Gazelle/sections/user/permissions.php

106 lines
3.8 KiB
PHP
Raw Normal View History

2011-03-28 14:21:28 +00:00
<?
2013-11-19 08:00:48 +00:00
//TODO: Redo HTML
2013-04-01 08:00:47 +00:00
if (!check_perms('admin_manage_permissions')) {
error(403);
}
if (!isset($_REQUEST['userid']) || !is_number($_REQUEST['userid'])) {
error(404);
}
2011-03-28 14:21:28 +00:00
include(SERVER_ROOT."/classes/permissions_form.php");
2012-10-11 08:00:15 +00:00
list($UserID, $Username, $PermissionID) = array_values(Users::user_info($_REQUEST['userid']));
2011-03-28 14:21:28 +00:00
2013-06-09 08:01:21 +00:00
$DB->query("
2013-11-17 08:00:47 +00:00
SELECT CustomPermissions
FROM users_main
2013-11-19 08:00:48 +00:00
WHERE ID = '$UserID'");
2011-03-28 14:21:28 +00:00
2013-11-19 08:00:48 +00:00
list($Customs) = $DB->next_record(MYSQLI_NUM, false);
2011-03-28 14:21:28 +00:00
2012-10-11 08:00:15 +00:00
$Defaults = Permissions::get_permissions_for_user($UserID, array());
2011-03-28 14:21:28 +00:00
2013-11-19 08:00:48 +00:00
$Delta = array();
2011-03-28 14:21:28 +00:00
if (isset($_POST['action'])) {
authorize();
foreach ($PermissionsArray as $Perm => $Explaination) {
2013-11-19 08:00:48 +00:00
$Setting = isset($_POST["perm_$Perm"]) ? 1 : 0;
$Default = isset($Defaults[$Perm]) ? 1 : 0;
2011-03-28 14:21:28 +00:00
if ($Setting != $Default) {
$Delta[$Perm] = $Setting;
}
}
2013-04-01 08:00:47 +00:00
if (!is_number($_POST['maxcollages']) && !empty($_POST['maxcollages'])) {
error("Please enter a valid number of extra personal collages");
}
$Delta['MaxCollages'] = $_POST['maxcollages'];
2013-02-22 08:00:24 +00:00
2013-06-25 08:00:52 +00:00
$Cache->begin_transaction("user_info_heavy_$UserID");
2011-03-28 14:21:28 +00:00
$Cache->update_row(false, array('CustomPermissions' => $Delta));
$Cache->commit_transaction(0);
2013-06-09 08:01:21 +00:00
$DB->query("
UPDATE users_main
SET CustomPermissions = '".db_string(serialize($Delta))."'
WHERE ID = '$UserID'");
2011-03-28 14:21:28 +00:00
} elseif (!empty($Customs)) {
$Delta = unserialize($Customs);
}
2013-11-19 08:00:48 +00:00
$Permissions = array_merge($Defaults, $Delta);
$MaxCollages = $Customs['MaxCollages'] + $Delta['MaxCollages'];
2011-03-28 14:21:28 +00:00
2013-06-25 08:00:52 +00:00
function display_perm($Key, $Title) {
2011-03-28 14:21:28 +00:00
global $Defaults, $Permissions;
2013-06-25 08:00:52 +00:00
$Perm = "<input id=\"default_$Key\" type=\"checkbox\" disabled=\"disabled\"";
2013-04-01 08:00:47 +00:00
if (isset($Defaults[$Key]) && $Defaults[$Key]) {
2013-06-25 08:00:52 +00:00
$Perm .= ' checked="checked"';
2013-04-01 08:00:47 +00:00
}
2013-06-25 08:00:52 +00:00
$Perm .= " /><input type=\"checkbox\" name=\"perm_$Key\" id=\"$Key\" value=\"1\"";
2013-04-01 08:00:47 +00:00
if (isset($Permissions[$Key]) && $Permissions[$Key]) {
2013-06-25 08:00:52 +00:00
$Perm .= ' checked="checked"';
2013-04-01 08:00:47 +00:00
}
2013-06-25 08:00:52 +00:00
$Perm .= " /> <label for=\"$Key\">$Title</label><br />";
2013-10-01 08:00:53 +00:00
echo "$Perm\n";
2011-03-28 14:21:28 +00:00
}
2013-06-25 08:00:52 +00:00
View::show_header("$Username &gt; Permissions");
2011-03-28 14:21:28 +00:00
?>
2013-02-09 08:01:01 +00:00
<script type="text/javascript">//<![CDATA[
2011-03-28 14:21:28 +00:00
function reset() {
2012-09-15 08:00:25 +00:00
for (i = 0; i < $('#permissionsform').raw().elements.length; i++) {
element = $('#permissionsform').raw().elements[i];
2013-06-25 08:00:52 +00:00
if (element.id.substr(0, 8) == 'default_') {
2011-03-28 14:21:28 +00:00
$('#' + element.id.substr(8)).raw().checked = element.checked;
}
}
}
2013-02-09 08:01:01 +00:00
//]]>
2011-03-28 14:21:28 +00:00
</script>
2012-08-19 08:00:19 +00:00
<div class="header">
2013-04-01 08:00:47 +00:00
<h2><?=Users::format_username($UserID, false, false, false)?> &gt; Permissions</h2>
2012-08-19 08:00:19 +00:00
<div class="linkbox">
2013-06-25 08:00:52 +00:00
<a href="#" onclick="reset(); return false;" class="brackets">Defaults</a>
2012-08-19 08:00:19 +00:00
</div>
2011-03-28 14:21:28 +00:00
</div>
<div class="box pad">
2013-06-25 08:00:52 +00:00
<p>Before using permissions, please understand that it allows you to both add and remove access to specific features. If you think that to add access to a feature, you need to uncheck everything else, <strong>YOU ARE WRONG</strong>. The check boxes on the left, which are grayed out, are the standard permissions granted by their class (and donor/artist status). Any changes you make to the right side will overwrite this. It's not complicated, and if you screw up, click the "Defaults" link at the top. It will reset the user to their respective features granted by class, then you can select or deselect the one or two things you want to change. <strong>DO NOT DESELECT EVERYTHING.</strong> If you need further clarification, ask a developer before using this tool.</p>
2011-03-28 14:21:28 +00:00
</div>
<br />
2012-09-15 08:00:25 +00:00
<form class="manage_form" name="permissions" id="permissionsform" method="post" action="">
2012-09-01 08:00:24 +00:00
<table class="layout permission_head">
<tr>
<td class="label">Extra personal collages</td>
2013-04-01 08:00:47 +00:00
<td><input type="text" name="maxcollages" size="5" value="<?=($MaxCollages ? $MaxCollages : '0') ?>" /></td>
</tr>
</table>
2011-03-28 14:21:28 +00:00
<input type="hidden" name="action" value="permissions" />
<input type="hidden" name="auth" value="<?=$LoggedUser['AuthKey']?>" />
<input type="hidden" name="id" value="<?=$_REQUEST['userid']?>" />
<?
permissions_form();
?>
</form>
2013-02-09 08:01:01 +00:00
<? View::show_footer(); ?>