-
Notifications
You must be signed in to change notification settings - Fork 0
/
pageEditMemberPermissions.php
224 lines (200 loc) · 7.84 KB
/
pageEditMemberPermissions.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
<?php
$currDir = dirname(__FILE__);
require("{$currDir}/incCommon.php");
// tables list
$tables = getTableList();
// ensure that a memberID is provided
if(!isset($_REQUEST['memberID'])){
// error in request. redirect to members page.
redirect('admin/pageViewMembers.php');
}
$memberID = new Request('memberID', 'strtolower');
// validate memberID exists and is not guest and is not admin
$anonymousMember = strtolower($adminConfig['anonymousMember']);
$anonymousGroup = $adminConfig['anonymousGroup'];
$anonGroupID = sqlValue("select groupID from membership_groups where lcase(name)='" . strtolower(makeSafe($anonymousGroup)) . "'");
$adminGroupID = sqlValue("select groupID from membership_groups where name='Admins'");
$groupID = sqlValue("select groupID from membership_users where lcase(memberID)='{$memberID->sql}'");
$group = sqlValue("select name from membership_groups where groupID='{$groupID}'");
if($groupID == $anonGroupID || $memberID->raw == $anonymousMember || !$groupID || $groupID == $adminGroupID || $memberID->raw == $adminConfig['adminUsername']){
// error in request. redirect to members page.
redirect('admin/pageViewMembers.php');
}
// request to save changes?
if(isset($_POST['saveChanges'])){
// validate data
foreach ($tables as $t => $tc){
eval("
\${$t}_insert = checkPermissionVal('{$t}_insert');
\${$t}_view = checkPermissionVal('{$t}_view');
\${$t}_edit = checkPermissionVal('{$t}_edit');
\${$t}_delete = checkPermissionVal('{$t}_delete');
");
}
// reset then add member permissions
sql("delete from membership_userpermissions where lcase(memberID)='{$memberID->sql}'", $eo);
// add new member permissions
$query = "insert into membership_userpermissions (memberID, tableName, allowInsert, allowView, allowEdit, allowDelete) values ";
foreach ($tables as $t => $tc){
$insert = "{$t}_insert";
$view = "{$t}_view";
$edit = "{$t}_edit";
$delete = "{$t}_delete";
$query .= "('{$memberID->sql}', '{$t}', '${$insert}', '${$view}', '${$edit}', '${$delete}'),";
}
$query = substr($query, 0, -1);
sql($query, $eo);
// redirect to member permissions page
redirect("admin/pageEditMemberPermissions.php?saved=1&memberID=" . $memberID->url);
}elseif(isset($_POST['resetPermissions'])){
sql("delete from membership_userpermissions where lcase(memberID)='{$memberID->sql}'", $eo);
// redirect to member permissions page
redirect("admin/pageEditMemberPermissions.php?reset=1&memberID=" . $memberID->url);
}
$GLOBALS['page_title'] = $Translation['user table permissions'];
include("{$currDir}/incHeader.php");
// fetch group permissions to fill in the form below in case user has no special permissions
$res1 = sql("select * from membership_grouppermissions where groupID='{$groupID}'", $eo);
while ($row = db_fetch_assoc($res1)){
$tableName = $row['tableName'];
$vIns = $tableName . "_insert";
$vUpd = $tableName . "_edit";
$vDel = $tableName . "_delete";
$vVue = $tableName . "_view";
$$vIns = $row['allowInsert'];
$$vUpd = $row['allowEdit'];
$$vDel = $row['allowDelete'];
$$vVue = $row['allowView'];
}
// fetch user permissions to fill in the form below, overwriting his group permissions
$res2 = sql("select * from membership_userpermissions where lcase(memberID)='{$memberID->sql}'", $eo);
while ($row = db_fetch_assoc($res2)){
$tableName = $row['tableName'];
$vIns = $tableName . "_insert";
$vUpd = $tableName . "_edit";
$vDel = $tableName . "_delete";
$vVue = $tableName . "_view";
$$vIns = $row['allowInsert'];
$$vUpd = $row['allowEdit'];
$$vDel = $row['allowDelete'];
$$vVue = $row['allowView'];
}
?>
<!-- show notifications -->
<?php
if(isset($_GET['saved'])){
echo Notification::show(array(
'message' => "<i class=\"glyphicon glyphicon-ok\"></i> {$Translation['member permissions saved']}",
'class' => 'success',
'dismiss_seconds' => 10
));
}elseif(isset($_GET['reset'])){
echo Notification::show(array(
'message' => "<i class=\"glyphicon glyphicon-ok\"></i> {$Translation['member permissions reset']}",
'class' => 'success',
'dismiss_seconds' => 10
));
}
?>
<div class="page-header">
<h1>
<?php
echo str_replace(
array('<MEMBER>', '<MEMBERID>', '<GROUPID>', '<GROUP>'),
array($memberID->url, $memberID->html, $groupID, $group),
$Translation['user table permissions']
);
?>
</h1>
</div>
<form method="post" action="pageEditMemberPermissions.php">
<input type="hidden" name="memberID" value="<?php echo $memberID->attr; ?>">
<div class="text-right" style="margin: 2em 0;">
<?php
if(!db_num_rows($res2)){
echo Notification::show(array(
'message' => '<i class="glyphicon glyphicon-user"></i> ' . $Translation["no member permissions"],
'class' => 'info',
'dismiss_seconds' => 3600
));
}else{
?>
<button type="submit" name="resetPermissions" value="1" class="btn btn-warning btn-lg reset-permissions">
<i class="glyphicon glyphicon-refresh"></i>
<?php echo html_attr($Translation['reset member permissions']); ?>
</button>
<?php
}
// permissions arrays common to the radio groups below
$arrPermVal = array(0, 1, 2, 3);
$arrPermText = array($Translation["no"], $Translation["owner"], $Translation["group"], $Translation["all"]);
?>
<button type="submit" name="saveChanges" value="1" class="btn btn-primary btn-lg"><i class="glyphicon glyphicon-ok"></i> <?php echo $Translation["save changes"]; ?></button>
</div>
<div class="table-responsive">
<table class="table table-striped table-hover">
<thead>
<tr>
<th width="30%"><?php echo $Translation["table"]; ?></th>
<th width="10%" class="text-center"><?php echo $Translation["insert"]; ?></th>
<th width="20%"><?php echo $Translation["view"]; ?></th>
<th width="20%"><?php echo $Translation["edit"]; ?></th>
<th width="20%"><?php echo $Translation["delete"]; ?></th>
</tr>
</thead>
<tbody>
<?php
foreach ($tables as $t => $tc){
$insert = "{$t}_insert";
$view = "{$t}_view";
$edit = "{$t}_edit";
$delete = "{$t}_delete";
?>
<!-- <?php echo $tc; ?> table -->
<tr>
<th valign="top"><?php echo $tc; ?></th>
<td valign="top" class="text-center">
<input type="checkbox" name="<?php echo $t; ?>_insert" value="1" <?php echo ($$insert ? "checked" : ""); ?>>
</td>
<td>
<?php echo htmlRadioGroup("{$t}_view", $arrPermVal, $arrPermText, $$view); ?>
</td>
<td>
<?php echo htmlRadioGroup("{$t}_edit", $arrPermVal, $arrPermText, $$edit); ?>
</td>
<td>
<?php echo htmlRadioGroup("{$t}_delete", $arrPermVal, $arrPermText, $$delete); ?>
</td>
</tr>
<?php
}
?>
</tbody>
<tfoot class="hidden-xs"><tr><th colspan="5"></th></tr></tfoot>
</table>
</div>
<div class="text-right">
<button type="submit" name="saveChanges" value="1" class="hidden-xs hidden-sm btn btn-primary btn-lg"><i class="glyphicon glyphicon-ok"></i> <?php echo $Translation["save changes"]; ?></button>
<button type="submit" name="saveChanges" value="1" class="hidden-md hidden-lg btn btn-primary btn-lg btn-block"><i class="glyphicon glyphicon-ok"></i> <?php echo $Translation["save changes"]; ?></button>
</div>
</form>
<div style="height: 3em;"></div>
<style>
div.text-primary label{ font-weight: bold; }
</style>
<script>
$j(function (){
var highlight_selections = function (){
$j('input[type=radio]').parent().parent().removeClass('bg-warning text-warning text-bold');
$j('input[type=radio]:checked').parent().parent().addClass('bg-warning text-warning text-bold');
}
$j('button.reset-permissions').click(function(){
return confirm('<?php echo html_attr($Translation["remove special permissions"]); ?>');
})
$j('input[type=radio]').change(highlight_selections);
highlight_selections();
});
</script>
<?php
include("{$currDir}/incFooter.php");
?>