Revize ad5ad0be
Přidáno uživatelem Tomáš Pašek před téměř 4 roky(ů)
| application/controller/DeleteUserController.php | ||
|---|---|---|
| 5 | 5 |
|
| 6 | 6 |
if (array_key_exists("loggedIn", $_SESSION) && $_SESSION['loggedIn'] == "true" && array_key_exists("role", $_SESSION) && $_SESSION['role'] == "admin") {
|
| 7 | 7 |
$DB = new DB(); |
| 8 |
$result = $DB->deleteUser($_POST['userId']); |
|
| 8 |
$results = $DB->select("SELECT id, username, role from USERS WHERE role = 'admin'", array());
|
|
| 9 |
if (sizeof($results) == 1) { //at least one admin must still exist
|
|
| 10 |
if ($results[0]["id"] != $_POST['userId']) {
|
|
| 11 |
$result = $DB->deleteUser($_POST['userId']); |
|
| 12 |
} |
|
| 13 |
} else if (sizeof($results) > 1) {
|
|
| 14 |
$result = $DB->deleteUser($_POST['userId']); |
|
| 15 |
} |
|
| 9 | 16 |
} |
| application/controller/UpdateUserRoleController.php | ||
|---|---|---|
| 4 | 4 |
|
| 5 | 5 |
if (array_key_exists("loggedIn", $_SESSION) && $_SESSION['loggedIn'] == "true" && array_key_exists("role", $_SESSION) && $_SESSION['role'] == "admin") {
|
| 6 | 6 |
$DB = new DB(); |
| 7 |
|
|
| 8 |
$results = $DB->updateUserRole($_POST["userId"], $_POST["role"]); |
|
| 7 |
$results = $DB->select("SELECT id, username, role from USERS WHERE role = 'admin'", array());
|
|
| 8 |
if (sizeof($results) == 1) { //at least one admin must still exist
|
|
| 9 |
if ($results[0]["id"] != $_POST['userId']) {
|
|
| 10 |
$results = $DB->updateUserRole($_POST["userId"], $_POST["role"]); |
|
| 11 |
} |
|
| 12 |
} else if (sizeof($results) > 1) {
|
|
| 13 |
$results = $DB->updateUserRole($_POST["userId"], $_POST["role"]); |
|
| 14 |
} |
|
| 9 | 15 |
|
| 10 | 16 |
echo json_encode(count($results) == 0 ? null : $results); |
| 11 | 17 |
} |
| application/view/contents/userContent.php | ||
|---|---|---|
| 1 | 1 |
<?php |
| 2 | 2 |
if (isset($_SESSION['role']) && $_SESSION['role'] == "admin") {
|
| 3 |
$loggedUserId = $_SESSION['id']; |
|
| 3 | 4 |
echo "<script> |
| 4 | 5 |
//what to do when page renders |
| 5 | 6 |
window.onload = function() {
|
| ... | ... | |
| 42 | 43 |
result += \"<tr>\"; |
| 43 | 44 |
result += \"<td>\" + item.username + \"</td>\"; |
| 44 | 45 |
result += \"<td>\" + item.role + \"</td>\"; |
| 45 |
(item.role !== \"admin\") ? (result += \"<td class='action-td'>\" + |
|
| 46 |
|
|
| 47 |
if (item['id'] != \"$loggedUserId\") {
|
|
| 48 |
result += \"<td class='action-td'>\" + |
|
| 46 | 49 |
\"<button class='btn ml-1' title='Upravit' data-toggle='modal' data-target='#edit-modal' data-pseudo-id='\" + id + \"' data-title='Upravit uživatele'><i class='fa fa-pencil'></i></button>\" + |
| 47 | 50 |
\"<button class='btn ml-1' title='Odstranit' data-toggle='modal' data-target='#remove-modal' data-pseudo-id='\" + id + \"'><i class='fa fa-trash'></i></button>\" + |
| 48 |
\"</td>\") : result += \"<td class='action-td'/>\"; |
|
| 51 |
\"</td>\"} else {result += \"<td></td>\"}
|
|
| 52 |
|
|
| 53 |
|
|
| 49 | 54 |
result += \"</tr>\"; |
| 50 | 55 |
}); |
| 51 | 56 |
document.getElementById(\"search-table\").innerHTML = result; |
Také k dispozici: Unified diff
Enhancement #8757 Refactoring, server-side