From 0dabaa505e4463498665a1eb6ab95979578beab3 Mon Sep 17 00:00:00 2001
From: Philip Häusler <msquare@notrademark.de>
Date: Wed, 26 Dec 2012 14:02:27 +0100
Subject: #28 begin log

---
 includes/pages/admin_groups.php | 166 +++++++++++++++++++++-------------------
 1 file changed, 87 insertions(+), 79 deletions(-)

(limited to 'includes/pages/admin_groups.php')

diff --git a/includes/pages/admin_groups.php b/includes/pages/admin_groups.php
index 2fc789fa..df472359 100644
--- a/includes/pages/admin_groups.php
+++ b/includes/pages/admin_groups.php
@@ -1,91 +1,99 @@
 <?php
 function admin_groups() {
-	global $user;
+  global $user;
 
-	$html = "";
-	$groups = sql_select("SELECT * FROM `Groups` ORDER BY `Name`");
-	if (!isset ($_REQUEST["action"])) {
-		$groups_html = "";
-		foreach ($groups as $group) {
-			$groups_html .= sprintf(
-				'<tr><td>%s</td>',
-				$group['Name']
-			);
-			$privileges = sql_select("SELECT * FROM `GroupPrivileges` JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `group_id`=" . sql_escape($group['UID']));
-			$privileges_html = array ();
+  $html = "";
+  $groups = sql_select("SELECT * FROM `Groups` ORDER BY `Name`");
+  if (!isset ($_REQUEST["action"])) {
+    $groups_html = "";
+    foreach ($groups as $group) {
+      $groups_html .= sprintf(
+          '<tr><td>%s</td>',
+          $group['Name']
+      );
+      $privileges = sql_select("SELECT * FROM `GroupPrivileges` JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `group_id`=" . sql_escape($group['UID']));
+      $privileges_html = array ();
 
-			foreach ($privileges as $priv)
-				$privileges_html[] = $priv['name'];
+      foreach ($privileges as $priv)
+        $privileges_html[] = $priv['name'];
 
-			$groups_html .= sprintf(
-				'<td>%s</td>'
-				. '<td><a href="%s&action=edit&id=%s">Ändern</a></td>',
-				join(', ', $privileges_html),
-				page_link_to("admin_groups"),
-				$group['UID']
-			);
-		}
+      $groups_html .= sprintf(
+          '<td>%s</td>'
+          . '<td><a href="%s&action=edit&id=%s">Ändern</a></td>',
+          join(', ', $privileges_html),
+          page_link_to("admin_groups"),
+          $group['UID']
+      );
+    }
 
-		return template_render('../templates/admin_groups.html', array (
-			'nick' => $user['Nick'],
-			'groups' => $groups_html
-		));
-	} else {
-		switch ($_REQUEST["action"]) {
-			case 'edit' :
-				if (isset ($_REQUEST['id']) && preg_match("/^-[0-9]{1,11}$/", $_REQUEST['id']))
-					$id = $_REQUEST['id'];
-				else
-					return error("Incomplete call, missing Groups ID.", true);
+    return template_render('../templates/admin_groups.html', array (
+      'nick' => $user['Nick'],
+      'groups' => $groups_html
+    ));
+  } else {
+    switch ($_REQUEST["action"]) {
+      case 'edit' :
+        if (isset ($_REQUEST['id']) && preg_match("/^-[0-9]{1,11}$/", $_REQUEST['id']))
+          $id = $_REQUEST['id'];
+        else
+          return error("Incomplete call, missing Groups ID.", true);
 
-				$room = sql_select("SELECT * FROM `Groups` WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
-				if (count($room) > 0) {
-					list ($room) = $room;
-					$privileges = sql_select("SELECT `Privileges`.*, `GroupPrivileges`.`group_id` FROM `Privileges` LEFT OUTER JOIN `GroupPrivileges` ON (`Privileges`.`id` = `GroupPrivileges`.`privilege_id` AND `GroupPrivileges`.`group_id`=" . sql_escape($id) . ") ORDER BY `Privileges`.`name`");
-					$privileges_html = "";
-					foreach ($privileges as $priv)
-						$privileges_html .= sprintf(
-							'<tr><td><input type="checkbox" '
-							. 'name="privileges[]" value="%s" %s />'
-							. '</td> <td>%s</td> <td>%s</td></tr>',
-							$priv['id'],
-							($priv['group_id'] != ""
-							? 'checked="checked"'
-							: ''),
-							$priv['name'],
-							$priv['desc']
-						);
+        $room = sql_select("SELECT * FROM `Groups` WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
+        if (count($room) > 0) {
+          list ($room) = $room;
+          $privileges = sql_select("SELECT `Privileges`.*, `GroupPrivileges`.`group_id` FROM `Privileges` LEFT OUTER JOIN `GroupPrivileges` ON (`Privileges`.`id` = `GroupPrivileges`.`privilege_id` AND `GroupPrivileges`.`group_id`=" . sql_escape($id) . ") ORDER BY `Privileges`.`name`");
+          $privileges_html = "";
+          foreach ($privileges as $priv)
+            $privileges_html .= sprintf(
+                '<tr><td><input type="checkbox" '
+                . 'name="privileges[]" value="%s" %s />'
+                . '</td> <td>%s</td> <td>%s</td></tr>',
+                $priv['id'],
+                ($priv['group_id'] != ""
+                    ? 'checked="checked"'
+                    : ''),
+                $priv['name'],
+                $priv['desc']
+            );
 
-					$html .= template_render('../templates/admin_groups_edit_form.html', array (
-						'link' => page_link_to("admin_groups"),
-						'id' => $id,
-						'privileges' => $privileges_html
-					));
-				} else
-					return error("No Group found.", true);
-				break;
+          $html .= template_render('../templates/admin_groups_edit_form.html', array (
+            'link' => page_link_to("admin_groups"),
+            'id' => $id,
+            'privileges' => $privileges_html
+          ));
+        } else
+          return error("No Group found.", true);
+        break;
 
-			case 'save' :
-				if (isset ($_REQUEST['id']) && preg_match("/^-[0-9]{1,11}$/", $_REQUEST['id']))
-					$id = $_REQUEST['id'];
-				else
-					return error("Incomplete call, missing Groups ID.", true);
+      case 'save' :
+        if (isset ($_REQUEST['id']) && preg_match("/^-[0-9]{1,11}$/", $_REQUEST['id']))
+          $id = $_REQUEST['id'];
+        else
+          return error("Incomplete call, missing Groups ID.", true);
 
-				$room = sql_select("SELECT * FROM `Groups` WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
-				if (!is_array($_REQUEST['privileges']))
-					$_REQUEST['privileges'] = array ();
-				if (count($room) > 0) {
-					list ($room) = $room;
-					sql_query("DELETE FROM `GroupPrivileges` WHERE `group_id`=" . sql_escape($id));
-					foreach ($_REQUEST['privileges'] as $priv)
-						if (preg_match("/^[0-9]{1,}$/", $priv) && sql_num_query("SELECT * FROM `Privileges` WHERE `id`=" . sql_escape($priv)) > 0)
-							sql_query("INSERT INTO `GroupPrivileges` SET `group_id`=" . sql_escape($id) . ", `privilege_id`=" . sql_escape($priv));
-					header("Location: " . page_link_to("admin_groups"));
-				} else
-					return error("No Group found.", true);
-				break;
-		}
-	}
-	return $html;
+        $room = sql_select("SELECT * FROM `Groups` WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
+        if (!is_array($_REQUEST['privileges']))
+          $_REQUEST['privileges'] = array ();
+        if (count($room) > 0) {
+          list ($room) = $room;
+          sql_query("DELETE FROM `GroupPrivileges` WHERE `group_id`=" . sql_escape($id));
+          $privilege_names = array();
+          foreach ($_REQUEST['privileges'] as $priv) {
+            if (preg_match("/^[0-9]{1,}$/", $priv)) {
+              $group_privileges_source = sql_select("SELECT * FROM `Privileges` WHERE `id`=" . sql_escape($priv) . " LIMIT 1");
+              if(count($group_privileges_source) > 0) {
+                sql_query("INSERT INTO `GroupPrivileges` SET `group_id`=" . sql_escape($id) . ", `privilege_id`=" . sql_escape($priv));
+                $privilege_names[] = $group_privileges_source[0]['name'];
+              }
+            }
+          }
+          engelsystem_log("Group privileges of group " . $room['Name'] . " edited: " . join(", ", $privilege_names));
+          header("Location: " . page_link_to("admin_groups"));
+        } else
+          return error("No Group found.", true);
+        break;
+    }
+  }
+  return $html;
 }
 ?>
-- 
cgit v1.2.3-54-g00ecf