new interface for survey rights

modified database

git-svn-id: file:///Users/Shitiz/Downloads/lssvn/source/phpsurveyor@2053 b72ed6b6-b9f8-46b5-92b4-906544132732

admin/access_denied.php

@@ -129,7 +129,14 @@
 		$accesssummary .= "<a href='$scriptname?sid={$sid}'>"._("Continue")."</a><br />&nbsp;\n";
 		}*/
 
-
+	else
+		{
+		$accesssummary .= "<br />"._("You are not allowed to perform this operation!")."<br />\n";		
+		if($sid)
+			$accesssummary .= "<br /><br /><a href='$scriptname?sid=$sid&action=surveysecurity'>"._("Continue")."</a><br />&nbsp;\n";
+		else 
+			$accesssummary .= "<br /><br /><a href='$scriptname?action=editusers'>"._("Continue")."</a><br />&nbsp;\n";
+		}
 
 	}
 ?>

admin/database.php

@@ -692,7 +692,7 @@ function get_max_order($gid)
 		. "'{$_POST['email_confirm']}', \n"
 		. "'{$_POST['allowsave']}', '{$_POST['autoredirect']}', '{$_POST['allowprev']}','".date("Y-m-d")."')";
 		$isresult = $connect->Execute($isquery);
-		$isrquery = "INSERT INTO {$dbprefix}surveys_rights VALUES($surveyid,". $_SESSION['loginID'].",1,1,1,1,1,1,1)"; //ADDED by Moses inserts survey rights for creator
+		$isrquery = "INSERT INTO {$dbprefix}surveys_rights VALUES($surveyid,". $_SESSION['loginID'].",1,1,1,1,1,1)"; //ADDED by Moses inserts survey rights for creator
     $isrresult = $connect->Execute($isrquery) or die ($isrquery."<br />".$connect->ErrorMsg()); //ADDED by Moses
 		if ($isresult)
 		{

admin/install/create-mysql.sql

@@ -239,9 +239,9 @@ CREATE TABLE `prefix_surveys_rights` (
 	`define_questions` tinyint(1) NOT NULL default '0',
 	`browse_response` tinyint(1) NOT NULL default '0',
 	`export` tinyint(1) NOT NULL default '0',
-	`add_user` tinyint(1) NOT NULL default '0',
 	`delete_survey` tinyint(1) NOT NULL default '0',
-	`activate_survey` tinyint(1) NOT NULL default '0'
+	`activate_survey` tinyint(1) NOT NULL default '0',
+	PRIMARY KEY (sid, uid)
 ) TYPE=MyISAM;
 
 CREATE TABLE `prefix_user_groups` (

admin/install/upgrade-mysql.php

@@ -202,7 +202,6 @@ function mysqlcheckfields()
 $allfields[]=array("{$dbprefix}surveys_rights", "define_questions", "DEFINE_QUESTIONS tinyint(1) NOT NULL default '0'");
 $allfields[]=array("{$dbprefix}surveys_rights", "browse_response", "LOOK_STATISTICS tinyint(1) NOT NULL default '0'");
 $allfields[]=array("{$dbprefix}surveys_rights", "export", "EXPORT tinyint(1) NOT NULL default '0'");
-$allfields[]=array("{$dbprefix}surveys_rights", "add_user", "ADD_USER tinyint(1) NOT NULL default '0'");
 $allfields[]=array("{$dbprefix}surveys_rights", "delete_survey", "DELETE_SURVEY tinyint(1) NOT NULL default '0'");
 $allfields[]=array("{$dbprefix}surveys_rights", "activate_survey", "DO_SURVEY tinyint(1) NOT NULL default '0'");
 

admin/usercontrol.php

@@ -255,7 +255,7 @@
 	$addsummary .= "<br /><br /><a href='$scriptname?action=editusers'>"._("Continue")."</a><br />&nbsp;\n";
 	}
 
-elseif ($action == "moduser")// && $_POST['uid'] == $_SESSION['loginID'])
+elseif ($action == "moduser")
 	{
 	$addsummary = "<br /><strong>"._("Modifying User")."</strong><br />\n";
 
@@ -280,7 +280,7 @@
 			}
 		elseif($valid_email)
 			{
-			$uquery = "UPDATE {$dbprefix}users SET email='{$email}', password=ENCODE('{$pass}', '{$codeString}') WHERE uid={$_POST['uid']}";	//		added by Dennis
+			$uquery = "UPDATE {$dbprefix}users SET email='{$email}', password=ENCODE('{$pass}', '{$codeString}') WHERE uid={$_POST['uid']}";
 			//echo($uquery);
 			$uresult = $connect->Execute($uquery);
 			if(mysql_affected_rows() < 0)
@@ -295,8 +295,7 @@
 			}		
 		if($failed)
 			{
-			//$addsummary .= "<br /><br /><a href='$scriptname?action=modifyuser&user=$user&uid={$_POST['uid']}'>"._("Continue")."</a><br />&nbsp;\n";
-			$addsummary .= "<br /><br /><form method='post' action='$scriptname'>"	// added by Dennis
+			$addsummary .= "<br /><br /><form method='post' action='$scriptname'>"
 						 ."<input type='submit' value='"._("Back")."'>"
 						 ."<input type='hidden' name='action' value='modifyuser'>"
 						 ."<input type='hidden' name='uid' value='{$_POST['uid']}'>"
@@ -310,8 +309,6 @@
 	else
 		{			
 		include("access_denied.php");
-		//$addsummary .= "<br />"._("You are not allowed to perform this operation!")."<br />\n";		
-		//$addsummary .= "<br /><br /><a href='$scriptname?action=editusers'>"._("Continue")."</a><br />&nbsp;\n";
 		}
 	}
 
@@ -342,14 +339,13 @@
 			if(isset($_POST['push_down_user']))$rights['push_down_user']=1;		else $rights['push_down_user']=0;
 			if(isset($_POST['create_template']))$rights['create_template']=1;	else $rights['create_template']=0;
 
-			setrights($_POST['uid'], $rights);
+			setuserrights($_POST['uid'], $rights);
 			$addsummary .= "<br />"._("Update user rights successful.")."<br />\n"; 						
 			$addsummary .= "<br /><br /><a href='$scriptname?action=editusers'>"._("Continue")."</a><br />&nbsp;\n";
 			}
 		else
 			{
-			include("access_denied.php");
-			//$addsummary .= "<br />"._("You are not allowed to perform this operation!")."<br />\n";		
+			include("access_denied.php");	
 			}
 		}
 	else

common.php

@@ -238,7 +238,7 @@ function showadminmenu()
                     . "\t\t\t\t\t<img src='$imagefiles/seperator.gif' alt='' align='left' border='0' hspace='0'>\n";
 
 		// check data cosistency
-        if($_SESSION['USER_RIGHT_CONFIGURATOR'])
+        if(isset($_SESSION['USER_RIGHT_CONFIGURATOR']))
 			{
 		$adminmenu .= "<a href=\"#\" onClick=\"window.open('dbchecker.php', '_top')\"".
 					   "onmouseout=\"hideTooltip()\"" 
@@ -277,7 +277,7 @@ function showadminmenu()
 			}
 
 		// db backup & label editor
-		if($_SESSION['USER_RIGHT_CONFIGURATOR'])
+		if(isset($_SESSION['USER_RIGHT_CONFIGURATOR']))
 			{
 			$adminmenu  .= "<a href=\"#\""
 						. "onClick=\"window.open('dumpdb.php', '_top')\""
@@ -295,7 +295,7 @@ function showadminmenu()
 						. "\t\t\t\t\t<img src='$imagefiles/blank.gif' alt='' width='40'  align='left'>\n"
 						. "\t\t\t\t\t<img src='$imagefiles/seperator.gif' alt='' align='left' border='0' hspace='0'>\n";
             }
-        if($_SESSION['USER_RIGHT_CREATE_TEMPLATE'])
+        if(isset($_SESSION['USER_RIGHT_CREATE_TEMPLATE']))
 			{
 	        $adminmenu .= "<a href=\"#\" " .
 	        			  "onClick=\"window.open('templates.php', '_top')\""
@@ -304,7 +304,7 @@ function showadminmenu()
 	                    "<img src='$imagefiles/templates.png' name='EditTemplates' title='' alt='". _("Template Editor")."' align='left'></a>\n"
 	                    . "\t\t\t\t</td>\n";
             }
-        if($_SESSION['loginID']) //ADDED by Moses to prevent errors by reading db while not logged in.
+        if(isset($_SESSION['loginID'])) //ADDED by Moses to prevent errors by reading db while not logged in.
 	        {
 	        $adminmenu .= "\t\t\t\t<td align='right' width='430'>\n"
 	                    . "<a href=\"#\" onClick=\"showhelp('show')\"" 
@@ -315,7 +315,7 @@ function showadminmenu()
 	                    . "\t\t\t\t\t<img src='$imagefiles/blank.gif' alt='' width='40' height='20' align='right' >\n"
 	                    . "\t\t\t\t\t<img src='$imagefiles/seperator.gif' alt='' align='right' border='0' hspace='0'>\n";
 
-			if($_SESSION['USER_RIGHT_CREATE_SURVEY'])
+			if(isset($_SESSION['USER_RIGHT_CREATE_SURVEY']))
 				{
 			$adminmenu .= "<a href=\"#\" onClick=\"window.open('$scriptname?action=newsurvey', '_top')\"" 
 						. "onmouseout=\"hideTooltip()\"" 
@@ -388,9 +388,7 @@ function getsurveylist()
 										. "a.email_invite_subj, a.email_invite, a.email_remind_subj, a.email_remind, "
 										. "a.email_register_subj, a.email_register, a.email_confirm_subj, a.email_confirm, "
 										. "a.allowsave, a.autoredirect, a.allowprev, a.datecreated FROM ".db_table_name('surveys')." AS a INNER JOIN ".db_table_name('surveys_rights')." AS b ON a.sid = b.sid "
-    								. "WHERE b.uid =".$_SESSION['loginID']." AND (edit_survey_property = 1 OR b.define_questions = 1 "
-    								. "OR b.browse_response = 1 OR b.export = 1 OR b.add_user = 1 OR delete_survey = 1 "
-    								. "OR b.activate_survey = 1) ORDER BY a.short_title";//CHANGED by Moses only with rights
+    								. "WHERE b.uid =".$_SESSION['loginID'];//CHANGED by Moses only with rights
     $surveyidresult = db_execute_num($surveyidquery);
     if (!$surveyidresult) {return "Database Error";}
     $surveyselecter = "";
@@ -2429,7 +2427,7 @@ function killSession()	//added by Dennis
 	}
 
 // set the rights of a user and his children
-function setrights($uid, $rights) 
+function setuserrights($uid, $rights) 
 	{
 	global $connect;
 
@@ -2477,8 +2475,24 @@ function setrights($uid, $rights)
 	}
 	return $connect->Execute($uquery);
 	}
+
+// set the rights for a survey
+function setsurveyrights($uid, $rights) 
+	{
+	global $connect, $surveyid;
+
+	$updates = "edit_survey_property=".$rights['edit_survey_property']
+	. ", define_questions=".$rights['define_questions']
+	. ", browse_response=".$rights['browse_response']
+	. ", export=".$rights['export']
+	. ", delete_survey=".$rights['delete_survey']	
+	. ", activate_survey=".$rights['activate_survey'];
+	$uquery = "UPDATE ".db_table_name('surveys_rights')." SET ".$updates." WHERE sid = {$surveyid} AND uid = ".$uid;
+
+	return $connect->Execute($uquery);
+	}
 
-	function createPassword()
+function createPassword()
 	{
 	$pwchars = "abcdefhjmnpqrstuvwxyz23456789";
 	$password_length = 8;
@@ -2489,6 +2503,28 @@ function createPassword()
 		$passwd .= $pwchars[floor(rand(0,strlen($pwchars)))];
 		}	
 	return $passwd;
-	}
+	}	
 
+function getsurveyuserlist()
+    {
+    global $surveyid, $dbprefix, $scriptname, $connect;
+
+	$surveyidquery = "SELECT a.uid, a.user FROM ".db_table_name('users')." AS a LEFT OUTER JOIN (SELECT uid AS id FROM ".db_table_name('surveys_rights')." WHERE sid = {$surveyid}) AS b ON a.uid = b.id WHERE ISNULL(id)";
+
+    $surveyidresult = db_execute_assoc($surveyidquery);
+    if (!$surveyidresult) {return "Database Error";}
+    $surveyselecter = "";
+    $surveynames = $surveyidresult->GetRows();
+    if ($surveynames)
+        {
+        foreach($surveynames as $sv)
+            {
+			$surveyselecter .= "\t\t\t<option";
+            $surveyselecter .=" value='{$sv['uid']}'>{$sv['user']}</option>\n";
+            }
+        }
+    if (!isset($svexist)) {$surveyselecter = "\t\t\t<option selected>"._("Please Choose...")."</option>\n".$surveyselecter;}
+    else {$surveyselecter = "\t\t\t<option value='-1'>"._("None")."</option>\n".$surveyselecter;}
+    return $surveyselecter;
+    }
 ?>