Adds user rights editing feature
parent
e195b653b1
commit
d2154fa63c
|
|
@ -67,11 +67,52 @@ class User {
|
|||
|
||||
}
|
||||
|
||||
// add user right
|
||||
public function addUserRight($user_id, $right_id) {
|
||||
$sql = 'INSERT INTO users_rights
|
||||
(user_id, right_id, enabled)
|
||||
VALUES
|
||||
(:user_id, :right_id, 1)';
|
||||
$query = $this->db->prepare($sql);
|
||||
$query->execute([
|
||||
':user_id' => $user_id,
|
||||
':right_id' => $right_id,
|
||||
]);
|
||||
}
|
||||
|
||||
// remove user right
|
||||
public function removeUserRight($user_id, $right_id) {
|
||||
$sql = 'DELETE FROM users_rights
|
||||
WHERE
|
||||
user_id = :user_id
|
||||
AND
|
||||
right_id = :right_id';
|
||||
$query = $this->db->prepare($sql);
|
||||
$query->execute([
|
||||
':user_id' => $user_id,
|
||||
':right_id' => $right_id,
|
||||
]);
|
||||
}
|
||||
|
||||
// get all rights
|
||||
public function getAllRights() {
|
||||
$sql = 'SELECT
|
||||
id AS right_id,
|
||||
item AS right_name
|
||||
FROM rights';
|
||||
$query = $this->db->prepare($sql);
|
||||
$query->execute();
|
||||
|
||||
return $query->fetchAll(PDO::FETCH_ASSOC);
|
||||
|
||||
}
|
||||
|
||||
// get user rights
|
||||
public function getUserRights($user_id) {
|
||||
$sql = 'SELECT
|
||||
u.id AS user_id,
|
||||
u.username,
|
||||
r.id AS right_id,
|
||||
r.item AS right_name
|
||||
FROM
|
||||
users u
|
||||
|
|
|
|||
|
|
@ -40,6 +40,25 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST') {
|
|||
$_SESSION['error'] .= "Editing the user details failed. Error: $result ";
|
||||
}
|
||||
|
||||
// update the rights
|
||||
$newRights = $_POST['rights'] ?? array();
|
||||
// extract the new right_ids
|
||||
$userRightsIds = array_column($userRights, 'right_id');
|
||||
// what rights we need to add
|
||||
$rightsToAdd = array_diff($newRights, $userRightsIds);
|
||||
if (!empty($rightsToAdd)) {
|
||||
foreach ($rightsToAdd as $rightId) {
|
||||
$userObject->addUserRight($user_id, $rightId);
|
||||
}
|
||||
}
|
||||
// what rights we need to remove
|
||||
$rightsToRemove = array_diff($userRightsIds, $newRights);
|
||||
if (!empty($rightsToRemove)) {
|
||||
foreach ($rightsToRemove as $rightId) {
|
||||
$userObject->removeUserRight($user_id, $rightId);
|
||||
}
|
||||
}
|
||||
|
||||
// update the avatar
|
||||
if (!empty($_FILES['avatar_file']['tmp_name'])) {
|
||||
$result = $userObject->changeAvatar($user_id, $_FILES['avatar_file'], $config['avatars_path']);
|
||||
|
|
@ -56,6 +75,7 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST') {
|
|||
switch ($action) {
|
||||
|
||||
case 'edit':
|
||||
$allRights = $userObject->getAllRights();
|
||||
include '../app/templates/profile-edit.php';
|
||||
break;
|
||||
|
||||
|
|
|
|||
|
|
@ -72,7 +72,20 @@
|
|||
<label for="rights" class="form-label"><small>rights:</small></label>
|
||||
</div>
|
||||
<div class="col-md-8 text-start bg-light">
|
||||
<input class="form-control" type="text" name="rights" value="<?= $userDetails[0]['rights'] ?? '' ?>" />
|
||||
<?php foreach ($allRights as $right) {
|
||||
// Check if the current right exists in $userRights and is enabled
|
||||
$isChecked = false;
|
||||
foreach ($userRights as $userRight) {
|
||||
if ($userRight['right_id'] === $right['right_id']) {
|
||||
$isChecked = true;
|
||||
break;
|
||||
}
|
||||
} ?>
|
||||
<div class="form-check">
|
||||
<input class="form-check-input" type="checkbox" name="rights[]" value="<?= htmlspecialchars($right['right_id']) ?>" id="right_<?= htmlspecialchars($right['right_id']) ?>" <?= $isChecked ? 'checked' : '' ?> />
|
||||
<label class="form-check-label" for="right_<?= htmlspecialchars($right['right_id']) ?>"><?= htmlspecialchars($right['right_name']) ?></label>
|
||||
</div>
|
||||
<?php } ?>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue