOTO_DB_GetLimitOffsetString($limit, $start);
  293. $query = "SELECT * FROM photo_group WHERE groupname LIKE ? ORDER BY groupname ASC $limitOffsetString";
  294. $db_result = PHOTO_DB_Query($query, array("%$search%"));
  295. $result = array('all_groups' => array());
  296. while ($row = PHOTO_DB_FetchRow($db_result)) {
  297. $result['all_groups'][$i]['groupid'] = $row['groupid'];
  298. $result['all_groups'][$i]['groupname'] = $row['groupname'];
  299. $result['all_groups'][$i]['description'] = $row['description'];
  300. $i ++;
  301. }
  302. $query = "SELECT count(*) FROM photo_group WHERE groupname LIKE ?";
  303. $db_result = PHOTO_DB_Query($query, array("%$search%"));
  304. $row = PHOTO_DB_FetchRow($db_result);
  305. $result['totalCount'] = $row[0];
  306. return $result;
  307. }
  308. private function GetAllDSMGroup($start, $limit, $query = '')
  309. {
  310. $command = "/usr/syno/bin/synophoto_dsm_user --group " . escapeshellarg($query);
  311. @exec($command, $pListGroupCount, $retval);
  312. if (0 > $retval) {
  313. $result['totalCount'] = 0;
  314. return $result;
  315. }
  316. $result['totalCount'] = $pListGroupCount[0];
  317. $command = "/usr/syno/bin/synophoto_dsm_user --group " . escapeshellarg($start) . " " . escapeshellarg($limit) . " ASC:" . escapeshellarg($query);
  318. @exec($command, $pListGroupName, $retval);
  319. if (0 !== $retval) {
  320. $result['totalCount'] = 0;
  321. return $result;
  322. }
  323. $i = 0;
  324. $result['all_groups'] = array();
  325. foreach ($pListGroupName as $group_str) {
  326. $group_info = split(',', $group_str);
  327. $result['all_groups'][$i]['groupid'] = $group_info[0];
  328. $result['all_groups'][$i]['groupname'] = $group_info[1];
  329. $result['all_groups'][$i]['description'] = htmlspecialchars($group_info[2], ENT_QUOTES);
  330. $result['all_groups'][$i]['disable'] = 'true' === $group_info[3] ? 't' : 'f';
  331. $i ++;
  332. }
  333. return $result;
  334. }
  335. }
  336. $api = new GroupAPI();
  337. $api->Run();