386 lines
17 KiB
PHP
386 lines
17 KiB
PHP
<?php
|
|
require_once __DIR__ . '/includes/header.php';
|
|
|
|
if (!isAdmin()) {
|
|
redirect('index.php');
|
|
}
|
|
|
|
$error = '';
|
|
$success = '';
|
|
|
|
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
|
$action = $_POST['action'] ?? '';
|
|
$username = $_POST['username'] ?? '';
|
|
$full_name = $_POST['full_name'] ?? '';
|
|
$role = $_POST['role'] ?? 'staff';
|
|
$password = $_POST['password'] ?? '';
|
|
$id = $_POST['id'] ?? 0;
|
|
|
|
// Permissions
|
|
$can_view = isset($_POST['can_view']) ? 1 : 0;
|
|
$can_add = isset($_POST['can_add']) ? 1 : 0;
|
|
$can_edit = isset($_POST['can_edit']) ? 1 : 0;
|
|
$can_delete = isset($_POST['can_delete']) ? 1 : 0;
|
|
|
|
if ($action === 'add') {
|
|
if ($username && $password && $full_name) {
|
|
$hashed_password = password_hash($password, PASSWORD_DEFAULT);
|
|
try {
|
|
$stmt = db()->prepare("INSERT INTO users (username, password, full_name, role, can_view, can_add, can_edit, can_delete) VALUES (?, ?, ?, ?, ?, ?, ?, ?)");
|
|
$stmt->execute([$username, $hashed_password, $full_name, $role, $can_view, $can_add, $can_edit, $can_delete]);
|
|
$_SESSION['success'] = 'تم إضافة المستخدم بنجاح';
|
|
redirect('users.php');
|
|
} catch (PDOException $e) {
|
|
if ($e->getCode() == 23000) {
|
|
$error = 'اسم المستخدم موجود مسبقاً';
|
|
} else {
|
|
$error = 'حدث خطأ: ' . $e->getMessage();
|
|
}
|
|
}
|
|
} else {
|
|
$error = 'يرجى ملء جميع الحقول المطلوبة';
|
|
}
|
|
} elseif ($action === 'edit') {
|
|
if ($username && $full_name && $id) {
|
|
try {
|
|
if ($password) {
|
|
$hashed_password = password_hash($password, PASSWORD_DEFAULT);
|
|
$stmt = db()->prepare("UPDATE users SET username = ?, full_name = ?, role = ?, password = ?, can_view = ?, can_add = ?, can_edit = ?, can_delete = ? WHERE id = ?");
|
|
$stmt->execute([$username, $full_name, $role, $hashed_password, $can_view, $can_add, $can_edit, $can_delete, $id]);
|
|
} else {
|
|
$stmt = db()->prepare("UPDATE users SET username = ?, full_name = ?, role = ?, can_view = ?, can_add = ?, can_edit = ?, can_delete = ? WHERE id = ?");
|
|
$stmt->execute([$username, $full_name, $role, $can_view, $can_add, $can_edit, $can_delete, $id]);
|
|
}
|
|
$_SESSION['success'] = 'تم تحديث بيانات المستخدم بنجاح';
|
|
redirect('users.php');
|
|
} catch (PDOException $e) {
|
|
$error = 'حدث خطأ: ' . $e->getMessage();
|
|
}
|
|
} else {
|
|
$error = 'يرجى ملء جميع الحقول المطلوبة';
|
|
}
|
|
}
|
|
}
|
|
|
|
if (isset($_GET['action']) && $_GET['action'] === 'delete' && isset($_GET['id'])) {
|
|
if ($_GET['id'] != $_SESSION['user_id']) {
|
|
$stmt = db()->prepare("DELETE FROM users WHERE id = ?");
|
|
$stmt->execute([$_GET['id']]);
|
|
$_SESSION['success'] = 'تم حذف المستخدم بنجاح';
|
|
redirect('users.php');
|
|
} else {
|
|
$error = 'لا يمكنك حذف حسابك الحالي';
|
|
}
|
|
}
|
|
|
|
// Get session messages
|
|
if (isset($_SESSION['success'])) {
|
|
$success = $_SESSION['success'];
|
|
unset($_SESSION['success']);
|
|
}
|
|
if (isset($_SESSION['error'])) {
|
|
$error = $_SESSION['error'];
|
|
unset($_SESSION['error']);
|
|
}
|
|
|
|
$stmt = db()->query("SELECT * FROM users ORDER BY created_at DESC");
|
|
$users = $stmt->fetchAll();
|
|
|
|
// Handle Deep Link for Edit
|
|
$deepLinkData = null;
|
|
if (isset($_GET['action']) && $_GET['action'] === 'edit' && isset($_GET['id'])) {
|
|
$stmt = db()->prepare("SELECT * FROM users WHERE id = ?");
|
|
$stmt->execute([$_GET['id']]);
|
|
$deepLinkData = $stmt->fetch();
|
|
}
|
|
?>
|
|
|
|
<div class="d-flex justify-content-between flex-wrap flex-md-nowrap align-items-center pt-3 pb-2 mb-3 border-bottom">
|
|
<h1 class="h2">إدارة المستخدمين والصلاحيات</h1>
|
|
<button type="button" class="btn btn-primary shadow-sm" onclick="openUserModal('add')">
|
|
<i class="fas fa-user-plus me-1"></i> إضافة مستخدم جديد
|
|
</button>
|
|
</div>
|
|
|
|
<?php if ($success): ?>
|
|
<div class="alert alert-success alert-dismissible fade show" role="alert">
|
|
<?= $success ?>
|
|
<button type="button" class="btn-close" data-bs-dismiss="alert" aria-label="Close"></button>
|
|
</div>
|
|
<?php endif; ?>
|
|
|
|
<?php if ($error): ?>
|
|
<div class="alert alert-danger alert-dismissible fade show" role="alert">
|
|
<?= $error ?>
|
|
<button type="button" class="btn-close" data-bs-dismiss="alert" aria-label="Close"></button>
|
|
</div>
|
|
<?php endif; ?>
|
|
|
|
<div class="card shadow-sm border-0 mb-4">
|
|
<div class="card-body p-0">
|
|
<div class="table-responsive">
|
|
<table class="table table-hover align-middle mb-0">
|
|
<thead class="bg-light">
|
|
<tr>
|
|
<th class="ps-4">الاسم الكامل</th>
|
|
<th>اسم المستخدم</th>
|
|
<th>الدور</th>
|
|
<th>الصلاحيات</th>
|
|
<th>تاريخ الإنشاء</th>
|
|
<th class="pe-4 text-center">الإجراءات</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<?php foreach ($users as $user): ?>
|
|
<tr>
|
|
<td class="ps-4 fw-bold"><?= htmlspecialchars($user['full_name']) ?></td>
|
|
<td><?= htmlspecialchars($user['username']) ?></td>
|
|
<td>
|
|
<?php if ($user['role'] === 'admin'): ?>
|
|
<span class="badge bg-danger">مدير</span>
|
|
<?php elseif ($user['role'] === 'clerk'): ?>
|
|
<span class="badge bg-warning text-dark">كاتب</span>
|
|
<?php else: ?>
|
|
<span class="badge bg-secondary">موظف</span>
|
|
<?php endif; ?>
|
|
</td>
|
|
<td>
|
|
<div class="d-flex gap-1">
|
|
<span class="badge <?= $user['can_view'] ? 'bg-success' : 'bg-light text-muted' ?>" title="عرض">ع</span>
|
|
<span class="badge <?= $user['can_add'] ? 'bg-success' : 'bg-light text-muted' ?>" title="إضافة">إ</span>
|
|
<span class="badge <?= $user['can_edit'] ? 'bg-success' : 'bg-light text-muted' ?>" title="تعديل">ت</span>
|
|
<span class="badge <?= $user['can_delete'] ? 'bg-success' : 'bg-light text-muted' ?>" title="حذف">ح</span>
|
|
</div>
|
|
</td>
|
|
<td><?= $user['created_at'] ?></td>
|
|
<td class="pe-4 text-center">
|
|
<button type="button" class="btn btn-sm btn-outline-primary"
|
|
onclick="openUserModal('edit', <?= htmlspecialchars(json_encode($user), ENT_QUOTES, 'UTF-8') ?>)">
|
|
<i class="fas fa-edit"></i> تعديل
|
|
</button>
|
|
<?php if ($user['id'] != $_SESSION['user_id']): ?>
|
|
<a href="javascript:void(0)" onclick="confirmDelete(<?= $user['id'] ?>)" class="btn btn-sm btn-outline-danger">
|
|
<i class="fas fa-trash"></i> حذف
|
|
</a>
|
|
<?php endif; ?>
|
|
</td>
|
|
</tr>
|
|
<?php endforeach; ?>
|
|
</tbody>
|
|
</table>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
|
|
<!-- User Modal -->
|
|
<div class="modal fade" id="userModal" tabindex="-1" aria-labelledby="userModalLabel" aria-hidden="true">
|
|
<div class="modal-dialog">
|
|
<div class="modal-content border-0 shadow">
|
|
<div class="modal-header bg-primary text-white">
|
|
<h5 class="modal-title fw-bold" id="userModalLabel">إضافة مستخدم جديد</h5>
|
|
<button type="button" class="btn-close btn-close-white" data-bs-dismiss="modal" aria-label="Close"></button>
|
|
</div>
|
|
<form id="userForm" method="POST">
|
|
<div class="modal-body p-4">
|
|
<input type="hidden" name="action" id="modalAction" value="add">
|
|
<input type="hidden" name="id" id="modalId" value="0">
|
|
|
|
<div class="mb-3">
|
|
<label class="form-label fw-bold">الاسم الكامل</label>
|
|
<input type="text" name="full_name" id="modalFullName" class="form-control" required>
|
|
</div>
|
|
<div class="mb-3">
|
|
<label class="form-label fw-bold">اسم المستخدم</label>
|
|
<input type="text" name="username" id="modalUsername" class="form-control" required>
|
|
</div>
|
|
<div class="mb-3">
|
|
<label class="form-label fw-bold">كلمة المرور <span id="pwdHint" class="text-muted small"></span></label>
|
|
<input type="password" name="password" id="modalPassword" class="form-control">
|
|
</div>
|
|
<div class="mb-3">
|
|
<label class="form-label fw-bold">الدور</label>
|
|
<select name="role" id="modalRole" class="form-select" onchange="applyRolePresets(this.value)">
|
|
<option value="staff">موظف</option>
|
|
<option value="clerk">كاتب</option>
|
|
<option value="admin">مدير</option>
|
|
</select>
|
|
</div>
|
|
|
|
<div class="mb-3">
|
|
<label class="form-label fw-bold d-block">الصلاحيات</label>
|
|
<div class="row g-2 bg-light p-3 rounded">
|
|
<div class="col-6">
|
|
<div class="form-check">
|
|
<input class="form-check-input" type="checkbox" name="can_view" id="permView" value="1">
|
|
<label class="form-check-label" for="permView">عرض البيانات</label>
|
|
</div>
|
|
</div>
|
|
<div class="col-6">
|
|
<div class="form-check">
|
|
<input class="form-check-input" type="checkbox" name="can_add" id="permAdd" value="1">
|
|
<label class="form-check-label" for="permAdd">إضافة سجلات</label>
|
|
</div>
|
|
</div>
|
|
<div class="col-6">
|
|
<div class="form-check">
|
|
<input class="form-check-input" type="checkbox" name="can_edit" id="permEdit" value="1">
|
|
<label class="form-check-label" for="permEdit">تعديل سجلات</label>
|
|
</div>
|
|
</div>
|
|
<div class="col-6">
|
|
<div class="form-check">
|
|
<input class="form-check-input" type="checkbox" name="can_delete" id="permDelete" value="1">
|
|
<label class="form-check-label" for="permDelete">حذف سجلات</label>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
<div class="modal-footer bg-light">
|
|
<button type="button" class="btn btn-secondary" data-bs-dismiss="modal">إلغاء</button>
|
|
<button type="submit" class="btn btn-primary px-4">حفظ البيانات</button>
|
|
</div>
|
|
</form>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
|
|
<script>
|
|
let userModal;
|
|
|
|
function applyRolePresets(role) {
|
|
const view = document.getElementById('permView');
|
|
const add = document.getElementById('permAdd');
|
|
const edit = document.getElementById('permEdit');
|
|
const del = document.getElementById('permDelete');
|
|
|
|
if (role === 'admin') {
|
|
view.checked = add.checked = edit.checked = del.checked = true;
|
|
} else if (role === 'clerk') {
|
|
view.checked = add.checked = edit.checked = true;
|
|
del.checked = false;
|
|
} else {
|
|
view.checked = true;
|
|
add.checked = edit.checked = del.checked = false;
|
|
}
|
|
}
|
|
|
|
function openUserModal(action, data = null) {
|
|
if (!userModal) {
|
|
const modalEl = document.getElementById('userModal');
|
|
if (typeof bootstrap !== 'undefined') {
|
|
userModal = new bootstrap.Modal(modalEl);
|
|
} else {
|
|
console.error('Bootstrap not loaded');
|
|
return;
|
|
}
|
|
}
|
|
|
|
const label = document.getElementById('userModalLabel');
|
|
const modalAction = document.getElementById('modalAction');
|
|
const modalId = document.getElementById('modalId');
|
|
const modalPassword = document.getElementById('modalPassword');
|
|
const pwdHint = document.getElementById('pwdHint');
|
|
|
|
const fields = {
|
|
full_name: document.getElementById('modalFullName'),
|
|
username: document.getElementById('modalUsername'),
|
|
role: document.getElementById('modalRole')
|
|
};
|
|
|
|
const perms = {
|
|
can_view: document.getElementById('permView'),
|
|
can_add: document.getElementById('permAdd'),
|
|
can_edit: document.getElementById('permEdit'),
|
|
can_delete: document.getElementById('permDelete')
|
|
};
|
|
|
|
modalAction.value = action;
|
|
|
|
if (action === 'add') {
|
|
label.textContent = 'إضافة مستخدم جديد';
|
|
modalId.value = '0';
|
|
Object.keys(fields).forEach(key => fields[key].value = '');
|
|
modalRole.value = 'staff';
|
|
applyRolePresets('staff');
|
|
modalPassword.required = true;
|
|
pwdHint.textContent = '';
|
|
} else {
|
|
label.textContent = 'تعديل بيانات المستخدم';
|
|
modalId.value = data.id;
|
|
Object.keys(fields).forEach(key => {
|
|
if (fields[key]) fields[key].value = data[key] || '';
|
|
});
|
|
|
|
// Set permissions checkboxes
|
|
perms.can_view.checked = data.can_view == 1;
|
|
perms.can_add.checked = data.can_add == 1;
|
|
perms.can_edit.checked = data.can_edit == 1;
|
|
perms.can_delete.checked = data.can_delete == 1;
|
|
|
|
modalPassword.required = false;
|
|
pwdHint.textContent = '(اتركه فارغاً للحفاظ على كلمة المرور الحالية)';
|
|
}
|
|
|
|
userModal.show();
|
|
}
|
|
|
|
document.addEventListener('DOMContentLoaded', function() {
|
|
<?php if ($deepLinkData): ?>
|
|
openUserModal('edit', <?= json_encode($deepLinkData) ?>);
|
|
<?php elseif ($error && isset($_POST['action'])): ?>
|
|
const errorData = <?= json_encode([
|
|
'id' => $_POST['id'] ?? 0,
|
|
'username' => $_POST['username'] ?? '',
|
|
'full_name' => $_POST['full_name'] ?? '',
|
|
'role' => $_POST['role'] ?? 'staff',
|
|
'can_view' => $_POST['can_view'] ?? 0,
|
|
'can_add' => $_POST['can_add'] ?? 0,
|
|
'can_edit' => $_POST['can_edit'] ?? 0,
|
|
'can_delete' => $_POST['can_delete'] ?? 0
|
|
]) ?>;
|
|
openUserModal('<?= $_POST['action'] ?>', errorData);
|
|
<?php elseif (isset($_GET['action']) && $_GET['action'] === 'add'): ?>
|
|
openUserModal('add');
|
|
<?php endif; ?>
|
|
});
|
|
|
|
function confirmDelete(id) {
|
|
if (typeof Swal === 'undefined') {
|
|
if (confirm('هل أنت متأكد من الحذف؟')) {
|
|
window.location.href = 'users.php?action=delete&id=' + id;
|
|
}
|
|
return;
|
|
}
|
|
Swal.fire({
|
|
title: 'هل أنت متأكد؟',
|
|
text: "لا يمكن التراجع عن عملية الحذف!",
|
|
icon: 'warning',
|
|
showCancelButton: true,
|
|
confirmButtonColor: '#d33',
|
|
cancelButtonColor: '#3085d6',
|
|
confirmButtonText: 'نعم، احذف!',
|
|
cancelButtonText: 'إلغاء'
|
|
}).then((result) => {
|
|
if (result.isConfirmed) {
|
|
window.location.href = 'users.php?action=delete&id=' + id;
|
|
}
|
|
})
|
|
}
|
|
</script>
|
|
|
|
<style>
|
|
.modal-content {
|
|
border-radius: 15px;
|
|
overflow: hidden;
|
|
}
|
|
.modal-header.bg-primary {
|
|
background-color: #0d6efd !important;
|
|
}
|
|
.form-check-input:checked {
|
|
background-color: #198754;
|
|
border-color: #198754;
|
|
}
|
|
</style>
|
|
|
|
<?php require_once __DIR__ . '/includes/footer.php'; ?>
|