summaryrefslogtreecommitdiff
path: root/includes/pages/admin_groups.php
diff options
context:
space:
mode:
Diffstat (limited to 'includes/pages/admin_groups.php')
-rw-r--r--includes/pages/admin_groups.php166
1 files changed, 87 insertions, 79 deletions
diff --git a/includes/pages/admin_groups.php b/includes/pages/admin_groups.php
index 2fc789fa..df472359 100644
--- a/includes/pages/admin_groups.php
+++ b/includes/pages/admin_groups.php
@@ -1,91 +1,99 @@
<?php
function admin_groups() {
- global $user;
+ global $user;
- $html = "";
- $groups = sql_select("SELECT * FROM `Groups` ORDER BY `Name`");
- if (!isset ($_REQUEST["action"])) {
- $groups_html = "";
- foreach ($groups as $group) {
- $groups_html .= sprintf(
- '<tr><td>%s</td>',
- $group['Name']
- );
- $privileges = sql_select("SELECT * FROM `GroupPrivileges` JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `group_id`=" . sql_escape($group['UID']));
- $privileges_html = array ();
+ $html = "";
+ $groups = sql_select("SELECT * FROM `Groups` ORDER BY `Name`");
+ if (!isset ($_REQUEST["action"])) {
+ $groups_html = "";
+ foreach ($groups as $group) {
+ $groups_html .= sprintf(
+ '<tr><td>%s</td>',
+ $group['Name']
+ );
+ $privileges = sql_select("SELECT * FROM `GroupPrivileges` JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `group_id`=" . sql_escape($group['UID']));
+ $privileges_html = array ();
- foreach ($privileges as $priv)
- $privileges_html[] = $priv['name'];
+ foreach ($privileges as $priv)
+ $privileges_html[] = $priv['name'];
- $groups_html .= sprintf(
- '<td>%s</td>'
- . '<td><a href="%s&action=edit&id=%s">Ändern</a></td>',
- join(', ', $privileges_html),
- page_link_to("admin_groups"),
- $group['UID']
- );
- }
+ $groups_html .= sprintf(
+ '<td>%s</td>'
+ . '<td><a href="%s&action=edit&id=%s">Ändern</a></td>',
+ join(', ', $privileges_html),
+ page_link_to("admin_groups"),
+ $group['UID']
+ );
+ }
- return template_render('../templates/admin_groups.html', array (
- 'nick' => $user['Nick'],
- 'groups' => $groups_html
- ));
- } else {
- switch ($_REQUEST["action"]) {
- case 'edit' :
- if (isset ($_REQUEST['id']) && preg_match("/^-[0-9]{1,11}$/", $_REQUEST['id']))
- $id = $_REQUEST['id'];
- else
- return error("Incomplete call, missing Groups ID.", true);
+ return template_render('../templates/admin_groups.html', array (
+ 'nick' => $user['Nick'],
+ 'groups' => $groups_html
+ ));
+ } else {
+ switch ($_REQUEST["action"]) {
+ case 'edit' :
+ if (isset ($_REQUEST['id']) && preg_match("/^-[0-9]{1,11}$/", $_REQUEST['id']))
+ $id = $_REQUEST['id'];
+ else
+ return error("Incomplete call, missing Groups ID.", true);
- $room = sql_select("SELECT * FROM `Groups` WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
- if (count($room) > 0) {
- list ($room) = $room;
- $privileges = sql_select("SELECT `Privileges`.*, `GroupPrivileges`.`group_id` FROM `Privileges` LEFT OUTER JOIN `GroupPrivileges` ON (`Privileges`.`id` = `GroupPrivileges`.`privilege_id` AND `GroupPrivileges`.`group_id`=" . sql_escape($id) . ") ORDER BY `Privileges`.`name`");
- $privileges_html = "";
- foreach ($privileges as $priv)
- $privileges_html .= sprintf(
- '<tr><td><input type="checkbox" '
- . 'name="privileges[]" value="%s" %s />'
- . '</td> <td>%s</td> <td>%s</td></tr>',
- $priv['id'],
- ($priv['group_id'] != ""
- ? 'checked="checked"'
- : ''),
- $priv['name'],
- $priv['desc']
- );
+ $room = sql_select("SELECT * FROM `Groups` WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
+ if (count($room) > 0) {
+ list ($room) = $room;
+ $privileges = sql_select("SELECT `Privileges`.*, `GroupPrivileges`.`group_id` FROM `Privileges` LEFT OUTER JOIN `GroupPrivileges` ON (`Privileges`.`id` = `GroupPrivileges`.`privilege_id` AND `GroupPrivileges`.`group_id`=" . sql_escape($id) . ") ORDER BY `Privileges`.`name`");
+ $privileges_html = "";
+ foreach ($privileges as $priv)
+ $privileges_html .= sprintf(
+ '<tr><td><input type="checkbox" '
+ . 'name="privileges[]" value="%s" %s />'
+ . '</td> <td>%s</td> <td>%s</td></tr>',
+ $priv['id'],
+ ($priv['group_id'] != ""
+ ? 'checked="checked"'
+ : ''),
+ $priv['name'],
+ $priv['desc']
+ );
- $html .= template_render('../templates/admin_groups_edit_form.html', array (
- 'link' => page_link_to("admin_groups"),
- 'id' => $id,
- 'privileges' => $privileges_html
- ));
- } else
- return error("No Group found.", true);
- break;
+ $html .= template_render('../templates/admin_groups_edit_form.html', array (
+ 'link' => page_link_to("admin_groups"),
+ 'id' => $id,
+ 'privileges' => $privileges_html
+ ));
+ } else
+ return error("No Group found.", true);
+ break;
- case 'save' :
- if (isset ($_REQUEST['id']) && preg_match("/^-[0-9]{1,11}$/", $_REQUEST['id']))
- $id = $_REQUEST['id'];
- else
- return error("Incomplete call, missing Groups ID.", true);
+ case 'save' :
+ if (isset ($_REQUEST['id']) && preg_match("/^-[0-9]{1,11}$/", $_REQUEST['id']))
+ $id = $_REQUEST['id'];
+ else
+ return error("Incomplete call, missing Groups ID.", true);
- $room = sql_select("SELECT * FROM `Groups` WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
- if (!is_array($_REQUEST['privileges']))
- $_REQUEST['privileges'] = array ();
- if (count($room) > 0) {
- list ($room) = $room;
- sql_query("DELETE FROM `GroupPrivileges` WHERE `group_id`=" . sql_escape($id));
- foreach ($_REQUEST['privileges'] as $priv)
- if (preg_match("/^[0-9]{1,}$/", $priv) && sql_num_query("SELECT * FROM `Privileges` WHERE `id`=" . sql_escape($priv)) > 0)
- sql_query("INSERT INTO `GroupPrivileges` SET `group_id`=" . sql_escape($id) . ", `privilege_id`=" . sql_escape($priv));
- header("Location: " . page_link_to("admin_groups"));
- } else
- return error("No Group found.", true);
- break;
- }
- }
- return $html;
+ $room = sql_select("SELECT * FROM `Groups` WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
+ if (!is_array($_REQUEST['privileges']))
+ $_REQUEST['privileges'] = array ();
+ if (count($room) > 0) {
+ list ($room) = $room;
+ sql_query("DELETE FROM `GroupPrivileges` WHERE `group_id`=" . sql_escape($id));
+ $privilege_names = array();
+ foreach ($_REQUEST['privileges'] as $priv) {
+ if (preg_match("/^[0-9]{1,}$/", $priv)) {
+ $group_privileges_source = sql_select("SELECT * FROM `Privileges` WHERE `id`=" . sql_escape($priv) . " LIMIT 1");
+ if(count($group_privileges_source) > 0) {
+ sql_query("INSERT INTO `GroupPrivileges` SET `group_id`=" . sql_escape($id) . ", `privilege_id`=" . sql_escape($priv));
+ $privilege_names[] = $group_privileges_source[0]['name'];
+ }
+ }
+ }
+ engelsystem_log("Group privileges of group " . $room['Name'] . " edited: " . join(", ", $privilege_names));
+ header("Location: " . page_link_to("admin_groups"));
+ } else
+ return error("No Group found.", true);
+ break;
+ }
+ }
+ return $html;
}
?>