TomaHost/Chamilo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Actualización

Browse Source
This commit is contained in:
Xes
2025-04-10 12:49:05 +02:00
parent 4aff98e77b
commit 1cdd00920f
9151 changed files with 1800913 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

54
main/permissions/all_permissions.inc.php Normal file
View File

@@ -0,0 +1,54 @@
<?php
/**
* In this page all the possible rights inside a course are defined.
* This is the start for the Matrix that you'll use to assign rights to
* a user, group or role.
*
* @author Patrick Cool <patrick.cool@ugent.be>, Ghent University
*
* @package chamilo.permissions
*/
// possible permissions
$rights_full = ["View", "Add", "Edit", "Delete", "Visibility", "Move"];
$rights_limited = ["Add", "Edit", "Delete"];
// first we determine what can be done in each tool. We do this for each tool.
$tool_rights[TOOL_LINK] = [
"View",
"Add",
"Edit",
"Delete",
"Visibility",
"Move",
];
$tool_rights[TOOL_DOCUMENT] = [
"View",
"Add",
"Edit",
"Delete",
"Visibility",
"Move",
];
//$tool_rights[TOOL_CALENDAR_EVENT]=array("View","Add","Edit","Delete","Visibility");
$tool_rights[TOOL_ANNOUNCEMENT] = [
"View",
"Add",
"Edit",
"Delete",
"Visibility",
"Move",
];
//$tool_rights[TOOL_STUDENTPUBLICATION]=array("View","Edit","Delete","Visibility");
//$tool_rights[TOOL_COURSE_DESCRIPTION]=array("View","Add","Edit","Delete","Visibility");
//$tool_rights[TOOL_LEARNPATH]=array("View","Add","Edit","Delete","Visibility");
//$tool_rights[TOOL_BB_FORUM]=array("View","Add","Edit","Delete");
//$tool_rights[TOOL_BB_POST]=array("View","Add","Edit","Delete");
//$tool_rights[TOOL_DROPBOX]=array("View","Add","Delete");
//$tool_rights[TOOL_QUIZ]=array("View","Add","Edit","Delete","Visibility");
$tool_rights[TOOL_USER] = ["View", "Add", "Edit", "Delete"];
//$tool_rights[TOOL_GROUP]=array("View","Add","Edit","Delete");
//$tool_rights[TOOL_CHAT]=array("View","Delete");
//$tool_rights[TOOL_STUDENTPUBLICATION]=array("View","Add","Edit","Delete");
// this value can be checkbox or image
$setting_visualisation = 'image';

197
main/permissions/blog_permissions.inc.php Normal file
View File

@@ -0,0 +1,197 @@
<?php
/**
* smartBlogs add-on: it must be possible to change rights for every single blog
* in a course.
*
* @author Toon Keppens
*
* @package chamilo.permissions
*/
/**
* Init.
*/
$rights_full = [
"article_add",
"article_delete",
"article_edit",
"article_rate",
"article_comments_add",
"article_comments_delete",
"article_comments_rate",
"task_management",
"member_management",
"role_management",
];
$rights_limited = ["Add", "Edit", "Delete"];
$rights_blog = [
"article_add",
"article_delete",
"article_edit",
"article_rate",
"article_comments_add",
"article_comments_delete",
"article_comments_rate",
"task_management",
"member_management",
"role_management",
];
$course_tool_table = Database::get_course_table(TABLE_TOOL_LIST);
// Get all user
$blog_users = Blog::getBlogUsers($_GET['blog_id']);
$course_id = api_get_course_int_id();
// Remove the blog creater because he has all the rights automatically
// and we want to keep it that way.
$tbl_course_rel_user = $table = Database::get_main_table(TABLE_MAIN_COURSE_USER);
$sql = "SELECT user_id
FROM $tbl_course_rel_user
WHERE status = '1' AND c_id = '".api_get_course_int_id()."'";
$result = Database::query($sql);
while ($user = Database::fetch_assoc($result)) {
unset($blog_users[$user['user_id']]);
}
//$user_id=$userIdViewed;
if (isset($mainUserInfo) && isset($mainUserInfo['status']) && $mainUserInfo['status'] == 1) {
$course_admin = 1;
}
include_once 'permissions_functions.inc.php';
// ACTIONS
if (isset($_GET['do'])) {
if (isset($_GET['permission']) and isset($_GET['tool']) and ($_GET['do'] == 'grant' or $_GET['do'] == 'revoke')) {
$result_message = store_one_permission(
'user',
$_GET['do'],
$_GET['user_id'],
$_GET['tool'],
$_GET['permission']
);
}
if (isset($_GET['role']) and ($_GET['do'] == 'grant' or $_GET['do'] == 'revoke')) {
$result_message = assign_role(
'user',
$_GET['do'],
$user_id,
$_GET['role'],
$_GET['scope']
);
}
}
// ------------------------------------------------------------------
// RETRIEVING THE PERMISSIONS OF THE ROLES OF THE USER
// ------------------------------------------------------------------
if (api_get_setting('user_roles') == 'true') {
// course roles that are assigned to the user
$current_user_role_permissions_of_user = get_roles_permissions('user', $user_id);
$inherited_permissions = permission_array_merge($inherited_permissions, $current_user_role_permissions_of_user);
// NOTE: deze array moet nog gemerged worden met de $inherited_permissions array
// (heet momenteel nog $current_group_permissions_of_user omdat voorlopig enkel de
// groepsge<67>rfde permissions in beschouwing worden genomen
// dit moet ook de rol permissies van rollen die toegekend worden aan een gebruiker
// en de rol permissies van rollen die toegekend worden aan de groepen van een gebruiker
// omvatten.
// NOTE: checken als de rollen brol wel degelijk geactiveerd is voordat we dit allemaal
// ophalen.
// platform roles that are assigned to the user
$current_user_role_permissions_of_user = get_roles_permissions('user', $user_id, 'platform');
$inherited_permissions = permission_array_merge($inherited_permissions, $current_user_role_permissions_of_user);
}
// ------------------------------------------------------------------
// RETRIEVING THE PERMISSIONS OF THE ROLES OF THE GROUPS OF THE USER
// ------------------------------------------------------------------
if (api_get_setting('group_roles') == 'true') {
// NOTE: DIT MOET NOG VERDER UITGEWERKT WORDEN
foreach ($groups_of_user as $group) {
$this_current_group_role_permissions_of_user = get_roles_permissions('user', $user_id);
//$inherited_permissions[$tool][]=$permission;
}
}
echo "<form method=\"post\" action=\"".str_replace('&', '&amp;', $_SERVER['REQUEST_URI'])."\">";
// ---------------------------------------------------
// DISPLAYING THE ROLES LIST
// ---------------------------------------------------
if (api_get_setting('user_roles') == 'true') {
// the list of the roles for the user
echo '<strong>'.get_lang('UserRoles').'</strong><br />';
$current_user_course_roles = get_roles('user', $user_id);
$current_user_platform_roles = get_roles('user', $user_id, 'platform');
display_role_list($current_user_course_roles, $current_user_platform_roles);
echo '<br />';
}
// ---------------------------------------------------
// DISPLAYING THE MATRIX (user permissions)
// ---------------------------------------------------
echo "<table class=\"table table-hover table-striped data_table\">\n";
// the header
echo "\t<tr>\n";
echo "\t\t<th rowspan=\"2\">".get_lang('Module')."</th>\n";
echo "\t\t<th colspan=\"4\">".get_lang('ArticleManager')."</th>\n";
echo "\t\t<th colspan=\"3\">".get_lang('CommentManager')."</th>\n";
echo "\t\t<th colspan=\"3\">".get_lang('BlogManager')."</th>\n";
echo "\t</tr>\n";
// Subheader
echo "\t<tr>\n";
echo "\t\t<th align='center'>".get_lang('Add')."</th>\n";
echo "\t\t<th align='center'>".get_lang('Delete')."</th>\n";
echo "\t\t<th align='center'>".get_lang('Edit')."</th>\n";
echo "\t\t<th align='center'>".get_lang('Rate')."</th>\n";
echo "\t\t<th align='center'>".get_lang('Add')."</th>\n";
echo "\t\t<th align='center'>".get_lang('Delete')."</th>\n";
echo "\t\t<th align='center'>".get_lang('Rate')."</th>\n";
echo "\t\t<th align='center'>".get_lang('Tasks')."</th>\n";
echo "\t\t<th align='center'>".get_lang('Members')."</th>\n";
echo "\t\t<th align='center'>".get_lang('Roles')."</th>\n";
echo "\t</tr>\n";
// the main area with the checkboxes or images
foreach ($blog_users as $user_id => $user_name) { // $blog_users contains all the users in this blog
// ---------------------------------------------------
// RETRIEVING THE PERMISSIONS OF THE USER
// ---------------------------------------------------
$current_user_permissions = [];
$current_user_permissions = get_permissions('user', $user_id);
echo "\t<tr>\n";
echo "\t\t<td>\n";
echo $user_name;
echo "\t\t</td>\n";
foreach ($rights_full as $key => $value) {
echo "\t\t<td align='center'>\n";
if (in_array($value, $rights_blog)) {
display_image_matrix_for_blogs(
$current_user_permissions,
$user_id,
'BLOG_'.$blog_id,
$value,
(isset($inherited_permissions) ? $inherited_permissions : null),
(isset($course_admin) ? $course_admin : null)
);
}
// note: in a later stage this part will be replaced by a function
// so that we can easily switch between a checkbox approach or an image approach
// where every click is in fact a change of status. In the checkbox approach you first have to
// do the changes and then store them by clicking the submit button.
echo "\t\t</td>\n";
}
echo "\t</tr>\n";
}
echo "</table>\n";
echo "</form><br />";
// LEGEND
echo '<strong>'.get_lang('Legend').'</strong><br />';
echo '<img src="../img/wrong.gif" /> '.get_lang('UserHasPermissionNot').'<br />';
echo '<img src="../img/checkbox_on2.gif" /> '.get_lang('UserHasPermission').'<br />';
echo '<img src="../img/checkbox_on3.gif" /> '.get_lang('UserHasPermissionByRoleGroup').'<br />';

122
main/permissions/group_permissions.inc.php Normal file
View File

@@ -0,0 +1,122 @@
<?php
/**
* @package chamilo.permissions
*/
include_once 'permissions_functions.inc.php';
include_once 'all_permissions.inc.php';
$group_id = api_get_group_id();
echo $group_id;
// ACTIONS
if ($_POST['StoreGroupPermissions'] and $setting_visualisation == 'checkbox') {
$result_message = store_permissions('group', $group_id);
if ($result_message) {
echo Display::return_message($result_message);
}
}
if (isset($_GET['action'])) {
if (($_GET['action'] == 'grant' or $_GET['action'] == 'revoke') and isset($_GET['permission']) and isset($_GET['tool'])) {
$result_message = store_one_permission('group', $_GET['action'], $group_id, $_GET['tool'], $_GET['permission']);
}
if (isset($_GET['role']) and ($_GET['action'] == 'grant' or $_GET['action'] == 'revoke')) {
$result_message = assign_role('group', $_GET['action'], $group_id, $_GET['role'], $_GET['scope']);
echo 'hier';
}
}
if (isset($result_message)) {
echo Display::return_message($result_message);
}
// RETRIEVING THE PERMISSIONS
$current_group_permissions = [];
$current_group_permissions = get_permissions('group', $group_id);
// @todo current group permissions and current role permissions
// INHERITED PERMISSIONS (group roles)
$group_course_roles_permissions = get_roles_permissions('group', $group_id, 'course');
$group_platform_roles_permissions = get_roles_permissions('group', $group_id, 'platform');
$inherited_permissions = permission_array_merge($group_course_roles_permissions, $group_platform_roles_permissions);
// LIMITED OR FULL
$current_group_permissions = limited_or_full($current_group_permissions);
$inherited_permissions = limited_or_full($inherited_permissions);
if (api_get_setting('permissions') == 'limited') {
$header_array = $rights_limited;
}
if (api_get_setting('permissions') == 'full') {
$header_array = $rights_full;
}
echo "<form method=\"post\" action=\"".str_replace('&', '&amp;', $_SERVER['REQUEST_URI'])."\">";
// DISPLAYING THE ROLES LIST
if (api_get_setting('group_roles') == 'true') {
// the list of the roles for the user
echo '<strong>'.get_lang('GroupRoles').'</strong><br />';
$current_group_course_roles = get_roles('group', $group_id);
$current_group_platform_roles = get_roles('group', $group_id, 'platform');
display_role_list($current_group_course_roles, $current_group_platform_roles);
echo '<br />';
}
// DISPLAYING THE MATRIX (group permissions)
echo "<table class=\"table table-hover table-striped data_table\">\n";
// the header
echo "\t<tr>\n";
echo "\t\t<th>".get_lang('Module')."</th>\n";
foreach ($header_array as $header_key => $header_value) {
echo "\t\t<th>".get_lang($header_value)."</th>\n";
}
echo "\t</tr>\n";
// the main area with the checkboxes or images
foreach ($tool_rights as $tool => $rights) { // $tool_rights contains all the possible tools and their rights
echo "\t<tr>\n";
echo "\t\t<td>\n";
echo get_lang($tool);
echo "\t\t</td>\n";
foreach ($header_array as $key => $value) {
echo "\t\t<td align='center'>\n";
if (in_array($value, $rights)) {
if ($setting_visualisation == 'checkbox') {
//display_checkbox_matrix($current_group_permissions, $tool, $value);
display_checkbox_matrix(
$current_group_permissions,
$tool,
$value,
$inherited_permissions,
$course_admin
);
}
if ($setting_visualisation == 'image') {
//display_image_matrix($current_group_permissions, $tool, $value);
display_image_matrix(
$current_group_permissions,
$tool,
$value,
$inherited_permissions,
$course_admin
);
}
}
// note: in a later stage this part will be replaced by a function
// so that we can easily switch between a checkbox approach or an image approach
// where every click is in fact a change of status. In the checkbox approach you first have to
// do the changes and then store them by clicking the submit button.
echo "\t\t</td>\n";
}
echo "\t</tr>\n";
}
echo "</table>\n";
if ($setting_visualisation == 'checkbox') {
echo "<input type=\"Submit\" name=\"StoreGroupPermissions\" value=\"".get_lang('StorePermissions')."\">";
}
echo "</form>";
// LEGEND
echo '<strong>'.get_lang('Legend').'</strong><br />';
echo '<img src="../img/wrong.gif" /> '.get_lang('UserHasPermissionNot').'<br />';
echo '<img src="../img/checkbox_on2.gif" /> '.get_lang('UserHasPermission').'<br />';
echo '<img src="../img/checkbox_on3.gif" /> '.get_lang('UserHasPermissionByRoleGroup').'<br />';

7
main/permissions/index.html Normal file
View File

@@ -0,0 +1,7 @@
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
</head>
<body>
<br />
</body>
</html>

615
main/permissions/permissions_functions.inc.php Normal file
View File

@@ -0,0 +1,615 @@
<?php
/**
* This files contains the common functions for the permissions.
*
* A list of all the functions (in no particular order)
* ----------------------------------------------------
* store_permissions($content,$id)
* get_permissions($content,$id)
* limited_or_full($current_permissions)
*
* @author Patrick Cool <patrick.cool@ugent.be>, Ghent University
*
* @package chamilo.permissions
*/
/**
* This function stores the permissions in the correct table.
* Since Checkboxes are used we do not know which ones are unchecked.
* That's why we first delete them all (for the given user/group/role
* and afterwards we store the checked ones only.
*
* @param $content are we storing rights for a user, a group or a role (the database depends on it)
* @param $id the id of the user, group or role
*
* @author Patrick Cool <patrick.cool@ugent.be>, Ghent University
*
* @version 1.0
*/
function store_permissions($content, $id)
{
$course_id = api_get_course_int_id();
// Which database are we using (depending on the $content parameter)
if ($content == 'user') {
$table = Database::get_course_table(TABLE_PERMISSION_USER);
$id_field = user_id;
}
if ($content == 'group') {
$table = Database::get_course_table(TABLE_PERMISSION_GROUP);
$id_field = group_id;
}
if ($content == 'role') {
$table = Database::get_course_table(TABLE_ROLE_PERMISSION);
$id_field = role_id;
}
// We first delete all the existing permissions for that user/group/role
$sql = "DELETE FROM $table WHERE c_id = $course_id AND $id_field = '".Database::escape_string($id)."'";
$result = Database::query($sql);
// looping through the post values to find the permission (containing the string permission* )
foreach ($_POST as $key => $value) {
if (strstr($key, "permission*")) {
list($brol, $tool, $action) = explode("*", $key);
$sql = "INSERT INTO $table (c_id, $id_field,tool,action) VALUES ($course_id, '".Database::escape_string($id)."','".Database::escape_string($tool)."','".Database::escape_string($action)."')";
$result = Database::query($sql);
}
}
return get_lang('PermissionsStored');
}
/**
* This function stores one permission in the correct table.
*
* @param $content are we storing rights for a user, a group or a role (the database depends on it)
* @param $action are we granting or revoking a permission?
* @param $id the id of the user, group or role
* @param $tool the tool
* @param $permission the permission the user, group or role has been granted or revoked
*
* @author Patrick Cool <patrick.cool@ugent.be>, Ghent University
*
* @version 1.0
*/
function store_one_permission($content, $action, $id, $tool, $permission)
{
global $rights_full;
$course_id = api_get_course_int_id();
// for some reason I don't know, he can't get to the $rights_full array, so commented the following lines out.
// check
//if(!in_array($permission, $rights_full))
//{
// return get_lang('Error');
//}
// Which database are we using (depending on the $content parameter)
if ($content == 'user') {
$table = Database::get_course_table(TABLE_PERMISSION_USER);
$id_field = user_id;
}
if ($content == 'group') {
$table = Database::get_course_table(TABLE_PERMISSION_GROUP);
$id_field = group_id;
}
if ($content == 'role') {
$table = Database::get_course_table(TABLE_ROLE_PERMISSION);
$id_field = role_id;
}
// grating a right
if ($action == 'grant') {
$sql = "INSERT INTO $table (c_id, $id_field,tool,action) VALUES ($course_id, '".Database::escape_string($id)."','".Database::escape_string($tool)."','".Database::escape_string($permission)."')";
$result = Database::query($sql);
if ($result) {
$result_message = get_lang('PermissionGranted');
}
}
if ($action == 'revoke') {
$sql = "DELETE FROM $table WHERE c_id = $course_id AND $id_field = '".Database::escape_string($id)."' AND tool='".Database::escape_string($tool)."' AND action='".Database::escape_string($permission)."'";
$result = Database::query($sql);
if ($result) {
$result_message = get_lang('PermissionRevoked');
}
}
return $result_message;
}
/**
* This function retrieves the existing permissions of a user, group or role.
*
* @param string $content are we retrieving the rights of a user, a group or a role (the database depends on it)
* @param int $id the id of the user, group or role
*
* @author Patrick Cool <patrick.cool@ugent.be>, Ghent University
*
* @version 1.0
*/
function get_permissions($content, $id)
{
$course_id = api_get_course_int_id();
$currentpermissions = [];
// Which database are we using (depending on the $content parameter)
$course_id_condition = " c_id = $course_id AND ";
if ($content == 'user') {
$table = Database::get_course_table(TABLE_PERMISSION_USER);
$id_field = 'user_id';
} elseif ($content == 'group') {
$table = Database::get_course_table(TABLE_PERMISSION_GROUP);
$id_field = 'group_id';
} elseif ($content == 'role') {
$table = Database::get_course_table(TABLE_ROLE_PERMISSION);
$id_field = 'role_id';
} elseif ($content == 'platform_role') {
$table = Database::get_main_table(TABLE_ROLE_PERMISSION);
$id_field = 'role_id';
$course_id_condition = '';
} elseif ($content == 'task') {
$table = Database::get_course_table(TABLE_BLOGS_TASKS_PERMISSIONS);
$id_field = 'task_id';
}
// finding all the permissions. We store this in a multidimensional array
// where the first dimension is the tool.
$sql = "
SELECT * FROM ".$table."
WHERE $course_id_condition ".$id_field."='".Database::escape_string($id)."'";
$result = Database::query($sql);
while ($row = Database::fetch_array($result)) {
$currentpermissions[$row['tool']][] = $row['action'];
}
return $currentpermissions;
}
/**
* the array that contains the current permission a user, group or role has will now be changed depending on
* the Dokeos Config Setting for the permissions (limited [add, edit, delete] or full [view, add, edit, delete, move, visibility].
*
* @author Patrick Cool <patrick.cool@ugent.be>, Ghent University
*
* @version 1.0
*
* @todo currently there is a setting user_permissions and group_permissions. We should merge this in one config setting.
*/
function limited_or_full($current_permissions)
{
if (api_get_setting('permissions') == 'limited') {
foreach ($current_permissions as $tool => $tool_rights) {
// we loop through the possible permissions of a tool and unset the entry if it is view
// if it is visibility or move we have to grant the edit right
foreach ($tool_rights as $key => $value) {
if ($value == 'View') {
unset($current_permissions[$tool][$key]);
}
if ($value == 'Visibility' or $value == 'Move') {
if (!in_array('Edit', $current_permissions[$tool])) {
$current_permissions[$tool][] = 'Edit';
}
unset($current_permissions[$tool][$key]);
}
//else
//{
// $current_permissions[$tool][]=$value;
//}
}
}
return $current_permissions;
}
if (api_get_setting('permissions') == 'full') {
return $current_permissions;
}
}
/**
* This function displays a checked or unchecked checkbox. The checkbox will be checked if the
* user, group or role has the permission for the given tool, unchecked if the user, group or role
* does not have the right.
*
* @param $permission_array the array that contains all the permissions of the user, group, role
* @param $tool the tool we want to check a permission for
* @param $permission the permission we want to check for
*
* @author Patrick Cool <patrick.cool@ugent.be>, Ghent University
*
* @version 1.0
*/
function display_checkbox_matrix($permission_array, $tool, $permission, $inherited_permissions = [])
{
$checked = "";
if (is_array($permission_array[$tool]) and in_array($permission, $permission_array[$tool])) {
$checked = "checked";
}
echo "\t\t\t<input type=\"checkbox\" name=\"permission*$tool*$permission\" $checked>\n";
}
/**
* This function displays a checked or unchecked image. The image will be checked if the
* user, group or role has the permission for the given tool, unchecked if the user, group or role
* does not have the right.
*
* @param $permission_array the array that contains all the permissions of the user, group, role
* @param $tool the tool we want to check a permission for
* @param $permission the permission we want to check for
*
* @author Patrick Cool <patrick.cool@ugent.be>, Ghent University
*
* @version 1.0
*/
function display_image_matrix($permission_array, $tool, $permission, $inherited_permissions = [], $course_admin = false, $editable = true)
{
if ($course_admin) {
echo "\t\t\t<img src=\"../img/checkbox_on3.gif\" border=\"0\"/ title=\"".get_lang('PermissionGrantedByGroupOrRole')."\">";
} else {
if (in_array($permission, $inherited_permissions[$tool])) {
echo "\t\t\t<img src=\"../img/checkbox_on3.gif\" border=\"0\"/ title=\"".get_lang('PermissionGrantedByGroupOrRole')."\">";
} else {
if (is_array($permission_array[$tool]) and in_array($permission, $permission_array[$tool])) {
if ($editable) {
$url = api_get_self();
$urlparameters = '';
foreach ($_GET as $key => $value) {
$parameter[$key] = $value;
}
$parameter['action'] = 'revoke';
$parameter['permission'] = $permission;
$parameter['tool'] = $tool;
foreach ($parameter as $key => $value) {
$urlparameters .= $key.'='.$value.'&amp;';
}
$url = $url.'?'.$urlparameters;
echo "\t\t\t <a href=\"".$url."\">";
}
echo "<img src=\"../img/checkbox_on2.gif\" border=\"0\"/>";
if ($editable) {
echo "</a>";
}
} else {
if ($editable) {
$url = api_get_self();
$urlparameters = '';
foreach ($_GET as $key => $value) {
$parameter[$key] = $value;
}
$parameter['action'] = 'grant';
$parameter['permission'] = $permission;
$parameter['tool'] = $tool;
foreach ($parameter as $key => $value) {
$urlparameters .= $key.'='.$value.'&amp;';
}
$url = $url.'?'.$urlparameters;
//echo "\t\t\t <a href=\"".str_replace('&', '&amp;', $_SERVER['REQUEST_URI'])."&amp;action=grant&amp;permission=$permission&amp;tool=$tool\">";
echo "\t\t\t <a href=\"".$url."\">";
}
echo "<img src=\"../img/wrong.gif\" border=\"0\"/>";
if ($editable) {
echo "</a>";
}
}
}
}
}
/**
* Slightly modified: Toon Keppens
* This function displays a checked or unchecked image. The image will be checked if the
* user, group or role has the permission for the given tool, unchecked if the user, group or role
* does not have the right.
*
* @param $permission_array the array that contains all the permissions of the user, group, role
* @param $tool the tool we want to check a permission for
* @param $permission the permission we want to check for
*
* @author Patrick Cool <patrick.cool@ugent.be>, Ghent University
*
* @version 1.0
*/
function display_image_matrix_for_blogs($permission_array, $user_id, $tool, $permission, $inherited_permissions = [], $course_admin = false, $editable = true)
{
if ($course_admin) {
echo "\t\t\t<img src=\"../img/checkbox_on3.gif\" border=\"0\"/ title=\"".get_lang('PermissionGrantedByGroupOrRole')."\">";
} else {
if (!empty($inherited_permissions) and in_array($permission, $inherited_permissions[$tool])) {
echo "\t\t\t<img src=\"../img/checkbox_on3.gif\" border=\"0\"/ title=\"".get_lang('PermissionGrantedByGroupOrRole')."\">";
} else {
if (is_array($permission_array[$tool]) and in_array($permission, $permission_array[$tool])) {
if ($editable) {
$url = api_get_self();
$urlparameters = '';
foreach ($_GET as $key => $value) {
$parameter[$key] = $value;
}
$parameter['action'] = 'manage_rights';
$parameter['do'] = 'revoke';
$parameter['permission'] = $permission;
$parameter['tool'] = $tool;
$parameter['user_id'] = $user_id;
foreach ($parameter as $key => $value) {
$urlparameters .= $key.'='.$value.'&amp;';
}
$url = $url.'?'.$urlparameters;
echo "\t\t\t <a href=\"".$url."\">";
}
echo "<img src=\"../img/checkbox_on2.gif\" border=\"0\"/ title=\"".get_lang('UserHasPermission')."\">";
if ($editable) {
echo "</a>";
}
} else {
if ($editable) {
$url = api_get_self();
$urlparameters = '';
foreach ($_GET as $key => $value) {
$parameter[$key] = $value;
}
$parameter['action'] = 'manage_rights';
$parameter['do'] = 'grant';
$parameter['permission'] = $permission;
$parameter['tool'] = $tool;
$parameter['user_id'] = $user_id;
foreach ($parameter as $key => $value) {
$urlparameters .= $key.'='.$value.'&amp;';
}
$url = $url.'?'.$urlparameters;
//echo "\t\t\t <a href=\"".str_replace('&', '&amp;', $_SERVER['REQUEST_URI'])."&amp;action=grant&amp;permission=$permission&amp;tool=$tool\">";
echo "\t\t\t <a href=\"".$url."\">";
}
echo "<img src=\"../img/wrong.gif\" border=\"0\"/ title=\"".get_lang('UserHasPermissionNot')."\">";
if ($editable) {
echo "</a>";
}
}
}
}
}
/**
* This function displays a list off all the roles of the course (and those defined by the platform admin).
*
* @author Patrick Cool <patrick.cool@ugent.be>, Ghent University
*
* @version 1.0
*/
function display_role_list($current_course_roles, $current_platform_roles)
{
global $setting_visualisation;
$course_id = api_get_course_int_id();
$coures_roles_table = Database::get_course_table(TABLE_ROLE);
// course roles
$sql = "SELECT * FROM $coures_roles_table WHERE c_id = $course_id ";
$result = Database::query($sql);
while ($row = Database::fetch_array($result)) {
if (in_array($row['role_id'], $current_course_roles)) {
$checked = 'checked';
$image = 'checkbox_on2.gif';
$action = 'revoke';
} else {
$checked = '';
$image = 'wrong.gif';
$action = 'grant';
}
if ($setting_visualisation == 'checkbox') {
echo "<input type=\"checkbox\" name=\"role*course*".$row['role_id']."\" $checked>";
}
if ($setting_visualisation == 'image') {
echo "<a href=\"".str_replace('&', '&amp;', $_SERVER['REQUEST_URI'])."&amp;action=$action&amp;role=".$row['role_id']."&amp;scope=course\"><img src=\"../img/".$image."\" border=\"0\"/></a>";
}
echo $row['role_name']." <a href=\"../permissions/roles.php?role_id=".$row['role_id']."&amp;scope=course\"><img src=\"../img/edit.gif\" /></a><br />\n";
echo $row['role_comment']."<br />\n";
}
}
/**
* This function gets all the current roles of the user or group.
*
* @param $content are we finding the roles for a user or a group (the database depends on it)
* @param $id the id of the user or group
*
* @return array that contains the name of the roles the user has
*
* @todo consider having a separate table that contains only an id and a name of the role.
*
* @author Patrick Cool <patrick.cool@ugent.be>, Ghent University
*
* @version 1.0
*/
function get_roles($content, $id, $scope = 'course')
{
$course_id = api_get_course_int_id();
if ($content == 'user') {
$table = Database::get_course_table(TABLE_ROLE_USER);
$id_field = user_id;
}
if ($content == 'group') {
$table = Database::get_course_table(TABLE_ROLE_GROUP);
$id_field = 'group_id';
}
$table_role = Database::get_course_table(TABLE_ROLE);
$current_roles = [];
//$sql="SELECT role.role_id FROM $table role_group_user, $table_role role WHERE role_group_user.$id_field = '$id' AND role_group_user.role_id=role.role_id AND role_group_user.scope='".$scope."'";$sql="SELECT role.role_id FROM $table role_group_user, $table_role role WHERE role_group_user.$id_field = '$id' AND role_group_user.role_id=role.role_id AND role_group_user.scope='".$scope."'";
$sql = "SELECT role_id FROM $table WHERE c_id = $course_id AND $id_field = '$id' AND scope='".$scope."'";
$result = Database::query($sql);
while ($row = Database::fetch_array($result)) {
$current_roles[] = $row['role_id'];
}
return $current_roles;
}
/**
* This function gets all the current roles of the user or group.
*
* @return array that contains the name of the roles the user has
*
* @author Patrick Cool <patrick.cool@ugent.be>, Ghent University
*
* @version 1.0
*/
function get_all_roles($content = 'course')
{
$course_id = api_get_course_int_id();
$course_id_condition = " WHERE c_id = $course_id ";
if ($content == 'course') {
$table_role = Database::get_course_table(TABLE_ROLE);
}
if ($content == 'platform') {
$table_role = Database::get_main_table(TABLE_ROLE);
$course_id_condition = '';
}
$current_roles = [];
$sql = "SELECT * FROM $table_role $course_id_condition ";
$result = Database::query($sql);
while ($row = Database::fetch_array($result)) {
$roles[] = $row;
}
return $roles;
}
/**
* This function gets all the roles that are defined.
*
* @param string $content are we finding the roles for a user or a group (the database depends on it)
* @param int $id the id of the user or group
* @param string $scope Deprecated parameter allowing use of 'platform' scope - the corresponding tables don't exist anymore so the scope is always set to 'course'
*
* @return array that contains the name of the roles the user has
*
* @todo consider having a separate table that contains only an id and a name of the role.
*
* @author Patrick Cool <patrick.cool@ugent.be>, Ghent University
*
* @version 1.0
*/
function get_roles_permissions($content, $id, $scope = 'course')
{
$course_id = api_get_course_int_id();
if ($content == 'user') {
$table = Database::get_course_table(TABLE_ROLE_USER);
$id_field = 'user_id';
}
if ($content == 'group') {
$table = Database::get_course_table(TABLE_ROLE_GROUP);
$id_field = 'group_id';
}
// course roles or platform roles
$scope = 'course';
if ($scope == 'course') {
$table_role = Database::get_course_table(TABLE_ROLE);
$table_role_permissions = Database::get_course_table(TABLE_ROLE_PERMISSION);
$role_condition = " role.c_id = $course_id AND role_permissions.c_id = $course_id AND ";
}
if ($scope == 'platform') {
$table_role = Database::get_main_table(TABLE_ROLE);
$table_role_permissions = Database::get_main_table(TABLE_ROLE_PERMISSION);
$role_condition = '';
}
$sql = "
SELECT *
FROM
".$table." role_group_user,
".$table_role." role,
".$table_role_permissions." role_permissions
WHERE
role_group_user.c_id = $course_id AND
$role_condition
role_group_user.scope = '".$scope."' AND
role_group_user.".$id_field." = '".$id."' AND
role_group_user.role_id = role.role_id AND
role.role_id = role_permissions.role_id";
$result = Database::query($sql);
$current_role_permissions = [];
while ($row = Database::fetch_array($result)) {
$current_role_permissions[$row['tool']][] = $row['action'];
}
return $current_role_permissions;
}
/**
* This function is called when we assign a role to a user or a group.
*
* @param $content are we assigning a role to a group or a user
* @param $action we can grant a role to a group or user or revoke it
* @param $id the user_id of the user or the group_id of the group
* @param $role_id the id of the role we are giving to a user or a group
*
* @author Patrick Cool <patrick.cool@ugent.be>, Ghent University
*/
function assign_role($content, $action, $id, $role_id, $scope = 'course')
{
$course_id = api_get_course_int_id();
// Which database are we using (depending on the $content parameter)
if ($content == 'user') {
$table = Database::get_course_table(TABLE_ROLE_USER);
$id_field = 'user_id';
} elseif ($content == 'group') {
$table = Database::get_course_table(TABLE_ROLE_GROUP);
$id_field = 'group_id';
} else {
return get_lang('Error');
}
// grating a right
if ($action == 'grant') {
$sql = "INSERT INTO $table (c_id, role_id, scope, $id_field) VALUES ($course_id, '".Database::escape_string($role_id)."','".Database::escape_string($scope)."','".Database::escape_string($id)."')";
$result = Database::query($sql);
if ($result) {
$result_message = get_lang('RoleGranted');
}
}
if ($action == 'revoke') {
$sql = "DELETE FROM $table WHERE c_id = $course_id AND $id_field = '".Database::escape_string($id)."' AND role_id='".Database::escape_string($role_id)."'";
$result = Database::query($sql);
if ($result) {
$result_message = get_lang('RoleRevoked');
}
}
return $result_message;
}
/**
* This function merges permission arrays. Each permission array has the
* following structure
* a permission array has a tool contanst as a key and an array as a value.
* This value array consists of all the permissions that are granted in that tool.
*/
function permission_array_merge($array1, $array2)
{
foreach ($array2 as $tool => $permissions) {
foreach ($permissions as $permissionkey => $permissionvalue) {
$array1[$tool][] = $permissionvalue;
}
}
return $array1;
}
function my_print_r($array)
{
echo '<pre>';
print_r($array);
echo '</pre>';
}

230
main/permissions/roles.php Normal file
View File

@@ -0,0 +1,230 @@
<?php
/* For licensing terms, see /license.txt */
require '../inc/global.inc.php';
api_protect_course_script();
require_once 'permissions_functions.inc.php';
require_once 'all_permissions.inc.php';
$tool_name = get_lang('Roles'); // title of the page (should come from the language file)
Display::display_header($tool_name);
// ACTIONS
// storing all the permission for a given role when the checkbox approach is used
if ($_POST['StoreRolePermissions']) {
if (!empty($_POST['role_name'])) {
$table_role = Database::get_course_table(TABLE_ROLE);
$sql = "INSERT INTO $table_role (role_name, role_comment, default_role)
VALUES ('".Database::escape_string($_POST['role_name'])."','".Database::escape_string($_POST['role_comment'])."','".Database::escape_string($_POST['default_role'])."')";
$result = Database::query($sql);
$role_id = Database::insert_id();
$result_message = store_permissions('role', $role_id);
} else {
$result_message = get_lang('ErrorPleaseGiveRoleName');
}
}
// storing a permission for a given role when the image approach is used
if (isset($_GET['action']) and isset($_GET['permission']) and isset($_GET['tool'])) {
if ($_GET['action'] == 'grant' or $_GET['action'] == 'revoke') {
$result_message = store_one_permission('role', $_GET['action'], $role_id, $_GET['tool'], $_GET['permission']);
}
}
// deleting a role
if (isset($_GET['action']) and isset($_GET['role_id']) and $_GET['action'] == 'delete') {
//deleting the assignments fo this role: users
$table = Database::get_course_table(TABLE_ROLE_USER);
$sql = "DELETE FROM $table WHERE role_id='".intval($_GET['role_id'])."'";
$result = Database::query($sql);
// deleting the assignments of this role: groups
$table = Database::get_course_table(TABLE_ROLE_GROUP);
$sql = "DELETE FROM $table WHERE role_id='".intval($_GET['role_id'])."'";
$result = Database::query($sql);
// deleting the permissions of this role
$table = Database::get_course_table(TABLE_ROLE_PERMISSION);
$sql = "DELETE FROM $table WHERE role_id='".intval($_GET['role_id'])."'";
$result = Database::query($sql);
// deleting the role
$table_role = Database::get_course_table(TABLE_ROLE);
$sql = "DELETE FROM $table_role WHERE role_id='".intval($_GET['role_id'])."'";
$result = Database::query($sql);
$result_message = get_lang('RoleDeleted');
}
// displaying the return message of the actions
if (isset($result_message)) {
echo Display::return_message($result_message);
}
// ADDING A NEW ROLE (FORM AND LINK)
echo '<img src="../img/add.png" /> <a href="roles.php?action=add">'.get_lang('AddRole').'</a>';
if ($_GET['action'] == 'add') {
echo "<form method=\"post\" action=\"".api_get_self()."\">";
echo "\n<table>";
echo "\n\t<tr>";
echo "\n\t\t<td>";
echo get_lang('RoleName');
echo "\n\t\t</td>";
echo "\n\t\t<td>";
echo "\n\t\t\t<input type='text' name='role_name'>";
echo "\n\t\t</td>";
echo "\n\t</tr>";
echo "\n\t<tr>";
echo "\n\t\t<td>";
echo get_lang('RoleComment');
echo "\n\t\t</td>";
echo "\n\t\t<td>";
echo "\n\t\t\t<textarea name='role_comment'></textarea>";
echo "\n\t\t</td>";
echo "\n\t</tr>";
echo "\n\t<tr>";
echo "\n\t\t<td>";
echo get_lang('DefaultRole');
echo "\n\t\t</td>";
echo "\n\t\t<td>";
echo "\n\t\t\t<input type=\"checkbox\" name=\"default_role\" value=\"1\">";
echo "\n\t\t</td>";
echo "\n\t</tr>";
echo "\n</table>";
echo "<table class=\"table table-hover table-striped data_table\">\n";
// the header
if (api_get_setting('permissions') == 'limited') {
$header_array = $rights_limited;
}
if (api_get_setting('permissions') == 'full') {
$header_array = $rights_full;
}
echo "\t<tr>\n";
echo "\t\t<th>".get_lang('Module')."</th>\n";
foreach ($header_array as $header_key => $header_value) {
echo "\t\t<th>".get_lang($header_value)."</th>\n";
}
echo "\t</tr>\n";
// the main area with the checkboxes or images
foreach ($tool_rights as $tool => $rights) { // $tool_rights contains all the possible tools and their rights
echo "\t<tr>\n";
echo "\t\t<td>\n";
echo get_lang($tool);
echo "\t\t</td>\n";
foreach ($header_array as $key => $value) {
echo "\t\t<td align='center'>\n";
display_checkbox_matrix([], $tool, $value);
echo "\t\t</td>\n";
}
echo "\t</tr>\n";
}
echo "</table>\n";
echo "<input type=\"Submit\" name=\"StoreRolePermissions\" value=\"".get_lang('StorePermissions')."\">";
echo "</form>";
}
// DISPLAYING THE EXISTING ROLES
// platform roles
$all_roles = get_all_roles('platform');
foreach ($all_roles as $role) {
echo '<div><a href="roles.php?action=view&amp;role_id='.$role['role_id'].'&amp;scope=platform">'.$role['role_name'].'</a></div>';
echo '<div>'.$role['role_comment'].'</div><br />';
if ($role['role_id'] == $_GET['role_id']) {
$current_role_info = $role;
}
}
// course roles
$all_roles = get_all_roles();
foreach ($all_roles as $role) {
echo '<div><a href="roles.php?action=view&amp;role_id='.$role['role_id'].'">'.$role['role_name'].'</a><a href="roles.php?action=delete&amp;role_id='.$role['role_id'].'"><img src="../img/delete.gif" /></a></div>';
echo '<div>'.$role['role_comment'].'</div><br />';
if ($role['role_id'] == $_GET['role_id']) {
$current_role_info = $role;
}
}
// DISPLAYING THE PERMISSIONS OF A GIVEN ROLE
if ($_GET['role_id']) {
$current_role_permissions = get_permissions('role', $_GET['role_id']);
// LIMITED OR FULL
$current_role_permissions = limited_or_full($current_role_permissions);
if (api_get_setting('permissions') == 'limited') {
$header_array = $rights_limited;
}
if (api_get_setting('permissions') == 'full') {
$header_array = $rights_full;
}
// ---------------------------------------------------
// DISPLAYING THE MATRIX
// ---------------------------------------------------
echo "<form method=\"post\" action=\"".str_replace('&', '&amp;', $_SERVER['REQUEST_URI'])."\">";
// the list of the roles for the user
echo get_lang('PermissionsOfRole').':'.$current_role_info['role_name'].'<br />';
if ($_GET['scope'] == 'platform') {
echo get_lang('IsPlatformRoleNotEditable').'<br />';
}
echo "<table class=\"table table-hover table-striped data_table\">\n";
// the header
echo "\t<tr>\n";
echo "\t\t<th>".get_lang('Module')."</th>\n";
foreach ($header_array as $header_key => $header_value) {
echo "\t\t<th>".get_lang($header_value)."</th>\n";
}
echo "\t</tr>\n";
// the main area with the checkboxes or images
foreach ($tool_rights as $tool => $rights) { // $tool_rights contains all the possible tools and their rights
echo "\t<tr>\n";
echo "\t\t<td>\n";
echo get_lang($tool);
echo "\t\t</td>\n";
foreach ($header_array as $key => $value) {
echo "\t\t<td align='center'>\n";
if (in_array($value, $rights)) {
if ($setting_visualisation == 'checkbox') {
display_checkbox_matrix(
$current_role_permissions,
$tool,
$value
);
}
if ($setting_visualisation == 'image') {
if ($_GET['scope'] == 'platform') {
$roles_editable = false;
} else {
$roles_editable = true;
}
display_image_matrix(
$current_role_permissions,
$tool,
$value,
'',
'',
$roles_editable
);
}
}
echo "\t\t</td>\n";
}
echo "\t</tr>\n";
}
echo "</table>\n";
if ($setting_visualisation == 'checkbox') {
echo "<input type=\"Submit\" name=\"StoreRolePermissions\" value=\"".get_lang('StorePermissions')."\">";
}
echo "</form>";
}
Display::display_footer();

175
main/permissions/user_permissions.inc.php Normal file
View File

@@ -0,0 +1,175 @@
<?php
/**
* @package chamilo.permissions
*/
$user_id = $userIdViewed;
if ($mainUserInfo['status'] == 1) {
$course_admin = 1;
}
include_once 'permissions_functions.inc.php';
include_once 'all_permissions.inc.php';
include_once api_get_library_path()."/groupmanager.lib.php";
include_once api_get_library_path()."/blog.lib.php";
// ACTIONS
if ($_POST['StoreUserPermissions'] and $setting_visualisation == 'checkbox') {
$result_message = store_permissions('user', $user_id);
if ($result_message) {
echo Display::return_message($result_message);
}
}
if (isset($_GET['action'])) {
if (isset($_GET['permission']) and isset($_GET['tool']) and ($_GET['action'] == 'grant' or $_GET['action'] == 'revoke')) {
$result_message = store_one_permission('user', $_GET['action'], $user_id, $_GET['tool'], $_GET['permission']);
}
if (isset($_GET['role']) and ($_GET['action'] == 'grant' or $_GET['action'] == 'revoke')) {
$result_message = assign_role('user', $_GET['action'], $user_id, $_GET['role'], $_GET['scope']);
}
}
if (isset($result_message)) {
echo Display::return_message($result_message);
}
// ---------------------------------------------------
// RETRIEVING THE PERMISSIONS OF THE USER
// ---------------------------------------------------
$current_user_permissions = [];
$current_user_permissions = get_permissions('user', $user_id);
// INHERITED PERMISSIONS (group permissions, user roles, group roles)
// RETRIEVING THE PERMISSIONS OF THE GROUPS OF THE USER
$groups_of_user = [];
$groups_of_user = GroupManager::get_group_ids($_course['real_id'], $user_id);
foreach ($groups_of_user as $group) {
$this_group_permissions = get_permissions('group', $group);
foreach ($this_group_permissions as $tool => $permissions) {
foreach ($permissions as $permission) {
$inherited_group_permissions[$tool][] = $permission;
}
}
}
$inherited_permissions = $inherited_group_permissions;
// RETRIEVING THE PERMISSIONS OF THE ROLES OF THE USER
if (api_get_setting('user_roles') == 'true') {
// course roles that are assigned to the user
$current_user_role_permissions_of_user = get_roles_permissions('user', $user_id);
$inherited_permissions = permission_array_merge($inherited_permissions, $current_user_role_permissions_of_user);
// NOTE: deze array moet nog gemerged worden met de $inherited_permissions array
// (heet momenteel nog $current_group_permissions_of_user omdat voorlopig enkel de
// groepsge<67>rfde permissions in beschouwing worden genomen
// dit moet ook de rol permissies van rollen die toegekend worden aan een gebruiker
// en de rol permissies van rollen die toegekend worden aan de groepen van een gebruiker
// omvatten.
// NOTE: checken als de rollen brol wel degelijk geactiveerd is voordat we dit allemaal
// ophalen.
// platform roles that are assigned to the user
$current_user_role_permissions_of_user = get_roles_permissions('user', $user_id, 'platform');
$inherited_permissions = permission_array_merge($inherited_permissions, $current_user_role_permissions_of_user);
}
// RETRIEVING THE PERMISSIONS OF THE ROLES OF THE GROUPS OF THE USER
if (api_get_setting('group_roles') == 'true') {
// NOTE: DIT MOET NOG VERDER UITGEWERKT WORDEN
foreach ($groups_of_user as $group) {
$this_current_group_role_permissions_of_user = get_roles_permissions('user', $user_id);
//$inherited_permissions[$tool][]=$permission;
}
}
// LIMITED OR FULL
$current_user_permissions = limited_or_full($current_user_permissions);
$inherited_permissions = limited_or_full($inherited_permissions);
if (api_get_setting('permissions') == 'limited') {
$header_array = $rights_limited;
}
if (api_get_setting('permissions') == 'full') {
$header_array = $rights_full;
}
echo "<form method=\"post\" action=\"".str_replace('&', '&amp;', $_SERVER['REQUEST_URI'])."\">";
// DISPLAYING THE ROLES LIST
if (api_get_setting('user_roles') == 'true') {
// the list of the roles for the user
echo '<strong>'.get_lang('UserRoles').'</strong><br />';
$current_user_course_roles = get_roles('user', $user_id);
$current_user_platform_roles = get_roles('user', $user_id, 'platform');
display_role_list($current_user_course_roles, $current_user_platform_roles);
echo '<br />';
}
// ---------------------------------------------------
// DISPLAYING THE MATRIX (user permissions)
// ---------------------------------------------------
echo '<strong>'.get_lang('UserPermissions').'</strong>';
echo "<table class=\"table table-hover table-striped data_table\">\n";
// the header
echo "\t<tr>\n";
echo "\t\t<th>".get_lang('Module')."</th>\n";
foreach ($header_array as $header_key => $header_value) {
echo "\t\t<th>".get_lang($header_value)."</th>\n";
}
echo "\t</tr>\n";
// the main area with the checkboxes or images
// $tool_rights contains all the possible tools and their rights
foreach ($tool_rights as $tool => $rights) {
echo "\t<tr>\n";
echo "\t\t<td>\n";
if (strstr($tool, 'BLOG')) {
// Not dealing with a real tool here, get name of this blog
// Strip blog id
$tmp = strpos($tool, '_') + 1;
$blog_id = substr($tool, $tmp, strlen($tool));
// Get title
echo get_lang('Blog').": ".Blog::getBlogTitle($blog_id);
} else {
echo get_lang($tool);
}
echo "\t\t</td>\n";
foreach ($header_array as $key => $value) {
echo "\t\t<td align='center'>\n";
if (in_array($value, $rights)) {
if ($setting_visualisation == 'checkbox') {
display_checkbox_matrix(
$current_user_permissions,
$tool,
$value,
$inherited_permissions,
$course_admin
);
}
if ($setting_visualisation == 'image') {
display_image_matrix(
$current_user_permissions,
$tool,
$value,
$inherited_permissions,
$course_admin
);
}
}
// note: in a later stage this part will be replaced by a function
// so that we can easily switch between a checkbox approach or an image approach
// where every click is in fact a change of status. In the checkbox approach you first have to
// do the changes and then store them by clicking the submit button.
echo "\t\t</td>\n";
}
echo "\t</tr>\n";
}
echo "</table>\n";
if ($setting_visualisation == 'checkbox') {
echo "<input type=\"Submit\" name=\"StoreUserPermissions\" value=\"".get_lang('StorePermissions')."\">";
}
echo "</form><br />";
// LEGEND
echo '<strong>'.get_lang('Legend').'</strong><br />';
echo '<img src="../img/wrong.gif" /> '.get_lang('UserHasPermissionNot').'<br />';
echo '<img src="../img/checkbox_on2.gif" /> '.get_lang('UserHasPermission').'<br />';
echo '<img src="../img/checkbox_on3.gif" /> '.get_lang('UserHasPermissionByRoleGroup').'<br />';