From 9876c33d2e1d2cd2ab15f82526eeaeb0b07d54ec Mon Sep 17 00:00:00 2001
From: johnnyq <johnny@pittpc.com>
Date: Fri, 10 May 2024 14:01:20 -0400
Subject: [PATCH] Client Access: Allow to select Client Access Restrictions for
 existing users

---
 admin_user_add_modal.php  |  2 +-
 admin_user_edit_modal.php | 23 +++++++++++++++++++++++
 admin_users.php           |  9 +++++++++
 post/user.php             |  9 +++++++++
 4 files changed, 42 insertions(+), 1 deletion(-)

diff --git a/admin_user_add_modal.php b/admin_user_add_modal.php
index dc631f7b..be5cf3a2 100644
--- a/admin_user_add_modal.php
+++ b/admin_user_add_modal.php
@@ -66,7 +66,7 @@
                         <label>Restrict Client Access</label>
                         <div class="input-group">
                             <div class="input-group-prepend">
-                                <span class="input-group-text"><i class="fa fa-fw fa-user-shield"></i></span>
+                                <span class="input-group-text"><i class="fa fa-fw fa-users"></i></span>
                             </div>
                             <select class="form-control select2" name="clients[]" data-placeholder="Restrict Client Access" multiple>
                                 <?php
diff --git a/admin_user_edit_modal.php b/admin_user_edit_modal.php
index 85e8caf3..90ef2372 100644
--- a/admin_user_edit_modal.php
+++ b/admin_user_edit_modal.php
@@ -84,6 +84,29 @@
                         </div>
                     </div>
 
+                    <div class="form-group">
+                        <label>Restrict Client Access</label>
+                        <div class="input-group">
+                            <div class="input-group-prepend">
+                                <span class="input-group-text"><i class="fa fa-fw fa-users"></i></span>
+                            </div>
+                            <select class="form-control select2" name="clients[]" data-placeholder="Restrict Client Access" multiple>
+                                <?php
+
+                                $sql_client_select = mysqli_query($mysqli, "SELECT * FROM clients WHERE client_archived_at IS NULL ORDER BY client_name ASC");
+                                while ($row = mysqli_fetch_array($sql_client_select)) {
+                                    $client_id_select = intval($row['client_id']);
+                                    $client_name_select = nullable_htmlentities($row['client_name']);
+
+                                    ?>
+                                    <option <?php if (in_array($client_id_select, $client_access_array)) { echo "selected"; } ?> value="<?php echo $client_id_select; ?>"><?php echo $client_name_select; ?></option>
+
+                                <?php } ?>
+                            </select>
+                        </div>
+                        <small class="text-muted">Leave Blank for Full access to all clients, no affect on users with the admin role.</small>
+                    </div>
+
                     <div class="form-group">
                         <label>Avatar</label>
                         <input type="file" class="form-control-file" accept="image/*;capture=camera" name="file">
diff --git a/admin_users.php b/admin_users.php
index ce764ede..83464a28 100644
--- a/admin_users.php
+++ b/admin_users.php
@@ -125,9 +125,18 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
                         $last_login = "$log_created_at<small class='text-secondary'><div class='mt-1'>$log_user_os</div><div class='mt-1'>$log_user_browser</div><div class='mt-1'><i class='fa fa-fw fa-globe'></i> $log_ip</div></small>";
                     }
 
+                    // Get User Client Access Permissions
+                    $user_client_access_sql = mysqli_query($mysqli,"SELECT client_id FROM user_permissions WHERE user_id = $user_id");
+                    $client_access_array = [];
+                    while ($row = mysqli_fetch_assoc($user_client_access_sql)) {
+                        $client_access_array[] = intval($row['client_id']);
+                    }
+
                     $sql_remember_tokens = mysqli_query($mysqli, "SELECT * FROM remember_tokens WHERE remember_token_user_id = $user_id");
                     $remember_token_count = mysqli_num_rows($sql_remember_tokens);
 
+
+
                     ?>
                     <tr>
                         <td class="text-center">
diff --git a/post/user.php b/post/user.php
index c5de8549..4b79ec7c 100644
--- a/post/user.php
+++ b/post/user.php
@@ -113,6 +113,15 @@ if (isset($_POST['edit_user'])) {
     $user_id = intval($_POST['user_id']);
     $new_password = trim($_POST['new_password']);
 
+    // Update Client Access
+    mysqli_query($mysqli,"DELETE FROM user_permissions WHERE user_id = $user_id");
+    if (!empty($_POST['clients'])) {
+        foreach($_POST['clients'] as $client_id) {
+            $client_id = intval($client_id);
+            mysqli_query($mysqli,"INSERT INTO user_permissions SET user_id = $user_id, client_id = $client_id");
+        }
+    }
+
     // Get current Avatar
     $sql = mysqli_query($mysqli, "SELECT user_avatar FROM users WHERE user_id = $user_id");
     $row = mysqli_fetch_array($sql);