2 /* vim: set expandtab sw=4 ts=4 sts=4: */
4 * set of functions for user group handling
11 * Return HTML to list the users belonging to a given user group
13 * @param string $userGroup user group name
15 * @return string HTML to list the users belonging to a given user group
17 function PMA_getHtmlForListingUsersofAGroup($userGroup)
20 . sprintf(__('Users of \'%s\' user group'), htmlspecialchars($userGroup))
23 $cfgRelation = PMA_getRelationsParam();
24 $usersTable = PMA\libraries\Util
::backquote($cfgRelation['db'])
25 . "." . PMA\libraries\Util
::backquote($cfgRelation['users']);
26 $sql_query = "SELECT `username` FROM " . $usersTable
27 . " WHERE `usergroup`='" . $GLOBALS['dbi']->escapeString($userGroup)
29 $result = PMA_queryAsControlUser($sql_query, false);
31 if ($GLOBALS['dbi']->numRows($result) == 0) {
33 . __('No users were found belonging to this user group.')
36 $html_output .= '<table>'
37 . '<thead><tr><th>#</th><th>' . __('User') . '</th></tr></thead>'
40 while ($row = $GLOBALS['dbi']->fetchRow($result)) {
42 $html_output .= '<tr>'
43 . '<td>' . $i . ' </td>'
44 . '<td>' . htmlspecialchars($row[0]) . '</td>'
47 $html_output .= '</tbody>'
51 $GLOBALS['dbi']->freeResult($result);
56 * Returns HTML for the 'user groups' table
58 * @return string HTML for the 'user groups' table
60 function PMA_getHtmlForUserGroupsTable()
62 $html_output = '<h2>' . __('User groups') . '</h2>';
63 $cfgRelation = PMA_getRelationsParam();
64 $groupTable = PMA\libraries\Util
::backquote($cfgRelation['db'])
65 . "." . PMA\libraries\Util
::backquote($cfgRelation['usergroups']);
66 $sql_query = "SELECT * FROM " . $groupTable . " ORDER BY `usergroup` ASC";
67 $result = PMA_queryAsControlUser($sql_query, false);
69 if ($result && $GLOBALS['dbi']->numRows($result)) {
70 $html_output .= '<form name="userGroupsForm" id="userGroupsForm"'
71 . ' action="server_privileges.php" method="post">';
72 $html_output .= URL
::getHiddenInputs();
73 $html_output .= '<table id="userGroupsTable">';
74 $html_output .= '<thead><tr>';
75 $html_output .= '<th style="white-space: nowrap">'
76 . __('User group') . '</th>';
77 $html_output .= '<th>' . __('Server level tabs') . '</th>';
78 $html_output .= '<th>' . __('Database level tabs') . '</th>';
79 $html_output .= '<th>' . __('Table level tabs') . '</th>';
80 $html_output .= '<th>' . __('Action') . '</th>';
81 $html_output .= '</tr></thead>';
82 $html_output .= '<tbody>';
84 $userGroups = array();
85 while ($row = $GLOBALS['dbi']->fetchAssoc($result)) {
86 $groupName = $row['usergroup'];
87 if (! isset($userGroups[$groupName])) {
88 $userGroups[$groupName] = array();
90 $userGroups[$groupName][$row['tab']] = $row['allowed'];
92 foreach ($userGroups as $groupName => $tabs) {
93 $html_output .= '<tr>';
94 $html_output .= '<td>' . htmlspecialchars($groupName) . '</td>';
95 $html_output .= '<td>' . _getAllowedTabNames($tabs, 'server') . '</td>';
96 $html_output .= '<td>' . _getAllowedTabNames($tabs, 'db') . '</td>';
97 $html_output .= '<td>' . _getAllowedTabNames($tabs, 'table') . '</td>';
99 $html_output .= '<td>';
100 $html_output .= '<a class="" href="server_user_groups.php'
103 'viewUsers' => 1, 'userGroup' => $groupName
107 . PMA\libraries\Util
::getIcon('b_usrlist.png', __('View users'))
109 $html_output .= ' ';
110 $html_output .= '<a class="" href="server_user_groups.php'
113 'editUserGroup' => 1, 'userGroup' => $groupName
117 . PMA\libraries\Util
::getIcon('b_edit.png', __('Edit')) . '</a>';
118 $html_output .= ' ';
119 $html_output .= '<a class="deleteUserGroup ajax"'
120 . ' href="server_user_groups.php'
123 'deleteUserGroup' => 1, 'userGroup' => $groupName
127 . PMA\libraries\Util
::getIcon('b_drop.png', __('Delete')) . '</a>';
128 $html_output .= '</td>';
130 $html_output .= '</tr>';
133 $html_output .= '</tbody>';
134 $html_output .= '</table>';
135 $html_output .= '</form>';
137 $GLOBALS['dbi']->freeResult($result);
139 $html_output .= '<fieldset id="fieldset_add_user_group">';
140 $html_output .= '<a href="server_user_groups.php'
141 . URL
::getCommon(array('addUserGroup' => 1)) . '">'
142 . PMA\libraries\Util
::getIcon('b_usradd.png')
143 . __('Add user group') . '</a>';
144 $html_output .= '</fieldset>';
150 * Returns the list of allowed menu tab names
151 * based on a data row from usergroup table.
153 * @param array $row row of usergroup table
154 * @param string $level 'server', 'db' or 'table'
156 * @return string comma separated list of allowed menu tab names
158 function _getAllowedTabNames($row, $level)
161 $tabs = PMA\libraries\Util
::getMenuTabList($level);
162 foreach ($tabs as $tab => $tabName) {
163 if (! isset($row[$level . '_' . $tab])
164 ||
$row[$level . '_' . $tab] == 'Y'
166 $tabNames[] = $tabName;
169 return implode(', ', $tabNames);
173 * Deletes a user group
175 * @param string $userGroup user group name
179 function PMA_deleteUserGroup($userGroup)
181 $cfgRelation = PMA_getRelationsParam();
182 $userTable = PMA\libraries\Util
::backquote($cfgRelation['db'])
183 . "." . PMA\libraries\Util
::backquote($cfgRelation['users']);
184 $groupTable = PMA\libraries\Util
::backquote($cfgRelation['db'])
185 . "." . PMA\libraries\Util
::backquote($cfgRelation['usergroups']);
186 $sql_query = "DELETE FROM " . $userTable
187 . " WHERE `usergroup`='" . $GLOBALS['dbi']->escapeString($userGroup)
189 PMA_queryAsControlUser($sql_query, true);
190 $sql_query = "DELETE FROM " . $groupTable
191 . " WHERE `usergroup`='" . $GLOBALS['dbi']->escapeString($userGroup)
193 PMA_queryAsControlUser($sql_query, true);
197 * Returns HTML for add/edit user group dialog
199 * @param string $userGroup name of the user group in case of editing
201 * @return string HTML for add/edit user group dialog
203 function PMA_getHtmlToEditUserGroup($userGroup = null)
206 if ($userGroup == null) {
207 $html_output .= '<h2>' . __('Add user group') . '</h2>';
209 $html_output .= '<h2>'
210 . sprintf(__('Edit user group: \'%s\''), htmlspecialchars($userGroup))
214 $html_output .= '<form name="userGroupForm" id="userGroupForm"'
215 . ' action="server_user_groups.php" method="post">';
216 $urlParams = array();
217 if ($userGroup != null) {
218 $urlParams['userGroup'] = $userGroup;
219 $urlParams['editUserGroupSubmit'] = '1';
221 $urlParams['addUserGroupSubmit'] = '1';
223 $html_output .= URL
::getHiddenInputs($urlParams);
225 $html_output .= '<fieldset id="fieldset_user_group_rights">';
226 $html_output .= '<legend>' . __('User group menu assignments')
227 . ' '
228 . '<input type="checkbox" id="addUsersForm_checkall" '
229 . 'class="checkall_box" title="Check all">'
230 . '<label for="addUsersForm_checkall">' . __('Check all') . '</label>'
233 if ($userGroup == null) {
234 $html_output .= '<label for="userGroup">' . __('Group name:') . '</label>';
235 $html_output .= '<input type="text" name="userGroup" '
236 . 'autocomplete="off" required="required" />';
237 $html_output .= '<div class="clearfloat"></div>';
240 $allowedTabs = array(
245 if ($userGroup != null) {
246 $cfgRelation = PMA_getRelationsParam();
247 $groupTable = PMA\libraries\Util
::backquote($cfgRelation['db'])
248 . "." . PMA\libraries\Util
::backquote($cfgRelation['usergroups']);
249 $sql_query = "SELECT * FROM " . $groupTable
250 . " WHERE `usergroup`='" . $GLOBALS['dbi']->escapeString($userGroup)
252 $result = PMA_queryAsControlUser($sql_query, false);
254 while ($row = $GLOBALS['dbi']->fetchAssoc($result)) {
256 $value = $row['allowed'];
257 if (substr($key, 0, 7) == 'server_' && $value == 'Y') {
258 $allowedTabs['server'][] = mb_substr($key, 7);
259 } elseif (substr($key, 0, 3) == 'db_' && $value == 'Y') {
260 $allowedTabs['db'][] = mb_substr($key, 3);
261 } elseif (substr($key, 0, 6) == 'table_'
264 $allowedTabs['table'][] = mb_substr($key, 6);
268 $GLOBALS['dbi']->freeResult($result);
271 $html_output .= _getTabList(
272 __('Server-level tabs'), 'server', $allowedTabs['server']
274 $html_output .= _getTabList(
275 __('Database-level tabs'), 'db', $allowedTabs['db']
277 $html_output .= _getTabList(
278 __('Table-level tabs'), 'table', $allowedTabs['table']
281 $html_output .= '</fieldset>';
283 $html_output .= '<fieldset id="fieldset_user_group_rights_footer"'
284 . ' class="tblFooters">';
285 $html_output .= '<input type="submit" value="' . __('Go') . '">';
286 $html_output .= '</fieldset>';
292 * Returns HTML for checkbox groups to choose
293 * tabs of 'server', 'db' or 'table' levels.
295 * @param string $title title of the checkbox group
296 * @param string $level 'server', 'db' or 'table'
297 * @param array $selected array of selected allowed tabs
299 * @return string HTML for checkbox groups
301 function _getTabList($title, $level, $selected)
303 $tabs = PMA\libraries\Util
::getMenuTabList($level);
304 $html_output = '<fieldset>';
305 $html_output .= '<legend>' . $title . '</legend>';
306 foreach ($tabs as $tab => $tabName) {
307 $html_output .= '<div class="item">';
308 $html_output .= '<input type="checkbox" class="checkall"'
309 . (in_array($tab, $selected) ?
' checked="checked"' : '')
310 . ' name="' . $level . '_' . $tab . '" value="Y" />';
311 $html_output .= '<label for="' . $level . '_' . $tab . '">'
312 . '<code>' . $tabName . '</code>'
314 $html_output .= '</div>';
316 $html_output .= '</fieldset>';
321 * Add/update a user group with allowed menu tabs.
323 * @param string $userGroup user group name
324 * @param boolean $new whether this is a new user group
328 function PMA_editUserGroup($userGroup, $new = false)
330 $tabs = PMA\libraries\Util
::getMenuTabList();
331 $cfgRelation = PMA_getRelationsParam();
332 $groupTable = PMA\libraries\Util
::backquote($cfgRelation['db'])
333 . "." . PMA\libraries\Util
::backquote($cfgRelation['usergroups']);
336 $sql_query = "DELETE FROM " . $groupTable
337 . " WHERE `usergroup`='" . $GLOBALS['dbi']->escapeString($userGroup)
339 PMA_queryAsControlUser($sql_query, true);
342 $sql_query = "INSERT INTO " . $groupTable
343 . "(`usergroup`, `tab`, `allowed`)"
346 foreach ($tabs as $tabGroupName => $tabGroup) {
347 foreach ($tabGroup as $tab => $tabName) {
351 $tabName = $tabGroupName . '_' . $tab;
352 $allowed = isset($_REQUEST[$tabName]) && $_REQUEST[$tabName] == 'Y';
353 $sql_query .= "('" . $GLOBALS['dbi']->escapeString($userGroup) . "', '" . $tabName . "', '"
354 . ($allowed ?
"Y" : "N") . "')";
359 PMA_queryAsControlUser($sql_query, true);
