includes/pages/admin_groups.php


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81

<?php
function admin_groups() {
	global $user;

	$html = "";
	$groups = sql_select("SELECT * FROM `Groups` ORDER BY `Name`");
	if (!isset ($_REQUEST["action"])) {
		$groups_html = "";
		foreach ($groups as $group) {
			$groups_html .= sprintf(
				'<tr><td>%s</td>',
				$group['Name']
			);
			$privileges = sql_select("SELECT * FROM `GroupPrivileges` JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `group_id`=" . sql_escape($group['UID']));
			$privileges_html = array ();

			foreach ($privileges as $priv)
				$privileges_html[] = $priv['name'];

			$groups_html .= sprintf(
				'<td>%s</td>'
				. '<td><a href="%s&action=edit&id=%s">Ändern</a></td>',
				join(', ', $privileges_html),
				page_link_to("admin_groups"),
				$group['UID']
			);
		}

		return template_render('../templates/admin_groups.html', array (
			'nick' => $user['Nick'],
			'groups' => $groups_html
		));
	} else {
		switch ($_REQUEST["action"]) {
			case 'edit' :
				if (isset ($_REQUEST['id']) && preg_match("/^-[0-9]{1,11}$/", $_REQUEST['id']))
					$id = $_REQUEST['id'];
				else
					return error("Incomplete call, missing Groups ID.");

				$room = sql_select("SELECT * FROM `Groups` WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
				if (count($room) > 0) {
					list ($room) = $room;
					$privileges = sql_select("SELECT `Privileges`.*, `GroupPrivileges`.`group_id` FROM `Privileges` LEFT OUTER JOIN `GroupPrivileges` ON (`Privileges`.`id` = `GroupPrivileges`.`privilege_id` AND `GroupPrivileges`.`group_id`=" . sql_escape($id) . ") ORDER BY `Privileges`.`name`");
					$privileges_html = "";
					foreach ($privileges as $priv)
						$privileges_html .= '<tr><td><input type="checkbox" name="privileges[]" value="' . $priv['id'] . '"' . ($priv['group_id'] != "" ? ' checked="checked"' : '') . ' /></td><td>' . $priv['name'] . '</td><td>' . $priv['desc'] . '</td></tr>';

					$html .= template_render('../templates/admin_groups_edit_form.html', array (
						'link' => page_link_to("admin_groups"),
						'id' => $id,
						'privileges' => $privileges_html
					));
				} else
					return error("No Group found.");
				break;

			case 'save' :
				if (isset ($_REQUEST['id']) && preg_match("/^-[0-9]{1,11}$/", $_REQUEST['id']))
					$id = $_REQUEST['id'];
				else
					return error("Incomplete call, missing Groups ID.");

				$room = sql_select("SELECT * FROM `Groups` WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
				if (!is_array($_REQUEST['privileges']))
					$_REQUEST['privileges'] = array ();
				if (count($room) > 0) {
					list ($room) = $room;
					sql_query("DELETE FROM `GroupPrivileges` WHERE `group_id`=" . sql_escape($id));
					foreach ($_REQUEST['privileges'] as $priv)
						if (preg_match("/^[0-9]{1,}$/", $priv) && sql_num_query("SELECT * FROM `Privileges` WHERE `id`=" . sql_escape($priv)) > 0)
							sql_query("INSERT INTO `GroupPrivileges` SET `group_id`=" . sql_escape($id) . ", `privilege_id`=" . sql_escape($priv));
					header("Location: " . page_link_to("admin_groups"));
				} else
					return error("No Group found.");
				break;
		}
	}
	return $html;
}
?>