API filter per user level

2017-02-01 11:38:43 +01:00
parent 028c2373c1
commit e414a1633e
18 changed files with 309 additions and 268 deletions
--- a/website/public/API/postPost.php
+++ b/website/public/API/postPost.php
@@ -6,49 +6,43 @@ require_once("../../queries/post.php");
 require_once("../../queries/group_page.php");
 require_once("../../queries/connect.php");
 require_once("../../queries/checkInput.php");
+require_once("../../queries/user.php");

-if (empty($_POST["title"]) or
-    empty($_POST["content"]) or
-    empty($_SESSION["userID"])) {
-    header('HTTP/1.1 500 Non enough arguments');
-}
+if (isset($_SESSION["userID"]) &&
+    getRoleByID($_SESSION["userID"]) != 'frozen' &&
+    getRoleByID($_SESSION["userID"]) != 'banned') {

-if (empty($_POST["group"])) {
-    // User Post
-    makePost(
-        $_SESSION["userID"],
-        null,
-        test_input($_POST["title"]),
-        test_input($_POST["content"])
-        );
-} else {
-    // Group Post
-
-    // Check if the user is an admin or mod of the group.
-    if(!in_array(selectGroupRole($_POST["group"]), array('mod', 'admin'))) {
-        header('HTTP/1.1 500 Non enough rights');
-        return;
+    if (empty($_POST["title"]) or
+        empty($_POST["content"]) or
+        empty($_SESSION["userID"])
+    ) {
+        header('HTTP/1.1 500 Non enough arguments');
    }

-    makePost(
-        $_SESSION["userID"],
-        $_POST["group"],
-        test_input($_POST["title"]),
-        test_input($_POST["content"])
-    );
-}
+    if (empty($_POST["group"])) {
+        // User Post
+        makePost(
+            $_SESSION["userID"],
+            null,
+            test_input($_POST["title"]),
+            test_input($_POST["content"])
+        );
+    } else {
+        // Group Post

+        // Check if the user is an admin or mod of the group.
+        if (!in_array(selectGroupRole($_POST["group"]), array('mod', 'admin'))) {
+            header('HTTP/1.1 500 Non enough rights');
+            return;
+        }

-
-
-
-
-//if (empty($_POST['newpost-title'])) {
-//} else {
-//    makePost($_SESSION['userID'],
-//             null,
-//             test_input($_POST['newpost-title']),
-//             test_input($_POST['newpost-content']));
-//}
-//
-//header("Location: ../profile.php");
+        makePost(
+            $_SESSION["userID"],
+            $_POST["group"],
+            test_input($_POST["title"]),
+            test_input($_POST["content"])
+        );
+    }
+} else {
+    echo "frozen";
+}