Merge branch 'dev'

1 files changed, 51 insertions, 31 deletions

diff --git a/includes/pages/admin_user.php b/includes/pages/admin_user.php
index 5a986eca..f4902e1c 100644
--- a/includes/pages/admin_user.php
+++ b/includes/pages/admin_user.php
@@ -92,46 +92,55 @@ function admin_user() {
       // UserAngelType subform
       list ($user_source) = sql_select($SQL);
 
-      $selected_angel_types_source = sql_select("SELECT * FROM `UserAngelTypes` WHERE `user_id`=" . sql_escape($user_source['UID']));
-      $selected_angel_types = array ();
-      foreach ($selected_angel_types_source as $selected_angel_type)
-        $selected_angel_types[] = $selected_angel_type['angeltype_id'];
+      $selected_angel_types = sql_select_single_col("SELECT `angeltype_id` FROM `UserAngelTypes` WHERE `user_id`=" . sql_escape($user_source['UID']));
+      $accepted_angel_types = sql_select_single_col("SELECT `angeltype_id` FROM `UserAngelTypes` WHERE `user_id`=" . sql_escape($user_source['UID']) . " AND `confirm_user_id` IS NOT NULL");
+      $nonrestricted_angel_types = sql_select_single_col("SELECT `id` FROM `AngelTypes` WHERE `restricted` = 0");
 
-      $angel_types_source = sql_select("SELECT * FROM `AngelTypes` ORDER BY `name`");
-      $angel_types = array ();
+      $angel_types_source = sql_select("SELECT `id`, `name` FROM `AngelTypes` ORDER BY `name`");
+      $angel_types = array();
       foreach ($angel_types_source as $angel_type)
-        $angel_types[$angel_type['id']] = $angel_type['name'] . ($angel_type['restricted'] ? " (restricted)" : "");
+        $angel_types[$angel_type['id']] = $angel_type['name'];
 
       if (isset ($_REQUEST['submit_user_angeltypes'])) {
-        $selected_angel_types = array ();
-        foreach ($angel_types as $angel_type_id => $angel_type_name) {
-          if (isset ($_REQUEST['angel_types_' . $angel_type_id]))
-            $selected_angel_types[] = $angel_type_id;
-        }
+        $selected_angel_types = array_intersect($_REQUEST['selected_angel_types'], array_keys($angel_types));
+        $accepted_angel_types = array_unique(array_diff(array_intersect($_REQUEST['accepted_angel_types'], array_keys($angel_types)), $nonrestricted_angel_types));
+        if (in_array("admin_user_angeltypes", $privileges))
+          $selected_angel_types = array_merge((array) $selected_angel_types, $accepted_angel_types);
+        $selected_angel_types = array_unique($selected_angel_types);
 
         // Assign angel-types
-        foreach ($angel_types_source as $angel_type) {
-          if (!in_array($angel_type['id'], $selected_angel_types))
-            sql_query("DELETE FROM `UserAngelTypes` WHERE `user_id`=" . sql_escape($user_source['UID']) . " AND `angeltype_id`=" . sql_escape($angel_type['id']) . " LIMIT 1");
-        }
-
-        foreach ($selected_angel_types as $selected_angel_type_id) {
-          if (sql_num_query("SELECT * FROM `UserAngelTypes` WHERE `user_id`=" . sql_escape($user_source['UID']) . " AND `angeltype_id`=" . sql_escape($selected_angel_type_id) . " LIMIT 1") == 0) {
-            if (in_array("admin_user_angeltypes", $privileges)) {
-              sql_query("INSERT INTO `UserAngelTypes` SET `confirm_user_id`=" . sql_escape($user['UID']) . ", `user_id`=" . sql_escape($user_source['UID']) . ", `angeltype_id`=" . sql_escape($selected_angel_type_id));
-            } else {
-              sql_query("INSERT INTO `UserAngelTypes` SET `user_id`=" . sql_escape($user_source['UID']) . ", `angeltype_id`=" . sql_escape($selected_angel_type_id));
-            }
+        sql_start_transaction();
+        sql_query("DELETE FROM `UserAngelTypes` WHERE `user_id`=" . sql_escape($user_source['UID']));
+        $user_angel_type_info = array();
+        if (!empty($selected_angel_types)) {
+          $SQL = "INSERT INTO `UserAngelTypes` (`user_id`, `angeltype_id`) VALUES ";
+          foreach ($selected_angel_types as $selected_angel_type_id) {
+            $SQL .= "(" . $user_source['UID'] . ", " . $selected_angel_type_id . "),";
+            $user_angel_type_info[] = $angel_types[$selected_angel_type_id] . (in_array($selected_angel_type_id, $accepted_angel_types) ? ' (confirmed)' : '');
           }
+          // remove superfluous comma
+          $SQL = substr($SQL, 0, -1);
+          sql_query($SQL);
+        }
+        if (in_array("admin_user_angeltypes", $privileges)) {
+          sql_query("UPDATE `UserAngelTypes` SET `confirm_user_id` = NULL WHERE `user_id` = " . sql_escape($user_source['UID']));
+          if (!empty($accepted_angel_types))
+            sql_query("UPDATE `UserAngelTypes` SET `confirm_user_id` = '" . sql_escape($user['UID']) . "' WHERE `user_id` = '" . sql_escape($user_source['UID']) . "' AND `angeltype_id` IN (" . implode(',', $accepted_angel_types) . ")");
         }
+        sql_stop_transaction();
 
+        engelsystem_log("Set angeltypes of " . $user_source['Nick'] . " to: " . join(", ", $user_angel_type_info));
         success("Angeltypes saved.");
         redirect(page_link_to('admin_user') . '&id=' . $user_source['UID']);
       }
 
       $html .= form(array (
         msg(),
-        form_checkboxes('angel_types', "Angeltypes", $angel_types, $selected_angel_types),
+        form_multi_checkboxes(array('selected_angel_types' => 'gewünscht', 'accepted_angel_types' => 'akzeptiert'),
+            "Angeltypes",
+            $angel_types,
+            array('selected_angel_types' => $selected_angel_types, 'accepted_angel_types' => array_merge($accepted_angel_types, $nonrestricted_angel_types)),
+            array('accepted_angel_types' => $nonrestricted_angel_types)),
         form_submit('submit_user_angeltypes', Get_Text("Save"))
       ));
 
@@ -188,19 +197,26 @@ function admin_user() {
             $his_highest_group = sql_select("SELECT * FROM `UserGroups` WHERE `uid`=" . sql_escape($id) . " ORDER BY `group_id`");
 
             if (count($my_highest_group) > 0 && (count($his_highest_group) == 0 || ($my_highest_group[0]['group_id'] <= $his_highest_group[0]['group_id']))) {
-              $groups = sql_select("SELECT * FROM `Groups` LEFT OUTER JOIN `UserGroups` ON (`UserGroups`.`group_id` = `Groups`.`UID` AND `UserGroups`.`uid` = " . sql_escape($id) . ") WHERE `Groups`.`UID` >= " . sql_escape($my_highest_group[0]['group_id']) . " ORDER BY `Groups`.`Name`");
+              $groups_source = sql_select("SELECT * FROM `Groups` LEFT OUTER JOIN `UserGroups` ON (`UserGroups`.`group_id` = `Groups`.`UID` AND `UserGroups`.`uid` = " . sql_escape($id) . ") WHERE `Groups`.`UID` >= " . sql_escape($my_highest_group[0]['group_id']) . " ORDER BY `Groups`.`Name`");
+              $groups = array();
               $grouplist = array ();
-              foreach ($groups as $group)
+              foreach ($groups_source as $group) {
+                $groups[$group['UID']] = $group;
                 $grouplist[] = $group['UID'];
+              }
 
               if (!is_array($_REQUEST['groups']))
                 $_REQUEST['groups'] = array ();
 
               sql_query("DELETE FROM `UserGroups` WHERE `uid`=" . sql_escape($id));
-              foreach ($_REQUEST['groups'] as $group)
-                if (in_array($group, $grouplist))
-                sql_query("INSERT INTO `UserGroups` SET `uid`=" .
-                    sql_escape($id) . ", `group_id`=" . sql_escape($group));
+              $user_groups_info = array();
+              foreach ($_REQUEST['groups'] as $group) {
+                if (in_array($group, $grouplist)) {
+                  sql_query("INSERT INTO `UserGroups` SET `uid`=" . sql_escape($id) . ", `group_id`=" . sql_escape($group));
+                  $user_groups_info[] = $groups[$group]['Name'];
+                }
+              }
+              engelsystem_log("Set groups of " . $user_source['Nick'] . " to: " . join(", ", $user_groups_info));
               $html .= success("Benutzergruppen gespeichert.", true);
             } else {
               $html .= error("Du kannst keine Engel mit mehr Rechten bearbeiten.", true);
@@ -212,9 +228,11 @@ function admin_user() {
 
         case 'delete' :
           if ($user['UID'] != $id) {
+            $nickname = sql_select("SELECT `Nick` FROM `User` WHERE `UID` = '" . sql_escape($id) . "' LIMIT 1");
             sql_query("DELETE FROM `User` WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
             sql_query("DELETE FROM `UserGroups` WHERE `uid`=" . sql_escape($id));
             sql_query("UPDATE `ShiftEntry` SET `UID`=0, `Comment`=NULL WHERE `UID`=" . sql_escape($id));
+            engelsystem_log("Deleted user " . $nickname[0]['Nick']);
             $html .= success("Benutzer gelöscht!", true);
           } else {
             $html .= error("Du kannst Dich nicht selber löschen!", true);
@@ -240,12 +258,14 @@ function admin_user() {
               "WHERE `UID` = '" . sql_escape($id) .
               "' LIMIT 1;";
           sql_query($SQL);
+          engelsystem_log("Updated user: " . $_POST["eNick"] . ", " . $_POST["eSize"] . ", arrived: " . $_POST["eGekommen"] . ", active: " . $_POST["eAktiv"] . ", tshirt: " . $_POST["eTshirt"]);
           $html .= success("Änderung wurde gespeichert...\n", true);
           break;
 
         case 'change_pw' :
           if ($_REQUEST['new_pw'] != "" && $_REQUEST['new_pw'] == $_REQUEST['new_pw2']) {
             set_password($id, $_REQUEST['new_pw']);
+            engelsystem_log("Set new password for " . $user_source['Nick']);
             $html .= success("Passwort neu gesetzt.", true);
           } else {
             $html .= error("Die Eingaben müssen übereinstimmen und dürfen nicht leer sein!", true);