237 lines
12 KiB
PHP
237 lines
12 KiB
PHP
<?php
|
|
require_once __DIR__ . '/../db/config.php';
|
|
require_once __DIR__ . '/../includes/functions.php';
|
|
|
|
$pdo = db();
|
|
require_permission('user_groups_view');
|
|
|
|
$id = $_GET['id'] ?? null;
|
|
$group = null;
|
|
|
|
// Handle New Group Creation via POST from user_groups.php
|
|
if ($_SERVER['REQUEST_METHOD'] === 'POST' && !$id && isset($_POST['name'])) {
|
|
if (!has_permission('user_groups_add')) {
|
|
header('Location: user_groups.php?error=permission_denied');
|
|
exit;
|
|
}
|
|
$stmt = $pdo->prepare("INSERT INTO user_groups (name, permissions) VALUES (?, '')");
|
|
$stmt->execute([$_POST['name']]);
|
|
$id = $pdo->lastInsertId();
|
|
header("Location: user_group_edit.php?id=" . $id);
|
|
exit;
|
|
}
|
|
|
|
if ($id) {
|
|
$stmt = $pdo->prepare("SELECT * FROM user_groups WHERE id = ?");
|
|
$stmt->execute([$id]);
|
|
$group = $stmt->fetch(PDO::FETCH_ASSOC);
|
|
}
|
|
|
|
if (!$group) {
|
|
header('Location: user_groups.php');
|
|
exit;
|
|
}
|
|
|
|
$message = '';
|
|
|
|
$modules = [
|
|
'dashboard' => 'Dashboard',
|
|
'pos' => 'POS Terminal',
|
|
'kitchen' => 'Kitchen View',
|
|
'orders' => 'Orders',
|
|
'products' => 'Products',
|
|
'categories' => 'Categories',
|
|
'customers' => 'Customers',
|
|
'outlets' => 'Outlets',
|
|
'areas' => 'Areas',
|
|
'tables' => 'Tables',
|
|
'suppliers' => 'Suppliers',
|
|
'purchases' => 'Purchases',
|
|
'expenses' => 'Expenses',
|
|
'expense_categories' => 'Expense Categories',
|
|
'payment_types' => 'Payment Types',
|
|
'loyalty' => 'Loyalty',
|
|
'ads' => 'Ads',
|
|
'reports' => 'Reports',
|
|
'users' => 'Users',
|
|
'user_groups' => 'User Groups',
|
|
'settings' => 'Settings',
|
|
'attendance' => 'Attendance',
|
|
'ratings' => 'Staff Ratings'
|
|
];
|
|
|
|
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['action']) && $_POST['action'] === 'update_group') {
|
|
if (!has_permission('user_groups_add')) {
|
|
$message = '<div class="alert alert-danger border-0 shadow-sm rounded-3">Access Denied: You do not have permission to edit groups.</div>';
|
|
} else {
|
|
$name = $_POST['name'];
|
|
$permissions = isset($_POST['perms']) ? implode(',', $_POST['perms']) : '';
|
|
|
|
// Check if name is not empty
|
|
if (empty($name)) {
|
|
$message = '<div class="alert alert-danger border-0 shadow-sm rounded-3"><i class="bi bi-exclamation-triangle-fill me-2"></i>Group name cannot be empty.</div>';
|
|
} else {
|
|
$stmt = $pdo->prepare("UPDATE user_groups SET name = ?, permissions = ? WHERE id = ?");
|
|
if ($stmt->execute([$name, $permissions, $id])) {
|
|
$message = '<div class="alert alert-success border-0 shadow-sm rounded-3"><i class="bi bi-check-circle-fill me-2"></i>Group updated successfully!</div>';
|
|
|
|
// Refresh group data
|
|
$stmt = $pdo->prepare("SELECT * FROM user_groups WHERE id = ?");
|
|
$stmt->execute([$id]);
|
|
$group = $stmt->fetch(PDO::FETCH_ASSOC);
|
|
} else {
|
|
$message = '<div class="alert alert-danger border-0 shadow-sm rounded-3"><i class="bi bi-exclamation-triangle-fill me-2"></i>Error updating group.</div>';
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
$current_perms = explode(',', $group['permissions']);
|
|
|
|
include 'includes/header.php';
|
|
?>
|
|
|
|
<div class="mb-4">
|
|
<a href="user_groups.php" class="text-decoration-none text-muted small"><i class="bi bi-arrow-left"></i> Back to Groups</a>
|
|
<div class="d-flex justify-content-between align-items-center mt-2">
|
|
<h2 class="fw-bold">Edit Group Permissions: <?= htmlspecialchars($group['name']) ?></h2>
|
|
<div>
|
|
<button type="button" class="btn btn-outline-primary btn-sm rounded-pill" onclick="toggleAll(true)">Select All</button>
|
|
<button type="button" class="btn btn-outline-secondary btn-sm rounded-pill" onclick="toggleAll(false)">Deselect All</button>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
|
|
<?= $message ?>
|
|
|
|
<form method="POST">
|
|
<input type="hidden" name="action" value="update_group">
|
|
<div class="row">
|
|
<div class="col-md-12">
|
|
<div class="card border-0 shadow-sm rounded-4 mb-4">
|
|
<div class="card-body p-4">
|
|
<div class="mb-4 col-md-4">
|
|
<label class="form-label small fw-bold text-muted">GROUP NAME</label>
|
|
<input type="text" name="name" class="form-control form-control-lg border-0 bg-light" value="<?= htmlspecialchars($group['name']) ?>" required style="border-radius: 12px;" <?= !has_permission('user_groups_add') ? 'readonly' : '' ?>>
|
|
</div>
|
|
|
|
<label class="form-label small fw-bold text-muted mb-3">MODULE PERMISSIONS</label>
|
|
|
|
<div class="table-responsive">
|
|
<table class="table table-hover align-middle">
|
|
<thead class="bg-light">
|
|
<tr>
|
|
<th class="ps-4 py-3">Module</th>
|
|
<th class="text-center py-3">View</th>
|
|
<th class="text-center py-3">Add</th>
|
|
<th class="text-center py-3">Edit</th>
|
|
<th class="text-center py-3">Delete</th>
|
|
<th class="text-center py-3">Actions</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<?php foreach ($modules as $key => $label): ?>
|
|
<tr>
|
|
<td class="ps-4 fw-medium text-dark"><?= $label ?></td>
|
|
<td class="text-center">
|
|
<div class="form-check form-check-inline m-0">
|
|
<input class="form-check-input perm-checkbox" type="checkbox" name="perms[]" value="<?= $key ?>_view" id="perm_<?= $key ?>_view" <?= (in_array($key . '_view', $current_perms) || in_array('all', $current_perms)) ? 'checked' : '' ?> <?= !has_permission('user_groups_add') ? 'disabled' : '' ?>>
|
|
</div>
|
|
</td>
|
|
<td class="text-center">
|
|
<div class="form-check form-check-inline m-0">
|
|
<input class="form-check-input perm-checkbox" type="checkbox" name="perms[]" value="<?= $key ?>_add" id="perm_<?= $key ?>_add" <?= (in_array($key . '_add', $current_perms) || in_array('all', $current_perms)) ? 'checked' : '' ?> <?= !has_permission('user_groups_add') ? 'disabled' : '' ?>>
|
|
</div>
|
|
</td>
|
|
<td class="text-center">
|
|
<div class="form-check form-check-inline m-0">
|
|
<input class="form-check-input perm-checkbox" type="checkbox" name="perms[]" value="<?= $key ?>_edit" id="perm_<?= $key ?>_edit" <?= (in_array($key . '_edit', $current_perms) || in_array('all', $current_perms)) ? 'checked' : '' ?> <?= !has_permission('user_groups_add') ? 'disabled' : '' ?>>
|
|
</div>
|
|
</td>
|
|
<td class="text-center">
|
|
<div class="form-check form-check-inline m-0">
|
|
<input class="form-check-input perm-checkbox" type="checkbox" name="perms[]" value="<?= $key ?>_del" id="perm_<?= $key ?>_del" <?= (in_array($key . '_del', $current_perms) || in_array('all', $current_perms)) ? 'checked' : '' ?> <?= !has_permission('user_groups_add') ? 'disabled' : '' ?>>
|
|
</div>
|
|
</td>
|
|
<td class="text-center">
|
|
<?php if (has_permission('user_groups_add')): ?>
|
|
<button type="button" class="btn btn-sm btn-outline-secondary rounded-pill px-3" onclick="toggleRow('<?= $key ?>', true)">All</button>
|
|
<button type="button" class="btn btn-sm btn-link text-muted text-decoration-none" onclick="toggleRow('<?= $key ?>', false)">None</button>
|
|
<?php else: ?>
|
|
<span class="text-muted small">-</span>
|
|
<?php endif; ?>
|
|
</td>
|
|
</tr>
|
|
<?php endforeach; ?>
|
|
|
|
<tr class="table-info bg-opacity-10">
|
|
<td class="ps-4 fw-bold">ADMINISTRATIVE</td>
|
|
<td colspan="4" class="text-center small text-muted">Grants full access to everything in the system.</td>
|
|
<td class="text-center">
|
|
<div class="form-check form-switch d-inline-block">
|
|
<input class="form-check-input" type="checkbox" name="perms[]" value="all" id="perm_all" <?= in_array('all', $current_perms) ? 'checked' : '' ?> <?= !has_permission('user_groups_add') ? 'disabled' : '' ?>>
|
|
<label class="form-check-label fw-bold" for="perm_all">Super Admin</label>
|
|
</div>
|
|
</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</div>
|
|
|
|
<div class="mt-4 pt-3 border-top d-flex justify-content-end gap-2">
|
|
<a href="user_groups.php" class="btn btn-light rounded-pill px-4">Cancel</a>
|
|
<?php if (has_permission('user_groups_add')): ?>
|
|
<button type="submit" class="btn btn-primary rounded-pill px-4 fw-bold shadow-sm">Save Permissions</button>
|
|
<?php endif; ?>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
</form>
|
|
|
|
<script>
|
|
function toggleRow(key, state) {
|
|
const view = document.getElementById('perm_' + key + '_view');
|
|
const add = document.getElementById('perm_' + key + '_add');
|
|
const edit = document.getElementById('perm_' + key + '_edit');
|
|
const del = document.getElementById('perm_' + key + '_del');
|
|
|
|
if(view) view.checked = state;
|
|
if(add) add.checked = state;
|
|
if(edit) edit.checked = state;
|
|
if(del) del.checked = state;
|
|
}
|
|
|
|
function toggleAll(state) {
|
|
document.querySelectorAll('.perm-checkbox').forEach(cb => {
|
|
if (!cb.disabled) cb.checked = state;
|
|
});
|
|
}
|
|
|
|
// If Super Admin is checked, maybe disable others? Or just let them be.
|
|
const permAll = document.getElementById('perm_all');
|
|
if (permAll) {
|
|
permAll.addEventListener('change', function() {
|
|
if (this.checked) {
|
|
document.querySelectorAll('.perm-checkbox').forEach(cb => {
|
|
cb.checked = true;
|
|
cb.disabled = true;
|
|
});
|
|
} else {
|
|
document.querySelectorAll('.perm-checkbox').forEach(cb => {
|
|
cb.disabled = false;
|
|
});
|
|
}
|
|
});
|
|
|
|
// Initial state for Super Admin
|
|
if (permAll.checked) {
|
|
document.querySelectorAll('.perm-checkbox').forEach(cb => {
|
|
cb.disabled = true;
|
|
});
|
|
}
|
|
}
|
|
</script>
|
|
|
|
<?php include 'includes/footer.php'; ?>
|