206 lines
9.1 KiB
PHP
206 lines
9.1 KiB
PHP
<?php
|
|
require_once __DIR__ . "/../includes/functions.php";
|
|
require_permission("user_groups_view");
|
|
require_once __DIR__ . '/../db/config.php';
|
|
$pdo = db();
|
|
|
|
$message = '';
|
|
|
|
// Handle New Group Creation
|
|
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['action']) && $_POST['action'] === 'add_user_group') {
|
|
if (!has_permission('user_groups_add')) {
|
|
$message = '<div class="alert alert-danger">Access Denied.</div>';
|
|
} else {
|
|
$name = trim($_POST['name']);
|
|
if (empty($name)) {
|
|
$message = '<div class="alert alert-danger">Group name is required.</div>';
|
|
} else {
|
|
try {
|
|
$stmt = $pdo->prepare("INSERT INTO user_groups (name, permissions) VALUES (?, '')");
|
|
$stmt->execute([$name]);
|
|
$newId = $pdo->lastInsertId();
|
|
header("Location: user_group_edit.php?id=" . $newId);
|
|
exit;
|
|
} catch (PDOException $e) {
|
|
$message = '<div class="alert alert-danger">Database error: ' . $e->getMessage() . '</div>';
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
// Handle Delete
|
|
if (isset($_GET['delete'])) {
|
|
if (!has_permission('user_groups_del')) {
|
|
$message = '<div class="alert alert-danger">Access Denied: You do not have permission to delete user groups.</div>';
|
|
} else {
|
|
$id = $_GET['delete'];
|
|
// Don't allow deleting Administrator group
|
|
$stmt = $pdo->prepare("SELECT name FROM user_groups WHERE id = ?");
|
|
$stmt->execute([$id]);
|
|
$groupName = $stmt->fetchColumn();
|
|
|
|
if ($groupName === 'Administrator') {
|
|
$message = '<div class="alert alert-danger">The Administrator group cannot be deleted.</div>';
|
|
} else {
|
|
$pdo->prepare("DELETE FROM user_groups WHERE id = ?")->execute([$id]);
|
|
header("Location: user_groups.php");
|
|
exit;
|
|
}
|
|
}
|
|
}
|
|
|
|
$availablePermissions = [
|
|
'dashboard' => 'Dashboard',
|
|
'pos' => 'POS Terminal',
|
|
'orders' => 'Orders',
|
|
'kitchen' => 'Kitchen View',
|
|
'products' => 'Products',
|
|
'categories' => 'Categories',
|
|
'customers' => 'Customers',
|
|
'outlets' => 'Outlets',
|
|
'areas' => 'Areas',
|
|
'tables' => 'Tables',
|
|
'suppliers' => 'Suppliers',
|
|
'purchases' => 'Purchases',
|
|
'expenses' => 'Expenses',
|
|
'expense_categories' => 'Expense Categories',
|
|
'payment_types' => 'Payment Types',
|
|
'loyalty' => 'Loyalty',
|
|
'ads' => 'Ads',
|
|
'reports' => 'Reports',
|
|
'users' => 'Users',
|
|
'user_groups' => 'User Groups',
|
|
'settings' => 'Settings',
|
|
'attendance' => 'Attendance',
|
|
'ratings' => 'Staff Ratings'
|
|
];
|
|
|
|
$query = "SELECT * FROM user_groups ORDER BY id ASC";
|
|
$groups_pagination = paginate_query($pdo, $query);
|
|
$groups = $groups_pagination['data'];
|
|
|
|
include 'includes/header.php';
|
|
?>
|
|
|
|
<div class="d-flex justify-content-between align-items-center mb-4">
|
|
<div>
|
|
<h2 class="fw-bold mb-0">User Roles & Groups</h2>
|
|
<p class="text-muted mb-0">Manage permissions and access levels</p>
|
|
</div>
|
|
<?php if (has_permission('user_groups_add')): ?>
|
|
<button class="btn btn-primary" data-bs-toggle="modal" data-bs-target="#addGroupModal">
|
|
<i class="bi bi-plus-lg"></i> Add Group
|
|
</button>
|
|
<?php endif; ?>
|
|
</div>
|
|
|
|
<?= $message ?>
|
|
|
|
<div class="card border-0 shadow-sm rounded-4 overflow-hidden">
|
|
<div class="card-body p-0">
|
|
<!-- Pagination Controls -->
|
|
<div class="p-3 border-bottom bg-light">
|
|
<?php render_pagination_controls($groups_pagination); ?>
|
|
</div>
|
|
<div class="table-responsive">
|
|
<table class="table table-hover align-middle mb-0">
|
|
<thead class="bg-light">
|
|
<tr>
|
|
<th class="ps-4">ID</th>
|
|
<th>Group Name</th>
|
|
<th>Permissions Summary</th>
|
|
<th class="text-end pe-4">Actions</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<?php foreach ($groups as $group): ?>
|
|
<tr>
|
|
<td class="ps-4 fw-medium text-muted">#<?= $group['id'] ?></td>
|
|
<td class="fw-bold text-dark"><?= htmlspecialchars($group['name']) ?></td>
|
|
<td>
|
|
<?php
|
|
if ($group['permissions'] === 'all') {
|
|
echo '<span class="badge bg-danger-subtle text-danger border border-danger">Super Admin (All)</span>';
|
|
} else {
|
|
$perms = explode(',', $group['permissions']);
|
|
$modules_found = [];
|
|
foreach ($perms as $p) {
|
|
$mod = explode('_', $p)[0];
|
|
if (isset($availablePermissions[$mod]) && !in_array($availablePermissions[$mod], $modules_found)) {
|
|
$modules_found[] = $availablePermissions[$mod];
|
|
}
|
|
}
|
|
|
|
if (count($modules_found) > 0) {
|
|
echo '<div class="d-flex flex-wrap gap-1">';
|
|
$i = 0;
|
|
foreach ($modules_found as $m) {
|
|
if ($i < 5) {
|
|
echo '<span class="badge bg-light text-dark border small">' . $m . '</span>';
|
|
}
|
|
$i++;
|
|
}
|
|
if (count($modules_found) > 5) {
|
|
echo '<span class="badge bg-light text-muted border small">+' . (count($modules_found) - 5) . ' more</span>';
|
|
}
|
|
echo '</div>';
|
|
} elseif (!empty($group['permissions'])) {
|
|
echo '<small class="text-muted">' . htmlspecialchars(substr($group['permissions'], 0, 30)) . '...</small>';
|
|
} else {
|
|
echo '<small class="text-muted">No permissions defined</small>';
|
|
}
|
|
}
|
|
?>
|
|
</td>
|
|
<td class="text-end pe-4">
|
|
<?php if (has_permission('user_groups_add')): ?>
|
|
<a href="user_group_edit.php?id=<?= $group['id'] ?>" class="btn btn-sm btn-outline-primary rounded-pill px-3 me-1" title="Manage Permissions">
|
|
<i class="bi bi-shield-lock me-1"></i> Permissions
|
|
</a>
|
|
<?php endif; ?>
|
|
|
|
<?php if (has_permission('user_groups_del') && $group['name'] !== 'Administrator'): ?>
|
|
<a href="?delete=<?= $group['id'] ?>" class="btn btn-sm btn-outline-danger rounded-pill px-3" onclick="return confirm('Delete this user group?')">
|
|
<i class="bi bi-trash me-1"></i> Delete
|
|
</a>
|
|
<?php endif; ?>
|
|
</td>
|
|
</tr>
|
|
<?php endforeach; ?>
|
|
</tbody>
|
|
</table>
|
|
</div>
|
|
<!-- Bottom Pagination -->
|
|
<div class="p-3 border-top bg-light">
|
|
<?php render_pagination_controls($groups_pagination); ?>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
|
|
<!-- Add Group Modal -->
|
|
<div class="modal fade" id="addGroupModal" tabindex="-1" aria-hidden="true">
|
|
<div class="modal-dialog">
|
|
<div class="modal-content border-0 shadow rounded-4">
|
|
<div class="modal-header border-0 pb-0">
|
|
<h5 class="modal-title fw-bold">Create New Group</h5>
|
|
<button type="button" class="btn-close" data-bs-dismiss="modal" aria-label="Close"></button>
|
|
</div>
|
|
<form method="POST">
|
|
<div class="modal-body py-4">
|
|
<input type="hidden" name="action" value="add_user_group">
|
|
<div class="mb-3">
|
|
<label class="form-label small fw-bold text-muted">GROUP NAME</label>
|
|
<input type="text" name="name" class="form-control form-control-lg border-0 bg-light rounded-3" required placeholder="e.g. Supervisor" autofocus>
|
|
</div>
|
|
<p class="text-muted small mb-0">After creating, you will be redirected to the permissions page to configure access levels.</p>
|
|
</div>
|
|
<div class="modal-footer border-0 pt-0">
|
|
<button type="button" class="btn btn-light rounded-pill px-4" data-bs-dismiss="modal">Cancel</button>
|
|
<button type="submit" class="btn btn-primary rounded-pill px-4 fw-bold shadow-sm">Create & Configure</button>
|
|
</div>
|
|
</form>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
|
|
<?php include 'includes/footer.php'; ?>
|