function on_submit() { $name = Url::get('name', ''); $brief = Url::get('brief', ''); $des = Url::get('des', ''); $id = (int) Url::get('id', 0); if ($brief != '') { $arr = array('name' => $name, 'brief' => $brief, 'des' => $des); if (!in_array($brief, array('root', 'admin', 'mod'))) { if ($id == 0) { $exist = DB::exists("SELECT id FROM user_groups WHERE brief = '{$brief}'"); if (!$exist) { $arr['time_c'] = TIME_NOW; $arr['user_c'] = User::id(); $arr['time_m'] = TIME_NOW; $arr['user_m'] = User::id(); DB::insert('user_groups', $arr); User::get_system_groups(1); Url::redirect_current(); } else { $this->setFormError('', "Nhóm này quyền này đã tồn tại"); } } else { $exist = DB::exists("SELECT id FROM user_groups WHERE brief = '{$brief}' AND id!={$id}"); if (!$exist) { $arr['time_m'] = TIME_NOW; $arr['user_m'] = User::id(); DB::update('user_groups', $arr, "id={$id}"); User::get_system_groups(1); Url::redirect_current(); } else { $this->setFormError('brief', "Định danh cho nhóm này quyền này đã tồn tại!"); } } } else { $this->setFormError('brief', "Định danh cho nhóm này quyền này đã tồn tại!"); } } else { $this->setFormError('name', 'Chưa nhập tên định danh nhóm'); } }
function AdminGrantPerm($row) { Module::Module($row); $cmd = Url::get('cmd'); if (User::is_admin() && User::have_permit('admin_perm')) { switch (Url::get('cmd')) { case 'del_group': $id = (int) Url::get('id', 0); if ($id) { DB::query('DELETE FROM user_groups WHERE id=' . $id); } User::get_system_groups(1); Url::redirect_url(Url::build_all(array('cmd', 'del_group', 'id'))); break; /*case 'delete': $id=(int)Url::get('id',0); if($id) { DB::query('UPDATE account SET gids="0" WHERE id='.$id); User::getUser($id,1,true); } Url::redirect_url(Url::build_all(array('cmd','group_id','id'))); break;*/ /*case 'delete': $id=(int)Url::get('id',0); if($id) { DB::query('UPDATE account SET gids="0" WHERE id='.$id); User::getUser($id,1,true); } Url::redirect_url(Url::build_all(array('cmd','group_id','id'))); break;*/ case 'remove': $group_id = (int) Url::get('group_id', 0); $id = (int) Url::get('id', 0); if (User::is_root() || $group_id != 9) { if ($id) { $user = User::getUser($id); if ($user && $user != '0') { $gids = ''; $groups = User::get_groups($user['gids']); if ($groups) { foreach ($groups as $gid => $group) { if ($group_id != $gid) { $gids .= ($gids ? '|' : '') . $gid; } } } if ($gids == '') { $gids = '0'; } DB::query('UPDATE account SET gids="' . $gids . '" WHERE id=' . $id); } DB::query('DELETE FROM user_permit WHERE type = 1 AND ref_id = ' . $id . ' AND alias = "assign_supplier"'); User::getUser($id, 1, true); } } Url::redirect_url(Url::build_all(array('cmd', 'group_id', 'id'))); break; case 'remove_permit': $pid = Url::get('pid'); $group_id = (int) Url::get('group_id', 0); $groups = User::get_system_groups(); if ($pid != '' && $group_id && isset($groups[$group_id])) { $permit = DB::select('user_permit', 'type=0 AND ref_id=' . $group_id); if ($permit) { $pids = ''; $pid_arr = explode('|', $permit['pids']); if ($pid_arr) { foreach ($pid_arr as $id) { if ($id && $id != $pid) { $pids .= ($pids ? '|' : '') . $id; } } } $permit = array('id' => $permit['id'], 'type' => 0, 'ref_id' => $group_id, 'pids' => $pids); DB::insert('user_permit', $permit, true); } } Url::redirect_current(); break; case 'add_group': case 'edit_group': require_once 'forms/EditGroup.php'; $this->add_form(new EditGroupForm()); break; case 'scan_perm': if (User::is_root()) { require_once 'forms/ScanPermission.php'; $this->add_form(new ScanPermissionForm()); } Url::redirect_current(); break; default: require_once 'forms/ListAdmin.php'; $this->add_form(new ListAdminForm()); break; } } else { Url::access_denied(); } }