From b5bd0cf7bf857342490e1281be41226f11c9b203 Mon Sep 17 00:00:00 2001 From: Mark Crane Date: Thu, 5 Mar 2015 10:17:47 +0000 Subject: [PATCH] Add group_uuid to v_group_users when assigning a user to a group. --- core/users/groupmemberadd.php | 56 ++++++++++++++++---------------- core/users/groupmemberdelete.php | 7 ++-- core/users/groupmembers.php | 54 ++++++++++++++++++++---------- 3 files changed, 66 insertions(+), 51 deletions(-) diff --git a/core/users/groupmemberadd.php b/core/users/groupmemberadd.php index 485fe18de2..df319e96a0 100644 --- a/core/users/groupmemberadd.php +++ b/core/users/groupmemberadd.php @@ -41,38 +41,38 @@ else { } //get the http values and set them as variables + $group_uuid = check_str($_POST["group_uuid"]); $group_name = check_str($_POST["group_name"]); $user_uuid = check_str($_POST["user_uuid"]); -if (strlen($user_uuid) > 0 && strlen($group_name) > 0) { - $sql_insert = "insert into v_group_users "; - $sql_insert .= "("; - $sql_insert .= "group_user_uuid, "; - $sql_insert .= "domain_uuid, "; - $sql_insert .= "group_name, "; - $sql_insert .= "user_uuid "; - $sql_insert .= ")"; - $sql_insert .= "values "; - $sql_insert .= "("; - $sql_insert .= "'".uuid()."', "; - $sql_insert .= "'$domain_uuid', "; - $sql_insert .= "'$group_name', "; - $sql_insert .= "'$user_uuid' "; - $sql_insert .= ")"; - if (!$db->exec($sql_insert)) { - //echo $db->errorCode() . "
"; - $info = $db->errorInfo(); - print_r($info); - // $info[0] == $db->errorCode() unified error code - // $info[1] is the driver specific error code - // $info[2] is the driver specific error string +//add the user to the group + if (is_uuid($user_uuid) && is_uuid($group_uuid) && strlen($group_name) > 0) { + $sql = "insert into v_group_users "; + $sql .= "("; + $sql .= "group_user_uuid, "; + $sql .= "domain_uuid, "; + $sql .= "group_uuid, "; + $sql .= "group_name, "; + $sql .= "user_uuid "; + $sql .= ")"; + $sql .= "values "; + $sql .= "("; + $sql .= "'".uuid()."', "; + $sql .= "'$domain_uuid', "; + $sql .= "'$group_uuid', "; + $sql .= "'$group_name', "; + $sql .= "'$user_uuid' "; + $sql .= ")"; + if (!$db->exec($sql)) { + $info = $db->errorInfo(); + print_r($info); + } + else { + //log the success + //$log_type = 'group'; $log_status='add'; $log_add_user=$_SESSION["username"]; $log_desc= "username: ".$username." added to group: ".$group_name; + //log_add($db, $log_type, $log_status, $log_desc, $log_add_user, $_SERVER["REMOTE_ADDR"]); + } } - else { - //log the success - //$log_type = 'group'; $log_status='add'; $log_add_user=$_SESSION["username"]; $log_desc= "username: ".$username." added to group: ".$group_name; - //log_add($db, $log_type, $log_status, $log_desc, $log_add_user, $_SERVER["REMOTE_ADDR"]); - } -} //redirect the user header("Location: groupmembers.php?group_name=$group_name"); diff --git a/core/users/groupmemberdelete.php b/core/users/groupmemberdelete.php index 425798ecd6..136c5da79b 100644 --- a/core/users/groupmemberdelete.php +++ b/core/users/groupmemberdelete.php @@ -43,19 +43,16 @@ else { //get the http values and set them as variables $group_name = check_str($_GET["group_name"]); $user_uuid = check_str($_GET["user_uuid"]); + $group_uuid = check_str($_GET["group_uuid"]); //delete the group membership $sql_delete = "delete from v_group_users "; $sql_delete .= "where domain_uuid = '$domain_uuid' "; $sql_delete .= "and user_uuid = '$user_uuid' "; - $sql_delete .= "and group_name = '$group_name' "; + $sql_delete .= "and group_uuid = '$group_uuid' "; if (!$db->exec($sql_delete)) { - //echo $db->errorCode() . "
"; $info = $db->errorInfo(); print_r($info); - // $info[0] == $db->errorCode() unified error code - // $info[1] is the driver specific error code - // $info[2] is the driver specific error string } else { //$log_type = 'group'; $log_status='remove'; $log_add_user=$_SESSION["username"]; $log_desc= "username: ".$username." removed from group: ".$group_name; diff --git a/core/users/groupmembers.php b/core/users/groupmembers.php index 34cf1500b2..271ab4dd93 100644 --- a/core/users/groupmembers.php +++ b/core/users/groupmembers.php @@ -60,6 +60,37 @@ else { } //$exampledatareturned = example("apples", 1); +//get the group from v_groups + $sql = "select * from v_groups "; + $sql .= "where group_uuid = '".$group_uuid."' "; + $sql .= "and (domain_uuid = '".$_SESSION['domain_uuid']."' or domain_uuid is null) "; + $prep_statement = $db->prepare(check_sql($sql)); + $prep_statement->execute(); + $groups = $prep_statement->fetchAll(PDO::FETCH_NAMED); + foreach ($groups as &$row) { + $group_name = $row["group_name"]; + } + unset ($prep_statement); + +//get the the users array + if (permission_exists('group_member_add')) { + $sql = "SELECT * FROM v_users "; + $sql .= "where domain_uuid = '$domain_uuid' "; + $sql .= "order by username "; + $prep_statement = $db->prepare(check_sql($sql)); + $prep_statement->execute(); + $users = $prep_statement->fetchAll(PDO::FETCH_NAMED); + } + +//get the groups users + $sql = "SELECT u.user_uuid, u.username, g.group_user_uuid, g.group_uuid FROM v_group_users as g, v_users as u "; + $sql .= "where g.user_uuid = u.user_uuid "; + $sql .= "and g.domain_uuid = '$domain_uuid' "; + $sql .= "and g.group_name = '$group_name' "; + $prep_statement = $db->prepare(check_sql($sql)); + $prep_statement->execute(); + $result = $prep_statement->fetchAll(PDO::FETCH_NAMED); + //include the header require_once "resources/header.php"; $document['title'] = $text['title-group_members']; @@ -80,22 +111,17 @@ else { if (permission_exists('group_member_add')) { echo " \n"; echo "
"; - $sql = "SELECT * FROM v_users "; - $sql .= "where domain_uuid = '$domain_uuid' "; - $sql .= "order by username "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); echo " "; - unset($sql, $result); + echo " "; echo " "; echo " "; echo "
"; @@ -105,13 +131,6 @@ else { echo "\n"; echo "
"; - $sql = "SELECT u.user_uuid, u.username, g.group_user_uuid FROM v_group_users as g, v_users as u "; - $sql .= "where g.user_uuid = u.user_uuid "; - $sql .= "and g.domain_uuid = '$domain_uuid' "; - $sql .= "and g.group_name = '$group_name' "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $strlist = "\n"; $strlist .= "\n"; $strlist .= " \n"; @@ -122,17 +141,17 @@ else { $strlist .= "\n"; $count = 0; - $result = $prep_statement->fetchAll(PDO::FETCH_NAMED); foreach ($result as &$row) { $group_user_uuid = $row["group_user_uuid"]; $username = $row["username"]; $user_uuid = $row["user_uuid"]; + $group_uuid = $row["group_uuid"]; $strlist .= ""; $strlist .= "\n"; $strlist .= "\n"; $strlist .= "\n"; $strlist .= "\n"; @@ -145,7 +164,6 @@ else { $strlist .= "
  ".$text['label-username']."  
  $username     "; if (permission_exists('group_member_delete')) { - $strlist .= "$v_link_label_delete"; + $strlist .= "$v_link_label_delete"; } $strlist .= "
\n"; echo $strlist; - echo "

"; //include the footer