function _set_users($action, $userid, $groupid)
{
switch ($action) {
case 'add':
if (isset($userid) and isset($groupid)) {
$add_query = "INSERT INTO exhibit_UserGroups " . "(UserID,GroupID) " . "VALUES ('" . $userid . "', '" . $groupid . "')";
__query($add_query, "", "");
} else {
_page_section("error.png", "Could not add group, invalid data.");
}
break;
case 'delete':
if (isset($groupid)) {
$delete_query = "DELETE FROM exhibit_UserGroups WHERE UserID=" . $userid . " AND GroupID=" . $groupid;
__query($delete_query, "", "");
} else {
_page_section("error.png", "Could not delete group, no groupid given");
}
break;
default:
_page_section("error.png", "Whoops. Did not understand what to do");
break;
}
_display_users();
}
$userid = $_REQUEST['userid'];
$subaction = $_REQUEST['subaction'];
switch ($subaction) {
case ' ADD GROUP ':
_page_sechead("exhibit.png", "User Management");
_set_users("add", $userid, $groupid);
break;
case ' DELETE ':
_page_sechead("exhibit.png", "User Management");
_set_users("delete", $userid, $groupid);
break;
default:
_page_sechead("exhibit.png", "User Management");
break;
}
_display_users();
break;
case 'rolls':
default:
$roll = $_REQUEST['roll'];
$library = $_REQUEST['library'];
$public = $_REQUEST['public'];
$group = $_REQUEST['group'];
if (!isset($roll) and !isset($library)) {
_page_sechead("exhibit.png", "Roll Management");
_display_permissions();
} elseif (isset($public) and isset($group)) {
_page_sechead("exhibit.png", "Roll Management");
_set_permissions($roll, $library, $public, $group);
} else {
_page_sechead("error.png", "An error occurred updating permissions.");
