Adds user rights editing feature

main
Yasen Pramatarov 2024-09-11 22:51:46 +03:00
parent e195b653b1
commit d2154fa63c
3 changed files with 75 additions and 1 deletions

View File

@ -67,11 +67,52 @@ class User {
}
// add user right
public function addUserRight($user_id, $right_id) {
$sql = 'INSERT INTO users_rights
(user_id, right_id, enabled)
VALUES
(:user_id, :right_id, 1)';
$query = $this->db->prepare($sql);
$query->execute([
':user_id' => $user_id,
':right_id' => $right_id,
]);
}
// remove user right
public function removeUserRight($user_id, $right_id) {
$sql = 'DELETE FROM users_rights
WHERE
user_id = :user_id
AND
right_id = :right_id';
$query = $this->db->prepare($sql);
$query->execute([
':user_id' => $user_id,
':right_id' => $right_id,
]);
}
// get all rights
public function getAllRights() {
$sql = 'SELECT
id AS right_id,
item AS right_name
FROM rights';
$query = $this->db->prepare($sql);
$query->execute();
return $query->fetchAll(PDO::FETCH_ASSOC);
}
// get user rights
public function getUserRights($user_id) {
$sql = 'SELECT
u.id AS user_id,
u.username,
r.id AS right_id,
r.item AS right_name
FROM
users u

View File

@ -40,6 +40,25 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$_SESSION['error'] .= "Editing the user details failed. Error: $result ";
}
// update the rights
$newRights = $_POST['rights'] ?? array();
// extract the new right_ids
$userRightsIds = array_column($userRights, 'right_id');
// what rights we need to add
$rightsToAdd = array_diff($newRights, $userRightsIds);
if (!empty($rightsToAdd)) {
foreach ($rightsToAdd as $rightId) {
$userObject->addUserRight($user_id, $rightId);
}
}
// what rights we need to remove
$rightsToRemove = array_diff($userRightsIds, $newRights);
if (!empty($rightsToRemove)) {
foreach ($rightsToRemove as $rightId) {
$userObject->removeUserRight($user_id, $rightId);
}
}
// update the avatar
if (!empty($_FILES['avatar_file']['tmp_name'])) {
$result = $userObject->changeAvatar($user_id, $_FILES['avatar_file'], $config['avatars_path']);
@ -56,6 +75,7 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST') {
switch ($action) {
case 'edit':
$allRights = $userObject->getAllRights();
include '../app/templates/profile-edit.php';
break;

View File

@ -72,7 +72,20 @@
<label for="rights" class="form-label"><small>rights:</small></label>
</div>
<div class="col-md-8 text-start bg-light">
<input class="form-control" type="text" name="rights" value="<?= $userDetails[0]['rights'] ?? '' ?>" />
<?php foreach ($allRights as $right) {
// Check if the current right exists in $userRights and is enabled
$isChecked = false;
foreach ($userRights as $userRight) {
if ($userRight['right_id'] === $right['right_id']) {
$isChecked = true;
break;
}
} ?>
<div class="form-check">
<input class="form-check-input" type="checkbox" name="rights[]" value="<?= htmlspecialchars($right['right_id']) ?>" id="right_<?= htmlspecialchars($right['right_id']) ?>" <?= $isChecked ? 'checked' : '' ?> />
<label class="form-check-label" for="right_<?= htmlspecialchars($right['right_id']) ?>"><?= htmlspecialchars($right['right_name']) ?></label>
</div>
<?php } ?>
</div>
</div>