From f2d643aecb0da5b7bee33b971b3ba9fd63bd5678 Mon Sep 17 00:00:00 2001
From: Nate Jones <git@reliberate.com>
Date: Sat, 18 Oct 2014 06:49:34 +0000
Subject: [PATCH] Contacts: Private or Shared.  User can create a private
 contact only visible to them, or can choose to share a contact with others by
 assigning it to group(s).  Users can view only contacts assigned to their
 group(s) and contacts NOT assigned to any group.

---
 app/contacts/app_languages.php |  28 ++++++-
 app/contacts/contact_edit.php  |  82 ++++++++++++++++----
 app/contacts/contacts.php      | 134 +++++++++++++++------------------
 core/users/signup.php          |  20 +++--
 core/users/userdelete.php      |   9 ++-
 core/users/users.php           |   2 +-
 6 files changed, 172 insertions(+), 103 deletions(-)

diff --git a/app/contacts/app_languages.php b/app/contacts/app_languages.php
index ebced4445b..ca7a35d77c 100644
--- a/app/contacts/app_languages.php
+++ b/app/contacts/app_languages.php
@@ -183,15 +183,35 @@
 		$text['description-contact_note']['pt-pt'] = "Introduza uma nota.";
 		$text['description-contact_note']['fr-fr'] = "";
 
+		$text['label-shared']['en-us'] = "Shared";
+		$text['label-shared']['es-cl'] = "Compartido";
+		$text['label-shared']['pt-pt'] = "Partilhada";
+		$text['label-shared']['fr-fr'] = "Commun";
+
+		$text['description-shared']['en-us'] = "Share this contact with other users on the domain.";
+		$text['description-shared']['es-cl'] = "Comparte este contacto con otros usuarios en el dominio.";
+		$text['description-shared']['pt-pt'] = "Compartilhe esse contato com outros usuários do domínio.";
+		$text['description-shared']['fr-fr'] = "Partager ce contact avec d'autres utilisateurs sur le domaine.";
+
+		$text['option-true']['en-us'] = "True";
+		$text['option-true']['es-cl'] = "Verdadero";
+		$text['option-true']['pt-pt'] = "Sim";
+		$text['option-true']['fr-fr'] = "Oui";
+
+		$text['option-false']['en-us'] = "False";
+		$text['option-false']['es-cl'] = "Falso";
+		$text['option-false']['pt-pt'] = "Não";
+		$text['option-false']['fr-fr'] = "Non";
+
 		$text['label-groups']['en-us'] = "Groups";
 		$text['label-groups']['es-cl'] = "Grupos";
 		$text['label-groups']['pt-pt'] = "Grupos";
 		$text['label-groups']['fr-fr'] = "Groupes";
 
-		$text['description-groups']['en-us'] = "Contacts assigned to a Group will be visible to all Users in the Group.";
-		$text['description-groups']['es-cl'] = "Contactos asignados a un grupo serán visibles por todos los usuarios del grupo.";
-		$text['description-groups']['pt-pt'] = "Contatos atribuídos a um grupo será visível por todos os usuários do grupo.";
-		$text['description-groups']['fr-fr'] = "Contacts affectés à un groupe seront visibles par tous les utilisateurs du groupe.";
+		$text['description-groups']['en-us'] = "Contacts assigned to a group are only visible to users in the group.  Contacts not assigned to a group will be visible to all users in the domain.";
+		$text['description-groups']['es-cl'] = "Contactos asignados a un grupo sólo son visibles para los usuarios del grupo. Los contactos no asignados a un grupo serán visibles para todos los usuarios del dominio.";
+		$text['description-groups']['pt-pt'] = "Contatos atribuídos a um grupo só são visíveis para os usuários do grupo. Contatos não atribuídos a um grupo será visível para todos os usuários no domínio.";
+		$text['description-groups']['fr-fr'] = "Contacts affectés à un groupe ne sont accessibles qu'aux utilisateurs du groupe. Contacts ne sont pas affectés à un groupe seront visibles à tous les utilisateurs dans le domaine.";
 
 		$text['button-qr_code']['en-us'] = "QR Code";
 		$text['button-qr_code']['es-cl'] = "Código QR";
diff --git a/app/contacts/contact_edit.php b/app/contacts/contact_edit.php
index 9b88415d35..70db4cb2ca 100644
--- a/app/contacts/contact_edit.php
+++ b/app/contacts/contact_edit.php
@@ -158,9 +158,30 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) {
 			$location = "contacts.php";
 		} //if ($action == "add")
 
-		//handle insertion of contact group
-		if ($_POST['group_uuid'] != '') {
-			$group_uuid = $_POST["group_uuid"];
+		//if contact is shared, remove contact group record containing user's uuid
+		if ($_POST['contact_shared'] == 'true') {
+			$sql = "delete from v_contact_groups ";
+			$sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' ";
+			$sql .= "and contact_uuid = '".$contact_uuid."' ";
+			$sql .= "and group_uuid = '".$_SESSION['groups'][0]['user_uuid']."' ";
+			$prep_statement = $db->prepare(check_sql($sql));
+			$prep_statement->execute();
+			unset($prep_statement, $sql);
+			$group_uuid = $_POST['group_uuid'];
+		}
+		//if private contact, delete any groups currently assigned, set group uuid to user's uuid
+		else {
+			$sql = "delete from v_contact_groups ";
+			$sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' ";
+			$sql .= "and contact_uuid = '".$contact_uuid."' ";
+			$prep_statement = $db->prepare(check_sql($sql));
+			$prep_statement->execute();
+			unset($prep_statement, $sql);
+			$group_uuid = $_SESSION['groups'][0]['user_uuid'];
+		}
+
+		//handle insertion of contact group (or private contact, if not shared)
+		if ($group_uuid != '') {
 			$sql = "insert into v_contact_groups ";
 			$sql .= "( ";
 			$sql .= "contact_group_uuid, ";
@@ -586,11 +607,6 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) {
 		echo "</td>\n";
 		echo "</tr>\n";
 
-		//echo "<tr>\n";
-		//echo "<td><strong>Additional Information</strong></td>\n";
-		//echo "<td>&nbsp;</td>\n";
-		//echo "<tr>\n";
-
 		echo "<tr>\n";
 		echo "<td class='vncell' valign='top' align='left' nowrap='nowrap'>\n";
 		echo "	".$text['label-contact_time_zone'].":\n";
@@ -602,11 +618,43 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) {
 		echo "</td>\n";
 		echo "</tr>\n";
 
-		if (permission_exists('contact_group_view')) {
-			echo "<tr>";
-			echo "	<td class='vncell' valign='top'>".$text['label-groups'].":</td>";
-			echo "	<td class='vtable'>";
+		//determine if contact is shared or private
+		if ($action == 'update') {
+			$sql = "select count(*) as num_rows from v_contact_groups ";
+			$sql .= "where domain_uuid = '".$domain_uuid."' ";
+			$sql .= "and contact_uuid = '".$contact_uuid."' ";
+			$sql .= "and group_uuid = '".$_SESSION['groups'][0]['user_uuid']."' ";
+			$prep_statement = $db->prepare(check_sql($sql));
+			$prep_statement->execute();
+			$row = $prep_statement->fetch(PDO::FETCH_ASSOC);
+			$contact_shared = ($row['num_rows'] > 0) ? 'false' : 'true';
+			unset ($sql, $prep_statement, $row);
+		}
+		else {
+			//private by default on contact add
+			$contact_shared = 'false';
+		}
+		echo "<tr>\n";
+		echo "<td class='vncell' valign='top' align='left' nowrap='nowrap'>\n";
+		echo "	".$text['label-shared'].":\n";
+		echo "</td>\n";
+		echo "<td class='vtable' align='left'>\n";
+		echo "	<select class='formfld' name='contact_shared' id='contact_shared' ".((permission_exists('contact_group_view')) ? "onchange=\"$('#div_groups').slideToggle('400');\"" : null).">\n";
+		echo "		<option value='false'>".$text['option-false']."</option>\n";
+		echo "		<option value='true' ".(($contact_shared == 'true') ? "selected" : null).">".$text['option-true']."</option>\n";
+		echo "	</select>\n";
+		echo "<br />\n";
+		echo $text['description-shared']."\n";
+		echo "</td>\n";
+		echo "</tr>\n";
+		echo "</table>";
 
+		if (permission_exists('contact_group_view')) {
+			echo "<div id='div_groups' ".(($contact_shared != 'true') ? "style='display: none;'" : null).">\n";
+			echo "<table border='0' cellpadding='0' cellspacing='0' width='100%'>\n";
+			echo "<tr>";
+			echo "	<td width='30%' class='vncell' valign='top'>".$text['label-groups'].":</td>";
+			echo "	<td width='70%' class='vtable'>";
 			$sql = "select ";
 			$sql .= "g.*, ";
 			$sql .= "cg.contact_group_uuid ";
@@ -618,6 +666,7 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) {
 			$sql .= "and g.domain_uuid = '".$domain_uuid."' ";
 			$sql .= "and cg.domain_uuid = '".$domain_uuid."' ";
 			$sql .= "and cg.contact_uuid = '".$contact_uuid."' ";
+			$sql .= "and cg.group_uuid <> '".$_SESSION['groups'][0]['user_uuid']."' ";
 			$sql .= "order by g.group_name asc ";
 			$prep_statement = $db->prepare(check_sql($sql));
 			$prep_statement->execute();
@@ -631,7 +680,7 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) {
 						echo "	<td class='vtable'>".$field['group_name']."</td>\n";
 						echo "	<td>\n";
 						if (permission_exists('contact_group_delete') || if_group("superadmin")) {
-							echo "		<a href='contact_edit.php?id=".$contact_uuid."&cgid=".$field['contact_group_uuid']."&a=delete' alt='".$text['button-delete']."' onclick=\"return confirm('".$text['confirm-delete']."')\">$v_link_label_delete</a>\n";
+							echo "	<a href='contact_edit.php?id=".$contact_uuid."&cgid=".$field['contact_group_uuid']."&a=delete' alt='".$text['button-delete']."' onclick=\"return confirm('".$text['confirm-delete']."')\">$v_link_label_delete</a>\n";
 						}
 						echo "	</td>\n";
 						echo "</tr>\n";
@@ -676,13 +725,16 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) {
 
 			echo "	</td>";
 			echo "</tr>";
+			echo "</table>\n";
+			echo "</div>";
 		}
 
+		echo "<table border='0' cellpadding='0' cellspacing='0' width='100%'>\n";
 		echo "<tr>\n";
-		echo "<td class='vncell' valign='top' align='left' nowrap='nowrap'>\n";
+		echo "<td width='30%' class='vncell' valign='top' align='left' nowrap='nowrap'>\n";
 		echo "	".$text['label-contact_note'].":\n";
 		echo "</td>\n";
-		echo "<td class='vtable' align='left'>\n";
+		echo "<td width='70%' class='vtable' align='left'>\n";
 		echo "  <input class='formfld' type='text' name='contact_note' maxlength='255' value='$contact_note'>\n";
 		echo "<br />\n";
 		echo $text['description-contact_note']."\n";
diff --git a/app/contacts/contacts.php b/app/contacts/contacts.php
index bb97c075e1..6e702773b8 100644
--- a/app/contacts/contacts.php
+++ b/app/contacts/contacts.php
@@ -54,21 +54,15 @@ require_once "resources/paging.php";
 	$order = check_str($_GET["order"]);
 
 //show the content
-	echo "<div align='center'>";
-	echo "<table width='100%' border='0' cellpadding='0' cellspacing='2'>\n";
-	echo "<tr class='border'>\n";
-	echo "	<td align=\"center\">\n";
-	echo "		<br>";
-
-	echo "<table width=\"100%\" border=\"0\" cellpadding=\"5\" cellspacing=\"0\">\n";
+	echo "<table width=\"100%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">\n";
 	echo "	<tr>\n";
 	echo "	<td align=\"left\" valign=\"top\">\n";
 	echo "		<span class='title'><strong>".$text['header-contacts']."</strong></span><br>\n";
 	echo "		".$text['description-contacts']."<br /><br />\n";
 	echo "	</td>\n";
-	echo "	<td align=\"right\" valign=\"middle\">\n";
+	echo "	<td align=\"right\" valign=\"top\">\n";
 	echo "		<form method=\"GET\" name=\"frm_search\" action=\"\">\n";
-	echo "			<input class=\"formfld\" type=\"text\" name=\"search_all\" value=\"$search_all\">\n";
+	echo "			<input class=\"formfld\" style='text-align: right;' type=\"text\" name=\"search_all\" value=\"$search_all\">\n";
 	echo "			<input class=\"btn\" type=\"submit\" name=\"submit\" value=\"".$text['button-search']."\">\n";
 	if (permission_exists('contact_add')) {
 		echo 		"<input type='button' class='btn' name='' alt='back' onclick=\"window.location='contact_import.php'\" value='".$text['button-import']."'>";
@@ -77,44 +71,76 @@ require_once "resources/paging.php";
 	echo "	</td>\n";
 	echo "	</tr>\n";
 	echo "</table>\n";
+	echo "<br />\n";
+
+	//retrieve current user's assigned groups (uuids)
+	foreach ($_SESSION['groups'] as $group_data) {
+		$user_group_uuids[] = $group_data['group_uuid'];
+	}
+	//add user's uuid to group uuid list to include private (non-shared) contacts
+	$user_group_uuids[] = $_SESSION['groups'][0]['user_uuid'];
 
 	//prepare to page the results
 		$sql = "select count(*) as num_rows from v_contacts ";
 		$sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' ";
+		if (sizeof($user_group_uuids) > 0) {
+			//only show contacts assigned to current user's group(s) and those not assigned to any group
+			$sql .= "and ( \n";
+			$sql .= "	contact_uuid in ( \n";
+			$sql .= "		select contact_uuid from v_contact_groups ";
+			$sql .= "		where group_uuid in ('".implode("','", $user_group_uuids)."') ";
+			$sql .= "		and domain_uuid = '".$_SESSION['domain_uuid']."' ";
+			$sql .= "	) \n";
+			$sql .= "	or \n";
+			$sql .= "	contact_uuid not in ( \n";
+ 			$sql .= "		select contact_uuid from v_contact_groups ";
+			$sql .= "		where domain_uuid = '".$_SESSION['domain_uuid']."' ";
+			$sql .= "	) \n";
+			$sql .= ") \n";
+		}
 		if (strlen($phone_number) > 0) {
 			$phone_number = preg_replace('{\D}', '', $phone_number);
-			$sql .= "and contact_uuid in (select contact_uuid from v_contact_phones ";
-			$sql .= "where phone_number like '%".$phone_number."%') \n";
+			$sql .= "and contact_uuid in ( ";
+			$sql .= "	select contact_uuid from v_contact_phones ";
+			$sql .= "	where phone_number like '%".$phone_number."%' ";
+			$sql .= ") \n";
 		}
 		else {
 			if (strlen($search_all) > 0) {
 				if (is_numeric($search_all)) {
-					$sql .= "and contact_uuid in (select contact_uuid from v_contact_phones ";
-					$sql .= "where phone_number like '%".$search_all."%') \n";
+					$sql .= "and contact_uuid in ( \n";
+					$sql .= "	select contact_uuid from v_contact_phones ";
+					$sql .= "	where phone_number like '%".$search_all."%' ";
+					$sql .= ") \n";
 				}
 				else {
-					$sql .= "and contact_uuid in (\n";
+					$sql .= "and contact_uuid in ( \n";
 					$sql .= "	select contact_uuid from v_contacts ";
 					$sql .= "	where domain_uuid = '".$_SESSION['domain_uuid']."' \n";
-					$sql .= "	and (\n";
-					$sql .= "	lower(contact_organization) like '%".$search_all."%' or \n";
-					$sql .= "	lower(contact_name_given) like '%".$search_all."%' or \n";
-					$sql .= "	lower(contact_name_family) like '%".$search_all."%' or \n";
-					$sql .= "	lower(contact_nickname) like '%".$search_all."%' or \n";
-					$sql .= "	lower(contact_title) like '%".$search_all."%' or \n";
-					$sql .= "	lower(contact_category) like '%".$search_all."%' or \n";
-					$sql .= "	lower(contact_role) like '%".$search_all."%' or \n";
-					$sql .= "	lower(contact_email) like '%".$search_all."%' or \n";
-					$sql .= "	lower(contact_url) like '%".$search_all."%' or \n";
-					$sql .= "	lower(contact_time_zone) like '%".$search_all."%' or \n";
-					$sql .= "	lower(contact_note) like '%".$search_all."%' or \n";
-					$sql .= "	lower(contact_type) like '%".$search_all."%'\n";
-					$sql .= "	)\n";
-					$sql .= ")\n";
+					$sql .= "	and ( \n";
+					$sql .= "		lower(contact_organization) like '%".$search_all."%' or \n";
+					$sql .= "		lower(contact_name_given) like '%".$search_all."%' or \n";
+					$sql .= "		lower(contact_name_family) like '%".$search_all."%' or \n";
+					$sql .= "		lower(contact_nickname) like '%".$search_all."%' or \n";
+					$sql .= "		lower(contact_title) like '%".$search_all."%' or \n";
+					$sql .= "		lower(contact_category) like '%".$search_all."%' or \n";
+					$sql .= "		lower(contact_role) like '%".$search_all."%' or \n";
+					$sql .= "		lower(contact_email) like '%".$search_all."%' or \n";
+					$sql .= "		lower(contact_url) like '%".$search_all."%' or \n";
+					$sql .= "		lower(contact_time_zone) like '%".$search_all."%' or \n";
+					$sql .= "		lower(contact_note) like '%".$search_all."%' or \n";
+					$sql .= "		lower(contact_type) like '%".$search_all."%' \n";
+					$sql .= "	) \n";
+					$sql .= ") \n";
 				}
 			}
 		}
-		if (strlen($order_by)> 0) { $sql .= "order by $order_by $order "; }
+		if (strlen($order_by) > 0) {
+			$sql .= "order by ".$order_by." ".$order." ";
+		}
+		else {
+			$sql .= "order by contact_organization asc, contact_name_given asc, contact_name_family asc ";
+		}
 		$prep_statement = $db->prepare($sql);
 		if ($prep_statement) {
 		$prep_statement->execute();
@@ -135,42 +161,9 @@ require_once "resources/paging.php";
 		list($paging_controls, $rows_per_page, $var_3) = paging($num_rows, $param, $rows_per_page);
 		$offset = $rows_per_page * $page;
 
-	//get the  list
-		$sql = "select * from v_contacts ";
-		$sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' ";
-		if (strlen($phone_number) > 0) {
-			$sql .= "and contact_uuid in (select contact_uuid from v_contact_phones ";
-			$sql .= "where phone_number like '%".$phone_number."%') \n";
-		}
-		else {
-			if (strlen($search_all) > 0) {
-				if (is_numeric($search_all)) {
-					$sql .= "and contact_uuid in (select contact_uuid from v_contact_phones ";
-					$sql .= "where phone_number like '%".$search_all."%') \n";
-				}
-				else {
-					$sql .= "and contact_uuid in (\n";
-					$sql .= "	select contact_uuid from v_contacts where domain_uuid = '".$_SESSION['domain_uuid']."' \n";
-					$sql .= "	and (\n";
-					$sql .= "	lower(contact_organization) like '%".$search_all."%' or \n";
-					$sql .= "	lower(contact_name_given) like '%".$search_all."%' or \n";
-					$sql .= "	lower(contact_name_family) like '%".$search_all."%' or \n";
-					$sql .= "	lower(contact_nickname) like '%".$search_all."%' or \n";
-					$sql .= "	lower(contact_title) like '%".$search_all."%' or \n";
-					$sql .= "	lower(contact_category) like '%".$search_all."%' or \n";
-					$sql .= "	lower(contact_role) like '%".$search_all."%' or \n";
-					$sql .= "	lower(contact_email) like '%".$search_all."%' or \n";
-					$sql .= "	lower(contact_url) like '%".$search_all."%' or \n";
-					$sql .= "	lower(contact_time_zone) like '%".$search_all."%' or \n";
-					$sql .= "	lower(contact_note) like '%".$search_all."%' or \n";
-					$sql .= "	lower(contact_type) like '%".$search_all."%'\n";
-					$sql .= "	)\n";
-					$sql .= ")\n";
-				}
-			}
-		}
-		if (strlen($order_by)> 0) { $sql .= "order by $order_by $order "; }
-		$sql .= "limit $rows_per_page offset $offset ";
+	//get the list
+		$sql = str_replace('count(*) as num_rows', '*', $sql); // modify query created above
+		$sql .= "limit ".$rows_per_page." offset ".$offset." ";
 		$prep_statement = $db->prepare(check_sql($sql));
 		$prep_statement->execute();
 		$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
@@ -242,15 +235,6 @@ require_once "resources/paging.php";
 	echo "</tr>\n";
 
 	echo "</table>";
-	echo "</div>";
-	echo "<br><br>";
-	echo "<br><br>";
-
-	echo "</td>";
-	echo "</tr>";
-	echo "</table>";
-	echo "</div>";
-	echo "<br><br>";
 
 //include the footer
 	require_once "resources/footer.php";
diff --git a/core/users/signup.php b/core/users/signup.php
index 8f2fa7c6bf..054538ecfa 100644
--- a/core/users/signup.php
+++ b/core/users/signup.php
@@ -44,12 +44,17 @@ else {
 $username = check_str($_POST["username"]);
 $password = check_str($_POST["password"]);
 $confirmpassword = check_str($_POST["confirmpassword"]);
-$group_name = check_str($_POST["group_name"]);
+$group_uuid_name = check_str($_POST["group_uuid_name"]);
 $user_email = check_str($_POST["user_email"]);
 $contact_organization = check_str($_POST["contact_organization"]);
 $contact_name_given = check_str($_POST["contact_name_given"]);
 $contact_name_family = check_str($_POST["contact_name_family"]);
 
+if ($group_uuid_name != '') {
+	$group_data = explode('|', $group_uuid_name);
+	$group_uuid = $group_data[0];
+	$group_name = $group_data[1];
+}
 
 if (count($_POST)>0 && check_str($_POST["persistform"]) != "1") {
 
@@ -140,13 +145,14 @@ if (count($_POST)>0 && check_str($_POST["persistform"]) != "1") {
 	unset($sql);
 
 	//add the user to the group
-	if (strlen($group_name) > 0) {
+	if (strlen($group_uuid) > 0) {
 		if ( ($group_name == "superadmin" && if_group("superadmin")) || $group_name != "superadmin") {
 			$sql = "insert into v_group_users ";
 			$sql .= "( ";
 			$sql .= "group_user_uuid, ";
 			$sql .= "domain_uuid, ";
 			$sql .= "group_name, ";
+			$sql .= "group_uuid, ";
 			$sql .= "user_uuid ";
 			$sql .= ") ";
 			$sql .= "values ";
@@ -154,6 +160,7 @@ if (count($_POST)>0 && check_str($_POST["persistform"]) != "1") {
 			$sql .= "'".$group_user_uuid."', ";
 			$sql .= "'".$domain_uuid."', ";
 			$sql .= "'".$group_name."', ";
+			$sql .= "'".$group_uuid."', ";
 			$sql .= "'".$user_uuid."' ";
 			$sql .= ")";
 			$db->exec(check_sql($sql));
@@ -275,14 +282,13 @@ if (count($_POST)>0 && check_str($_POST["persistform"]) != "1") {
 	$sql .= "order by group_name asc ";
 	$prep_statement = $db->prepare(check_sql($sql));
 	$prep_statement->execute();
-	echo "			<select name=\"group_name\" class='formfld' style='width: auto; margin-right: 3px;'>\n";
+	echo "			<select name=\"group_uuid_name\" class='formfld' style='width: auto; margin-right: 3px;'>\n";
 	echo "				<option value=\"\"></option>\n";
 	$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
 	foreach($result as $field) {
-		if ($field['group_name'] == "superadmin" && !if_group("superadmin")) { continue; }	//only show the superadmin group to other users in the superadmin group
-		if (!in_array($field["group_name"], $assigned_groups)) {
-			echo "		<option value='".$field['group_name']."'>".$field['group_name']."</option>\n";
-		}
+		if ($field['group_name'] == "superadmin" && !if_group("superadmin")) { continue; } //only show the superadmin group to other superadmins
+		if ($field['group_name'] == "admin" && (!if_group("superadmin") && !if_group("admin") )) { continue; }	//only show the admin group to other admins
+		echo "			<option value='".$field['group_uuid']."|".$field['group_name']."'>".$field['group_name']."</option>\n";
 	}
 	echo "			</select>";
 	unset($sql, $result);
diff --git a/core/users/userdelete.php b/core/users/userdelete.php
index 0b51e17194..246c007824 100644
--- a/core/users/userdelete.php
+++ b/core/users/userdelete.php
@@ -34,6 +34,12 @@ else {
 	return;
 }
 
+//add multi-lingual support
+	require_once "app_languages.php";
+	foreach($text as $key => $value) {
+		$text[$key] = $value[$_SESSION['domain']['language']['code']];
+	}
+
 //get the id
 	$user_uuid = check_str($_GET["id"]);
 
@@ -54,7 +60,7 @@ else {
 //required to be a superadmin to delete a member of the superadmin group
 	$superadmin_list = superadmin_list($db);
 	if (if_superadmin($superadmin_list, $user_uuid)) {
-		if (!if_group("superadmin")) { 
+		if (!if_group("superadmin")) {
 			//access denied - do not delete the user
 			header("Location: index.php");
 			return;
@@ -84,6 +90,7 @@ else {
 	}
 
 //redirect the user
+	$_SESSION["message"] = $text['message-delete'];
 	header("Location: index.php");
 
 ?>
\ No newline at end of file
diff --git a/core/users/users.php b/core/users/users.php
index a6897db922..85b92a957d 100644
--- a/core/users/users.php
+++ b/core/users/users.php
@@ -187,7 +187,7 @@ echo "	<td align=\"center\">\n";
 					echo $text['option-false'];
 				}
 				echo "&nbsp;</td>\n";
-				echo "	<td valign='top' align='right'>";
+				echo "	<td valign='top' align='right' class='tr_link_void'>";
 				if (permission_exists('user_edit')) {
 					echo "<a href='usersupdate.php?id=".$row['user_uuid']."' alt='".$text['button-edit']."'>$v_link_label_edit</a>";
 				}