@ -39,10 +39,6 @@ if ($action = hesk_REQUEST('a')) {
create();
} elseif ($action == 'delete') {
deleteTemplate();
} elseif ($action == 'addadmin') {
toggleAdmin(true);
} elseif ($action == 'deladmin') {
toggleAdmin(false);
}
}
@ -51,34 +47,20 @@ require_once(HESK_PATH . 'inc/headerAdmin.inc.php');
/* Print main manage users page */
require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
?>
< script language = "Javascript" type = "text/javascript" > < ! - -
function confirm_delete() {
if (confirm('<?php echo hesk_makeJsString ( $hesklang [ 'confirm_del_cat' ]); ?> ')) {
return true;
}
else {
return false;
}
}
//-->
< / script >
<?php
$modsForHesk_settings = mfh_getSettings();
$res = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "permission_templates` ORDER BY `name` ASC");
$templates = array();
while ($row = hesk_dbFetchAssoc($res)) {
array_push($templates, $row) ;
$templates[] = $row;
}
$featureArray = hesk_getFeatureArray();
$orderBy = $modsForHesk_settings['category_order_column'];
$res = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` ORDER BY `" . $orderBy . "` ASC");
$categories = array();
while ($row = hesk_dbFetchAssoc($res)) {
array_push($categories, $row) ;
$categories[] = $row ;
}
?>
< div class = "content-wrapper" >
@ -87,9 +69,9 @@ while ($row = hesk_dbFetchAssoc($res)) {
< div class = "box" >
< div class = "box-header with-border" >
< h1 class = "box-title" >
<?php echo $hesklang [ 'manage_permission_ template s']; ?>
<?php echo $hesklang [ 'manage_permission_ group s']; ?>
< i class = "fa fa-question-circle settingsquestionmark" data-toggle = "tooltip" data-placement = "right"
title="<?php echo $hesklang [ 'manage_permission_ template s_help']; ?> "></ i >
title="<?php echo $hesklang [ 'manage_permission_ group s_help']; ?> "></ i >
< / h1 >
< div class = "box-tools pull-right" >
< button type = "button" class = "btn btn-box-tool" data-widget = "collapse" >
@ -99,7 +81,7 @@ while ($row = hesk_dbFetchAssoc($res)) {
< / div >
< div class = "box-body" >
< a href = "#" data-toggle = "modal" data-target = "#modal-template-new" class = "btn btn-success nu-floatRight" >
< i class = "fa fa-plus-circle" ></ i > <?php echo $hesklang [ 'create_new_ template ']; ?>
< i class = "fa fa-plus-circle" ></ i > <?php echo $hesklang [ 'create_new_ group ']; ?>
< / a >
< table class = "table table-striped" >
< thead >
@ -115,28 +97,11 @@ while ($row = hesk_dbFetchAssoc($res)) {
< td >
< a href = "#" data-toggle = "modal" data-target = "#modal-template- <?php echo $row [ 'id' ] ?> " >
< i class = "fa fa-pencil icon-link" data-toggle = "tooltip"
title="<?php echo $hesklang [ 'view_permissions_for_this_template' ] ?> "></ i ></ a >
<?php if ( $row [ 'id' ] == 1 ) { ?>
< i class = "fa fa-star icon-link orange" data-toggle = "tooltip"
title="<?php echo $hesklang [ 'admin_cannot_be_staff' ]; ?> "></ i ></ a >
<?php } elseif ( $row [ 'heskprivileges' ] == 'ALL' && $row [ 'categories' ] == 'ALL' ){ ?>
< a href = "manage_permission_templates.php?a=deladmin&id= <?php echo $row [ 'id' ]; ?> " >
< i class = "fa fa-star icon-link orange" data-toggle = "tooltip"
title="<?php echo $hesklang [ 'template_has_admin_privileges' ]; ?> "></ i ></ a >
<?php } elseif ( $row [ 'id' ] != 2 ) { ?>
< a href = "manage_permission_templates.php?a=addadmin&id= <?php echo $row [ 'id' ]; ?> " >
< i class = "fa fa-star-o icon-link gray" data-toggle = "tooltip"
title="<?php echo $hesklang [ 'template_has_no_admin_privileges' ]; ?> "></ i ></ a >
<?php
} else {
?>
< i class = "fa fa-star-o icon-link gray" data-toggle = "tooltip"
title="<?php echo $hesklang [ 'staff_cannot_be_admin' ]; ?> "></ i >
<?php
}
title="<?php echo $hesklang [ 'view_permissions_for_this_group' ] ?> "></ i ></ a >
<?php
if ($row['id'] != 1 & & $row['id'] != 2):
?>
< a href = "manage_permission_ template s.php?a=delete&id=<?php echo $row [ 'id' ]; ?> " >
< a href = "manage_permission_groups.php?a=delete&id= <?php echo $row [ 'id' ]; ?> " >
< i class = "fa fa-times icon-link red" data-toggle = "tooltip"
title="<?php echo $hesklang [ 'delete' ]; ?> "></ i ></ a >
<?php endif ; ?>
@ -172,12 +137,10 @@ function createEditModal($template, $features, $categories)
{
global $hesklang;
$showNotice = true;
$disabled = 'checked="checked" disabled';
$enabledFeatures = array();
$enabledCategories = array();
if ($template['heskprivileges'] != 'ALL') {
$showNotice = false;
$disabled = '';
$enabledFeatures = explode(',', $template['heskprivileges']);
$enabledCategories = explode(',', $template['categories']);
@ -187,30 +150,23 @@ function createEditModal($template, $features, $categories)
aria-labelledby="myLargeModalLabel" aria-hidden="true">
< div class = "modal-dialog modal-lg" >
< div class = "modal-content" >
< form action = "manage_permission_ template s.php" role = "form" method = "post" id = "form <?php echo $template [ 'id' ]; ?> " >
< form action = "manage_permission_ group s.php" role = "form" method = "post" id = "form <?php echo $template [ 'id' ]; ?> " >
< div class = "modal-header" >
< button type = "button" class = "close" data-dismiss = "modal" aria-label = "Close" > < span
aria-hidden="true">× < / span > < / button >
< h4 class = "modal-title" > <?php echo sprintf ( $hesklang [ 'permissions_for_ template '], $template [ 'name' ]); ?> </ h4 >
< h4 class = "modal-title" > <?php echo sprintf ( $hesklang [ 'permissions_for_ group '], $template [ 'name' ]); ?> </ h4 >
< / div >
< div class = "modal-body" >
< div class = "row" >
<?php if ( $showNotice ) : ?>
< div class = "col-sm-12" >
< div class = "alert alert-info" >
< i class = "fa fa-info-circle" ></ i > <?php echo $hesklang [ 'template_is_admin_cannot_change' ]; ?>
< / div >
< / div >
<?php endif ; ?>
< div class = "form-group" >
< div class = "col-sm-2" >
< label for = "name"
class="control-label"><?php echo $hesklang [ ' template _name']; ?> </ label >
class="control-label"><?php echo $hesklang [ 'group_name' ]; ?> </ label >
< / div >
< div class = "col-sm-10" >
< input type = "text" class = "form-control" name = "name"
value="<?php echo htmlspecialchars ( $template [ 'name' ]); ?> "
placeholder="<?php echo htmlspecialchars ( $hesklang [ ' template _name']); ?> "
placeholder="<?php echo htmlspecialchars ( $hesklang [ ' group _name']); ?> "
data-error="<?php echo htmlspecialchars ( $hesklang [ 'this_field_is_required' ]); ?> "
required>
< div class = "help-block with-errors" > < / div >
@ -228,7 +184,7 @@ function createEditModal($template, $features, $categories)
< label >
<?php
$checked = '';
if (in_array($category['id'], $enabledCategories) & & !$showNotice ) {
if (in_array($category['id'], $enabledCategories)) {
$checked = 'checked';
} ?>
< input type = "checkbox" name = "categories[]"
@ -249,7 +205,7 @@ function createEditModal($template, $features, $categories)
< div class = "checkbox" >
< label > <?php
$checked = '';
if (in_array($feature, $enabledFeatures) & & !$showNotice ) {
if (in_array($feature, $enabledFeatures)) {
$checked = 'checked';
} ?>
< input type = "checkbox" name = "features[]"
@ -266,9 +222,6 @@ function createEditModal($template, $features, $categories)
< div class = "modal-footer" >
< input type = "hidden" name = "a" value = "save" >
< input type = "hidden" name = "template_id" value = " <?php echo $template [ 'id' ]; ?> " >
<?php if ( $showNotice ) : ?>
< input type = "hidden" name = "name_only" value = "1" >
<?php endif ; ?>
< div class = "btn-group" >
< input type = "submit" class = "btn btn-success"
value="<?php echo $hesklang [ 'save_changes' ]; ?> ">
@ -291,22 +244,22 @@ function buildCreateModal($features, $categories)
aria-hidden="true">
< div class = "modal-dialog modal-lg" >
< div class = "modal-content" >
< form action = "manage_permission_ template s.php" role = "form" method = "post" id = "createForm" >
< form action = "manage_permission_ group s.php" role = "form" method = "post" id = "createForm" >
< div class = "modal-header" >
< button type = "button" class = "close" data-dismiss = "modal" aria-label = "Close" > < span
aria-hidden="true">× < / span > < / button >
< h4 class = "modal-title" > <?php echo $hesklang [ 'create_new_ template _title']; ?> </ h4 >
< h4 class = "modal-title" > <?php echo $hesklang [ 'create_new_ group _title']; ?> </ h4 >
< / div >
< div class = "modal-body" >
< div class = "row" >
< div class = "form-group" >
< div class = "col-sm-2" >
< label for = "name"
class="control-label"><?php echo $hesklang [ ' template _name']; ?> </ label >
class="control-label"><?php echo $hesklang [ ' group _name']; ?> </ label >
< / div >
< div class = "col-sm-10" >
< input type = "text" class = "form-control" name = "name"
placeholder="<?php echo $hesklang [ ' template _name']; ?> " required>
placeholder="<?php echo $hesklang [ ' group _name']; ?> " required>
< div class = "help-block with-errors" > < / div >
< / div >
< / div >
@ -381,40 +334,34 @@ function save()
WHERE `id` = " . intval($templateId));
$row = hesk_dbFetchAssoc($res);
if (hesk_POST('name_only', 0)) {
// We are only able to update the name
$name = hesk_POST('name');
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "permission_templates`
SET `name` = '" . hesk_dbEscape($name) . "' WHERE `id` = " . intval($templateId));
} else {
// Add 'can ban emails' if 'can unban emails' is set (but not added). Same with 'can ban ips'
$catArray = hesk_POST_array('categories');
$featArray = hesk_POST_array('features');
validate($featArray, $catArray);
if (in_array('can_unban_emails', $featArray) & & !in_array('can_ban_emails', $featArray)) {
array_push($catArray, 'can_ban_emails');
}
if (in_array('can_unban_ips', $featArray) & & !in_array('can_ban_ips', $featArray)) {
array_push($featArray, 'can_ban_ips');
}
$categories = implode(',', $catArray);
$features = implode(',', $featArray);
$name = hesk_POST('name');
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "permission_templates`
SET `categories` = '" . hesk_dbEscape($categories) . "', `heskprivileges` = '" . hesk_dbEscape($features) . "',
`name` = '" . hesk_dbEscape($name) . "'
WHERE `id` = " . intval($templateId));
if ($row['categories'] != $categories || $row['heskprivileges'] != $features) {
// Any users with this template should be switched to "custom"
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET `permission_template` = NULL
WHERE `permission_template` = " . intval($templateId));
}
// Add 'can ban emails' if 'can unban emails' is set (but not added). Same with 'can ban ips'
$catArray = hesk_POST_array('categories');
$featArray = hesk_POST_array('features');
validate($featArray, $catArray);
if (in_array('can_unban_emails', $featArray) & & !in_array('can_ban_emails', $featArray)) {
array_push($catArray, 'can_ban_emails');
}
if (in_array('can_unban_ips', $featArray) & & !in_array('can_ban_ips', $featArray)) {
array_push($featArray, 'can_ban_ips');
}
$categories = implode(',', $catArray);
$features = implode(',', $featArray);
$name = hesk_POST('name');
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "permission_templates`
SET `categories` = '" . hesk_dbEscape($categories) . "', `heskprivileges` = '" . hesk_dbEscape($features) . "',
`name` = '" . hesk_dbEscape($name) . "'
WHERE `id` = " . intval($templateId));
if ($row['categories'] != $categories || $row['heskprivileges'] != $features) {
// Any users with this template should have their permissions updated
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET `heskprivileges` = '" . hesk_dbEscape($features) . "',
`categories` = '" . hesk_dbEscape($categories) . "'
WHERE `permission_template` = " . intval($templateId));
}
hesk_process_messages($hesklang['permission_template _updated'], $_SERVER['PHP_SELF'], 'SUCCESS');
hesk_process_messages($hesklang['permission_group_updated'], $_SERVER['PHP_SELF'], 'SUCCESS');
}
function create()
@ -439,7 +386,7 @@ function create()
hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "permission_templates` (`name`, `heskprivileges`, `categories`)
VALUES ('" . hesk_dbEscape($name) . "', '" . hesk_dbEscape($features) . "', '" . hesk_dbEscape($categories) . "')");
hesk_process_messages($hesklang['template _created'], $_SERVER['PHP_SELF'], 'SUCCESS');
hesk_process_messages($hesklang['group _created'], $_SERVER['PHP_SELF'], 'SUCCESS');
}
function validate($features, $categories, $create = false, $name = '')
@ -449,7 +396,7 @@ function validate($features, $categories, $create = false, $name = '')
$errorMarkup = '< ul > ';
$isValid = true;
if ($create & & $name == '') {
$errorMarkup .= '< li > ' . $hesklang['template _name_required'] . '< / li > ';
$errorMarkup .= '< li > ' . $hesklang['group _name_required'] . '< / li > ';
$isValid = false;
}
if (count($features) == 0) {
@ -463,7 +410,7 @@ function validate($features, $categories, $create = false, $name = '')
$errorMarkup .= '< / ul > ';
if (!$isValid) {
$error = sprintf($hesklang['permission_template _error'], $errorMarkup);
$error = sprintf($hesklang['permission_group _error'], $errorMarkup);
hesk_process_messages($error, $_SERVER['PHP_SELF']);
}
return true;
@ -483,36 +430,14 @@ function deleteTemplate()
// Otherwise delete the template
hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "permission_templates` WHERE `id` = " . intval($id));
if (hesk_dbAffectedRows() != 1) {
hesk_process_messages($hesklang['no_templates _were_deleted'], $_SERVER['PHP_SELF']);
hesk_process_messages($hesklang['no_group _were_deleted'], $_SERVER['PHP_SELF']);
}
hesk_process_messages($hesklang['permission_template_deleted'], $_SERVER['PHP_SELF'], 'SUCCESS');
}
function toggleAdmin($admin)
{
global $hesk_settings, $hesklang;
$id = hesk_GET('id');
// Move all users who used to be in this group to "custom"
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET `permission_template` = NULL
WHERE `permission_template` = " . intval($id));
if ($id == 1 || $id == 2) {
hesk_process_messages($hesklang['cannot_change_admin_staff'], $_SERVER['PHP_SELF']);
}
if ($admin) {
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "permission_templates` SET `heskprivileges` = 'ALL',
`categories` = 'ALL' WHERE `id` = " . intval($id));
hesk_process_messages($hesklang['permission_template_now_admin'], $_SERVER['PHP_SELF'], 'SUCCESS');
} else {
// Get default privileges
$res = hesk_dbQuery("SELECT `heskprivileges`, `categories` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "permission_templates`
WHERE `id` = 2");
$row = hesk_dbFetchAssoc($res);
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "permission_templates`
SET `heskprivileges` = '" . hesk_dbEscape($row['heskprivileges']) . "',
`categories` = '" . hesk_dbEscape($row['categories']) . "' WHERE `id` = " . intval($id));
hesk_process_messages($hesklang['permission_template_no_longer_admin'], $_SERVER['PHP_SELF'], 'SUCCESS');
}
hesk_process_messages($hesklang['permission_group_deleted'], $_SERVER['PHP_SELF'], 'SUCCESS');
}
?>