pass users rights on modules and tests to another user

admin/code/tce_edit_user.php

@@ -42,6 +42,7 @@ require_once('../code/tce_page_header.php');
 require_once('../../shared/code/tce_functions_form.php');
 require_once('../../shared/code/tce_functions_otp.php');
 require_once('tce_functions_user_select.php');
+require_once('tce_functions_uibk_addons.php');
 
 if (isset($_REQUEST['user_id'])) {
 	$user_id = intval($_REQUEST['user_id']);
@@ -78,7 +79,23 @@ switch($menu_mode) { // process submitted data
 			F_print_error('ERROR', $l['m_authorization_denied']);
 			break;
 		}
-		F_print_error('WARNING', $l['m_delete_confirm']);
+		//user can't be deleted if they own any tests or modules -> pass rights to other user
+		if (F_check_user_in_tables($user_id)){
+			F_print_error('WARNING', $l['m_user_found_in_tables']);
+			?>
+				<div class="confirmbox">
+				<form action="<?php echo 'tce_inheritfrom_user.php?user_id_old='.$user_id; ?>" method="post" enctype="multipart/form-data" id="form_inherit">
+				<div>
+				<input type="hidden" name="user_id" id="user_id" value="<?php echo $user_id; ?>" />
+				<input type="hidden" name="user_name" id="user_name" value="<?php echo stripslashes($user_name); ?>" />
+				<?php F_submit_button('inherit', $l['w_inherit'], $l['h_inherit']);	?>
+				</div>
+				</form>
+				</div>
+			<?php
+			break;
+		}
+		else F_print_error('WARNING', $l['m_delete_confirm']);
 		?>
 		<div class="confirmbox">
 		<form action="<?php echo $_SERVER['SCRIPT_NAME']; ?>" method="post" enctype="multipart/form-data" id="form_delete">

admin/code/tce_functions_uibk_addons.php

@@ -196,6 +196,32 @@ function F_show_select_questions_only($wherequery, $subject_module_id, $subject_
 	echo $questlist;
 	return TRUE;
 }
+/**
+ * check if user_id can be found in any tables
+ * tables involved: subjects, tests
+ * @author Ewald Strohmar-Mauler
+ * @since 2016-11
+ * @param $user_id (string) user id
+ * @return false in case of empty result, true otherwise
+ */
+function F_check_user_in_tables($user_id) {
+	global $l, $db;
+	$sql = 'SELECT * FROM '.K_TABLE_SUBJECTS.' WHERE subject_user_id = ' . $user_id .';';
+	if (!$r = F_db_query($sql, $db)) {
+		F_display_db_error(false);
+	} else {
+		$num = F_db_num_rows($r);
+		if ($num > 0) return true;
+	}
+	$sql = 'SELECT * FROM '.K_TABLE_TESTS.' WHERE test_user_id = ' . $user_id .';';
+	if (!$r = F_db_query($sql, $db)) {
+		F_display_db_error(false);
+	} else {
+		$num = F_db_num_rows($r);
+			if ($num > 0) return true;
+	}
+	return false;
+}
 
 
 //============================================================+

admin/code/tce_inheritfrom_user.php

+<?php
+//============================================================+
+// File name   : tce_inheritfrom_user.php
+// Begin       : 2017-01-10
+// Last Update : 2017-
+//
+// Description : Form to pass user's rights on modules and tests to another user
+//
+// Author: ESM
+//
+//============================================================+
+
+/**
+ * @file
+ * Form to pass user's rights on modules and tests to another user
+ * @package com.tecnick.tcexam.admin
+ * @author ESM
+ * @since 2017-01-10
+ */
+
+require_once('../config/tce_config.php');
+
+$pagelevel = K_AUTH_ADMIN_USERS;
+require_once('../../shared/code/tce_authorization.php');
+
+$thispage_title = $l['t_user_inherit'];
+$goback= false;
+require_once('../code/tce_page_header.php');
+
+require_once('../../shared/code/tce_functions_form.php');
+require_once('../../shared/code/tce_functions_otp.php');
+require_once('tce_functions_user_select.php');
+
+if (isset($_REQUEST['user_id_old'])) {
+	$user_id_old = intval($_REQUEST['user_id_old']);
+	if (!F_isAuthorizedEditorForUser($user_id_old)) {
+		F_print_error('ERROR', $l['m_authorization_denied']);
+		exit;
+	}
+}
+if (isset($_REQUEST['user_id'])) {
+	$user_id = intval($_REQUEST['user_id']);
+	if (!F_isAuthorizedEditorForUser($user_id)) {
+		F_print_error('ERROR', $l['m_authorization_denied']);
+		exit;
+	}
+}
+if (isset($_REQUEST['group_id'])) {
+	$group_id = intval($_REQUEST['group_id']);
+	if (!F_isAuthorizedEditorForGroup($group_id)) {
+		F_print_error('ERROR', $l['m_authorization_denied']);
+		exit;
+	}
+}
+if (isset($_REQUEST['user_level'])) {
+	$user_level = intval($_REQUEST['user_level']);
+	if ($_SESSION['session_user_level'] < K_AUTH_ADMINISTRATOR) {
+		if ($user_id_old == $_SESSION['session_user_id']) {
+			// you cannot change your own level
+			$user_level = $_SESSION['session_user_level'];
+		} else {
+			// you cannot create a user with a level equal or higher than yours
+			$user_level = min(max(0, ($_SESSION['session_user_level'] - 1)), $user_level);
+		}
+	}
+}
+
+switch($menu_mode) { // process submitted data
+
+	case 'update':{ 
+		if (!isset($_REQUEST['user_id_old']) OR !isset($_REQUEST['user_id'] )) {
+			F_print_error('WARNING', $l['m_form_missing_fields']);
+			F_stripslashes_formfields();
+			break;
+		}
+		
+		//db update
+		$sql = 'UPDATE '.K_TABLE_MODULES.' SET
+		module_user_id='.$_POST["user_id"].'
+		WHERE module_user_id='.$_POST["user_id_old"].';';
+	 	if (!$r = F_db_query($sql, $db)) {
+	 		F_display_db_error(false);
+	 	}
+		
+		$sql = 'UPDATE '.K_TABLE_SUBJECTS.' SET
+		subject_user_id='.$_POST["user_id"].'
+		WHERE subject_user_id='.$_POST["user_id_old"].';';
+		if (!$r = F_db_query($sql, $db)) {
+			F_display_db_error(false);
+		}
+		
+		$sql = 'UPDATE '.K_TABLE_TESTS.' SET
+		test_user_id='.$_POST["user_id"].'
+		WHERE test_user_id = ' . $_POST["user_id_old"] .';';
+		if (!$r = F_db_query($sql, $db)) {
+			F_display_db_error(false);
+		}
+ 		F_print_error('MESSAGE', $l['m_user_updated']);
+		//go back to tce_edit_user
+ 		$goback = true;	
+			break;	
+		}
+
+	default :{
+		break;
+	}
+
+} //end of switch
+
+echo '<div class="container">'.K_NEWLINE;
+echo '<div class="tceformbox">'.K_NEWLINE;
+echo '<form action="'.$_SERVER['SCRIPT_NAME'].'" method="post" enctype="multipart/form-data" id="form_userinherit">'.K_NEWLINE;
+
+//old user
+echo '<div class="row">'.K_NEWLINE;
+echo '<span class="label">'.K_NEWLINE;
+echo '<label for="user_id_old">'.$l['w_user_old'].'</label>'.K_NEWLINE;
+echo '</span>'.K_NEWLINE;
+echo '<span class="formw">'.K_NEWLINE;
+echo '<select name="user_id_old" id="user_id_old" size="0" onchange="document.getElementById(\'form_userinherit\').submit()">'.K_NEWLINE;
+echo '<option value="0" style="background-color:#009900;color:white;"';
+echo '>+</option>'.K_NEWLINE;
+$sql = 'SELECT user_id, user_lastname, user_firstname, user_name FROM '.K_TABLE_USERS.' WHERE user_id='. $_REQUEST["user_id_old"].";";
+if ($r = F_db_query($sql, $db)) {
+	$countitem = 1;
+	while($m = F_db_fetch_array($r)) {
+		echo '<option value="'.$m['user_id'].'"';
+		if ($m['user_id'] == $user_id_old) {
+			echo ' selected="selected"';
+		}
+		echo '>'.$countitem.'. '.htmlspecialchars($m['user_lastname'].' '.$m['user_firstname'].' - '.$m['user_name'].'', ENT_NOQUOTES, $l['a_meta_charset']).'</option>'.K_NEWLINE;
+		$countitem++;
+}
+} else {
+	echo '</select></span></div>'.K_NEWLINE;
+	F_display_db_error();
+}
+echo '</select>'.K_NEWLINE;
+echo '</span>'.K_NEWLINE;
+echo '</div>'.K_NEWLINE;
+echo "<br /><br />";
+
+//new user
+echo '<div class="row">'.K_NEWLINE;
+echo '<span class="label">'.K_NEWLINE;
+echo '<label for="user_id">'.$l['w_user_new'].'</label>'.K_NEWLINE;
+echo '</span>'.K_NEWLINE;
+echo '<span class="formw">'.K_NEWLINE;
+echo '<select name="user_id" id="user_id" size="0" onchange="document.getElementById(\'form_usereditor\').submit()">'.K_NEWLINE;
+echo '<option value="0" style="background-color:#009900;color:white;"';
+$user_id = FALSE;
+echo '>+</option>'.K_NEWLINE;
+$sql = 'SELECT user_id, user_lastname, user_firstname, user_name FROM '.K_TABLE_USERS.' WHERE (user_id>1 AND user_level >= 6)';
+$sql .= ' ORDER BY user_lastname, user_firstname, user_name';
+F_print_error('INFO', $sql);
+if ($r = F_db_query($sql, $db)) {
+	$countitem = 1;
+	while($m = F_db_fetch_array($r)) {
+		echo '<option value="'.$m['user_id'].'"';
+		echo '>'.$countitem.'. '.htmlspecialchars($m['user_lastname'].' '.$m['user_firstname'].' - '.$m['user_name'].'', ENT_NOQUOTES, $l['a_meta_charset']).'</option>'.K_NEWLINE;
+		$countitem++;
+	}
+} else {
+	echo '</select></span></div>'.K_NEWLINE;
+	F_display_db_error();
+}
+
+echo '</select>'.K_NEWLINE;
+echo '</span>'.K_NEWLINE;
+echo '</div>'.K_NEWLINE;
+
+echo getFormNoscriptSelect('selectrecord');
+echo '<div class="row"><hr /></div>'.K_NEWLINE;
+if (!$goback){
+	F_submit_button('update', $l['w_inherit'], $l['h_inherit']);
+} else 
+{		
+	echo '<a href="tce_edit_user.php?user_id='.$_POST["user_id_old"].'" class="xmlbutton">'.$l['w_back'].'</a>';
+}
+echo '<input type="hidden" name="user_name_new" id="user_name_new" value="'.$user_id .'" />'.K_NEWLINE;
+echo '<input type="hidden" name="ff_required" id="ff_required" value="user_name" />'.K_NEWLINE;
+echo '<input type="hidden" name="ff_required_labels" id="ff_required_labels" value="'.htmlspecialchars($l['w_name'], ENT_COMPAT, $l['a_meta_charset']).'" />'.K_NEWLINE;
+echo '</div>'.K_NEWLINE;
+echo '</form>'.K_NEWLINE;
+echo '</div>'.K_NEWLINE;
+echo '</div>'.K_NEWLINE;
+require_once('../code/tce_page_footer.php');
+
+//============================================================+
+// END OF FILE
+//============================================================+