include/html/privileges.inc.php

   1 <?php
   2 /************************************************************************/
   3 /* ATutor                                                                                                                               */
   4 /************************************************************************/
   5 /* Copyright (c) 2002-2008 by Greg Gay, Joel Kronenberg & Heidi Hazelton*/
   6 /* Adaptive Technology Resource Centre / University of Toronto                  */
   7 /* http://atutor.ca                                                                                                             */
   8 /*                                                                                                                                              */
   9 /* This program is free software. You can redistribute it and/or                */
  10 /* modify it under the terms of the GNU General Public License                  */
  11 /* as published by the Free Software Foundation.                                                */
  12 /************************************************************************/
  13 // $Id: enroll_edit.php 6662 2006-11-20 15:52:49Z joel $
  14 if (!defined('AT_INCLUDE_PATH')) { exit; }
  15
  16 $num_cols = 2;
  17
  18 //if user wants to cancel action
  19 if (isset($_POST['cancel'])) {
  20         $msg->addFeedback('CANCELLED');
  21         header('Location: index.php?course_id='.$course_id);
  22         exit;
  23 } else if (isset($_POST['submit'])) {
  24
  25         //update privileges
  26         $mid   = $_POST['dmid'];
  27         $privs = $_POST['privs'];
  28         $role  = $_POST['role'];
  29
  30         //loop through selected users to perform update
  31         $i=0;
  32         while ($mid[$i]) {
  33                 change_privs(intval($mid[$i]), $privs[$i]);
  34                 $i++;
  35         }
  36
  37         $msg->addFeedback('PRIVS_CHANGED');
  38         header('Location: index.php?tab=1'.SEP.'course_id='.$course_id);
  39         exit;
  40 }
  41
  42 require(AT_INCLUDE_PATH.'header.inc.php');
  43
  44 ?>
  45
  46 <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
  47 <input type="hidden" name="course_id" value="<?php echo $course_id; ?>"/>
  48 <div class="input-form">
  49 <?php
  50         //Store id's into a hidden element for use by functions
  51         $j = 0;
  52         while ($_GET['mid'.$j]) {
  53                 echo '<input type="hidden" name="dmid[]" value="'.$_GET['mid'.$j].'" />';
  54                 $j++;
  55         }
  56
  57         //loop through all the students
  58 for ($k = 0; $k < $j; $k++) {
  59         $mem_id = intval($_GET['mid'.$k]);
  60
  61         //NO!!! extra check to ensure that user doesnt send in instructor for change privs
  62         $sql = "SELECT CE.privileges, M.login FROM ".TABLE_PREFIX."course_enrollment CE INNER JOIN ".TABLE_PREFIX."members M USING (member_id) WHERE M.member_id=$mem_id AND CE.course_id=$course_id AND CE.approved='y'";
  63
  64         $result = mysql_query($sql, $db);
  65         $student_row = mysql_fetch_assoc($result);
  66 ?>
  67         <div class="row">
  68                 <h3><?php echo $student_row['login']; ?></h3>
  69         </div>
  70
  71         <div class="row">
  72                 <?php echo _AT('privileges'); ?><br />
  73                         <table width="100%" border="0" cellspacing="5" cellpadding="0" summary="">
  74                         <tr>
  75                         <?php
  76                         $count =0;
  77                         $student_row['privileges'] = intval($student_row['privileges']);
  78                         $module_list = $moduleFactory->getModules(AT_MODULE_STATUS_ENABLED, 0, TRUE);
  79                         $keys = array_keys($module_list);
  80                         foreach ($keys as $module_name) {
  81                                 $module =& $module_list[$module_name];
  82                                 if (!($module->getPrivilege() > 1)) {
  83                                         continue;
  84                                 }
  85                                 $count++;
  86                                 echo '<td><label><input type="checkbox" name="privs['.$k.'][]" value="'.$module->getPrivilege().'" ';
  87
  88                                 if (query_bit($student_row['privileges'], $module->getPrivilege())) {
  89                                         echo 'checked="checked"';
  90                                 }
  91
  92                                 echo ' />'.$module->getName().'</label></td>';
  93
  94                                 if (!($count % $num_cols)) {
  95                                         echo '</tr><tr>';
  96                                 }
  97                         }
  98                         if ($count % $num_cols) {
  99                                 echo '<td colspan="'.($num_cols-($count % $num_cols)).'">&nbsp;</td>';
 100                         } else {
 101                                 echo '<td colspan="'.$num_cols.'">&nbsp;</td>';
 102                         }
 103                         ?>
 104                         </tr>
 105                         </table>
 106                 </div>
 107 <?php
 108         }//end for
 109 ?>
 110         <div class="row buttons">
 111                 <input type="submit" name="submit" value="<?php echo _AT('save');  ?>" accesskey="s" />
 112                 <input type="submit" name="cancel" value="<?php echo _AT('cancel');  ?>" />
 113         </div>
 114 </div>
 115 </form>
 116
 117 <?php
 118
 119 /**
 120 * Updates the Role & Priviliges of users
 121 * @access  private
 122 * @param   int $member                  The member_id of the user whose values are to be updated
 123 * @param   int $privs                   value of the privileges of the user
 124 * @author  Joel Kronenberg
 125 */
 126 function change_privs ($member, $privs) {
 127         global $db, $course_id;
 128
 129         //calculate privileges
 130         $privilege = 0;
 131         if (!(empty($privs))) {
 132                 foreach ($privs as $priv) {
 133                         $privilege += intval($priv);
 134                 }
 135         }
 136
 137         /*
 138         * if we're making a student a GROUP TA then we have to remove them
 139         * from all the groups they may belong to.
 140         */
 141         if (query_bit($privilege, AT_PRIV_GROUPS)) {
 142                 $group_list = implode(',', $_SESSION['groups']);
 143                 if ($group_list) {
 144                         $sql = "DELETE FROM ".TABLE_PREFIX."groups_members WHERE group_id IN ($group_list) AND member_id=$member";
 145                         $result = mysql_query($sql,$db);
 146                 }
 147         }
 148
 149         $sql = "UPDATE ".TABLE_PREFIX."course_enrollment SET `privileges`=$privilege WHERE member_id=$member AND course_id=$course_id AND `approved`='y'";
 150         $result = mysql_query($sql,$db);
 151
 152
 153         //print error or confirm change
 154         if (!$result) {
 155                 $msg->printErrors('DB_NOT_UPDATED');
 156                 exit;
 157         }
 158 }
 159
 160 require(AT_INCLUDE_PATH.'footer.inc.php'); ?>