function prj_addProjectPermission($postVar, $pid, $checkView, $checkWrite, $checkFull) { global $_TABLES; foreach ($postVar as $val) { $val = ppApplyFilter($val, false, false); $ugid = substr($val, 1); $type = substr($val, 0, 1); $sql = "select id from {$_TABLES['prj_projPerms']} "; if ($type == 'G') { $sql .= "where gid='{$ugid}'"; } else { $sql .= "where uid='{$ugid}'"; } $sql .= " and pid='{$pid}' and taskID='0' group by id"; $countRes = DB_query($sql); list($rid) = DB_fetchArray($countRes); $cnt = DB_numRows($countRes); if ($cnt > 0) { //already have a row.. update $sql = "select viewRead,writeChange,fullAccess from {$_TABLES['prj_projPerms']} where id='{$rid}'"; $res = DB_query($sql); list($vr, $wc, $fa) = DB_fetchArray($res); $vr = (bool) ($vr + $checkView); $vr = ppApplyFilter($vr, true, true); $wc = (bool) ($wc + $checkWrite); $wc = ppApplyFilter($wc, true, true); $fa = (bool) ($fa + $checkFull); $fa = ppApplyFilter($fa, true, true); //we're now holding the new booleans for the database $sql = "update {$_TABLES['prj_projPerms']} set viewRead='{$vr}', writeChange='{$wc}', fullAccess='{$fa}' where id='{$rid}'"; DB_query($sql); } else { //no row, insert $vr = (bool) $checkView; $vr = ppApplyFilter($vr, true, true); $wc = (bool) $checkWrite; $wc = ppApplyFilter($wc, true, true); $fa = (bool) $checkFull; $fa = ppApplyFilter($fa, true, true); $sql = "insert into {$_TABLES['prj_projPerms']} (pid, uid, gid, viewRead, writeChange, fullAccess) values("; $sql .= "'{$pid}',"; if ($type == 'U') { $sql .= "'{$ugid}',"; } else { $sql .= "'0',"; } if ($type == 'G') { $sql .= "'{$ugid}',"; } else { $sql .= "'0',"; } $sql .= "'{$vr}',"; $sql .= "'{$wc}',"; $sql .= "'{$fa}'"; $sql .= ")"; DB_query($sql); } } //end foreach prj_pushDownNewPermissions($pid); }
case 'add': //add a permission if ($_CLEAN['checkView'] == 1 or $_CLEAN['checkWrite'] == 1 or $_CLEAN['checkFull'] == 1) { prj_addProjectPermission($_POST['usersandgroups'], $pid, $_CLEAN['checkView'], $_CLEAN['checkWrite'], $_CLEAN['checkFull']); prj_pushDownNewPermissions($pid); prj_sendNotification($pid, '', 1); } break; case 'edit': prj_editProjectPermission($_CLEAN['checkView'], $_CLEAN['checkWrite'], $_CLEAN['checkFull'], $_CLEAN['rid']); prj_pushDownNewPermissions($pid); break; case 'delete': $sql = "delete from {$_TABLES['prj_projPerms']} where id={$_CLEAN['rid']}"; DB_query($sql); prj_pushDownNewPermissions($pid); prj_sendNotification($pid, '', 1); break; } //end switch //******************************************************************* //main display routine... //******************************************************************* $p = new Template($_CONF['path_layout'] . 'nexproject/'); $p->set_file(array('page' => 'projectPermissions.thtml', 'perms' => 'projectPermissionRights.thtml', 'permrec' => 'projectPermRecord.thtml')); $p->set_var('breadcrumb_trail', prj_breadcrumbs(0, $pid, "Permissions", "Permissions")); $p->set_var($pluginLangLabels); $p->set_var('site_url', $_CONF['site_url']); $p->set_var('layout_url', $_CONF['layout_url'] . "/nexproject"); if ($_CLEAN['showUsersVal'] == '') { $p->set_var('showUsersVal', 'true');