From 88f8ce044b0e09d3bcc2161fab999a3499c4e6b3 Mon Sep 17 00:00:00 2001
From: dave <dave>
Date: Tue, 13 Jul 2010 03:30:25 +0000
Subject: [PATCH] Update role activate/deactive page

---
 user.inc.php      | 37 ++++++++++++------
 user_activate.php | 99 ++++++++++++++++++++++++++++-------------------
 2 files changed, 84 insertions(+), 52 deletions(-)

diff --git a/user.inc.php b/user.inc.php
index d63970d..dbd685a 100644
--- a/user.inc.php
+++ b/user.inc.php
@@ -65,13 +65,12 @@ function user_load($users_id, $accounts_id = false)
 	
 
 	/* Get roles, and active/complete status for each role */
-	$query = "SELECT * FROM user_roles LEFT JOIN roles ON roles.id=user_roles.roles_id WHERE user_roles.users_id={$ret['id']}";
+	$query = "SELECT user_roles.*,roles.type,roles.name FROM user_roles LEFT JOIN roles ON roles.id=user_roles.roles_id WHERE user_roles.users_id={$ret['id']}";
 	$q = mysql_query($query);
 
 	$ret['roles'] = array();
 	while(($roledata = mysql_fetch_assoc($q))) {
-		$t = $roledata['type'];
-		$ret['roles'][$t] = $roledata;
+		$ret['roles'][$roledata['type']] = $roledata;
 	}
 
 	if(count($ret['roles']) == 0) {
@@ -199,15 +198,6 @@ function user_save(&$u)
 	/* Add any new roles */
 	$orig_roles = array_keys($u['orig']['roles']);
 	$new_roles = array_keys($u['roles']);
-	$added = array_diff($new_roles, $orig_roles);
-	foreach($added as $r) {
-		if(!user_add_role_allowed($r, $u)) {
-			echo "HALT: user can't add this roles";
-			exit;
-		}
-		mysql_query("INSERT INTO user_roles(accounts_id,users_id,roles_id,active,complete)
-				VALUES('{$u['accounts_id']}','{$u['id']}','{$roles[$r]['id']}','no','no')");
-	}
 
 	/* Delete any removed roles */
 	$removed = array_diff($orig_roles, $new_roles);
@@ -215,6 +205,28 @@ function user_save(&$u)
 		mysql_query("DELETE FROM user_roles WHERE users_id='{$u['id']}' AND roles_id='{$roles[$r]['id']}'");
 	}
 
+	/* Update all roles */
+	foreach($new_roles as $r) {
+		if(!in_array($r, $orig_roles)) {
+			/* Role is new */
+			if(!user_add_role_allowed($u, $r)) {
+				echo "HALT: user can't add this role";
+				exit;
+			}
+			mysql_query("INSERT INTO user_roles(accounts_id,users_id,roles_id,active,complete)
+					VALUES('{$u['accounts_id']}','{$u['id']}','{$roles[$r]['id']}','no','no')");
+			echo mysql_error();
+
+		} else if($u['roles'][$r] != $u['orig']['roles'][$r]) {
+			/* $u['roles'][$r] has changed from original, update it  */
+			mysql_query("UPDATE user_roles SET active='{$u['roles'][$r]['active']}',
+							complete='{$u['roles'][$r]['complete']}'
+					WHERE id='{$u['roles'][$r]['id']}'");
+			echo mysql_error();
+		}
+	}
+
+
 	$fields = array('salutation','firstname','lastname','username',
 			'phonehome','phonework','phonecell','fax','organization',
 			'address','address2','city','province','postalcode','sex',
@@ -232,6 +244,7 @@ function user_save(&$u)
 
 	/* Merge fields as necessary, build a big list of fields to save */
 	foreach($new_roles as $r) {
+		if(!array_key_exists($r, $fields_for_role)) continue;
 		$fields = array_merge($fields, $fields_for_role[$r]);
 	}
 
diff --git a/user_activate.php b/user_activate.php
index af878a1..67b3d05 100644
--- a/user_activate.php
+++ b/user_activate.php
@@ -26,8 +26,8 @@
  require_once("common.inc.php");
  require_once("user.inc.php");
 
- if(!isset($_SESSION['users_type'])) {
- 	/* No type set, invalid session */
+ if(!isset($_SESSION['users_id'])) {
+ 	/* No user ID set, invalid session for editting roles */
 	echo "ERROR: session is invalid";
 	exit;
  }
@@ -42,19 +42,30 @@ else
 
 if($eid != $_SESSION['users_id']) {
 	/* Not editing ourself, we had better be
-	 * a committee member */
-	user_auth_required('committee','admin');
+	 * someone with admin access */
+	user_auth_required('admin');
 }
  $u = user_load($eid);
 
- /* Validate the type */
+ /* Validate the incoming role, make sure it is actually a role */
+ $role = '';
  if($_GET['action'] != '') {
-	 $action_type = $_GET['type'];
-	 if(!in_array($action_type, $user_types)) {
- 		echo "ERROR: not an allowed type.";
+	 $role = $_GET['role'];
+	 if(!array_key_exists($role, $roles)) {
+ 		echo "ERROR: not an allowed role.";
 		exit;
 	 }
-	 $action_what = $user_what[$action_type]; 
+	 /* We're not adding a role, but this checks to see if
+	  * the user is allowed to be associated with this role, we don't
+	  * want a student to deactivate a committee role, which would
+	  * set the 'active' to 'no', but would create the 'committee' entry
+	  * in the roles array, making them part of that role suddenly. We
+	  * also check for this case below to prevent it */
+	if(!user_add_role_allowed($u, $role)) {
+		/* If we get in here, someone is hand crafting URLs */
+		echo "HALT: invalid role to manipulate for this user.";
+		exit;
+	}
  }
 
 switch($_GET['action']) {
@@ -70,22 +81,32 @@ case 'delete':
 
 case 'remove':
  	/* Like delete, only we're only deleting a role, not the whole account */
-	happy_("$action_what role successfully removed.");
+	happy_("{$roles[$role]['name']} role successfully removed.");
 	echo error(i18n("Permanently Removed"));
-	user_delete($u, $action_type);
+	user_delete($u, $role);
 	exit;
 
  case 'activate':
-	$u["{$action_type}_active"] = 'yes';
+ 	if(!array_key_exists($role, $u['roles'])) {
+		/* Hand crafting URLs? */
+		echo "HALT: can't activate a role the user doesn't have";
+		exit;
+	}
+	$u['roles'][$role]['active'] = 'yes';
 	user_save($u);
-	happy_("$action_what role for %1 successfully activated",array($config['FAIRYEAR']));
+	happy_("{$roles[$role]['name']} role for %1 successfully activated",array($config['FAIRYEAR']));
 	echo happy(i18n("Active"));
 	exit;
 
  case 'deactivate':
-	$u["{$action_type}_active"] = 'no';
+ 	if(!array_key_exists($role, $u['roles'])) {
+		/* Hand crafting URLs? */
+		echo "HALT: can't deactivate a role the user doesn't have";
+		exit;
+	}
+	$u['roles'][$role]['active'] = 'no';
 	user_save($u);
-	happy_("$action_what role for %1 successfully deactivated",array($config['FAIRYEAR']));
+	happy_("{$roles[$role]['name']} role for %1 successfully deactivated",array($config['FAIRYEAR']));
 	echo error(i18n("Deactivated"));
 	exit;
  }
@@ -98,37 +119,35 @@ case 'remove':
  	echo "<h3>".i18n("Role and Account Management")."</h3>";
 	echo "<br/>";
  } else {
-	 $type = $_SESSION['users_type'];
-	 $m = $user_what[$type];
 	 send_header("Role and Account Management", 
- 				array("$m Main" => "{$type}_main.php")
+ 				array("Main" => "user_main.php")
 			);
  }
 
 ?>
 <script type="text/javascript">
-function activate(type)
+function activate(role)
 {
-	$("#status_"+type).load("<?=$config['SFIABDIRECTORY']?>/user_activate.php?action=activate&type="+type,$('#activate_form').serializeArray());
-	$("#activate_"+type).attr('disabled', 'disabled');
-	$("#deactivate_"+type).removeAttr('disabled');
-	$("#remove_"+type).removeAttr('disabled');
+	$("#status_"+role).load("<?=$config['SFIABDIRECTORY']?>/user_activate.php?action=activate&role="+role,$('#activate_form').serializeArray());
+	$("#activate_"+role).attr('disabled', 'disabled');
+	$("#deactivate_"+role).removeAttr('disabled');
+	$("#remove_"+role).removeAttr('disabled');
 }
-function deactivate(type)
+function deactivate(role)
 {
-	$("#status_"+type).load("<?=$config['SFIABDIRECTORY']?>/user_activate.php?action=deactivate&type="+type,$('#activate_form').serializeArray());
-	$("#activate_"+type).removeAttr('disabled');
-	$("#deactivate_"+type).attr('disabled', 'disabled');
-	$("#remove_"+type).attr('disabled', 'disabled');
+	$("#status_"+role).load("<?=$config['SFIABDIRECTORY']?>/user_activate.php?action=deactivate&role="+role,$('#activate_form').serializeArray());
+	$("#activate_"+role).removeAttr('disabled');
+	$("#deactivate_"+role).attr('disabled', 'disabled');
+	$("#remove_"+role).attr('disabled', 'disabled');
 }
-function remove(type)
+function remove(role)
 {
 	var con = confirmClick("<?=i18n("Are you sure you want to remove this role from your account?\\nThis action cannot be undone.")?>");
 	if(con == true) {
-		$("#status_"+type).load("<?=$config['SFIABDIRECTORY']?>/user_activate.php?action=remove&type="+type,$('#activate_form').serializeArray());
-		$("#activate_"+type).attr('disabled', 'disabled');
-		$("#deactivate_"+type).attr('disabled', 'disabled');
-		$("#remove_"+type).attr('disabled', 'disabled');
+		$("#status_"+role).load("<?=$config['SFIABDIRECTORY']?>/user_activate.php?action=remove&role="+role,$('#activate_form').serializeArray());
+		$("#activate_"+role).attr('disabled', 'disabled');
+		$("#deactivate_"+role).attr('disabled', 'disabled');
+		$("#remove_"+role).attr('disabled', 'disabled');
 	}
 }
 </script>
@@ -137,10 +156,10 @@ function remove(type)
 <input type="hidden" name="users_id" value="<?=$u['id']?>" />
 
 <?
- foreach($u['types'] as $t) {
- 	echo '<h3>'.i18n("Role: {$user_what[$t]}").'</h3>';
-	echo "<div id=\"status_$t\">";
-	if($u["{$t}_active"] == 'yes') {
+ foreach(array_keys($u['roles']) as $r) {
+ 	echo '<h3>'.i18n("Role: {$roles[$r]['name']}").'</h3>';
+	echo "<div id=\"status_$r\">";
+	if($u['roles'][$r]['active'] == 'yes') {
 		echo happy(i18n('Active'));
 		$a = 'disabled="disabled"';
 		$d = '';
@@ -153,11 +172,11 @@ function remove(type)
 	</div>
 
 	<table><tr><td>
-	<input style="width: 200px;" id="activate_<?=$t?>" <?=$a?> onclick="activate('<?=$t?>');return false;" type="submit" value="<?=i18n("Activate Role")?>">
+	<input style="width: 200px;" id="activate_<?=$r?>" <?=$a?> onclick="activate('<?=$r?>');return false;" type="submit" value="<?=i18n("Activate Role")?>">
 	</td><td>
-	<input style="width: 200px;" id="deactivate_<?=$t?>"<?=$d?> onclick="deactivate('<?=$t?>');return false;" type="submit" value="<?=i18n("Deactivate Role")?>">
+	<input style="width: 200px;" id="deactivate_<?=$r?>"<?=$d?> onclick="deactivate('<?=$r?>');return false;" type="submit" value="<?=i18n("Deactivate Role")?>">
 	</td><td>
-	<input style="width: 200px;" id="remove_<?=$t?>"<?=$d?> onclick="remove('<?=$t?>');return false;" type="submit" value="<?=i18n("Remove Role")?>">
+	<input style="width: 200px;" id="remove_<?=$r?>"<?=$d?> onclick="remove('<?=$r?>');return false;" type="submit" value="<?=i18n("Remove Role")?>">
 
 	</td></tr></table>
 	<br />