update the user personal information editor, the superuser edit flags

for admin/config/super don't quite work yet.
2010-07-13 03:30:26 +00:00 · 2010-07-13 03:30:26 +00:00 · 7c918c0167
commit 7c918c0167
parent 88f8ce044b
2 changed files with 54 additions and 30 deletions
--- a/user.inc.php
+++ b/user.inc.php
@ -38,7 +38,8 @@ function user_valid_role($role)

 function user_load($users_id, $accounts_id = false)
 {
-	$query = "SELECT * FROM users WHERE ";
+	/* Load user, join accounts so we also load the email, superuser flag */
+	$query = "SELECT * FROM users JOIN accounts ON accounts.id=users.accounts_id WHERE ";
 	if($accounts_id != false) {
 		$accounts_id = intval($accounts_id);
 		$query .= "`users`.`accounts_id`='$accounts_id' ORDER BY `users`.`year` DESC LIMIT 1";
--- a/user_personal.php
+++ b/user_personal.php
@ -25,10 +25,9 @@
 <?
 require_once("common.inc.php");
 require_once("user.inc.php");
- require_once("committee.inc.php");

- if(!isset($_SESSION['users_type'])) {
- 	/* No type set, invalid session */
+ if(!isset($_SESSION['users_id'])) {
+ 	/* No user set, invalid session for editting a user */
 	echo "ERROR: session is invalid";
 	exit;
 }
@ -80,23 +79,22 @@ else
 if($eid != $_SESSION['users_id']) {
 	/* Not editing ourself, we had better be
 	 * a committee member */
-	user_auth_required('committee','admin');
+	user_auth_required('admin');
 }
- $type = $_SESSION['users_type'];

 $u = user_load($eid);
 /* Load the fields the user can edit, and theones that are required */
 $fields = array();
 $required = array();
 $errorfields = array();
- foreach($u['types'] as $t) {
+ foreach(array_keys($u['roles']) as $r) {
 	$fields = array_merge($fields, 
-			user_personal_fields($t));
+			user_personal_fields($r));
 	$required = array_merge($required, 
-			user_personal_required_fields($t));
+			user_personal_required_fields($r));
 }

- if(committee_auth_has_access('super')) {
+ if($_SESSION['superuser'] == 'yes') {
 	/* If the editer is super, let them see/edit/save the user/pass */
 	$fields[] = 'username';
 	$fields[] = 'password';
@ -105,8 +103,9 @@ if($eid != $_SESSION['users_id']) {
 switch($_GET['action']) {
 case 'save':
 	$users_id = intval($_POST['users_id']);
+	/* Only admin can pass in a different users_id */
 	if($users_id != $_SESSION['users_id']) {
-		user_auth_required('committee','admin');
+		user_auth_required('admin');
 	}
 	$u = user_load($users_id);

@ -133,24 +132,49 @@ case 'save':
 		$u['username'] = $u['email'];
 	}

-	if(in_array('committee', $u['types'])) {
+	if(array_key_exists('committee', $u['roles'])) {
 		/* Trying to save a committee member eh? Well, we established above
 		 * that we're allowed to be here, so go ahead and save it */
 		$u['displayemail'] = ($_POST['displayemail'] == 'yes') ? 'yes' : 'no';
 		$u['emailprivate'] = mysql_real_escape_string(stripslashes($_POST['emailprivate']));

-		if(committee_auth_has_access('super')) {
-			/* But only superusers can save these ones */
-			$u['access_admin'] = ($_POST['access_admin'] == 'yes') ? 'yes' : 'no';
-			$u['access_config'] = ($_POST['access_config'] == 'yes') ? 'yes' : 'no';
-			$u['access_super'] = ($_POST['access_super'] == 'yes') ? 'yes' : 'no';
+		if($_SESSION['superuser'] == 'yes') {
+			/* Check for a change in the access flags */
+			$access_admin = $_POST['access_admin'];
+			$access_config = $_POST['access_config'];
+			$access_super = $_POST['access_super'];
+
+			if($access_admin == 'yes' && !array_key_exists('admin', $u['roles'])) {
+				/* Admin added */
+				user_add_role($u, 'admin');
+			}
+
+			if($access_admin == 'no' && array_key_exists('admin', $u['roles'])) {
+				/* Admin removed */
+				user_remove_role($u, 'admin');
+			} 
+
+			if($access_config == 'yes' && !array_key_exists('config', $u['roles'])) {
+				/* Config added */
+				user_add_role($u, 'config');
+			}
+
+			if($access_config == 'no' && array_key_exists('config', $u['roles'])) {
+				/* Config removed */
+				user_remove_role($u, 'config');
+			}
+
+			/* Update superuser */
+			if($u['superuser'] != $access_super) {
+				mysql_query("UPDATE accounts SET superuser='$s' WHERE id='{$u['accounts_id']}");
+			}
 		}
 	}


 	/* Check for an email collision */
 	$em = mysql_escape_string(stripslashes($_POST['email']));
-	$q=mysql_query("SELECT *,max(year) FROM users WHERE email='$em' HAVING uid!='{$u['uid']}' AND deleted='no' ");
+	$q=mysql_query("SELECT * FROM accounts WHERE email='$em' AND id!='{$u['accounts_id']}' AND deleted='no' ");
 	if(mysql_num_rows($q) > 0) {
 		error_("That email address is in use by another user");
 		echo "email error";
@ -182,7 +206,7 @@ case 'save':
 	echo "<br/>";
 } else {
 	 send_header("Personal Information for {$u['firstname']} {$u['lastname']}", 
- 			array($user_what[$type]." Registration" => "{$type}_main.php")
+ 			array("Main" => "user_main.php")
 			,"edit_profile"
 			);
 } 
@ -211,12 +235,12 @@ $(document).ready( function() { personal_update_status('<?=$newstatus?>');});
 <?
 echo "<div id=\"personal_info_status\"></div>";

-if(count($u['types']) > 1) {
-	$roles='';
-	foreach($u['types'] as $t) {
-		$roles.= (($roles=='')?'':', ').i18n($user_what[$t]);
+if(count($u['roles']) > 1) {
+	$str='';
+	foreach(array_keys($u['roles']) as $r) {
+		$str.= (($str=='')?'':', ').i18n($roles[$r]['name']);
 	}
-	echo notice(i18n('This user has multiple roles, the fields shown below are a combination of every role.  Some may not apply to some roles.  This user has the following roles:').' '.$roles);
+	echo notice(i18n('This user has multiple roles, the fields shown below are a combination of every role.  Some may not apply to some roles.  This user has the following roles:').' '.$str);
 }

 function item($user, $fname, $subtext='') 
@ -347,7 +371,7 @@ echo "<tr><td colspan=\"4\"><hr /></td></tr>";
 echo "</table>";

 /* Committee specific fields */
-if(in_array('committee', $u['types'])) {
+if(array_key_exists('committee', $u['roles'])) {
 	echo "<table>";

 	echo "<tr><td>".i18n("Email (Private)").":</td><td><input size=\"25\" type=\"text\" name=\"emailprivate\" value=\"{$u['emailprivate']}\" /></td></tr>\n";
@ -358,17 +382,16 @@ if(in_array('committee', $u['types'])) {
 	if($u['displayemail']=="yes") $checked="checked=\"checked\""; else $checked="";
 	echo "<input type=\"radio\" name=\"displayemail\" value=\"yes\" $checked />".i18n("Yes");

-	if(committee_auth_has_access("super"))
-	{
+	if($_SESSION['superuser'] == 'yes') {
 		/* If the user is a committee member, only print these fields
 		 * if the editer has super access */
 		echo "<tr><td align=\"center\" colspan=\"2\"><hr /></td></tr>";
 		echo "<tr><td>".i18n("Access Controls").":</td><td>";
-		$ch = ($u['access_admin']=="yes") ? 'checked="checked"' : '';
+		$ch = (array_key_exists('admin',$u['roles'])) ? 'checked="checked"' : '';
 		echo "<input type=\"checkbox\" name=\"access_admin\" value=\"yes\" $ch /> ".i18n("Administration")."<br />";
-		$ch = ($u['access_config']=="yes") ? 'checked="checked"' : '';
+		$ch = (array_key_exists('config',$u['roles'])) ? 'checked="checked"' : '';
 		echo "<input type=\"checkbox\" name=\"access_config\" value=\"yes\" $ch /> ".i18n("Configuration")."<br />";
-		$ch = ($u['access_super']=="yes") ? 'checked="checked"' : '';
+		$ch = ($u['superuser']=="yes") ? 'checked="checked"' : '';
 		echo "<input type=\"checkbox\" name=\"access_super\" value=\"yes\" $ch /> ".i18n("Superuser")."<br />";
 		echo "</td></tr>";
 	}