forked from science-ation/science-ation
More fixes to (hopefully) allow a superuser to add admin/config roles
This commit is contained in:
james
parent
0acf5a5661
commit
39ff0dd2ce
@ -196,7 +196,7 @@ function account_add_role($accounts_id, $roles_id, $conferences_id, $password =
|
||||
return "invalidaccount";
|
||||
}
|
||||
if(mysql_result(mysql_query("SELECT COUNT(*) FROM roles WHERE id = $roles_id"), 0) != 1){
|
||||
return "invalidrole";
|
||||
return "invalidrole($roles_id)";
|
||||
}
|
||||
if(mysql_result(mysql_query("SELECT COUNT(*) FROM conferences WHERE id = $conferences_id"), 0) != 1){
|
||||
return "invalidconference";
|
||||
@ -227,17 +227,20 @@ function account_add_role($accounts_id, $roles_id, $conferences_id, $password =
|
||||
|
||||
// see if this role conflicts with existing ones
|
||||
if(!account_add_role_allowed($accounts_id, $conferences_id, $roles_id)){
|
||||
return 'invalidrole';
|
||||
return 'invalidrole(account_add_role_allowed)';
|
||||
}
|
||||
|
||||
// get the type of the role (eg. "judge", "participant", etc.)
|
||||
$role = mysql_result(mysql_query("SELECT type FROM roles WHERE id = $roles_id"), 0);
|
||||
|
||||
// and see if it's a valid one for this conference
|
||||
if(!array_key_exists($role . '_registration_type', $config)){
|
||||
return 'invalidrole';
|
||||
if($_SESSION['superuser']!='yes') {
|
||||
// and see if it's a valid one for this conference
|
||||
if(!array_key_exists($role . '_registration_type', $config)){
|
||||
return 'invalidrole(_registration_type)';
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
// and let's see if we meet the conditions for the registration type
|
||||
$error = "";
|
||||
switch($config[$role . '_registration_type']){
|
||||
|
||||
@ -35,6 +35,7 @@
|
||||
'Administration' => 'admin/index.php' ),
|
||||
"committee_management");
|
||||
|
||||
echo "<a href=\"committees.php\">Manage Committee Members</a><br />";
|
||||
|
||||
$_SESSION['last_page'] = 'committee_management';
|
||||
|
||||
|
||||
@ -48,7 +48,7 @@ if($_POST['accounts_id'])
|
||||
|
||||
function openeditor(id)
|
||||
{
|
||||
window.open("user_editor_window.php?id="+id,"UserEditor","location=no,menubar=no,directories=no,toolbar=no,width=770,height=500,scrollbars=yes");
|
||||
window.open("user_editor_window.php?users_id="+id,"UserEditor","location=no,menubar=no,directories=no,toolbar=no,width=770,height=500,scrollbars=yes");
|
||||
return false;
|
||||
}
|
||||
|
||||
@ -190,6 +190,8 @@ if($_GET['unlinkmember'] && $_GET['unlinkcommittee']) {
|
||||
echo happy(i18n("Committee member unlinked from committee"));
|
||||
}
|
||||
|
||||
|
||||
echo "<a href=\"committee_committees.php\">Manage Committees</a><br />";
|
||||
echo "<form name=\"memberaction\" method=\"post\" action=\"committees.php\" onsubmit=\"return actionSubmit()\">\n";
|
||||
echo "<table>";
|
||||
echo "<tr><td>";
|
||||
|
||||
@ -44,8 +44,8 @@ $tabs = array( 'fairinfo' => array(
|
||||
'enabled' => true),
|
||||
'roles' => array(
|
||||
'label' => 'Roles/Account',
|
||||
'types' => array('student','judge','committee','volunteer','sponsor','fair'),
|
||||
'file' => '../user_activate.php',
|
||||
'types' => array('student','judge','committee','admin','config','volunteer','sponsor','fair','admin','config'),
|
||||
'file' => '../user_roles.php',
|
||||
'enabled' => true),
|
||||
'judgeother' => array(
|
||||
'label' => 'Judge Other',
|
||||
@ -110,7 +110,7 @@ echo mysql_error();
|
||||
user_save($u);
|
||||
$id = $u['id'];
|
||||
} else {
|
||||
$id = $_GET['id'];
|
||||
$id = $_GET['users_id'];
|
||||
}
|
||||
|
||||
$u = user_load($id);
|
||||
@ -126,7 +126,7 @@ if(!array_key_exists($selected, $tabs)) {
|
||||
|
||||
if($_GET['sub'] == 1) {
|
||||
$_SESSION['embed'] = true;
|
||||
$_SESSION['embed_submit_url'] = "{$_SERVER['PHP_SELF']}?id=$id&tab=$selected";
|
||||
$_SESSION['embed_submit_url'] = "{$_SERVER['PHP_SELF']}?users_id=$id&tab=$selected";
|
||||
$_SESSION['embed_edit_id'] = $id;
|
||||
$t = $tabs[$selected];
|
||||
include("{$t['file']}");
|
||||
@ -156,7 +156,7 @@ foreach($tabs as $k=>$t) {
|
||||
$index++;
|
||||
|
||||
/* Show the tab */
|
||||
$href = "{$_SERVER['PHP_SELF']}?id=$id&tab=$k&sub=1";
|
||||
$href = "{$_SERVER['PHP_SELF']}?users_id=$id&tab=$k&sub=1";
|
||||
echo "<li><a href=\"$href\"><span>".i18n($t['label'])."</span></a></li>";
|
||||
}
|
||||
echo '</ul>';
|
||||
|
||||
@ -1011,8 +1011,12 @@ function user_add_role(&$u, $role, $password = null){
|
||||
$result = account_add_role($u['accounts_id'], $roleId, $conferences_id, $password);
|
||||
if($result == 'ok'){
|
||||
// we need this "if" because account_add_role will return "ok" if they already have this role
|
||||
if(!in_array($role, $_SESSION['roles'])){
|
||||
$_SESSION['roles'][] = $role;
|
||||
|
||||
//only update the session if the logged in user is the same as the one we're editing
|
||||
if($u['id']==$_SESSION['users_id']) {
|
||||
if(!in_array($role, $_SESSION['roles'])){
|
||||
$_SESSION['roles'][] = $role;
|
||||
}
|
||||
}
|
||||
|
||||
// also, update the user:
|
||||
|
||||
@ -97,7 +97,7 @@ $tabs = array( 'fairinfo' => array(
|
||||
'personal' => array(
|
||||
'label' => 'Personal',
|
||||
'name' => 'Personal Information',
|
||||
'types' => array('teacher','participant','judge','committee','volunteer','sponsor','fair'),
|
||||
'types' => array('teacher','participant','judge','committee','volunteer','sponsor','fair','admin','config'),
|
||||
'file' => 'user_personal.php',
|
||||
'status_func' => 'user_personal_info_status',
|
||||
),
|
||||
@ -160,7 +160,7 @@ $tabs = array( 'fairinfo' => array(
|
||||
'roles' => array(
|
||||
'label' => 'Roles',
|
||||
'name' => 'Add/Remove Roles',
|
||||
'types' => array('teacher','participant','judge','committee','volunteer','sponsor','fair'),
|
||||
'types' => array('teacher','participant','judge','committee','volunteer','sponsor','fair','admin','config'),
|
||||
'file' => 'user_roles.php',
|
||||
'status_func' => false,
|
||||
),
|
||||
|
||||
@ -75,10 +75,22 @@ case 'remove':
|
||||
exit;
|
||||
|
||||
case 'activate':
|
||||
if(!array_key_exists($role, $u['roles'])) {
|
||||
/* Hand crafting URLs? */
|
||||
echo "HALT: can't activate a role the user doesn't have";
|
||||
exit;
|
||||
//if we're a superuser, we will be ADDING a role if we cant activate it, otherwise, they cant do it, sorry
|
||||
if($_SESSION['superuser']=='yes') {
|
||||
//they might have the role alreayd, its just not active... so activate if if thats the case, otherwise, add it
|
||||
if(!array_key_exists($role, $u['roles'])) {
|
||||
$ok=user_add_role($u,$role);
|
||||
}
|
||||
else {
|
||||
//active gets set below, we just dont 'exit' like we do for non superuser
|
||||
}
|
||||
}
|
||||
else {
|
||||
if(!array_key_exists($role, $u['roles'])) {
|
||||
/* Hand crafting URLs? */
|
||||
echo "Can't activate a role that you don't already have";
|
||||
exit;
|
||||
}
|
||||
}
|
||||
$u['roles'][$role]['active'] = 'yes';
|
||||
user_save($u);
|
||||
@ -165,7 +177,13 @@ function addRole(role){
|
||||
<form class="editor" id="rolesform">
|
||||
<table width="90%">
|
||||
<?
|
||||
foreach(array_keys($u['roles']) as $r) {
|
||||
if($_SESSION['superuser']=='yes') {
|
||||
$showroles=$roles;
|
||||
}
|
||||
else
|
||||
$showroles=$u['roles'];
|
||||
|
||||
foreach(array_keys($showroles) as $r) {
|
||||
|
||||
if($u['roles'][$r]['active'] == 'yes') {
|
||||
$cs = i18n('Active');
|
||||
|
||||
Loading…
Reference in New Issue
Block a user