case 'delete': $error = zen_delete_profile($profile); if ($error != '') { $messageStack->add_session($error, 'error'); zen_redirect(zen_href_link(FILENAME_PROFILES)); } else { $messageStack->add(SUCCESS_PROFILE_DELETED, 'success'); unset($action); $profileList = zen_get_profiles(TRUE); } break; case 'insert': $error = zen_create_profile($_POST); if ($error != '') { $messageStack->add($error, 'error'); $pagesByMenu = zen_get_admin_pages(FALSE); $action = 'add'; } else { $messageStack->add_session(SUCCESS_PROFILE_INSERTED, 'success'); zen_redirect(zen_href_link(FILENAME_PROFILES)); } break; case 'update': zen_remove_profile_permits($profile); zen_insert_pages_into_profile($profile, $_POST['p']); $messageStack->add_session(SUCCESS_PROFILE_UPDATED, 'success'); zen_redirect(zen_href_link(FILENAME_PROFILES)); break; case 'update_name': zen_update_profile_name($profile, $_POST['profile-name']); $messageStack->add_session(SUCCESS_PROFILE_NAME_UPDATED, 'success');
function zen_get_admin_menu_for_user() { global $db; if (zen_is_superuser()) { // get all registered admin pages that should appear in the menu $retVal = zen_get_admin_pages(TRUE); } else { // get only those registered pages allowed by the current user's profile $retVal = array(); $sql = "SELECT ap.menu_key, ap.page_key, ap.main_page, ap.page_params, ap.language_key as pageName\n FROM " . TABLE_ADMIN . " a\n LEFT JOIN " . TABLE_ADMIN_PAGES_TO_PROFILES . " ap2p ON ap2p.profile_id = a.admin_profile\n LEFT JOIN " . TABLE_ADMIN_PAGES . " ap ON ap.page_key = ap2p.page_key\n LEFT JOIN " . TABLE_ADMIN_MENUS . " am ON am.menu_key = ap.menu_key\n WHERE a.admin_id = :user:\n AND ap.display_on_menu = 'Y'\n ORDER BY am.sort_order, ap.sort_order"; $sql = $db->bindVars($sql, ':user:'******'admin_id'], 'integer'); $result = $db->Execute($sql); while (!$result->EOF) { $retVal[$result->fields['menu_key']][$result->fields['page_key']] = array('name' => constant($result->fields['pageName']), 'file' => constant($result->fields['main_page']), 'params' => $result->fields['page_params']); $result->MoveNext(); } } return $retVal; }