31 lines
847 B
PHP
31 lines
847 B
PHP
<?php
|
|
session_start();
|
|
require_once 'db/config.php';
|
|
|
|
if (!isset($_SESSION['user_id']) || !$_SESSION['is_admin']) {
|
|
header('Location: index.php');
|
|
exit;
|
|
}
|
|
|
|
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
|
$permissions = $_POST['permissions'];
|
|
$pdo = db();
|
|
|
|
foreach ($permissions as $user_id => $perms) {
|
|
$can_view = isset($perms['can_view']) ? 1 : 0;
|
|
$can_add = isset($perms['can_add']) ? 1 : 0;
|
|
$can_delete = isset($perms['can_delete']) ? 1 : 0;
|
|
$can_edit = isset($perms['can_edit']) ? 1 : 0;
|
|
|
|
$stmt = $pdo->prepare("
|
|
UPDATE users
|
|
SET can_view = ?, can_add = ?, can_delete = ?, can_edit = ?
|
|
WHERE id = ?
|
|
");
|
|
$stmt->execute([$can_view, $can_add, $can_delete, $can_edit, $user_id]);
|
|
}
|
|
|
|
header('Location: admin.php');
|
|
exit;
|
|
}
|
|
?>
|