X-Git-Url: https://jfr.im/git/irc/unrealircd/unrealircd-webpanel.git/blobdiff_plain/4b48b46f55bb6a03a29d0d0db04b3076c1eaae8f..579020f8c67f7bdfd9d530a25b701af6ee53c412:/settings/user-role-edit.php

diff --git a/settings/user-role-edit.php b/settings/user-role-edit.php
index 0f39a25..88e0092 100644
--- a/settings/user-role-edit.php
+++ b/settings/user-role-edit.php
@@ -1,19 +1,150 @@
 <?php
 
-require_once "../common.php";
-require_once "../header.php";
+require_once "../inc/common.php";
+require_once "../inc/header.php";
 do_log($_POST);
-
+if (!current_user_can(PERMISSION_MANAGE_USERS))
+{
+    echo "<h4>Access denied</h4>";
+    die();
+}
 $permissions = get_panel_user_permission_list();
 $list = get_panel_user_roles_list();
+
+/**
+ * Add a new role
+ */
+$errors = [];
+$success = [];
+
+
+
+if (isset($_POST['add_role_name']) && $role_name = $_POST['add_role_name'])
+{
+    foreach ($list as $name => $u) // don't add it if it already exists
+    {
+        if (!strcmp(to_slug($name),to_slug($role_name)))
+        {
+            $errors[] = "Cannot create role \"$role_name\": A role with that name already exists.";
+            break;
+        }
+    }
+    if (empty($errors)) // so far so good
+    {
+        $msg = "Added user role \"$role_name\"";
+        $permissions = [];
+        if (isset($_POST['use_dup_role']) && $dup = $_POST['dup_role']) // if they're duplicating a role
+        {
+            $permissions = $list[$dup];
+            $msg .= ", a duplicate of \"$dup\"";
+        }
+        $clean_perms = [];
+            foreach($permissions as $k => $v)
+                $clean_perms[] = $v;
+
+        $config['user_roles'][$role_name] = $clean_perms;
+        write_config('user_roles');
+        $success[] = $msg;
+        $list = get_panel_user_roles_list(); // refresh
+        
+    }
+}
+
+
+elseif (isset($_POST['del_role_name']) && $role_name = $_POST['del_role_name'])
+{
+    $found = 0;
+    foreach ($list as $name => $u) // don't add it if it already exists
+    {
+        if (!strcmp(to_slug($name),to_slug($role_name)))
+        {
+            $found = 1;
+            break;
+        }
+    }
+    if ($found) // so far so good
+    {
+        unset($config['user_roles'][$role_name]);
+        write_config('user_roles');
+        $success[] = "Successfully deleted role \"$role_name\"";
+        $list = get_panel_user_roles_list(); // refresh
+    }
+    else
+        $errors[] = "Could not delete role \"$role_name\": Role does not exist.";
+}
+
+elseif (isset($_POST['update_role']) && $role_name = $_POST['update_role'])
+{
+    $found = 0;
+    foreach ($list as $name => $u) // don't add it if it already exists
+    {
+        if (!strcmp(to_slug($name),to_slug($role_name)))
+        {
+            $found = 1;
+            break;
+        }
+    }
+    if (!$found) // so far so good
+    {
+        $errors[] = "Could not update role \"$role_name\": Role does not exist.";
+    }
+    else
+    {
+        $config['user_roles'][$role_name] = $_POST['permissions'];
+        write_config('user_roles');
+        $success[] = "Successfully updated role \"$role_name\"";
+        $list = get_panel_user_roles_list(); // refresh
+    }
+}
 ?>
 
-<h4>User Role Editor</h4>
 
-Here, you can easily edit user roles to ensure that your team has the appropriate access and permissions they need.<br>
-Some roles are built-in and cannot be deleted or modified.<br><br>
-Click a role name to view role permissions.<br><br>
+<div class="container-xxl row justify-content-between">
+
+<div class="col">
+    <h4>User Role Editor</h4>
+    <?php if (!empty($errors)) Message::Fail($errors); if (!empty($success)) Message::Success($success); ?>
+    Roles are user categories where each has it's own set of permissions.<br>
+    Here, you can easily add and edit User Roles to ensure that your team has the appropriate access and permissions they need.<br>
+    Once you've created a role, you can assign it to a user on your panel, and they will have the permissions assigned to their role.<br><br>
+    <div class="font-italic">Some roles are built-in and cannot be deleted or modified, specifically "<code>Super Admin</code>" and "<code>Read Only</code>"</div><br><br>
+    Click a role name to view role permissions.
+</div>
+<div class="col" id="addnew_collapse">
+<form method="post">
+    <div class="card card-body" style="max-width:550px">
+        <h5>Create New Role</h5>
+        <div class="font-italic mb-3">You must create a new role before you can add permissions to it.</div>
+        <div class="row input-group ml-0 mb-2">
+            <div class="input-group-prepend">
+                <span class="input-group-text" style="width:150px">New Role Name</span>
+            </div>
+            <input id="add_role_name" name="add_role_name" class="form-control" style="min-width:100px;max-width:450px" type="text">
+            
 
+        </div>
+        <div class="input-group">
+            <div class="input-group-prepend">
+                <div style="width:150px" class="input-group-text">
+                    <input id="use_dup_role" name="use_dup_role" type="checkbox" class="mr-2">Duplicate Role
+                </div>
+            </div>
+            <select name="dup_role" disabled class="custom-select" id="dup_role" style="min-width:100px;max-width:450px">
+                <option value="0" selected>None</option>
+                <?php
+                    foreach($list as $s => $l)
+                        echo "<option value=\"$s\">$s</option>";
+                ?>
+            </select>
+        </div>
+        <div class="mt-2 text-right">
+            <button type="submit" disabled id="role_submit" style="background-color:darkslateblue;color:white" class="btn btn-primary">Create Role</button>
+        </div>
+        
+</form>
+    </div>
+</div>
+</div>
 <style>
 
 #permlist #roles_accord .card .card-header .btn-header-link:after {
@@ -28,29 +159,33 @@ Click a role name to view role permissions.<br><br>
 }
 
 </style>
-<div class="row container">
-<p>
-  <button style="background-color:darkslateblue;color:white" class="btn mr-4" type="button" data-toggle="collapse" data-target="#addnew_collapse" aria-expanded="false" aria-controls="addnew_collapse">
-    Create new User Role
-  </button>
-</p>
-<div class="collapse" id="addnew_collapse">
-    <div class="card card-body" style="max-width:550px">
-        <div class="mb-3">Creating a new role:</div>
-        <div class="row input-group ml-0">
-            <div class="input-group-prepend">
-                <span class="input-group-text">Role name</span>
-            </div>
-            <input class="form-control" style="max-width:450px" type="text">
-            <div class="input-group-append">
-                <button style="background-color:darkslateblue;color:white" class="btn btn-primary">Create role</button>
-            </div>
-        </div>
-        <div class="mt-3 font-italic">Note: You must create a new role before you can add permissions to it.</div>
-    </div>
-</div></div>
+
+
+<script>
+    const add_role_name = document.getElementById("add_role_name");
+    const use_dup = document.getElementById("use_dup_role");
+    const dup_role = document.getElementById("dup_role");
+    const role_submit = document.getElementById("role_submit");
+
+    use_dup.addEventListener('click', e => {
+        if (use_dup.checked) {
+            dup_role.disabled = false;
+        } else {
+            dup_role.value = "0";
+            dup_role.disabled = true;
+        }
+    });
+
+    add_role_name.addEventListener('input', e => {
+        if (!add_role_name.value.trim().length) // disallow names consisting of just spaces... it doesn't break anything, but it's stupid
+            role_submit.disabled = true;
+        else
+            role_submit.disabled = false;
+    });
+</script>
 <?php
 
 generate_role_list($list);
 
-require_once "../footer.php";
\ No newline at end of file
+
+require_once "../inc/footer.php";
\ No newline at end of file