arman/science-ation
1
1
Fork 0
forked from science-ation/science-ation
Code Pull Requests Activity

update the user personal information editor, the superuser edit flags

Browse Source 
for admin/config/super don't quite work yet.
This commit is contained in:
dave 2010-07-13 03:30:26 +00:00
parent 88f8ce044b
commit 7c918c0167
2 changed files with 54 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
user.inc.php
View File

@ -38,7 +38,8 @@ function user_valid_role($role)
function user_load($users_id, $accounts_id = false) function user_load($users_id, $accounts_id = false)
{ {
$query = "SELECT * FROM users WHERE "; /* Load user, join accounts so we also load the email, superuser flag */
$query = "SELECT * FROM users JOIN accounts ON accounts.id=users.accounts_id WHERE ";
if($accounts_id != false) { if($accounts_id != false) {
$accounts_id = intval($accounts_id); $accounts_id = intval($accounts_id);
$query .= "`users`.`accounts_id`='$accounts_id' ORDER BY `users`.`year` DESC LIMIT 1"; $query .= "`users`.`accounts_id`='$accounts_id' ORDER BY `users`.`year` DESC LIMIT 1";

81
user_personal.php
View File

@ -25,10 +25,9 @@
<? <?
require_once("common.inc.php"); require_once("common.inc.php");
require_once("user.inc.php"); require_once("user.inc.php");
require_once("committee.inc.php");
if(!isset($_SESSION['users_type'])) { if(!isset($_SESSION['users_id'])) {
/* No type set, invalid session */ /* No user set, invalid session for editting a user */
echo "ERROR: session is invalid"; echo "ERROR: session is invalid";
exit; exit;
} }
@ -80,23 +79,22 @@ else
if($eid != $_SESSION['users_id']) { if($eid != $_SESSION['users_id']) {
/* Not editing ourself, we had better be /* Not editing ourself, we had better be
* a committee member */ * a committee member */
user_auth_required('committee','admin'); user_auth_required('admin');
} }
$type = $_SESSION['users_type'];
$u = user_load($eid); $u = user_load($eid);
/* Load the fields the user can edit, and theones that are required */ /* Load the fields the user can edit, and theones that are required */
$fields = array(); $fields = array();
$required = array(); $required = array();
$errorfields = array(); $errorfields = array();
foreach($u['types'] as $t) { foreach(array_keys($u['roles']) as $r) {
$fields = array_merge($fields, $fields = array_merge($fields,
user_personal_fields($t)); user_personal_fields($r));
$required = array_merge($required, $required = array_merge($required,
user_personal_required_fields($t)); user_personal_required_fields($r));
} }
if(committee_auth_has_access('super')) { if($_SESSION['superuser'] == 'yes') {
/* If the editer is super, let them see/edit/save the user/pass */ /* If the editer is super, let them see/edit/save the user/pass */
$fields[] = 'username'; $fields[] = 'username';
$fields[] = 'password'; $fields[] = 'password';
@ -105,8 +103,9 @@ if($eid != $_SESSION['users_id']) {
switch($_GET['action']) { switch($_GET['action']) {
case 'save': case 'save':
$users_id = intval($_POST['users_id']); $users_id = intval($_POST['users_id']);
/* Only admin can pass in a different users_id */
if($users_id != $_SESSION['users_id']) { if($users_id != $_SESSION['users_id']) {
user_auth_required('committee','admin'); user_auth_required('admin');
} }
$u = user_load($users_id); $u = user_load($users_id);
@ -133,24 +132,49 @@ case 'save':
$u['username'] = $u['email']; $u['username'] = $u['email'];
} }
if(in_array('committee', $u['types'])) { if(array_key_exists('committee', $u['roles'])) {
/* Trying to save a committee member eh? Well, we established above /* Trying to save a committee member eh? Well, we established above
* that we're allowed to be here, so go ahead and save it */ * that we're allowed to be here, so go ahead and save it */
$u['displayemail'] = ($_POST['displayemail'] == 'yes') ? 'yes' : 'no'; $u['displayemail'] = ($_POST['displayemail'] == 'yes') ? 'yes' : 'no';
$u['emailprivate'] = mysql_real_escape_string(stripslashes($_POST['emailprivate'])); $u['emailprivate'] = mysql_real_escape_string(stripslashes($_POST['emailprivate']));
if(committee_auth_has_access('super')) { if($_SESSION['superuser'] == 'yes') {
/* But only superusers can save these ones */ /* Check for a change in the access flags */
$u['access_admin'] = ($_POST['access_admin'] == 'yes') ? 'yes' : 'no'; $access_admin = $_POST['access_admin'];
$u['access_config'] = ($_POST['access_config'] == 'yes') ? 'yes' : 'no'; $access_config = $_POST['access_config'];
$u['access_super'] = ($_POST['access_super'] == 'yes') ? 'yes' : 'no'; $access_super = $_POST['access_super'];
if($access_admin == 'yes' && !array_key_exists('admin', $u['roles'])) {
/* Admin added */
user_add_role($u, 'admin');
}
if($access_admin == 'no' && array_key_exists('admin', $u['roles'])) {
/* Admin removed */
user_remove_role($u, 'admin');
}
if($access_config == 'yes' && !array_key_exists('config', $u['roles'])) {
/* Config added */
user_add_role($u, 'config');
}
if($access_config == 'no' && array_key_exists('config', $u['roles'])) {
/* Config removed */
user_remove_role($u, 'config');
}
/* Update superuser */
if($u['superuser'] != $access_super) {
mysql_query("UPDATE accounts SET superuser='$s' WHERE id='{$u['accounts_id']}");
}
} }
} }
/* Check for an email collision */ /* Check for an email collision */
$em = mysql_escape_string(stripslashes($_POST['email'])); $em = mysql_escape_string(stripslashes($_POST['email']));
$q=mysql_query("SELECT *,max(year) FROM users WHERE email='$em' HAVING uid!='{$u['uid']}' AND deleted='no' "); $q=mysql_query("SELECT * FROM accounts WHERE email='$em' AND id!='{$u['accounts_id']}' AND deleted='no' ");
if(mysql_num_rows($q) > 0) { if(mysql_num_rows($q) > 0) {
error_("That email address is in use by another user"); error_("That email address is in use by another user");
echo "email error"; echo "email error";
@ -182,7 +206,7 @@ case 'save':
echo "<br/>"; echo "<br/>";
} else { } else {
send_header("Personal Information for {$u['firstname']} {$u['lastname']}", send_header("Personal Information for {$u['firstname']} {$u['lastname']}",
array($user_what[$type]." Registration" => "{$type}_main.php") array("Main" => "user_main.php")
,"edit_profile" ,"edit_profile"
); );
} }
@ -211,12 +235,12 @@ $(document).ready( function() { personal_update_status('<?=$newstatus?>');});
<? <?
echo "<div id=\"personal_info_status\"></div>"; echo "<div id=\"personal_info_status\"></div>";
if(count($u['types']) > 1) { if(count($u['roles']) > 1) {
$roles=''; $str='';
foreach($u['types'] as $t) { foreach(array_keys($u['roles']) as $r) {
$roles.= (($roles=='')?'':', ').i18n($user_what[$t]); $str.= (($str=='')?'':', ').i18n($roles[$r]['name']);
} }
echo notice(i18n('This user has multiple roles, the fields shown below are a combination of every role. Some may not apply to some roles. This user has the following roles:').' '.$roles); echo notice(i18n('This user has multiple roles, the fields shown below are a combination of every role. Some may not apply to some roles. This user has the following roles:').' '.$str);
} }
function item($user, $fname, $subtext='') function item($user, $fname, $subtext='')
@ -347,7 +371,7 @@ echo "<tr><td colspan=\"4\"><hr /></td></tr>";
echo "</table>"; echo "</table>";
/* Committee specific fields */ /* Committee specific fields */
if(in_array('committee', $u['types'])) { if(array_key_exists('committee', $u['roles'])) {
echo "<table>"; echo "<table>";
echo "<tr><td>".i18n("Email (Private)").":</td><td><input size=\"25\" type=\"text\" name=\"emailprivate\" value=\"{$u['emailprivate']}\" /></td></tr>\n"; echo "<tr><td>".i18n("Email (Private)").":</td><td><input size=\"25\" type=\"text\" name=\"emailprivate\" value=\"{$u['emailprivate']}\" /></td></tr>\n";
@ -358,17 +382,16 @@ if(in_array('committee', $u['types'])) {
if($u['displayemail']=="yes") $checked="checked=\"checked\""; else $checked=""; if($u['displayemail']=="yes") $checked="checked=\"checked\""; else $checked="";
echo "<input type=\"radio\" name=\"displayemail\" value=\"yes\" $checked />".i18n("Yes"); echo "<input type=\"radio\" name=\"displayemail\" value=\"yes\" $checked />".i18n("Yes");
if(committee_auth_has_access("super")) if($_SESSION['superuser'] == 'yes') {
{
/* If the user is a committee member, only print these fields /* If the user is a committee member, only print these fields
* if the editer has super access */ * if the editer has super access */
echo "<tr><td align=\"center\" colspan=\"2\"><hr /></td></tr>"; echo "<tr><td align=\"center\" colspan=\"2\"><hr /></td></tr>";
echo "<tr><td>".i18n("Access Controls").":</td><td>"; echo "<tr><td>".i18n("Access Controls").":</td><td>";
$ch = ($u['access_admin']=="yes") ? 'checked="checked"' : ''; $ch = (array_key_exists('admin',$u['roles'])) ? 'checked="checked"' : '';
echo "<input type=\"checkbox\" name=\"access_admin\" value=\"yes\" $ch /> ".i18n("Administration")."<br />"; echo "<input type=\"checkbox\" name=\"access_admin\" value=\"yes\" $ch /> ".i18n("Administration")."<br />";
$ch = ($u['access_config']=="yes") ? 'checked="checked"' : ''; $ch = (array_key_exists('config',$u['roles'])) ? 'checked="checked"' : '';
echo "<input type=\"checkbox\" name=\"access_config\" value=\"yes\" $ch /> ".i18n("Configuration")."<br />"; echo "<input type=\"checkbox\" name=\"access_config\" value=\"yes\" $ch /> ".i18n("Configuration")."<br />";
$ch = ($u['access_super']=="yes") ? 'checked="checked"' : ''; $ch = ($u['superuser']=="yes") ? 'checked="checked"' : '';
echo "<input type=\"checkbox\" name=\"access_super\" value=\"yes\" $ch /> ".i18n("Superuser")."<br />"; echo "<input type=\"checkbox\" name=\"access_super\" value=\"yes\" $ch /> ".i18n("Superuser")."<br />";
echo "</td></tr>"; echo "</td></tr>";
} }