[permission-manager] renamed some files, moved html generation to templates,

using bind variables in mysql code, changed order of modules in role editor

4 files changed, 78 insertions, 67 deletions

diff --git a/modules-available/permissionmanager/inc/dbupdate.inc.php b/modules-available/permissionmanager/inc/dbupdate.inc.php
deleted file mode 100644
index 1101e4f7..00000000
--- a/modules-available/permissionmanager/inc/dbupdate.inc.php
+++ /dev/null
@@ -1,54 +0,0 @@
-<?php
-
-class DbUpdate {
-
-	// insert new userXrole to database. "ignore" to ignore duplicate entry try
-	public static function addRoleToUser($users, $roles) {
-		foreach($users AS $user) {
-			foreach ($roles AS $role) {
-				$query = "INSERT IGNORE INTO userXrole (userid, roleid) VALUES ($user, $role)";
-				Database::exec($query);
-			}
-		}
-	}
-
-	// remove userXrole entry from database
-	public static function removeRoleFromUser($users, $roles) {
-		foreach($users AS $user) {
-			foreach ($roles AS $role) {
-				$query = "DELETE FROM userXrole WHERE userid = $user AND roleid = $role";
-				Database::exec($query);
-			}
-		}
-	}
-
-	// delete role, delete userXrole relationships, delete roleXlocation relationships, delete roleXpermission relationships
-	public static function deleteRole($id) {
-		$query = "DELETE FROM role WHERE id = $id";
-		Database::exec($query);
-		$query = "DELETE FROM userXrole WHERE roleid = $id";
-		Database::exec($query);
-		$query = "DELETE FROM roleXlocation WHERE roleid = $id";
-		Database::exec($query);
-		$query = "DELETE FROM roleXpermission WHERE roleid = $id";
-		Database::exec($query);
-	}
-
-	public static function saveRole($roleName, $locations, $permissions, $role = NULL) {
-		if ($role) {
-			Database::exec("UPDATE role SET name = '$roleName' WHERE id = $role");
-			Database::exec("DELETE FROM roleXlocation WHERE roleid = $role");
-			Database::exec("DELETE FROM roleXpermission WHERE roleid = $role");
-		} else {
-			Database::exec("INSERT INTO role (name) VALUES ('$roleName')");
-			$role = Database::lastInsertId();
-		}
-		foreach ($locations as $locID) {
-			Database::exec("INSERT INTO roleXlocation (roleid, locid) VALUES ($role, $locID)");
-		}
-		foreach ($permissions as $permission) {
-			Database::exec("INSERT INTO roleXpermission (roleid, permissionid) VALUES ($role, '$permission')");
-		}
-	}
-
-}
diff --git a/modules-available/permissionmanager/inc/getdata.inc.php b/modules-available/permissionmanager/inc/getpermissiondata.inc.php
index caa50215..be7ddb1c 100644
--- a/modules-available/permissionmanager/inc/getdata.inc.php
+++ b/modules-available/permissionmanager/inc/getpermissiondata.inc.php
@@ -1,6 +1,6 @@
 <?php
 
-class GetData {
+class GetPermissionData {
 
 	// get UserIDs, User Login Names, User Roles
 	public static function getUserData() {
@@ -53,17 +53,17 @@ class GetData {
 		return $data;
 	}
 
-	public static function getRoleData($roleID) {
-		$query = "SELECT id, name FROM role WHERE id = $roleID";
-		$data = Database::queryFirst($query);
-		$query = "SELECT roleid, locid FROM roleXlocation WHERE roleid = $roleID";
-		$res = Database::simpleQuery($query);
+	public static function getRoleData($roleId) {
+		$query = "SELECT id, name FROM role WHERE id = :roleId";
+		$data = Database::queryFirst($query, array("roleId" => $roleId));
+		$query = "SELECT roleid, locid FROM role_x_location WHERE roleid = :roleId";
+		$res = Database::simpleQuery($query, array("roleId" => $roleId));
 		$data["locations"] = array();
 		while ($row = $res->fetch(PDO::FETCH_ASSOC)) {
 			$data["locations"][] = $row['locid'];
 		}
-		$query = "SELECT roleid, permissionid FROM roleXpermission WHERE roleid = $roleID";
-		$res = Database::simpleQuery($query);
+		$query = "SELECT roleid, permissionid FROM role_x_permission WHERE roleid = :roleId";
+		$res = Database::simpleQuery($query, array("roleId" => $roleId));
 		$data["permissions"] = array();
 		while ($row = $res->fetch(PDO::FETCH_ASSOC)) {
 			$data["permissions"][] = $row['permissionid'];
@@ -75,8 +75,8 @@ class GetData {
 	private static function queryUserData() {
 		$res = Database::simpleQuery("SELECT user.userid AS userid, user.login AS login, GROUP_CONCAT(role.name ORDER BY role.name ASC) AS role
 												FROM user
-													LEFT JOIN userXrole ON user.userid = userXrole.userid
-													LEFT JOIN role ON userXrole.roleid = role.id
+													LEFT JOIN user_x_role ON user.userid = user_x_role.userid
+													LEFT JOIN role ON user_x_role.roleid = role.id
 												GROUP BY user.userid
 												");
 		return $res;
@@ -86,8 +86,8 @@ class GetData {
 	private static function queryLocationData() {
 		$res = Database::simpleQuery("SELECT location.locationid AS locid, location.locationname AS locname, GROUP_CONCAT(role.name ORDER BY role.name ASC) AS role
 												FROM location
-													LEFT JOIN roleXlocation ON location.locationid = roleXlocation.locid
-													LEFT JOIN role ON roleXlocation.roleid = role.id
+													LEFT JOIN role_x_location ON location.locationid = role_x_location.locid
+													LEFT JOIN role ON role_x_location.roleid = role.id
 												GROUP BY location.locationid
 												ORDER BY location.locationname
 												");
diff --git a/modules-available/permissionmanager/inc/permissiondbupdate.inc.php b/modules-available/permissionmanager/inc/permissiondbupdate.inc.php
new file mode 100644
index 00000000..87c989fa
--- /dev/null
+++ b/modules-available/permissionmanager/inc/permissiondbupdate.inc.php
@@ -0,0 +1,57 @@
+<?php
+
+class PermissionDbUpdate {
+
+	// insert new user_x_role to database. "ignore" to ignore duplicate entry try
+	public static function addRoleToUser($users, $roles) {
+		foreach($users AS $user) {
+			foreach ($roles AS $role) {
+				$query = "INSERT IGNORE INTO user_x_role (userid, roleid) VALUES (:user, :role)";
+				Database::exec($query, array("user" => $user, "role" => $role));
+			}
+		}
+	}
+
+	// remove user_x_role entry from database
+	public static function removeRoleFromUser($users, $roles) {
+		foreach($users AS $user) {
+			foreach ($roles AS $role) {
+				$query = "DELETE FROM user_x_role WHERE userid = :user AND roleid = :role";
+				Database::exec($query, array("user" => $user, "role" => $role));
+			}
+		}
+	}
+
+	// delete role, delete user_x_role relationships, delete role_x_location relationships, delete role_x_permission relationships
+	public static function deleteRole($id) {
+		$query = "DELETE FROM role WHERE id = :id";
+		Database::exec($query, array("id" => $id));
+		$query = "DELETE FROM user_x_role WHERE roleid = :id";
+		Database::exec($query, array("id" => $id));
+		$query = "DELETE FROM role_x_location WHERE roleid = :id";
+		Database::exec($query, array("id" => $id));
+		$query = "DELETE FROM role_x_permission WHERE roleid = :id";
+		Database::exec($query, array("id" => $id));
+	}
+
+	public static function saveRole($roleName, $locations, $permissions, $role = NULL) {
+		if ($role) {
+			Database::exec("UPDATE role SET name = :roleName WHERE id = :role",
+									array("roleName" => $roleName, "role" => $role));
+			Database::exec("DELETE FROM role_x_location WHERE roleid = :role", array("role" => $role));
+			Database::exec("DELETE FROM role_x_permission WHERE roleid = :role", array("role" => $role));
+		} else {
+			Database::exec("INSERT INTO role (name) VALUES (:roleName)", array("roleName" => $roleName));
+			$role = Database::lastInsertId();
+		}
+		foreach ($locations as $locID) {
+			Database::exec("INSERT INTO role_x_location (roleid, locid) VALUES (:role, :locid)",
+									array("role" => $role, "locid" => $locID));
+		}
+		foreach ($permissions as $permission) {
+			Database::exec("INSERT INTO role_x_permission (roleid, permissionid) VALUES (:role, :permission)",
+											array("role" => $role, "permission" => $permission));
+		}
+	}
+
+}
diff --git a/modules-available/permissionmanager/inc/permissionutil.inc.php b/modules-available/permissionmanager/inc/permissionutil.inc.php
index 10f2a61a..d6adf2bf 100644
--- a/modules-available/permissionmanager/inc/permissionutil.inc.php
+++ b/modules-available/permissionmanager/inc/permissionutil.inc.php
@@ -16,10 +16,18 @@ class PermissionUtil
 				$permissions = self::putInPermissionTree($out[1].".".$k, $v, $permissions);
 			}
 		}
+		ksort($permissions);
+		global $MENU_CAT_OVERRIDE;
+		$sortingOrder = $MENU_CAT_OVERRIDE;
+		foreach ($permissions as $module => $v) $sortingOrder[Module::get($module)->getCategory()][] = $module;
+		$permissions = array_replace(array_flip(call_user_func_array('array_merge', $sortingOrder)), $permissions);
+		foreach ($permissions as $module => $v) if (is_int($v)) unset($permissions[$module]);
+
+
 		return $permissions;
 	}
 
-	private function putInPermissionTree($permission, $description, $tree)
+	private static function putInPermissionTree($permission, $description, $tree)
 	{
 		$subPermissions = explode('.', $permission);
 		$original =& $tree;