nsinnovations/fusionpbx
2
0
Fork 0
mirror of https://github.com/fusionpbx/fusionpbx.git synced 2025-12-30 00:53:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

Groups: Integrate Show All and ability to edit assigned Domain. Create, edit, delete non-default groups.

Browse Source 
Users: Adjust so assigned Domain doesn't get overwritten if user_all permission exists, but user_domain doesn't.
Destinations: Adjust so assigned Domain doesn't get overwritten if destination_all permission exists, but destination_domain doesn't.
This commit is contained in:
Nate Jones
2015-03-31 21:47:31 +00:00
parent 30bb3e211d
commit 88295a53d7
12 changed files with 548 additions and 233 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
app/destinations/destination_edit.php
View File

@@ -79,6 +79,7 @@ if (file_exists($_SERVER['DOCUMENT_ROOT'].PROJECT_PATH."/app/billing/app_config.
if (count($_POST) > 0) {
//set the variables
$dialplan_uuid = check_str($_POST["dialplan_uuid"]);
$domain_uuid = check_str($_POST["domain_uuid"]);
$destination_type = check_str($_POST["destination_type"]);
$destination_number = check_str($_POST["destination_number"]);
$db_destination_number = check_str($_POST["db_destination_number"]);
@@ -96,15 +97,6 @@ if (file_exists($_SERVER['DOCUMENT_ROOT'].PROJECT_PATH."/app/billing/app_config.
$currency_buy = check_str($_POST["currency_buy"]);
$destination_accountcode = check_str($_POST["destination_accountcode"]);
$destination_carrier = check_str($_POST["destination_carrier"]);
//get the domain_uuid
if (permission_exists('destination_domain')) {
$domain_uuid = check_str($_POST["domain_uuid"]);
}
else {
$_POST["domain_uuid"] = $_SESSION['domain_uuid'];
$domain_uuid = $_SESSION['domain_uuid'];
}
}
//unset the db_destination_number
@@ -473,9 +465,7 @@ if (count($_POST) > 0 && strlen($_POST["persistformvar"]) == 0) {
$orm->uuid($destination_uuid);
$result = $orm->find()->get();
foreach ($result as &$row) {
if (permission_exists('destination_domain')) {
$domain_uuid = $row["domain_uuid"];
}
$domain_uuid = $row["domain_uuid"];
$dialplan_uuid = $row["dialplan_uuid"];
$destination_type = $row["destination_type"];
$destination_number = $row["destination_number"];
@@ -780,6 +770,9 @@ if (count($_POST) > 0 && strlen($_POST["persistformvar"]) == 0) {
echo "</td>\n";
echo "</tr>\n";
}
else {
echo "<input type='hidden' name='domain_uuid' value='".$domain_uuid."'>\n";
}
echo "<tr>\n";
echo "<td class='vncell' valign='top' align='left' nowrap='nowrap'>\n";

6
core/users/app_config.php
View File

@@ -57,6 +57,12 @@
$apps[$x]['permissions'][$y]['name'] = "group_delete";
$apps[$x]['permissions'][$y]['groups'][] = "superadmin";
$y++;
$apps[$x]['permissions'][$y]['name'] = 'group_domain';
$apps[$x]['permissions'][$y]['groups'][] = 'superadmin';
$y++;
$apps[$x]['permissions'][$y]['name'] = 'group_all';
$apps[$x]['permissions'][$y]['groups'][] = 'superadmin';
$y++;
$apps[$x]['permissions'][$y]['name'] = "group_member_view";
$apps[$x]['permissions'][$y]['menu']['uuid'] = "3b4acc6d-827b-f537-bf21-0093d94ffec7";
$apps[$x]['permissions'][$y]['groups'][] = "admin";

40
core/users/app_languages.php
View File

@@ -22,10 +22,15 @@
$text['title-group_manager']['pt-pt'] = "Gestão de Grupos";
$text['title-group_manager']['fr-fr'] = "Gestion de Groupe";
$text['title-group_add']['en-us'] = "Group";
$text['title-group_add']['es-cl'] = "Agregar Usuario";
$text['title-group_add']['pt-pt'] = "Grupo";
$text['title-group_add']['fr-fr'] = "Groupe";
$text['title-group_add']['en-us'] = "Add Group";
$text['title-group_add']['es-cl'] = "Agregar Grupo";
$text['title-group_add']['pt-pt'] = "Adicionar Grupo";
$text['title-group_add']['fr-fr'] = "Ajouter un Groupe";
$text['title-group_edit']['en-us'] = "Edit Group";
$text['title-group_edit']['es-cl'] = "Editar Grupo";
$text['title-group_edit']['pt-pt'] = "Editar Grupo";
$text['title-group_edit']['fr-fr'] = "Modifier le Groupe";
$text['title-group_permissions']['en-us'] = "Group Permissions";
$text['title-group_permissions']['es-cl'] = "Permisos de Grupo";
@@ -57,10 +62,15 @@
$text['header-group_manager']['pt-pt'] = "Gestão de Grupos";
$text['header-group_manager']['fr-fr'] = "Gestion de Groupe";
$text['header-group_add']['en-us'] = "Group";
$text['header-group_add']['en-us'] = "Add Group";
$text['header-group_add']['es-cl'] = "Agregar Grupo";
$text['header-group_add']['pt-pt'] = "Adicionar Grupo";
$text['header-group_add']['fr-fr'] = "Ajout de Groupe";
$text['header-group_add']['fr-fr'] = "Ajouter un Groupe";
$text['header-group_edit']['en-us'] = "Edit Group";
$text['header-group_edit']['es-cl'] = "Editar Grupo";
$text['header-group_edit']['pt-pt'] = "Editar Grupo";
$text['header-group_edit']['fr-fr'] = "Modifier le Groupe";
$text['header-group_permissions']['en-us'] = "Group Permissions: ";
$text['header-group_permissions']['es-cl'] = "Permisos de Grupo: ";
@@ -87,10 +97,15 @@
$text['description-user_edit']['pt-pt'] = "Editar a informação do utilizador e os membros do grupo. ";
$text['description-user_edit']['fr-fr'] = "Editer les informations de l'utilisateur et l'appartenance au groupe.";
$text['description-group_add']['en-us'] = "Please choose a group name.";
$text['description-group_add']['es-cl'] = "Por favor escoja un nombre.";
$text['description-group_add']['pt-pt'] = "Por favor escolha um nome para o grupo.";
$text['description-group_add']['fr-fr'] = "Choisir un nom pour le groupe.";
$text['description-group_add']['en-us'] = "Create a new user group.";
$text['description-group_add']['es-cl'] = "Crear un nuevo grupo de usuarios.";
$text['description-group_add']['pt-pt'] = "Criar um novo grupo de usuários.";
$text['description-group_add']['fr-fr'] = "Créez un nouveau groupe d'utilisateurs.";
$text['description-group_edit']['en-us'] = "Edit the properties of the group.";
$text['description-group_edit']['es-cl'] = "Editar las propiedades del grupo.";
$text['description-group_edit']['pt-pt'] = "Editar as propriedades do grupo.";
$text['description-group_edit']['fr-fr'] = "Modifier les propriétés du groupe.";
$text['description-group_permissions']['en-us'] = "Assign permissions for this group.";
$text['description-group_permissions']['es-cl'] = "Asigne permisos para este grupo.";
@@ -442,4 +457,9 @@
$text['message-maximum_users']['pt-pt'] = "Usuários Máximo Permitido:";
$text['message-maximum_users']['fr-fr'] = "Utilisateurs Maximale Autorisée:";
$text['message-group_exists']['en-us'] = "Group Already Exists";
$text['message-group_exists']['es-cl'] = "El Grupo ya Existe";
$text['message-group_exists']['pt-pt'] = "O Grupo já Existe";
$text['message-group_exists']['fr-fr'] = "Groupe Existe Déjà";
?>

32
core/users/group_permissions.php
View File

@@ -90,12 +90,24 @@ require_once "resources/require.php";
}
}
//get the http values and set them as php variables
$group_name = $_REQUEST['group_name'];
//get the group uuid, lookup domain uuid (if any) and name
$group_uuid = check_str($_REQUEST['group_uuid']);
$sql = "select domain_uuid, group_name from v_groups ";
$sql .= "where group_uuid = '".$group_uuid."' ";
$prep_statement = $db->prepare(check_sql($sql));
$prep_statement->execute();
$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
foreach ($result as &$row) {
$domain_uuid = $row["domain_uuid"];
$group_name = $row["group_name"];
break; //limit to 1 row
}
unset ($prep_statement);
//get the permissions assigned to this group
$sql = " select * from v_group_permissions ";
$sql .= "where group_name = '$group_name' ";
$sql .= "and domain_uuid ".(($domain_uuid != '') ? " = '".$domain_uuid."' " : " is null ");
$prep_statement = $db->prepare(check_sql($sql));
$prep_statement->execute();
$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
@@ -128,6 +140,7 @@ require_once "resources/require.php";
//process the http post
if (count($_POST)>0) {
foreach($_POST['permissions_form'] as $permission) {
$permissions_form[$permission] = "true";
}
@@ -217,12 +230,18 @@ require_once "resources/require.php";
$sql = "insert into v_group_permissions ";
$sql .= "(";
$sql .= "group_permission_uuid, ";
if ($domain_uuid != '') {
$sql .= "domain_uuid, ";
}
$sql .= "permission_name, ";
$sql .= "group_name ";
$sql .= ")";
$sql .= "values ";
$sql .= "(";
$sql .= "'".uuid()."', ";
if ($domain_uuid != '') {
$sql .= "'".$domain_uuid."', ";
}
$sql .= "'$permission', ";
$sql .= "'$group_name' ";
$sql .= ")";
@@ -315,6 +334,7 @@ require_once "resources/require.php";
//show the content
echo "<form method='post' name='frm' action=''>\n";
echo "<input type='hidden' name='domain_uuid' value='".$domain_uuid."'>\n";
echo "<table cellpadding='0' cellspacing='0' width='100%' border='0'>\n";
echo " <tr>\n";
echo " <td width='50%' align=\"left\" nowrap=\"nowrap\" valign='top'>";
@@ -348,7 +368,7 @@ require_once "resources/require.php";
if ($description != '') { echo $description."<br />\n"; }
echo "<br>";
echo "<table width='100%' border='0' cellpadding='0' cellspacing='0'>\n";
echo "<table class='tr_hover' width='100%' border='0' cellpadding='0' cellspacing='0'>\n";
echo " <tr>\n";
echo " <th><input type='checkbox' id='check_toggle_".$app_index."' onclick=\"check_toggle('".$app_index."', this.checked);\"></th>\n";
echo " <th>".$text['label-permission_permissions']."</th>\n";
@@ -357,10 +377,10 @@ require_once "resources/require.php";
foreach ($app['permissions'] as $permission_index => $row) {
$checked = ($permissions_db_checklist[$row['name']] == "true") ? "checked='checked'" : null;
echo "<tr >\n";
echo "<tr>\n";
echo " <td valign='top' class='".$row_style[$c]."'><input type='checkbox' name='permissions_form[]' id='perm_".$app_index."_".$permission_index."' ".$checked." value='".$row['name']."'></td>\n";
echo " <td valign='top' width='30%' nowrap='nowrap' class='".$row_style[$c]."'>".$row['name']."</td>\n";
echo " <td valign='top' width='70%' class='row_stylebg'>".$row['description']."&nbsp;</td>\n";
echo " <td valign='top' width='30%' nowrap='nowrap' class='".$row_style[$c]."' onclick=\"(document.getElementById('perm_".$app_index."_".$permission_index."').checked) ? document.getElementById('perm_".$app_index."_".$permission_index."').checked = false : document.getElementById('perm_".$app_index."_".$permission_index."').checked = true;\">".$row['name']."</td>\n";
echo " <td valign='top' width='70%' class='row_stylebg' onclick=\"(document.getElementById('perm_".$app_index."_".$permission_index."').checked) ? document.getElementById('perm_".$app_index."_".$permission_index."').checked = false : document.getElementById('perm_".$app_index."_".$permission_index."').checked = true;\">".$row['description']."&nbsp;</td>\n";
echo "</tr>\n";
$c = ($c == 0) ? 1 : 0;

129
core/users/groupadd.php
View File

@@ -41,37 +41,68 @@ require_once "resources/require.php";
$text = $language->get();
//get the http values and set them as variables
$path = check_str($_GET["path"]);
$msg = check_str($_GET["msg"]);
$group_name = check_str($_POST["group_name"]);
$group_description = check_str($_POST["group_description"]);
if (count($_POST) > 0) {
//set the variables
$group_name = check_str($_POST["group_name"]);
if (permission_exists('group_domain')) {
$domain_uuid = check_str($_POST["domain_uuid"]);
}
else {
$domain_uuid = $_SESSION['domain_uuid'];
}
$group_description = check_str($_POST["group_description"]);
//insert into groups
if (strlen($group_name) > 0) {
$sql_insert = "insert into v_groups ";
$sql_insert .= "(";
$sql_insert .= "group_uuid, ";
$sql_insert .= "group_name, ";
$sql_insert .= "group_description ";
$sql_insert .= ")";
$sql_insert .= "values ";
$sql_insert .= "(";
$sql_insert .= "'".uuid()."', ";
$sql_insert .= "'$group_name', ";
$sql_insert .= "'$group_description' ";
$sql_insert .= ")";
if (!$db->exec($sql_insert)) {
//echo $db->errorCode() . "<br>";
$info = $db->errorInfo();
print_r($info);
// $info[0] == $db->errorCode() unified error code
// $info[1] is the driver specific error code
// $info[2] is the driver specific error string
}
//check for global/domain duplicates
$sql = "select count(*) as num_rows from v_groups where ";
$sql .= "group_name = '".$group_name."' ";
$sql .= "and domain_uuid ".(($domain_uuid != '') ? " = '".$domain_uuid."' " : " is null ");
$prep_statement = $db->prepare($sql);
if ($prep_statement) {
$prep_statement->execute();
$row = $prep_statement->fetch(PDO::FETCH_ASSOC);
$group_exists = ($row['num_rows'] > 0) ? true : false;
}
else {
$group_exists = false;
}
unset($sql, $prep_statement, $row);
//insert group
if (!$group_exists) {
$sql = "insert into v_groups ";
$sql .= "(";
$sql .= "group_uuid, ";
$sql .= "domain_uuid, ";
$sql .= "group_name, ";
$sql .= "group_description ";
$sql .= ")";
$sql .= "values ";
$sql .= "(";
$sql .= "'".uuid()."', ";
$sql .= (($domain_uuid != '') ? "'".$domain_uuid."'" : "null").", ";
$sql .= "'".$group_name."', ";
$sql .= "'".$group_description."' ";
$sql .= ")";
if (!$db->exec($sql)) {
//echo $db->errorCode() . "<br>";
$info = $db->errorInfo();
echo "<pre>".print_r($info, true)."</pre>";
exit;
// $info[0] == $db->errorCode() unified error code
// $info[1] is the driver specific error code
// $info[2] is the driver specific error string
}
$_SESSION["message"] = $text['message-add'];
header("Location: groups.php");
}
else {
$_SESSION['message_mood'] = 'negative';
$_SESSION["message"] = $text['message-group_exists'];
header("Location: groupadd.php");
}
//redirect the user
$_SESSION["message"] = $text['message-add'];
header("Location: groups.php");
return;
}
@@ -80,48 +111,64 @@ require_once "resources/require.php";
$document['title'] = $text['title-group_add'];
//show the content
echo "<form name='login' method='post' action=''>\n";
echo "<table width='100%' cellpadding='0' cellspacing='0'>\n";
echo " <tr>\n";
echo " <td align='left'>\n";
echo " <td align='left' valign='top'>\n";
echo " <b>".$text['header-group_add']."</b>\n";
echo " <br><br>\n";
echo " ".$text['description-group_add']."\n";
echo " </td>\n";
echo " <td align='right'>\n";
echo " <td align='right' valign='top'>\n";
echo " <input type='button' class='btn' name='' alt='back' onclick=\"window.location='groups.php'\" value='".$text['button-back']."'> ";
echo " <input type=\"submit\" class='btn' value=\"".$text['button-save']."\">\n";
echo " <input type='submit' class='btn' value=\"".$text['button-save']."\">\n";
echo " </td>\n";
echo " </tr>\n";
echo "</table>\n";
echo "<br>";
echo "<form name='login' METHOD=\"POST\" action=\"groupadd.php\">\n";
echo "<table width='100%' cellpadding='0' cellspacing='0'>\n";
echo "<tr>\n";
echo "<td width='30%' class='vncellreq'>\n";
echo $text['label-group_name']."\n";
echo "</td>\n";
echo "<td width='70%' align='left' class='vtable'>\n";
echo " <input type=\"text\" class='formfld' name=\"group_name\">\n";
echo " <input type='text' class='formfld' name='group_name'>\n";
echo "</td>\n";
echo "</tr>\n";
if (permission_exists('group_domain')) {
echo "<tr>\n";
echo "<td class='vncell' valign='top' align='left' nowrap='nowrap'>\n";
echo " ".$text['label-domain']."\n";
echo "</td>\n";
echo "<td class='vtable' align='left'>\n";
echo " <select class='formfld' name='domain_uuid'>\n";
echo " <option value='' ".((strlen($domain_uuid) == 0) ? "selected='selected'" : null).">".$text['option-global']."</option>\n";
foreach ($_SESSION['domains'] as $row) {
echo " <option value='".$row['domain_uuid']."' ".(($row['domain_uuid'] == $domain_uuid) ? "selected='selected'" : null).">".$row['domain_name']."</option>\n";
}
echo " </select>\n";
echo "<br />\n";
echo $text['description-domain_name']."\n";
echo "</td>\n";
echo "</tr>\n";
}
echo "<tr>\n";
echo "<td class='vncellreq'>\n";
echo "<td class='vncell'>\n";
echo $text['label-group_description']."\n";
echo "</td>\n";
echo "<td align='left' class='vtable'>\n";
echo "<textarea name='group_description' class='formfld'></textarea>\n";
echo "<textarea name='group_description' class='formfld' style='width: 250px; height: 50px;'></textarea>\n";
echo "</td>\n";
echo "</tr>\n";
echo "<tr>\n";
echo "<td>\n";
echo "</td>\n";
echo "<td align=\"right\">\n";
echo " <input type=\"hidden\" name=\"path\" value=\"$path\">\n";
echo " <br><br>";
echo " <input type=\"submit\" class='btn' value=\"".$text['button-save']."\">\n";
echo "<td colspan='2' align='right'>\n";
echo " <br />";
echo " <input type='submit' class='btn' value=\"".$text['button-save']."\">\n";
echo "</td>\n";
echo "</tr>\n";

17
core/users/groupdelete.php
View File

@@ -42,14 +42,16 @@ require_once "resources/require.php";
//validate the uuid
if (is_uuid($group_uuid)) {
//get the group from v_groups
$sql = "select group_name from v_groups ";
$sql = "select domain_uuid, group_name from v_groups ";
$sql .= "where group_uuid = '".$group_uuid."' ";
$sql .= "and (domain_uuid = '".$_SESSION['domain_uuid']."' or domain_uuid is null); ";
//echo $sql . "\n";
if (!permission_exists('group_domain')) {
$sql .= "and (domain_uuid = '".$_SESSION['domain_uuid']."' or domain_uuid is null); ";
}
$prep_statement = $db->prepare(check_sql($sql));
$prep_statement->execute();
$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
foreach ($result as &$row) {
$domain_uuid = $row["domain_uuid"];
$group_name = $row["group_name"];
}
unset ($prep_statement);
@@ -57,8 +59,6 @@ require_once "resources/require.php";
//delete the group users
$sql = "delete from v_group_users ";
$sql .= "where group_uuid = '".$group_uuid."' ";
$sql .= "and (domain_uuid = '".$_SESSION['domain_uuid']."' or domain_uuid is null); ";
//echo $sql . "\n";
if (!$db->exec($sql)) {
$error = $db->errorInfo();
print_r($error);
@@ -68,8 +68,7 @@ require_once "resources/require.php";
if (strlen($group_name) > 0) {
$sql = "delete from v_group_permissions ";
$sql .= "where group_name = '".$group_name."' ";
$sql .= "and (domain_uuid = '".$_SESSION['domain_uuid']."' or domain_uuid is null); ";
//echo $sql . "\n";
$sql .= "and domain_uuid ".(($domain_uuid != '') ? " = '".$domain_uuid."' " : " is null ");
if (!$db->exec($sql)) {
$error = $db->errorInfo();
print_r($error);
@@ -79,8 +78,7 @@ require_once "resources/require.php";
//delete the group
$sql = "delete from v_groups ";
$sql .= "where group_uuid = '".$group_uuid."' ";
$sql .= "and (domain_uuid = '".$_SESSION['domain_uuid']."' or domain_uuid is null); ";
//echo $sql . "\n";
$sql .= "and domain_uuid ".(($domain_uuid != '') ? " = '".$domain_uuid."' " : " is null ");
if (!$db->exec($sql)) {
$error = $db->errorInfo();
print_r($error);
@@ -88,6 +86,7 @@ require_once "resources/require.php";
}
//redirect the user
$_SESSION["message"] = $text['message-delete'];
header("Location: groups.php");
?>

191
core/users/groupedit.php Normal file
View File

@@ -0,0 +1,191 @@
<?php
/*
FusionPBX
Version: MPL 1.1
The contents of this file are subject to the Mozilla Public License Version
1.1 (the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.mozilla.org/MPL/
Software distributed under the License is distributed on an "AS IS" basis,
WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
for the specific language governing rights and limitations under the
License.
The Original Code is FusionPBX
The Initial Developer of the Original Code is
Mark J Crane <markjcrane@fusionpbx.com>
Portions created by the Initial Developer are Copyright (C) 2008-2014
the Initial Developer. All Rights Reserved.
Contributor(s):
Mark J Crane <markjcrane@fusionpbx.com>
*/
include "root.php";
require_once "resources/require.php";
//check permissions
require_once "resources/check_auth.php";
if (permission_exists('group_edit')) {
//access allowed
}
else {
echo "access denied";
return;
}
//add multi-lingual support
$language = new text;
$text = $language->get();
//process update
if (count($_POST) > 0) {
//set the variables
$group_uuid = check_str($_POST['group_uuid']);
$group_name = check_str($_POST['group_name']);
$domain_uuid = check_str($_POST["domain_uuid"]);
$group_description = check_str($_POST["group_description"]);
//check for global/domain duplicates
$sql = "select count(*) as num_rows from v_groups where ";
$sql .= "group_name = '".$group_name."' ";
$sql .= "and group_uuid <> '".$group_uuid."' ";
$sql .= "and domain_uuid ".(($domain_uuid != '') ? " = '".$domain_uuid."' " : " is null ");
$prep_statement = $db->prepare($sql);
if ($prep_statement) {
$prep_statement->execute();
$row = $prep_statement->fetch(PDO::FETCH_ASSOC);
$group_exists = ($row['num_rows'] > 0) ? true : false;
}
else {
$group_exists = false;
}
unset($sql, $prep_statement, $row);
//insert group
if (!$group_exists) {
$sql = "update v_groups ";
$sql .= "set ";
$sql .= "group_name = '".$group_name."', ";
$sql .= "domain_uuid = ".(($domain_uuid != '') ? "'".$domain_uuid."'" : "null").", ";
$sql .= "group_description = '".$group_description."' ";
$sql .= "where group_uuid = '".$group_uuid."' ";
if (!$db->exec(check_sql($sql))) {
//echo $db->errorCode() . "<br>";
$info = $db->errorInfo();
echo "<pre>".print_r($info, true)."</pre>";
exit;
// $info[0] == $db->errorCode() unified error code
// $info[1] is the driver specific error code
// $info[2] is the driver specific error string
}
$_SESSION["message"] = $text['message-update'];
header("Location: groups.php");
}
else {
$_SESSION['message_mood'] = 'negative';
$_SESSION["message"] = $text['message-group_exists'];
header("Location: groupedit.php?id=".$group_uuid);
}
//redirect the user
return;
}
//pre-populate the form
$group_uuid = check_str($_REQUEST['id']);
if ($group_uuid != '') {
$sql = "select * from v_groups where ";
$sql .= "group_uuid = '".$group_uuid."' ";
$prep_statement = $db->prepare($sql);
if ($prep_statement) {
$prep_statement->execute();
$row = $prep_statement->fetch(PDO::FETCH_ASSOC);
$group_name = $row['group_name'];
$domain_uuid = $row['domain_uuid'];
$group_description = $row['group_description'];
}
}
//include the header
include "resources/header.php";
$document['title'] = $text['title-group_edit'];
//show the content
echo "<form name='login' method='post' action=''>\n";
echo "<input type='hidden' name='group_uuid' value='".$group_uuid."'>\n";
echo "<table width='100%' cellpadding='0' cellspacing='0'>\n";
echo " <tr>\n";
echo " <td align='left' valign='top'>\n";
echo " <b>".$text['header-group_edit']."</b>\n";
echo " <br><br>\n";
echo " ".$text['description-group_edit']."\n";
echo " </td>\n";
echo " <td align='right' valign='top'>\n";
echo " <input type='button' class='btn' name='' alt='back' onclick=\"window.location='groups.php'\" value='".$text['button-back']."'> ";
echo " <input type='submit' class='btn' value=\"".$text['button-save']."\">\n";
echo " </td>\n";
echo " </tr>\n";
echo "</table>\n";
echo "<br>";
echo "<table width='100%' cellpadding='0' cellspacing='0'>\n";
echo "<tr>\n";
echo "<td width='30%' class='vncellreq' valign='top'>\n";
echo $text['label-group_name']."\n";
echo "</td>\n";
echo "<td width='70%' align='left' class='vtable'>\n";
echo " <input type='text' class='formfld' name='group_name' value=\"".$group_name."\">\n";
echo "</td>\n";
echo "</tr>\n";
if (permission_exists('group_domain')) {
echo "<tr>\n";
echo "<td class='vncell' valign='top'>\n";
echo " ".$text['label-domain']."\n";
echo "</td>\n";
echo "<td class='vtable' align='left'>\n";
echo " <select class='formfld' name='domain_uuid'>\n";
echo " <option value='' ".((strlen($domain_uuid) == 0) ? "selected='selected'" : null).">".$text['option-global']."</option>\n";
foreach ($_SESSION['domains'] as $row) {
echo " <option value='".$row['domain_uuid']."' ".(($row['domain_uuid'] == $domain_uuid) ? "selected='selected'" : null).">".$row['domain_name']."</option>\n";
}
echo " </select>\n";
echo "<br />\n";
echo $text['description-domain_name']."\n";
echo "</td>\n";
echo "</tr>\n";
}
else {
echo "<input type='hidden' name='domain_uuid' value='".$domain_uuid."'>";
}
echo "<tr>\n";
echo "<td class='vncell' valign='top'>\n";
echo $text['label-group_description']."\n";
echo "</td>\n";
echo "<td align='left' class='vtable' valign='top'>\n";
echo " <textarea name='group_description' class='formfld' style='width: 250px; height: 50px;'>".$group_description."</textarea>\n";
echo "</td>\n";
echo "</tr>\n";
echo "<tr>\n";
echo "<td colspan='2' align='right'>\n";
echo " <br />";
echo " <input type='submit' class='btn' value=\"".$text['button-save']."\">\n";
echo "</td>\n";
echo "</tr>\n";
echo "</table>\n";
echo "<br><br>";
echo "</form>";
//include the footer
include "resources/footer.php";
?>

15
core/users/groupmemberadd.php
View File

@@ -41,6 +41,7 @@ else {
}
//get the http values and set them as variables
$domain_uuid = check_str($_POST["domain_uuid"]);
$group_uuid = check_str($_POST["group_uuid"]);
$group_name = check_str($_POST["group_name"]);
$user_uuid = check_str($_POST["user_uuid"]);
@@ -58,14 +59,15 @@ else {
$sql .= "values ";
$sql .= "(";
$sql .= "'".uuid()."', ";
$sql .= "'$domain_uuid', ";
$sql .= "'$group_uuid', ";
$sql .= "'$group_name', ";
$sql .= "'$user_uuid' ";
$sql .= "'".$domain_uuid."', ";
$sql .= "'".$group_uuid."', ";
$sql .= "'".$group_name."', ";
$sql .= "'".$user_uuid."' ";
$sql .= ")";
if (!$db->exec($sql)) {
$info = $db->errorInfo();
print_r($info);
echo "<pre>".print_r($info, true)."</pre>";
exit;
}
else {
//log the success
@@ -75,6 +77,7 @@ else {
}
//redirect the user
header("Location: groupmembers.php?group_uuid=$group_uuid&group_name=$group_name");
$_SESSION["message"] = $text['message-update'];
header("Location: groupmembers.php?group_uuid=".$group_uuid."&group_name=".$group_name);
?>

11
core/users/groupmemberdelete.php
View File

@@ -47,12 +47,12 @@ else {
//delete the group membership
$sql_delete = "delete from v_group_users ";
$sql_delete .= "where domain_uuid = '$domain_uuid' ";
$sql_delete .= "and user_uuid = '$user_uuid' ";
$sql_delete .= "and group_uuid = '$group_uuid' ";
$sql_delete .= "where user_uuid = '".$user_uuid."' ";
$sql_delete .= "and group_uuid = '".$group_uuid."' ";
if (!$db->exec($sql_delete)) {
$info = $db->errorInfo();
print_r($info);
echo "<pre>".print_r($info, true)."</pre>";
exit;
}
else {
//$log_type = 'group'; $log_status='remove'; $log_add_user=$_SESSION["username"]; $log_desc= "username: ".$username." removed from group: ".$group_name;
@@ -60,6 +60,7 @@ else {
}
//redirect the user
header("Location: groupmembers.php?group_uuid=$group_uuid&group_name=$group_name");
$_SESSION["message"] = $text['message-delete'];
header("Location: groupmembers.php?group_uuid=".$group_uuid."&group_name=".$group_name);
?>

115
core/users/groupmembers.php
View File

@@ -44,16 +44,27 @@ else {
$language = new text;
$text = $language->get();
//get the http value and set as a variable
$group_uuid = $_GET["group_uuid"];
$group_name = $_GET["group_name"];
//get the group uuid, lookup domain uuid (if any) and name
$group_uuid = check_str($_REQUEST['group_uuid']);
$sql = "select domain_uuid, group_name from v_groups ";
$sql .= "where group_uuid = '".$group_uuid."' ";
$prep_statement = $db->prepare(check_sql($sql));
$prep_statement->execute();
$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
foreach ($result as &$row) {
$domain_uuid = $row["domain_uuid"];
$group_name = $row["group_name"];
break; //limit to 1 row
}
unset ($prep_statement);
//define the if group members function
function if_group_members($db, $group_uuid, $user_uuid) {
function is_group_member($group_uuid, $user_uuid) {
global $db, $domain_uuid;
$sql = "select * from v_group_users ";
$sql .= "where domain_uuid = '$domain_uuid' ";
$sql .= "and group_uuid = '$group_uuid' ";
$sql .= "and user_uuid = '$user_uuid' ";
$sql .= "where user_uuid = '".$user_uuid."' ";
$sql .= "and group_uuid = '".$group_uuid."' ";
$sql .= "and domain_uuid = '".(($domain_uuid != '') ? $domain_uuid : $_SESSION['domain_uuid'])."' ";
$prep_statement = $db->prepare(check_sql($sql));
$prep_statement->execute();
if (count($prep_statement->fetchAll(PDO::FETCH_NAMED)) == 0) { return true; } else { return false; }
@@ -61,22 +72,15 @@ else {
}
//$exampledatareturned = example("apples", 1);
//get the group from v_groups
$sql = "select * from v_groups ";
$sql .= "where group_uuid = '".$group_uuid."' ";
$sql .= "and (domain_uuid = '".$_SESSION['domain_uuid']."' or domain_uuid is null) ";
$prep_statement = $db->prepare(check_sql($sql));
$prep_statement->execute();
$groups = $prep_statement->fetchAll(PDO::FETCH_NAMED);
foreach ($groups as &$row) {
$group_name = $row["group_name"];
}
unset ($prep_statement);
//get the the users array
if (permission_exists('group_member_add')) {
$sql = "SELECT * FROM v_users ";
$sql .= "where domain_uuid = '$domain_uuid' ";
$sql = "select * from v_users where ";
if ($domain_uuid != '') {
$sql .= "domain_uuid = '".$domain_uuid."' ";
}
else {
$sql .= "domain_uuid = '".$_SESSION['domain_uuid']."' ";
}
$sql .= "order by username ";
$prep_statement = $db->prepare(check_sql($sql));
$prep_statement->execute();
@@ -84,10 +88,16 @@ else {
}
//get the groups users
$sql = "SELECT u.user_uuid, u.username, g.group_user_uuid, g.group_uuid FROM v_group_users as g, v_users as u ";
$sql = "select u.user_uuid, u.username, g.group_user_uuid, g.domain_uuid, g.group_uuid ";
$sql .= "from v_group_users as g, v_users as u ";
$sql .= "where g.user_uuid = u.user_uuid ";
$sql .= "and g.domain_uuid = '$domain_uuid' ";
$sql .= "and g.group_uuid = '$group_uuid' ";
if ($domain_uuid != '') {
$sql .= "and g.domain_uuid = '".$domain_uuid."' ";
}
if (!permission_exists('user_all')) {
$sql .= "and u.domain_uuid = '".$_SESSION['domain_uuid']."' ";
}
$sql .= "and g.group_uuid = '".$group_uuid."' ";
$prep_statement = $db->prepare(check_sql($sql));
$prep_statement->execute();
$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
@@ -104,7 +114,7 @@ else {
echo "<table width='100%' cellpadding='0' cellspacing='0' border='0'>\n";
echo " <tr>\n";
echo " <td width='100%' align='left' valign='top'>\n";
echo " <b>".$text['header-group_members'].$group_name."</b>";
echo " <b>".$text['header-group_members'].$group_name."</b>\n";
echo " </td>\n";
echo " <td align='right' nowrap='nowrap' valign='middle'>\n";
echo " <input type='button' class='btn' style='margin-right: 15px;' alt='".$text['button-back']."' onclick=\"window.location='groups.php'\" value='".$text['button-back']."'>";
@@ -112,18 +122,18 @@ else {
if (permission_exists('group_member_add')) {
echo " <td align='right' nowrap='nowrap' valign='top'>\n";
echo " <form method='post' action='groupmemberadd.php'>";
echo " <select name=\"user_uuid\" style='width: 200px;' class='formfld'>\n";
echo " <option value=\"\"></option>\n";
echo " <select name='user_uuid' style='width: 200px;' class='formfld'>\n";
echo " <option value=''></option>\n";
foreach($users as $field) {
$username = $field['username'];
if (if_group_members($db, $group_uuid, $field['user_uuid']) && !in_array($field['user_uuid'], $group_users)) {
if (is_group_member($group_uuid, $field['user_uuid'])) {
echo " <option value='".$field['user_uuid']."'>".$field['username']."</option>\n";
}
}
unset($sql, $users);
echo " </select>";
echo " <input type='hidden' name='group_uuid' value='$group_uuid'>";
echo " <input type='hidden' name='group_name' value='$group_name'>";
echo " <input type='hidden' name='domain_uuid' value='".(($domain_uuid != '') ? $domain_uuid : $_SESSION['domain_uuid'])."'>";
echo " <input type='hidden' name='group_uuid' value='".$group_uuid."'>";
echo " <input type='hidden' name='group_name' value='".$group_name."'>";
echo " <input type='submit' class='btn' value='".$text['button-add_member']."'>";
echo " </form>";
echo " </td>\n";
@@ -132,40 +142,43 @@ else {
echo "</table>\n";
echo "<br>";
$strlist = "<table width='100%' border='0' cellpadding='0' cellspacing='0'>\n";
$strlist .= "<tr>\n";
$strlist .= " <th align=\"left\" nowrap> &nbsp; ".$text['label-username']." &nbsp; </th>\n";
$strlist .= " <th align=\"left\" nowrap> &nbsp; &nbsp; </th>\n";
$strlist .= " <td width='22' align=\"right\" nowrap>\n";
$strlist .= " &nbsp;\n";
$strlist .= " </td>\n";
$strlist .= "</tr>\n";
$echo = "<table class='tr_hover' width='100%' border='0' cellpadding='0' cellspacing='0'>\n";
$echo .= "<tr>\n";
if (permission_exists('user_all')) {
$echo .= "<th width='30%' align='left' nowrap>".$text['label-domain']."</th>\n";
}
$echo .= " <th align='left' nowrap>".$text['label-username']."</th>\n";
$echo .= " <td width='25' align='right' nowrap>&nbsp;</td>\n";
$echo .= "</tr>\n";
$count = 0;
foreach ($result as &$row) {
$group_user_uuid = $row["group_user_uuid"];
$username = $row["username"];
$user_uuid = $row["user_uuid"];
$domain_uuid = $row["domain_uuid"];
$group_uuid = $row["group_uuid"];
$strlist .= "<tr'>";
$strlist .= "<td align=\"left\" class='".$row_style[$c]."' nowrap> &nbsp; $username &nbsp; </td>\n";
$strlist .= "<td align=\"left\" class='".$row_style[$c]."' nowrap> &nbsp; </td>\n";
$strlist .= "<td class='list_control_icons' style='width: 25px;'>";
if (permission_exists('group_member_delete')) {
$strlist .= "<a href='groupmemberdelete.php?user_uuid=$user_uuid&group_name=$group_name&group_uuid=$group_uuid' onclick=\"return confirm('".$text['confirm-delete']."')\" alt='".$text['button-delete']."'>$v_link_label_delete</a>";
$echo .= "<tr>";
if (permission_exists('user_all')) {
$echo .= "<td align='left' class='".$row_style[$c]."' nowrap>".$_SESSION['domains'][$domain_uuid]['domain_name']."</td>\n";
}
$strlist .= "</td>\n";
$strlist .= "</tr>\n";
$echo .= "<td align='left' class='".$row_style[$c]."' nowrap>".$username."</td>\n";
$echo .= "<td class='list_control_icons' style='width: 25px;'>";
if (permission_exists('group_member_delete')) {
$echo .= "<a href='groupmemberdelete.php?user_uuid=".$user_uuid."&group_name=".$group_name."&group_uuid=".$group_uuid."' onclick=\"return confirm('".$text['confirm-delete']."')\" alt='".$text['button-delete']."'>".$v_link_label_delete."</a>";
}
$echo .= "</td>\n";
$echo .= "</tr>\n";
if ($c==0) { $c=1; } else { $c=0; }
$c = ($c) ? 0 : 1;
$group_users[] = $row["user_uuid"];
$count++;
}
$strlist .= "</table>\n";
echo $strlist;
echo "<br><br>";
$echo .= "</table>\n";
$echo .= "<br /><br />";
echo $echo;
//include the footer
require_once "resources/footer.php";

174
core/users/groups.php
View File

@@ -46,24 +46,49 @@ require_once "resources/require.php";
if (isset($_REQUEST["change"])) {
//get the values from the HTTP POST and save them as PHP variables
$change = check_str($_REQUEST["change"]);
$group_uuid = check_str($_REQUEST["group_uuid"]);
$group_name = check_str($_REQUEST["group_name"]);
$sql = "update v_groups set ";
$sql .= "group_protected = '$change' ";
$sql .= "where domain_uuid = '$domain_uuid' ";
$sql .= "and group_name = '$group_name' ";
$sql = "update v_groups set group_protected = '".$change."' ";
$sql .= "where group_uuid = '".$group_uuid."' ";
if (!permission_exists('group_domain')) {
$sql .= "and (";
$sql .= " domain_uuid = '".$domain_uuid."' ";
$sql .= " or domain_uuid is null ";
$sql .= ") ";
}
$db->exec(check_sql($sql));
unset($sql);
$_SESSION["message"] = $text['message-update'];
}
//get the groups
$sql = "SELECT * FROM v_groups ";
$sql .= "where domain_uuid = '$domain_uuid' ";
$sql .= "or domain_uuid is null ";
$sql .= "order by group_name asc ";
$sql = "select * from v_groups ";
if (!(permission_exists('group_all') && $_GET['showall'] == 'true')) {
$sql .= "where domain_uuid = '".$domain_uuid."' ";
$sql .= "or domain_uuid is null ";
}
$sql .= "order by domain_uuid desc, group_name asc ";
$prep_statement = $db->prepare(check_sql($sql));
$prep_statement->execute();
$groups = $prep_statement->fetchAll(PDO::FETCH_NAMED);
unset($sql, $prep_statement);
$system_groups = array('superadmin','admin','user','public','agent');
//get group counts
$sql = "select group_uuid, count(user_uuid) as group_count from v_group_users ";
if (!permission_exists('user_all')) {
$sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' ";
}
$sql .= "group by group_uuid ";
$prep_statement = $db->prepare(check_sql($sql));
$prep_statement->execute();
$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
foreach ($result as $row) {
$group_counts[$row['group_uuid']] = $row['group_count'];
}
unset($sql, $prep_statement, $result, $row);
//show the content
echo "<table width='100%' cellpadding='0' cellspacing='0' border='0'>";
@@ -73,6 +98,11 @@ require_once "resources/require.php";
echo " <br><br>";
echo "</td>";
echo "<td width='50%' align='right' valign='top'>";
if (permission_exists('group_all')) {
if ($_GET['showall'] != 'true') {
echo "<input type='button' class='btn' value='".$text['button-show_all']."' onclick=\"window.location='groups.php?showall=true';\">\n";
}
}
if (permission_exists('user_view')) {
echo " <input type='button' class='btn' onclick=\"window.location='index.php'\" value='".$text['header-user_manager']."'>";
}
@@ -88,24 +118,28 @@ require_once "resources/require.php";
$row_style["0"] = "row_style0";
$row_style["1"] = "row_style1";
$strlist = "<table class='tr_hover' width='100%' border='0' cellpadding='0' cellspacing='0'>\n";
$strlist .= "<tr class='border'>\n";
$strlist .= " <th nowrap>".$text['label-group_name']."</th>\n";
$strlist .= " <th nowrap>".$text['label-group_tools']."</th>\n";
$strlist .= " <th style='text-align: center;' nowrap>".$text['label-group_protected']."</th>\n";
$strlist .= " <th nowrap>".$text['label-group_description']."</th>\n";
$strlist .= " <td class='list_control_icons' style='width: 25px;'>";
if (permission_exists('group_add')) {
$strlist .= "<a href='groupadd.php' alt='".$text['button-add']."'>$v_link_label_add</a>";
$echo = "<table class='tr_hover' width='100%' border='0' cellpadding='0' cellspacing='0'>\n";
$echo .= "<tr class='border'>\n";
if (permission_exists('group_all') && $_GET['showall'] == 'true') {
$echo .= " <th nowrap>".$text['label-domain']."</th>\n";
}
$strlist .= " </td>\n";
$strlist .= "</tr>\n";
$echo .= " <th nowrap>".$text['label-group_name']."</th>\n";
$echo .= " <th nowrap>".$text['label-group_tools']."</th>\n";
$echo .= " <th style='text-align: center;' nowrap>".$text['label-group_protected']."</th>\n";
$echo .= " <th nowrap>".$text['label-group_description']."</th>\n";
$echo .= " <td class='list_control_icons' style='width: 25px;'>";
if (permission_exists('group_add')) {
$echo .= "<a href='groupadd.php' alt='".$text['button-add']."'>".$v_link_label_add."</a>";
}
$echo .= " </td>\n";
$echo .= "</tr>\n";
$count = 0;
foreach ($groups as &$row) {
$domain_uuid = $row['domain_uuid'];
$group_uuid = $row["group_uuid"];
$group_name = $row["group_name"];
$group_protected= $row["group_protected"];
$group_protected = $row["group_protected"];
$group_description = $row["group_description"];
if (strlen($group_name) == 0) { $group_name = "&nbsp;"; }
if (strlen($group_description) == 0) { $group_description = "&nbsp;"; }
@@ -115,75 +149,73 @@ require_once "resources/require.php";
//hide the superadmin group from non superadmin's
}
else {
/*
$tr_link = (permission_exists('group_edit')) ? "href='groupedit.php?id=".$group_uuid."'" : null;
*/
$strlist .= "<tr ".$tr_link.">\n";
$strlist .= "<td class='".$row_style[$c]."' nowrap>";
/*
if (permission_exists('group_edit')) {
$strlist .= "<a href='groupedit.php?id=".$group_uuid."'>".$group_name."</a>";
if (permission_exists('group_edit') && !($domain_uuid == '' && in_array($group_name, $system_groups))) {
$tr_link = (permission_exists('group_edit')) ? "href='groupedit.php?id=".$group_uuid."'" : null;
}
else {
*/
$strlist .= $group_name;
/*
unset($tr_link);
}
*/
$strlist .= "</td>\n";
$strlist .= "<td class='".$row_style[$c]."' nowrap>\n";
$echo .= "<tr ".$tr_link.">\n";
if (permission_exists('group_all') && $_GET['showall'] == 'true') {
$echo .= "<td class='".$row_style[$c]."' nowrap>";
$echo .= ($domain_uuid != '') ? $_SESSION['domains'][$domain_uuid]['domain_name'] : "<i>".$text['label-global']."</i>";
$echo .= "</td>\n";
}
$echo .= "<td class='".$row_style[$c]."' nowrap>";
if (permission_exists('group_edit') && !($domain_uuid == '' && in_array($group_name, $system_groups))) {
$echo .= "<a href='groupedit.php?id=".$group_uuid."'>".(($domain_uuid == '' && $_GET['showall'] != 'true') ? "<i>".$group_name."</i>" : $group_name)."</a>";
}
else {
$echo .= ($domain_uuid == '' && $_GET['showall'] != 'true') ? "<i>".$group_name."</i>" : $group_name;
}
$echo .= "</td>\n";
$echo .= "<td class='".$row_style[$c]." tr_link_void' nowrap>\n";
if (permission_exists('group_add') || if_group("superadmin")) {
$strlist .= "<a class='' href='group_permissions.php?group_uuid=".$group_uuid."&group_name=".$group_name."' title='".$text['label-group_permissions']."'>".$text['label-group_permissions']."</a>&nbsp;&nbsp;";
$echo .= "<a class='' href='group_permissions.php?group_uuid=".$group_uuid."' title='".$text['label-group_permissions']."'>".$text['label-group_permissions']."</a>&nbsp;&nbsp;&nbsp;";
}
if (permission_exists('group_member_view') || if_group("superadmin")) {
$strlist .= "<a class='' href='groupmembers.php?group_uuid=".$group_uuid."&group_name=".$group_name."' title='".$text['label-group_members']."'>".$text['label-group_members']."</a>";
$echo .= "<a class='' href='groupmembers.php?group_uuid=".$group_uuid."&group_name=".$group_name."' title='".$text['label-group_members']."'>".$text['label-group_members']."</a>";
if (sizeof($group_counts) > 0 && $group_counts[$group_uuid] > 0) {
$echo .= " <span style='font-size: 80%;'>(".$group_counts[$group_uuid].")</span>";
}
}
$strlist .= "</td>\n";
$strlist .= "<td class='".$row_style[$c]."' style=\"padding: 0px; text-align: center;\" align=\"center\" nowrap>\n";
if ($group_protected == "true") {
$strlist .= " <input type='checkbox' name='group_protected' checked='checked' value='true' onchange=\"window.location='".PROJECT_PATH."/core/users/groups.php?change=false&group_uuid=".$group_uuid."&group_name=".$group_name."';\">\n";
$echo .= "</td>\n";
$echo .= "<td class='".$row_style[$c]." tr_link_void' style='padding: 0px; text-align: center;' align='center' nowrap>\n";
$echo .= " <input type='checkbox' name='group_protected' ".(($group_protected == "true") ? "checked='checked'" : null)." value='".(($group_protected == "true") ? 'false' : 'true')."' onchange=\"window.location='".PROJECT_PATH."/core/users/groups.php?change=".(($group_protected == "true") ? 'false' : 'true')."&group_uuid=".$group_uuid."&group_name=".$group_name.(($_GET['showall'] == 'true') ? "&showall=true" : null)."';\">\n";
$echo .= "</td>\n";
$echo .= "<td class='row_stylebg' nowrap>".$group_description."</td>\n";
$echo .= "<td class='list_control_icons' style='width: 25px;'>";
if (!($domain_uuid == '' && in_array($group_name, $system_groups))) {
if (permission_exists('group_edit')) {
$echo .= "<a href='groupedit.php?id=".$group_uuid."' alt='".$text['button-edit']."'>".$v_link_label_edit."</a>";
}
if (permission_exists('group_delete')) {
$echo .= "<a href='groupdelete.php?id=".$group_uuid."' onclick=\"return confirm('".$text['confirm-delete']."')\" alt='".$text['button-delete']."'>".$v_link_label_delete."</a>";
}
}
else {
$strlist .= " <input type='checkbox' name='group_protected' value='false' onchange=\"window.location='".PROJECT_PATH."/core/users/groups.php?change=true&group_uuid=".$group_uuid."&group_name=".$group_name."';\">\n";
}
$strlist .= "</td>\n";
$strlist .= "<td class='row_stylebg' nowrap>".$group_description."</td>\n";
$strlist .= "<td class='list_control_icons' style='width: 25px;'>";
/*
if (permission_exists('group_edit')) {
$strlist .= "<a href='groupedit.php?id=$group_uuid' alt='".$text['button-edit']."'>$v_link_label_edit</a>";
}
*/
if (permission_exists('group_delete')) {
$strlist .= "<a href='groupdelete.php?id=$group_uuid' onclick=\"return confirm('".$text['confirm-delete']."')\" alt='".$text['button-delete']."'>$v_link_label_delete</a>";
}
$strlist .= "</td>\n";
$strlist .= "</tr>\n";
$echo .= "</td>\n";
$echo .= "</tr>\n";
}
if ($c==0) { $c=1; } else { $c=0; }
$c = ($c) ? 0 : 1;
$count++;
}
$strlist .= "<tr>\n";
$strlist .= "<td colspan='4'>&nbsp;</td>";
$strlist .= "<td class='list_control_icons' style='width: 25px;'>";
$echo .= "<tr>\n";
$echo .= "<td colspan='".((permission_exists('group_all') && $_GET['showall'] == 'true') ? 5 : 4)."'>&nbsp;</td>";
$echo .= "<td class='list_control_icons' style='width: 25px;'>";
if (permission_exists('group_add')) {
$strlist .= "<a href='groupadd.php' alt='".$text['button-add']."'>$v_link_label_add</a>";
$echo .= "<a href='groupadd.php' alt='".$text['button-add']."'>".$v_link_label_add."</a>";
}
$strlist .= "</td>\n";
$strlist .= "</tr>\n";
$echo .= "</td>\n";
$echo .= "</tr>\n";
$echo .= "</table>\n";
$echo .= "<br>";
$strlist .= "</table>\n";
if ($count > 0) {
echo $strlist;
echo $echo;
}
echo "</td>";
echo "</tr>";
echo "</table>";
echo "<br>";
echo "</div>";
//show the footer
require_once "resources/footer.php";

34
core/users/usersupdate.php
View File

@@ -62,9 +62,6 @@ else {
$group_uuid = check_str($_GET["group_uuid"]);
//delete the group from the users
$sql = "delete from v_group_users where 1 = 1 ";
if (!permission_exists('user_domain')) {
$sql .= "and domain_uuid = '".$domain_uuid."' ";
}
$sql .= "and group_uuid = '".$group_uuid."' ";
$sql .= "and user_uuid = '".$user_uuid."' ";
$db->exec(check_sql($sql));
@@ -100,6 +97,7 @@ if (count($_POST) > 0 && $_POST["persistform"] != "1") {
//get the HTTP values and set as variables
$user_uuid = $_REQUEST["id"];
$domain_uuid = check_str($_POST["domain_uuid"]);
$username_old = check_str($_POST["username_old"]);
$username = check_str($_POST["username"]);
$password = check_str($_POST["password"]);
@@ -112,15 +110,6 @@ if (count($_POST) > 0 && $_POST["persistform"] != "1") {
$user_enabled = check_str($_POST["user_enabled"]);
$api_key = check_str($_POST["api_key"]);
//get the domain_uuid
if (permission_exists('user_domain')) {
$domain_uuid = check_str($_POST["domain_uuid"]);
}
else {
$_POST["domain_uuid"] = $_SESSION['domain_uuid'];
$domain_uuid = $_SESSION['domain_uuid'];
}
//check required values
if ($username != $username_old) {
$sql = "select count(*) as num_rows from v_users where domain_uuid = '".$domain_uuid."' and username = '".$username."'";
@@ -377,20 +366,19 @@ if (count($_POST) > 0 && $_POST["persistform"] != "1") {
return;
}
else {
$sql = "select * from v_users where 1 = 1 ";
if (!permission_exists('user_domain')) {
$sql .= "and domain_uuid = '$domain_uuid' ";
}
$sql .= "and user_uuid = '$user_uuid' ";
//pre-populate the form
$sql = "select * from v_users ";
$sql .= "where user_uuid = '".$user_uuid."' ";
if (!permission_exists('user_all')) {
$sql .= "and domain_uuid = '".$domain_uuid."' ";
}
$prep_statement = $db->prepare(check_sql($sql));
$prep_statement->execute();
$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
foreach ($result as &$row) {
if (permission_exists('user_domain')) {
$domain_uuid = $row["domain_uuid"];
}
$domain_uuid = $row["domain_uuid"];
$user_uuid = $row["user_uuid"];
$username = $row["username"];
$password = $row["password"];
@@ -404,7 +392,6 @@ else {
//group_members function defined in config.php
$group_members = group_members($db, $user_uuid);
}
//include the header
require_once "resources/header.php";
@@ -502,6 +489,9 @@ else {
echo "</td>\n";
echo "</tr>\n";
}
else {
echo "<input type='hidden' name='domain_uuid' value='".$domain_uuid."'>";
}
echo " <tr>";
echo " <td class='vncellreq' valign='top'>".$text['label-groups']."</td>";