public function execute() { $action = 'browse'; if (isset($_GET['action'])) { $action = $_GET['action']; } if (strcmp($action, 'browse') == 0) { $this->groups = DbGroup::GetAll(); $this->view = GroupsAdministrationAction::$BrowseGroups; } else { if (strcmp($action, 'new_group') == 0) { $this->view = GroupsAdministrationAction::$NewGroupForm; } else { if (strcmp($action, 'add_group') == 0) { if (isset($_POST['group_name'])) { $group_name = $_POST['group_name']; //only contains the ID of the permissions $group_perms = array(); $permissions = $this->permissions->getPermissions(); foreach ($permissions as $perm) { if (isset($_POST[$perm->name])) { $value = $_POST[$perm->name]; if (strcmp($value, 'on') == 0) { $group_perms[] = $perm->id; } } } $group = DbGroup::Add($group_name); $g_id = $group->id; foreach ($group_perms as $p_id) { DbGroup::AddPermission($g_id, $p_id); } $this->addAlert(Alert::CreateSuccess('Success', 'Group added.')); } $this->reexecute(array('action' => 'browse')); } else { if (strcmp($action, 'permissions') == 0) { $this->mustHavePermission('manage_permissions'); $this->view = GroupsAdministrationAction::$BrowsePermissions; } else { if (strcmp($action, 'edit_permission') == 0) { $this->mustHavePermission('manage_permissions'); if (isset($_GET['perm_id'])) { $this->permission = DbPermission::GetById($_GET['perm_id']); $this->view = GroupsAdministrationAction::$EditPermissionForm; if ($this->permission->isNull()) { $this->addAlert(Alert::CreateDanger('Error', 'Invalid Permission.')); $this->reexecute(array('action' => 'permissions')); } } else { $this->reexecute(array('action' => 'permissions')); } } else { if (strcmp($action, 'save_permission') == 0) { $this->mustHavePermission('manage_permissions'); if (isset($_POST['perm_id']) && isset($_POST['perm_name']) && isset($_POST['perm_value']) && isset($_POST['perm_desc'])) { $perm_id = $_POST['perm_id']; $perm = DbPermission::GetById($perm_id); if (!$perm->isNull()) { $perm->name = $_POST['perm_name']; $perm->value = $_POST['perm_value']; $perm->description = $_POST['perm_desc']; DbPermission::Update($perm); $this->addAlert(Alert::CreateSuccess('Success', 'Permission saved.')); $this->reloadPermissions(); } else { $this->addAlert(Alert::CreateDanger('Error', 'Invalid Permission.')); } } $this->reexecute(array('action' => 'permissions')); } else { if (strcmp($action, 'new_permission') == 0) { $this->mustHavePermission('manage_permissions'); $this->view = GroupsAdministrationAction::$NewPermissionForm; } else { if (strcmp($action, 'add_permission') == 0) { $this->mustHavePermission('manage_permissions'); if (isset($_POST['perm_name']) && isset($_POST['perm_value']) && isset($_POST['perm_desc'])) { $perm = new Permission(); $perm->name = $_POST['perm_name']; $perm->value = $_POST['perm_value']; $perm->description = $_POST['perm_desc']; DbPermission::Add($perm); $this->addAlert(Alert::CreateSuccess('Success', 'Permission added.')); $this->reloadPermissions(); } $this->reexecute(array('action' => 'permissions')); } else { if (strcmp($action, 'edit_group') == 0) { if (isset($_GET['group_id'])) { $this->group = DbGroup::GetById($_GET['group_id']); $this->view = GroupsAdministrationAction::$EditGroupForm; } else { $this->reexecute(array('action' => 'browse')); } } else { if (strcmp($action, 'save_group') == 0) { if (isset($_POST['group_id']) && isset($_POST['group_name'])) { $group_id = $_POST['group_id']; $group_name = $_POST['group_name']; $perm_id = array(); $permissions = $this->permissions->getPermissions(); foreach ($permissions as $perm) { if (isset($_POST[$perm->name])) { $value = $_POST[$perm->name]; if (strcmp($value, 'on') == 0) { $perm_id[] = $perm->id; } } } $group = DbGroup::GetById($group_id); if (!$group->isNull()) { $group->name = $group_name; DbGroup::Update($group); DbGroup::RemovePermissions($group->id); foreach ($perm_id as $p_id) { DbGroup::AddPermission($group->id, $p_id); } $this->addAlert(Alert::CreateSuccess('Success', 'Group modified.')); } else { $this->addAlert(Alert::CreateDanger('Error', 'Invalid Group')); } } $this->reexecute(array('action' => 'browse')); } else { if (strcmp($action, 'delete_group') == 0) { if (isset($_GET['group_id'])) { $group_id = $_GET['group_id']; DbGroup::Delete($group_id); $this->addAlert(Alert::CreateSuccess('Success', 'Group deleted.')); } $this->reexecute(array('action' => 'browse')); } else { if (strcmp($action, 'delete_permission') == 0) { if (isset($_GET['permission_id'])) { $perm_id = $_GET['permission_id']; DbPermission::Delete($perm_id); $this->reloadPermissions(); $this->addAlert(Alert::CreateSuccess('Success', 'Permission deleted.')); } $this->reexecute(array('action' => 'permissions')); } } } } } } } } } } } } }
public function __construct($constraints = array()) { $this->alerts = array(); $this->alertRenderer = new AlertRenderer(); if (isset($_SESSION['alerts'])) { //fetching alerts //clearing them when they are show $this->alerts = $_SESSION['alerts']; } $this->constraints = $constraints; $this->user = new User(); //todo //do some methhods for getBoolConstraint, and other data type $no_redirect = $this->getConstraint('no_redirect'); if (is_int($no_redirect)) { $no_redirect = false; } else { $no_redirect = $no_redirect->value; } //loading settings $settings = DbSetting::GetAll(); $this->settings = new SettingContainer($settings); if ($this->settings->size() == 0) { $this->initSettings(); } if (isset($_SESSION['user_id'])) { $user_id = $_SESSION['user_id']; $this->user->id = $user_id; $user = DbUser::GetById($user_id); $perms = DbPermission::GetAll(); $this->permissions = new PermissionContainer($perms); if (!$user->isNull()) { $this->user = $user; //loading permissions $userPermissions = DbGroup::GetUserPermissions($this->user->id); $this->userPermissions = $userPermissions->getPermissionsInt(); if ($this->user->isClearPassword()) { //force a password change //todo $no_change = $this->getConstraint("no_change_password"); if (!is_int($no_change)) { if (!$no_change->value) { header('location: change_password.php'); } } else { header('location: change_password.php'); } } } else { //sending the user directly to the login if (!$no_redirect) { header('location: login.php'); } } } else { //sending the user directly to the login if (!$no_redirect) { header('location: login.php'); } } }
public static function Delete($p_id) { DbPermission::RemoveFromAllGroup($p_id); $con = new DbConnection(); $query = "DELETE FROM permissions WHERE permission_id = ?"; $st = $con->prepare($query); $st->bind_param("i", $p_id); $st->execute(); $con->close(); }