From 3afd05636e46aedb53e1c1d954d23d6563b5e104 Mon Sep 17 00:00:00 2001
From: Philip Häusler <msquare@notrademark.de>
Date: Thu, 2 Jun 2011 22:40:08 +0200
Subject: admin groups

---
 includes/pages/admin_groups.php | 73 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 73 insertions(+)
 create mode 100644 includes/pages/admin_groups.php

(limited to 'includes/pages/admin_groups.php')

diff --git a/includes/pages/admin_groups.php b/includes/pages/admin_groups.php
new file mode 100644
index 00000000..5d9d8180
--- /dev/null
+++ b/includes/pages/admin_groups.php
@@ -0,0 +1,73 @@
+<?php
+function admin_groups() {
+	global $user;
+
+	$html = "";
+	$groups = sql_select("SELECT * FROM `Groups` ORDER BY `Name`");
+	if (!isset ($_REQUEST["action"])) {
+		$groups_html = "";
+		foreach ($groups as $group) {
+			$groups_html .= '<tr>';
+			$groups_html .= '<td>' . $group['Name'] . '</td>';
+			$privileges = sql_select("SELECT * FROM `GroupPrivileges` JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `group_id`=" . sql_escape($group['UID']));
+			$privileges_html = array ();
+			foreach ($privileges as $priv)
+				$privileges_html[] = $priv['name'];
+			$groups_html .= '<td>' . join(", ", $privileges_html) . '</td>';
+			$groups_html .= '<td><a href="' . page_link_to("admin_groups") . '&action=edit&id=' . $group['UID'] . '">Ändern</a></td>';
+			$groups_html .= '</tr>';
+		}
+
+		return template_render('../templates/admin_groups.html', array (
+			'nick' => $user['Nick'],
+			'groups' => $groups_html
+		));
+	} else {
+		switch ($_REQUEST["action"]) {
+			case 'edit' :
+				if (isset ($_REQUEST['id']) && preg_match("/^-[0-9]{1,11}$/", $_REQUEST['id']))
+					$id = $_REQUEST['id'];
+				else
+					return error("Incomplete call, missing Groups ID.");
+
+				$room = sql_select("SELECT * FROM `Groups` WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
+				if (count($room) > 0) {
+					list ($room) = $room;
+					$privileges = sql_select("SELECT `Privileges`.*, `GroupPrivileges`.`group_id` FROM `Privileges` LEFT OUTER JOIN `GroupPrivileges` ON (`Privileges`.`id` = `GroupPrivileges`.`privilege_id` AND `GroupPrivileges`.`group_id`=" . sql_escape($id) . ") ORDER BY `Privileges`.`name`");
+					$privileges_html = "";
+					foreach ($privileges as $priv)
+						$privileges_html .= '<tr><td><input type="checkbox" name="privileges[]" value="' . $priv['id'] . '"' . ($priv['group_id'] != "" ? ' checked="checked"' : '') . ' /></td><td>' . $priv['name'] . '</td><td>' . $priv['desc'] . '</td></tr>';
+
+					$html .= template_render('../templates/admin_groups_edit_form.html', array (
+						'link' => page_link_to("admin_groups"),
+						'id' => $id,
+						'privileges' => $privileges_html
+					));
+				} else
+					return error("No Group found.");
+				break;
+
+			case 'save' :
+				if (isset ($_REQUEST['id']) && preg_match("/^-[0-9]{1,11}$/", $_REQUEST['id']))
+					$id = $_REQUEST['id'];
+				else
+					return error("Incomplete call, missing Groups ID.");
+
+				$room = sql_select("SELECT * FROM `Groups` WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
+				if (!is_array($_REQUEST['privileges']))
+					$_REQUEST['privileges'] = array ();
+				if (count($room) > 0) {
+					list ($room) = $room;
+					sql_query("DELETE FROM `GroupPrivileges` WHERE `group_id`=" . sql_escape($id));
+					foreach ($_REQUEST['privileges'] as $priv)
+						if (preg_match("/^[0-9]{1,}$/", $priv) && sql_num_query("SELECT * FROM `Privileges` WHERE `id`=" . sql_escape($priv)) > 0)
+							sql_query("INSERT INTO `GroupPrivileges` SET `group_id`=" . sql_escape($id) . ", `privilege_id`=" . sql_escape($priv));
+					header("Location: " . page_link_to("admin_groups"));
+				} else
+					return error("No Group found.");
+				break;
+		}
+	}
+	return $html;
+}
+?>
-- 
cgit v1.2.3-54-g00ecf