Hệ thống quản lý phòng khám trực tuyến bằng PHP
1 <?php
2 $currDir = dirname(__FILE__);
3 require("{$currDir}/incCommon.php");
4
5 // tables list
6 $tables = getTableList();
7
8 // ensure that a memberID is provided
9 if(!isset($_REQUEST['memberID'])){
10 // error in request. redirect to members page.
11 redirect('admin/pageViewMembers.php');
12 }
13
14 $memberID = new Request('memberID', 'strtolower');
15
16 // validate memberID exists and is not guest and is not admin
17 $anonymousMember = strtolower($adminConfig['anonymousMember']);
18 $anonymousGroup = $adminConfig['anonymousGroup'];
19 $anonGroupID = sqlValue("select groupID from membership_groups where lcase(name)='" . strtolower(makeSafe($anonymousGroup)) . "'");
20 $adminGroupID = sqlValue("select groupID from membership_groups where name='Admins'");
21 $groupID = sqlValue("select groupID from membership_users where lcase(memberID)='{$memberID->sql}'");
22 $group = sqlValue("select name from membership_groups where groupID='{$groupID}'");
23 if($groupID == $anonGroupID || $memberID->raw == $anonymousMember || !$groupID || $groupID == $adminGroupID || $memberID->raw == $adminConfig['adminUsername']){
24 // error in request. redirect to members page.
25 redirect('admin/pageViewMembers.php');
26 }
27
28 // request to save changes?
29 if(isset($_POST['saveChanges'])){
30 // validate data
31 foreach ($tables as $t => $tc){
32 eval("
33 \${$t}_insert = checkPermissionVal('{$t}_insert');
34 \${$t}_view = checkPermissionVal('{$t}_view');
35 \${$t}_edit = checkPermissionVal('{$t}_edit');
36 \${$t}_delete = checkPermissionVal('{$t}_delete');
37 ");
38 }
39
40 // reset then add member permissions
41 sql("delete from membership_userpermissions where lcase(memberID)='{$memberID->sql}'", $eo);
42
43 // add new member permissions
44 $query = "insert into membership_userpermissions (memberID, tableName, allowInsert, allowView, allowEdit, allowDelete) values ";
45 foreach ($tables as $t => $tc){
46 $insert = "{$t}_insert";
47 $view = "{$t}_view";
48 $edit = "{$t}_edit";
49 $delete = "{$t}_delete";
50 $query .= "('{$memberID->sql}', '{$t}', '${$insert}', '${$view}', '${$edit}', '${$delete}'),";
51 }
52 $query = substr($query, 0, -1);
53 sql($query, $eo);
54
55 // redirect to member permissions page
56 redirect("admin/pageEditMemberPermissions.php?saved=1&memberID=" . $memberID->url);
57 }elseif(isset($_POST['resetPermissions'])){
58 sql("delete from membership_userpermissions where lcase(memberID)='{$memberID->sql}'", $eo);
59 // redirect to member permissions page
60 redirect("admin/pageEditMemberPermissions.php?reset=1&memberID=" . $memberID->url);
61 }
62
63 $GLOBALS['page_title'] = $Translation['user table permissions'];
64 include("{$currDir}/incHeader.php");
65
66 // fetch group permissions to fill in the form below in case user has no special permissions
67 $res1 = sql("select * from membership_grouppermissions where groupID='{$groupID}'", $eo);
68 while ($row = db_fetch_assoc($res1)){
69 $tableName = $row['tableName'];
70 $vIns = $tableName . "_insert";
71 $vUpd = $tableName . "_edit";
72 $vDel = $tableName . "_delete";
73 $vVue = $tableName . "_view";
74 $$vIns = $row['allowInsert'];
75 $$vUpd = $row['allowEdit'];
76 $$vDel = $row['allowDelete'];
77 $$vVue = $row['allowView'];
78 }
79
80 // fetch user permissions to fill in the form below, overwriting his group permissions
81 $res2 = sql("select * from membership_userpermissions where lcase(memberID)='{$memberID->sql}'", $eo);
82 while ($row = db_fetch_assoc($res2)){
83 $tableName = $row['tableName'];
84 $vIns = $tableName . "_insert";
85 $vUpd = $tableName . "_edit";
86 $vDel = $tableName . "_delete";
87 $vVue = $tableName . "_view";
88 $$vIns = $row['allowInsert'];
89 $$vUpd = $row['allowEdit'];
90 $$vDel = $row['allowDelete'];
91 $$vVue = $row['allowView'];
92 }
93 ?>
94
95 <!-- show notifications -->
96 <?php
97 if(isset($_GET['saved'])){
98 echo Notification::show(array(
99 'message' => "<i class=\"glyphicon glyphicon-ok\"></i> {$Translation['member permissions saved']}",
100 'class' => 'success',
101 'dismiss_seconds' => 10
102 ));
103 }elseif(isset($_GET['reset'])){
104 echo Notification::show(array(
105 'message' => "<i class=\"glyphicon glyphicon-ok\"></i> {$Translation['member permissions reset']}",
106 'class' => 'success',
107 'dismiss_seconds' => 10
108 ));
109 }
110 ?>
111
112 <div class="page-header">
113 <h1>
114 <?php
115 echo str_replace(
116 array('<MEMBER>', '<MEMBERID>', '<GROUPID>', '<GROUP>'),
117 array($memberID->url, $memberID->html, $groupID, $group),
118 $Translation['user table permissions']
119 );
120 ?>
121 </h1>
122 </div>
123
124 <form method="post" action="pageEditMemberPermissions.php">
125 <input type="hidden" name="memberID" value="<?php echo $memberID->attr; ?>">
126
127 <div class="text-right" style="margin: 2em 0;">
128 <?php
129 if(!db_num_rows($res2)){
130 echo Notification::show(array(
131 'message' => '<i class="glyphicon glyphicon-user"></i> ' . $Translation["no member permissions"],
132 'class' => 'info',
133 'dismiss_seconds' => 3600
134 ));
135 }else{
136 ?>
137 <button type="submit" name="resetPermissions" value="1" class="btn btn-warning btn-lg reset-permissions">
138 <i class="glyphicon glyphicon-refresh"></i>
139 <?php echo html_attr($Translation['reset member permissions']); ?>
140 </button>
141 <?php
142 }
143
144 // permissions arrays common to the radio groups below
145 $arrPermVal = array(0, 1, 2, 3);
146 $arrPermText = array($Translation["no"], $Translation["owner"], $Translation["group"], $Translation["all"]);
147 ?>
148 <button type="submit" name="saveChanges" value="1" class="btn btn-primary btn-lg"><i class="glyphicon glyphicon-ok"></i> <?php echo $Translation["save changes"]; ?></button>
149 </div>
150
151 <div class="table-responsive">
152 <table class="table table-striped table-hover">
153 <thead>
154 <tr>
155 <th width="30%"><?php echo $Translation["table"]; ?></th>
156 <th width="10%" class="text-center"><?php echo $Translation["insert"]; ?></th>
157 <th width="20%"><?php echo $Translation["view"]; ?></th>
158 <th width="20%"><?php echo $Translation["edit"]; ?></th>
159 <th width="20%"><?php echo $Translation["delete"]; ?></th>
160 </tr>
161 </thead>
162 <tbody>
163 <?php
164 foreach ($tables as $t => $tc){
165 $insert = "{$t}_insert";
166 $view = "{$t}_view";
167 $edit = "{$t}_edit";
168 $delete = "{$t}_delete";
169 ?>
170 <!-- <?php echo $tc; ?> table -->
171 <tr>
172 <th valign="top"><?php echo $tc; ?></th>
173 <td valign="top" class="text-center">
174 <input type="checkbox" name="<?php echo $t; ?>_insert" value="1" <?php echo ($$insert ? "checked" : ""); ?>>
175 </td>
176 <td>
177 <?php echo htmlRadioGroup("{$t}_view", $arrPermVal, $arrPermText, $$view); ?>
178 </td>
179 <td>
180 <?php echo htmlRadioGroup("{$t}_edit", $arrPermVal, $arrPermText, $$edit); ?>
181 </td>
182 <td>
183 <?php echo htmlRadioGroup("{$t}_delete", $arrPermVal, $arrPermText, $$delete); ?>
184 </td>
185 </tr>
186 <?php
187 }
188 ?>
189 </tbody>
190 <tfoot class="hidden-xs"><tr><th colspan="5"></th></tr></tfoot>
191 </table>
192 </div>
193
194 <div class="text-right">
195 <button type="submit" name="saveChanges" value="1" class="hidden-xs hidden-sm btn btn-primary btn-lg"><i class="glyphicon glyphicon-ok"></i> <?php echo $Translation["save changes"]; ?></button>
196 <button type="submit" name="saveChanges" value="1" class="hidden-md hidden-lg btn btn-primary btn-lg btn-block"><i class="glyphicon glyphicon-ok"></i> <?php echo $Translation["save changes"]; ?></button>
197 </div>
198 </form>
199
200 <div style="height: 3em;"></div>
201
202 <style>
203 div.text-primary label{ font-weight: bold; }
204 </style>
205
206 <script>
207 $j(function (){
208 var highlight_selections = function (){
209 $j('input[type=radio]').parent().parent().removeClass('text-primary');
210 $j('input[type=radio]:checked').parent().parent().addClass('text-primary');
211 }
212
213 $j('button.reset-permissions').click(function(){
214 return confirm('<?php echo html_attr($Translation["remove special permissions"]); ?>');
215 })
216
217 $j('input[type=radio]').change(highlight_selections);
218 highlight_selections();
219 });
220 </script>
221
222 <?php
223 include("{$currDir}/incFooter.php");
224 ?>