diff --git a/vbcms-admin/backTasks.php b/vbcms-admin/backTasks.php
index b7a2fc32c701ab8d7c4ccf0776f752ca7e568f59..047d598f0b6799079cf6e06af0e4c050f79c13b2 100644
--- a/vbcms-admin/backTasks.php
+++ b/vbcms-admin/backTasks.php
@@ -224,7 +224,34 @@ if (isset($_GET["getNotifications"])) {
}
echo json_encode($permissions);
-} elseif (isset($_GET["setNetIdLocalAccount"])&&!empty($_GET["setNetIdLocalAccount"]) && (isset($_POST)&&!empty($_POST)) && verifyUserPermission($_SESSION['user_id'], "vbcms", 'manageUsersSettings')) {
+} elseif (isset($_GET["editPermissions"])&&!empty($_GET["editPermissions"]) && verifyUserPermission($_SESSION['user_id'], "vbcms", 'editPermissions')) {
+ if(isJson(urldecode($_GET["editPermissions"]))){
+ $requestDetails = json_decode($_GET["editPermissions"], true);
+
+ if($requestDetails['type'] == 'group' && $requestDetails['id']!=1){ // Le groupe n°1 étant celui des superadmins, ils auront tj tous les droits
+ $query = $bdd->prepare('DELETE FROM `vbcms-groupsPerms` WHERE groupId=?'); // On vide les perms du groupe
+ $query->execute([$requestDetails['id']]);
+ foreach($_POST as $permissionJson => $checked) { // Puis on les recréées
+ $permissionDetail = json_decode(urldecode($permissionJson), true);
+ $query = $bdd->prepare('INSERT INTO `vbcms-groupsPerms` (`groupId`, `extensionName`, `permission`) VALUES (?,?,?)');
+ $query->execute([$requestDetails['id'], $permissionDetail['extension'], $permissionDetail['permission']]);
+ }
+ }elseif($requestDetails['type'] == 'user'){
+ $query = $bdd->prepare('DELETE FROM `vbcms-usersPerms` WHERE userId=?'); // On vide les perms du groupe
+ $query->execute([$requestDetails['id']]);
+ foreach($_POST as $permissionJson => $checked) { // Puis on les recréées
+ $permissionDetail = json_decode(urldecode($permissionJson), true);
+ $query = $bdd->prepare('INSERT INTO `vbcms-usersPerms` (`userId`, `extensionName`, `permission`) VALUES (?,?,?)');
+ $query->execute([$requestDetails['id'], $permissionDetail['extension'], $permissionDetail['permission']]);
+ }
+ }else{
+ echo 'Paramètre non reconnu.';
+ }
+
+ } else {
+ echo translate('error').': '.translate('thisIsNotJSON');
+ }
+} elseif (isset($_GET["setNetIdLocalAccount"])&&!empty($_GET["setNetIdLocalAccount"]) && (isset($_POST)&&!empty($_POST)) && verifyUserPermission($_SESSION['user_id'], "vbcms", 'manageUsersSettings')) {
$localAccountExist = $bdd->prepare("SELECT * FROM `vbcms-localAccounts` WHERE netIdAssoc = ?");
$localAccountExist->execute([$_GET["setNetIdLocalAccount"]]);
$localAccountExist = $localAccountExist->fetch(PDO::FETCH_ASSOC);
diff --git a/vbcms-admin/includes/settings/groups.php b/vbcms-admin/includes/settings/groups.php
index 0ec459c6dc8f94a093ca1f506b7837337fc13730..e555b545bf3b2c798d0326a7484f2022a45c7c08 100644
--- a/vbcms-admin/includes/settings/groups.php
+++ b/vbcms-admin/includes/settings/groups.php
@@ -166,7 +166,7 @@ function selectGroup(id){
permission: permission.name
};
$("#permsForm").append('<div class="form-check">\
- <input class="form-check-input" type="checkbox" name="'+encodeURIComponent(JSON.stringify(inputName))+'" '+hasPerm+'>\
+ <input class="form-check-input" type="checkbox" name="'+encodeURIComponent(JSON.stringify(inputName))+'" onclick="editPermissions('+id+')" '+hasPerm+'>\
<label class="form-check-label">'+permission.name+'</label>\
</div>');
});
@@ -175,4 +175,27 @@ function selectGroup(id){
}
});
}
+
+function editPermissions(id){
+ var array = {
+ type: "group",
+ id: id
+ };
+
+ $.post( "<?=VBcmsGetSetting("websiteUrl")?>vbcms-admin/backTasks?editPermissions="+encodeURIComponent(JSON.stringify(array)), $( "#permsForm" ).serialize() )
+ .done(function( data ) {
+ if(data!=""){
+ SnackBar({
+ message: data,
+ status: "danger",
+ timeout: false
+ });
+ } else {
+ SnackBar({
+ message: '<?=translate("success-saving")?>',
+ status: "success"
+ });
+ }
+ });
+}
</script>
\ No newline at end of file
diff --git a/vbcms-admin/includes/settingsPage.php b/vbcms-admin/includes/settingsPage.php
index 942c4ded0ec294202d9f4c17472597963677b32e..84aeb0d61f8fc0cfccda402d2ba85d4cc37e7956 100644
--- a/vbcms-admin/includes/settingsPage.php
+++ b/vbcms-admin/includes/settingsPage.php
@@ -62,7 +62,7 @@ function getSettingsHTML($params){
include "settings/general.php";
}elseif($params=="users" && verifyUserPermission($_SESSION['user_id'], "vbcms", 'manageUsersSettings')){
include "settings/users.php";
- }elseif($params=="userGroups" && verifyUserPermission($_SESSION['user_id'], "vbcms", 'manageuserGroupsSettings')){
+ }elseif($params=="userGroups" && verifyUserPermission($_SESSION['user_id'], "vbcms", 'manageUserGroupsSettings')){
include "settings/groups.php";
} ?>
</div>
diff --git a/vbcms-core/permissions.php b/vbcms-core/permissions.php
index 271171ef3e39ecd040969598b5c033c69f5398b4..841a9dda73ffd188b3c208a49fcda5d9686fa1e5 100644
--- a/vbcms-core/permissions.php
+++ b/vbcms-core/permissions.php
@@ -1,10 +1,11 @@
<?php
$permissions = [
- 'manageUsersSettings',
+ 'accessAdmin',
'viewPermissions',
+ 'editPermissions',
'access-generalSettings',
'manageUsersSettings',
- 'manageuserGroupsSettings',
+ 'manageUserGroupsSettings',
'permissionsSettings',
'extAndWsSettings'
];
\ No newline at end of file