2011-06-02 22:40:08 +02:00
< ? php
2016-09-29 10:53:17 +02:00
2013-11-25 21:04:58 +01:00
function admin_groups_title () {
return _ ( " Grouprights " );
}
2011-06-02 22:40:08 +02:00
function admin_groups () {
2012-12-26 14:02:27 +01:00
$html = " " ;
$groups = sql_select ( " SELECT * FROM `Groups` ORDER BY `Name` " );
2014-08-23 19:15:10 +02:00
if ( ! isset ( $_REQUEST [ " action " ])) {
$groups_table = array ();
2012-12-26 14:02:27 +01:00
foreach ( $groups as $group ) {
2014-12-28 13:44:56 +01:00
$privileges = sql_select ( " SELECT * FROM `GroupPrivileges` JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `group_id`=' " . sql_escape ( $group [ 'UID' ]) . " ' " );
2014-08-23 19:15:10 +02:00
$privileges_html = array ();
2016-09-29 10:53:17 +02:00
foreach ( $privileges as $priv ) {
2012-12-26 14:02:27 +01:00
$privileges_html [] = $priv [ 'name' ];
2016-09-29 10:53:17 +02:00
}
2014-08-23 19:15:10 +02:00
2016-09-29 10:53:17 +02:00
$groups_table [] = [
2014-08-23 19:15:10 +02:00
'name' => $group [ 'Name' ],
'privileges' => join ( ', ' , $privileges_html ),
'actions' => button ( page_link_to ( 'admin_groups' ) . '&action=edit&id=' . $group [ 'UID' ], _ ( " edit " ), 'btn-xs' )
2016-09-29 10:53:17 +02:00
];
2012-12-26 14:02:27 +01:00
}
2014-08-23 19:15:10 +02:00
2016-09-29 10:53:17 +02:00
return page_with_title ( admin_groups_title (), [
table ([
2014-08-23 19:15:10 +02:00
'name' => _ ( " Name " ),
'privileges' => _ ( " Privileges " ),
'actions' => ''
2016-09-29 10:53:17 +02:00
], $groups_table )
]);
2012-12-26 14:02:27 +01:00
} else {
switch ( $_REQUEST [ " action " ]) {
2014-08-23 19:15:10 +02:00
case 'edit' :
2016-09-29 10:53:17 +02:00
if ( isset ( $_REQUEST [ 'id' ]) && preg_match ( " /^-[0-9] { 1,11} $ / " , $_REQUEST [ 'id' ])) {
2012-12-26 14:02:27 +01:00
$id = $_REQUEST [ 'id' ];
2016-09-29 10:53:17 +02:00
} else {
2012-12-26 14:02:27 +01:00
return error ( " Incomplete call, missing Groups ID. " , true );
2016-09-29 10:53:17 +02:00
}
2014-08-23 19:15:10 +02:00
2014-12-28 13:44:56 +01:00
$room = sql_select ( " SELECT * FROM `Groups` WHERE `UID`=' " . sql_escape ( $id ) . " ' LIMIT 1 " );
2012-12-26 14:02:27 +01:00
if ( count ( $room ) > 0 ) {
2014-08-23 19:15:10 +02:00
list ( $room ) = $room ;
2014-12-28 13:44:56 +01:00
$privileges = sql_select ( " SELECT `Privileges`.*, `GroupPrivileges`.`group_id` FROM `Privileges` LEFT OUTER JOIN `GroupPrivileges` ON (`Privileges`.`id` = `GroupPrivileges`.`privilege_id` AND `GroupPrivileges`.`group_id`=' " . sql_escape ( $id ) . " ') ORDER BY `Privileges`.`name` " );
2012-12-26 14:02:27 +01:00
$privileges_html = " " ;
2016-09-29 10:53:17 +02:00
$privileges_form = [];
2014-08-23 19:15:10 +02:00
foreach ( $privileges as $priv ) {
$privileges_form [] = form_checkbox ( 'privileges[]' , $priv [ 'desc' ] . ' (' . $priv [ 'name' ] . ')' , $priv [ 'group_id' ] != " " , $priv [ 'id' ]);
$privileges_html .= sprintf ( '<tr><td><input type="checkbox" ' . 'name="privileges[]" value="%s" %s />' . '</td> <td>%s</td> <td>%s</td></tr>' , $priv [ 'id' ], ( $priv [ 'group_id' ] != " " ? 'checked="checked"' : '' ), $priv [ 'name' ], $priv [ 'desc' ]);
}
$privileges_form [] = form_submit ( 'submit' , _ ( " Save " ));
2016-09-29 10:53:17 +02:00
$html .= page_with_title ( _ ( " Edit group " ), [
2014-08-23 19:15:10 +02:00
form ( $privileges_form , page_link_to ( 'admin_groups' ) . '&action=save&id=' . $id )
2016-09-29 10:53:17 +02:00
]);
} else {
2012-12-26 14:02:27 +01:00
return error ( " No Group found. " , true );
2016-09-29 10:53:17 +02:00
}
2012-12-26 14:02:27 +01:00
break ;
2014-08-23 19:15:10 +02:00
case 'save' :
2016-09-29 10:53:17 +02:00
if ( isset ( $_REQUEST [ 'id' ]) && preg_match ( " /^-[0-9] { 1,11} $ / " , $_REQUEST [ 'id' ])) {
2012-12-26 14:02:27 +01:00
$id = $_REQUEST [ 'id' ];
2016-09-29 10:53:17 +02:00
} else {
2012-12-26 14:02:27 +01:00
return error ( " Incomplete call, missing Groups ID. " , true );
2016-09-29 10:53:17 +02:00
}
2014-08-23 19:15:10 +02:00
2014-12-28 13:44:56 +01:00
$room = sql_select ( " SELECT * FROM `Groups` WHERE `UID`=' " . sql_escape ( $id ) . " ' LIMIT 1 " );
2016-09-29 10:53:17 +02:00
if ( ! is_array ( $_REQUEST [ 'privileges' ])) {
$_REQUEST [ 'privileges' ] = [];
}
2012-12-26 14:02:27 +01:00
if ( count ( $room ) > 0 ) {
2014-08-23 19:15:10 +02:00
list ( $room ) = $room ;
2014-12-28 13:44:56 +01:00
sql_query ( " DELETE FROM `GroupPrivileges` WHERE `group_id`=' " . sql_escape ( $id ) . " ' " );
2016-09-29 10:53:17 +02:00
$privilege_names = [];
2012-12-26 14:02:27 +01:00
foreach ( $_REQUEST [ 'privileges' ] as $priv ) {
if ( preg_match ( " /^[0-9] { 1,} $ / " , $priv )) {
2014-12-28 13:44:56 +01:00
$group_privileges_source = sql_select ( " SELECT * FROM `Privileges` WHERE `id`=' " . sql_escape ( $priv ) . " ' LIMIT 1 " );
2014-08-23 19:15:10 +02:00
if ( count ( $group_privileges_source ) > 0 ) {
2014-12-28 13:44:56 +01:00
sql_query ( " INSERT INTO `GroupPrivileges` SET `group_id`=' " . sql_escape ( $id ) . " ', `privilege_id`=' " . sql_escape ( $priv ) . " ' " );
2012-12-26 14:02:27 +01:00
$privilege_names [] = $group_privileges_source [ 0 ][ 'name' ];
}
}
}
engelsystem_log ( " Group privileges of group " . $room [ 'Name' ] . " edited: " . join ( " , " , $privilege_names ));
2012-12-30 18:27:45 +01:00
redirect ( page_link_to ( " admin_groups " ));
2016-09-29 10:53:17 +02:00
} else {
2012-12-26 14:02:27 +01:00
return error ( " No Group found. " , true );
2016-09-29 10:53:17 +02:00
}
2012-12-26 14:02:27 +01:00
break ;
}
}
return $html ;
2011-06-02 22:40:08 +02:00
}
?>