Accueil Explorer Aide
Connexion
fusionpbx
/
fusionpbx-framework
miroir de https://github.com/fusionpbx/fusionpbx-framework.git
2
0
Fork 0
Fichiers Tickets 0 Wiki
Parcourir la source

Update group files prevent null errors.

markjcrane il y a 2 ans
Parent
76d0a5a9fa
commit
7227cfd639
7 fichiers modifiés avec 725 ajouts et 789 suppressions
Vue unifiée Afficher les stats Diff
  1. 1 0
      core/groups/app_defaults.php
  2. 31 29
      core/groups/group_edit.php
  3. 0 0
      core/groups/group_member_add.php
  4. 22 16
      core/groups/group_members.php
  5. 400 400
      core/groups/group_permissions.php
  6. 0 73
      core/groups/groupmemberdelete.php
  7. 271 271
      core/groups/groups.php

+ 1 - 0
core/groups/app_defaults.php
Voir le fichier 

@@ -116,6 +116,7 @@ if ($domains_processed == 1) {
 
 	//add or update the view
 
 	//add or update the view
 
 		$sql = "CREATE VIEW view_groups AS (";
 
 		$sql = "CREATE VIEW view_groups AS (";
 
 		$sql .= "	select domain_uuid, group_uuid, group_name, ";
 
 		$sql .= "	select domain_uuid, group_uuid, group_name, ";
 
+		$sql .= "	(select domain_name from v_domains where domain_uuid = g.domain_uuid) as domain_name, ";
 
 		$sql .= "	(select count(*) from v_group_permissions where group_uuid = g.group_uuid) as group_permissions, ";
 
 		$sql .= "	(select count(*) from v_group_permissions where group_uuid = g.group_uuid) as group_permissions, ";
 
 		$sql .= "	(select count(*) from v_user_groups where group_uuid = g.group_uuid) as group_members, ";
 
 		$sql .= "	(select count(*) from v_user_groups where group_uuid = g.group_uuid) as group_members, ";
 
 		$sql .= "	group_level, group_protected, group_description ";
 
 		$sql .= "	group_level, group_protected, group_description ";

+ 31 - 29
core/groups/group_edit.php
Voir le fichier 

@@ -46,31 +46,36 @@
 
 	$text = $language->get();
 
 	$text = $language->get();
 
 
 
 //action add or update
 
 //action add or update
 
-	if (is_uuid($_REQUEST["id"])) {
 
+	if (!empty($_REQUEST["id"]) && is_uuid($_REQUEST["id"])) {
 
 		$action = "update";
 
 		$action = "update";
 
 		$group_uuid = $_REQUEST["id"];
 
 		$group_uuid = $_REQUEST["id"];
 
-		$id = $_REQUEST["id"];
 
 	}
 
 	}
 
 	else {
 
 	else {
 
 		$action = "add";
 
 		$action = "add";
 
+		$group_uuid = '';
 
 	}
 
 	}
 
 
 
+//set default values
 
+	$group_name = '';
 
+	$group_level = '10';
 
+	$group_description = '';
 
+
 
 //get http post variables and set them to php variables
 
 //get http post variables and set them to php variables
 
-	if (is_array($_POST)) {
 
-		$group_uuid = $_POST["group_uuid"];
 
-		$group_name = $_POST["group_name"];
 
+	if (!empty($_POST)) {
 
+		$group_uuid = $_POST["group_uuid"] ?? '';
 
+		$group_name = $_POST["group_name"] ?? '';
 
 		$group_name_previous = $_POST["group_name_previous"];
 
 		$group_name_previous = $_POST["group_name_previous"];
 
 		$domain_uuid = $_POST["domain_uuid"];
 
 		$domain_uuid = $_POST["domain_uuid"];
 
-		$group_level = $_POST["group_level"];
 
-		$group_protected = $_POST["group_protected"];
 
-		$group_description = $_POST["group_description"];
 
+		$group_level = $_POST["group_level"] ?? '10';
 
+		$group_protected = $_POST["group_protected"] ?? '';
 
+		$group_description = $_POST["group_description"] ?? '';
 
 	}
 
 	}
 
 
 
 //process the user data and save it to the database
 
 //process the user data and save it to the database
 
-	if (count($_POST) > 0 && empty($_POST["persistformvar"])) {
 
+	if (!empty($_POST) && empty($_POST["persistformvar"])) {
 
 
 
 		//process the http post data by submitted action
 
 		//process the http post data by submitted action
 
-			if ($_POST['action'] != '' && is_uuid($group_uuid)) {
 
+			if (!empty($_POST['action']) && is_uuid($group_uuid)) {
 
 				$array[0]['checked'] = 'true';
 
 				$array[0]['checked'] = 'true';
 
 				$array[0]['uuid'] = $group_uuid;
 
 				$array[0]['uuid'] = $group_uuid;
 
 
 
@@ -122,7 +127,7 @@
 
 			}
 
 			}
 
 
 
 		//add the group_uuid
 
 		//add the group_uuid
 
-			if (!is_uuid($_POST["group_uuid"])) {
 
+			if (empty($_POST["group_uuid"])) {
 
 				$group_uuid = uuid();
 
 				$group_uuid = uuid();
 
 			}
 
 			}
 
 
 
@@ -170,8 +175,7 @@
 
 	}
 
 	}
 
 
 
 //pre-populate the form
 
 //pre-populate the form
 
-	if (is_array($_GET) && $_POST["persistformvar"] != "true") {
 
-		$group_uuid = $_GET["id"];
 
+	if (!empty($group_uuid) && empty($_POST["persistformvar"])) {
 
 		$sql = "select * from v_groups ";
 
 		$sql = "select * from v_groups ";
 
 		$sql .= "where group_uuid = :group_uuid ";
 
 		$sql .= "where group_uuid = :group_uuid ";
 
 		//$sql .= "and domain_uuid = :domain_uuid ";
 
 		//$sql .= "and domain_uuid = :domain_uuid ";
 
@@ -179,11 +183,11 @@
 
 		$parameters['group_uuid'] = $group_uuid;
 
 		$parameters['group_uuid'] = $group_uuid;
 
 		$database = new database;
 
 		$database = new database;
 
 		$row = $database->select($sql, $parameters, 'row');
 
 		$row = $database->select($sql, $parameters, 'row');
 
-		if (is_array($row) && @sizeof($row) != 0) {
 
+		if (!empty($row)) {
 
 			$group_name = $row["group_name"];
 
 			$group_name = $row["group_name"];
 
 			$domain_uuid = $row["domain_uuid"];
 
 			$domain_uuid = $row["domain_uuid"];
 
-			$group_permissions = $row["group_permissions"];
 
-			$group_members = $row["group_members"];
 
+			$group_permissions = $row["group_permissions"] ?? '';
 
+			$group_members = $row["group_members"] ?? '';
 
 			$group_level = $row["group_level"];
 
 			$group_level = $row["group_level"];
 
 			$group_protected = $row["group_protected"];
 
 			$group_protected = $row["group_protected"];
 
 			$group_description = $row["group_description"];
 
 			$group_description = $row["group_description"];
 
@@ -206,23 +210,21 @@
 
 	echo "	<div class='heading'><b>".$text['title-group']."</b></div>\n";
 
 	echo "	<div class='heading'><b>".$text['title-group']."</b></div>\n";
 
 	echo "	<div class='actions'>\n";
 
 	echo "	<div class='actions'>\n";
 
 	echo button::create(['type'=>'button','label'=>$text['button-back'],'icon'=>$_SESSION['theme']['button_icon_back'],'id'=>'btn_back','link'=>'groups.php']);
 
 	echo button::create(['type'=>'button','label'=>$text['button-back'],'icon'=>$_SESSION['theme']['button_icon_back'],'id'=>'btn_back','link'=>'groups.php']);
 
-	$button_margin = 'margin-left: 15px;';
 
 	if (permission_exists('group_permission_view')) {
 
 	if (permission_exists('group_permission_view')) {
 
-		echo button::create(['type'=>'button','label'=>$text['button-permissions'],'icon'=>'key','style'=>$button_margin,'link'=>'group_permissions.php?group_uuid='.urlencode($group_uuid)]);
 
-		unset($button_margin);
 
+		$button_margin = 'margin-left: 15px;';
 
+		echo button::create(['type'=>'button','label'=>$text['button-permissions'],'icon'=>'key','style'=>$button_margin,'link'=>'group_permissions.php?group_uuid='.urlencode($group_uuid ?? '')]);
 
 	}
 
 	}
 
 	if (permission_exists('group_member_view')) {
 
 	if (permission_exists('group_member_view')) {
 
-		echo button::create(['type'=>'button','label'=>$text['button-members'],'icon'=>'users','style'=>$button_margin,'link'=>'group_members.php?group_uuid='.urlencode($group_uuid)]);
 
-		unset($button_margin);
 
+		$button_margin = 'margin-left: 0px;';
 
+		echo button::create(['type'=>'button','label'=>$text['button-members'],'icon'=>'users','style'=>$button_margin,'link'=>'group_members.php?group_uuid='.urlencode($group_uuid ?? '')]);
 
 	}
 
 	}
 
-	$button_margin = 'margin-left: 15px;';
 
 	if ($action == 'update' && permission_exists('group_add')) {
 
 	if ($action == 'update' && permission_exists('group_add')) {
 
+		$button_margin = 'margin-left: 15px;';
 
 		echo button::create(['type'=>'button','label'=>$text['button-copy'],'icon'=>$_SESSION['theme']['button_icon_copy'],'name'=>'btn_copy','style'=>$button_margin,'onclick'=>"modal_open('modal-copy','btn_copy');"]);
 
 		echo button::create(['type'=>'button','label'=>$text['button-copy'],'icon'=>$_SESSION['theme']['button_icon_copy'],'name'=>'btn_copy','style'=>$button_margin,'onclick'=>"modal_open('modal-copy','btn_copy');"]);
 
-		unset($button_margin);
 
 	}
 
 	}
 
 	if ($action == 'update' && permission_exists('group_delete')) {
 
 	if ($action == 'update' && permission_exists('group_delete')) {
 
+		$button_margin = 'margin-left: 0px;';
 
 		echo button::create(['type'=>'button','label'=>$text['button-delete'],'icon'=>$_SESSION['theme']['button_icon_delete'],'name'=>'btn_delete','style'=>$button_margin,'onclick'=>"modal_open('modal-delete','btn_delete');"]);
 
 		echo button::create(['type'=>'button','label'=>$text['button-delete'],'icon'=>$_SESSION['theme']['button_icon_delete'],'name'=>'btn_delete','style'=>$button_margin,'onclick'=>"modal_open('modal-delete','btn_delete');"]);
 
-		unset($button_margin);
 
 	}
 
 	}
 
 	echo button::create(['type'=>'submit','label'=>$text['button-save'],'icon'=>$_SESSION['theme']['button_icon_save'],'id'=>'btn_save','style'=>'margin-left: 15px;']);
 
 	echo button::create(['type'=>'submit','label'=>$text['button-save'],'icon'=>$_SESSION['theme']['button_icon_save'],'id'=>'btn_save','style'=>'margin-left: 15px;']);
 
 	echo "	</div>\n";
 
 	echo "	</div>\n";
 
@@ -249,7 +251,7 @@
 
 	echo "	<input class='formfld' type='text' name='group_name' maxlength='255' value='".escape($group_name)."'>\n";
 
 	echo "	<input class='formfld' type='text' name='group_name' maxlength='255' value='".escape($group_name)."'>\n";
 
 	echo "	<input type='hidden' name='group_name_previous' value='".escape($group_name)."'>\n";
 
 	echo "	<input type='hidden' name='group_name_previous' value='".escape($group_name)."'>\n";
 
 	echo "<br />\n";
 
 	echo "<br />\n";
 
-	echo $text['description-group_name']."\n";
 
+	//echo $text['description-group_name']."\n";
 
 	echo "</td>\n";
 
 	echo "</td>\n";
 
 	echo "</tr>\n";
 
 	echo "</tr>\n";
 
 
 
@@ -275,7 +277,7 @@
 
 	}
 
 	}
 
 	echo "	</select>\n";
 
 	echo "	</select>\n";
 
 	echo "<br />\n";
 
 	echo "<br />\n";
 
-	echo $text['description-domain_uuid']."\n";
 
+	//echo $text['description-domain_uuid']."\n";
 
 	echo "</td>\n";
 
 	echo "</td>\n";
 
 	echo "</tr>\n";
 
 	echo "</tr>\n";
 
 
 
@@ -292,7 +294,7 @@
 
 		}
 
 		}
 
 		echo "	</select>\n";
 
 		echo "	</select>\n";
 
 	echo "<br />\n";
 
 	echo "<br />\n";
 
-	echo $text['description-group_level']."\n";
 
+	//echo $text['description-group_level']."\n";
 
 	echo "</td>\n";
 
 	echo "</td>\n";
 
 	echo "</tr>\n";
 
 	echo "</tr>\n";
 
 
 
@@ -306,7 +308,7 @@
 
 	echo "		<option value='true' ".($group_protected == "true" ? "selected='selected'" : null).">".$text['label-true']."</option>\n";
 
 	echo "		<option value='true' ".($group_protected == "true" ? "selected='selected'" : null).">".$text['label-true']."</option>\n";
 
 	echo "	</select>\n";
 
 	echo "	</select>\n";
 
 	echo "<br />\n";
 
 	echo "<br />\n";
 
-	echo $text['description-group_protected']."\n";
 
+	//echo $text['description-group_protected']."\n";
 
 	echo "</td>\n";
 
 	echo "</td>\n";
 
 	echo "</tr>\n";
 
 	echo "</tr>\n";
 
 
 
@@ -317,7 +319,7 @@
 
 	echo "<td class='vtable' style='position: relative;' align='left'>\n";
 
 	echo "<td class='vtable' style='position: relative;' align='left'>\n";
 
 	echo "	<input class='formfld' type='text' name='group_description' maxlength='255' value='".escape($group_description)."'>\n";
 
 	echo "	<input class='formfld' type='text' name='group_description' maxlength='255' value='".escape($group_description)."'>\n";
 
 	echo "<br />\n";
 
 	echo "<br />\n";
 
-	echo $text['description-group_description']."\n";
 
+	//echo $text['description-group_description']."\n";
 
 	echo "</td>\n";
 
 	echo "</td>\n";
 
 	echo "</tr>\n";
 
 	echo "</tr>\n";

+ 0 - 0
core/groups/groupmemberadd.php → core/groups/group_member_add.php
Voir le fichier


+ 22 - 16
core/groups/group_members.php
Voir le fichier 

@@ -51,15 +51,18 @@
 
 	$language = new text;
 
 	$language = new text;
 
 	$text = $language->get();
 
 	$text = $language->get();
 
 
 
-//get the http post data
 
-	if (is_array($_POST['group_members'])) {
 
-		$action = $_POST['action'];
 
-		$group_uuid = $_POST['group_uuid'];
 
-		$group_members = $_POST['group_members'];
 
-	}
 
+//get the http data
 
+	$action = $_REQUEST['action'] ?? '';
 
+	$group_uuid = $_REQUEST['group_uuid'] ?? '';
 
+	$group_members = $_REQUEST['group_members'] ?? '';
 
+
 
+//set default values
 
+	$group_name = '';
 
+	$domain_uuid = '';
 
+	$list_row_url = '';
 
 
 
 //process the http post data by action
 
 //process the http post data by action
 
-	if ($action != '' && is_array($group_members) && @sizeof($group_members) != 0) {
 
+	if (!empty($action) && !empty($group_members)) {
 
 		switch ($action) {
 
 		switch ($action) {
 
 			case 'delete':
 
 			case 'delete':
 
 				if (permission_exists('group_member_delete') && is_uuid($group_uuid)) {
 
 				if (permission_exists('group_member_delete') && is_uuid($group_uuid)) {
 
@@ -75,7 +78,6 @@
 
 	}
 
 	}
 
 
 
 //get the group uuid, lookup domain uuid (if any) and name
 
 //get the group uuid, lookup domain uuid (if any) and name
 
-	$group_uuid = $_REQUEST['group_uuid'];
 
 	$sql = "select domain_uuid, group_name from v_groups ";
 
 	$sql = "select domain_uuid, group_name from v_groups ";
 
 	$sql .= "where group_uuid = :group_uuid ";
 
 	$sql .= "where group_uuid = :group_uuid ";
 
 	$parameters['group_uuid'] = $group_uuid;
 
 	$parameters['group_uuid'] = $group_uuid;
 
@@ -120,12 +122,16 @@
 
 	unset($sql, $parameters);
 
 	unset($sql, $parameters);
 
 
 
 //add group_member to the users array
 
 //add group_member to the users array
 
-	foreach ($users as &$field) {
 
-		$field['group_member'] = 'false';
 
-		foreach($user_groups as $row) {
 
-			if ($row['user_uuid'] == $field['user_uuid']) {
 
-				$field['group_member'] = 'true';
 
-				break;
 
+	if (!empty($users)) {
 
+		foreach ($users as &$field) {
 
+			$field['group_member'] = 'false';
 
+			if (!empty($user_groups)) {
 
+				foreach($user_groups as $row) {
 
+					if ($row['user_uuid'] == $field['user_uuid']) {
 
+						$field['group_member'] = 'true';
 
+						break;
 
+					}
 
+				}
 
 			}
 
 			}
 
 		}
 
 		}
 
 	}
 
 	}
 
@@ -148,7 +154,7 @@
 
 	}
 
 	}
 
 
 
 	if (permission_exists('group_member_add')) {
 
 	if (permission_exists('group_member_add')) {
 
-		echo 	"<form class='inline' method='post' action='groupmemberadd.php'>\n";
 
+		echo 	"<form class='inline' method='post' action='group_member_add.php'>\n";
 
 		echo "	<select name='user_uuid' class='formfld'>\n";
 
 		echo "	<select name='user_uuid' class='formfld'>\n";
 
 		echo "		<option value=''>".$text['label-select']."...</option>\n";
 
 		echo "		<option value=''>".$text['label-select']."...</option>\n";
 
 		foreach ($users as $row) {
 
 		foreach ($users as $row) {
 
@@ -183,7 +189,7 @@
 
 	echo "<tr class='list-header'>\n";
 
 	echo "<tr class='list-header'>\n";
 
 	if (permission_exists('group_member_delete')) {
 
 	if (permission_exists('group_member_delete')) {
 
 		echo "	<th class='checkbox'>\n";
 
 		echo "	<th class='checkbox'>\n";
 
-		echo "		<input type='checkbox' id='checkbox_all' name='checkbox_all' onclick='list_all_toggle();' ".($user_groups ?: "style='visibility: hidden;'").">\n";
 
+		echo "		<input type='checkbox' id='checkbox_all' name='checkbox_all' onclick='list_all_toggle();' ".(!empty($user_groups) ?: "style='visibility: hidden;'").">\n";
 
 		echo "	</th>\n";
 
 		echo "	</th>\n";
 
 	}
 
 	}
 
 	if (permission_exists('user_all')) {
 
 	if (permission_exists('user_all')) {

+ 400 - 400
core/groups/group_permissions.php
Voir le fichier 

@@ -1,400 +1,400 @@
 
-<?php

-/*

-	FusionPBX

-	Version: MPL 1.1

-

-	The contents of this file are subject to the Mozilla Public License Version

-	1.1 (the "License"); you may not use this file except in compliance with

-	the License. You may obtain a copy of the License at

-	http://www.mozilla.org/MPL/

-

-	Software distributed under the License is distributed on an "AS IS" basis,

-	WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License

-	for the specific language governing rights and limitations under the

-	License.

-

-	The Original Code is FusionPBX

-

-	The Initial Developer of the Original Code is

-	Mark J Crane <[email protected]>

-	Portions created by the Initial Developer are Copyright (C) 2018-2020

-	the Initial Developer. All Rights Reserved.

-

-	Contributor(s):

-	Mark J Crane <[email protected]>

-*/

-

-//set the include path

-	$conf = glob("{/usr/local/etc,/etc}/fusionpbx/config.conf", GLOB_BRACE);

-	set_include_path(parse_ini_file($conf[0])['document.root']);

-

-//includes files

-	require_once "resources/require.php";

-	require_once "resources/check_auth.php";

-

-//check permissions

-	if (permission_exists('group_permission_view')) {

-		//access granted

-	}

-	else {

-		echo "access denied";

-		exit;

-	}

-

-//action add or update

-	if (is_uuid($_REQUEST["group_uuid"])) {

-		$group_uuid = $_REQUEST["group_uuid"];

-	}

-

-//get the group_name

-	if (is_uuid($group_uuid)) {

-		$sql = "select group_name from v_groups ";

-		$sql .= "where group_uuid = :group_uuid ";

-		$parameters['group_uuid'] = $group_uuid;

-		$database = new database;

-		$group_name = $database->select($sql, $parameters, 'column');

-		unset($sql, $parameters);

-	}

-

-//add multi-lingual support

-	$language = new text;

-	$text = $language->get();

-

-//process permission reload

-	if ($_GET['action'] == 'reload' && is_uuid($_GET['group_uuid'])) {

-		if (is_array($_SESSION["groups"]) && @sizeof($_SESSION["groups"]) != 0) {

-			//clear current permissions

-				unset($_SESSION['permissions'], $_SESSION['user']['permissions']);

-			//get the permissions assigned to the groups that the current user is a member of, set the permissions in session variables

-				$x = 0;

-				$sql = "select distinct(permission_name) from v_group_permissions ";

-				$sql .= "where (domain_uuid = :domain_uuid or domain_uuid is null) ";

-				$sql .= "and permission_assigned = 'true' ";

-				foreach ($_SESSION["groups"] as $field) {

-					if (!empty($field['group_name'])) {

-						$sql_where_or[] = "group_name = :group_name_".$x;

-						$parameters['group_name_'.$x] = $field['group_name'];

-						$x++;

-					}

-				}

-				if (is_array($sql_where_or) && @sizeof($sql_where_or) != 0) {

-					$sql .= "and (".implode(' or ', $sql_where_or).") ";

-				}

-				$parameters['domain_uuid'] = $_SESSION["domain_uuid"];

-				$database = new database;

-				$result = $database->select($sql, $parameters, 'all');

-				if (is_array($result) && @sizeof($result) != 0) {

-					foreach ($result as $row) {

-						$_SESSION['permissions'][$row["permission_name"]] = true;

-						$_SESSION["user"]["permissions"][$row["permission_name"]] = true;

-					}

-				}

-				unset($sql, $parameters, $result, $row);

-			//set message and redirect

-				message::add($text['message-permissions_reloaded'],'positive');

-				header('Location: group_permissions.php?group_uuid='.urlencode($_GET['group_uuid']));

-				exit;

-		}

-	}

-

-//get the view preference

-	$view = $_REQUEST['view'];

-

-//get the http post data

-	if (is_array($_POST['group_permissions'])) {

-		$action = $_POST['action'];

-		$search = $_POST['search'];

-		$group_permissions = $_POST['group_permissions'];

-	}

-

-//add the search string

-	if (isset($_REQUEST["search"])) {

-		$search =  strtolower($_REQUEST["search"]);

-		$sql_search = " (";

-		$sql_search .= "	lower(p.permission_name) like :search \n";

-		$sql_search .= ") ";

-		$parameters['search'] = '%'.$search.'%';

-	}

-

-//get the list

-	$sql = "select "; 

-	$sql .= "	distinct p.permission_name, \n";

-	$sql .= "	p.application_name, \n";

-	$sql .= "	g.permission_protected, \n"; 

-	$sql .= "	g.group_permission_uuid, \n"; 

-	$sql .= "	g.permission_assigned \n";

-	$sql .= "from v_permissions as p \n"; 

-	$sql .= "left join \n"; 

-	$sql .= "	v_group_permissions as g \n"; 

-	$sql .= "	on p.permission_name = g.permission_name \n"; 

-	$sql .= "	and group_name = :group_name \n"; 

-	$sql .= " 	and g.group_uuid = :group_uuid \n";

-	if (isset($sql_search)) {

-		$sql .= "where ".$sql_search;

-	}

-	$sql .= "	order by p.application_name, p.permission_name asc "; 

-	$parameters['group_name'] = $group_name;

-	$parameters['group_uuid'] = $group_uuid;

-	$database = new database;

-	$group_permissions = $database->select($sql, $parameters, 'all');

-

-//process the user data and save it to the database

-	if (count($_POST) > 0 && empty($_POST["persistformvar"])) {

-			$x = 0;

-			if (is_array($_POST['group_permissions'])) {

-				foreach($_POST['group_permissions'] as $row) {

-					//reset values

-						$action = "";

-						$save_permission = false;

-						$delete_permission = false;

-						$save_protected = false;

-						$delete_protected = false;

-						$persist = false;

-

-					//get the action save or delete

-						foreach($group_permissions as $field) {

-							if ($field['permission_name'] === $row['permission_name']) {

-								if ($field['permission_assigned'] == 'true') {

-									if ($row['checked'] == "true") {

-										$persist = true;

-									}

-									else {

-										$delete_permission = true;

-									}

-								}

-								else {

-									

-									if ($row['checked'] == "true") {

-										$save_permission = true;

-									}

-									else {

-										//do nothing

-									}

-								}

-

-								if ($field['permission_protected'] == 'true') {

-									if ($row['permission_protected'] == "true") {

-										$persist = true;

-									}

-									else {

-										$delete_protected = true;

-									}

-								}

-								else {

-									if ($row['permission_protected'] == "true") {

-										$save_protected = true;

-									}

-									else {

-										//do nothing

-									}

-								}

-

-								if ($save_permission || $save_protected) {

-									$action = "save";

-								}

-								elseif ($delete_permission || $delete_protected){

-									if ($persist) {

-										$action = "save";

-									}

-									else {

-										$action = "delete";

-									}

-								}

-								else {

-									$action = "";

-								}

-								$group_permission_uuid = $field['group_permission_uuid'];

-								break;

-							}

-						}

-					

-					//build the array;

-						if ($action == "save") {

-							if (empty($group_permission_uuid)) {

-								$group_permission_uuid = uuid();

-							}

-							if (isset($row['permission_name']) && !empty($row['permission_name'])) {

-								$array['save']['group_permissions'][$x]['group_permission_uuid'] = $group_permission_uuid;

-								$array['save']['group_permissions'][$x]['permission_name'] = $row['permission_name'];

-								$array['save']['group_permissions'][$x]['permission_protected'] = $row['permission_protected'] == 'true' ? "true" : 'false';

-								$array['save']['group_permissions'][$x]['permission_assigned'] = $row['checked'] != "true" ? "false" : "true";

-								$array['save']['group_permissions'][$x]['group_uuid'] = $group_uuid;

-								$array['save']['group_permissions'][$x]['group_name'] = $group_name;

-								$x++;

-							}

-						}

-

-						if ($action == "delete") {

-							if (isset($row['permission_name']) && !empty($row['permission_name'])) {

-								$array['delete']['group_permissions'][$x]['permission_name'] = $row['permission_name'];

-								$array['delete']['group_permissions'][$x]['group_uuid'] = $group_uuid;

-								$array['delete']['group_permissions'][$x]['group_name'] = $group_name;

-							}

-							$x++;

-						}

-				}

-			}

-			

-		//validate the token

-			$token = new token;

-			if (!$token->validate($_SERVER['PHP_SELF'])) {

-				message::add($text['message-invalid_token'],'negative');

-				header('Location: group_permissions.php?group_uuid='.urlencode($group_uuid).($view ? '&view='.urlencode($view) : null).($search ? '&search='.urlencode($search) : null));

-				exit;

-			}

-

-		//save the save array

-			if (is_array($array['save']) && @sizeof($array['save']) != 0) {

-				$database = new database;

-				$database->app_name = 'groups';

-				$database->app_uuid = '2caf27b0-540a-43d5-bb9b-c9871a1e4f84';

-				$database->save($array['save']);

-				$message = $database->message;

-			}

-

-		//delete the delete array

-			if (is_array($array['delete']) && @sizeof($array['delete']) != 0) {

-				if (permission_exists('group_permission_delete')) {

-					$database = new database;

-					$database->app_name = 'groups';

-					$database->app_uuid = '2caf27b0-540a-43d5-bb9b-c9871a1e4f84';

-					$database->delete($array['delete']);

-				}

-			}

-

-		//set the message

-			message::add($text['message-update']);

-

-		//redirect

-			header('Location: group_permissions.php?group_uuid='.urlencode($group_uuid));

-			exit;

-	}

-

-//create token

-	$object = new token;

-	$token = $object->create($_SERVER['PHP_SELF']);

-

-//include the header

-	$document['title'] = $text['title-group_permissions'];

-	require_once "resources/header.php";

-

-//show the content

-	echo "<div class='action_bar' id='action_bar'>\n";

-	echo "	<div class='heading'><b>".$text['title-group_permissions']." (".escape($group_name).")</b></div>\n";

-	echo "	<div class='actions'>\n";

-	echo button::create(['type'=>'button','label'=>$text['button-back'],'icon'=>$_SESSION['theme']['button_icon_back'],'id'=>'btn_back','style'=>'margin-right: 15px;','collapse'=>'hide-sm-dn','link'=>'groups.php']);

-	echo button::create(['type'=>'button','label'=>$text['button-reload'],'icon'=>$_SESSION['theme']['button_icon_reload'],'link'=>'?group_uuid='.urlencode($group_uuid).'&action=reload']);

-	if (permission_exists('group_member_view')) {

-		echo button::create(['type'=>'button','label'=>$text['button-members'],'icon'=>'users','link'=>'group_members.php?group_uuid='.urlencode($group_uuid)]);

-	}

-	echo 		"<form id='form_search' class='inline' method='get'>\n";

-	echo 		"<input type='hidden' name='group_uuid' value='".escape($group_uuid)."'>\n";

-	echo 		"<select class='txt' style='margin-left: 15px; margin-right: 0;' id='view' name='view' onchange=\"document.getElementById('form_search').submit();\">\n";

-	echo 		"	<option value=''>".$text['label-all']."</option>\n";

-	echo 		"	<option value='assigned' ".($view == 'assigned' ? "selected='selected'" : null).">".$text['label-assigned']."</option>\n";

-	echo 		"	<option value='unassigned' ".($view == 'unassigned' ? "selected='selected'" : null).">".$text['label-unassigned']."</option>\n";

-	echo 		"	<option value='protected' ".($view == 'protected' ? "selected='selected'" : null).">".$text['label-group_protected']."</option>\n";

-	echo 		"</select>\n";

-	echo 		"<input type='text' class='txt list-search' style='margin-left: 0;' name='search' id='search' value=\"".escape($search)."\" placeholder=\"".$text['label-search']."\" onkeydown='list_search_reset();'>";

-	echo button::create(['label'=>$text['button-search'],'icon'=>$_SESSION['theme']['button_icon_search'],'type'=>'submit','id'=>'btn_search','collapse'=>'hide-sm-dn','style'=>($search != '' ? 'display: none;' : null)]);

-	echo button::create(['label'=>$text['button-reset'],'icon'=>$_SESSION['theme']['button_icon_reset'],'type'=>'button','id'=>'btn_reset','collapse'=>'hide-sm-dn','link'=>'group_permissions.php?group_uuid='.urlencode($group_uuid),'style'=>($search == '' ? 'display: none;' : null)]);

-	if (permission_exists('group_permission_edit')) {

-		echo button::create(['type'=>'button','label'=>$text['button-save'],'icon'=>$_SESSION['theme']['button_icon_save'],'id'=>'btn_save','collapse'=>'hide-sm-dn','style'=>'margin-left: 15px;','onclick'=>"document.getElementById('form_list').submit();"]);

-	}

-	echo "		</form>\n";

-	echo "	</div>\n";

-	echo "	<div style='clear: both;'></div>\n";

-	echo "</div>\n";

-

-	echo $text['description-group_permissions']."\n";

-	echo "<br /><br />\n";

-

-	echo "<form id='form_list' method='post'>\n";

-	echo "<input type='hidden' name='".$token['name']."' value='".$token['hash']."'>\n";

-	echo "<input type='hidden' name='group_uuid' value='".escape($group_uuid)."'>\n";

-	echo "<input type='hidden' name='view' value=\"".escape($view)."\">\n";

-	echo "<input type='hidden' name='search' value=\"".escape($search)."\">\n";

-	echo "<table class='list' style='margin-bottom: 25px;'>\n";

-	if (is_array($group_permissions) && @sizeof($group_permissions) != 0) {

-		$x = 0;

-		foreach ($group_permissions as $row) {

-			$checked = ($row['permission_assigned'] === 'true') ? " checked=\"checked\"" : $checked = '';

-			$protected = ($row['permission_protected'] === 'true') ? " checked=\"checked\"" : '';

-			$application_name = strtolower(str_replace([' ','-'], '_', $row['application_name']));

-			$application_name_label = ucwords(str_replace(['_','-'], " ", $row['application_name']));

-

-			//application heading

-			if ($previous_application_name !== $row['application_name']) {

-				echo "		<tr class='heading_".$application_name."'>";

-				echo "			<td align='left' colspan='999'>&nbsp;</td>\n";

-				echo "		</tr>";

-				echo "		<tr class='heading_".$application_name."'>";

-				echo "			<td align='left' colspan='999' nowrap='nowrap'><b>".escape($application_name_label)."</b></td>\n";

-				echo "		</tr>";

-				echo "		<tr class='list-header heading_".$application_name."'>\n";

-				if (permission_exists('group_permission_add') || permission_exists('group_permission_edit') || permission_exists('group_permission_delete')) {

-					echo "		<th class='checkbox'>\n";

-					echo "			<input type='checkbox' id='checkbox_all_".$application_name."' name='checkbox_all' onclick=\"list_all_toggle('".$application_name."');\">\n";

-					echo "		</th>\n";

-				}

-				echo th_order_by('group_name', $text['label-group_name'], $order_by, $order);

-				if (permission_exists('group_permission_add') || permission_exists('group_permission_edit') || permission_exists('group_permission_delete')) {

-					echo th_order_by('group_permission_protected', $text['label-group_protected'], $order_by, $order, null, "style='text-align: right;'");

-					echo "		<th class='checkbox'>\n";

-					echo "			<input type='checkbox' id='checkbox_all_".$application_name."_protected' name='checkbox_protected_all' onclick=\"list_all_toggle('".$application_name."_protected');\">\n";

-					echo "		</th>\n";

-				}

-				echo "		</tr>\n";

-				$displayed_permissions[$application_name] = 0;

-			}

-

-			//application permission

-			if (!$view || ($view == 'assigned' && $checked) || ($view == 'unassigned' && !$checked) || ($view == 'protected' && $protected)) {

-				echo "<tr class='list-row'>\n";

-				if (permission_exists('group_permission_add') || permission_exists('group_permission_edit') || permission_exists('group_permission_delete')) {

-					echo "	<td class='checkbox'>\n";

-					echo "		<input type='checkbox' name='group_permissions[$x][checked]' id='checkbox_".$x."' class='checkbox_".$application_name."' value='true' ".$checked." onclick=\"if (!this.checked) { document.getElementById('checkbox_all_".$application_name."').checked = false; }\">\n";

-					echo "		<input type='hidden' name='group_permissions[$x][permission_uuid]' value='".escape($row['permission_uuid'])."' />\n";

-					echo "		<input type='hidden' name='group_permissions[$x][permission_name]' value='".escape($row['permission_name'])."' />\n";

-					echo "	</td>\n";

-				}

-				echo "	<td class='no-wrap' onclick=\"if (document.getElementById('checkbox_".$x."').checked) { document.getElementById('checkbox_".$x."').checked = false; document.getElementById('checkbox_all_".$application_name."').checked = false; } else { document.getElementById('checkbox_".$x."').checked = true; }\">";

-				echo "		".escape($row['permission_name']);

-				echo "	</td>\n";

-				if (permission_exists('group_permission_add') || permission_exists('group_permission_edit') || permission_exists('group_permission_delete')) {

-					echo "	<td>&nbsp;</td>\n";

-					echo "	<td class='checkbox'>\n";

-					echo "		<input type='checkbox' name='group_permissions[$x][permission_protected]' id='checkbox_protected_".$x."' class='checkbox_".$application_name."_protected' value='true' ".$protected." onclick=\"if (!this.checked) { document.getElementById('checkbox_all_".$application_name."_protected').checked = false; }\">\n";

-					echo "	</td>\n";

-				}

-				echo "</tr>\n";

-				$displayed_permissions[$application_name]++;

-			}

-

-			//set the previous application name

-			$previous_application_name = $row['application_name'];

-			$x++;

-

-		}

-		unset($group_permissions);

-

-		//hide application heading if no permissions displayed

-		if (is_array($displayed_permissions) && @sizeof($displayed_permissions) != 0) {

-			echo "<script>\n";

-			foreach ($displayed_permissions as $application_name => $permission_count) {

-				if (!$permission_count) {

-					echo "$('.heading_".$application_name."').hide();\n";

-				}

-			}

-			echo "</script>\n";

-		}

-

-	}

-

-	echo "</table>\n";

-	echo "</form>\n";

-

-//include the footer

-	require_once "resources/footer.php";

-

-?>

+<?php
 
+/*
 
+	FusionPBX
 
+	Version: MPL 1.1
 
+
 
+	The contents of this file are subject to the Mozilla Public License Version
 
+	1.1 (the "License"); you may not use this file except in compliance with
 
+	the License. You may obtain a copy of the License at
 
+	http://www.mozilla.org/MPL/
 
+
 
+	Software distributed under the License is distributed on an "AS IS" basis,
 
+	WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
 
+	for the specific language governing rights and limitations under the
 
+	License.
 
+
 
+	The Original Code is FusionPBX
 
+
 
+	The Initial Developer of the Original Code is
 
+	Mark J Crane <[email protected]>
 
+	Portions created by the Initial Developer are Copyright (C) 2018-2023
 
+	the Initial Developer. All Rights Reserved.
 
+
 
+	Contributor(s):
 
+	Mark J Crane <[email protected]>
 
+*/
 
+
 
+//set the include path
 
+	$conf = glob("{/usr/local/etc,/etc}/fusionpbx/config.conf", GLOB_BRACE);
 
+	set_include_path(parse_ini_file($conf[0])['document.root']);
 
+
 
+//includes files
 
+	require_once "resources/require.php";
 
+	require_once "resources/check_auth.php";
 
+
 
+//check permissions
 
+	if (permission_exists('group_permission_view')) {
 
+		//access granted
 
+	}
 
+	else {
 
+		echo "access denied";
 
+		exit;
 
+	}
 
+
 
+//get the group_uuid
 
+	if (!empty($_REQUEST["group_uuid"])) {
 
+		$group_uuid = $_GET['group_uuid'];
 
+	}
 
+
 
+//get the group_name
 
+	if (isset($group_uuid) && is_uuid($group_uuid)) {
 
+		$sql = "select group_name from v_groups ";
 
+		$sql .= "where group_uuid = :group_uuid ";
 
+		$parameters['group_uuid'] = $group_uuid;
 
+		$database = new database;
 
+		$group_name = $database->select($sql, $parameters, 'column');
 
+		unset($sql, $parameters);
 
+	}
 
+
 
+//add multi-lingual support
 
+	$language = new text;
 
+	$text = $language->get();
 
+
 
+//process permission reload
 
+	if (!empty($_GET['action']) && $_GET['action'] == 'reload' && !empty($group_uuid)) {
 
+		if (is_array($_SESSION["groups"]) && @sizeof($_SESSION["groups"]) != 0) {
 
+			//clear current permissions
 
+				unset($_SESSION['permissions'], $_SESSION['user']['permissions']);
 
+
 
+			//get the permissions assigned to the groups that the current user is a member of, set the permissions in session variables
 
+				$x = 0;
 
+				$sql = "select distinct(permission_name) from v_group_permissions ";
 
+				$sql .= "where (domain_uuid = :domain_uuid or domain_uuid is null) ";
 
+				$sql .= "and permission_assigned = 'true' ";
 
+				foreach ($_SESSION["groups"] as $field) {
 
+					if (!empty($field['group_name'])) {
 
+						$sql_where_or[] = "group_name = :group_name_".$x;
 
+						$parameters['group_name_'.$x] = $field['group_name'];
 
+						$x++;
 
+					}
 
+				}
 
+				if (is_array($sql_where_or) && @sizeof($sql_where_or) != 0) {
 
+					$sql .= "and (".implode(' or ', $sql_where_or).") ";
 
+				}
 
+				$parameters['domain_uuid'] = $_SESSION["domain_uuid"];
 
+				$database = new database;
 
+				$result = $database->select($sql, $parameters, 'all');
 
+				if (is_array($result) && @sizeof($result) != 0) {
 
+					foreach ($result as $row) {
 
+						$_SESSION['permissions'][$row["permission_name"]] = true;
 
+						$_SESSION["user"]["permissions"][$row["permission_name"]] = true;
 
+					}
 
+				}
 
+				unset($sql, $parameters, $result, $row);
 
+
 
+			//set message and redirect
 
+				message::add($text['message-permissions_reloaded'],'positive');
 
+				header('Location: group_permissions.php?group_uuid='.urlencode($_GET['group_uuid']));
 
+				exit;
 
+		}
 
+	}
 
+
 
+//get the http post data
 
+	$view = $_REQUEST['view'] ?? '';
 
+	$action = $_POST['action'] ?? '';
 
+	$search = $_POST['search'] ?? '';
 
+	$group_permissions = $_POST['group_permissions'] ?? '';
 
+
 
+//get the list
 
+	$sql = "select "; 
+	$sql .= "	distinct p.permission_name, \n";
 
+	$sql .= "	p.application_name, \n";
 
+	$sql .= "	g.permission_protected, \n"; 
+	$sql .= "	g.group_permission_uuid, \n"; 
+	$sql .= "	g.permission_assigned \n";
 
+	$sql .= "from v_permissions as p \n"; 
+	$sql .= "left join \n"; 
+	$sql .= "	v_group_permissions as g \n"; 
+	$sql .= "	on p.permission_name = g.permission_name \n"; 
+	$sql .= "	and group_name = :group_name \n"; 
+	$sql .= " 	and g.group_uuid = :group_uuid \n";
 
+	$sql .= "where true \n";
 
+	if (!empty($search)) {
 
+		$sql .= "and (";
 
+		$sql .= "	lower(p.permission_name) like :search \n";
 
+		$sql .= ") ";
 
+		$parameters['search'] = '%'.$search.'%';
 
+	}
 
+	$sql .= "	order by p.application_name, p.permission_name asc "; 
+	$parameters['group_name'] = $group_name;
 
+	$parameters['group_uuid'] = $group_uuid;
 
+	$database = new database;
 
+	$group_permissions = $database->select($sql, $parameters, 'all');
 
+
 
+//process the user data and save it to the database
 
+	if (!empty($_POST) > 0 && empty($_POST["persistformvar"])) {
 
+			$x = 0;
 
+			if (is_array($_POST['group_permissions'])) {
 
+				foreach($_POST['group_permissions'] as $row) {
 
+					//reset values
 
+						$action = "";
 
+						$save_permission = false;
 
+						$delete_permission = false;
 
+						$save_protected = false;
 
+						$delete_protected = false;
 
+						$persist = false;
 
+
 
+					//set row defaults
 
+						$row['checked'] = $row['checked'] ?? '';
 
+						$row['permission_assigned'] = $row['permission_assigned'] ?? '';
 
+						$row['permission_protected'] = $row['permission_protected'] ?? '';
 
+
 
+					//get the action save or delete
 
+						foreach($group_permissions as $field) {
 
+							if ($field['permission_name'] === $row['permission_name']) {
 
+								$row['checked'] = $row['checked'] ?? '';
 
+								$row['permission_assigned'] = $row['permission_assigned'] ?? '';
 
+								if ($field['permission_assigned'] == 'true') {
 
+									if ($row['checked'] == "true") {
 
+										$persist = true;
 
+									}
 
+									else {
 
+										$delete_permission = true;
 
+									}
 
+								}
 
+								else {
 
+									if ($row['checked'] == "true") {
 
+										$save_permission = true;
 
+									}
 
+									else {
 
+										//do nothing
 
+									}
 
+								}
 
+
 
+								if ($field['permission_protected'] == 'true') {
 
+									if ($row['permission_protected'] == "true") {
 
+										$persist = true;
 
+									}
 
+									else {
 
+										$delete_protected = true;
 
+									}
 
+								}
 
+								else {
 
+									if ($row['permission_protected'] == "true") {
 
+										$save_protected = true;
 
+									}
 
+									else {
 
+										//do nothing
 
+									}
 
+								}
 
+
 
+								if ($save_permission || $save_protected) {
 
+									$action = "save";
 
+								}
 
+								elseif ($delete_permission || $delete_protected){
 
+									if ($persist) {
 
+										$action = "save";
 
+									}
 
+									else {
 
+										$action = "delete";
 
+									}
 
+								}
 
+								else {
 
+									$action = "";
 
+								}
 
+								$group_permission_uuid = $field['group_permission_uuid'];
 
+								break;
 
+							}
 
+						}
 
+
 
+					//build the array;
 
+						if ($action == "save") {
 
+							if (empty($group_permission_uuid)) {
 
+								$group_permission_uuid = uuid();
 
+							}
 
+							if (isset($row['permission_name']) && !empty($row['permission_name'])) {
 
+								$array['save']['group_permissions'][$x]['group_permission_uuid'] = $group_permission_uuid;
 
+								$array['save']['group_permissions'][$x]['permission_name'] = $row['permission_name'];
 
+								$array['save']['group_permissions'][$x]['permission_protected'] = $row['permission_protected'] == 'true' ? "true" : 'false';
 
+								$array['save']['group_permissions'][$x]['permission_assigned'] = $row['checked'] != "true" ? "false" : "true";
 
+								$array['save']['group_permissions'][$x]['group_uuid'] = $group_uuid;
 
+								$array['save']['group_permissions'][$x]['group_name'] = $group_name;
 
+								$x++;
 
+							}
 
+						}
 
+
 
+						if ($action == "delete") {
 
+							if (isset($row['permission_name']) && !empty($row['permission_name'])) {
 
+								$array['delete']['group_permissions'][$x]['permission_name'] = $row['permission_name'];
 
+								$array['delete']['group_permissions'][$x]['group_uuid'] = $group_uuid;
 
+								$array['delete']['group_permissions'][$x]['group_name'] = $group_name;
 
+							}
 
+							$x++;
 
+						}
 
+				}
 
+			}
 
+
 
+		//validate the token
 
+			$token = new token;
 
+			if (!$token->validate($_SERVER['PHP_SELF'])) {
 
+				message::add($text['message-invalid_token'],'negative');
 
+				header('Location: group_permissions.php?group_uuid='.urlencode($group_uuid).($view ? '&view='.urlencode($view) : null).($search ? '&search='.urlencode($search) : null));
 
+				exit;
 
+			}
 
+
 
+		//save the save array
 
+			if (is_array($array['save']) && @sizeof($array['save']) != 0) {
 
+				$database = new database;
 
+				$database->app_name = 'groups';
 
+				$database->app_uuid = '2caf27b0-540a-43d5-bb9b-c9871a1e4f84';
 
+				$database->save($array['save']);
 
+				$message = $database->message;
 
+			}
 
+
 
+		//delete the delete array
 
+			if (is_array($array['delete']) && @sizeof($array['delete']) != 0) {
 
+				if (permission_exists('group_permission_delete')) {
 
+					$database = new database;
 
+					$database->app_name = 'groups';
 
+					$database->app_uuid = '2caf27b0-540a-43d5-bb9b-c9871a1e4f84';
 
+					$database->delete($array['delete']);
 
+				}
 
+			}
 
+
 
+		//set the message
 
+			message::add($text['message-update']);
 
+
 
+		//redirect
 
+			header('Location: group_permissions.php?group_uuid='.urlencode($group_uuid));
 
+			exit;
 
+	}
 
+
 
+//create token
 
+	$object = new token;
 
+	$token = $object->create($_SERVER['PHP_SELF']);
 
+
 
+//include the header
 
+	$document['title'] = $text['title-group_permissions'];
 
+	require_once "resources/header.php";
 
+
 
+//show the content
 
+	echo "<div class='action_bar' id='action_bar'>\n";
 
+	echo "	<div class='heading'><b>".$text['title-group_permissions']." (".escape($group_name).")</b></div>\n";
 
+	echo "	<div class='actions'>\n";
 
+	echo button::create(['type'=>'button','label'=>$text['button-back'],'icon'=>$_SESSION['theme']['button_icon_back'],'id'=>'btn_back','style'=>'margin-right: 15px;','collapse'=>'hide-sm-dn','link'=>'groups.php']);
 
+	echo button::create(['type'=>'button','label'=>$text['button-reload'],'icon'=>$_SESSION['theme']['button_icon_reload'],'link'=>'?group_uuid='.urlencode($group_uuid).'&action=reload']);
 
+	if (permission_exists('group_member_view')) {
 
+		echo button::create(['type'=>'button','label'=>$text['button-members'],'icon'=>'users','link'=>'group_members.php?group_uuid='.urlencode($group_uuid)]);
 
+	}
 
+	echo 		"<form id='form_search' class='inline' method='get'>\n";
 
+	echo 		"<input type='hidden' name='group_uuid' value='".escape($group_uuid)."'>\n";
 
+	echo 		"<select class='txt' style='margin-left: 15px; margin-right: 0;' id='view' name='view' onchange=\"document.getElementById('form_search').submit();\">\n";
 
+	echo 		"	<option value=''>".$text['label-all']."</option>\n";
 
+	echo 		"	<option value='assigned' ".($view == 'assigned' ? "selected='selected'" : null).">".$text['label-assigned']."</option>\n";
 
+	echo 		"	<option value='unassigned' ".($view == 'unassigned' ? "selected='selected'" : null).">".$text['label-unassigned']."</option>\n";
 
+	echo 		"	<option value='protected' ".($view == 'protected' ? "selected='selected'" : null).">".$text['label-group_protected']."</option>\n";
 
+	echo 		"</select>\n";
 
+	echo 		"<input type='text' class='txt list-search' style='margin-left: 0;' name='search' id='search' value=\"".escape($search)."\" placeholder=\"".$text['label-search']."\" onkeydown='list_search_reset();'>";
 
+	echo button::create(['label'=>$text['button-search'],'icon'=>$_SESSION['theme']['button_icon_search'],'type'=>'submit','id'=>'btn_search','collapse'=>'hide-sm-dn','style'=>($search != '' ? 'display: none;' : null)]);
 
+	echo button::create(['label'=>$text['button-reset'],'icon'=>$_SESSION['theme']['button_icon_reset'],'type'=>'button','id'=>'btn_reset','collapse'=>'hide-sm-dn','link'=>'group_permissions.php?group_uuid='.urlencode($group_uuid),'style'=>($search == '' ? 'display: none;' : null)]);
 
+	if (permission_exists('group_permission_edit')) {
 
+		echo button::create(['type'=>'button','label'=>$text['button-save'],'icon'=>$_SESSION['theme']['button_icon_save'],'id'=>'btn_save','collapse'=>'hide-sm-dn','style'=>'margin-left: 15px;','onclick'=>"document.getElementById('form_list').submit();"]);
 
+	}
 
+	echo "		</form>\n";
 
+	echo "	</div>\n";
 
+	echo "	<div style='clear: both;'></div>\n";
 
+	echo "</div>\n";
 
+
 
+	echo $text['description-group_permissions']."\n";
 
+	echo "<br /><br />\n";
 
+
 
+	echo "<form id='form_list' method='post'>\n";
 
+	echo "<input type='hidden' name='".$token['name']."' value='".$token['hash']."'>\n";
 
+	echo "<input type='hidden' name='group_uuid' value='".escape($group_uuid)."'>\n";
 
+	echo "<input type='hidden' name='view' value=\"".escape($view)."\">\n";
 
+	echo "<input type='hidden' name='search' value=\"".escape($search)."\">\n";
 
+	echo "<table class='list' style='margin-bottom: 25px;'>\n";
 
+	if (is_array($group_permissions) && @sizeof($group_permissions) != 0) {
 
+		$x = 0;
 
+		foreach ($group_permissions as $row) {
 
+			$previous_application_name = $previous_application_name ?? '';
 
+			$checked = ($row['permission_assigned'] === 'true') ? " checked=\"checked\"" : $checked = '';
 
+			$protected = ($row['permission_protected'] === 'true') ? " checked=\"checked\"" : '';
 
+			$application_name = strtolower(str_replace([' ','-'], '_', $row['application_name']));
 
+			$application_name_label = ucwords(str_replace(['_','-'], " ", $row['application_name']));
 
+
 
+			//application heading
 
+			if ($previous_application_name !== $row['application_name']) {
 
+				echo "		<tr class='heading_".$application_name."'>";
 
+				echo "			<td align='left' colspan='999'>&nbsp;</td>\n";
 
+				echo "		</tr>";
 
+				echo "		<tr class='heading_".$application_name."'>";
 
+				echo "			<td align='left' colspan='999' nowrap='nowrap'><b>".escape($application_name_label)."</b></td>\n";
 
+				echo "		</tr>";
 
+				echo "		<tr class='list-header heading_".$application_name."'>\n";
 
+				if (permission_exists('group_permission_add') || permission_exists('group_permission_edit') || permission_exists('group_permission_delete')) {
 
+					echo "		<th class='checkbox'>\n";
 
+					echo "			<input type='checkbox' id='checkbox_all_".$application_name."' name='checkbox_all' onclick=\"list_all_toggle('".$application_name."');\">\n";
 
+					echo "		</th>\n";
 
+				}
 
+				echo "			<th>".$text['label-group_name']."</th>\n";
 
+				if (permission_exists('group_permission_add') || permission_exists('group_permission_edit') || permission_exists('group_permission_delete')) {
 
+					echo "		<th>".$text['label-group_protected']."</th>\n";
 
+					echo "		<th class='checkbox'>\n";
 
+					echo "			<input type='checkbox' id='checkbox_all_".$application_name."_protected' name='checkbox_protected_all' onclick=\"list_all_toggle('".$application_name."_protected');\">\n";
 
+					echo "		</th>\n";
 
+				}
 
+				echo "		</tr>\n";
 
+				$displayed_permissions[$application_name] = 0;
 
+			}
 
+
 
+			//application permission
 
+			if (!$view || ($view == 'assigned' && $checked) || ($view == 'unassigned' && !$checked) || ($view == 'protected' && $protected)) {
 
+				echo "<tr class='list-row'>\n";
 
+				if (permission_exists('group_permission_add') || permission_exists('group_permission_edit') || permission_exists('group_permission_delete')) {
 
+					echo "	<td class='checkbox'>\n";
 
+					echo "		<input type='checkbox' name='group_permissions[$x][checked]' id='checkbox_".$x."' class='checkbox_".$application_name."' value='true' ".$checked." onclick=\"if (!this.checked) { document.getElementById('checkbox_all_".$application_name."').checked = false; }\">\n";
 
+					//echo "		<input type='hidden' name='group_permissions[$x][permission_uuid]' value='".escape($row['permission_uuid'])."' />\n";
 
+					echo "		<input type='hidden' name='group_permissions[$x][permission_name]' value='".escape($row['permission_name'])."' />\n";
 
+					echo "	</td>\n";
 
+				}
 
+				echo "	<td class='no-wrap' onclick=\"if (document.getElementById('checkbox_".$x."').checked) { document.getElementById('checkbox_".$x."').checked = false; document.getElementById('checkbox_all_".$application_name."').checked = false; } else { document.getElementById('checkbox_".$x."').checked = true; }\">";
 
+				echo "		".escape($row['permission_name']);
 
+				echo "	</td>\n";
 
+				if (permission_exists('group_permission_add') || permission_exists('group_permission_edit') || permission_exists('group_permission_delete')) {
 
+					echo "	<td>&nbsp;</td>\n";
 
+					echo "	<td class='checkbox'>\n";
 
+					echo "		<input type='checkbox' name='group_permissions[$x][permission_protected]' id='checkbox_protected_".$x."' class='checkbox_".$application_name."_protected' value='true' ".$protected." onclick=\"if (!this.checked) { document.getElementById('checkbox_all_".$application_name."_protected').checked = false; }\">\n";
 
+					echo "	</td>\n";
 
+				}
 
+				echo "</tr>\n";
 
+				$displayed_permissions[$application_name]++;
 
+			}
 
+
 
+			//set the previous application name
 
+			$previous_application_name = $row['application_name'];
 
+			$x++;
 
+
 
+		}
 
+		unset($group_permissions);
 
+
 
+		//hide application heading if no permissions displayed
 
+		if (is_array($displayed_permissions) && @sizeof($displayed_permissions) != 0) {
 
+			echo "<script>\n";
 
+			foreach ($displayed_permissions as $application_name => $permission_count) {
 
+				if (!$permission_count) {
 
+					echo "$('.heading_".$application_name."').hide();\n";
 
+				}
 
+			}
 
+			echo "</script>\n";
 
+		}
 
+
 
+	}
 
+
 
+	echo "</table>\n";
 
+	echo "</form>\n";
 
+
 
+//include the footer
 
+	require_once "resources/footer.php";
 
+
 
+?>

+ 0 - 73
core/groups/groupmemberdelete.php
Voir le fichier 

@@ -1,73 +0,0 @@
 
-<?php
 
-/*
 
-	FusionPBX
 
-	Version: MPL 1.1
 
-
 
-	The contents of this file are subject to the Mozilla Public License Version
 
-	1.1 (the "License"); you may not use this file except in compliance with
 
-	the License. You may obtain a copy of the License at
 
-	http://www.mozilla.org/MPL/
 
-
 
-	Software distributed under the License is distributed on an "AS IS" basis,
 
-	WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
 
-	for the specific language governing rights and limitations under the
 
-	License.
 
-
 
-	The Original Code is FusionPBX
 
-
 
-	The Initial Developer of the Original Code is
 
-	Mark J Crane <[email protected]>
 
-	Portions created by the Initial Developer are Copyright (C) 2008-2012
 
-	the Initial Developer. All Rights Reserved.
 
-
 
-	Contributor(s):
 
-	Mark J Crane <[email protected]>
 
-*/
 
-
 
-//set the include path
 
-	$conf = glob("{/usr/local/etc,/etc}/fusionpbx/config.conf", GLOB_BRACE);
 
-	set_include_path(parse_ini_file($conf[0])['document.root']);
 
-
 
-//includes files
 
-	require_once "resources/require.php";
 
-	require_once "resources/check_auth.php";
 
-
 
-//check permissions
 
-	if (permission_exists('group_member_delete') || if_group("superadmin")) {
 
-		//access allowed
 
-	}
 
-	else {
 
-		echo "access denied";
 
-		return;
 
-	}
 
-
 
-//requires a superadmin to delete superadmin group
 
-	if (!if_group("superadmin") && $_GET["group_name"] == "superadmin") {
 
-		echo "access denied";
 
-		return;
 
-	}
 
-
 
-//get the http values and set them as variables
 
-	$group_name = $_GET["group_name"];
 
-	$user_uuid = $_GET["user_uuid"];
 
-	$group_uuid = $_GET["group_uuid"];
 
-
 
-//delete the group membership
 
-	$p = new permissions;
 
-	$p->add('user_group_delete', 'temp');
 
-
 
-	$array['user_groups'][0]['user_uuid'] = $user_uuid;
 
-	$array['user_groups'][0]['group_uuid'] = $group_uuid;
 
-	$database = new database;
 
-	$database->app_name = 'groups';
 
-	$database->app_uuid = '2caf27b0-540a-43d5-bb9b-c9871a1e4f84';
 
-	$database->delete($array);
 
-	unset($array);
 
-
 
-	$p->delete('user_group_delete', 'temp');
 
-
 
-//redirect the user
 
-	message::add($text['message-delete']);
 
-	header("Location: group_members.php?group_uuid=".$group_uuid."&group_name=".$group_name);
 
-
 
-?>

+ 271 - 271
core/groups/groups.php
Voir le fichier 

@@ -1,271 +1,271 @@
 
-<?php

-/*

-	FusionPBX

-	Version: MPL 1.1

-

-	The contents of this file are subject to the Mozilla Public License Version

-	1.1 (the "License"); you may not use this file except in compliance with

-	the License. You may obtain a copy of the License at

-	http://www.mozilla.org/MPL/

-

-	Software distributed under the License is distributed on an "AS IS" basis,

-	WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License

-	for the specific language governing rights and limitations under the

-	License.

-

-	The Original Code is FusionPBX

-

-	The Initial Developer of the Original Code is

-	Mark J Crane <[email protected]>

-	Portions created by the Initial Developer are Copyright (C) 2018-2020

-	the Initial Developer. All Rights Reserved.

-

-	Contributor(s):

-	Mark J Crane <[email protected]>

-*/

-

-//set the include path

-	$conf = glob("{/usr/local/etc,/etc}/fusionpbx/config.conf", GLOB_BRACE);

-	set_include_path(parse_ini_file($conf[0])['document.root']);

-

-//includes files

-	require_once "resources/require.php";

-	require_once "resources/check_auth.php";

-	require_once "resources/paging.php";

-

-//check permissions

-	if (permission_exists('group_view')) {

-		//access granted

-	}

-	else {

-		echo "access denied";

-		exit;

-	}

-

-//add multi-lingual support

-	$language = new text;

-	$text = $language->get();

-

-//get the http post data

-	if (is_array($_POST['groups'])) {

-		$action = $_POST['action'];

-		$search = $_POST['search'];

-		$groups = $_POST['groups'];

-	}

-

-//process the http post data by action

-	if ($action != '' && is_array($groups) && @sizeof($groups) != 0) {

-		switch ($action) {

-			case 'copy':

-				if (permission_exists('group_add')) {

-					$obj = new groups;

-					$obj->copy($groups);

-				}

-				break;

-			case 'toggle':

-				if (permission_exists('group_edit')) {

-					$obj = new groups;

-					$obj->toggle($groups);

-				}

-				break;

-			case 'delete':

-				if (permission_exists('group_delete')) {

-					$obj = new groups;

-					$obj->delete($groups);

-				}

-				break;

-		}

-

-		header('Location: groups.php'.($search != '' ? '?search='.urlencode($search) : null));

-		exit;

-	}

-

-//get order and order by

-	$order_by = $_GET["order_by"];

-	$order = $_GET["order"];

-

-//add the search string

-	if (isset($_GET["search"])) {

-		$search =  strtolower($_GET["search"]);

-		$sql_search = " (";

-		$sql_search .= "	lower(group_name) like :search ";

-		$sql_search .= "	or lower(group_description) like :search ";

-		$sql_search .= ") ";

-		$parameters['search'] = '%'.$search.'%';

-	}

-

-//get the count

-	$sql = "select count(*) from view_groups ";

-	if ($_GET['show'] == "all" && permission_exists('group_all')) {

-		if (isset($sql_search)) {

-			$sql .= "where ".$sql_search;

-		}

-	}

-	else {

-		$sql .= "where (domain_uuid = :domain_uuid or domain_uuid is null) ";

-		if (isset($sql_search)) {

-			$sql .= "and ".$sql_search;

-		}

-		$parameters['domain_uuid'] = $domain_uuid;

-	}

-	$database = new database;

-	$num_rows = $database->select($sql, $parameters, 'column');

-

-//prepare to page the results

-	$rows_per_page = ($_SESSION['domain']['paging']['numeric'] != '') ? $_SESSION['domain']['paging']['numeric'] : 50;

-	$param = $search ? "&search=".$search : null;

-	$param = ($_GET['show'] == 'all' && permission_exists('group_all')) ? "&show=all" : null;

-	$page = is_numeric($_GET['page']) ? $_GET['page'] : 0;

-	list($paging_controls, $rows_per_page) = paging($num_rows, $param, $rows_per_page);

-	list($paging_controls_mini, $rows_per_page) = paging($num_rows, $param, $rows_per_page, true);

-	$offset = $rows_per_page * $page;

-

-//get the list

-	$sql = str_replace('count(*)', '*', $sql);

-	$sql .= order_by($order_by, $order, 'group_name', 'asc');

-	$sql .= limit_offset($rows_per_page, $offset);

-	$database = new database;

-	$groups = $database->select($sql, $parameters, 'all');

-	unset($sql, $parameters);

-

-//create token

-	$object = new token;

-	$token = $object->create($_SERVER['PHP_SELF']);

-

-//include the header

-	$document['title'] = $text['title-groups'];

-	require_once "resources/header.php";

-

-//show the content

-	echo "<div class='action_bar' id='action_bar'>\n";

-	echo "	<div class='heading'><b>".$text['title-groups']." (".$num_rows.")</b></div>\n";

-	echo "	<div class='actions'>\n";

-	echo button::create(['type'=>'button','label'=>$text['button-users'],'icon'=>$_SESSION['theme']['button_icon_users'],'onclick'=>"window.location='../users/users.php'"]);

-	echo button::create(['type'=>'button','label'=>$text['button-restore_default'],'icon'=>$_SESSION['theme']['button_icon_sync'],'style'=>'margin-right: 15px;','link'=>'permissions_default.php']);

-	if (permission_exists('group_add')) {

-		echo button::create(['type'=>'button','label'=>$text['button-add'],'icon'=>$_SESSION['theme']['button_icon_add'],'id'=>'btn_add','link'=>'group_edit.php']);

-	}

-	if (permission_exists('group_add') && $groups) {

-		echo button::create(['type'=>'button','label'=>$text['button-copy'],'icon'=>$_SESSION['theme']['button_icon_copy'],'id'=>'btn_copy','name'=>'btn_copy','style'=>'display: none;','onclick'=>"modal_open('modal-copy','btn_copy');"]);

-	}

-	if (permission_exists('group_edit') && $groups) {

-		echo button::create(['type'=>'button','label'=>$text['button-toggle'],'icon'=>$_SESSION['theme']['button_icon_toggle'],'id'=>'btn_toggle','name'=>'btn_toggle','style'=>'display: none;','onclick'=>"modal_open('modal-toggle','btn_toggle');"]);

-	}

-	if (permission_exists('group_delete') && $groups) {

-		echo button::create(['type'=>'button','label'=>$text['button-delete'],'icon'=>$_SESSION['theme']['button_icon_delete'],'id'=>'btn_delete','name'=>'btn_delete','style'=>'display: none;','onclick'=>"modal_open('modal-delete','btn_delete');"]);

-	}

-	echo 		"<form id='form_search' class='inline' method='get'>\n";

-	if (permission_exists('group_all')) {

-		if ($_GET['show'] == 'all') {

-			echo "		<input type='hidden' name='show' value='all'>\n";

-		}

-		else {

-			echo button::create(['type'=>'button','label'=>$text['button-show_all'],'icon'=>$_SESSION['theme']['button_icon_all'],'link'=>'?show=all']);

-		}

-	}

-	echo 		"<input type='text' class='txt list-search' name='search' id='search' value=\"".escape($search)."\" placeholder=\"".$text['label-search']."\" onkeydown=''>";

-	echo button::create(['label'=>$text['button-search'],'icon'=>$_SESSION['theme']['button_icon_search'],'type'=>'submit','id'=>'btn_search']);

-	//echo button::create(['label'=>$text['button-reset'],'icon'=>$_SESSION['theme']['button_icon_reset'],'type'=>'button','id'=>'btn_reset','link'=>'groups.php','style'=>($search == '' ? 'display: none;' : null)]);

-	if ($paging_controls_mini != '') {

-		echo 	"<span style='margin-left: 15px;'>".$paging_controls_mini."</span>\n";

-	}

-	echo "		</form>\n";

-	echo "	</div>\n";

-	echo "	<div style='clear: both;'></div>\n";

-	echo "</div>\n";

-

-	if (permission_exists('group_add') && $groups) {

-		echo modal::create(['id'=>'modal-copy','type'=>'copy','actions'=>button::create(['type'=>'button','label'=>$text['button-continue'],'icon'=>'check','id'=>'btn_copy','style'=>'float: right; margin-left: 15px;','collapse'=>'never','onclick'=>"modal_close(); list_action_set('copy'); list_form_submit('form_list');"])]);

-	}

-	if (permission_exists('group_edit') && $groups) {

-		echo modal::create(['id'=>'modal-toggle','type'=>'toggle','actions'=>button::create(['type'=>'button','label'=>$text['button-continue'],'icon'=>'check','id'=>'btn_toggle','style'=>'float: right; margin-left: 15px;','collapse'=>'never','onclick'=>"modal_close(); list_action_set('toggle'); list_form_submit('form_list');"])]);

-	}

-	if (permission_exists('group_delete') && $groups) {

-		echo modal::create(['id'=>'modal-delete','type'=>'delete','actions'=>button::create(['type'=>'button','label'=>$text['button-continue'],'icon'=>'check','id'=>'btn_delete','style'=>'float: right; margin-left: 15px;','collapse'=>'never','onclick'=>"modal_close(); list_action_set('delete'); list_form_submit('form_list');"])]);

-	}

-

-	echo $text['description-groups']."\n";

-	echo "<br /><br />\n";

-

-	echo "<form id='form_list' method='post'>\n";

-	echo "<input type='hidden' id='action' name='action' value=''>\n";

-	echo "<input type='hidden' name='search' value=\"".escape($search)."\">\n";

-

-	echo "<table class='list'>\n";

-	echo "<tr class='list-header'>\n";

-	if (permission_exists('group_add') || permission_exists('group_edit') || permission_exists('group_delete')) {

-		echo "	<th class='checkbox'>\n";

-		echo "		<input type='checkbox' id='checkbox_all' name='checkbox_all' onclick='list_all_toggle(); checkbox_on_change(this);' ".($groups ?: "style='visibility: hidden;'").">\n";

-		echo "	</th>\n";

-	}

-	if ($_GET['show'] == 'all' && permission_exists('group_all')) {

-		echo th_order_by('domain_name', $text['label-domain'], $order_by, $order);

-	}

-	echo th_order_by('group_name', $text['label-group_name'], $order_by, $order);

-	echo "	<th class='shrink' colspan='2'>".$text['label-tools']."</th>\n";

-	echo th_order_by('group_level', $text['label-group_level'], $order_by, $order, null, "class='center'");

-	echo th_order_by('group_protected', $text['label-group_protected'], $order_by, $order, null, "class='center'");

-	echo "	<th class='pct-30 hide-sm-dn'>".$text['label-group_description']."</th>\n";

-	if (permission_exists('group_edit') && $_SESSION['theme']['list_row_edit_button']['boolean'] == 'true') {

-		echo "	<td class='action-button'>&nbsp;</td>\n";

-	}

-	echo "</tr>\n";

-

-	if (is_array($groups) && @sizeof($groups) != 0) {

-		$x = 0;

-		foreach ($groups as $row) {

-			if (permission_exists('group_edit')) {

-				$list_row_url = "group_edit.php?id=".urlencode($row['group_uuid']);

-			}

-			echo "<tr class='list-row' href='".$list_row_url."'>\n";

-			if (permission_exists('group_add') || permission_exists('group_edit') || permission_exists('group_delete')) {

-				echo "	<td class='checkbox'>\n";

-				echo "		<input type='checkbox' name='groups[$x][checked]' id='checkbox_".$x."' value='true' onclick=\"checkbox_on_change(this); if (!this.checked) { document.getElementById('checkbox_all').checked = false; }\">\n";

-				echo "		<input type='hidden' name='groups[$x][uuid]' value='".escape($row['group_uuid'])."' />\n";

-				echo "	</td>\n";

-			}

-			if ($_GET['show'] == 'all' && permission_exists('group_all')) {

-				echo "	<td>".escape($_SESSION['domains'][$row['domain_uuid']]['domain_name'])."</td>\n";

-			}

-			echo "	<td>\n";

-			if (permission_exists('group_edit')) {

-				echo "	<a href='".$list_row_url."' title=\"".$text['button-edit']."\">".escape($row['group_name'])."</a>\n";

-			}

-			else {

-				echo "	".escape($row['group_name']);

-			}

-			echo "	</td>\n";

-			echo "	<td class='no-link no-wrap pr-15'><a href='group_permissions.php?group_uuid=".urlencode($row['group_uuid'])."'>".$text['label-group_permissions']." (".$row['group_permissions'].")</a></td>\n";

-			echo "	<td class='no-link no-wrap'><a href='group_members.php?group_uuid=".urlencode($row['group_uuid'])."'>".$text['label-group_members']." (".$row['group_members'].")</a></td>\n";

-			echo "	<td class='center'>".escape($row['group_level'])."</td>\n";

-			if (permission_exists('group_edit')) {

-				echo "	<td class='no-link center'>\n";

-				echo button::create(['type'=>'submit','class'=>'link','label'=>$text['label-'.$row['group_protected']],'title'=>$text['button-toggle'],'onclick'=>"list_self_check('checkbox_".$x."'); list_action_set('toggle'); list_form_submit('form_list')"]);

-			}

-			else {

-				echo "	<td class='center'>\n";

-				echo $text['label-'.$row['group_protected']];

-			}

-			echo "	</td>\n";

-			echo "	<td class='description overflow hide-sm-dn'>".escape($row['group_description'])."</td>\n";

-			if (permission_exists('group_edit') && $_SESSION['theme']['list_row_edit_button']['boolean'] == 'true') {

-				echo "	<td class='action-button'>\n";

-				echo button::create(['type'=>'button','title'=>$text['button-edit'],'icon'=>$_SESSION['theme']['button_icon_edit'],'link'=>$list_row_url]);

-				echo "	</td>\n";

-			}

-			echo "</tr>\n";

-			$x++;

-		}

-		unset($groups);

-	}

-

-	echo "</table>\n";

-	echo "<br />\n";

-	echo "<div align='center'>".$paging_controls."</div>\n";

-	echo "<input type='hidden' name='".$token['name']."' value='".$token['hash']."'>\n";

-	echo "</form>\n";

-

-//include the footer

-	require_once "resources/footer.php";

-

-?>

+<?php
 
+/*
 
+	FusionPBX
 
+	Version: MPL 1.1
 
+
 
+	The contents of this file are subject to the Mozilla Public License Version
 
+	1.1 (the "License"); you may not use this file except in compliance with
 
+	the License. You may obtain a copy of the License at
 
+	http://www.mozilla.org/MPL/
 
+
 
+	Software distributed under the License is distributed on an "AS IS" basis,
 
+	WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
 
+	for the specific language governing rights and limitations under the
 
+	License.
 
+
 
+	The Original Code is FusionPBX
 
+
 
+	The Initial Developer of the Original Code is
 
+	Mark J Crane <[email protected]>
 
+	Portions created by the Initial Developer are Copyright (C) 2018-2020
 
+	the Initial Developer. All Rights Reserved.
 
+
 
+	Contributor(s):
 
+	Mark J Crane <[email protected]>
 
+*/
 
+
 
+//set the include path
 
+	$conf = glob("{/usr/local/etc,/etc}/fusionpbx/config.conf", GLOB_BRACE);
 
+	set_include_path(parse_ini_file($conf[0])['document.root']);
 
+
 
+//includes files
 
+	require_once "resources/require.php";
 
+	require_once "resources/check_auth.php";
 
+	require_once "resources/paging.php";
 
+
 
+//check permissions
 
+	if (permission_exists('group_view')) {
 
+		//access granted
 
+	}
 
+	else {
 
+		echo "access denied";
 
+		exit;
 
+	}
 
+
 
+//add multi-lingual support
 
+	$language = new text;
 
+	$text = $language->get();
 
+
 
+//get the http post data
 
+	$groups = $_POST['groups'] ?? '';
 
+	$action = $_POST['action'] ?? '';
 
+	$search = $_REQUEST["search"] ?? '';
 
+	$show = $_GET["show"] ?? '';
 
+
 
+//process the http post data by action
 
+	if ($action != '' && is_array($groups) && @sizeof($groups) != 0) {
 
+		switch ($action) {
 
+			case 'copy':
 
+				if (permission_exists('group_add')) {
 
+					$obj = new groups;
 
+					$obj->copy($groups);
 
+				}
 
+				break;
 
+			case 'toggle':
 
+				if (permission_exists('group_edit')) {
 
+					$obj = new groups;
 
+					$obj->toggle($groups);
 
+				}
 
+				break;
 
+			case 'delete':
 
+				if (permission_exists('group_delete')) {
 
+					$obj = new groups;
 
+					$obj->delete($groups);
 
+				}
 
+				break;
 
+		}
 
+
 
+		header('Location: groups.php'.($search != '' ? '?search='.urlencode($search) : null));
 
+		exit;
 
+	}
 
+
 
+//get order and order by
 
+	$order_by = $_GET["order_by"] ?? '';
 
+	$order = $_GET["order"] ?? '';
 
+
 
+//add the search string
 
+	if (isset($search)) {
 
+		$search =  strtolower($search);
 
+	}
 
+
 
+//set from session variables
 
+	$list_row_edit_button = !empty($_SESSION['theme']['list_row_edit_button']['boolean']) ? $_SESSION['theme']['list_row_edit_button']['boolean'] : 'false';
 
+
 
+//get the count
 
+	$sql = "select count(*) from view_groups \n";
 
+	$sql .= "where true \n";
 
+	if ($show == 'all' && permission_exists('group_all')) {
 
+		$sql .= "and (domain_uuid is not null or domain_uuid is null) ";
 
+	}
 
+	else {
 
+		$sql .= "and (domain_uuid = :domain_uuid or domain_uuid is null) ";
 
+		$parameters['domain_uuid'] = $domain_uuid;
 
+	}
 
+	if (!empty($search)) {
 
+		$sql .= "and ( \n";
 
+		$sql .= "	lower(group_name) like :search \n";
 
+		$sql .= "	or lower(group_description) like :search \n";
 
+		$sql .= ") \n";
 
+		$parameters['search'] = '%'.$search.'%';
 
+	}
 
+	$database = new database;
 
+	$num_rows = $database->select($sql, $parameters ?? '', 'column');
 
+
 
+//prepare to page the results
 
+	$rows_per_page = ($_SESSION['domain']['paging']['numeric'] != '') ? $_SESSION['domain']['paging']['numeric'] : 50;
 
+	$param = $search ? "&search=".$search : null;
 
+	$param = ($show == 'all' && permission_exists('group_all')) ? "&show=all" : null;
 
+	$page = !empty($_GET['page']) ? $_GET['page'] : 0;
 
+	list($paging_controls, $rows_per_page) = paging($num_rows, $param, $rows_per_page);
 
+	list($paging_controls_mini, $rows_per_page) = paging($num_rows, $param, $rows_per_page, true);
 
+	$offset = $rows_per_page * $page;
 
+
 
+//get the list
 
+	$sql = str_replace('count(*)', '*', $sql);
 
+	$sql .= order_by($order_by, $order, 'group_name', 'asc');
 
+	$sql .= limit_offset($rows_per_page, $offset);
 
+	$database = new database;
 
+	$groups = $database->select($sql, $parameters ?? '', 'all');
 
+	unset($sql, $parameters);
 
+
 
+//create token
 
+	$object = new token;
 
+	$token = $object->create($_SERVER['PHP_SELF']);
 
+
 
+//include the header
 
+	$document['title'] = $text['title-groups'];
 
+	require_once "resources/header.php";
 
+
 
+//show the content
 
+	echo "<div class='action_bar' id='action_bar'>\n";
 
+	echo "	<div class='heading'><b>".$text['title-groups']." (".$num_rows.")</b></div>\n";
 
+	echo "	<div class='actions'>\n";
 
+	echo button::create(['type'=>'button','label'=>$text['button-users'],'icon'=>$_SESSION['theme']['button_icon_users'],'onclick'=>"window.location='../users/users.php'"]);
 
+	echo button::create(['type'=>'button','label'=>$text['button-restore_default'],'icon'=>$_SESSION['theme']['button_icon_sync'],'style'=>'margin-right: 15px;','link'=>'permissions_default.php']);
 
+	if (permission_exists('group_add')) {
 
+		echo button::create(['type'=>'button','label'=>$text['button-add'],'icon'=>$_SESSION['theme']['button_icon_add'],'id'=>'btn_add','link'=>'group_edit.php']);
 
+	}
 
+	if (permission_exists('group_add') && $groups) {
 
+		echo button::create(['type'=>'button','label'=>$text['button-copy'],'icon'=>$_SESSION['theme']['button_icon_copy'],'id'=>'btn_copy','name'=>'btn_copy','style'=>'display: none;','onclick'=>"modal_open('modal-copy','btn_copy');"]);
 
+	}
 
+	if (permission_exists('group_edit') && $groups) {
 
+		echo button::create(['type'=>'button','label'=>$text['button-toggle'],'icon'=>$_SESSION['theme']['button_icon_toggle'],'id'=>'btn_toggle','name'=>'btn_toggle','style'=>'display: none;','onclick'=>"modal_open('modal-toggle','btn_toggle');"]);
 
+	}
 
+	if (permission_exists('group_delete') && $groups) {
 
+		echo button::create(['type'=>'button','label'=>$text['button-delete'],'icon'=>$_SESSION['theme']['button_icon_delete'],'id'=>'btn_delete','name'=>'btn_delete','style'=>'display: none;','onclick'=>"modal_open('modal-delete','btn_delete');"]);
 
+	}
 
+	echo 		"<form id='form_search' class='inline' method='get'>\n";
 
+	if (permission_exists('group_all')) {
 
+		if ($show == 'all') {
 
+			echo "		<input type='hidden' name='show' value='all'>\n";
 
+		}
 
+		else {
 
+			echo button::create(['type'=>'button','label'=>$text['button-show_all'],'icon'=>$_SESSION['theme']['button_icon_all'],'link'=>'?show=all']);
 
+		}
 
+	}
 
+	echo 		"<input type='text' class='txt list-search' name='search' id='search' value=\"".escape($search)."\" placeholder=\"".$text['label-search']."\" onkeydown=''>";
 
+	echo button::create(['label'=>$text['button-search'],'icon'=>$_SESSION['theme']['button_icon_search'],'type'=>'submit','id'=>'btn_search']);
 
+	//echo button::create(['label'=>$text['button-reset'],'icon'=>$_SESSION['theme']['button_icon_reset'],'type'=>'button','id'=>'btn_reset','link'=>'groups.php','style'=>($search == '' ? 'display: none;' : null)]);
 
+	if ($paging_controls_mini != '') {
 
+		echo 	"<span style='margin-left: 15px;'>".$paging_controls_mini."</span>\n";
 
+	}
 
+	echo "		</form>\n";
 
+	echo "	</div>\n";
 
+	echo "	<div style='clear: both;'></div>\n";
 
+	echo "</div>\n";
 
+
 
+	if (permission_exists('group_add') && $groups) {
 
+		echo modal::create(['id'=>'modal-copy','type'=>'copy','actions'=>button::create(['type'=>'button','label'=>$text['button-continue'],'icon'=>'check','id'=>'btn_copy','style'=>'float: right; margin-left: 15px;','collapse'=>'never','onclick'=>"modal_close(); list_action_set('copy'); list_form_submit('form_list');"])]);
 
+	}
 
+	if (permission_exists('group_edit') && $groups) {
 
+		echo modal::create(['id'=>'modal-toggle','type'=>'toggle','actions'=>button::create(['type'=>'button','label'=>$text['button-continue'],'icon'=>'check','id'=>'btn_toggle','style'=>'float: right; margin-left: 15px;','collapse'=>'never','onclick'=>"modal_close(); list_action_set('toggle'); list_form_submit('form_list');"])]);
 
+	}
 
+	if (permission_exists('group_delete') && $groups) {
 
+		echo modal::create(['id'=>'modal-delete','type'=>'delete','actions'=>button::create(['type'=>'button','label'=>$text['button-continue'],'icon'=>'check','id'=>'btn_delete','style'=>'float: right; margin-left: 15px;','collapse'=>'never','onclick'=>"modal_close(); list_action_set('delete'); list_form_submit('form_list');"])]);
 
+	}
 
+
 
+	echo $text['description-groups']."\n";
 
+	echo "<br /><br />\n";
 
+
 
+	echo "<form id='form_list' method='post'>\n";
 
+	echo "<input type='hidden' id='action' name='action' value=''>\n";
 
+	echo "<input type='hidden' name='search' value=\"".escape($search)."\">\n";
 
+
 
+	echo "<table class='list'>\n";
 
+	echo "<tr class='list-header'>\n";
 
+	if (permission_exists('group_add') || permission_exists('group_edit') || permission_exists('group_delete')) {
 
+		echo "	<th class='checkbox'>\n";
 
+		echo "		<input type='checkbox' id='checkbox_all' name='checkbox_all' onclick='list_all_toggle(); checkbox_on_change(this);' ".(!empty($groups) ?: "style='visibility: hidden;'").">\n";
 
+		echo "	</th>\n";
 
+	}
 
+	if ($show == 'all' && permission_exists('group_all')) {
 
+		echo th_order_by('domain_name', $text['label-domain'], $order_by, $order);
 
+	}
 
+	echo th_order_by('group_name', $text['label-group_name'], $order_by, $order);
 
+	echo "	<th class='shrink' colspan='2'>".$text['label-tools']."</th>\n";
 
+	echo th_order_by('group_level', $text['label-group_level'], $order_by, $order, null, "class='center'");
 
+	echo th_order_by('group_protected', $text['label-group_protected'], $order_by, $order, null, "class='center'");
 
+	echo "	<th class='pct-30 hide-sm-dn'>".$text['label-group_description']."</th>\n";
 
+	if (permission_exists('group_edit') && $list_row_edit_button == 'true') {
 
+		echo "	<td class='action-button'>&nbsp;</td>\n";
 
+	}
 
+	echo "</tr>\n";
 
+
 
+	if (is_array($groups) && @sizeof($groups) != 0) {
 
+		$x = 0;
 
+		foreach ($groups as $row) {
 
+			if (permission_exists('group_edit')) {
 
+				$list_row_url = "group_edit.php?id=".urlencode($row['group_uuid']);
 
+			}
 
+			echo "<tr class='list-row' href='".$list_row_url."'>\n";
 
+			if (permission_exists('group_add') || permission_exists('group_edit') || permission_exists('group_delete')) {
 
+				echo "	<td class='checkbox'>\n";
 
+				echo "		<input type='checkbox' name='groups[$x][checked]' id='checkbox_".$x."' value='true' onclick=\"checkbox_on_change(this); if (!this.checked) { document.getElementById('checkbox_all').checked = false; }\">\n";
 
+				echo "		<input type='hidden' name='groups[$x][uuid]' value='".escape($row['group_uuid'])."' />\n";
 
+				echo "	</td>\n";
 
+			}
 
+			if ($show == 'all' && permission_exists('group_all')) {
 
+echo "	<td>".escape($row['domain_name'])."</td>\n";
 
+			}
 
+			echo "	<td>\n";
 
+			if (permission_exists('group_edit')) {
 
+				echo "	<a href='".$list_row_url."' title=\"".$text['button-edit']."\">".escape($row['group_name'])."</a>\n";
 
+			}
 
+			else {
 
+				echo "	".escape($row['group_name']);
 
+			}
 
+			echo "	</td>\n";
 
+			echo "	<td class='no-link no-wrap pr-15'><a href='group_permissions.php?group_uuid=".urlencode($row['group_uuid'])."'>".$text['label-group_permissions']." (".$row['group_permissions'].")</a></td>\n";
 
+			echo "	<td class='no-link no-wrap'><a href='group_members.php?group_uuid=".urlencode($row['group_uuid'])."'>".$text['label-group_members']." (".$row['group_members'].")</a></td>\n";
 
+			echo "	<td class='center'>".escape($row['group_level'])."</td>\n";
 
+			if (permission_exists('group_edit')) {
 
+				echo "	<td class='no-link center'>\n";
 
+				echo button::create(['type'=>'submit','class'=>'link','label'=>$text['label-'.$row['group_protected']],'title'=>$text['button-toggle'],'onclick'=>"list_self_check('checkbox_".$x."'); list_action_set('toggle'); list_form_submit('form_list')"]);
 
+			}
 
+			else {
 
+				echo "	<td class='center'>\n";
 
+				echo $text['label-'.$row['group_protected']];
 
+			}
 
+			echo "	</td>\n";
 
+			echo "	<td class='description overflow hide-sm-dn'>".escape($row['group_description'])."</td>\n";
 
+			if (permission_exists('group_edit') && $list_row_edit_button == 'true') {
 
+				echo "	<td class='action-button'>\n";
 
+				echo button::create(['type'=>'button','title'=>$text['button-edit'],'icon'=>$_SESSION['theme']['button_icon_edit'],'link'=>$list_row_url]);
 
+				echo "	</td>\n";
 
+			}
 
+			echo "</tr>\n";
 
+			$x++;
 
+		}
 
+		unset($groups);
 
+	}
 
+
 
+	echo "</table>\n";
 
+	echo "<br />\n";
 
+	echo "<div align='center'>".$paging_controls."</div>\n";
 
+	echo "<input type='hidden' name='".$token['name']."' value='".$token['hash']."'>\n";
 
+	echo "</form>\n";
 
+
 
+//include the footer
 
+	require_once "resources/footer.php";
 
+
 
+?>