| 1234567891011121314151617181920212223242526272829303132333435363738 |
- <?php
- class RemoveUserFromAccountAction implements IAction {
- public function execute() {
- if(!Authorize::isLoggedIn() || !Authorize::hasPermission()) {
- return array("error" => "Access not authorized");
- }
- $userId = $_POST['user_id'] ?? $_GET['user_id'] ?? "";
- $clientId = $_POST['client_id'] ?? $_GET['client_id'] ?? "";
-
- //TODO: scrub inputs
- if(empty($userId) || empty($clientId)) {
- return array("error" => "One or more required fields missing: user_id, client_id");
- }
-
- $db = SqliteDatabase::getSingleton();
- $sql = "DELETE FROM user_accounts WHERE user_id = :user_id AND account_id = :client_id LIMIT 1;";
- $preparedQuery = $db->prepare($sql);
- $preparedQuery->bindValue(':client_id', $clientId);
- $preparedQuery->bindValue(':user_id', $userId);
- try {
- $result = $preparedQuery->execute();
- $loggerData = array();
- $loggerData['admin_display_name'] = $_SESSION['display_name'];
- $loggerData['admin_user_id'] = $_SESSION['user_id'];
- $loggerData['user_removed'] = $userId;
- $loggerData['domain_removed'] = $clientId;
- SecurityLogger::action("remove-user-domain", $loggerData, time());
- return array("status" => "success");
- }
- catch(Exception $e) {
- return array("error" => "Error" , "exception" => $e->getMessage());
- }
- }
- }
|
