import re
with open('center_subjects.php', 'r', encoding='utf-8') as f:
content = f.read()
# Protect POST update action
post_handler = r"if \(\$_SERVER\['REQUEST_METHOD'\] === 'POST' && isset\(\$_POST\['action'\]\) && \$_POST\['action'\] === 'update_subjects'\) \{"
post_handler_new = r"""if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['action']) && $_POST['action'] === 'update_subjects') {
if (!is_super_admin()) {
$errors['form'] = 'عذراً، تعديل المواد متاح للمشرف العام فقط.';
} else {"""
content = content.replace(post_handler, post_handler_new)
# Find the try/catch block to close the else
try_block = r""" update_application_subjects\(\(int\) \$application\['id'\], \$selected_subjects_ids\);.*?\} catch \(Throwable \$e\) \{.*?\}"""
try_block_new = r""" update_application_subjects((int) $application['id'], $selected_subjects_ids);
set_flash('success', 'تم تحديث المواد الدراسية للمركز بنجاح.');
$selectedCycleIdStr = $selectedCycleId > 0 ? '&cycle=' . $selectedCycleId : '';
header('Location: center_subjects.php?id=' . $application['id'] . $selectedCycleIdStr);
exit;
} catch (Throwable $e) {
$errors['form'] = 'تعذر حفظ البيانات. يرجى المحاولة لاحقاً.';
}
}"""
content = re.sub(r" update_application_subjects\(\(int\) \$application\['id'\], \$selected_subjects_ids\);.*?\} catch \(Throwable \$e\) \{.*?\}", try_block_new, content, flags=re.DOTALL)
# Disable checkboxes and hide button if not super admin
checkbox = r''
content = re.sub(checkbox, checkbox_new, content)
btn = r''
btn_new = r"""
يمكن للمشرف العام فقط تعديل هذه القائمة.
"""
content = content.replace(btn, btn_new)
with open('center_subjects.php', 'w', encoding='utf-8') as f:
f.write(content)