Commit c713c91e authored by Ewald's avatar Ewald
Browse files

group rights for modules and tests

parent be3ea474
......@@ -26,10 +26,6 @@
* @author Nicola Asuni
* @since 2008-11-28
*/
/**
*/
require_once('../config/tce_config.php');
$pagelevel = K_AUTH_ADMIN_MODULES;
......@@ -56,6 +52,11 @@ if (isset($_REQUEST['module_user_id'])) {
} else {
$module_user_id = intval($_SESSION['session_user_id']);
}
if (isset($_REQUEST['module_group_id'])) {
$module_group_id = intval($_REQUEST['module_group_id']);
} else {
$module_group_id = 0;
}
if (isset($_REQUEST['module_id']) AND ($_REQUEST['module_id'] > 0)) {
$module_id = intval($_REQUEST['module_id']);
......@@ -158,13 +159,15 @@ switch($menu_mode) {
}
if ($_SESSION['session_user_level'] >= K_AUTH_ADMINISTRATOR) {
$module_user_id = intval($module_user_id);
$module_group_id = intval($module_group_id);
} else {
$module_user_id = intval($_SESSION['session_user_id']);
}
$sql = 'UPDATE '.K_TABLE_MODULES.' SET
module_name=\''.F_escape_sql($db, $module_name).'\',
module_enabled=\''.intval($module_enabled).'\',
module_user_id=\''.$module_user_id.'\'
module_user_id=\''.$module_user_id.'\',
module_group_id=\''.$module_group_id.'\'
WHERE module_id='.$module_id.'';
if(!$r = F_db_query($sql, $db)) {
F_display_db_error(false);
......@@ -191,11 +194,13 @@ switch($menu_mode) {
$sql = 'INSERT INTO '.K_TABLE_MODULES.' (
module_name,
module_enabled,
module_user_id
module_user_id,
module_group_id
) VALUES (
\''.F_escape_sql($db, $module_name).'\',
\''.intval($module_enabled).'\',
\''.$module_user_id.'\'
\''.$module_user_id.'\',
\''.$module_group_id.'\'
)';
if(!$r = F_db_query($sql, $db)) {
F_display_db_error(false);
......@@ -210,6 +215,7 @@ switch($menu_mode) {
$module_name = '';
$module_enabled = true;
$module_user_id = intval($_SESSION['session_user_id']);
$module_group_id = 0;
break;
}
......@@ -227,6 +233,7 @@ if($formstatus) {
$module_name = '';
$module_enabled = true;
$module_user_id = intval($_SESSION['session_user_id']);
$module_group_id = 0;
} else {
$sql = F_select_modules_sql('module_id='.$module_id).' LIMIT 1';
if($r = F_db_query($sql, $db)) {
......@@ -235,10 +242,12 @@ if($formstatus) {
$module_name = $m['module_name'];
$module_enabled = F_getBoolean($m['module_enabled']);
$module_user_id = intval($m['module_user_id']);
$module_group_id = intval($m['module_group_id']);
} else {
$module_name = '';
$module_enabled = true;
$module_user_id = intval($_SESSION['session_user_id']);
$module_group_id = 0;
}
} else {
F_display_db_error();
......@@ -290,7 +299,6 @@ if($r = F_db_query($sql, $db)) {
echo '</select>'.K_NEWLINE;
echo '</span>'.K_NEWLINE;
echo '</div>'.K_NEWLINE;
echo getFormNoscriptSelect('selectrecord');
echo '<div class="row"><hr /></div>'.K_NEWLINE;
......@@ -321,10 +329,23 @@ if ($_SESSION['session_user_level'] >= K_AUTH_ADMINISTRATOR) {
F_display_db_error();
}
echo '</select>'.K_NEWLINE;
// link for user selection popup
$jslink = 'tce_select_users_popup.php?cid=module_user_id';
if (!empty($userids)) {
$uids = implode('x', $userids);
if (strlen(K_PATH_PUBLIC_CODE.$jslink.$uids) < 512) {
// add this filter only if the URL is short
$jslink .= '&amp;uids='.$uids;
}
}
$jsaction = 'selectWindow=window.open(\''.$jslink.'\', \'selectWindow\', \'dependent, height=600, width=800, menubar=no, resizable=yes, scrollbars=yes, status=no, toolbar=no\');return false;';
echo '<a href="#" onclick="'.$jsaction.'" class="xmlbutton" title="'.$l['w_select'].'">...</a>';
} else {
$userdata = '';
$userids[] = $module_user_id;
$sql = 'SELECT user_id, user_lastname, user_firstname, user_name FROM '.K_TABLE_USERS.' WHERE user_id='.$module_user_id.'';
$sql = 'SELECT user_id, user_lastname, user_firstname, user_name FROM '.K_TABLE_USERS.' WHERE user_id IN ( SELECT module_user_id FROM '.K_TABLE_MODULES.' WHERE module_id='.$module_id.');';
if ($r = F_db_query($sql, $db)) {
if ($m = F_db_fetch_array($r)) {
echo '<span style="font-style:italic;color:#333333;">('.$m['user_name'].') '.$m['user_lastname'].' '.$m['user_firstname'].'</span>'.K_NEWLINE;
......@@ -334,46 +355,53 @@ if ($_SESSION['session_user_level'] >= K_AUTH_ADMINISTRATOR) {
F_display_db_error();
}
}
// link for user selection popup
$jslink = 'tce_select_users_popup.php?cid=module_user_id';
if (!empty($userids)) {
$uids = implode('x', $userids);
if (strlen(K_PATH_PUBLIC_CODE.$jslink.$uids) < 512) {
// add this filter only if the URL is short
$jslink .= '&amp;uids='.$uids;
}
}
$jsaction = 'selectWindow=window.open(\''.$jslink.'\', \'selectWindow\', \'dependent, height=600, width=800, menubar=no, resizable=yes, scrollbars=yes, status=no, toolbar=no\');return false;';
echo '<a href="#" onclick="'.$jsaction.'" class="xmlbutton" title="'.$l['w_select'].'">...</a>';
echo '</span>'.K_NEWLINE;
echo '</div>'.K_NEWLINE;
echo '<div class="row">'.K_NEWLINE;
echo '<span class="label">'.K_NEWLINE;
echo '<label>'.$l['w_groups'].'</label>'.K_NEWLINE;
echo '<label>'.$l['w_group'].'</label>'.K_NEWLINE;
echo '</span>'.K_NEWLINE;
echo '<span class="formw">'.K_NEWLINE;
$sqlg = 'SELECT *
FROM '.K_TABLE_GROUPS.', '.K_TABLE_USERGROUP.'
WHERE usrgrp_group_id=group_id
AND usrgrp_user_id='.$module_user_id.'
ORDER BY group_name';
if ($rg = F_db_query($sqlg, $db)) {
echo '<span style="font-style:italic;color#333333;font-size:small;">';
while ($mg = F_db_fetch_array($rg)) {
echo ' · '.$mg['group_name'].'';
$groupids = array();
if ($_SESSION['session_user_level'] >= K_AUTH_ADMINISTRATOR) {
echo '<select name="module_group_id" id="module_group_id" size="0" title="'.$l['h_module_owner'].'" onchange="">'.K_NEWLINE;
$sql = "SELECT group_id, group_name FROM " . K_TABLE_GROUPS. " WHERE group_id IN ( SELECT usrgrp_group_id FROM ".K_TABLE_USERGROUP." WHERE usrgrp_user_id IN
( SELECT user_id FROM ".K_TABLE_USERS." WHERE user_level > 5) ) ORDER BY group_name;";
if ($r = F_db_query($sql, $db)) {
echo '<option value="()">';
while($m = F_db_fetch_array($r)) {
$groupids[] = $m['group_id'];
echo '<option value="'.$m['group_id'].'"';
if ($m['group_id'] == $module_group_id) {
echo ' selected="selected"';
} else {
echo "xxx";
}
echo '>'.htmlspecialchars($m['group_name'].'', ENT_NOQUOTES, $l['a_meta_charset']).'</option>'.K_NEWLINE;
}
echo '</select>'.K_NEWLINE;
}
else {
echo '</select></span></div>'.K_NEWLINE;
F_display_db_error();
}
echo '</span>';
} else {
F_display_db_error();
// $groupdata = '';
// $groupids[] = $module_group_id;
$sql = "SELECT group_id, group_name FROM ".K_TABLE_GROUPS." WHERE group_id IN (SELECT module_group_id FROM ".K_TABLE_MODULES." WHERE module_id = ".$module_id.")";
if ($r = F_db_query($sql, $db)) {
if ($m = F_db_fetch_array($r)) {
echo '<span style="font-style:italic;color:#333333;">'.$m['group_name'].'</span>'.K_NEWLINE;
}
} else {
F_display_db_error();
}
}
echo '</span>'.K_NEWLINE;
echo '</div>'.K_NEWLINE;
echo getFormRowCheckBox('module_enabled', $l['w_enabled'], $l['h_enabled'], '', 1, $module_enabled, false, '');
echo '<div class="row">'.K_NEWLINE;
// show buttons by case
......
......@@ -177,7 +177,11 @@ if (!isset($_REQUEST['test_max_score'])) {
} else {
$test_max_score = floatval($_REQUEST['test_max_score']);
}
if (!isset($_REQUEST['test_user_id'])) {
$test_user_id = intval($_SESSION['session_user_id']);
} else {
$test_user_id = intval($_REQUEST['test_user_id']);
}
$test_max_score_new = 0; // test max score
$qtype = array('S', 'M', 'T', 'O'); // question types
$qordmode = array($l['w_position'], $l['w_alphabetic'], $l['w_id'], $l['w_type'], $l['w_subject']);
......@@ -510,6 +514,7 @@ switch($menu_mode) {
test_score_wrong=\''.$test_score_wrong.'\',
test_score_unanswered=\''.$test_score_unanswered.'\',
test_max_score=\''.$test_max_score.'\',
test_user_id=\''.$test_user_id.'\',
test_score_threshold=\''.$test_score_threshold.'\',
test_random_questions_select=\''.intval($test_random_questions_select).'\',
test_random_questions_order=\''.intval($test_random_questions_order).'\',
......@@ -812,6 +817,7 @@ if ($formstatus) {
$test_score_wrong = 0;
$test_score_unanswered = 0;
$test_max_score = 0;
$test_user_id = 0;
$test_score_threshold = 0;
$test_random_questions_select = true;
$test_random_questions_order = true;
......@@ -844,6 +850,7 @@ if ($formstatus) {
$test_score_wrong = $m['test_score_wrong'];
$test_score_unanswered = $m['test_score_unanswered'];
$test_max_score = $m['test_max_score'];
$test_user_id = $m['test_user_id'];
$test_score_threshold = $m['test_score_threshold'];
$test_random_questions_select = F_getBoolean($m['test_random_questions_select']);
$test_random_questions_order = F_getBoolean($m['test_random_questions_order']);
......@@ -939,12 +946,66 @@ if ($r = F_db_query($sql, $db)) {
}
echo '</select>'.K_NEWLINE;
// link for user selection popup
// link for selection popup
$jsaction = 'selectWindow=window.open(\'tce_select_tests_popup.php?cid=test_id\', \'selectWindow\', \'dependent, height=600, width=800, menubar=no, resizable=yes, scrollbars=yes, status=no, toolbar=no\');return false;';
echo '<a href="#" onclick="'.$jsaction.'" class="xmlbutton" title="'.$l['w_select'].'">...</a>';
echo '</span>'.K_NEWLINE;
echo '<br /><br />'.K_NEWLINE;
echo '</div>'.K_NEWLINE;
// show / edit owner
echo '<div class="row">'.K_NEWLINE;
echo '<span class="label">'.K_NEWLINE;
echo '<label for="test_user_id">'.$l['w_owner'].'</label>'.K_NEWLINE;
echo '</span>'.K_NEWLINE;
echo '<span class="formw">'.K_NEWLINE;
$userids = array();
if ($_SESSION['session_user_level'] >= K_AUTH_ADMINISTRATOR) {
echo '<select name="test_user_id" id="test_user_id" size="0" title="'.$l['h_module_owner'].'" onchange="">'.K_NEWLINE;
$sql = 'SELECT user_id, user_lastname, user_firstname, user_name FROM '.K_TABLE_USERS.' WHERE (user_level>5) ORDER BY user_lastname, user_firstname, user_name';
if ($r = F_db_query($sql, $db)) {
while($m = F_db_fetch_array($r)) {
$userids[] = $m['user_id'];
echo '<option value="'.$m['user_id'].'"';
if ($m['user_id'] == $test_user_id) {
echo ' selected="selected"';
}
echo '>'.htmlspecialchars('('.$m['user_name'].') '.$m['user_lastname'].' '.$m['user_firstname'].'', ENT_NOQUOTES, $l['a_meta_charset']).'</option>'.K_NEWLINE;
}
}
else {
echo '</select></span></div>'.K_NEWLINE;
F_display_db_error();
}
echo '</select>'.K_NEWLINE;
// link for user selection popup
$jslink = 'tce_select_users_popup.php?cid=module_user_id';
if (!empty($userids)) {
$uids = implode('x', $userids);
if (strlen(K_PATH_PUBLIC_CODE.$jslink.$uids) < 512) {
// add this filter only if the URL is short
$jslink .= '&amp;uids='.$uids;
}
}
$jsaction = 'selectWindow=window.open(\''.$jslink.'\', \'selectWindow\', \'dependent, height=600, width=800, menubar=no, resizable=yes, scrollbars=yes, status=no, toolbar=no\');return false;';
echo '<a href="#" onclick="'.$jsaction.'" class="xmlbutton" title="'.$l['w_select'].'">...</a>';
echo '</span>'.K_NEWLINE;
echo '</div>'.K_NEWLINE;
} else {
$userdata = '';
$userids[] = $test_user_id;
$sql = 'SELECT user_id, user_lastname, user_firstname, user_name FROM '.K_TABLE_USERS.' WHERE user_id='.$test_user_id.'';
if ($r = F_db_query($sql, $db)) {
if ($m = F_db_fetch_array($r)) {
echo '<span style="font-style:italic;color:#333333;">('.$m['user_name'].') '.$m['user_lastname'].' '.$m['user_firstname'].'</span>'.K_NEWLINE;
}
} else {
echo '</select></span></div>'.K_NEWLINE;
F_display_db_error();
}
echo '</div>'.K_NEWLINE;
}
echo '</span>'.K_NEWLINE;
echo '</div>'.K_NEWLINE;
echo getFormNoscriptSelect('selectrecord');
......@@ -964,7 +1025,7 @@ echo '<span class="label">'.K_NEWLINE;
echo '<label for="user_groups">'.$l['w_groups'].'</label>'.K_NEWLINE;
echo '</span>'.K_NEWLINE;
echo '<span class="formw">'.K_NEWLINE;
echo '<select name="user_groups[]" id="user_groups" size="5" multiple="multiple">'.K_NEWLINE;
echo '<select name="user_groups[]" id="user_groups" size="10" multiple="multiple">'.K_NEWLINE;
//$sql = F_user_group_select_sql();
$sql = 'SELECT * FROM '.K_TABLE_GROUPS.' ORDER BY group_name';
if ($r = F_db_query($sql, $db)) {
......@@ -1095,8 +1156,6 @@ echo '<br />'.K_NEWLINE;
echo '<input type="hidden" name="test_password" id="test_password" value="'.$test_password.'" />'.K_NEWLINE;
// show buttons by case
if (isset($test_id) AND ($test_id > 0)) {
echo '<span style="background-color:#999999;">';
echo '<input type="checkbox" name="confirmupdate" id="confirmupdate" value="1" title="confirm &rarr; update" />';
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment