lindeas
/
jilo-web
1
1
Fork 0
Code Issues Pull Requests Packages Projects Releases 6 Wiki Activity

Explicitly adds/removes rights, makes possible to remove all rights

main
Yasen Pramatarov 2025-04-15 18:05:09 +03:00
parent 9cb7812144
commit 0a7f3737c5
1 changed files with 32 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
app/pages/profile.php
View File

@ -91,42 +91,46 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST') {
]; ];
$result = $userObject->editUser($userId, $updatedUser); $result = $userObject->editUser($userId, $updatedUser);
if ($result === true) { if ($result === true) {
Feedback::flash('NOTICE', 'DEFAULT', "User details for \"{$updatedUser['name']}\" are edited."); Feedback::flash('NOTICE', 'DEFAULT', "User details for \"{$userDetails[0]['username']}\" are edited.");
} else { } else {
Feedback::flash('ERROR', 'DEFAULT', "Editing the user details failed. Error: $result"); Feedback::flash('ERROR', 'DEFAULT', "Editing the user details failed. Error: $result");
} }
// update the rights // update the rights
if (isset($_POST['rights'])) { // Get current rights IDs
$validator = new Validator(['rights' => $_POST['rights']]); $userRightsIds = array_column($userRights, 'right_id');
$rules = [
'rights' => [
'array' => true
]
];
if (!$validator->validate($rules)) { // If no rights are selected, remove all rights
Feedback::flash('ERROR', 'DEFAULT', $validator->getFirstError()); if (!isset($_POST['rights'])) {
header("Location: $app_root?page=profile"); $_POST['rights'] = [];
exit(); }
}
$newRights = $_POST['rights']; $validator = new Validator(['rights' => $_POST['rights']]);
// extract the new right_ids $rules = [
$userRightsIds = array_column($userRights, 'right_id'); 'rights' => [
// what rights we need to add 'array' => true
$rightsToAdd = array_diff($newRights, $userRightsIds); ]
if (!empty($rightsToAdd)) { ];
foreach ($rightsToAdd as $rightId) {
$userObject->addUserRight($userId, $rightId); if (!$validator->validate($rules)) {
} Feedback::flash('ERROR', 'DEFAULT', $validator->getFirstError());
header("Location: $app_root?page=profile");
exit();
}
$newRights = $_POST['rights'];
// what rights we need to add
$rightsToAdd = array_diff($newRights, $userRightsIds);
if (!empty($rightsToAdd)) {
foreach ($rightsToAdd as $rightId) {
$userObject->addUserRight($userId, $rightId);
} }
// what rights we need to remove }
$rightsToRemove = array_diff($userRightsIds, $newRights); // what rights we need to remove
if (!empty($rightsToRemove)) { $rightsToRemove = array_diff($userRightsIds, $newRights);
foreach ($rightsToRemove as $rightId) { if (!empty($rightsToRemove)) {
$userObject->removeUserRight($userId, $rightId); foreach ($rightsToRemove as $rightId) {
} $userObject->removeUserRight($userId, $rightId);
} }
} }