<?php
/*
VERSION : 3.0
CODENAME : SENAYAN
AUTHOR :
Code and Programming : ARIE NUGRAHA (hide@address.com)
Database Design : HENDRO WICAKSONO (hide@address.com) & WARDIYONO (hide@address.com)
SENAYAN Library Automation System
Copyright (C) 2007
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program (GPL License.txt); if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
/* User Group Management section */
// start the session
session_start();
require '../../../sysconfig.inc.php';
require SENAYAN_BASE_DIR.'admin/default/session_check.inc.php';
require SIMBIO_BASE_DIR.'simbio_GUI/form_maker/simbio_form_table_AJAX.inc.php';
require SIMBIO_BASE_DIR.'simbio_GUI/template_parser/simbio_template_parser.inc.php';
require SIMBIO_BASE_DIR.'simbio_GUI/table/simbio_table.inc.php';
require SIMBIO_BASE_DIR.'simbio_GUI/paging/simbio_paging.inc.php';
require SIMBIO_BASE_DIR.'simbio_DB/datagrid/simbio_dbgrid.inc.php';
require SIMBIO_BASE_DIR.'simbio_DB/simbio_dbop.inc.php';
// privileges checking
$can_read = utility::havePrivilege('system', 'r');
$can_write = utility::havePrivilege('system', 'w');
if (!$can_read) {
die('<div class="errorBox">'.lang_sys_common_no_privilege.'</div>');
}
/* RECORD OPERATION */
if (isset($_POST['saveData']) AND $can_read AND $can_write) {
$groupName = trim(strip_tags($_POST['groupName']));
// check form validity
if (empty($groupName)) {
utility::jsAlert(lang_sys_conf_group_alert_noempty);
} else {
$data['group_name'] = $dbs->escape_string($groupName);
$data['input_date'] = date('Y-m-d');
$data['last_update'] = date('Y-m-d');
// create sql op object
$sql_op = new simbio_dbop($dbs);
if (isset($_POST['updateRecordID'])) {
/* UPDATE RECORD MODE */
// remove input date
unset($data['input_date']);
// filter update record ID
$updateRecordID = (integer)$_POST['updateRecordID'];
// update the data
$update = $sql_op->update('user_group', $data, 'group_id='.$updateRecordID);
if ($update) {
$dbs->query('DELETE FROM group_access WHERE group_id='.$updateRecordID);
// set group privileges
if (isset($_POST['read'])) {
foreach ($_POST['read'] as $module) {
// check write privileges
$is_write = 0;
if (isset($_POST['write'])) {
foreach ($_POST['write'] as $module_write) {
if ($module_write == $module) {
$is_write = 1;
}
}
}
$dbs->query("INSERT INTO group_access VALUES ($updateRecordID, $module, 1, $is_write)");
}
}
// write log
utility::writeLogs($dbs, 'staff', $_SESSION['uid'], 'system', $_SESSION['realname'].' update group data ('.$groupName.')');
utility::jsAlert(lang_sys_conf_group_alert_update_ok);
echo '<script type="text/javascript">parent.setContent(\'mainContent\', parent.getPreviousAJAXurl(), \'post\');</script>';
} else { utility::jsAlert(lang_sys_conf_group_alert_update_fail."\nDEBUG : ".$sql_op->error); }
exit();
} else {
/* INSERT RECORD MODE */
// insert the data
$insert = $sql_op->insert('user_group', $data);
if ($insert) {
$group_id = $dbs->insert_id;
// set group privileges
if (isset($_POST['read'])) {
foreach ($_POST['read'] as $module) {
// check write privileges
$is_write = 0;
if (isset($_POST['write'])) {
foreach ($_POST['write'] as $module_write) {
if ($module_write == $module) {
$is_write = 1;
}
}
}
$dbs->query("INSERT INTO group_access VALUES ($group_id, $module, 1, $is_write)");
}
}
// write log
utility::writeLogs($dbs, 'staff', $_SESSION['uid'], 'system', $_SESSION['realname'].' add new group ('.$groupName.')');
utility::jsAlert(lang_sys_conf_group_alert_save_ok);
echo '<script type="text/javascript">parent.setContent(\'mainContent\', \''.$_SERVER['PHP_SELF'].'\', \'post\');</script>';
} else { utility::jsAlert(lang_sys_conf_group_alert_save_fail."\n".$sql_op->error); }
exit();
}
}
exit();
} else if (isset($_POST['itemID']) AND !empty($_POST['itemID']) AND isset($_POST['itemAction'])) {
if (!($can_read AND $can_write)) {
die();
}
/* DATA DELETION PROCESS */
$sql_op = new simbio_dbop($dbs);
$failed_array = array();
$error_num = 0;
if (!is_array($_POST['itemID'])) {
// make an array
$_POST['itemID'] = array((integer)$_POST['itemID']);
}
// loop array
foreach ($_POST['itemID'] as $itemID) {
$itemID = (integer)$itemID;
// get group data
$group_q = $dbs->query('SELECT group_name FROM user_group WHERE group_id='.$itemID);
$group_d = $group_q->fetch_row();
if (!$sql_op->delete('user_group', 'group_id='.$itemID)) {
$error_num++;
} else {
// also delete all records related to this data
// delete group privileges
$dbs->query('DELETE FROM group_access WHERE group_id='.$itemID);
// write log
utility::writeLogs($dbs, 'staff', $_SESSION['uid'], 'system', $_SESSION['realname'].' DELETE group ('.$group_d[0].')');
}
}
// error alerting
if ($error_num == 0) {
utility::jsAlert(lang_sys_conf_group_common_alert_delete_success);
echo '<script type="text/javascript">parent.setContent(\'mainContent\', \''.$_SERVER['PHP_SELF'].'?'.$_POST['lastQueryStr'].'\', \'post\');</script>';
} else {
utility::jsAlert(lang_sys_conf_group_common_alert_delete_fail);
echo '<script type="text/javascript">parent.setContent(\'mainContent\', \''.$_SERVER['PHP_SELF'].'?'.$_POST['lastQueryStr'].'\', \'post\');</script>';
}
exit();
}
/* RECORD OPERATION END */
/* search form */
?>
<table id="searchForm" cellpadding="5" cellspacing="0">
<tr>
<td class="imageLeft" valign="top" style="background-image: url(<?php echo $sysconf['admin_template']['dir'].'/'.$sysconf['admin_template']['theme'].'/user_group.png'; ?>)">
<?php echo strtoupper(lang_sys_group); ?> - <a href="#" onclick="setContent('mainContent', '<?php echo MODULES_WEB_ROOT_DIR; ?>/system/user_group.php?action=detail', 'get');" class="headerText2"><?php echo lang_sys_group_new_add; ?></a>
<a href="#" onclick="setContent('mainContent', '<?php echo MODULES_WEB_ROOT_DIR; ?>/system/user_group.php', 'get');" class="headerText2"><?php echo lang_sys_group_list; ?></a>
<hr />
<form name="search" action="blank.html" target="blindSubmit" onsubmit="$('doSearch').click();" id="search" method="get" style="display: inline;"><?php echo lang_sys_common_form_search_field; ?> :
<input type="text" name="keywords" size="30" />
<input type="button" id="doSearch" onclick="setContent('mainContent', '<?php echo MODULES_WEB_ROOT_DIR; ?>system/user_group.php?' + $('search').serialize(), 'post')" value="<?php echo lang_sys_common_form_search; ?>" class="button" />
</form>
</td>
</tr>
</table>
<?php
/* search form end */
/* main content */
if (isset($_POST['detail']) OR (isset($_GET['action']) AND $_GET['action'] == 'detail')) {
if (!($can_read AND $can_write)) {
die('<div class="errorBox">'.lang_sys_common_no_privilege.'</div>');
}
/* RECORD FORM */
$itemID = (integer)isset($_POST['itemID'])?$_POST['itemID']:0;
$rec_q = $dbs->query('SELECT * FROM user_group WHERE group_id='.$itemID);
$rec_d = $rec_q->fetch_assoc();
// create new instance
$form = new simbio_form_table_AJAX('mainForm', $_SERVER['PHP_SELF'].'?'.$_SERVER['QUERY_STRING'], 'post');
$form->submit_button_attr = 'name="saveData" value="'.lang_sys_common_form_save_change.'" class="button"';
// form table attributes
$form->table_attr = 'align="center" id="dataList" style="width: 100%;" cellpadding="5" cellspacing="0"';
$form->table_header_attr = 'class="alterCell" style="font-weight: bold;"';
$form->table_content_attr = 'class="alterCell2"';
// edit mode flag set
if ($rec_q->num_rows > 0) {
$form->edit_mode = true;
// record ID for delete process
$form->record_id = $itemID;
// form record title
$form->record_title = $rec_d['group_name'];
// detail icon
$form->record_detail_icon = SENAYAN_WEB_ROOT_DIR.'admin/'.$sysconf['admin_template']['dir'].'/'.$sysconf['admin_template']['theme'].'/edit_record.png';
// submit button attribute
$form->submit_button_attr = 'name="saveData" value="'.lang_sys_common_form_update.'" class="button"';
}
/* Form Element(s) */
// group
$form->addTextField('text', 'groupName', lang_sys_conf_group_field_name.'*', $rec_d['group_name'], 'style="width: 60%;"');
// privileges
// get group access data
$priv_data = array();
$rec_q = $dbs->query('SELECT * FROM group_access WHERE group_id='.(!empty($rec_d['group_id'])?$rec_d['group_id']:0));
while ($access_data = $rec_q->fetch_assoc()) {
$priv_data[$access_data['module_id']]['r'] = $access_data['r'];
$priv_data[$access_data['module_id']]['w'] = $access_data['w'];
}
$priv_table = '';
include 'module_priv_form.inc.php';
$form->addAnything(lang_sys_conf_group_field_privileges, $priv_table);
// edit mode messagge
if ($form->edit_mode) {
// print out the object
echo '<div class="infoBox">'.lang_sys_conf_group_common_edit_info.' : <b>'.$rec_d['group_name'].'</b> <br />'.lang_sys_conf_group_common_last_update.$rec_d['last_update'].'</div>';
}
echo $form->printOut();
} else {
/* GROUP LIST */
// table spec
$table_spec = 'user_group AS ug';
// create datagrid
$datagrid = new simbio_datagrid();
if ($can_read AND $can_write) {
$datagrid->setSQLColumn('ug.group_id',
'ug.group_name AS \''.lang_sys_conf_group_field_name.'\'',
'ug.last_update AS \''.lang_sys_conf_user_common_last_update.'\'');
} else {
$datagrid->setSQLColumn('ug.group_name AS \''.lang_sys_conf_group_field_name.'\'',
'ug.last_update AS \''.lang_sys_conf_user_common_last_update.'\'');
}
$datagrid->setSQLorder('group_name ASC');
// is there any search
$criteria = 'ug.group_id != 1';
if (isset($_GET['keywords']) AND $_GET['keywords']) {
$keywords = $dbs->escape_string($_GET['keywords']);
$criteria .= " AND ug.group_name LIKE '%$keywords%'";
}
$datagrid->setSQLCriteria($criteria);
// set table and table header attributes
$datagrid->icon_edit = SENAYAN_WEB_ROOT_DIR.'admin/'.$sysconf['admin_template']['dir'].'/'.$sysconf['admin_template']['theme'].'/edit.gif';
$datagrid->table_attr = 'align="center" id="dataList" style="width: 100%;" cellpadding="5" cellspacing="0"';
$datagrid->table_header_attr = 'class="dataListHeader" style="font-weight: bold;"';
// set delete proccess URL
$datagrid->chbox_form_URL = $_SERVER['PHP_SELF'];
// put the result into variables
$datagrid_result = $datagrid->createDataGrid($dbs, $table_spec, 20, ($can_read AND $can_write));
if (isset($_GET['keywords']) AND $_GET['keywords']) {
$msg = str_replace('{result->num_rows}', $datagrid->num_rows, lang_sys_common_search_result_info);
echo '<div class="infoBox">'.$msg.' : "'.$_GET['keywords'].'"</div>';
}
echo $datagrid_result;
}
/* main content end */
?>