IMPORTANT - Please read

[irc/unrealircd/unrealircd-webpanel.git] / settings / user-role-edit.php

diff --git a/settings/user-role-edit.php b/settings/user-role-edit.php
index e32281b300d932e91ae7277febf83ff0e533bb32..88e009208327f64b85e20b7f6c174e6dadba5b71 100644 (file)
--- a/settings/user-role-edit.php
+++ b/settings/user-role-edit.php
@@ -2,7 +2,7 @@
 
 require_once "../inc/common.php";
 require_once "../inc/header.php";
-
+do_log($_POST);
 if (!current_user_can(PERMISSION_MANAGE_USERS))
 {
     echo "<h4>Access denied</h4>";
@@ -38,19 +38,19 @@ if (isset($_POST['add_role_name']) && $role_name = $_POST['add_role_name'])
             $permissions = $list[$dup];
             $msg .= ", a duplicate of \"$dup\"";
         }
-        $settings = DbSettings::get();
         $clean_perms = [];
             foreach($permissions as $k => $v)
                 $clean_perms[] = $v;
 
-        $settings['user_roles'][$role_name] = $clean_perms;
-        DbSettings::set('user_roles', $settings['user_roles']);
+        $config['user_roles'][$role_name] = $clean_perms;
+        write_config('user_roles');
         $success[] = $msg;
         $list = get_panel_user_roles_list(); // refresh
         
     }
 }
 
+
 elseif (isset($_POST['del_role_name']) && $role_name = $_POST['del_role_name'])
 {
     $found = 0;
@@ -64,15 +64,38 @@ elseif (isset($_POST['del_role_name']) && $role_name = $_POST['del_role_name'])
     }
     if ($found) // so far so good
     {
-        $settings = DbSettings::get();
-        unset($settings['user_roles'][$role_name]);
-        DbSettings::set('user_roles', $settings['user_roles']);
+        unset($config['user_roles'][$role_name]);
+        write_config('user_roles');
         $success[] = "Successfully deleted role \"$role_name\"";
         $list = get_panel_user_roles_list(); // refresh
     }
     else
         $errors[] = "Could not delete role \"$role_name\": Role does not exist.";
 }
+
+elseif (isset($_POST['update_role']) && $role_name = $_POST['update_role'])
+{
+    $found = 0;
+    foreach ($list as $name => $u) // don't add it if it already exists
+    {
+        if (!strcmp(to_slug($name),to_slug($role_name)))
+        {
+            $found = 1;
+            break;
+        }
+    }
+    if (!$found) // so far so good
+    {
+        $errors[] = "Could not update role \"$role_name\": Role does not exist.";
+    }
+    else
+    {
+        $config['user_roles'][$role_name] = $_POST['permissions'];
+        write_config('user_roles');
+        $success[] = "Successfully updated role \"$role_name\"";
+        $list = get_panel_user_roles_list(); // refresh
+    }
+}
 ?>
 
 
@@ -154,7 +177,7 @@ elseif (isset($_POST['del_role_name']) && $role_name = $_POST['del_role_name'])
     });
 
     add_role_name.addEventListener('input', e => {
-        if (!add_role_name.value.length)
+        if (!add_role_name.value.trim().length) // disallow names consisting of just spaces... it doesn't break anything, but it's stupid
             role_submit.disabled = true;
         else
             role_submit.disabled = false;