--- /dev/null
+<?php\r
+/*\r
+UserCake Version: 2.0.2\r
+http://usercake.com\r
+*/\r
+\r
+require_once("models/config.php");\r
+if (!securePage($_SERVER['PHP_SELF'])){die();}\r
+$permissionId = $_GET['id'];\r
+\r
+//Check if selected permission level exists\r
+if(!permissionIdExists($permissionId)){\r
+ header("Location: admin_permissions.php"); die(); \r
+}\r
+\r
+$permissionDetails = fetchPermissionDetails($permissionId); //Fetch information specific to permission level\r
+\r
+//Forms posted\r
+if(!empty($_POST)){\r
+ \r
+ //Delete selected permission level\r
+ if(!empty($_POST['delete'])){\r
+ $deletions = $_POST['delete'];\r
+ if ($deletion_count = deletePermission($deletions)){\r
+ $successes[] = lang("PERMISSION_DELETIONS_SUCCESSFUL", array($deletion_count));\r
+ }\r
+ else {\r
+ $errors[] = lang("SQL_ERROR"); \r
+ }\r
+ }\r
+ else\r
+ {\r
+ //Update permission level name\r
+ if($permissionDetails['name'] != $_POST['name']) {\r
+ $permission = trim($_POST['name']);\r
+ \r
+ //Validate new name\r
+ if (permissionNameExists($permission)){\r
+ $errors[] = lang("ACCOUNT_PERMISSIONNAME_IN_USE", array($permission));\r
+ }\r
+ elseif (minMaxRange(1, 50, $permission)){\r
+ $errors[] = lang("ACCOUNT_PERMISSION_CHAR_LIMIT", array(1, 50)); \r
+ }\r
+ else {\r
+ if (updatePermissionName($permissionId, $permission)){\r
+ $successes[] = lang("PERMISSION_NAME_UPDATE", array($permission));\r
+ }\r
+ else {\r
+ $errors[] = lang("SQL_ERROR");\r
+ }\r
+ }\r
+ }\r
+ \r
+ //Remove access to pages\r
+ if(!empty($_POST['removePermission'])){\r
+ $remove = $_POST['removePermission'];\r
+ if ($deletion_count = removePermission($permissionId, $remove)) {\r
+ $successes[] = lang("PERMISSION_REMOVE_USERS", array($deletion_count));\r
+ }\r
+ else {\r
+ $errors[] = lang("SQL_ERROR");\r
+ }\r
+ }\r
+ \r
+ //Add access to pages\r
+ if(!empty($_POST['addPermission'])){\r
+ $add = $_POST['addPermission'];\r
+ if ($addition_count = addPermission($permissionId, $add)) {\r
+ $successes[] = lang("PERMISSION_ADD_USERS", array($addition_count));\r
+ }\r
+ else {\r
+ $errors[] = lang("SQL_ERROR");\r
+ }\r
+ }\r
+ \r
+ //Remove access to pages\r
+ if(!empty($_POST['removePage'])){\r
+ $remove = $_POST['removePage'];\r
+ if ($deletion_count = removePage($remove, $permissionId)) {\r
+ $successes[] = lang("PERMISSION_REMOVE_PAGES", array($deletion_count));\r
+ }\r
+ else {\r
+ $errors[] = lang("SQL_ERROR");\r
+ }\r
+ }\r
+ \r
+ //Add access to pages\r
+ if(!empty($_POST['addPage'])){\r
+ $add = $_POST['addPage'];\r
+ if ($addition_count = addPage($add, $permissionId)) {\r
+ $successes[] = lang("PERMISSION_ADD_PAGES", array($addition_count));\r
+ }\r
+ else {\r
+ $errors[] = lang("SQL_ERROR");\r
+ }\r
+ }\r
+ $permissionDetails = fetchPermissionDetails($permissionId);\r
+ }\r
+}\r
+\r
+$pagePermissions = fetchPermissionPages($permissionId); //Retrieve list of accessible pages\r
+$permissionUsers = fetchPermissionUsers($permissionId); //Retrieve list of users with membership\r
+$userData = fetchAllUsers(); //Fetch all users\r
+$pageData = fetchAllPages(); //Fetch all pages\r
+\r
+require_once("models/header.php");\r
+echo "\r
+<body>\r
+<div id='wrapper'>\r
+<div id='top'><div id='logo'></div></div>\r
+<div id='content'>\r
+<h1>UserCake</h1>\r
+<h2>Admin Permissions</h2>\r
+<div id='left-nav'>";\r
+\r
+include("left-nav.php");\r
+\r
+echo "\r
+</div>\r
+<div id='main'>";\r
+\r
+echo resultBlock($errors,$successes);\r
+\r
+echo "\r
+<form name='adminPermission' action='".$_SERVER['PHP_SELF']."?id=".$permissionId."' method='post'>\r
+<table class='admin'>\r
+<tr><td>\r
+<h3>Permission Information</h3>\r
+<div id='regbox'>\r
+<p>\r
+<label>ID:</label>\r
+".$permissionDetails['id']."\r
+</p>\r
+<p>\r
+<label>Name:</label>\r
+<input type='text' name='name' value='".$permissionDetails['name']."' />\r
+</p>\r
+<label>Delete:</label>\r
+<input type='checkbox' name='delete[".$permissionDetails['id']."]' id='delete[".$permissionDetails['id']."]' value='".$permissionDetails['id']."'>\r
+</p>\r
+</div></td><td>\r
+<h3>Permission Membership</h3>\r
+<div id='regbox'>\r
+<p>\r
+Remove Members:";\r
+\r
+//List users with permission level\r
+foreach ($userData as $v1) {\r
+ if(isset($permissionUsers[$v1['id']])){\r
+ echo "<br><input type='checkbox' name='removePermission[".$v1['id']."]' id='removePermission[".$v1['id']."]' value='".$v1['id']."'> ".$v1['display_name'];\r
+ }\r
+}\r
+\r
+echo"\r
+</p><p>Add Members:";\r
+\r
+//List users without permission level\r
+foreach ($userData as $v1) {\r
+ if(!isset($permissionUsers[$v1['id']])){\r
+ echo "<br><input type='checkbox' name='addPermission[".$v1['id']."]' id='addPermission[".$v1['id']."]' value='".$v1['id']."'> ".$v1['display_name'];\r
+ }\r
+}\r
+\r
+echo"\r
+</p>\r
+</div>\r
+</td>\r
+<td>\r
+<h3>Permission Access</h3>\r
+<div id='regbox'>\r
+<p>\r
+Public Access:";\r
+\r
+//List public pages\r
+foreach ($pageData as $v1) {\r
+ if($v1['private'] != 1){\r
+ echo "<br>".$v1['page'];\r
+ }\r
+}\r
+\r
+echo"\r
+</p>\r
+<p>\r
+Remove Access:";\r
+\r
+//List pages accessible to permission level\r
+foreach ($pageData as $v1) {\r
+ if(isset($pagePermissions[$v1['id']]) AND $v1['private'] == 1){\r
+ echo "<br><input type='checkbox' name='removePage[".$v1['id']."]' id='removePage[".$v1['id']."]' value='".$v1['id']."'> ".$v1['page'];\r
+ }\r
+}\r
+\r
+echo"\r
+</p><p>Add Access:";\r
+\r
+//List pages inaccessible to permission level\r
+foreach ($pageData as $v1) {\r
+ if(!isset($pagePermissions[$v1['id']]) AND $v1['private'] == 1){\r
+ echo "<br><input type='checkbox' name='addPage[".$v1['id']."]' id='addPage[".$v1['id']."]' value='".$v1['id']."'> ".$v1['page'];\r
+ }\r
+}\r
+\r
+echo"\r
+</p>\r
+</div>\r
+</td>\r
+</tr>\r
+</table>\r
+<p>\r
+<label> </label>\r
+<input type='submit' value='Update' class='submit' />\r
+</p>\r
+</form>\r
+</div>\r
+<div id='bottom'></div>\r
+</div>\r
+</body>\r
+</html>";\r
+\r
+?>\r