if ($action == "surveysecurity") {
if (bHasSurveyPermission($surveyid, 'survey', 'read')) {
$aBaseSurveyPermissions = aGetBaseSurveyPermissions();
$js_admin_includes[] = '../scripts/jquery/jquery.tablesorter.min.js';
$js_admin_includes[] = 'scripts/surveysecurity.js';
$query2 = "SELECT p.sid, p.uid, u.users_name, u.full_name FROM " . db_table_name('survey_permissions') . " AS p INNER JOIN " . db_table_name('users') . " AS u ON p.uid = u.uid\n WHERE p.sid = {$surveyid} AND u.uid != " . $_SESSION['loginID'] . "\n GROUP BY p.sid, p.uid, u.users_name, u.full_name\n ORDER BY u.users_name";
$result2 = db_execute_assoc($query2);
//Checked
$surveysecurity = "<div class='header ui-widget-header'>" . $clang->gT("Survey permissions") . "</div>\n" . "<table class='surveysecurity'><thead>" . "<tr>\n" . "<th>" . $clang->gT("Action") . "</th>\n" . "<th>" . $clang->gT("Username") . "</th>\n" . "<th>" . $clang->gT("User Group") . "</th>\n" . "<th>" . $clang->gT("Full name") . "</th>\n";
foreach ($aBaseSurveyPermissions as $sPermission => $aSubPermissions) {
$surveysecurity .= "<th align=\"center\"><img src=\"{$imageurl}/{$aSubPermissions['img']}_30.png\" alt=\"<span style='font-weight:bold;'>" . $aSubPermissions['title'] . "</span><br />" . $aSubPermissions['description'] . "\" /></th>\n";
}
$surveysecurity .= "</tr></thead>\n";
// Foot first
if (isset($usercontrolSameGroupPolicy) && $usercontrolSameGroupPolicy == true) {
$authorizedGroupsList = getusergrouplist('simplegidarray');
}
$surveysecurity .= "<tbody>\n";
if ($result2->RecordCount() > 0) {
// output users
$row = 0;
while ($PermissionRow = $result2->FetchRow()) {
$query3 = "SELECT a.ugid FROM " . db_table_name('user_in_groups') . " AS a RIGHT OUTER JOIN " . db_table_name('users') . " AS b ON a.uid = b.uid WHERE b.uid = " . $PermissionRow['uid'];
$result3 = db_execute_assoc($query3);
//Checked
while ($resul3row = $result3->FetchRow()) {
if (!isset($usercontrolSameGroupPolicy) || $usercontrolSameGroupPolicy == false || in_array($resul3row['ugid'], $authorizedGroupsList)) {
$group_ids[] = $resul3row['ugid'];
}
}
if (isset($group_ids) && $group_ids[0] != NULL) {
function getsurveyusergrouplist($outputformat = 'htmloptions')
{
global $surveyid, $dbprefix, $scriptname, $connect, $clang, $usercontrolSameGroupPolicy;
$surveyid = sanitize_int($surveyid);
$surveyidquery = "SELECT a.ugid, a.name, MAX(d.ugid) AS da FROM " . db_table_name('user_groups') . " AS a LEFT JOIN (SELECT b.ugid FROM " . db_table_name('user_in_groups') . " AS b LEFT JOIN (SELECT * FROM " . db_table_name('survey_permissions') . " WHERE sid = {$surveyid}) AS c ON b.uid = c.uid WHERE c.uid IS NULL) AS d ON a.ugid = d.ugid GROUP BY a.ugid, a.name HAVING MAX(d.ugid) IS NOT NULL";
$surveyidresult = db_execute_assoc($surveyidquery);
//Checked
if (!$surveyidresult) {
return "Database Error";
}
$surveyselecter = "";
$surveynames = $surveyidresult->GetRows();
if (isset($usercontrolSameGroupPolicy) && $usercontrolSameGroupPolicy == true) {
$authorizedGroupsList = getusergrouplist('simplegidarray');
}
if ($surveynames) {
foreach ($surveynames as $sv) {
if (!isset($usercontrolSameGroupPolicy) || $usercontrolSameGroupPolicy == false || in_array($sv['ugid'], $authorizedGroupsList)) {
$surveyselecter .= "<option";
$surveyselecter .= " value='{$sv['ugid']}'>{$sv['name']}</option>\n";
$simpleugidarray[] = $sv['ugid'];
}
}
}
if (!isset($svexist)) {
$surveyselecter = "<option value='-1' selected='selected'>" . $clang->gT("Please choose...") . "</option>\n" . $surveyselecter;
} else {
$surveyselecter = "<option value='-1'>" . $clang->gT("None") . "</option>\n" . $surveyselecter;
}
if ($outputformat == 'simpleugidarray') {
return $simpleugidarray;
} else {
return $surveyselecter;
}
}
} else {
$usergroupsummary .= "<img src='{$imageurl}/blank.gif' alt='' width='40' height='20' />\n";
}
$usergroupsummary .= "<img src='{$imageurl}/blank.gif' alt='' width='78' height='20' />\n" . "<img src='{$imageurl}/seperator.gif' alt='' />\n";
if ($ugid && $grpresultcount > 0 && $_SESSION['loginID'] == $grow['owner_id']) {
$usergroupsummary .= "<a href=\"#\" onclick=\"window.location='{$scriptname}?action=editusergroup&ugid={$ugid}'\"" . " title='" . $clang->gTview("Edit Current User Group") . "'>" . "<img src='{$imageurl}/edit.png' alt='" . $clang->gT("Edit Current User Group") . "' name='EditUserGroup' /></a>\n";
} else {
$usergroupsummary .= "<img src='{$imageurl}/blank.gif' alt='' width='40' height='20' />\n";
}
if ($ugid && $grpresultcount > 0 && $_SESSION['loginID'] == $grow['owner_id']) {
// $usergroupsummary .= "<a href='$scriptname?action=delusergroup&ugid=$ugid' onclick=\"return confirm('".$clang->gT("Are you sure you want to delete this entry?","js")."')\""
$usergroupsummary .= "<a href='#' onclick=\"if (confirm('" . $clang->gT("Are you sure you want to delete this entry?", "js") . "')) {" . get2post("{$scriptname}?action=delusergroup&ugid={$ugid}") . "}\" " . "title='" . $clang->gTview("Delete Current User Group") . "'>" . "<img src='{$imageurl}/delete.png' alt='" . $clang->gT("Delete Current User Group") . "' name='DeleteUserGroup' /></a>\n";
} else {
$usergroupsummary .= "<img src='{$imageurl}/blank.gif' alt='' width='40' height='20' />\n";
}
$usergroupsummary .= "<img src='{$imageurl}/blank.gif' alt='' width='92' height='20' />\n" . "<img src='{$imageurl}/seperator.gif' alt='' />\n" . "</div>\n" . "<div class='menubar-right'>\n" . "<font class=\"boxcaption\">" . $clang->gT("User Groups") . ":</font> <select name='ugid' " . "onchange=\"window.location=this.options[this.selectedIndex].value\">\n" . getusergrouplist() . "</select>\n";
if ($_SESSION['USER_RIGHT_SUPERADMIN'] == 1) {
$usergroupsummary .= "<a href='{$scriptname}?action=addusergroup'" . " title='" . $clang->gTview("Add New User Group") . "'>" . "<img src='{$imageurl}/add.png' alt='" . $clang->gT("Add New User Group") . "' " . "name='AddNewUserGroup' onclick=\"window.location=''\" /></a>\n";
}
$usergroupsummary .= "<img src='{$imageurl}/seperator.gif' alt='' />\n" . "<img src='{$imageurl}/blank.gif' alt='' width='82' height='20' />\n" . "</div></div>\n" . "</div>\n";
$usergroupsummary .= "<p style='margin:0;font-size:1px;line-height:1px;height:1px;'> </p>";
//CSS Firefox 2 transition fix
}
if ($action == "adduser" || $action == "deluser" || $action == "finaldeluser" || $action == "moduser" || $action == "userrights" || $action == "usertemplates") {
include "usercontrol.php";
}
if ($action == "setusertemplates") {
refreshtemplates();
$usersummary = "\n<form action='{$scriptname}' method='post'>\n\t\n <div class='header ui-widget-header'>" . $clang->gT('Edit template permissions') . "</div>\n\n <table id=\"user-template-rights\" width='50%' border='0' cellpadding='3' style='margin:5px auto 0 auto;'>\n\n\t<thead>\n\n\t\t<tr>\n\n\t\t<th colspan=\"2\" style=\"background-color:#000; color:#fff;\">\n" . $clang->gT('Set templates that this user may access') . ': ' . $_POST['user'] . "</th>\n\n\t\t</tr>\n";
$userlist = getuserlist();
foreach ($userlist as $usr) {
// $usergroupsummary .= "<a href='$scriptname?action=delusergroup&ugid=$ugid' onclick=\"return confirm('".$clang->gT("Are you sure you want to delete this entry?","js")."')\""
$usergroupsummary .= "<a href='#' onclick=\"if (confirm('".$clang->gT("Are you sure you want to delete this entry?","js")."')) {".get2post("$scriptname?action=delusergroup&ugid=$ugid")."}\" "
. "title='".$clang->gTview("Delete Current User Group")."'>"
. "<img src='$imageurl/delete.png' alt='".$clang->gT("Delete Current User Group")."' name='DeleteUserGroup' /></a>\n";
}
else
{
$usergroupsummary .= "<img src='$imageurl/blank.gif' alt='' width='40' height='20' />\n";
}
$usergroupsummary .= "<img src='$imageurl/blank.gif' alt='' width='92' height='20' />\n"
. "<img src='$imageurl/seperator.gif' alt='' />\n"
. "</div>\n"
. "<div class='menubar-right'>\n"
. "<font class=\"boxcaption\">".$clang->gT("User Groups").":</font> <select name='ugid' "
. "onchange=\"window.location=this.options[this.selectedIndex].value\">\n"
. getusergrouplist()
. "</select>\n";
if ($_SESSION['USER_RIGHT_SUPERADMIN'] == 1)
{
$usergroupsummary .= "<a href='$scriptname?action=addusergroup'"
." title='".$clang->gTview("Add New User Group")."'>"
."<img src='$imageurl/add.png' alt='".$clang->gT("Add New User Group")."' "
."name='AddNewUserGroup' onclick=\"window.location=''\" /></a>\n";
}
$usergroupsummary .= "<img src='$imageurl/seperator.gif' alt='' />\n"
. "<img src='$imageurl/blank.gif' alt='' width='82' height='20' />\n"
. "</div></div>\n"
. "</div>\n";
$usergroupsummary .= "<p style='margin:0;font-size:1px;line-height:1px;height:1px;'> </p>"; //CSS Firefox 2 transition fix
function getsurveyusergrouplist($outputformat = 'htmloptions')
{
global $surveyid, $dbprefix, $scriptname, $connect, $clang, $usercontrolSameGroupPolicy;
$surveyid = sanitize_int($surveyid);
//$surveyidquery = "SELECT a.ugid, a.name, MAX(d.ugid) AS da FROM ".db_table_name('user_groups')." AS a LEFT JOIN (SELECT b.ugid FROM ".db_table_name('user_in_groups')." AS b LEFT JOIN (SELECT * FROM ".db_table_name('surveys_rights')." WHERE sid = {$surveyid}) AS c ON b.uid = c.uid WHERE c.uid IS NULL) AS d ON a.ugid = d.ugid GROUP BY a.ugid, a.name HAVING da IS NOT NULL";
//n.b: the original query (above) uses 'da' in the HAVING clause. MS SQL Server doesn't like that, and forces you to redeclare the expression used in the select. Stupid, stupid, SQL Server.
// I'm hoping this will not bork MySQL. If it does, we'll need to drop a switch in here.
$surveyidquery = "SELECT a.ugid, a.name, MAX(d.ugid) AS da FROM " . db_table_name('user_groups') . " AS a LEFT JOIN (SELECT b.ugid FROM " . db_table_name('user_in_groups') . " AS b LEFT JOIN (SELECT * FROM " . db_table_name('surveys_rights') . " WHERE sid = {$surveyid}) AS c ON b.uid = c.uid WHERE c.uid IS NULL) AS d ON a.ugid = d.ugid GROUP BY a.ugid, a.name HAVING MAX(d.ugid) IS NOT NULL";
$surveyidresult = db_execute_assoc($surveyidquery);
//Checked
if (!$surveyidresult) {
return "Database Error";
}
$surveyselecter = "";
$surveynames = $surveyidresult->GetRows();
if (isset($usercontrolSameGroupPolicy) && $usercontrolSameGroupPolicy == true) {
$authorizedGroupsList = getusergrouplist('simplegidarray');
}
if ($surveynames) {
foreach ($surveynames as $sv) {
if (!isset($usercontrolSameGroupPolicy) || $usercontrolSameGroupPolicy == false || in_array($sv['ugid'], $authorizedGroupsList)) {
$surveyselecter .= "<option";
$surveyselecter .= " value='{$sv['ugid']}'>{$sv['name']}</option>\n";
$simpleugidarray[] = $sv['ugid'];
}
}
}
if (!isset($svexist)) {
$surveyselecter = "<option value='-1' selected='selected'>" . $clang->gT("Please Choose...") . "</option>\n" . $surveyselecter;
} else {
$surveyselecter = "<option value='-1'>" . $clang->gT("None") . "</option>\n" . $surveyselecter;
}
if ($outputformat == 'simpleugidarray') {
return $simpleugidarray;
} else {
return $surveyselecter;
}
}
