Adds user rights editing feature
parent
e195b653b1
commit
d2154fa63c
|
|
@ -67,11 +67,52 @@ class User {
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// add user right
|
||||||
|
public function addUserRight($user_id, $right_id) {
|
||||||
|
$sql = 'INSERT INTO users_rights
|
||||||
|
(user_id, right_id, enabled)
|
||||||
|
VALUES
|
||||||
|
(:user_id, :right_id, 1)';
|
||||||
|
$query = $this->db->prepare($sql);
|
||||||
|
$query->execute([
|
||||||
|
':user_id' => $user_id,
|
||||||
|
':right_id' => $right_id,
|
||||||
|
]);
|
||||||
|
}
|
||||||
|
|
||||||
|
// remove user right
|
||||||
|
public function removeUserRight($user_id, $right_id) {
|
||||||
|
$sql = 'DELETE FROM users_rights
|
||||||
|
WHERE
|
||||||
|
user_id = :user_id
|
||||||
|
AND
|
||||||
|
right_id = :right_id';
|
||||||
|
$query = $this->db->prepare($sql);
|
||||||
|
$query->execute([
|
||||||
|
':user_id' => $user_id,
|
||||||
|
':right_id' => $right_id,
|
||||||
|
]);
|
||||||
|
}
|
||||||
|
|
||||||
|
// get all rights
|
||||||
|
public function getAllRights() {
|
||||||
|
$sql = 'SELECT
|
||||||
|
id AS right_id,
|
||||||
|
item AS right_name
|
||||||
|
FROM rights';
|
||||||
|
$query = $this->db->prepare($sql);
|
||||||
|
$query->execute();
|
||||||
|
|
||||||
|
return $query->fetchAll(PDO::FETCH_ASSOC);
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
// get user rights
|
// get user rights
|
||||||
public function getUserRights($user_id) {
|
public function getUserRights($user_id) {
|
||||||
$sql = 'SELECT
|
$sql = 'SELECT
|
||||||
u.id AS user_id,
|
u.id AS user_id,
|
||||||
u.username,
|
u.username,
|
||||||
|
r.id AS right_id,
|
||||||
r.item AS right_name
|
r.item AS right_name
|
||||||
FROM
|
FROM
|
||||||
users u
|
users u
|
||||||
|
|
|
||||||
|
|
@ -40,6 +40,25 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST') {
|
||||||
$_SESSION['error'] .= "Editing the user details failed. Error: $result ";
|
$_SESSION['error'] .= "Editing the user details failed. Error: $result ";
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// update the rights
|
||||||
|
$newRights = $_POST['rights'] ?? array();
|
||||||
|
// extract the new right_ids
|
||||||
|
$userRightsIds = array_column($userRights, 'right_id');
|
||||||
|
// what rights we need to add
|
||||||
|
$rightsToAdd = array_diff($newRights, $userRightsIds);
|
||||||
|
if (!empty($rightsToAdd)) {
|
||||||
|
foreach ($rightsToAdd as $rightId) {
|
||||||
|
$userObject->addUserRight($user_id, $rightId);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
// what rights we need to remove
|
||||||
|
$rightsToRemove = array_diff($userRightsIds, $newRights);
|
||||||
|
if (!empty($rightsToRemove)) {
|
||||||
|
foreach ($rightsToRemove as $rightId) {
|
||||||
|
$userObject->removeUserRight($user_id, $rightId);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// update the avatar
|
// update the avatar
|
||||||
if (!empty($_FILES['avatar_file']['tmp_name'])) {
|
if (!empty($_FILES['avatar_file']['tmp_name'])) {
|
||||||
$result = $userObject->changeAvatar($user_id, $_FILES['avatar_file'], $config['avatars_path']);
|
$result = $userObject->changeAvatar($user_id, $_FILES['avatar_file'], $config['avatars_path']);
|
||||||
|
|
@ -56,6 +75,7 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST') {
|
||||||
switch ($action) {
|
switch ($action) {
|
||||||
|
|
||||||
case 'edit':
|
case 'edit':
|
||||||
|
$allRights = $userObject->getAllRights();
|
||||||
include '../app/templates/profile-edit.php';
|
include '../app/templates/profile-edit.php';
|
||||||
break;
|
break;
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -72,7 +72,20 @@
|
||||||
<label for="rights" class="form-label"><small>rights:</small></label>
|
<label for="rights" class="form-label"><small>rights:</small></label>
|
||||||
</div>
|
</div>
|
||||||
<div class="col-md-8 text-start bg-light">
|
<div class="col-md-8 text-start bg-light">
|
||||||
<input class="form-control" type="text" name="rights" value="<?= $userDetails[0]['rights'] ?? '' ?>" />
|
<?php foreach ($allRights as $right) {
|
||||||
|
// Check if the current right exists in $userRights and is enabled
|
||||||
|
$isChecked = false;
|
||||||
|
foreach ($userRights as $userRight) {
|
||||||
|
if ($userRight['right_id'] === $right['right_id']) {
|
||||||
|
$isChecked = true;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
} ?>
|
||||||
|
<div class="form-check">
|
||||||
|
<input class="form-check-input" type="checkbox" name="rights[]" value="<?= htmlspecialchars($right['right_id']) ?>" id="right_<?= htmlspecialchars($right['right_id']) ?>" <?= $isChecked ? 'checked' : '' ?> />
|
||||||
|
<label class="form-check-label" for="right_<?= htmlspecialchars($right['right_id']) ?>"><?= htmlspecialchars($right['right_name']) ?></label>
|
||||||
|
</div>
|
||||||
|
<?php } ?>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue