diff options
| -rw-r--r-- | core/controllers/permissions.php | 24 | ||||
| -rw-r--r-- | core/views/permissions_edit.html.php | 15 | ||||
| -rw-r--r-- | core/views/permissions_form.html.php | 8 |
3 files changed, 43 insertions, 4 deletions
diff --git a/core/controllers/permissions.php b/core/controllers/permissions.php index 67b75782..388fbfeb 100644 --- a/core/controllers/permissions.php +++ b/core/controllers/permissions.php @@ -45,6 +45,30 @@ class Permissions_Controller extends Controller { print $this->_get_form($item); } + function allow($group_id, $perm_id, $item_id) { + access::verify_csrf(); + $group = ORM::factory("group", $group_id); + $perm = ORM::factory("permission", $perm_id); + $item = ORM::factory("item", $item_id); + access::required("edit", $item); + + if ($group->loaded && $perm->loaded && $item->loaded) { + access::allow($group, $perm->name, $item); + } + } + + function deny($group_id, $perm_id, $item_id) { + access::verify_csrf(); + $group = ORM::factory("group", $group_id); + $perm = ORM::factory("permission", $perm_id); + $item = ORM::factory("item", $item_id); + access::required("edit", $item); + + if ($group->loaded && $perm->loaded && $item->loaded) { + access::deny($group, $perm->name, $item); + } + } + function _get_form($item) { $view = new View("permissions_form.html"); $view->item = $item; diff --git a/core/views/permissions_edit.html.php b/core/views/permissions_edit.html.php index ee561091..599ba520 100644 --- a/core/views/permissions_edit.html.php +++ b/core/views/permissions_edit.html.php @@ -6,8 +6,19 @@ url: form_url, success: function(data) { $("div.form").slideUp(); - var el = $("div#edit-" + id); - el.html(data).slideDown(); + $("div#edit-" + id).html(data).slideDown(); + } + }); + } + + var action_url = "<?= url::site("permissions/__CMD__/__GROUP__/__PERM__/__ITEM__?csrf=" . access::csrf_token()) ?>"; + var form_url = "<?= url::site("permissions/form/__ITEM__") ?>"; + set = function(cmd, group_id, perm_id, item_id) { + $.ajax({ + url: action_url.replace("__CMD__", cmd).replace("__GROUP__", group_id). + replace("__PERM__", perm_id).replace("__ITEM__", item_id), + success: function(data) { + $("div#edit-" + item_id).load(form_url.replace("__ITEM__", item_id)); } }); } diff --git a/core/views/permissions_form.html.php b/core/views/permissions_form.html.php index 4933d6f2..80fbedf6 100644 --- a/core/views/permissions_form.html.php +++ b/core/views/permissions_form.html.php @@ -22,9 +22,13 @@ <? elseif ($locked && !$allowed): ?> denied <a href="#">locked</a> <? elseif ($allowed): ?> - <a href="#">allowed</a> + <a href="javascript:set('deny',<?= $group->id ?>,<?= $permission->id ?>,<?= $item->id ?>)"> + <?= _("allowed") ?> + </a> <? elseif (!$allowed): ?> - <a href="#">denied</a> + <a href="javascript:set('allow',<?= $group->id ?>,<?= $permission->id ?>,<?= $item->id ?>)"> + <?= _("denied") ?> + </a> <? endif ?> </td> <? endforeach ?> |