Skip to content
Snippets Groups Projects
Commit 3f168f8f authored by Ewald's avatar Ewald
Browse files

pass users rights on modules and tests to another user

parent f9f2a867
No related branches found
No related tags found
No related merge requests found
......@@ -42,6 +42,7 @@ require_once('../code/tce_page_header.php');
require_once('../../shared/code/tce_functions_form.php');
require_once('../../shared/code/tce_functions_otp.php');
require_once('tce_functions_user_select.php');
require_once('tce_functions_uibk_addons.php');
if (isset($_REQUEST['user_id'])) {
$user_id = intval($_REQUEST['user_id']);
......@@ -78,7 +79,23 @@ switch($menu_mode) { // process submitted data
F_print_error('ERROR', $l['m_authorization_denied']);
break;
}
F_print_error('WARNING', $l['m_delete_confirm']);
//user can't be deleted if they own any tests or modules -> pass rights to other user
if (F_check_user_in_tables($user_id)){
F_print_error('WARNING', $l['m_user_found_in_tables']);
?>
<div class="confirmbox">
<form action="<?php echo 'tce_inheritfrom_user.php?user_id_old='.$user_id; ?>" method="post" enctype="multipart/form-data" id="form_inherit">
<div>
<input type="hidden" name="user_id" id="user_id" value="<?php echo $user_id; ?>" />
<input type="hidden" name="user_name" id="user_name" value="<?php echo stripslashes($user_name); ?>" />
<?php F_submit_button('inherit', $l['w_inherit'], $l['h_inherit']); ?>
</div>
</form>
</div>
<?php
break;
}
else F_print_error('WARNING', $l['m_delete_confirm']);
?>
<div class="confirmbox">
<form action="<?php echo $_SERVER['SCRIPT_NAME']; ?>" method="post" enctype="multipart/form-data" id="form_delete">
......
......@@ -196,6 +196,32 @@ function F_show_select_questions_only($wherequery, $subject_module_id, $subject_
echo $questlist;
return TRUE;
}
/**
* check if user_id can be found in any tables
* tables involved: subjects, tests
* @author Ewald Strohmar-Mauler
* @since 2016-11
* @param $user_id (string) user id
* @return false in case of empty result, true otherwise
*/
function F_check_user_in_tables($user_id) {
global $l, $db;
$sql = 'SELECT * FROM '.K_TABLE_SUBJECTS.' WHERE subject_user_id = ' . $user_id .';';
if (!$r = F_db_query($sql, $db)) {
F_display_db_error(false);
} else {
$num = F_db_num_rows($r);
if ($num > 0) return true;
}
$sql = 'SELECT * FROM '.K_TABLE_TESTS.' WHERE test_user_id = ' . $user_id .';';
if (!$r = F_db_query($sql, $db)) {
F_display_db_error(false);
} else {
$num = F_db_num_rows($r);
if ($num > 0) return true;
}
return false;
}
//============================================================+
......
<?php
//============================================================+
// File name : tce_inheritfrom_user.php
// Begin : 2017-01-10
// Last Update : 2017-
//
// Description : Form to pass user's rights on modules and tests to another user
//
// Author: ESM
//
//============================================================+
/**
* @file
* Form to pass user's rights on modules and tests to another user
* @package com.tecnick.tcexam.admin
* @author ESM
* @since 2017-01-10
*/
require_once('../config/tce_config.php');
$pagelevel = K_AUTH_ADMIN_USERS;
require_once('../../shared/code/tce_authorization.php');
$thispage_title = $l['t_user_inherit'];
$goback= false;
require_once('../code/tce_page_header.php');
require_once('../../shared/code/tce_functions_form.php');
require_once('../../shared/code/tce_functions_otp.php');
require_once('tce_functions_user_select.php');
if (isset($_REQUEST['user_id_old'])) {
$user_id_old = intval($_REQUEST['user_id_old']);
if (!F_isAuthorizedEditorForUser($user_id_old)) {
F_print_error('ERROR', $l['m_authorization_denied']);
exit;
}
}
if (isset($_REQUEST['user_id'])) {
$user_id = intval($_REQUEST['user_id']);
if (!F_isAuthorizedEditorForUser($user_id)) {
F_print_error('ERROR', $l['m_authorization_denied']);
exit;
}
}
if (isset($_REQUEST['group_id'])) {
$group_id = intval($_REQUEST['group_id']);
if (!F_isAuthorizedEditorForGroup($group_id)) {
F_print_error('ERROR', $l['m_authorization_denied']);
exit;
}
}
if (isset($_REQUEST['user_level'])) {
$user_level = intval($_REQUEST['user_level']);
if ($_SESSION['session_user_level'] < K_AUTH_ADMINISTRATOR) {
if ($user_id_old == $_SESSION['session_user_id']) {
// you cannot change your own level
$user_level = $_SESSION['session_user_level'];
} else {
// you cannot create a user with a level equal or higher than yours
$user_level = min(max(0, ($_SESSION['session_user_level'] - 1)), $user_level);
}
}
}
switch($menu_mode) { // process submitted data
case 'update':{
if (!isset($_REQUEST['user_id_old']) OR !isset($_REQUEST['user_id'] )) {
F_print_error('WARNING', $l['m_form_missing_fields']);
F_stripslashes_formfields();
break;
}
//db update
$sql = 'UPDATE '.K_TABLE_MODULES.' SET
module_user_id='.$_POST["user_id"].'
WHERE module_user_id='.$_POST["user_id_old"].';';
if (!$r = F_db_query($sql, $db)) {
F_display_db_error(false);
}
$sql = 'UPDATE '.K_TABLE_SUBJECTS.' SET
subject_user_id='.$_POST["user_id"].'
WHERE subject_user_id='.$_POST["user_id_old"].';';
if (!$r = F_db_query($sql, $db)) {
F_display_db_error(false);
}
$sql = 'UPDATE '.K_TABLE_TESTS.' SET
test_user_id='.$_POST["user_id"].'
WHERE test_user_id = ' . $_POST["user_id_old"] .';';
if (!$r = F_db_query($sql, $db)) {
F_display_db_error(false);
}
F_print_error('MESSAGE', $l['m_user_updated']);
//go back to tce_edit_user
$goback = true;
break;
}
default :{
break;
}
} //end of switch
echo '<div class="container">'.K_NEWLINE;
echo '<div class="tceformbox">'.K_NEWLINE;
echo '<form action="'.$_SERVER['SCRIPT_NAME'].'" method="post" enctype="multipart/form-data" id="form_userinherit">'.K_NEWLINE;
//old user
echo '<div class="row">'.K_NEWLINE;
echo '<span class="label">'.K_NEWLINE;
echo '<label for="user_id_old">'.$l['w_user_old'].'</label>'.K_NEWLINE;
echo '</span>'.K_NEWLINE;
echo '<span class="formw">'.K_NEWLINE;
echo '<select name="user_id_old" id="user_id_old" size="0" onchange="document.getElementById(\'form_userinherit\').submit()">'.K_NEWLINE;
echo '<option value="0" style="background-color:#009900;color:white;"';
echo '>+</option>'.K_NEWLINE;
$sql = 'SELECT user_id, user_lastname, user_firstname, user_name FROM '.K_TABLE_USERS.' WHERE user_id='. $_REQUEST["user_id_old"].";";
if ($r = F_db_query($sql, $db)) {
$countitem = 1;
while($m = F_db_fetch_array($r)) {
echo '<option value="'.$m['user_id'].'"';
if ($m['user_id'] == $user_id_old) {
echo ' selected="selected"';
}
echo '>'.$countitem.'. '.htmlspecialchars($m['user_lastname'].' '.$m['user_firstname'].' - '.$m['user_name'].'', ENT_NOQUOTES, $l['a_meta_charset']).'</option>'.K_NEWLINE;
$countitem++;
}
} else {
echo '</select></span></div>'.K_NEWLINE;
F_display_db_error();
}
echo '</select>'.K_NEWLINE;
echo '</span>'.K_NEWLINE;
echo '</div>'.K_NEWLINE;
echo "<br /><br />";
//new user
echo '<div class="row">'.K_NEWLINE;
echo '<span class="label">'.K_NEWLINE;
echo '<label for="user_id">'.$l['w_user_new'].'</label>'.K_NEWLINE;
echo '</span>'.K_NEWLINE;
echo '<span class="formw">'.K_NEWLINE;
echo '<select name="user_id" id="user_id" size="0" onchange="document.getElementById(\'form_usereditor\').submit()">'.K_NEWLINE;
echo '<option value="0" style="background-color:#009900;color:white;"';
$user_id = FALSE;
echo '>+</option>'.K_NEWLINE;
$sql = 'SELECT user_id, user_lastname, user_firstname, user_name FROM '.K_TABLE_USERS.' WHERE (user_id>1 AND user_level >= 6)';
$sql .= ' ORDER BY user_lastname, user_firstname, user_name';
F_print_error('INFO', $sql);
if ($r = F_db_query($sql, $db)) {
$countitem = 1;
while($m = F_db_fetch_array($r)) {
echo '<option value="'.$m['user_id'].'"';
echo '>'.$countitem.'. '.htmlspecialchars($m['user_lastname'].' '.$m['user_firstname'].' - '.$m['user_name'].'', ENT_NOQUOTES, $l['a_meta_charset']).'</option>'.K_NEWLINE;
$countitem++;
}
} else {
echo '</select></span></div>'.K_NEWLINE;
F_display_db_error();
}
echo '</select>'.K_NEWLINE;
echo '</span>'.K_NEWLINE;
echo '</div>'.K_NEWLINE;
echo getFormNoscriptSelect('selectrecord');
echo '<div class="row"><hr /></div>'.K_NEWLINE;
if (!$goback){
F_submit_button('update', $l['w_inherit'], $l['h_inherit']);
} else
{
echo '<a href="tce_edit_user.php?user_id='.$_POST["user_id_old"].'" class="xmlbutton">'.$l['w_back'].'</a>';
}
echo '<input type="hidden" name="user_name_new" id="user_name_new" value="'.$user_id .'" />'.K_NEWLINE;
echo '<input type="hidden" name="ff_required" id="ff_required" value="user_name" />'.K_NEWLINE;
echo '<input type="hidden" name="ff_required_labels" id="ff_required_labels" value="'.htmlspecialchars($l['w_name'], ENT_COMPAT, $l['a_meta_charset']).'" />'.K_NEWLINE;
echo '</div>'.K_NEWLINE;
echo '</form>'.K_NEWLINE;
echo '</div>'.K_NEWLINE;
echo '</div>'.K_NEWLINE;
require_once('../code/tce_page_footer.php');
//============================================================+
// END OF FILE
//============================================================+
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment