Merge branch 'master' of http://10.1.1.202:3030/steve07s/Authorization

assets/stylesheets/role.css

@@ -80,6 +80,19 @@
     color: white;
 }
 
+.btn-Admin {
+    color: #ffffff;
+    text-shadow: 0 -1px 0 rgb(0 0 0 / 25%);
+    background-color: #E60086;
+    border-color: #E60086;
+}
+
+.btn-Admin:hover {
+    border-color: #e42795 !important;
+    background-color: #e42795;
+    color: white;
+}
+
 
 
 .dropdown-menu > .li-User > a{
@@ -102,5 +115,9 @@
 }
 
 .dropdown-menu > .li-Guest > a{
-    color: #00b92e;
+    color: #E60086;
+}
+
+.dropdown-menu > .li-Admin > a{
+    color: #E60086;
 }

script/php/API/get_dept_user.php

@@ -1,42 +1,93 @@
 <?php
 session_start();
 include('../permission/connect_sql.php');
+
+$user_id = $_SESSION['UserID'];
+$sql = "SELECT [GroupID] FROM [permissions].[dbo].[UserGroup] WHERE [UserID] = ?;";
+$stmt = sqlsrv_query($conn, $sql, array($user_id));
+$is_admin = false;
+while ($row = sqlsrv_fetch_array($stmt, SQLSRV_FETCH_ASSOC)) {
+    if ($row["GroupID"] == 'Admin') {
+        $is_admin = true;
+    }
+}
+
 $user_list = array();
-$sql = "SELECT DISTINCT [User].[UserID],[Account],[UserName],[DepartmentID],[Group].[GroupID],[GroupName] FROM [User] 
+$users = array();
+$permissions = array();
+if ($is_admin) {
+    $sql = "SELECT DISTINCT [User].[UserID],[Account],[UserName],[DepartmentID],[Group].[GroupID],[GroupName] FROM [User] 
 LEFT JOIN [UserGroup] ON [User].[UserID] = [UserGroup].[UserID] 
 LEFT JOIN [Group] ON [UserGroup].[GroupID] = [Group].[GroupID]
 LEFT JOIN [GroupRight] ON [GroupRight].[GroupID] = [Group].[GroupID] 
 LEFT JOIN [WebPage] ON [WebPage].[PgroupID] = [GroupRight].[PgroupID]
-WHERE [DepartmentID] = (SELECT [DepartmentID] FROM [User] WHERE [UserID] = ?) ORDER BY [GroupName]";
-$stmt = sqlsrv_query($conn, $sql, array($_SESSION['UserID']));
-$users = array();
-$permissions = array();
-while ($row = sqlsrv_fetch_array($stmt, SQLSRV_FETCH_ASSOC)) {
-    if (in_array($row["UserID"], $user_list)) {
-        $index = array_search($row["UserID"],$user_list);
-        array_push($users[$index]["GroupID"],$row["GroupID"]);
-        array_push($users[$index]["GroupName"],$row["GroupName"]);
-    } else {
+ORDER BY [GroupName]";
+    $stmt = sqlsrv_query($conn, $sql);
+
+    while ($row = sqlsrv_fetch_array($stmt, SQLSRV_FETCH_ASSOC)) {
+        if (in_array($row["UserID"], $user_list)) {
+            $index = array_search($row["UserID"], $user_list);
+            array_push($users[$index]["GroupID"], $row["GroupID"]);
+            array_push($users[$index]["GroupName"], $row["GroupName"]);
+        } else {
+            $temp = array();
+            $temp["UserID"] = $row["UserID"];
+            $temp["Account"] = $row["Account"];
+            $temp["UserName"] = $row["UserName"];
+            $temp["DepartmentID"] = $row["DepartmentID"];
+            $temp["GroupID"] = array($row["GroupID"]);
+            $temp["GroupName"] = array($row["GroupName"]);
+            array_push($users, $temp);
+            array_push($user_list, $row["UserID"]);
+        }
+    }
+
+    $sql = "SELECT [GroupID],[GroupName] FROM [Group] WHERE [GroupID] != 'Admin'";
+    $stmt = sqlsrv_query($conn, $sql, array($_SESSION['UserID']));
+    while ($row = sqlsrv_fetch_array($stmt, SQLSRV_FETCH_ASSOC)) {
         $temp = array();
-        $temp["UserID"] = $row["UserID"];
-        $temp["Account"] = $row["Account"];
-        $temp["UserName"] = $row["UserName"];
-        $temp["DepartmentID"] = $row["DepartmentID"];
-        $temp["GroupID"] = array($row["GroupID"]);
-        $temp["GroupName"] = array($row["GroupName"]);
-        array_push($users, $temp);
-        array_push($user_list, $row["UserID"]);
+        $temp["GroupID"] = $row["GroupID"];
+        $temp["GroupName"] = $row["GroupName"];
+        array_push($permissions, $temp);
     }
-}
+} else {
+    $sql = "SELECT DISTINCT [User].[UserID],[Account],[UserName],[DepartmentID],[Group].[GroupID],[GroupName] FROM [User] 
+    LEFT JOIN [UserGroup] ON [User].[UserID] = [UserGroup].[UserID] 
+    LEFT JOIN [Group] ON [UserGroup].[GroupID] = [Group].[GroupID]
+    LEFT JOIN [GroupRight] ON [GroupRight].[GroupID] = [Group].[GroupID] 
+    LEFT JOIN [WebPage] ON [WebPage].[PgroupID] = [GroupRight].[PgroupID]
+    WHERE [DepartmentID] = (SELECT [DepartmentID] FROM [User] WHERE [UserID] = ?) AND [Group].[GroupID] != 'Admin' ORDER BY [GroupName]";
+    $stmt = sqlsrv_query($conn, $sql, array($_SESSION['UserID']));
 
-$sql = "SELECT [GroupID],[GroupName] FROM [Group] WHERE [GroupID] != 'Admin'";
-$stmt = sqlsrv_query($conn, $sql, array($_SESSION['UserID']));
-while ($row = sqlsrv_fetch_array($stmt, SQLSRV_FETCH_ASSOC)) {
-    $temp = array();
-    $temp["GroupID"] = $row["GroupID"];
-    $temp["GroupName"] = $row["GroupName"];
-    array_push($permissions, $temp);
+    while ($row = sqlsrv_fetch_array($stmt, SQLSRV_FETCH_ASSOC)) {
+        if (in_array($row["UserID"], $user_list)) {
+            $index = array_search($row["UserID"], $user_list);
+            array_push($users[$index]["GroupID"], $row["GroupID"]);
+            array_push($users[$index]["GroupName"], $row["GroupName"]);
+        } else {
+            $temp = array();
+            $temp["UserID"] = $row["UserID"];
+            $temp["Account"] = $row["Account"];
+            $temp["UserName"] = $row["UserName"];
+            $temp["DepartmentID"] = $row["DepartmentID"];
+            $temp["GroupID"] = array($row["GroupID"]);
+            $temp["GroupName"] = array($row["GroupName"]);
+            array_push($users, $temp);
+            array_push($user_list, $row["UserID"]);
+        }
+    }
+
+    $sql = "SELECT [GroupID],[GroupName] FROM [Group] WHERE [GroupID] != 'Admin'";
+    $stmt = sqlsrv_query($conn, $sql, array($_SESSION['UserID']));
+    while ($row = sqlsrv_fetch_array($stmt, SQLSRV_FETCH_ASSOC)) {
+        $temp = array();
+        $temp["GroupID"] = $row["GroupID"];
+        $temp["GroupName"] = $row["GroupName"];
+        array_push($permissions, $temp);
+    }
 }
+
+
 $data["users"] = $users;
 $data["permissions"] = $permissions;
 echo json_encode($data);

script/php/API/get_group.php

@@ -1,14 +1,35 @@
 <?php
 session_start();
 include('../permission/connect_sql.php');
+$user_id = $_SESSION['UserID'];
+$sql = "SELECT [GroupID] FROM [permissions].[dbo].[UserGroup] WHERE [UserID] = ?;";
+$stmt = sqlsrv_query($conn, $sql, array($user_id));
+$is_admin = false;
+while ($row = sqlsrv_fetch_array($stmt, SQLSRV_FETCH_ASSOC)) {
+        if ($row["GroupID"] == 'Admin') {
+                $is_admin = true;
+        }
+}
 $group = array();
-$sql = "SELECT [GroupID],[GroupName] FROM [Group] WHERE [GroupID] != 'Admin' AND [GroupID] != 'User' AND [GroupID] != 'Guest'";
-$stmt = sqlsrv_query($conn, $sql);
-while ($row = sqlsrv_fetch_array($stmt, SQLSRV_FETCH_ASSOC)) {    
-        $temp = array();
-        $temp["GroupID"] = $row["GroupID"];
-        $temp["GroupName"] = $row["GroupName"];
-        array_push($group, $temp);    
+if ($is_admin) {
+        $sql = "SELECT [GroupID],[GroupName] FROM [Group] WHERE [GroupID] != 'User' AND [GroupID] != 'Guest'";
+        $stmt = sqlsrv_query($conn, $sql);
+        while ($row = sqlsrv_fetch_array($stmt, SQLSRV_FETCH_ASSOC)) {
+                $temp = array();
+                $temp["GroupID"] = $row["GroupID"];
+                $temp["GroupName"] = $row["GroupName"];
+                array_push($group, $temp);
+        }
+} else {
+        $sql = "SELECT [GroupID],[GroupName] FROM [Group] WHERE [GroupID] != 'Admin' AND [GroupID] != 'User' AND [GroupID] != 'Guest'";
+        $stmt = sqlsrv_query($conn, $sql);
+        while ($row = sqlsrv_fetch_array($stmt, SQLSRV_FETCH_ASSOC)) {
+                $temp = array();
+                $temp["GroupID"] = $row["GroupID"];
+                $temp["GroupName"] = $row["GroupName"];
+                array_push($group, $temp);
+        }
 }
 
+
 echo json_encode($group);