Groups: Integrate Show All and ability to edit assigned Domain. Create, edit, delete non-default groups.

Users: Adjust so assigned Domain doesn't get overwritten if user_all permission exists, but user_domain doesn't.
Destinations: Adjust so assigned Domain doesn't get overwritten if destination_all permission exists, but destination_domain doesn't.

core/users/app_config.php

@@ -57,6 +57,12 @@
 		$apps[$x]['permissions'][$y]['name'] = "group_delete";
 		$apps[$x]['permissions'][$y]['groups'][] = "superadmin";
 		$y++;
+		$apps[$x]['permissions'][$y]['name'] = 'group_domain';
+		$apps[$x]['permissions'][$y]['groups'][] = 'superadmin';
+		$y++;
+		$apps[$x]['permissions'][$y]['name'] = 'group_all';
+		$apps[$x]['permissions'][$y]['groups'][] = 'superadmin';
+		$y++;
 		$apps[$x]['permissions'][$y]['name'] = "group_member_view";
 		$apps[$x]['permissions'][$y]['menu']['uuid'] = "3b4acc6d-827b-f537-bf21-0093d94ffec7";
 		$apps[$x]['permissions'][$y]['groups'][] = "admin";

core/users/app_languages.php

@@ -22,10 +22,15 @@
 	$text['title-group_manager']['pt-pt'] = "Gestão de Grupos";
 	$text['title-group_manager']['fr-fr'] = "Gestion de Groupe";
 
-	$text['title-group_add']['en-us'] = "Group";
-	$text['title-group_add']['es-cl'] = "Agregar Usuario";
-	$text['title-group_add']['pt-pt'] = "Grupo";
-	$text['title-group_add']['fr-fr'] = "Groupe";
+	$text['title-group_add']['en-us'] = "Add Group";
+	$text['title-group_add']['es-cl'] = "Agregar Grupo";
+	$text['title-group_add']['pt-pt'] = "Adicionar Grupo";
+	$text['title-group_add']['fr-fr'] = "Ajouter un Groupe";
+
+	$text['title-group_edit']['en-us'] = "Edit Group";
+	$text['title-group_edit']['es-cl'] = "Editar Grupo";
+	$text['title-group_edit']['pt-pt'] = "Editar Grupo";
+	$text['title-group_edit']['fr-fr'] = "Modifier le Groupe";
 
 	$text['title-group_permissions']['en-us'] = "Group Permissions";
 	$text['title-group_permissions']['es-cl'] = "Permisos de Grupo";
@@ -57,10 +62,15 @@
 	$text['header-group_manager']['pt-pt'] = "Gestão de Grupos";
 	$text['header-group_manager']['fr-fr'] = "Gestion de Groupe";
 
-	$text['header-group_add']['en-us'] = "Group";
+	$text['header-group_add']['en-us'] = "Add Group";
 	$text['header-group_add']['es-cl'] = "Agregar Grupo";
 	$text['header-group_add']['pt-pt'] = "Adicionar Grupo";
-	$text['header-group_add']['fr-fr'] = "Ajout de Groupe";
+	$text['header-group_add']['fr-fr'] = "Ajouter un Groupe";
+
+	$text['header-group_edit']['en-us'] = "Edit Group";
+	$text['header-group_edit']['es-cl'] = "Editar Grupo";
+	$text['header-group_edit']['pt-pt'] = "Editar Grupo";
+	$text['header-group_edit']['fr-fr'] = "Modifier le Groupe";
 
 	$text['header-group_permissions']['en-us'] = "Group Permissions: ";
 	$text['header-group_permissions']['es-cl'] = "Permisos de Grupo: ";
@@ -87,10 +97,15 @@
 	$text['description-user_edit']['pt-pt'] = "Editar a informação do utilizador e os membros do grupo. ";
 	$text['description-user_edit']['fr-fr'] = "Editer les informations de l'utilisateur et l'appartenance au groupe.";
 
-	$text['description-group_add']['en-us'] = "Please choose a group name.";
-	$text['description-group_add']['es-cl'] = "Por favor escoja un nombre.";
-	$text['description-group_add']['pt-pt'] = "Por favor escolha um nome para o grupo.";
-	$text['description-group_add']['fr-fr'] = "Choisir un nom pour le groupe.";
+	$text['description-group_add']['en-us'] = "Create a new user group.";
+	$text['description-group_add']['es-cl'] = "Crear un nuevo grupo de usuarios.";
+	$text['description-group_add']['pt-pt'] = "Criar um novo grupo de usuários.";
+	$text['description-group_add']['fr-fr'] = "Créez un nouveau groupe d'utilisateurs.";
+
+	$text['description-group_edit']['en-us'] = "Edit the properties of the group.";
+	$text['description-group_edit']['es-cl'] = "Editar las propiedades del grupo.";
+	$text['description-group_edit']['pt-pt'] = "Editar as propriedades do grupo.";
+	$text['description-group_edit']['fr-fr'] = "Modifier les propriétés du groupe.";
 
 	$text['description-group_permissions']['en-us'] = "Assign permissions for this group.";
 	$text['description-group_permissions']['es-cl'] = "Asigne permisos para este grupo.";
@@ -442,4 +457,9 @@
 	$text['message-maximum_users']['pt-pt'] = "Usuários Máximo Permitido:";
 	$text['message-maximum_users']['fr-fr'] = "Utilisateurs Maximale Autorisée:";
 
+	$text['message-group_exists']['en-us'] = "Group Already Exists";
+	$text['message-group_exists']['es-cl'] = "El Grupo ya Existe";
+	$text['message-group_exists']['pt-pt'] = "O Grupo já Existe";
+	$text['message-group_exists']['fr-fr'] = "Groupe Existe Déjà";
+
 ?>

core/users/group_permissions.php

@@ -90,12 +90,24 @@ require_once "resources/require.php";
 		}
 	}
 
-//get the http values and set them as php variables
-	$group_name = $_REQUEST['group_name'];
+//get the group uuid, lookup domain uuid (if any) and name
+	$group_uuid = check_str($_REQUEST['group_uuid']);
+	$sql = "select domain_uuid, group_name from v_groups ";
+	$sql .= "where group_uuid = '".$group_uuid."' ";
+	$prep_statement = $db->prepare(check_sql($sql));
+	$prep_statement->execute();
+	$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
+	foreach ($result as &$row) {
+		$domain_uuid = $row["domain_uuid"];
+		$group_name = $row["group_name"];
+		break; //limit to 1 row
+	}
+	unset ($prep_statement);
 
 //get the permissions assigned to this group
 	$sql = " select * from v_group_permissions ";
 	$sql .= "where group_name = '$group_name' ";
+	$sql .= "and domain_uuid ".(($domain_uuid != '') ? " = '".$domain_uuid."' " : " is null ");
 	$prep_statement = $db->prepare(check_sql($sql));
 	$prep_statement->execute();
 	$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
@@ -128,6 +140,7 @@ require_once "resources/require.php";
 
 //process the http post
 	if (count($_POST)>0) {
+
 		foreach($_POST['permissions_form'] as $permission) {
 			$permissions_form[$permission] = "true";
 		}
@@ -217,12 +230,18 @@ require_once "resources/require.php";
 							$sql = "insert into v_group_permissions ";
 							$sql .= "(";
 							$sql .= "group_permission_uuid, ";
+							if ($domain_uuid != '') {
+								$sql .= "domain_uuid, ";
+							}
 							$sql .= "permission_name, ";
 							$sql .= "group_name ";
 							$sql .= ")";
 							$sql .= "values ";
 							$sql .= "(";
 							$sql .= "'".uuid()."', ";
+							if ($domain_uuid != '') {
+								$sql .= "'".$domain_uuid."', ";
+							}
 							$sql .= "'$permission', ";
 							$sql .= "'$group_name' ";
 							$sql .= ")";
@@ -315,6 +334,7 @@ require_once "resources/require.php";
 
 //show the content
 	echo "<form method='post' name='frm' action=''>\n";
+	echo "<input type='hidden' name='domain_uuid' value='".$domain_uuid."'>\n";
 	echo "<table cellpadding='0' cellspacing='0' width='100%' border='0'>\n";
 	echo "	<tr>\n";
 	echo "		<td width='50%' align=\"left\" nowrap=\"nowrap\" valign='top'>";
@@ -348,7 +368,7 @@ require_once "resources/require.php";
 			if ($description != '') { echo $description."<br />\n"; }
 			echo "<br>";
 
-			echo "<table width='100%' border='0' cellpadding='0' cellspacing='0'>\n";
+			echo "<table class='tr_hover' width='100%' border='0' cellpadding='0' cellspacing='0'>\n";
 			echo "	<tr>\n";
 			echo "		<th><input type='checkbox' id='check_toggle_".$app_index."' onclick=\"check_toggle('".$app_index."', this.checked);\"></th>\n";
 			echo "		<th>".$text['label-permission_permissions']."</th>\n";
@@ -357,10 +377,10 @@ require_once "resources/require.php";
 
 			foreach ($app['permissions'] as $permission_index => $row) {
 				$checked = ($permissions_db_checklist[$row['name']] == "true") ? "checked='checked'" : null;
-				echo "<tr >\n";
+				echo "<tr>\n";
 				echo "	<td valign='top' class='".$row_style[$c]."'><input type='checkbox' name='permissions_form[]' id='perm_".$app_index."_".$permission_index."' ".$checked." value='".$row['name']."'></td>\n";
-				echo "	<td valign='top' width='30%' nowrap='nowrap' class='".$row_style[$c]."'>".$row['name']."</td>\n";
-				echo "	<td valign='top' width='70%' class='row_stylebg'>".$row['description']."&nbsp;</td>\n";
+				echo "	<td valign='top' width='30%' nowrap='nowrap' class='".$row_style[$c]."' onclick=\"(document.getElementById('perm_".$app_index."_".$permission_index."').checked) ? document.getElementById('perm_".$app_index."_".$permission_index."').checked = false : document.getElementById('perm_".$app_index."_".$permission_index."').checked = true;\">".$row['name']."</td>\n";
+				echo "	<td valign='top' width='70%' class='row_stylebg' onclick=\"(document.getElementById('perm_".$app_index."_".$permission_index."').checked) ? document.getElementById('perm_".$app_index."_".$permission_index."').checked = false : document.getElementById('perm_".$app_index."_".$permission_index."').checked = true;\">".$row['description']."&nbsp;</td>\n";
 				echo "</tr>\n";
 				$c = ($c == 0) ? 1 : 0;
 

core/users/groupadd.php

@@ -41,37 +41,68 @@ require_once "resources/require.php";
 	$text = $language->get();
 
 //get the http values and set them as variables
-	$path = check_str($_GET["path"]);
-	$msg = check_str($_GET["msg"]);
-	$group_name = check_str($_POST["group_name"]);
-	$group_description = check_str($_POST["group_description"]);
-
-//insert into groups
-	if (strlen($group_name) > 0) {
-		$sql_insert = "insert into v_groups ";
-		$sql_insert .= "(";
-		$sql_insert .= "group_uuid, ";
-		$sql_insert .= "group_name, ";
-		$sql_insert .= "group_description ";
-		$sql_insert .= ")";
-		$sql_insert .= "values ";
-		$sql_insert .= "(";
-		$sql_insert .= "'".uuid()."', ";
-		$sql_insert .= "'$group_name', ";
-		$sql_insert .= "'$group_description' ";
-		$sql_insert .= ")";
-		if (!$db->exec($sql_insert)) {
-			//echo $db->errorCode() . "<br>";
-			$info = $db->errorInfo();
-			print_r($info);
-			// $info[0] == $db->errorCode() unified error code
-			// $info[1] is the driver specific error code
-			// $info[2] is the driver specific error string
-		}
+	if (count($_POST) > 0) {
+		//set the variables
+			$group_name = check_str($_POST["group_name"]);
+			if (permission_exists('group_domain')) {
+				$domain_uuid = check_str($_POST["domain_uuid"]);
+			}
+			else {
+				$domain_uuid = $_SESSION['domain_uuid'];
+			}
+			$group_description = check_str($_POST["group_description"]);
+
+		//check for global/domain duplicates
+			$sql = "select count(*) as num_rows from v_groups where ";
+			$sql .= "group_name = '".$group_name."' ";
+			$sql .= "and domain_uuid ".(($domain_uuid != '') ? " = '".$domain_uuid."' " : " is null ");
+			$prep_statement = $db->prepare($sql);
+			if ($prep_statement) {
+				$prep_statement->execute();
+				$row = $prep_statement->fetch(PDO::FETCH_ASSOC);
+				$group_exists = ($row['num_rows'] > 0) ? true : false;
+			}
+			else {
+				$group_exists = false;
+			}
+			unset($sql, $prep_statement, $row);
+
+		//insert group
+			if (!$group_exists) {
+				$sql = "insert into v_groups ";
+				$sql .= "(";
+				$sql .= "group_uuid, ";
+				$sql .= "domain_uuid, ";
+				$sql .= "group_name, ";
+				$sql .= "group_description ";
+				$sql .= ")";
+				$sql .= "values ";
+				$sql .= "(";
+				$sql .= "'".uuid()."', ";
+				$sql .= (($domain_uuid != '') ? "'".$domain_uuid."'" : "null").", ";
+				$sql .= "'".$group_name."', ";
+				$sql .= "'".$group_description."' ";
+				$sql .= ")";
+				if (!$db->exec($sql)) {
+					//echo $db->errorCode() . "<br>";
+					$info = $db->errorInfo();
+					echo "<pre>".print_r($info, true)."</pre>";
+					exit;
+					// $info[0] == $db->errorCode() unified error code
+					// $info[1] is the driver specific error code
+					// $info[2] is the driver specific error string
+				}
+
+				$_SESSION["message"] = $text['message-add'];
+				header("Location: groups.php");
+			}
+			else {
+				$_SESSION['message_mood'] = 'negative';
+				$_SESSION["message"] = $text['message-group_exists'];
+				header("Location: groupadd.php");
+			}
 
 		//redirect the user
-			$_SESSION["message"] = $text['message-add'];
-			header("Location: groups.php");
 			return;
 	}
 
@@ -80,48 +111,64 @@ require_once "resources/require.php";
 	$document['title'] = $text['title-group_add'];
 
 //show the content
+	echo "<form name='login' method='post' action=''>\n";
+
 	echo "<table width='100%' cellpadding='0' cellspacing='0'>\n";
 	echo "	<tr>\n";
-	echo "		<td align='left'>\n";
+	echo "		<td align='left' valign='top'>\n";
 	echo "			<b>".$text['header-group_add']."</b>\n";
 	echo "			<br><br>\n";
 	echo "			".$text['description-group_add']."\n";
 	echo "		</td>\n";
-	echo "		<td align='right'>\n";
+	echo "		<td align='right' valign='top'>\n";
 	echo "			<input type='button' class='btn' name='' alt='back' onclick=\"window.location='groups.php'\" value='".$text['button-back']."'> ";
-	echo "  		<input type=\"submit\" class='btn' value=\"".$text['button-save']."\">\n";
+	echo "  		<input type='submit' class='btn' value=\"".$text['button-save']."\">\n";
 	echo "		</td>\n";
 	echo "	</tr>\n";
 	echo "</table>\n";
 	echo "<br>";
 
-	echo "<form name='login' METHOD=\"POST\" action=\"groupadd.php\">\n";
 	echo "<table width='100%' cellpadding='0' cellspacing='0'>\n";
 	echo "<tr>\n";
 	echo "<td width='30%' class='vncellreq'>\n";
 	echo $text['label-group_name']."\n";
 	echo "</td>\n";
 	echo "<td width='70%' align='left' class='vtable'>\n";
-	echo "  <input type=\"text\" class='formfld' name=\"group_name\">\n";
+	echo "  <input type='text' class='formfld' name='group_name'>\n";
 	echo "</td>\n";
 	echo "</tr>\n";
 
+	if (permission_exists('group_domain')) {
+		echo "<tr>\n";
+		echo "<td class='vncell' valign='top' align='left' nowrap='nowrap'>\n";
+		echo "	".$text['label-domain']."\n";
+		echo "</td>\n";
+		echo "<td class='vtable' align='left'>\n";
+		echo "    <select class='formfld' name='domain_uuid'>\n";
+		echo "    	<option value='' ".((strlen($domain_uuid) == 0) ? "selected='selected'" : null).">".$text['option-global']."</option>\n";
+		foreach ($_SESSION['domains'] as $row) {
+			echo "	<option value='".$row['domain_uuid']."' ".(($row['domain_uuid'] == $domain_uuid) ? "selected='selected'" : null).">".$row['domain_name']."</option>\n";
+		}
+		echo "    </select>\n";
+		echo "<br />\n";
+		echo $text['description-domain_name']."\n";
+		echo "</td>\n";
+		echo "</tr>\n";
+	}
+
 	echo "<tr>\n";
-	echo "<td class='vncellreq'>\n";
+	echo "<td class='vncell'>\n";
 	echo $text['label-group_description']."\n";
 	echo "</td>\n";
 	echo "<td align='left' class='vtable'>\n";
-	echo "<textarea name='group_description' class='formfld'></textarea>\n";
+	echo "<textarea name='group_description' class='formfld' style='width: 250px; height: 50px;'></textarea>\n";
 	echo "</td>\n";
 	echo "</tr>\n";
 
 	echo "<tr>\n";
-	echo "<td>\n";
-	echo "</td>\n";
-	echo "<td align=\"right\">\n";
-	echo "  <input type=\"hidden\" name=\"path\" value=\"$path\">\n";
-	echo "	<br><br>";
-	echo "  <input type=\"submit\" class='btn' value=\"".$text['button-save']."\">\n";
+	echo "<td colspan='2' align='right'>\n";
+	echo "	<br />";
+	echo "	<input type='submit' class='btn' value=\"".$text['button-save']."\">\n";
 	echo "</td>\n";
 	echo "</tr>\n";
 

core/users/groupdelete.php

@@ -42,14 +42,16 @@ require_once "resources/require.php";
 //validate the uuid
 	if (is_uuid($group_uuid)) {
 		//get the group from v_groups
-			$sql = "select group_name from v_groups ";
+			$sql = "select domain_uuid, group_name from v_groups ";
 			$sql .= "where group_uuid = '".$group_uuid."' ";
-			$sql .= "and (domain_uuid = '".$_SESSION['domain_uuid']."' or domain_uuid is null); ";
-			//echo $sql . "\n";
+			if (!permission_exists('group_domain')) {
+				$sql .= "and (domain_uuid = '".$_SESSION['domain_uuid']."' or domain_uuid is null); ";
+			}
 			$prep_statement = $db->prepare(check_sql($sql));
 			$prep_statement->execute();
 			$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
 			foreach ($result as &$row) {
+				$domain_uuid = $row["domain_uuid"];
 				$group_name = $row["group_name"];
 			}
 			unset ($prep_statement);
@@ -57,8 +59,6 @@ require_once "resources/require.php";
 		//delete the group users
 			$sql = "delete from v_group_users ";
 			$sql .= "where group_uuid = '".$group_uuid."' ";
-			$sql .= "and (domain_uuid = '".$_SESSION['domain_uuid']."' or domain_uuid is null); ";
-			//echo $sql . "\n";
 			if (!$db->exec($sql)) {
 				$error = $db->errorInfo();
 				print_r($error);
@@ -68,8 +68,7 @@ require_once "resources/require.php";
 			if (strlen($group_name) > 0) {
 				$sql = "delete from v_group_permissions ";
 				$sql .= "where group_name = '".$group_name."' ";
-				$sql .= "and (domain_uuid = '".$_SESSION['domain_uuid']."' or domain_uuid is null); ";
-				//echo $sql . "\n";
+				$sql .= "and domain_uuid ".(($domain_uuid != '') ? " = '".$domain_uuid."' " : " is null ");
 				if (!$db->exec($sql)) {
 					$error = $db->errorInfo();
 					print_r($error);
@@ -79,8 +78,7 @@ require_once "resources/require.php";
 		//delete the group
 			$sql = "delete from v_groups ";
 			$sql .= "where group_uuid = '".$group_uuid."' ";
-			$sql .= "and (domain_uuid = '".$_SESSION['domain_uuid']."' or domain_uuid is null); ";
-			//echo $sql . "\n";
+			$sql .= "and domain_uuid ".(($domain_uuid != '') ? " = '".$domain_uuid."' " : " is null ");
 			if (!$db->exec($sql)) {
 				$error = $db->errorInfo();
 				print_r($error);
@@ -88,6 +86,7 @@ require_once "resources/require.php";
 	}
 
 //redirect the user
+	$_SESSION["message"] = $text['message-delete'];
 	header("Location: groups.php");
 
 ?>

core/users/groupedit.php

@@ -0,0 +1,191 @@
+<?php
+/*
+	FusionPBX
+	Version: MPL 1.1
+
+	The contents of this file are subject to the Mozilla Public License Version
+	1.1 (the "License"); you may not use this file except in compliance with
+	the License. You may obtain a copy of the License at
+	http://www.mozilla.org/MPL/
+
+	Software distributed under the License is distributed on an "AS IS" basis,
+	WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+	for the specific language governing rights and limitations under the
+	License.
+
+	The Original Code is FusionPBX
+
+	The Initial Developer of the Original Code is
+	Mark J Crane <[email protected]>
+	Portions created by the Initial Developer are Copyright (C) 2008-2014
+	the Initial Developer. All Rights Reserved.
+
+	Contributor(s):
+	Mark J Crane <[email protected]>
+*/
+include "root.php";
+require_once "resources/require.php";
+
+//check permissions
+	require_once "resources/check_auth.php";
+	if (permission_exists('group_edit')) {
+		//access allowed
+	}
+	else {
+		echo "access denied";
+		return;
+	}
+
+//add multi-lingual support
+	$language = new text;
+	$text = $language->get();
+
+//process update
+	if (count($_POST) > 0) {
+		//set the variables
+			$group_uuid = check_str($_POST['group_uuid']);
+			$group_name = check_str($_POST['group_name']);
+			$domain_uuid = check_str($_POST["domain_uuid"]);
+			$group_description = check_str($_POST["group_description"]);
+
+		//check for global/domain duplicates
+			$sql = "select count(*) as num_rows from v_groups where ";
+			$sql .= "group_name = '".$group_name."' ";
+			$sql .= "and group_uuid <> '".$group_uuid."' ";
+			$sql .= "and domain_uuid ".(($domain_uuid != '') ? " = '".$domain_uuid."' " : " is null ");
+			$prep_statement = $db->prepare($sql);
+			if ($prep_statement) {
+				$prep_statement->execute();
+				$row = $prep_statement->fetch(PDO::FETCH_ASSOC);
+				$group_exists = ($row['num_rows'] > 0) ? true : false;
+			}
+			else {
+				$group_exists = false;
+			}
+			unset($sql, $prep_statement, $row);
+
+		//insert group
+			if (!$group_exists) {
+				$sql = "update v_groups ";
+				$sql .= "set ";
+				$sql .= "group_name = '".$group_name."', ";
+				$sql .= "domain_uuid = ".(($domain_uuid != '') ? "'".$domain_uuid."'" : "null").", ";
+				$sql .= "group_description = '".$group_description."' ";
+				$sql .= "where group_uuid = '".$group_uuid."' ";
+				if (!$db->exec(check_sql($sql))) {
+					//echo $db->errorCode() . "<br>";
+					$info = $db->errorInfo();
+					echo "<pre>".print_r($info, true)."</pre>";
+					exit;
+					// $info[0] == $db->errorCode() unified error code
+					// $info[1] is the driver specific error code
+					// $info[2] is the driver specific error string
+				}
+
+				$_SESSION["message"] = $text['message-update'];
+				header("Location: groups.php");
+			}
+			else {
+				$_SESSION['message_mood'] = 'negative';
+				$_SESSION["message"] = $text['message-group_exists'];
+				header("Location: groupedit.php?id=".$group_uuid);
+			}
+
+		//redirect the user
+			return;
+	}
+
+//pre-populate the form
+	$group_uuid = check_str($_REQUEST['id']);
+	if ($group_uuid != '') {
+		$sql = "select * from v_groups where ";
+		$sql .= "group_uuid = '".$group_uuid."' ";
+		$prep_statement = $db->prepare($sql);
+		if ($prep_statement) {
+			$prep_statement->execute();
+			$row = $prep_statement->fetch(PDO::FETCH_ASSOC);
+			$group_name = $row['group_name'];
+			$domain_uuid = $row['domain_uuid'];
+			$group_description = $row['group_description'];
+		}
+	}
+
+
+//include the header
+	include "resources/header.php";
+	$document['title'] = $text['title-group_edit'];
+
+//show the content
+	echo "<form name='login' method='post' action=''>\n";
+	echo "<input type='hidden' name='group_uuid' value='".$group_uuid."'>\n";
+
+	echo "<table width='100%' cellpadding='0' cellspacing='0'>\n";
+	echo "	<tr>\n";
+	echo "		<td align='left' valign='top'>\n";
+	echo "			<b>".$text['header-group_edit']."</b>\n";
+	echo "			<br><br>\n";
+	echo "			".$text['description-group_edit']."\n";
+	echo "		</td>\n";
+	echo "		<td align='right' valign='top'>\n";
+	echo "			<input type='button' class='btn' name='' alt='back' onclick=\"window.location='groups.php'\" value='".$text['button-back']."'> ";
+	echo "  		<input type='submit' class='btn' value=\"".$text['button-save']."\">\n";
+	echo "		</td>\n";
+	echo "	</tr>\n";
+	echo "</table>\n";
+	echo "<br>";
+
+	echo "<table width='100%' cellpadding='0' cellspacing='0'>\n";
+	echo "<tr>\n";
+	echo "<td width='30%' class='vncellreq' valign='top'>\n";
+	echo 	$text['label-group_name']."\n";
+	echo "</td>\n";
+	echo "<td width='70%' align='left' class='vtable'>\n";
+	echo "  <input type='text' class='formfld' name='group_name' value=\"".$group_name."\">\n";
+	echo "</td>\n";
+	echo "</tr>\n";
+
+	if (permission_exists('group_domain')) {
+		echo "<tr>\n";
+		echo "<td class='vncell' valign='top'>\n";
+		echo "	".$text['label-domain']."\n";
+		echo "</td>\n";
+		echo "<td class='vtable' align='left'>\n";
+		echo "    <select class='formfld' name='domain_uuid'>\n";
+		echo "    	<option value='' ".((strlen($domain_uuid) == 0) ? "selected='selected'" : null).">".$text['option-global']."</option>\n";
+		foreach ($_SESSION['domains'] as $row) {
+			echo "	<option value='".$row['domain_uuid']."' ".(($row['domain_uuid'] == $domain_uuid) ? "selected='selected'" : null).">".$row['domain_name']."</option>\n";
+		}
+		echo "    </select>\n";
+		echo "<br />\n";
+		echo $text['description-domain_name']."\n";
+		echo "</td>\n";
+		echo "</tr>\n";
+	}
+	else {
+		echo "<input type='hidden' name='domain_uuid' value='".$domain_uuid."'>";
+	}
+
+	echo "<tr>\n";
+	echo "<td class='vncell' valign='top'>\n";
+	echo 	$text['label-group_description']."\n";
+	echo "</td>\n";
+	echo "<td align='left' class='vtable' valign='top'>\n";
+	echo "	<textarea name='group_description' class='formfld' style='width: 250px; height: 50px;'>".$group_description."</textarea>\n";
+	echo "</td>\n";
+	echo "</tr>\n";
+
+	echo "<tr>\n";
+	echo "<td colspan='2' align='right'>\n";
+	echo "	<br />";
+	echo "	<input type='submit' class='btn' value=\"".$text['button-save']."\">\n";
+	echo "</td>\n";
+	echo "</tr>\n";
+
+	echo "</table>\n";
+	echo "<br><br>";
+	echo "</form>";
+
+//include the footer
+	include "resources/footer.php";
+
+?>

core/users/groupmemberadd.php

@@ -41,6 +41,7 @@ else {
 	}
 
 //get the http values and set them as variables
+	$domain_uuid = check_str($_POST["domain_uuid"]);
 	$group_uuid = check_str($_POST["group_uuid"]);
 	$group_name = check_str($_POST["group_name"]);
 	$user_uuid = check_str($_POST["user_uuid"]);
@@ -58,14 +59,15 @@ else {
 		$sql .= "values ";
 		$sql .= "(";
 		$sql .= "'".uuid()."', ";
-		$sql .= "'$domain_uuid', ";
-		$sql .= "'$group_uuid', ";
-		$sql .= "'$group_name', ";
-		$sql .= "'$user_uuid' ";
+		$sql .= "'".$domain_uuid."', ";
+		$sql .= "'".$group_uuid."', ";
+		$sql .= "'".$group_name."', ";
+		$sql .= "'".$user_uuid."' ";
 		$sql .= ")";
 		if (!$db->exec($sql)) {
 			$info = $db->errorInfo();
-			print_r($info);
+			echo "<pre>".print_r($info, true)."</pre>";
+			exit;
 		}
 		else {
 			//log the success
@@ -75,6 +77,7 @@ else {
 	}
 
 //redirect the user
-	header("Location: groupmembers.php?group_uuid=$group_uuid&group_name=$group_name");
+	$_SESSION["message"] = $text['message-update'];
+	header("Location: groupmembers.php?group_uuid=".$group_uuid."&group_name=".$group_name);
 
 ?>

core/users/groupmemberdelete.php

@@ -47,12 +47,12 @@ else {
 
 //delete the group membership
 	$sql_delete = "delete from v_group_users ";
-	$sql_delete .= "where domain_uuid = '$domain_uuid' ";
-	$sql_delete .= "and user_uuid = '$user_uuid' ";
-	$sql_delete .= "and group_uuid = '$group_uuid' ";
+	$sql_delete .= "where user_uuid = '".$user_uuid."' ";
+	$sql_delete .= "and group_uuid = '".$group_uuid."' ";
 	if (!$db->exec($sql_delete)) {
 		$info = $db->errorInfo();
-		print_r($info);
+		echo "<pre>".print_r($info, true)."</pre>";
+		exit;
 	}
 	else {
 		//$log_type = 'group'; $log_status='remove'; $log_add_user=$_SESSION["username"]; $log_desc= "username: ".$username." removed from group: ".$group_name;
@@ -60,6 +60,7 @@ else {
 	}
 
 //redirect the user
-	header("Location: groupmembers.php?group_uuid=$group_uuid&group_name=$group_name");
+	$_SESSION["message"] = $text['message-delete'];
+	header("Location: groupmembers.php?group_uuid=".$group_uuid."&group_name=".$group_name);
 
 ?>

core/users/groupmembers.php

@@ -44,16 +44,27 @@ else {
 	$language = new text;
 	$text = $language->get();
 
-//get the http value and set as a variable
-	$group_uuid = $_GET["group_uuid"];
-	$group_name = $_GET["group_name"];
+//get the group uuid, lookup domain uuid (if any) and name
+	$group_uuid = check_str($_REQUEST['group_uuid']);
+	$sql = "select domain_uuid, group_name from v_groups ";
+	$sql .= "where group_uuid = '".$group_uuid."' ";
+	$prep_statement = $db->prepare(check_sql($sql));
+	$prep_statement->execute();
+	$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
+	foreach ($result as &$row) {
+		$domain_uuid = $row["domain_uuid"];
+		$group_name = $row["group_name"];
+		break; //limit to 1 row
+	}
+	unset ($prep_statement);
 
 //define the if group members function
-	function if_group_members($db, $group_uuid, $user_uuid) {
+	function is_group_member($group_uuid, $user_uuid) {
+		global $db, $domain_uuid;
 		$sql = "select * from v_group_users ";
-		$sql .= "where domain_uuid = '$domain_uuid' ";
-		$sql .= "and group_uuid = '$group_uuid' ";
-		$sql .= "and user_uuid = '$user_uuid' ";
+		$sql .= "where user_uuid = '".$user_uuid."' ";
+		$sql .= "and group_uuid = '".$group_uuid."' ";
+		$sql .= "and domain_uuid = '".(($domain_uuid != '') ? $domain_uuid : $_SESSION['domain_uuid'])."' ";
 		$prep_statement = $db->prepare(check_sql($sql));
 		$prep_statement->execute();
 		if (count($prep_statement->fetchAll(PDO::FETCH_NAMED)) == 0) { return true; } else { return false; }
@@ -61,22 +72,15 @@ else {
 	}
 	//$exampledatareturned = example("apples", 1);
 
-//get the group from v_groups
-	$sql = "select * from v_groups ";
-	$sql .= "where group_uuid = '".$group_uuid."' ";
-	$sql .= "and (domain_uuid = '".$_SESSION['domain_uuid']."' or domain_uuid is null) ";
-	$prep_statement = $db->prepare(check_sql($sql));
-	$prep_statement->execute();
-	$groups = $prep_statement->fetchAll(PDO::FETCH_NAMED);
-	foreach ($groups as &$row) {
-		$group_name = $row["group_name"];
-	}
-	unset ($prep_statement);
-
 //get the the users array
 	if (permission_exists('group_member_add')) {
-		$sql = "SELECT * FROM v_users ";
-		$sql .= "where domain_uuid = '$domain_uuid' ";
+		$sql = "select * from v_users where ";
+		if ($domain_uuid != '') {
+			$sql .= "domain_uuid = '".$domain_uuid."' ";
+		}
+		else {
+			$sql .= "domain_uuid = '".$_SESSION['domain_uuid']."' ";
+		}
 		$sql .= "order by username ";
 		$prep_statement = $db->prepare(check_sql($sql));
 		$prep_statement->execute();
@@ -84,10 +88,16 @@ else {
 	}
 
 //get the groups users
-	$sql = "SELECT u.user_uuid, u.username, g.group_user_uuid, g.group_uuid FROM v_group_users as g, v_users as u ";
+	$sql = "select u.user_uuid, u.username, g.group_user_uuid, g.domain_uuid, g.group_uuid ";
+	$sql .= "from v_group_users as g, v_users as u ";
 	$sql .= "where g.user_uuid = u.user_uuid ";
-	$sql .= "and g.domain_uuid = '$domain_uuid' ";
-	$sql .= "and g.group_uuid = '$group_uuid' ";
+	if ($domain_uuid != '') {
+		$sql .= "and g.domain_uuid = '".$domain_uuid."' ";
+	}
+	if (!permission_exists('user_all')) {
+		$sql .= "and u.domain_uuid = '".$_SESSION['domain_uuid']."' ";
+	}
+	$sql .= "and g.group_uuid = '".$group_uuid."' ";
 	$prep_statement = $db->prepare(check_sql($sql));
 	$prep_statement->execute();
 	$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
@@ -104,7 +114,7 @@ else {
 	echo "<table width='100%' cellpadding='0' cellspacing='0' border='0'>\n";
 	echo "	<tr>\n";
 	echo "		<td width='100%' align='left' valign='top'>\n";
-	echo "			<b>".$text['header-group_members'].$group_name."</b>";
+	echo "			<b>".$text['header-group_members'].$group_name."</b>\n";
 	echo "		</td>\n";
 	echo "		<td align='right' nowrap='nowrap' valign='middle'>\n";
 	echo "			<input type='button' class='btn' style='margin-right: 15px;' alt='".$text['button-back']."' onclick=\"window.location='groups.php'\" value='".$text['button-back']."'>";
@@ -112,18 +122,18 @@ else {
 	if (permission_exists('group_member_add')) {
 		echo "		<td align='right' nowrap='nowrap' valign='top'>\n";
 		echo "			<form method='post' action='groupmemberadd.php'>";
-		echo "			<select name=\"user_uuid\" style='width: 200px;' class='formfld'>\n";
-		echo "				<option value=\"\"></option>\n";
+		echo "			<select name='user_uuid' style='width: 200px;' class='formfld'>\n";
+		echo "				<option value=''></option>\n";
 		foreach($users as $field) {
-			$username = $field['username'];
-			if (if_group_members($db, $group_uuid, $field['user_uuid']) && !in_array($field['user_uuid'], $group_users)) {
+			if (is_group_member($group_uuid, $field['user_uuid'])) {
 				echo "		<option value='".$field['user_uuid']."'>".$field['username']."</option>\n";
 			}
 		}
 		unset($sql, $users);
 		echo "			</select>";
-		echo "			<input type='hidden' name='group_uuid' value='$group_uuid'>";
-		echo "			<input type='hidden' name='group_name' value='$group_name'>";
+		echo "			<input type='hidden' name='domain_uuid' value='".(($domain_uuid != '') ? $domain_uuid : $_SESSION['domain_uuid'])."'>";
+		echo "			<input type='hidden' name='group_uuid' value='".$group_uuid."'>";
+		echo "			<input type='hidden' name='group_name' value='".$group_name."'>";
 		echo "			<input type='submit' class='btn' value='".$text['button-add_member']."'>";
 		echo "			</form>";
 		echo "		</td>\n";
@@ -132,40 +142,43 @@ else {
 	echo "</table>\n";
 	echo "<br>";
 
-	$strlist = "<table width='100%' border='0' cellpadding='0' cellspacing='0'>\n";
-	$strlist .= "<tr>\n";
-	$strlist .= "	<th align=\"left\" nowrap> &nbsp; ".$text['label-username']." &nbsp; </th>\n";
-	$strlist .= "	<th align=\"left\" nowrap> &nbsp; &nbsp; </th>\n";
-	$strlist .= "	<td width='22' align=\"right\" nowrap>\n";
-	$strlist .= "		&nbsp;\n";
-	$strlist .= "	</td>\n";
-	$strlist .= "</tr>\n";
+	$echo = "<table class='tr_hover' width='100%' border='0' cellpadding='0' cellspacing='0'>\n";
+	$echo .= "<tr>\n";
+	if (permission_exists('user_all')) {
+		$echo .= "<th width='30%' align='left' nowrap>".$text['label-domain']."</th>\n";
+	}
+	$echo .= "	<th align='left' nowrap>".$text['label-username']."</th>\n";
+	$echo .= "	<td width='25' align='right' nowrap>&nbsp;</td>\n";
+	$echo .= "</tr>\n";
 
 	$count = 0;
 	foreach ($result as &$row) {
 		$group_user_uuid = $row["group_user_uuid"];
 		$username = $row["username"];
 		$user_uuid = $row["user_uuid"];
+		$domain_uuid = $row["domain_uuid"];
 		$group_uuid = $row["group_uuid"];
-		$strlist .= "<tr'>";
-		$strlist .= "<td align=\"left\"  class='".$row_style[$c]."' nowrap> &nbsp; $username &nbsp; </td>\n";
-		$strlist .= "<td align=\"left\"  class='".$row_style[$c]."' nowrap> &nbsp; </td>\n";
-		$strlist .= "<td class='list_control_icons' style='width: 25px;'>";
+		$echo .= "<tr>";
+		if (permission_exists('user_all')) {
+			$echo .= "<td align='left' class='".$row_style[$c]."' nowrap>".$_SESSION['domains'][$domain_uuid]['domain_name']."</td>\n";
+		}
+		$echo .= "<td align='left' class='".$row_style[$c]."' nowrap>".$username."</td>\n";
+		$echo .= "<td class='list_control_icons' style='width: 25px;'>";
 		if (permission_exists('group_member_delete')) {
-			$strlist .= "<a href='groupmemberdelete.php?user_uuid=$user_uuid&group_name=$group_name&group_uuid=$group_uuid' onclick=\"return confirm('".$text['confirm-delete']."')\" alt='".$text['button-delete']."'>$v_link_label_delete</a>";
+			$echo .= "<a href='groupmemberdelete.php?user_uuid=".$user_uuid."&group_name=".$group_name."&group_uuid=".$group_uuid."' onclick=\"return confirm('".$text['confirm-delete']."')\" alt='".$text['button-delete']."'>".$v_link_label_delete."</a>";
 		}
-		$strlist .= "</td>\n";
-		$strlist .= "</tr>\n";
+		$echo .= "</td>\n";
+		$echo .= "</tr>\n";
 
-		if ($c==0) { $c=1; } else { $c=0; }
+		$c = ($c) ? 0 : 1;
 
 		$group_users[] = $row["user_uuid"];
 		$count++;
 	}
 
-	$strlist .= "</table>\n";
-	echo $strlist;
-	echo "<br><br>";
+	$echo .= "</table>\n";
+	$echo .= "<br /><br />";
+	echo $echo;
 
 //include the footer
 	require_once "resources/footer.php";

core/users/groups.php

@@ -46,24 +46,49 @@ require_once "resources/require.php";
 	if (isset($_REQUEST["change"])) {
 		//get the values from the HTTP POST and save them as PHP variables
 		$change = check_str($_REQUEST["change"]);
+		$group_uuid = check_str($_REQUEST["group_uuid"]);
 		$group_name = check_str($_REQUEST["group_name"]);
 
-		$sql = "update v_groups set ";
-		$sql .= "group_protected = '$change' ";
-		$sql .= "where domain_uuid = '$domain_uuid' ";
-		$sql .= "and group_name = '$group_name' ";
+		$sql = "update v_groups set group_protected = '".$change."' ";
+		$sql .= "where group_uuid = '".$group_uuid."' ";
+		if (!permission_exists('group_domain')) {
+			$sql .= "and (";
+			$sql .= "	domain_uuid = '".$domain_uuid."' ";
+			$sql .= "	or domain_uuid is null ";
+			$sql .= ") ";
+		}
 		$db->exec(check_sql($sql));
 		unset($sql);
+
+		$_SESSION["message"] = $text['message-update'];
 	}
 
 //get the groups
-	$sql = "SELECT * FROM v_groups ";
-	$sql .= "where domain_uuid = '$domain_uuid' ";
-	$sql .= "or domain_uuid is null ";
-	$sql .= "order by group_name asc ";
+	$sql = "select * from v_groups ";
+	if (!(permission_exists('group_all') && $_GET['showall'] == 'true')) {
+		$sql .= "where domain_uuid = '".$domain_uuid."' ";
+		$sql .= "or domain_uuid is null ";
+	}
+	$sql .= "order by domain_uuid desc, group_name asc ";
 	$prep_statement = $db->prepare(check_sql($sql));
 	$prep_statement->execute();
 	$groups = $prep_statement->fetchAll(PDO::FETCH_NAMED);
+	unset($sql, $prep_statement);
+	$system_groups = array('superadmin','admin','user','public','agent');
+
+//get group counts
+	$sql = "select group_uuid, count(user_uuid) as group_count from v_group_users ";
+	if (!permission_exists('user_all')) {
+		$sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' ";
+	}
+	$sql .= "group by group_uuid ";
+	$prep_statement = $db->prepare(check_sql($sql));
+	$prep_statement->execute();
+	$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
+	foreach ($result as $row) {
+		$group_counts[$row['group_uuid']] = $row['group_count'];
+	}
+	unset($sql, $prep_statement, $result, $row);
 
 //show the content
 	echo "<table width='100%' cellpadding='0' cellspacing='0' border='0'>";
@@ -73,6 +98,11 @@ require_once "resources/require.php";
 	echo "	<br><br>";
 	echo "</td>";
 	echo "<td width='50%' align='right' valign='top'>";
+	if (permission_exists('group_all')) {
+		if ($_GET['showall'] != 'true') {
+			echo "<input type='button' class='btn' value='".$text['button-show_all']."' onclick=\"window.location='groups.php?showall=true';\">\n";
+		}
+	}
 	if (permission_exists('user_view')) {
 		echo "  <input type='button' class='btn' onclick=\"window.location='index.php'\" value='".$text['header-user_manager']."'>";
 	}
@@ -88,24 +118,28 @@ require_once "resources/require.php";
 	$row_style["0"] = "row_style0";
 	$row_style["1"] = "row_style1";
 
-	$strlist = "<table class='tr_hover' width='100%' border='0' cellpadding='0' cellspacing='0'>\n";
-	$strlist .= "<tr class='border'>\n";
-	$strlist .= "	<th nowrap>".$text['label-group_name']."</th>\n";
-	$strlist .= "	<th nowrap>".$text['label-group_tools']."</th>\n";
-	$strlist .= "	<th style='text-align: center;' nowrap>".$text['label-group_protected']."</th>\n";
-	$strlist .= "	<th nowrap>".$text['label-group_description']."</th>\n";
-	$strlist .= "	<td class='list_control_icons' style='width: 25px;'>";
+	$echo = "<table class='tr_hover' width='100%' border='0' cellpadding='0' cellspacing='0'>\n";
+	$echo .= "<tr class='border'>\n";
+	if (permission_exists('group_all') && $_GET['showall'] == 'true') {
+		$echo .= "	<th nowrap>".$text['label-domain']."</th>\n";
+	}
+	$echo .= "	<th nowrap>".$text['label-group_name']."</th>\n";
+	$echo .= "	<th nowrap>".$text['label-group_tools']."</th>\n";
+	$echo .= "	<th style='text-align: center;' nowrap>".$text['label-group_protected']."</th>\n";
+	$echo .= "	<th nowrap>".$text['label-group_description']."</th>\n";
+	$echo .= "	<td class='list_control_icons' style='width: 25px;'>";
 	if (permission_exists('group_add')) {
-		$strlist .= "<a href='groupadd.php' alt='".$text['button-add']."'>$v_link_label_add</a>";
+		$echo .= "<a href='groupadd.php' alt='".$text['button-add']."'>".$v_link_label_add."</a>";
 	}
-	$strlist .= "	</td>\n";
-	$strlist .= "</tr>\n";
+	$echo .= "	</td>\n";
+	$echo .= "</tr>\n";
 
 	$count = 0;
 	foreach ($groups as &$row) {
+		$domain_uuid = $row['domain_uuid'];
 		$group_uuid = $row["group_uuid"];
 		$group_name = $row["group_name"];
-		$group_protected= $row["group_protected"];
+		$group_protected = $row["group_protected"];
 		$group_description = $row["group_description"];
 		if (strlen($group_name) == 0) { $group_name = "&nbsp;"; }
 		if (strlen($group_description) == 0) { $group_description = "&nbsp;"; }
@@ -115,75 +149,73 @@ require_once "resources/require.php";
 			//hide the superadmin group from non superadmin's
 		}
 		else {
-			/*
-			$tr_link = (permission_exists('group_edit')) ? "href='groupedit.php?id=".$group_uuid."'" : null;
-			*/
-			$strlist .= "<tr ".$tr_link.">\n";
-			$strlist .= "<td class='".$row_style[$c]."' nowrap>";
-			/*
-			if (permission_exists('group_edit')) {
-				$strlist .= "<a href='groupedit.php?id=".$group_uuid."'>".$group_name."</a>";
+			if (permission_exists('group_edit') && !($domain_uuid == '' && in_array($group_name, $system_groups))) {
+				$tr_link = (permission_exists('group_edit')) ? "href='groupedit.php?id=".$group_uuid."'" : null;
 			}
 			else {
-			*/
-				$strlist .= $group_name;
-			/*
+				unset($tr_link);
 			}
-			*/
-			$strlist .= "</td>\n";
-			$strlist .= "<td class='".$row_style[$c]."' nowrap>\n";
-			if (permission_exists('group_add') || if_group("superadmin")) {
-				$strlist .= "<a class='' href='group_permissions.php?group_uuid=".$group_uuid."&group_name=".$group_name."' title='".$text['label-group_permissions']."'>".$text['label-group_permissions']."</a>&nbsp;&nbsp;";
+			$echo .= "<tr ".$tr_link.">\n";
+			if (permission_exists('group_all') && $_GET['showall'] == 'true') {
+				$echo .= "<td class='".$row_style[$c]."' nowrap>";
+				$echo .= 	($domain_uuid != '') ? $_SESSION['domains'][$domain_uuid]['domain_name'] : "<i>".$text['label-global']."</i>";
+				$echo .= "</td>\n";
 			}
-			if (permission_exists('group_member_view') || if_group("superadmin")) {
-				$strlist .= "<a class='' href='groupmembers.php?group_uuid=".$group_uuid."&group_name=".$group_name."' title='".$text['label-group_members']."'>".$text['label-group_members']."</a>";
-			}
-			$strlist .= "</td>\n";
-			$strlist .= "<td class='".$row_style[$c]."' style=\"padding: 0px; text-align: center;\" align=\"center\" nowrap>\n";
-			if ($group_protected == "true") {
-				$strlist .= "		<input type='checkbox' name='group_protected' checked='checked' value='true' onchange=\"window.location='".PROJECT_PATH."/core/users/groups.php?change=false&group_uuid=".$group_uuid."&group_name=".$group_name."';\">\n";
+			$echo .= "<td class='".$row_style[$c]."' nowrap>";
+			if (permission_exists('group_edit') && !($domain_uuid == '' && in_array($group_name, $system_groups))) {
+				$echo .= "<a href='groupedit.php?id=".$group_uuid."'>".(($domain_uuid == '' && $_GET['showall'] != 'true') ? "<i>".$group_name."</i>" : $group_name)."</a>";
 			}
 			else {
-				$strlist .= "		<input type='checkbox' name='group_protected' value='false' onchange=\"window.location='".PROJECT_PATH."/core/users/groups.php?change=true&group_uuid=".$group_uuid."&group_name=".$group_name."';\">\n";
+				$echo .= ($domain_uuid == '' && $_GET['showall'] != 'true') ? "<i>".$group_name."</i>" : $group_name;
+			}
+			$echo .= "</td>\n";
+			$echo .= "<td class='".$row_style[$c]." tr_link_void' nowrap>\n";
+			if (permission_exists('group_add') || if_group("superadmin")) {
+				$echo .= "<a class='' href='group_permissions.php?group_uuid=".$group_uuid."' title='".$text['label-group_permissions']."'>".$text['label-group_permissions']."</a>&nbsp;&nbsp;&nbsp;";
 			}
-			$strlist .= "</td>\n";
-			$strlist .= "<td class='row_stylebg' nowrap>".$group_description."</td>\n";
-			$strlist .= "<td class='list_control_icons' style='width: 25px;'>";
-			/*
-			if (permission_exists('group_edit')) {
-				$strlist .= "<a href='groupedit.php?id=$group_uuid' alt='".$text['button-edit']."'>$v_link_label_edit</a>";
+			if (permission_exists('group_member_view') || if_group("superadmin")) {
+				$echo .= "<a class='' href='groupmembers.php?group_uuid=".$group_uuid."&group_name=".$group_name."' title='".$text['label-group_members']."'>".$text['label-group_members']."</a>";
+				if (sizeof($group_counts) > 0 && $group_counts[$group_uuid] > 0) {
+					$echo .= " <span style='font-size: 80%;'>(".$group_counts[$group_uuid].")</span>";
+				}
 			}
-			*/
-			if (permission_exists('group_delete')) {
-				$strlist .= "<a href='groupdelete.php?id=$group_uuid' onclick=\"return confirm('".$text['confirm-delete']."')\" alt='".$text['button-delete']."'>$v_link_label_delete</a>";
+			$echo .= "</td>\n";
+			$echo .= "<td class='".$row_style[$c]." tr_link_void' style='padding: 0px; text-align: center;' align='center' nowrap>\n";
+			$echo .= "	<input type='checkbox' name='group_protected' ".(($group_protected == "true") ? "checked='checked'" : null)." value='".(($group_protected == "true") ? 'false' : 'true')."' onchange=\"window.location='".PROJECT_PATH."/core/users/groups.php?change=".(($group_protected == "true") ? 'false' : 'true')."&group_uuid=".$group_uuid."&group_name=".$group_name.(($_GET['showall'] == 'true') ? "&showall=true" : null)."';\">\n";
+			$echo .= "</td>\n";
+			$echo .= "<td class='row_stylebg' nowrap>".$group_description."</td>\n";
+			$echo .= "<td class='list_control_icons' style='width: 25px;'>";
+			if (!($domain_uuid == '' && in_array($group_name, $system_groups))) {
+				if (permission_exists('group_edit')) {
+					$echo .= "<a href='groupedit.php?id=".$group_uuid."' alt='".$text['button-edit']."'>".$v_link_label_edit."</a>";
+				}
+				if (permission_exists('group_delete')) {
+					$echo .= "<a href='groupdelete.php?id=".$group_uuid."' onclick=\"return confirm('".$text['confirm-delete']."')\" alt='".$text['button-delete']."'>".$v_link_label_delete."</a>";
+				}
 			}
-			$strlist .= "</td>\n";
-			$strlist .= "</tr>\n";
+			$echo .= "</td>\n";
+			$echo .= "</tr>\n";
 		}
-		if ($c==0) { $c=1; } else { $c=0; }
+		$c = ($c) ? 0 : 1;
 		$count++;
 	}
 
-	$strlist .= "<tr>\n";
-	$strlist .= "<td colspan='4'>&nbsp;</td>";
-	$strlist .= "<td class='list_control_icons' style='width: 25px;'>";
+	$echo .= "<tr>\n";
+	$echo .= "<td colspan='".((permission_exists('group_all') && $_GET['showall'] == 'true') ? 5 : 4)."'>&nbsp;</td>";
+	$echo .= "<td class='list_control_icons' style='width: 25px;'>";
 	if (permission_exists('group_add')) {
-		$strlist .= "<a href='groupadd.php' alt='".$text['button-add']."'>$v_link_label_add</a>";
+		$echo .= "<a href='groupadd.php' alt='".$text['button-add']."'>".$v_link_label_add."</a>";
 	}
-	$strlist .= "</td>\n";
-	$strlist .= "</tr>\n";
+	$echo .= "</td>\n";
+	$echo .= "</tr>\n";
+
+	$echo .= "</table>\n";
+	$echo .= "<br>";
 
-	$strlist .= "</table>\n";
 	if ($count > 0) {
-		echo $strlist;
+		echo $echo;
 	}
 
-	echo "</td>";
-	echo "</tr>";
-	echo "</table>";
-	echo "<br>";
-	echo "</div>";
-
 //show the footer
 	require_once "resources/footer.php";
 

core/users/usersupdate.php

@@ -62,9 +62,6 @@ else {
 			$group_uuid = check_str($_GET["group_uuid"]);
 		//delete the group from the users
 			$sql = "delete from v_group_users where 1 = 1 ";
-			if (!permission_exists('user_domain')) {
-				$sql .= "and domain_uuid = '".$domain_uuid."' ";
-			}
 			$sql .= "and group_uuid = '".$group_uuid."' ";
 			$sql .= "and user_uuid = '".$user_uuid."' ";
 			$db->exec(check_sql($sql));
@@ -100,6 +97,7 @@ if (count($_POST) > 0 && $_POST["persistform"] != "1") {
 
 	//get the HTTP values and set as variables
 		$user_uuid = $_REQUEST["id"];
+		$domain_uuid = check_str($_POST["domain_uuid"]);
 		$username_old = check_str($_POST["username_old"]);
 		$username = check_str($_POST["username"]);
 		$password = check_str($_POST["password"]);
@@ -112,15 +110,6 @@ if (count($_POST) > 0 && $_POST["persistform"] != "1") {
 		$user_enabled = check_str($_POST["user_enabled"]);
 		$api_key = check_str($_POST["api_key"]);
 
-	//get the domain_uuid
-		if (permission_exists('user_domain')) {
-			$domain_uuid = check_str($_POST["domain_uuid"]);
-		}
-		else {
-			$_POST["domain_uuid"] = $_SESSION['domain_uuid'];
-			$domain_uuid = $_SESSION['domain_uuid'];
-		}
-
 	//check required values
 		if ($username != $username_old) {
 			$sql = "select count(*) as num_rows from v_users where domain_uuid = '".$domain_uuid."' and username = '".$username."'";
@@ -377,20 +366,19 @@ if (count($_POST) > 0 && $_POST["persistform"] != "1") {
 		return;
 
 }
-else {
 
-	$sql = "select * from v_users where 1 = 1 ";
-	if (!permission_exists('user_domain')) {
-		$sql .= "and domain_uuid = '$domain_uuid' ";
-	}
-	$sql .= "and user_uuid = '$user_uuid' ";
+
+//pre-populate the form
+	$sql = "select * from v_users ";
+	$sql .= "where user_uuid = '".$user_uuid."' ";
+ 	if (!permission_exists('user_all')) {
+ 		$sql .= "and domain_uuid = '".$domain_uuid."' ";
+ 	}
 	$prep_statement = $db->prepare(check_sql($sql));
 	$prep_statement->execute();
 	$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
 	foreach ($result as &$row) {
-		if (permission_exists('user_domain')) {
-			$domain_uuid = $row["domain_uuid"];
-		}
+		$domain_uuid = $row["domain_uuid"];
 		$user_uuid = $row["user_uuid"];
 		$username = $row["username"];
 		$password = $row["password"];
@@ -404,7 +392,6 @@ else {
 	//group_members function defined in config.php
 	$group_members = group_members($db, $user_uuid);
 
-}
 
 //include the header
 	require_once "resources/header.php";
@@ -502,6 +489,9 @@ else {
 		echo "</td>\n";
 		echo "</tr>\n";
 	}
+	else {
+		echo "<input type='hidden' name='domain_uuid' value='".$domain_uuid."'>";
+	}
 
 	echo "	<tr>";
 	echo "		<td class='vncellreq' valign='top'>".$text['label-groups']."</td>";