diff --git a/core/groups/app_config.php b/core/groups/app_config.php
index 8eef02ad78..3cd8705603 100644
--- a/core/groups/app_config.php
+++ b/core/groups/app_config.php
@@ -173,6 +173,14 @@
$apps[$x]['db'][$y]['fields'][$z]['type'] = "text";
$apps[$x]['db'][$y]['fields'][$z]['description']['en-us'] = "";
$z++;
+ $apps[$x]['db'][$y]['fields'][$z]['name']['text'] = "permission_protected";
+ $apps[$x]['db'][$y]['fields'][$z]['type'] = "text";
+ $apps[$x]['db'][$y]['fields'][$z]['description']['en-us'] = "";
+ $z++;
+ $apps[$x]['db'][$y]['fields'][$z]['name']['text'] = "permission_assigned";
+ $apps[$x]['db'][$y]['fields'][$z]['type'] = "text";
+ $apps[$x]['db'][$y]['fields'][$z]['description']['en-us'] = "";
+ $z++;
$apps[$x]['db'][$y]['fields'][$z]['name'] = "group_name";
$apps[$x]['db'][$y]['fields'][$z]['type'] = "text";
$apps[$x]['db'][$y]['fields'][$z]['search'] = "true";
diff --git a/core/groups/group_permissions.php b/core/groups/group_permissions.php
index c8926b441a..8fb203056f 100644
--- a/core/groups/group_permissions.php
+++ b/core/groups/group_permissions.php
@@ -66,6 +66,7 @@
$x = 0;
$sql = "select distinct(permission_name) from v_group_permissions ";
$sql .= "where (domain_uuid = :domain_uuid or domain_uuid is null) ";
+ $sql .= "and permission_assigned = 'true' ";
foreach ($_SESSION["groups"] as $field) {
if (strlen($field['group_name']) > 0) {
$sql_where_or[] = "group_name = :group_name_".$x;
@@ -100,61 +101,132 @@
$group_permissions = $_POST['group_permissions'];
}
+//add the search string
+ if (isset($_REQUEST["search"])) {
+ $search = strtolower($_REQUEST["search"]);
+ $sql_search = " (";
+ $sql_search .= " lower(p.permission_name) like :search \n";
+ $sql_search .= ") ";
+ $parameters['search'] = '%'.$search.'%';
+ }
+
+//get the list
+ $sql = "select ";
+ $sql .= " distinct p.permission_name, \n";
+ $sql .= " p.application_name, \n";
+ $sql .= " g.permission_protected, \n";
+ $sql .= " g.group_permission_uuid, \n";
+ $sql .= " g.permission_assigned \n";
+ $sql .= "from v_permissions as p \n";
+ $sql .= "left join \n";
+ $sql .= " v_group_permissions as g \n";
+ $sql .= " on p.permission_name = g.permission_name \n";
+ $sql .= " and group_name = :group_name \n";
+ if (isset($sql_search)) {
+ $sql .= "where ".$sql_search;
+ }
+ $sql .= " order by p.application_name, p.permission_name asc ";
+ $parameters['group_name'] = $group_name;
+ $database = new database;
+ $group_permissions = $database->select($sql, $parameters, 'all');
+
//process the user data and save it to the database
if (count($_POST) > 0 && strlen($_POST["persistformvar"]) == 0) {
- //get the list
- $sql = "select p.*, ";
- $sql .= "exists(select from v_group_permissions where permission_name = p.permission_name and group_name = :group_name) as permission_assigned ";
- $sql .= "from v_permissions as p ";
- $parameters['group_name'] = $group_name;
- //$sql = "select * from v_group_permissions ";
- //$sql .= "where group_uuid = :group_uuid ";
- //$parameters['group_uuid'] = $group_uuid;
- $database = new database;
- $group_permissions = $database->select($sql, $parameters, 'all');
-
- //add or remove permissions from the group
$x = 0;
if (is_array($_POST['group_permissions'])) {
foreach($_POST['group_permissions'] as $row) {
- //check to see if the group has been assigned the permission
- $in_database = false;
- foreach($group_permissions as $field) {
- if ($field['permission_name'] === $row['permission_name'] && $field['permission_assigned'] === true) {
- $in_database = true;
- break;
- }
- }
+ //reset values
+ $action = "";
+ $save_permission = false;
+ $delete_permission = false;
+ $save_protected = false;
+ $delete_protected = false;
+ $persist = false;
- //add - checked on html form and not in the database
- if ($row['checked'] === 'true') {
- if (!$in_database) {
+ //get the action save or delete
+ foreach($group_permissions as $field) {
+ if ($field['permission_name'] === $row['permission_name']) {
+ if ($field['permission_assigned'] == 'true') {
+ if ($row['checked'] == "true") {
+ $persist = true;
+ }
+ else {
+ $delete_permission = true;
+ }
+ }
+ else {
+
+ if ($row['checked'] == "true") {
+ $save_permission = true;
+ }
+ else {
+ //do nothing
+ }
+ }
+
+ if ($field['permission_protected'] == 'true') {
+ if ($row['permission_protected'] == "true") {
+ $persist = true;
+ }
+ else {
+ $delete_protected = true;
+ }
+ }
+ else {
+ if ($row['permission_protected'] == "true") {
+ $save_protected = true;
+ }
+ else {
+ //do nothing
+ }
+ }
+
+ if ($save_permission || $save_protected) {
+ $action = "save";
+ }
+ elseif ($delete_permission || $delete_protected){
+ if ($persist) {
+ $action = "save";
+ }
+ else {
+ $action = "delete";
+ }
+ }
+ else {
+ $action = "";
+ }
+ $group_permission_uuid = $field['group_permission_uuid'];
+ break;
+ }
+ }
+
+ //build the array;
+ if ($action == "save") {
+ if (strlen($group_permission_uuid) == 0) {
+ $group_permission_uuid = uuid();
+ }
if (isset($row['permission_name']) && strlen($row['permission_name']) > 0) {
- $array['add']['group_permissions'][$x]['group_permission_uuid'] = uuid();
- $array['add']['group_permissions'][$x]['permission_name'] = $row['permission_name'];
- $array['add']['group_permissions'][$x]['group_uuid'] = $group_uuid;
- $array['add']['group_permissions'][$x]['group_name'] = $group_name;
- //$array['add']['group_permissions'][$x]['permission_uuid'] = $row['uuid'];
+ $array['save']['group_permissions'][$x]['group_permission_uuid'] = $group_permission_uuid;
+ $array['save']['group_permissions'][$x]['permission_name'] = $row['permission_name'];
+ $array['save']['group_permissions'][$x]['permission_protected'] = $row['permission_protected'] == 'true' ? "true" : 'false';
+ $array['save']['group_permissions'][$x]['permission_assigned'] = $row['checked'] != "true" ? "false" : "true";
+ $array['save']['group_permissions'][$x]['group_uuid'] = $group_uuid;
+ $array['save']['group_permissions'][$x]['group_name'] = $group_name;
$x++;
}
}
- }
- //delete - unchecked on the form and in the database
- if ($row['checked'] !== 'true') {
- if ($in_database) {
+ if ($action == "delete") {
if (isset($row['permission_name']) && strlen($row['permission_name']) > 0) {
$array['delete']['group_permissions'][$x]['permission_name'] = $row['permission_name'];
$array['delete']['group_permissions'][$x]['group_uuid'] = $group_uuid;
$array['delete']['group_permissions'][$x]['group_name'] = $group_name;
- //$array['delete'][$x]['permission_uuid'] = $row['uuid'];
}
$x++;
}
- }
}
}
-
+
//validate the token
$token = new token;
if (!$token->validate($_SERVER['PHP_SELF'])) {
@@ -163,16 +235,16 @@
exit;
}
- //save to the data
- if (is_array($array['add']) && @sizeof($array['add']) != 0) {
+ //save the save array
+ if (is_array($array['save']) && @sizeof($array['save']) != 0) {
$database = new database;
$database->app_name = 'groups';
$database->app_uuid = '2caf27b0-540a-43d5-bb9b-c9871a1e4f84';
- $database->save($array['add']);
+ $database->save($array['save']);
$message = $database->message;
}
- //delete the permissions
+ //delete the delete array
if (is_array($array['delete']) && @sizeof($array['delete']) != 0) {
if (permission_exists('group_permission_delete')) {
$database = new database;
@@ -194,41 +266,6 @@
//$order_by = $_GET["order_by"];
//$order = $_GET["order"];
-//add the search string
- if (isset($_REQUEST["search"])) {
- $search = strtolower($_REQUEST["search"]);
- $sql_search = " (";
- $sql_search .= " lower(p.permission_name) like :search ";
- //$sql_search .= " or lower(p.group_name) like :search ";
- $sql_search .= ") ";
- $parameters['search'] = '%'.$search.'%';
- }
-
-//get the count
- /*
- $sql = "select count(group_permission_uuid) from v_group_permissions ";
- $sql .= "where group_uuid = :group_uuid ";
- $parameters['group_uuid'] = $group_uuid;
- if (isset($sql_search)) {
- $sql .= "where ".$sql_search;
- }
- $database = new database;
- $num_rows = $database->select($sql, $parameters, 'column');
- */
-
-//get the list
- $sql = "select p.*, ";
- $sql .= "exists(select from v_group_permissions where permission_name = p.permission_name and group_name = :group_name) as permission_assigned ";
- $sql .= "from v_permissions as p ";
- $parameters['group_name'] = $group_name;
- if (isset($sql_search)) {
- $sql .= "where ".$sql_search;
- }
- $sql .= "order by application_name asc, permission_name asc ";
- $database = new database;
- $group_permissions = $database->select($sql, $parameters, 'all');
- unset($sql, $parameters);
-
//create token
$object = new token;
$token = $object->create($_SERVER['PHP_SELF']);
@@ -270,7 +307,8 @@
if (is_array($group_permissions) && @sizeof($group_permissions) != 0) {
$x = 0;
foreach ($group_permissions as $row) {
- $checked = ($row['permission_assigned'] === true) ? " checked=\"checked\"" : $checked = '';
+ $checked = ($row['permission_assigned'] === 'true') ? " checked=\"checked\"" : $checked = '';
+ $protected = ($row['permission_protected'] === 'true') ? " checked=\"checked\"" : '';
$application_name = strtolower($row['application_name']);
$label_application_name = ucwords(str_replace(['_','-'], " ", $row['application_name']));
@@ -293,6 +331,10 @@
if (permission_exists('group_permission_edit') && $_SESSION['theme']['list_row_edit_button']['boolean'] == 'true') {
echo " | | \n";
}
+ echo " \n";
+ echo " \n";
+ echo " | \n";
+ echo th_order_by('group_permission_protected', $text['label-group_protected'], $order_by, $order, null, "class=''");
echo "\n";
}
@@ -305,6 +347,14 @@
echo " \n";
}
echo " ".escape($row['permission_name'])." | \n";
+ if (permission_exists('group_permission_add') || permission_exists('group_permission_edit') || permission_exists('group_permission_delete')) {
+ echo " \n";
+ echo " \n";
+ echo " | \n";
+ }
+ echo " \n";
+ echo " ";
+ echo " | \n";
echo "\n";
//set the previous category
diff --git a/core/groups/resources/classes/groups.php b/core/groups/resources/classes/groups.php
index 432abd253f..a18f0ec1ba 100644
--- a/core/groups/resources/classes/groups.php
+++ b/core/groups/resources/classes/groups.php
@@ -445,6 +445,8 @@ if (!class_exists('groups')) {
$array['group_permissions'][$x]['group_permission_uuid'] = uuid();
$array['group_permissions'][$x]['domain_uuid'] = null;
$array['group_permissions'][$x]['permission_name'] = $row['name'];
+ $array['group_permissions'][$x]['permission_protected'] = 'false';
+ $array['group_permissions'][$x]['permission_assigned'] = 'true';
$array['group_permissions'][$x]['group_name'] = $group;
$array['group_permissions'][$x]['group_uuid'] = $group_uuids[$group];
}
diff --git a/core/groups/resources/classes/permission.php b/core/groups/resources/classes/permission.php
index ae8d49d4b2..c4d2708713 100644
--- a/core/groups/resources/classes/permission.php
+++ b/core/groups/resources/classes/permission.php
@@ -58,14 +58,15 @@
}
$group_names = "'".implode("','", $group_name_array)."'";
- //delete unprotected system group permissions
+ //delete unprotected permissions
$sql = "delete from v_group_permissions as p ";
$sql .= "where group_name in ( ";
$sql .= " select group_name ";
$sql .= " from v_groups ";
$sql .= " where group_protected <> 'true' ";
$sql .= " and group_name in (".$group_names.") ";
- $sql .= ");";
+ $sql .= ")";
+ $sql .= "and (permission_protected <> 'true' or permission_protected is null)";
$database = new database;
$result = $database->select($sql);
@@ -166,6 +167,8 @@
//build default permissions insert array
$array['group_permissions'][$x]['group_permission_uuid'] = uuid();
$array['group_permissions'][$x]['permission_name'] = $permission['name'];
+ $array['group_permissions'][$x]['permission_protected'] = 'false';
+ $array['group_permissions'][$x]['permission_assigned'] = 'true';
$array['group_permissions'][$x]['group_name'] = $group_name;
$array['group_permissions'][$x]['group_uuid'] = $group_uuid;
$x++;