}
} else {
$surveysecurity .= "<tr><td colspan='18'></td></tr>"; //fix error on empty table
}
$surveysecurity .= "</tbody>\n"
. "</table>\n"
. "<form class='form44' action='$scriptname?sid={$surveyid}' method='post'><ul>\n"
. "<li><label for='uidselect'>".$clang->gT("User").": </label><select id='uidselect' name='uid'>\n"
. sGetSurveyUserlist(false,false)
. "</select>\n"
. "<input style='width: 15em;' type='submit' value='".$clang->gT("Add User")."' onclick=\"if (document.getElementById('uidselect').value == -1) {alert('".$clang->gT("Please select a user first","js")."'); return false;}\"/>"
. "<input type='hidden' name='action' value='addsurveysecurity' />"
. "</li></ul></form>\n"
. "<form class='form44' action='$scriptname?sid={$surveyid}' method='post'><ul><li>\n"
. "<label for='ugidselect'>".$clang->gT("Groups").": </label><select id='ugidselect' name='ugid'>\n"
. getsurveyusergrouplist()
. "</select>\n"
. "<input style='width: 15em;' type='submit' value='".$clang->gT("Add User Group")."' onclick=\"if (document.getElementById('ugidselect').value == -1) {alert('".$clang->gT("Please select a user group first","js")."'); return false;}\" />"
. "<input type='hidden' name='action' value='addusergroupsurveysecurity' />\n"
. "</li></ul></form>";
}
else
{
include("access_denied.php");
}
}
elseif ($action == "surveyrights")
{
$addsummary = "<div class='header ui-widget-header'>".$clang->gT("Edit survey permissions")."</div>\n";
$insert = "<div class=\"ui-icon ui-icon-check\"> </div>";
} elseif ($iCount > 0) {
$insert = "<div class=\"ui-icon ui-icon-check mixed\"> </div>";
} else {
$insert = "<div> </div>";
}
$surveysecurity .= "<td align=\"center\">\n{$insert}\n</td>\n";
}
$surveysecurity .= "</tr>\n";
$row++;
}
} else {
$surveysecurity .= "<tr><td colspan='18'></td></tr>";
//fix error on empty table
}
$surveysecurity .= "</tbody>\n" . "</table>\n" . "<form class='form44' action='{$scriptname}?sid={$surveyid}' method='post'><ul>\n" . "<li><label for='uidselect'>" . $clang->gT("User") . ": </label><select id='uidselect' name='uid'>\n" . sGetSurveyUserlist(false, false) . "</select>\n" . "<input style='width: 15em;' type='submit' value='" . $clang->gT("Add User") . "' onclick=\"if (document.getElementById('uidselect').value == -1) {alert('" . $clang->gT("Please select a user first", "js") . "'); return false;}\"/>" . "<input type='hidden' name='action' value='addsurveysecurity' />" . "</li></ul></form>\n" . "<form class='form44' action='{$scriptname}?sid={$surveyid}' method='post'><ul><li>\n" . "<label for='ugidselect'>" . $clang->gT("Groups") . ": </label><select id='ugidselect' name='ugid'>\n" . getsurveyusergrouplist() . "</select>\n" . "<input style='width: 15em;' type='submit' value='" . $clang->gT("Add User Group") . "' onclick=\"if (document.getElementById('ugidselect').value == -1) {alert('" . $clang->gT("Please select a user group first", "js") . "'); return false;}\" />" . "<input type='hidden' name='action' value='addusergroupsurveysecurity' />\n" . "</li></ul></form>";
} else {
include "access_denied.php";
}
} elseif ($action == "surveyrights") {
$addsummary = "<div class='header ui-widget-header'>" . $clang->gT("Edit survey permissions") . "</div>\n";
$addsummary .= "<div class='messagebox ui-corner-all'>\n";
if (isset($postuserid)) {
$query = "SELECT sid, owner_id FROM " . db_table_name('surveys') . " WHERE sid = {$surveyid}";
if ($_SESSION['USER_RIGHT_SUPERADMIN'] != 1) {
$query .= " AND owner_id != {$postuserid} AND owner_id = " . $_SESSION['loginID'];
}
} else {
$sQuery = "SELECT owner_id FROM " . db_table_name('surveys') . " WHERE sid = {$surveyid}";
if ($_SESSION['USER_RIGHT_SUPERADMIN'] != 1) {
$query .= " AND owner_id = " . $_SESSION['loginID'];
$exportstructure .= "</form>\n";
} else {
include 'dumpquestion.php';
}
}
if ($action == "surveysecurity") {
if (bHasRight($surveyid)) {
$js_admin_includes[] = '../scripts/jquery/jquery.tablesorter.min.js';
$js_admin_includes[] = 'scripts/surveysecurity.js';
$query2 = "SELECT a.*, b.users_name, b.full_name FROM " . db_table_name('surveys_rights') . " AS a INNER JOIN " . db_table_name('users') . " AS b ON a.uid = b.uid WHERE a.sid = {$surveyid} AND b.uid != " . $_SESSION['loginID'] . " ORDER BY b.users_name";
$result2 = db_execute_assoc($query2);
//Checked
$surveysecurity = "<div class='header'>" . $clang->gT("Survey Security") . "</div>\n";
$surveysecurity .= "<table class='surveysecurity'><thead>" . "<tr>\n" . "<th>" . $clang->gT("Username") . "</th>\n" . "<th>" . $clang->gT("User Group") . "</th>\n" . "<th>" . $clang->gT("Full name") . "</th>\n" . "<th align=\"center\"><img src=\"{$imagefiles}/help.gif\" alt=\"" . $clang->gT("Edit Survey Property") . "\"></th>\n" . "<th align=\"center\"><img src=\"{$imagefiles}/help.gif\" alt=\"" . $clang->gT("Define Questions") . "\"></th>\n" . "<th align=\"center\"><img src=\"{$imagefiles}/help.gif\" alt=\"" . $clang->gT("Browse Response") . "\"></th>\n" . "<th align=\"center\"><img src=\"{$imagefiles}/help.gif\" alt=\"" . $clang->gT("Export") . "\"></th>\n" . "<th align=\"center\"><img src=\"{$imagefiles}/help.gif\" alt=\"" . $clang->gT("Delete Survey") . "\"></th>\n" . "<th align=\"center\"><img src=\"{$imagefiles}/help.gif\" alt=\"" . $clang->gT("Activate Survey") . "\"></th>\n" . "<th>" . $clang->gT("Action") . "</th>\n" . "</tr></thead>\n";
$style = "style='width: 15em;'";
$surveysecurity .= "<tfoot>\n" . "<tr>\n" . "<td colspan='9' align='right'>" . "<form action='{$scriptname}?sid={$surveyid}' method='post'>\n" . "<strong>" . $clang->gT("User") . ": </strong><select id='uidselect' name='uid'>\n" . getsurveyuserlist() . "</select>\n" . "<input {$style} type='submit' value='" . $clang->gT("Add User") . "' onclick=\"if (document.getElementById('uidselect').value == -1) {alert('" . $clang->gT("Please select a user first", "js") . "'); return false;}\"/>" . "<input type='hidden' name='action' value='addsurveysecurity' />" . "</form>\n" . "</td>\n" . "<td></td>\n" . "</tr>\n" . "<tr>\n" . "<td colspan='9' align='right'>" . "<form action='{$scriptname}?sid={$surveyid}' method='post'>\n" . "<strong>" . $clang->gT("Groups") . ": </strong><select id='ugidselect' name='ugid'>\n" . getsurveyusergrouplist() . "</select>\n" . "<input {$style} type='submit' value='" . $clang->gT("Add User Group") . "' onclick=\"if (document.getElementById('ugidselect').value == -1) {alert('" . $clang->gT("Please select a user group first", "js") . "'); return false;}\" />" . "<input type='hidden' name='action' value='addusergroupsurveysecurity' />\n" . "</form>\n" . "</td>\n" . "<td></td>\n" . "</tr></tfoot>\n";
if (isset($usercontrolSameGroupPolicy) && $usercontrolSameGroupPolicy == true) {
$authorizedGroupsList = getusergrouplist('simplegidarray');
}
$surveysecurity .= "<tbody>\n";
if ($result2->RecordCount() > 0) {
// output users
$row = 0;
while ($resul2row = $result2->FetchRow()) {
$query3 = "SELECT a.ugid FROM " . db_table_name('user_in_groups') . " AS a RIGHT OUTER JOIN " . db_table_name('users') . " AS b ON a.uid = b.uid WHERE b.uid = " . $resul2row['uid'];
$result3 = db_execute_assoc($query3);
//Checked
while ($resul3row = $result3->FetchRow()) {
if (!isset($usercontrolSameGroupPolicy) || $usercontrolSameGroupPolicy == false || in_array($resul3row['ugid'], $authorizedGroupsList)) {
$group_ids[] = $resul3row['ugid'];
}