$database = new Database();
$user = new User();
if (isset($_POST['privilege']) && isset($_POST['userId'])) {
$isOk = false;
$userID = $database->escapeString($_POST['userId']);
$privilegeId = $database->escapeString($_POST['privilege']);
if ($_SESSION['USPRID'] == 1) {
$isOk = true;
} else {
if ($_SESSION['USPRID'] == 2) {
$user->setId($userID);
$user->getById($database);
if ($user->getCompanyId() == $_SESSION['CID']) {
$isOk = true;
}
}
}
if ($isOk) {
$user->setPrivilegeId($privilegeId);
$user->setId($userID);
if ($user->changePrivilege()) {
echo "true";
} else {
echo "false";
}
} else {
echo "false";
}
} else {
echo "false";
}
