From 74e91ed7cb18acebaabd5b6356f87aec25830977 Mon Sep 17 00:00:00 2001
From: Marijn Jansen <marijn@jansen.onl>
Date: Thu, 2 Feb 2017 21:14:25 +0100
Subject: [PATCH] Add mods/admin to a group.

---
 website/public/groupAdmin.php  | 27 ++++++++++++++-----
 website/queries/groupAdmin.php | 48 ++++++++++++++++++++++++++++++++++
 website/queries/settings.php   | 15 +++++++++++
 website/views/groupAdmin.php   | 29 ++++++++++++++++++++
 4 files changed, 113 insertions(+), 6 deletions(-)

diff --git a/website/public/groupAdmin.php b/website/public/groupAdmin.php
index 13ff7e0..6095149 100644
--- a/website/public/groupAdmin.php
+++ b/website/public/groupAdmin.php
@@ -23,12 +23,27 @@ $alertClass;
 $alertMessage;
 if ($_SERVER["REQUEST_METHOD"] == "POST") {
     try {
-        if ($_POST["form"] == "group") {
-            updateGroupSettings($_POST["groupID"]);
-        } else if ($_POST["form"] == "picture") {
-            if (checkGroupAdmin($_POST["groupID"], $_SESSION["userID"])) {
-                updateAvatar($_POST["groupID"]);
-            }
+        switch ($_POST["form"]) {
+            case "group":
+                updateGroupSettings($_POST["groupID"]);
+                break;
+            case "picture":
+                if (checkGroupAdmin($_POST["groupID"], $_SESSION["userID"])) {
+                    updateAvatar($_POST["groupID"]);
+                }
+                break;
+            case "mod":
+                if (!array_key_exists("userID", $_POST)) {
+                    throw new AngryAlert("Geen gebruiker geselecteerd.");
+                }
+                upgradeUser($_POST["groupID"], $_POST["userID"], "mod");
+                break;
+            case "admin":
+                if (!array_key_exists("userID", $_POST)) {
+                    throw new AngryAlert("Geen gebruiker geselecteerd.");
+                }
+                upgradeUser($_POST["groupID"], $_POST["userID"], "admin");
+                break;
         }
     } catch (AlertMessage $w) {
         $alertClass = $w->getClass();
diff --git a/website/queries/groupAdmin.php b/website/queries/groupAdmin.php
index ae2abd3..e3580b6 100644
--- a/website/queries/groupAdmin.php
+++ b/website/queries/groupAdmin.php
@@ -58,4 +58,52 @@ function checkGroupAdmin(int $groupID, int $userID) : bool {
     }
     $role = $stmt->fetch()["role"];
     return ($role == "admin");
+}
+
+function getAllGroupMembers(int $groupID) {
+    $stmt = prepareQuery("
+        SELECT
+          `username`,
+          `user`.`userID`,
+          CONCAT(`fname`, ' ', `lname`) AS `fullname`,
+          `group_member`.`role`
+        FROM
+          `group_member`
+        LEFT JOIN
+          `user`
+        ON
+          `group_member`.`userID` = `user`.`userID`
+        WHERE
+          `groupID` = :groupID AND `group_member`.`role` = 'member'
+    ");
+
+    $stmt->bindParam(':groupID', $groupID);
+    if (!$stmt->execute()) {
+        return False;
+    }
+    return $stmt->fetchAll();
+}
+
+function upgradeUser(int $groupID, int $userID, string $role) {
+    if (!checkGroupAdmin($groupID, $_SESSION["userID"])) {
+        throw new AngryAlert("Geen toestemming om te wijzigen");
+    }
+
+    $stmt = prepareQuery("
+    UPDATE
+        `group_member`
+    SET
+        `role` = :role
+    WHERE 
+        `userID` = :userID AND `groupID` = :groupID
+    ");
+    $stmt->bindValue(":groupID", $groupID);
+    $stmt->bindValue(":userID", $userID);
+    $stmt->bindValue(":role", $role);
+    $stmt->execute();
+    if ($stmt->rowCount()) {
+        throw new HappyAlert("Permissie aangepast!");
+    } else {
+        throw new AngryAlert("Er is iets mis gegaan");
+    }
 }
\ No newline at end of file
diff --git a/website/queries/settings.php b/website/queries/settings.php
index 9b17d17..26237ec 100644
--- a/website/queries/settings.php
+++ b/website/queries/settings.php
@@ -148,6 +148,10 @@ function doChangePassword() {
     }
 }
 
+/**
+ * Changes the users email if it is valid.
+ * @throws AngryAlert
+ */
 function changeEmail() {
 
     if (test_input($_POST["email"]) == test_input($_POST["email-confirm"])) {
@@ -164,6 +168,11 @@ function changeEmail() {
     }
 }
 
+/**
+ * Checks if an emailadres is available in the database.
+ * @param $email
+ * @throws AngryAlert
+ */
 function emailIsAvailableInDatabase($email) {
     $stmt = prepareQuery("
     SELECT
@@ -181,6 +190,12 @@ function emailIsAvailableInDatabase($email) {
     }
 }
 
+/**
+ * Does the actual changing of an email-adress.
+ * @param $email
+ * @throws AngryAlert
+ * @throws HappyAlert
+ */
 function doChangeEmail($email) {
     $stmt = prepareQuery("
     UPDATE
diff --git a/website/views/groupAdmin.php b/website/views/groupAdmin.php
index a28553e..54fbee8 100644
--- a/website/views/groupAdmin.php
+++ b/website/views/groupAdmin.php
@@ -85,6 +85,35 @@ $groupinfo = getGroupSettings($_GET["groupID"]);
                 </li>
             </ul>
         </form>
+        <form class="platform" method="post">
+            <h5>Voeg een admin/mod toe</h5>
+            <ul>
+                <il>
+                    <input name="groupID" value="<?=$_GET["groupID"]?>" type="hidden">
+                    <label>Selecteer gebruiker</label>
+                    <select name="userID">
+                        <option disabled selected>Geen gebruiker geselecteerd:</option>
+                        <?php
+                        $groupMembers = getAllGroupMembers($_GET["groupID"]);
+                        foreach ($groupMembers as $groupMember) {?>
+                            <option value="<?=$groupMember["userID"]?>">
+                                <?=$groupMember["fullname"]?> (<?=$groupMember["username"]?>)
+                            </option>
+                        <?php } ?>
+                    </select>
+                    <button name="form"
+                            value="admin"
+                    >
+                        Maak Admin
+                    </button>
+                    <button name="form"
+                            value="mod"
+                    >
+                        Maak Moderator
+                    </button>
+                </il>
+            </ul>
+        </form>
         <div class="platform">
             <ul>
                 <li>