You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
74 lines
3.1 KiB
PHTML
74 lines
3.1 KiB
PHTML
14 years ago
|
<?php
|
||
|
function admin_groups() {
|
||
|
global $user;
|
||
|
|
||
|
$html = "";
|
||
|
$groups = sql_select("SELECT * FROM `Groups` ORDER BY `Name`");
|
||
|
if (!isset ($_REQUEST["action"])) {
|
||
|
$groups_html = "";
|
||
|
foreach ($groups as $group) {
|
||
|
$groups_html .= '<tr>';
|
||
|
$groups_html .= '<td>' . $group['Name'] . '</td>';
|
||
|
$privileges = sql_select("SELECT * FROM `GroupPrivileges` JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `group_id`=" . sql_escape($group['UID']));
|
||
|
$privileges_html = array ();
|
||
|
foreach ($privileges as $priv)
|
||
|
$privileges_html[] = $priv['name'];
|
||
|
$groups_html .= '<td>' . join(", ", $privileges_html) . '</td>';
|
||
|
$groups_html .= '<td><a href="' . page_link_to("admin_groups") . '&action=edit&id=' . $group['UID'] . '">Ändern</a></td>';
|
||
|
$groups_html .= '</tr>';
|
||
|
}
|
||
|
|
||
|
return template_render('../templates/admin_groups.html', array (
|
||
|
'nick' => $user['Nick'],
|
||
|
'groups' => $groups_html
|
||
|
));
|
||
|
} else {
|
||
|
switch ($_REQUEST["action"]) {
|
||
|
case 'edit' :
|
||
|
if (isset ($_REQUEST['id']) && preg_match("/^-[0-9]{1,11}$/", $_REQUEST['id']))
|
||
|
$id = $_REQUEST['id'];
|
||
|
else
|
||
|
return error("Incomplete call, missing Groups ID.");
|
||
|
|
||
|
$room = sql_select("SELECT * FROM `Groups` WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
|
||
|
if (count($room) > 0) {
|
||
|
list ($room) = $room;
|
||
|
$privileges = sql_select("SELECT `Privileges`.*, `GroupPrivileges`.`group_id` FROM `Privileges` LEFT OUTER JOIN `GroupPrivileges` ON (`Privileges`.`id` = `GroupPrivileges`.`privilege_id` AND `GroupPrivileges`.`group_id`=" . sql_escape($id) . ") ORDER BY `Privileges`.`name`");
|
||
|
$privileges_html = "";
|
||
|
foreach ($privileges as $priv)
|
||
|
$privileges_html .= '<tr><td><input type="checkbox" name="privileges[]" value="' . $priv['id'] . '"' . ($priv['group_id'] != "" ? ' checked="checked"' : '') . ' /></td><td>' . $priv['name'] . '</td><td>' . $priv['desc'] . '</td></tr>';
|
||
|
|
||
|
$html .= template_render('../templates/admin_groups_edit_form.html', array (
|
||
|
'link' => page_link_to("admin_groups"),
|
||
|
'id' => $id,
|
||
|
'privileges' => $privileges_html
|
||
|
));
|
||
|
} else
|
||
|
return error("No Group found.");
|
||
|
break;
|
||
|
|
||
|
case 'save' :
|
||
|
if (isset ($_REQUEST['id']) && preg_match("/^-[0-9]{1,11}$/", $_REQUEST['id']))
|
||
|
$id = $_REQUEST['id'];
|
||
|
else
|
||
|
return error("Incomplete call, missing Groups ID.");
|
||
|
|
||
|
$room = sql_select("SELECT * FROM `Groups` WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
|
||
|
if (!is_array($_REQUEST['privileges']))
|
||
|
$_REQUEST['privileges'] = array ();
|
||
|
if (count($room) > 0) {
|
||
|
list ($room) = $room;
|
||
|
sql_query("DELETE FROM `GroupPrivileges` WHERE `group_id`=" . sql_escape($id));
|
||
|
foreach ($_REQUEST['privileges'] as $priv)
|
||
|
if (preg_match("/^[0-9]{1,}$/", $priv) && sql_num_query("SELECT * FROM `Privileges` WHERE `id`=" . sql_escape($priv)) > 0)
|
||
|
sql_query("INSERT INTO `GroupPrivileges` SET `group_id`=" . sql_escape($id) . ", `privilege_id`=" . sql_escape($priv));
|
||
|
header("Location: " . page_link_to("admin_groups"));
|
||
|
} else
|
||
|
return error("No Group found.");
|
||
|
break;
|
||
|
}
|
||
|
}
|
||
|
return $html;
|
||
|
}
|
||
|
?>
|