<?php /* $Id$ $URL$ */ if (!defined('W2P_BASE_DIR')) { die('You should not access this file directly.'); } // check permissions $perms =& $AppUI->acl(); if (!canEdit('roles')) { $AppUI->redirect('m=public&a=access_denied'); } $del = (int) w2PgetParam($_POST, 'del', 0); $copy_role_id = w2PgetParam($_POST, 'copy_role_id', null); $role = new CRole(); if ($msg = $role->bind($_POST)) { $AppUI->setMsg($msg, UI_MSG_ERROR); $AppUI->redirect(); } if ($del) { if ($role->delete()) { $AppUI->setMsg('Role deleted', UI_MSG_ALERT); } else { $AppUI->setMsg('This Role could not be deleted', UI_MSG_ERROR); } } else { //Reformulated the store method to return the id of the role if sucessful, because the ids are managed by phpGALC //and therefore when we store the role, the role id is empty. So we need the id returned by phpGACL to be able to //copy permissions from other Roles. //If no valid id (by that I mean an integer value) is returned, then we trigger the Error Message $msg (not an integer). if (!(int) ($msg = $role_id = $role->store())) { $AppUI->setMsg($msg, UI_MSG_ERROR);
<?php /* ADMIN $Id: vw_usr_roles.php 4800 2007-03-06 00:34:46Z merlinyoda $ */ global $AppUI, $user_id, $canEdit, $canDelete, $tab; if (!defined('DP_BASE_DIR')) { die('You should not access this file directly.'); } //$roles // Create the roles class container require_once DP_BASE_DIR . "/modules/system/roles/roles.class.php"; $perms =& $AppUI->acl(); $user_roles = $perms->getUserRoles($user_id); $crole = new CRole(); $roles = $crole->getRoles(); // Format the roles for use in arraySelect $roles_arr = array(); foreach ($roles as $role) { $roles_arr[$role['id']] = $role['name']; } ?> <script language="javascript"> <?php // security improvement: // some javascript functions may not appear on client side in case of user not having write permissions // else users would be able to arbitrarily run 'bad' functions if ($canEdit) { ?> function delIt(id) { if (confirm( 'Are you sure you want to delete this role?' )) { var f = document.frmPerms;
<?php /* ROLES $Id$ */ if (!defined('DP_BASE_DIR')) { die('You should not access this file directly.'); } $del = isset($_POST['del']) ? $_POST['del'] : 0; $role = new CRole(); if ($msg = $role->bind($_POST)) { $AppUI->setMsg($msg, UI_MSG_ERROR); $AppUI->redirect(); } if ($del) { if ($msg = $role->delete()) { $AppUI->setMsg($msg, UI_MSG_ERROR); } else { $AppUI->setMsg("Role deleted", UI_MSG_ALERT); } } else { if ($msg = $role->store()) { $AppUI->setMsg($msg, UI_MSG_ERROR); } else { $isNotNew = @$_POST['role_id']; $AppUI->setMsg("Role " . ($isNotNew ? 'updated' : 'inserted'), UI_MSG_OK); } } $AppUI->redirect("m=system&u=roles");