require_once "../common.php";
require_once "../header.php";
-do_log($_POST, $_GET, $_FILES);
$us = unreal_get_current_user();
$id = (isset($_GET['id'])) ? $_GET['id'] : $us->id;
$edit_user = new PanelUser(NULL, $id);
-$can_edit = (current_user_can(PERMISSION_MANAGE_USERS) || $edit_user->id == $us->id) ? "" : "disabled";
+$can_edit_profile = (user_can($us, PERMISSION_MANAGE_USERS) || $edit_user->id == $us->id) ? true : false;
+$caneditpermissions = (user_can($us, PERMISSION_MANAGE_USERS)) ? true : false;
+$can_edit = ($caneditpermissions) ? "" : "disabled";
+
+$permissions = (isset($_POST['permissions'])) ? $_POST['permissions'] : false;
+$edit_perms = (isset($edit_user->user_meta['permissions'])) ? unserialize($edit_user->user_meta['permissions']) : [];
+
+/* Check if they can edit their permissions and if the permissions have indeed been changed */
+if (is_array($permissions) && $caneditpermissions
+ && $permissions != $edit_perms)
+{
+ foreach ($permissions as $p)
+ if (!in_array($p, $edit_perms))
+ $edit_user->add_permission($p);
+
+ foreach($edit_perms as $p)
+ if (!in_array($p, $permissions))
+ $edit_user->delete_permission($p);
+}
+
?>
<h4>Edit User: "<?php echo $edit_user->username; ?>"</h4>
-<br><br>
+<br>
<form method="post" action="user-edit.php?id=<?php echo $edit_user->id; ?>" autocomplete="off" enctype="multipart/form-data">
-
+<?php if ($can_edit_profile) { ?>
+<a class="btn btn-<?php echo (user_can($us, PERMISSION_MANAGE_USERS)) ? "danger" : "info"; ?>" data-toggle="collapse" href="#collapseExample" role="button" aria-expanded="false" aria-controls="collapseExample">
+<?php echo (user_can($us, PERMISSION_MANAGE_USERS)) ? "Edit" : "View"; ?> Permissions
+</a>
+<div class="collapse" id="collapseExample">
+ <br>
+ <div class="card card-body">
+ <h6>Here are all the things <?php echo $edit_user->username; ?> can do</h6>
+ <?php generate_panel_user_permission_table($edit_user); ?>
+ </div>
+</div>
+<?php } ?>
+<br><br>
<div class="input-group mb-3">
<div class="input-group-prepend">
<span class="input-group-text" style="width: 100px;">@</span>
<div class="input-group mb-3">
<div class="input-group-prepend">
<span class="input-group-text" style="width: 100px;">Email</span>
- </div><input <?php echo $can_edit; ?> type="text" class="form-control" name="email" id="email" autocomplete="off">
+ </div><input <?php echo $can_edit; ?> type="text" class="form-control" name="email" id="email" autocomplete="off" value="<?php echo $edit_user->email; ?>">
</div>
<div class="input-group mb-3">
<div class="input-group-prepend">
- <span class="input-group-text" style="width: 100px;">Password</span>
+ <span class="input-group-text" style="width: 150px;">New Password</span>
+ </div><input <?php echo $can_edit; ?> type="password" class="form-control" name="password" id="password" autocomplete="off">
+</div><div class="input-group mb-3">
+ <div class="input-group-prepend">
+ <span class="input-group-text" style="width: 150px;">Confirm Password</span>
</div><input <?php echo $can_edit; ?> type="password" class="form-control" name="password" id="password" autocomplete="off">
- <div class="input-group-append">
- <br><button type="submit" name="update_pass" class="btn btn-primary">Update Password</button>
- </div>
</div>
<br>
-<button type="submit" name="update_user" class="btn btn-primary">Update User</button><br><p>
-<h6>Note: This button will not update your password.<br>
-Please use the 'Update Password' button on the Password field for this instead.</h6></p>
+<button type="submit" name="update_user" class="btn btn-primary">Save Changes</button><br>
</form>
\ No newline at end of file