2 /* vim: set expandtab sw=4 ts=4 sts=4: */
4 * set of functions for user group handling
9 if (! defined('PHPMYADMIN')) {
14 * Return HTML to list the users belonging to a given user group
16 * @param string $userGroup user group name
18 * @return string HTML to list the users belonging to a given user group
20 function PMA_getHtmlForListingUsersofAGroup($userGroup)
23 . sprintf(__('Users of \'%s\' user group'), htmlspecialchars($userGroup))
26 $usersTable = PMA_Util
::backquote($GLOBALS['cfg']['Server']['pmadb'])
27 . "." . PMA_Util
::backquote($GLOBALS['cfg']['Server']['users']);
28 $sql_query = "SELECT `username` FROM " . $usersTable
29 . " WHERE `usergroup`='" . PMA_Util
::sqlAddSlashes($userGroup) . "'";
30 $result = PMA_queryAsControlUser($sql_query, false);
32 if ($GLOBALS['dbi']->numRows($result) == 0) {
34 . __('No users were found belonging to this user group.')
37 $html_output .= '<table>'
38 . '<thead><tr><th>#</th><th>' . __('User') . '</th></tr></thead>'
41 while ($row = $GLOBALS['dbi']->fetchRow($result)) {
43 $html_output .= '<tr>'
44 . '<td>' . $i . ' </td>'
45 . '<td>' . htmlspecialchars($row[0]) . '</td>'
48 $html_output .= '</tbody>'
52 $GLOBALS['dbi']->freeResult($result);
57 * Returns HTML for the 'user groups' table
59 * @return string HTML for the 'user groups' table
61 function PMA_getHtmlForUserGroupsTable()
63 $tabs = PMA_Util
::getMenuTabList();
65 $html_output = '<h2>' . __('User groups') . '</h2>';
66 $groupTable = PMA_Util
::backquote($GLOBALS['cfg']['Server']['pmadb'])
67 . "." . PMA_Util
::backquote($GLOBALS['cfg']['Server']['usergroups']);
68 $sql_query = "SELECT * FROM " . $groupTable . " ORDER BY `usergroup` ASC";
69 $result = PMA_queryAsControlUser($sql_query, false);
71 if ($result && $GLOBALS['dbi']->numRows($result)) {
72 $html_output .= '<form name="userGroupsForm" id="userGroupsForm"'
73 . ' action="server_privileges.php" method="post">';
74 $html_output .= PMA_URL_getHiddenInputs();
75 $html_output .= '<table id="userGroupsTable">';
76 $html_output .= '<thead><tr>';
77 $html_output .= '<th style="white-space: nowrap">'
78 . __('User group') . '</th>';
79 $html_output .= '<th>' . __('Server level tabs') . '</th>';
80 $html_output .= '<th>' . __('Database level tabs') . '</th>';
81 $html_output .= '<th>' . __('Table level tabs') . '</th>';
82 $html_output .= '<th>' . __('Action') . '</th>';
83 $html_output .= '</tr></thead>';
84 $html_output .= '<tbody>';
87 $userGroups = array();
88 while ($row = $GLOBALS['dbi']->fetchAssoc($result)) {
89 $groupName = $row['usergroup'];
90 if (! isset($userGroups[$groupName])) {
91 $userGroups[$groupName] = array();
93 $userGroups[$groupName][$row['tab']] = $row['allowed'];
95 foreach ($userGroups as $groupName => $tabs) {
96 $html_output .= '<tr class="' . ($odd ?
'odd' : 'even') . '">';
97 $html_output .= '<td>' . htmlspecialchars($groupName) . '</td>';
98 $html_output .= '<td>' . _getAllowedTabNames($tabs, 'server') . '</td>';
99 $html_output .= '<td>' . _getAllowedTabNames($tabs, 'db') . '</td>';
100 $html_output .= '<td>' . _getAllowedTabNames($tabs, 'table') . '</td>';
102 $html_output .= '<td>';
103 $html_output .= '<a class="" href="server_user_groups.php'
106 'viewUsers' => 1, 'userGroup' => $groupName
110 . PMA_Util
::getIcon('b_usrlist.png', __('View users')) . '</a>';
111 $html_output .= ' ';
112 $html_output .= '<a class="" href="server_user_groups.php'
115 'editUserGroup' => 1, 'userGroup' => $groupName
119 . PMA_Util
::getIcon('b_edit.png', __('Edit')) . '</a>';
120 $html_output .= ' ';
121 $html_output .= '<a class="deleteUserGroup ajax"'
122 . ' href="server_user_groups.php'
125 'deleteUserGroup' => 1, 'userGroup' => $groupName
129 . PMA_Util
::getIcon('b_drop.png', __('Delete')) . '</a>';
130 $html_output .= '</td>';
132 $html_output .= '</tr>';
137 $html_output .= '</tbody>';
138 $html_output .= '</table>';
139 $html_output .= '</form>';
141 $GLOBALS['dbi']->freeResult($result);
143 $html_output .= '<fieldset id="fieldset_add_user_group">';
144 $html_output .= '<a href="server_user_groups.php'
145 . PMA_URL_getCommon(array('addUserGroup' => 1)) . '">'
146 . PMA_Util
::getIcon('b_usradd.png')
147 . __('Add user group') . '</a>';
148 $html_output .= '</fieldset>';
154 * Returns the list of allowed menu tab names
155 * based on a data row from usergroup table.
157 * @param array $row row of usergroup table
158 * @param string $level 'server', 'db' or 'table'
160 * @return string comma seperated list of allowed menu tab names
162 function _getAllowedTabNames($row, $level)
165 $tabs = PMA_Util
::getMenuTabList($level);
166 foreach ($tabs as $tab => $tabName) {
167 if (! isset($row[$level . '_' . $tab])
168 ||
$row[$level . '_' . $tab] == 'Y'
170 $tabNames[] = $tabName;
173 return implode(', ', $tabNames);
177 * Deletes a user group
179 * @param string $userGroup user group name
183 function PMA_deleteUserGroup($userGroup)
185 $userTable = PMA_Util
::backquote($GLOBALS['cfg']['Server']['pmadb'])
186 . "." . PMA_Util
::backquote($GLOBALS['cfg']['Server']['users']);
187 $groupTable = PMA_Util
::backquote($GLOBALS['cfg']['Server']['pmadb'])
188 . "." . PMA_Util
::backquote($GLOBALS['cfg']['Server']['usergroups']);
189 $sql_query = "DELETE FROM " . $userTable
190 . " WHERE `usergroup`='" . PMA_Util
::sqlAddSlashes($userGroup) . "'";
191 PMA_queryAsControlUser($sql_query, true);
192 $sql_query = "DELETE FROM " . $groupTable
193 . " WHERE `usergroup`='" . PMA_Util
::sqlAddSlashes($userGroup) . "'";
194 PMA_queryAsControlUser($sql_query, true);
198 * Returns HTML for add/edit user group dialog
200 * @param string $userGroup name of the user group in case of editing
202 * @return string HTML for add/edit user group dialog
204 function PMA_getHtmlToEditUserGroup($userGroup = null)
207 if ($userGroup == null) {
208 $html_output .= '<h2>' . __('Add user group') . '</h2>';
210 $html_output .= '<h2>'
211 . sprintf(__('Edit user group: \'%s\''), htmlspecialchars($userGroup))
215 $html_output .= '<form name="userGroupForm" id="userGroupForm"'
216 . ' action="server_user_groups.php" method="post">';
217 $urlParams = array();
218 if ($userGroup != null) {
219 $urlParams['userGroup'] = $userGroup;
220 $urlParams['editUserGroupSubmit'] = '1';
222 $urlParams['addUserGroupSubmit'] = '1';
224 $html_output .= PMA_URL_getHiddenInputs($urlParams);
226 $html_output .= '<fieldset id="fieldset_user_group_rights">';
227 $html_output .= '<legend>' . __('User group menu assignments')
228 . ' '
229 . '<input type="checkbox" class="checkall_box" title="Check All">'
230 . '<label for="addUsersForm_checkall">' . __('Check All') . '</label>'
233 if ($userGroup == null) {
234 $html_output .= '<label for="userGroup">' . __('Group name:') . '</label>';
235 $html_output .= '<input type="text" name="userGroup" '
236 . 'autocomplete="off" required="required" />';
237 $html_output .= '<div class="clearfloat"></div>';
240 $allowedTabs = array(
245 if ($userGroup != null) {
246 $groupTable = PMA_Util
::backquote($GLOBALS['cfg']['Server']['pmadb'])
247 . "." . PMA_Util
::backquote($GLOBALS['cfg']['Server']['usergroups']);
248 $sql_query = "SELECT * FROM " . $groupTable
249 . " WHERE `usergroup`='" . PMA_Util
::sqlAddSlashes($userGroup) . "'";
250 $result = PMA_queryAsControlUser($sql_query, false);
252 while ($row = $GLOBALS['dbi']->fetchAssoc($result)) {
254 $value = $row['allowed'];
255 if (substr($key, 0, 7) == 'server_' && $value == 'Y') {
256 $allowedTabs['server'][] = substr($key, 7);
257 } elseif (substr($key, 0, 3) == 'db_' && $value == 'Y') {
258 $allowedTabs['db'][] = substr($key, 3);
259 } elseif (substr($key, 0, 6) == 'table_' && $value == 'Y') {
260 $allowedTabs['table'][] = substr($key, 6);
264 $GLOBALS['dbi']->freeResult($result);
267 $html_output .= _getTabList(
268 __('Server-level tabs'), 'server', $allowedTabs['server']
270 $html_output .= _getTabList(
271 __('Database-level tabs'), 'db', $allowedTabs['db']
273 $html_output .= _getTabList(
274 __('Table-level tabs'), 'table', $allowedTabs['table']
277 $html_output .= '</fieldset>';
279 $html_output .= '<fieldset id="fieldset_user_group_rights_footer"'
280 . ' class="tblFooters">';
281 $html_output .= '<input type="submit" name="update_privs" value="Go">';
282 $html_output .= '</fieldset>';
288 * Returns HTML for checkbox groups to choose
289 * tabs of 'server', 'db' or 'table' levels.
291 * @param string $title title of the checkbox group
292 * @param string $level 'server', 'db' or 'table'
293 * @param array $selected array of selected allowed tabs
295 * @return string HTML for checkbox groups
297 function _getTabList($title, $level, $selected)
299 $tabs = PMA_Util
::getMenuTabList($level);
300 $html_output = '<fieldset>';
301 $html_output .= '<legend>' . $title . '</legend>';
302 foreach ($tabs as $tab => $tabName) {
303 $html_output .= '<div class="item">';
304 $html_output .= '<input type="checkbox" class="checkall"'
305 . (in_array($tab, $selected) ?
' checked="checked"' : '')
306 . ' name="' . $level . '_' . $tab . '" value="Y" />';
307 $html_output .= '<label for="' . $level . '_' . $tab . '">'
308 . '<code>' . $tabName . '</code>'
310 $html_output .= '</div>';
312 $html_output .= '</fieldset>';
317 * Add/update a user group with allowed menu tabs.
319 * @param string $userGroup user group name
320 * @param boolean $new whether this is a new user group
324 function PMA_editUserGroup($userGroup, $new = false)
326 $tabs = PMA_Util
::getMenuTabList();
327 $groupTable = PMA_Util
::backquote($GLOBALS['cfg']['Server']['pmadb'])
328 . "." . PMA_Util
::backquote($GLOBALS['cfg']['Server']['usergroups']);
331 $sql_query = "DELETE FROM " . $groupTable
332 . " WHERE `usergroup`='" . PMA_Util
::sqlAddSlashes($userGroup) . "';";
333 PMA_queryAsControlUser($sql_query, true);
336 $sql_query = "INSERT INTO " . $groupTable
337 . "(`usergroup`, `tab`, `allowed`)"
340 foreach ($tabs as $tabGroupName => $tabGroup) {
341 foreach ($tabs[$tabGroupName] as $tab => $tabName) {
345 $tabName = $tabGroupName . '_' . $tab;
346 $allowed = isset($_REQUEST[$tabName]) && $_REQUEST[$tabName] == 'Y';
347 $sql_query .= "('" . $userGroup . "', '" . $tabName . "', '"
348 . ($allowed ?
"Y" : "N") . "')";
353 PMA_queryAsControlUser($sql_query, true);