2011-06-02 22:40:08 +02:00
< ? php
function admin_groups () {
2012-12-26 14:02:27 +01:00
global $user ;
2011-06-02 22:40:08 +02:00
2012-12-26 14:02:27 +01:00
$html = " " ;
$groups = sql_select ( " SELECT * FROM `Groups` ORDER BY `Name` " );
if ( ! isset ( $_REQUEST [ " action " ])) {
$groups_html = " " ;
foreach ( $groups as $group ) {
$groups_html .= sprintf (
'<tr><td>%s</td>' ,
$group [ 'Name' ]
);
$privileges = sql_select ( " SELECT * FROM `GroupPrivileges` JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `group_id`= " . sql_escape ( $group [ 'UID' ]));
$privileges_html = array ();
2011-06-03 11:17:09 +02:00
2012-12-26 14:02:27 +01:00
foreach ( $privileges as $priv )
$privileges_html [] = $priv [ 'name' ];
2011-06-03 11:17:09 +02:00
2012-12-26 14:02:27 +01:00
$groups_html .= sprintf (
'<td>%s</td>'
. '<td><a href="%s&action=edit&id=%s">Ändern</a></td>' ,
join ( ', ' , $privileges_html ),
page_link_to ( " admin_groups " ),
$group [ 'UID' ]
);
}
2011-06-02 22:40:08 +02:00
2012-12-26 14:02:27 +01:00
return template_render ( '../templates/admin_groups.html' , array (
2012-12-30 17:58:23 +01:00
'nick' => User_Nick_render ( $user ),
2012-12-26 14:02:27 +01:00
'groups' => $groups_html
));
} else {
switch ( $_REQUEST [ " action " ]) {
case 'edit' :
if ( isset ( $_REQUEST [ 'id' ]) && preg_match ( " /^-[0-9] { 1,11} $ / " , $_REQUEST [ 'id' ]))
$id = $_REQUEST [ 'id' ];
else
return error ( " Incomplete call, missing Groups ID. " , true );
2011-06-02 22:40:08 +02:00
2012-12-26 14:02:27 +01:00
$room = sql_select ( " SELECT * FROM `Groups` WHERE `UID`= " . sql_escape ( $id ) . " LIMIT 1 " );
if ( count ( $room ) > 0 ) {
list ( $room ) = $room ;
$privileges = sql_select ( " SELECT `Privileges`.*, `GroupPrivileges`.`group_id` FROM `Privileges` LEFT OUTER JOIN `GroupPrivileges` ON (`Privileges`.`id` = `GroupPrivileges`.`privilege_id` AND `GroupPrivileges`.`group_id`= " . sql_escape ( $id ) . " ) ORDER BY `Privileges`.`name` " );
$privileges_html = " " ;
foreach ( $privileges as $priv )
$privileges_html .= sprintf (
'<tr><td><input type="checkbox" '
. 'name="privileges[]" value="%s" %s />'
. '</td> <td>%s</td> <td>%s</td></tr>' ,
$priv [ 'id' ],
( $priv [ 'group_id' ] != " "
? 'checked="checked"'
: '' ),
$priv [ 'name' ],
$priv [ 'desc' ]
);
2011-06-02 22:40:08 +02:00
2012-12-26 14:02:27 +01:00
$html .= template_render ( '../templates/admin_groups_edit_form.html' , array (
'link' => page_link_to ( " admin_groups " ),
'id' => $id ,
'privileges' => $privileges_html
));
} else
return error ( " No Group found. " , true );
break ;
2011-06-02 22:40:08 +02:00
2012-12-26 14:02:27 +01:00
case 'save' :
if ( isset ( $_REQUEST [ 'id' ]) && preg_match ( " /^-[0-9] { 1,11} $ / " , $_REQUEST [ 'id' ]))
$id = $_REQUEST [ 'id' ];
else
return error ( " Incomplete call, missing Groups ID. " , true );
2011-06-02 22:40:08 +02:00
2012-12-26 14:02:27 +01:00
$room = sql_select ( " SELECT * FROM `Groups` WHERE `UID`= " . sql_escape ( $id ) . " LIMIT 1 " );
if ( ! is_array ( $_REQUEST [ 'privileges' ]))
$_REQUEST [ 'privileges' ] = array ();
if ( count ( $room ) > 0 ) {
list ( $room ) = $room ;
sql_query ( " DELETE FROM `GroupPrivileges` WHERE `group_id`= " . sql_escape ( $id ));
$privilege_names = array ();
foreach ( $_REQUEST [ 'privileges' ] as $priv ) {
if ( preg_match ( " /^[0-9] { 1,} $ / " , $priv )) {
$group_privileges_source = sql_select ( " SELECT * FROM `Privileges` WHERE `id`= " . sql_escape ( $priv ) . " LIMIT 1 " );
if ( count ( $group_privileges_source ) > 0 ) {
sql_query ( " INSERT INTO `GroupPrivileges` SET `group_id`= " . sql_escape ( $id ) . " , `privilege_id`= " . sql_escape ( $priv ));
$privilege_names [] = $group_privileges_source [ 0 ][ 'name' ];
}
}
}
engelsystem_log ( " Group privileges of group " . $room [ 'Name' ] . " edited: " . join ( " , " , $privilege_names ));
2012-12-30 18:27:45 +01:00
redirect ( page_link_to ( " admin_groups " ));
2012-12-26 14:02:27 +01:00
} else
return error ( " No Group found. " , true );
break ;
}
}
return $html ;
2011-06-02 22:40:08 +02:00
}
?>