From 39bde74f3805057f70c81494e04e460f9b3b59dd Mon Sep 17 00:00:00 2001 From: Nik Okuntseff Date: Sun, 25 Nov 2018 12:39:20 +0000 Subject: [PATCH] Added group selector on users.php. --- WEB-INF/lib/ttUser.class.php | 7 ++++--- WEB-INF/templates/footer.tpl | 2 +- WEB-INF/templates/users.tpl | 10 ++++++++++ users.php | 29 +++++++++++++++++++++++++++++ 4 files changed, 44 insertions(+), 4 deletions(-) diff --git a/WEB-INF/lib/ttUser.class.php b/WEB-INF/lib/ttUser.class.php index 859d0881..e150f0b5 100644 --- a/WEB-INF/lib/ttUser.class.php +++ b/WEB-INF/lib/ttUser.class.php @@ -306,12 +306,13 @@ class ttUser { // getUsers obtains users in a group, as specififed by options. function getUsers($options) { - $mdb2 = getConnection(); + $group_id = $this->getActiveGroup(); + $org_id = $this->org_id; + $skipClients = !isset($options['include_clients']); $includeSelf = isset($options['include_self']); - $group_id = isset($options['group_id']) ? $options['group_id'] : $this->group_id; $select_part = 'select u.id, u.name'; if (isset($options['include_login'])) $select_part .= ', u.login'; @@ -324,7 +325,7 @@ class ttUser { if (isset($options['max_rank']) || $skipClients || isset($options['include_role'])) $left_joins .= ' left join tt_roles r on (u.role_id = r.id)'; - $where_part = " where u.org_id = $this->org_id and u.group_id = $group_id"; + $where_part = " where u.org_id = $org_id and u.group_id = $group_id"; if (isset($options['status'])) $where_part .= ' and u.status = '.(int)$options['status']; else diff --git a/WEB-INF/templates/footer.tpl b/WEB-INF/templates/footer.tpl index 06d71595..188c495f 100644 --- a/WEB-INF/templates/footer.tpl +++ b/WEB-INF/templates/footer.tpl @@ -12,7 +12,7 @@
-
 Anuko Time Tracker 1.18.28.4512 | Copyright © Anuko | +  Anuko Time Tracker 1.18.28.4513 | Copyright © Anuko | {$i18n.footer.credits} | {$i18n.footer.license} | {$i18n.footer.improve} diff --git a/WEB-INF/templates/users.tpl b/WEB-INF/templates/users.tpl index 00841339..d729c41c 100644 --- a/WEB-INF/templates/users.tpl +++ b/WEB-INF/templates/users.tpl @@ -6,6 +6,16 @@
{if $user->can('manage_users')} + {if $group_dropdown} +{$forms.usersForm.open} {* usersForm consists only of one dropdown group control *} + + + + +
{$i18n.label.group}: {$forms.usersForm.group.control}
+{$forms.usersForm.close} + {/if} + {if $inactive_users} diff --git a/users.php b/users.php index b7a6606c..4afd5521 100644 --- a/users.php +++ b/users.php @@ -36,8 +36,36 @@ if (!(ttAccessAllowed('view_users') || ttAccessAllowed('manage_users'))) { header('Location: access_denied.php'); exit(); } +if ($request->isPost() && !$user->isGroupValid($request->getParameter('group'))) { + header('Location: access_denied.php'); // Wrong group id in post. + exit(); +} +// Note: we don't use "manage_subgroups" in access check, because when user cannot +// "manage_users" or "view_users" they do not belong here. // End of access checks. +if ($request->isPost()) { + $group_id = $request->getParameter('group'); + $user->setOnBehalfGroup($group_id); +} else { + $group_id = $user->getActiveGroup(); +} + +$form = new Form('usersForm'); +if ($user->can('manage_subgroups')) { + $groups = $user->getGroupsForDropdown(); + if (count($groups) > 1) { + $form->addInput(array('type'=>'combobox', + 'onchange'=>'this.form.submit();', + 'name'=>'group', + 'style'=>'width: 250px;', + 'value'=>$group_id, + 'data'=>$groups, + 'datakeys'=>array('id','name'))); + $smarty->assign('group_dropdown', 1); + } +} + // Prepare a list of active users. if ($user->can('view_users')) $options = array('status'=>ACTIVE,'include_clients'=>true,'include_login'=>true,'include_role'=>true); @@ -59,6 +87,7 @@ if ($user->uncompleted_indicators) { } } +$smarty->assign('forms', array($form->getName()=>$form->toArray())); $smarty->assign('active_users', $active_users); $smarty->assign('inactive_users', $inactive_users); $smarty->assign('title', $i18n->get('title.users')); -- 2.20.1
{$i18n.form.users.active_users}