engelsystem/includes/pages/admin_groups.php

91 lines
4.0 KiB
PHP
Raw Normal View History

2011-06-02 22:40:08 +02:00
<?php
2013-11-25 21:04:58 +01:00
function admin_groups_title() {
return _("Grouprights");
}
2011-06-02 22:40:08 +02:00
function admin_groups() {
2012-12-26 14:02:27 +01:00
$html = "";
$groups = sql_select("SELECT * FROM `Groups` ORDER BY `Name`");
2014-08-23 19:15:10 +02:00
if (! isset($_REQUEST["action"])) {
$groups_table = array();
2012-12-26 14:02:27 +01:00
foreach ($groups as $group) {
2014-12-28 13:44:56 +01:00
$privileges = sql_select("SELECT * FROM `GroupPrivileges` JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `group_id`='" . sql_escape($group['UID']) . "'");
2014-08-23 19:15:10 +02:00
$privileges_html = array();
2012-12-26 14:02:27 +01:00
foreach ($privileges as $priv)
$privileges_html[] = $priv['name'];
2014-08-23 19:15:10 +02:00
$groups_table[] = array(
'name' => $group['Name'],
'privileges' => join(', ', $privileges_html),
'actions' => button(page_link_to('admin_groups') . '&action=edit&id=' . $group['UID'], _("edit"), 'btn-xs')
2012-12-26 14:02:27 +01:00
);
}
2014-08-23 19:15:10 +02:00
return page_with_title(admin_groups_title(), array(
table(array(
'name' => _("Name"),
'privileges' => _("Privileges"),
'actions' => ''
), $groups_table)
2012-12-26 14:02:27 +01:00
));
} else {
switch ($_REQUEST["action"]) {
2014-08-23 19:15:10 +02:00
case 'edit':
if (isset($_REQUEST['id']) && preg_match("/^-[0-9]{1,11}$/", $_REQUEST['id']))
2012-12-26 14:02:27 +01:00
$id = $_REQUEST['id'];
else
return error("Incomplete call, missing Groups ID.", true);
2014-08-23 19:15:10 +02:00
2014-12-28 13:44:56 +01:00
$room = sql_select("SELECT * FROM `Groups` WHERE `UID`='" . sql_escape($id) . "' LIMIT 1");
2012-12-26 14:02:27 +01:00
if (count($room) > 0) {
2014-08-23 19:15:10 +02:00
list($room) = $room;
2014-12-28 13:44:56 +01:00
$privileges = sql_select("SELECT `Privileges`.*, `GroupPrivileges`.`group_id` FROM `Privileges` LEFT OUTER JOIN `GroupPrivileges` ON (`Privileges`.`id` = `GroupPrivileges`.`privilege_id` AND `GroupPrivileges`.`group_id`='" . sql_escape($id) . "') ORDER BY `Privileges`.`name`");
2012-12-26 14:02:27 +01:00
$privileges_html = "";
2014-08-23 19:15:10 +02:00
$privileges_form = array();
foreach ($privileges as $priv) {
$privileges_form[] = form_checkbox('privileges[]', $priv['desc'] . ' (' . $priv['name'] . ')', $priv['group_id'] != "", $priv['id']);
$privileges_html .= sprintf('<tr><td><input type="checkbox" ' . 'name="privileges[]" value="%s" %s />' . '</td> <td>%s</td> <td>%s</td></tr>', $priv['id'], ($priv['group_id'] != "" ? 'checked="checked"' : ''), $priv['name'], $priv['desc']);
}
$privileges_form[] = form_submit('submit', _("Save"));
$html .= page_with_title(_("Edit group"), array(
form($privileges_form, page_link_to('admin_groups') . '&action=save&id=' . $id)
2012-12-26 14:02:27 +01:00
));
} else
return error("No Group found.", true);
break;
2014-08-23 19:15:10 +02:00
case 'save':
if (isset($_REQUEST['id']) && preg_match("/^-[0-9]{1,11}$/", $_REQUEST['id']))
2012-12-26 14:02:27 +01:00
$id = $_REQUEST['id'];
else
return error("Incomplete call, missing Groups ID.", true);
2014-08-23 19:15:10 +02:00
2014-12-28 13:44:56 +01:00
$room = sql_select("SELECT * FROM `Groups` WHERE `UID`='" . sql_escape($id) . "' LIMIT 1");
2014-08-23 19:15:10 +02:00
if (! is_array($_REQUEST['privileges']))
$_REQUEST['privileges'] = array();
2012-12-26 14:02:27 +01:00
if (count($room) > 0) {
2014-08-23 19:15:10 +02:00
list($room) = $room;
2014-12-28 13:44:56 +01:00
sql_query("DELETE FROM `GroupPrivileges` WHERE `group_id`='" . sql_escape($id) . "'");
2012-12-26 14:02:27 +01:00
$privilege_names = array();
foreach ($_REQUEST['privileges'] as $priv) {
if (preg_match("/^[0-9]{1,}$/", $priv)) {
2014-12-28 13:44:56 +01:00
$group_privileges_source = sql_select("SELECT * FROM `Privileges` WHERE `id`='" . sql_escape($priv) . "' LIMIT 1");
2014-08-23 19:15:10 +02:00
if (count($group_privileges_source) > 0) {
2014-12-28 13:44:56 +01:00
sql_query("INSERT INTO `GroupPrivileges` SET `group_id`='" . sql_escape($id) . "', `privilege_id`='" . sql_escape($priv) . "'");
2012-12-26 14:02:27 +01:00
$privilege_names[] = $group_privileges_source[0]['name'];
}
}
}
engelsystem_log("Group privileges of group " . $room['Name'] . " edited: " . join(", ", $privilege_names));
2012-12-30 18:27:45 +01:00
redirect(page_link_to("admin_groups"));
2012-12-26 14:02:27 +01:00
} else
return error("No Group found.", true);
break;
}
}
return $html;
2011-06-02 22:40:08 +02:00
}
?>