include_once 'permissions_functions.inc.php'; include_once 'all_permissions.inc.php'; $group_id = $_SESSION['_gid']; echo $group_id; // --------------------------------------------------- // ACTIONS // --------------------------------------------------- if ($_POST['StoreGroupPermissions'] and $setting_visualisation == 'checkbox') { $result_message = store_permissions('group', $group_id); if ($result_message) { Display::display_normal_message($result_message); } } if (isset($_GET['action'])) { if (($_GET['action'] == 'grant' or $_GET['action'] == 'revoke') and isset($_GET['permission']) and isset($_GET['tool'])) { $result_message = store_one_permission('group', $_GET['action'], $group_id, $_GET['tool'], $_GET['permission']); } if (isset($_GET['role']) and ($_GET['action'] == 'grant' or $_GET['action'] == 'revoke')) { $result_message = assign_role('group', $_GET['action'], $group_id, $_GET['role'], $_GET['scope']); echo 'hier'; } } if (isset($result_message)) { Display::display_normal_message($result_message); } // --------------------------------------------------- // RETRIEVING THE PERMISSIONS // --------------------------------------------------- $current_group_permissions = array(); $current_group_permissions = get_permissions('group', $group_id); // @todo current group permissions and current role permissions
// and we want to keep it that way. $tbl_course_rel_user = $table = Database::get_main_table(TABLE_MAIN_COURSE_USER); $sql = "SELECT user_id FROM {$tbl_course_rel_user} WHERE status = '1' AND course_code = '" . $_SESSION['_cid'] . "'"; $result = Database::query($sql); while ($user = Database::fetch_assoc($result)) { unset($blog_users[$user['user_id']]); } //$user_id=$userIdViewed; if ($mainUserInfo['status'] == 1) { $course_admin = 1; } include_once 'permissions_functions.inc.php'; // ACTIONS if (isset($_GET['do'])) { if (isset($_GET['permission']) and isset($_GET['tool']) and ($_GET['do'] == 'grant' or $_GET['do'] == 'revoke')) { $result_message = store_one_permission('user', $_GET['do'], $_GET['user_id'], $_GET['tool'], $_GET['permission']); } if (isset($_GET['role']) and ($_GET['do'] == 'grant' or $_GET['do'] == 'revoke')) { $result_message = assign_role('user', $_GET['do'], $user_id, $_GET['role'], $_GET['scope']); } } /* if (isset($result_message)) { Display::display_normal_message($result_message); } */ // ------------------------------------------------------------------ // RETRIEVING THE PERMISSIONS OF THE ROLES OF THE USER // ------------------------------------------------------------------ if (api_get_setting('user_roles') == 'true') {
// storing all the permission for a given role when the checkbox approach is used if ($_POST['StoreRolePermissions']) { if (!empty($_POST['role_name'])) { $table_role = Database::get_course_table(TABLE_ROLE); $sql = "INSERT INTO {$table_role} (role_name, role_comment, default_role)\n\t\t\t\t\tVALUES ('" . Database::escape_string($_POST['role_name']) . "','" . Database::escape_string($_POST['role_comment']) . "','" . Database::escape_string($_POST['default_role']) . "')"; $result = Database::query($sql); $role_id = Database::insert_id(); $result_message = store_permissions('role', $role_id); } else { $result_message = get_lang('ErrorPleaseGiveRoleName'); } } // storing a permission for a given role when the image approach is used if (isset($_GET['action']) and isset($_GET['permission']) and isset($_GET['tool'])) { if ($_GET['action'] == 'grant' or $_GET['action'] == 'revoke') { $result_message = store_one_permission('role', $_GET['action'], $role_id, $_GET['tool'], $_GET['permission']); } } // deleting a role if (isset($_GET['action']) and isset($_GET['role_id']) and $_GET['action'] == 'delete') { //deleting the assignments fo this role: users $table = Database::get_course_table(TABLE_ROLE_USER); $sql = "DELETE FROM {$table} WHERE role_id='" . Database::escape_string($_GET['role_id']) . "'"; $result = Database::query($sql); // deleting the assignments of this role: groups $table = Database::get_course_table(TABLE_ROLE_GROUP); $sql = "DELETE FROM {$table} WHERE role_id='" . Database::escape_string($_GET['role_id']) . "'"; $result = Database::query($sql); // deleting the permissions of this role $table = Database::get_course_table(TABLE_ROLE_PERMISSION); $sql = "DELETE FROM {$table} WHERE role_id='" . Database::escape_string($_GET['role_id']) . "'";