diff options
author | Philip Häusler <msquare@notrademark.de> | 2011-06-02 22:40:08 +0200 |
---|---|---|
committer | Philip Häusler <msquare@notrademark.de> | 2011-06-02 22:40:08 +0200 |
commit | 3afd05636e46aedb53e1c1d954d23d6563b5e104 (patch) | |
tree | aa684fe9c652ddd4d929466e0f7b20a9b21cb593 /includes/pages | |
parent | c0b15dfe0dce7c4603cc7ec7c19b5a6cf226dc95 (diff) |
admin groups
Diffstat (limited to 'includes/pages')
-rw-r--r-- | includes/pages/admin_groups.php | 73 |
1 files changed, 73 insertions, 0 deletions
diff --git a/includes/pages/admin_groups.php b/includes/pages/admin_groups.php new file mode 100644 index 00000000..5d9d8180 --- /dev/null +++ b/includes/pages/admin_groups.php @@ -0,0 +1,73 @@ +<?php +function admin_groups() { + global $user; + + $html = ""; + $groups = sql_select("SELECT * FROM `Groups` ORDER BY `Name`"); + if (!isset ($_REQUEST["action"])) { + $groups_html = ""; + foreach ($groups as $group) { + $groups_html .= '<tr>'; + $groups_html .= '<td>' . $group['Name'] . '</td>'; + $privileges = sql_select("SELECT * FROM `GroupPrivileges` JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `group_id`=" . sql_escape($group['UID'])); + $privileges_html = array (); + foreach ($privileges as $priv) + $privileges_html[] = $priv['name']; + $groups_html .= '<td>' . join(", ", $privileges_html) . '</td>'; + $groups_html .= '<td><a href="' . page_link_to("admin_groups") . '&action=edit&id=' . $group['UID'] . '">Ändern</a></td>'; + $groups_html .= '</tr>'; + } + + return template_render('../templates/admin_groups.html', array ( + 'nick' => $user['Nick'], + 'groups' => $groups_html + )); + } else { + switch ($_REQUEST["action"]) { + case 'edit' : + if (isset ($_REQUEST['id']) && preg_match("/^-[0-9]{1,11}$/", $_REQUEST['id'])) + $id = $_REQUEST['id']; + else + return error("Incomplete call, missing Groups ID."); + + $room = sql_select("SELECT * FROM `Groups` WHERE `UID`=" . sql_escape($id) . " LIMIT 1"); + if (count($room) > 0) { + list ($room) = $room; + $privileges = sql_select("SELECT `Privileges`.*, `GroupPrivileges`.`group_id` FROM `Privileges` LEFT OUTER JOIN `GroupPrivileges` ON (`Privileges`.`id` = `GroupPrivileges`.`privilege_id` AND `GroupPrivileges`.`group_id`=" . sql_escape($id) . ") ORDER BY `Privileges`.`name`"); + $privileges_html = ""; + foreach ($privileges as $priv) + $privileges_html .= '<tr><td><input type="checkbox" name="privileges[]" value="' . $priv['id'] . '"' . ($priv['group_id'] != "" ? ' checked="checked"' : '') . ' /></td><td>' . $priv['name'] . '</td><td>' . $priv['desc'] . '</td></tr>'; + + $html .= template_render('../templates/admin_groups_edit_form.html', array ( + 'link' => page_link_to("admin_groups"), + 'id' => $id, + 'privileges' => $privileges_html + )); + } else + return error("No Group found."); + break; + + case 'save' : + if (isset ($_REQUEST['id']) && preg_match("/^-[0-9]{1,11}$/", $_REQUEST['id'])) + $id = $_REQUEST['id']; + else + return error("Incomplete call, missing Groups ID."); + + $room = sql_select("SELECT * FROM `Groups` WHERE `UID`=" . sql_escape($id) . " LIMIT 1"); + if (!is_array($_REQUEST['privileges'])) + $_REQUEST['privileges'] = array (); + if (count($room) > 0) { + list ($room) = $room; + sql_query("DELETE FROM `GroupPrivileges` WHERE `group_id`=" . sql_escape($id)); + foreach ($_REQUEST['privileges'] as $priv) + if (preg_match("/^[0-9]{1,}$/", $priv) && sql_num_query("SELECT * FROM `Privileges` WHERE `id`=" . sql_escape($priv)) > 0) + sql_query("INSERT INTO `GroupPrivileges` SET `group_id`=" . sql_escape($id) . ", `privilege_id`=" . sql_escape($priv)); + header("Location: " . page_link_to("admin_groups")); + } else + return error("No Group found."); + break; + } + } + return $html; +} +?> |