admin_permission.php
<?php
/*
UserSpice 4
An Open Source PHP User Management System
by the UserSpice Team at http://UserSpice.com
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
?>
<?php require_once 'init.php'; ?>
<?php require_once $abs_us_root.$us_url_root.'users/includes/header.php'; ?>
<?php require_once $abs_us_root.$us_url_root.'users/includes/navigation.php'; ?>
<?php if (!securePage($_SERVER['PHP_SELF'])){die();} ?>
<?php
$validation = new Validate();
//PHP Goes Here!
$permissionId = $_GET['id'];
//Check if selected permission level exists
if(!permissionIdExists($permissionId)){
Redirect::to("admin_permissions.php"); die();
}
//Fetch information specific to permission level
$permissionDetails = fetchPermissionDetails($permissionId);
//Forms posted
if(!empty($_POST)){
$token = $_POST['csrf'];
if(!Token::check($token)){
die('Token doesn\'t match!');
}
//Delete selected permission level
if(!empty($_POST['delete'])){
$deletions = $_POST['delete'];
if ($deletion_count = deletePermission($deletions)){
$successes[] = lang("PERMISSION_DELETIONS_SUCCESSFUL", array($deletion_count));
Redirect::to('admin_permissions.php?msg=Permission+deleted.');
}
else {
$errors[] = lang("SQL_ERROR");
}
}
else
{
//Update permission level name
if($permissionDetails['name'] != $_POST['name']) {
$permission = Input::get('name');
$fields=array('name'=>$permission);
//NEW Validations
$validation->check($_POST,array(
'name' => array(
'display' => 'Permission Name',
'required' => true,
'unique' => 'permissions',
'min' => 1,
'max' => 25
)
));
if($validation->passed()){
$db->update('permissions',$permissionId,$fields);
}else{
}
}
//Remove access to pages
if(!empty($_POST['removePermission'])){
$remove = $_POST['removePermission'];
if ($deletion_count = removePermission($permissionId, $remove)) {
$successes[] = lang("PERMISSION_REMOVE_USERS", array($deletion_count));
}
else {
$errors[] = lang("SQL_ERROR");
}
}
//Add access to pages
if(!empty($_POST['addPermission'])){
$add = $_POST['addPermission'];
if ($addition_count = addPermission($permissionId, $add)) {
$successes[] = lang("PERMISSION_ADD_USERS", array($addition_count));
}
else {
$errors[] = lang("SQL_ERROR");
}
}
//Remove access to pages
if(!empty($_POST['removePage'])){
$remove = $_POST['removePage'];
if ($deletion_count = removePage($remove, $permissionId)) {
$successes[] = lang("PERMISSION_REMOVE_PAGES", array($deletion_count));
}
else {
$errors[] = lang("SQL_ERROR");
}
}
//Add access to pages
if(!empty($_POST['addPage'])){
$add = $_POST['addPage'];
if ($addition_count = addPage($add, $permissionId)) {
$successes[] = lang("PERMISSION_ADD_PAGES", array($addition_count));
}
else {
$errors[] = lang("SQL_ERROR");
}
}
$permissionDetails = fetchPermissionDetails($permissionId);
}
}
//Retrieve list of accessible pages
$pagePermissions = fetchPermissionPages($permissionId);
//Retrieve list of users with membership
$permissionUsers = fetchPermissionUsers($permissionId);
// dump($permissionUsers);
//Fetch all users
$userData = fetchAllUsers();
//Fetch all pages
$pageData = fetchAllPages();
?>
<div id="page-wrapper">
<div class="container">
<!-- Page Heading -->
<div class="row">
<div class="col-xs-12">
<div id="form-errors">
<?=$validation->display_errors();?></div>
<!-- Main Center Column -->
<!-- Content Goes Here. Class width can be adjusted -->
<h1>Configure Details for this Permission Level</h1>
<?php
$errors = [];
$successes = [];
echo resultBlock($errors,$successes);
?>
<form name='adminPermission' action='<?=$_SERVER['PHP_SELF']?>?id=<?=$permissionId?>' method='post'>
<input class='btn btn-primary' type='submit' value='Update Permission' class='submit' />
<a class='btn btn-warning' href="admin_permissions.php">Cancel</a><br><br>
<table class='table'>
<tr><td>
<h3>Permission Information</h3>
<div id='regbox'>
<p>
<label>ID:</label>
<?=$permissionDetails['id']?>
</p>
<p>
<label>Name:</label>
<input type='text' name='name' value='<?=$permissionDetails['name']?>' />
</p>
<h3>Delete this Level?</h3>
<label>Delete:</label>
<input type='checkbox' name='delete[<?=$permissionDetails['id']?>]' id='delete[<?=$permissionDetails['id']?>]' value='<?=$permissionDetails['id']?>'>
</p>
</div></td><td>
<h3>Permission Membership</h3>
<div id='regbox'>
<p><strong>
Remove Members:</strong>
<?php
//Display list of permission levels with access
$perm_users = [];
foreach($permissionUsers as $perm){
$perm_users[] = $perm->user_id;
}
foreach ($userData as $v1){
if(in_array($v1->id,$perm_users)){ ?>
<br><input type='checkbox' name='removePermission[]' id='removePermission[]' value='<?=$v1->id;?>'> <?=$v1->username;
}
}
?>
</p><strong>
<p>Add Members:</strong>
<?php
//List users without permission level
$perm_losers = [];
foreach($permissionUsers as $perm){
$perm_losers[] = $perm->user_id;
}
foreach ($userData as $v1){
if(!in_array($v1->id,$perm_losers)){ ?>
<br><input type='checkbox' name='addPermission[]' id='addPermission[]' value='<?=$v1->id?>'> <?=$v1->username;
}
}
?>
</p>
</div>
</td>
<td>
<h3>Permission Access</h3>
<div id='regbox'>
<p><br><strong>
Remove Access From This Level:</strong>
<?php
//Display list of pages with this access level
$page_ids = [];
foreach($pagePermissions as $pp){
$page_ids[] = $pp->page_id;
}
foreach ($pageData as $v1){
if(in_array($v1->id,$page_ids)){ ?>
<br><input type='checkbox' name='removePage[]' id='removePage[]' value='<?=$v1->id;?>'> <?=$v1->page;?>
<?php }
} ?>
</p>
<p><br><strong>
Add Access To This Level:</strong>
<?php
//Display list of pages with this access level
foreach ($pageData as $v1){
if($settings->page_permission_restriction == 1) {
$countQ = $db->query("SELECT id, permission_id FROM permission_page_matches WHERE page_id = ? ",array($v1->id));
$countCountQ = $countQ->count();
if(!in_array($v1->id,$page_ids) && $v1->private == 1 && !$countCountQ >=1){ ?>
<br><input type='checkbox' name='addPage[]' id='addPage[]' value='<?=$v1->id;?>'> <?=$v1->page;?>
<?php } } else {
if(!in_array($v1->id,$page_ids) && $v1->private == 1){ ?>
<br><input type='checkbox' name='addPage[]' id='addPage[]' value='<?=$v1->id;?>'> <?=$v1->page;?>
<?php } }
} ?>
</p>
<?php if($settings->page_permission_restriction == 1) { ?>
<p><br><strong>Private - Cannot Be Assigned:</strong>
<?php
//Display list of pages with this access level
foreach ($pageData as $v1){
$countQ = $db->query("SELECT id, permission_id FROM permission_page_matches WHERE page_id = ? ",array($v1->id));
$countCountQ = $countQ->count();
if(!in_array($v1->id,$page_ids) && $v1->private == 1 && $countCountQ >=1){ ?><br><?=$v1->page;?> (<?php if($countCountQ > 1) {?>Multiple<?php } else { ?><a href="admin_page.php?id=<?=$v1->id?>" style="text-decoration:none;"><?=fetchPermissionDetails($countQ->first()->permission_id)['name']?></a><?php } ?>)
<?php } } ?>
</p> <?php } ?>
<p><br><strong>
Public Pages:</strong>
<?php
//List public pages
foreach ($pageData as $v1) {
if($v1->private != 1){
?><br><a href="admin_page.php?id=<?=$v1->id?>" style="text-decoration:none;"><?=$v1->page?></a>
<?php }
}
?>
</p>
</div>
</td>
</tr>
</table>
<input type="hidden" name="csrf" value="<?=Token::generate();?>" >
<p>
<label> </label>
</p>
</form>
<!-- End of main content section -->
</div>
</div>
</div>
</div>
<!-- /.row -->
<!-- footers -->
<?php require_once $abs_us_root.$us_url_root.'users/includes/page_footer.php'; // the final html footer copyright row + the external js calls ?>
<!-- Place any per-page javascript here -->
<?php require_once $abs_us_root.$us_url_root.'users/includes/html_footer.php'; // currently just the closing /body and /html ?> Pasted: Aug 26, 2017, 7:28:16 pm
Views: 14