admin/38682-vm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
38682-vm/admin/user_groups.php
Flatlogic Bot 8faf7adbb6 missing migrations
2026-02-27 01:20:05 +00:00

220 lines
9.7 KiB
PHP
Raw Blame History

<?php
require_once __DIR__ . "/../includes/functions.php";
require_once __DIR__ . "/../db/config.php";
require_permission("user_groups_view");
require_once __DIR__ . '/../db/config.php';
$pdo = db();
$message = '';
// Handle New Group Creation
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['action']) && $_POST['action'] === 'add_user_group') {
if (!has_permission('user_groups_add')) {
$message = '<div class="alert alert-danger">Access Denied.</div>';
} else {
$name = trim($_POST['name']);
if (empty($name)) {
$message = '<div class="alert alert-danger">Group name is required.</div>';
} else {
try {
$stmt = $pdo->prepare("INSERT INTO user_groups (name, permissions) VALUES (?, '')");
$stmt->execute([$name]);
$newId = $pdo->lastInsertId();
header("Location: user_group_edit.php?id=" . $newId);
exit;
} catch (PDOException $e) {
$message = '<div class="alert alert-danger">Database error: ' . $e->getMessage() . '</div>';
}
}
}
}
// Handle Delete
if (isset($_GET['delete'])) {
if (!has_permission('user_groups_del')) {
$message = '<div class="alert alert-danger">Access Denied: You do not have permission to delete user groups.</div>';
} else {
try {
$id = $_GET['delete'];
// Don't allow deleting Administrator group
$stmt = $pdo->prepare("SELECT name FROM user_groups WHERE id = ?");
$stmt->execute([$id]);
$groupName = $stmt->fetchColumn();
if ($groupName === 'Administrator') {
$message = '<div class="alert alert-danger">The Administrator group cannot be deleted.</div>';
} else {
$pdo->prepare("DELETE FROM user_groups WHERE id = ?")->execute([$id]);
header("Location: user_groups.php?deleted=1");
exit;
}
} catch (PDOException $e) {
if ($e->getCode() == '23000') {
$message = '<div class="alert alert-danger">Cannot delete this group because it is linked to users.</div>';
} else {
$message = '<div class="alert alert-danger">Error deleting group: ' . $e->getMessage() . '</div>';
}
}
}
}
if (isset($_GET['deleted'])) {
$message = '<div class="alert alert-success">User group deleted successfully!</div>';
}
$availablePermissions = [
'dashboard' => 'Dashboard',
'pos' => 'POS Terminal',
'orders' => 'Orders',
'kitchen' => 'Kitchen View',
'products' => 'Products',
'categories' => 'Categories',
'customers' => 'Customers',
'outlets' => 'Outlets',
'areas' => 'Areas',
'tables' => 'Tables',
'suppliers' => 'Suppliers',
'purchases' => 'Purchases',
'expenses' => 'Expenses',
'expense_categories' => 'Expense Categories',
'payment_types' => 'Payment Types',
'loyalty' => 'Loyalty',
'ads' => 'Ads',
'reports' => 'Reports',
'users' => 'Users',
'user_groups' => 'User Groups',
'settings' => 'Settings',
'attendance' => 'Attendance',
'ratings' => 'Staff Ratings'
];
$query = "SELECT * FROM user_groups ORDER BY id ASC";
$groups_pagination = paginate_query($pdo, $query);
$groups = $groups_pagination['data'];
include 'includes/header.php';
?>
<div class="d-flex justify-content-between align-items-center mb-4">
<div>
<h2 class="fw-bold mb-0">User Roles & Groups</h2>
<p class="text-muted mb-0">Manage permissions and access levels</p>
</div>
<?php if (has_permission('user_groups_add')): ?>
<button class="btn btn-primary" data-bs-toggle="modal" data-bs-target="#addGroupModal">
<i class="bi bi-plus-lg"></i> Add Group
</button>
<?php endif; ?>
</div>
<?= $message ?>
<div class="card border-0 shadow-sm rounded-4 overflow-hidden">
<div class="card-body p-0">
<!-- Pagination Controls -->
<div class="p-3 border-bottom bg-light">
<?php render_pagination_controls($groups_pagination); ?>
</div>
<div class="table-responsive">
<table class="table table-hover align-middle mb-0">
<thead class="bg-light">
<tr>
<th class="ps-4">ID</th>
<th>Group Name</th>
<th>Permissions Summary</th>
<th class="text-end pe-4">Actions</th>
</tr>
</thead>
<tbody>
<?php foreach ($groups as $group): ?>
<tr>
<td class="ps-4 fw-medium text-muted">#<?= $group['id'] ?></td>
<td class="fw-bold text-dark"><?= htmlspecialchars($group['name']) ?></td>
<td>
<?php
if ($group['permissions'] === 'all') {
echo '<span class="badge bg-danger-subtle text-danger border border-danger">Super Admin (All)</span>';
} else {
$perms = explode(',', $group['permissions']);
$modules_found = [];
foreach ($perms as $p) {
$mod = explode('_', $p)[0];
if (isset($availablePermissions[$mod]) && !in_array($availablePermissions[$mod], $modules_found)) {
$modules_found[] = $availablePermissions[$mod];
}
}
if (count($modules_found) > 0) {
echo '<div class="d-flex flex-wrap gap-1">';
$i = 0;
foreach ($modules_found as $m) {
if ($i < 5) {
echo '<span class="badge bg-light text-dark border small">' . $m . '</span>';
}
$i++;
}
if (count($modules_found) > 5) {
echo '<span class="badge bg-light text-muted border small">+' . (count($modules_found) - 5) . ' more</span>';
}
echo '</div>';
} elseif (!empty($group['permissions'])) {
echo '<small class="text-muted">' . htmlspecialchars(substr($group['permissions'], 0, 30)) . '...</small>';
} else {
echo '<small class="text-muted">No permissions defined</small>';
}
}
?>
</td>
<td class="text-end pe-4">
<?php if (has_permission('user_groups_add')): ?>
<a href="user_group_edit.php?id=<?= $group['id'] ?>" class="btn btn-sm btn-outline-primary rounded-pill px-3 me-1" title="Manage Permissions">
<i class="bi bi-shield-lock me-1"></i> Permissions
</a>
<?php endif; ?>
<?php if (has_permission('user_groups_del') && $group['name'] !== 'Administrator'): ?>
<a href="?delete=<?= $group['id'] ?>" class="btn btn-sm btn-outline-danger rounded-pill px-3" onclick="return confirm('Delete this user group?')">
<i class="bi bi-trash me-1"></i> Delete
</a>
<?php endif; ?>
</td>
</tr>
<?php endforeach; ?>
</tbody>
</table>
</div>
<!-- Bottom Pagination -->
<div class="p-3 border-top bg-light">
<?php render_pagination_controls($groups_pagination); ?>
</div>
</div>
</div>
<!-- Add Group Modal -->
<div class="modal fade" id="addGroupModal" tabindex="-1" aria-hidden="true">
<div class="modal-dialog">
<div class="modal-content border-0 shadow rounded-4">
<div class="modal-header border-0 pb-0">
<h5 class="modal-title fw-bold">Create New Group</h5>
<button type="button" class="btn-close" data-bs-dismiss="modal" aria-label="Close"></button>
</div>
<form method="POST">
<div class="modal-body py-4">
<input type="hidden" name="action" value="add_user_group">
<div class="mb-3">
<label class="form-label small fw-bold text-muted">GROUP NAME</label>
<input type="text" name="name" class="form-control form-control-lg border-0 bg-light rounded-3" required placeholder="e.g. Supervisor" autofocus>
</div>
<p class="text-muted small mb-0">After creating, you will be redirected to the permissions page to configure access levels.</p>
</div>
<div class="modal-footer border-0 pt-0">
<button type="button" class="btn btn-light rounded-pill px-4" data-bs-dismiss="modal">Cancel</button>
<button type="submit" class="btn btn-primary rounded-pill px-4 fw-bold shadow-sm">Create & Configure</button>
</div>
</form>
</div>
</div>
</div>
<?php include 'includes/footer.php'; ?>
Reference in New Issue View Git Blame Copy Permalink