Implement role management in user admin panel with deletion and update functionality
This commit is contained in:
parent
1fae1f6cad
commit
7a33971df0
@ -16,6 +16,9 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['delete_user_id'])) {
|
|||||||
|
|
||||||
// Vermeide Selbstlöschung zur Sicherheit
|
// Vermeide Selbstlöschung zur Sicherheit
|
||||||
if ($deleteId !== (int)$_SESSION['user_id']) {
|
if ($deleteId !== (int)$_SESSION['user_id']) {
|
||||||
|
// Zunächst Abhängigkeiten wie Rollen löschen
|
||||||
|
$conn->query("DELETE FROM userRoles WHERE userID = $deleteId");
|
||||||
|
|
||||||
$delStmt = $conn->prepare("DELETE FROM users WHERE userID = ?");
|
$delStmt = $conn->prepare("DELETE FROM users WHERE userID = ?");
|
||||||
$delStmt->bind_param("i", $deleteId);
|
$delStmt->bind_param("i", $deleteId);
|
||||||
$delStmt->execute();
|
$delStmt->execute();
|
||||||
@ -27,8 +30,50 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['delete_user_id'])) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// 2b) Aktion: Rollen aktualisieren
|
||||||
|
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['update_roles_user_id'])) {
|
||||||
|
$updateId = (int)$_POST['update_roles_user_id'];
|
||||||
|
$selectedRoles = isset($_POST['roles']) && is_array($_POST['roles']) ? $_POST['roles'] : [];
|
||||||
|
|
||||||
|
if ($updateId === (int)$_SESSION['user_id']) {
|
||||||
|
$errorMsg = "Du kannst deine eigenen Rollen nicht ändern.";
|
||||||
|
} else {
|
||||||
|
$delStmt = $conn->prepare("DELETE FROM userRoles WHERE userID = ?");
|
||||||
|
$delStmt->bind_param("i", $updateId);
|
||||||
|
$delStmt->execute();
|
||||||
|
$delStmt->close();
|
||||||
|
|
||||||
|
if (!empty($selectedRoles)) {
|
||||||
|
$insStmt = $conn->prepare("INSERT INTO userRoles (userID, roleID) VALUES (?, ?)");
|
||||||
|
foreach ($selectedRoles as $roleId) {
|
||||||
|
$roleIdInt = (int)$roleId;
|
||||||
|
$insStmt->bind_param("ii", $updateId, $roleIdInt);
|
||||||
|
$insStmt->execute();
|
||||||
|
}
|
||||||
|
$insStmt->close();
|
||||||
|
}
|
||||||
|
$successMsg = "Rollen erfolgreich gespeichert.";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// 2c) Alle verfügbaren Rollen laden
|
||||||
|
$allRoles = [];
|
||||||
|
$rolesQuery = $conn->query("SELECT roleID, name FROM roles ORDER BY name ASC");
|
||||||
|
if ($rolesQuery) {
|
||||||
|
while ($r = $rolesQuery->fetch_assoc()) {
|
||||||
|
$allRoles[] = $r;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// 3) Alle Benutzer laden
|
// 3) Alle Benutzer laden
|
||||||
$usersResult = $conn->query("SELECT userID, email, displayname, profilePicture, isActive FROM users ORDER BY userID ASC");
|
$usersResult = $conn->query("
|
||||||
|
SELECT u.userID, u.email, u.displayname, u.profilePicture, u.isActive,
|
||||||
|
GROUP_CONCAT(ur.roleID) as roleIDs
|
||||||
|
FROM users u
|
||||||
|
LEFT JOIN userRoles ur ON u.userID = ur.userID
|
||||||
|
GROUP BY u.userID
|
||||||
|
ORDER BY u.userID ASC
|
||||||
|
");
|
||||||
|
|
||||||
?>
|
?>
|
||||||
|
|
||||||
@ -57,11 +102,16 @@ $usersResult = $conn->query("SELECT userID, email, displayname, profilePicture,
|
|||||||
<th style="padding: 12px 10px;">Profil</th>
|
<th style="padding: 12px 10px;">Profil</th>
|
||||||
<th style="padding: 12px 10px;">Name</th>
|
<th style="padding: 12px 10px;">Name</th>
|
||||||
<th style="padding: 12px 10px;">E-Mail</th>
|
<th style="padding: 12px 10px;">E-Mail</th>
|
||||||
|
<th style="padding: 12px 10px;">Rollen</th>
|
||||||
<th style="padding: 12px 10px;">Aktionen</th>
|
<th style="padding: 12px 10px;">Aktionen</th>
|
||||||
</tr>
|
</tr>
|
||||||
</thead>
|
</thead>
|
||||||
<tbody>
|
<tbody>
|
||||||
<?php while ($user = $usersResult->fetch_assoc()): ?>
|
<?php while ($user = $usersResult->fetch_assoc()): ?>
|
||||||
|
<?php
|
||||||
|
$userRoles = !empty($user['roleIDs']) ? explode(',', $user['roleIDs']) : [];
|
||||||
|
$isSelf = (int)$user['userID'] === (int)$_SESSION['user_id'];
|
||||||
|
?>
|
||||||
<tr style="border-bottom: 1px solid #1e293b;">
|
<tr style="border-bottom: 1px solid #1e293b;">
|
||||||
<td style="padding: 12px 10px;"><?= $user['userID'] ?></td>
|
<td style="padding: 12px 10px;"><?= $user['userID'] ?></td>
|
||||||
<td style="padding: 12px 10px;">
|
<td style="padding: 12px 10px;">
|
||||||
@ -70,8 +120,32 @@ $usersResult = $conn->query("SELECT userID, email, displayname, profilePicture,
|
|||||||
</td>
|
</td>
|
||||||
<td style="padding: 12px 10px;"><?= htmlspecialchars($user['displayname']) ?></td>
|
<td style="padding: 12px 10px;"><?= htmlspecialchars($user['displayname']) ?></td>
|
||||||
<td style="padding: 12px 10px; word-break: break-all;"><?= htmlspecialchars($user['email']) ?></td>
|
<td style="padding: 12px 10px; word-break: break-all;"><?= htmlspecialchars($user['email']) ?></td>
|
||||||
|
<td style="padding: 12px 10px; min-width: 150px;">
|
||||||
|
<?php if (!$isSelf): ?>
|
||||||
|
<form method="post" action="admin_users.php" style="margin: 0; display: flex; flex-direction: column; gap: 5px;">
|
||||||
|
<input type="hidden" name="update_roles_user_id" value="<?= $user['userID'] ?>">
|
||||||
|
<div style="display: flex; flex-wrap: wrap; gap: 10px;">
|
||||||
|
<?php foreach ($allRoles as $role): ?>
|
||||||
|
<label style="font-size: 0.85rem; cursor: pointer; display: flex; align-items: center; gap: 4px;">
|
||||||
|
<input type="checkbox" name="roles[]" value="<?= $role['roleID'] ?>" <?= in_array($role['roleID'], $userRoles) ? 'checked' : '' ?>>
|
||||||
|
<?= htmlspecialchars($role['name']) ?>
|
||||||
|
</label>
|
||||||
|
<?php endforeach; ?>
|
||||||
|
</div>
|
||||||
|
<button type="submit" style="background-color: #3b82f6; color: white; border: none; padding: 4px 8px; border-radius: 4px; cursor: pointer; font-size: 0.75rem; width: fit-content; margin-top: 5px;">Speichern</button>
|
||||||
|
</form>
|
||||||
|
<?php else: ?>
|
||||||
|
<div style="display: flex; flex-wrap: wrap; gap: 5px;">
|
||||||
|
<?php foreach ($allRoles as $role): ?>
|
||||||
|
<?php if (in_array($role['roleID'], $userRoles)): ?>
|
||||||
|
<span style="background-color: #3b82f6; color: white; padding: 2px 6px; border-radius: 4px; font-size: 0.75rem;"><?= htmlspecialchars($role['name']) ?></span>
|
||||||
|
<?php endif; ?>
|
||||||
|
<?php endforeach; ?>
|
||||||
|
</div>
|
||||||
|
<?php endif; ?>
|
||||||
|
</td>
|
||||||
<td style="padding: 12px 10px;">
|
<td style="padding: 12px 10px;">
|
||||||
<?php if ((int)$user['userID'] !== (int)$_SESSION['user_id']): ?>
|
<?php if (!$isSelf): ?>
|
||||||
<form method="post" action="admin_users.php" onsubmit="return confirm('Benutzer wirklich löschen?');" style="margin: 0;">
|
<form method="post" action="admin_users.php" onsubmit="return confirm('Benutzer wirklich löschen?');" style="margin: 0;">
|
||||||
<input type="hidden" name="delete_user_id" value="<?= $user['userID'] ?>">
|
<input type="hidden" name="delete_user_id" value="<?= $user['userID'] ?>">
|
||||||
<button type="submit" class="auth__submit" style="background-color: #ef4444; color: white; border: none; padding: 6px 12px; border-radius: 4px; cursor: pointer; font-size: 0.85rem; width: auto; margin: 0;">Löschen</button>
|
<button type="submit" class="auth__submit" style="background-color: #ef4444; color: white; border: none; padding: 6px 12px; border-radius: 4px; cursor: pointer; font-size: 0.85rem; width: auto; margin: 0;">Löschen</button>
|
||||||
|
|||||||
Binary file not shown.
Loading…
Reference in New Issue
Block a user