$success_detected[] = _T("Member account has been modified.");
}
- //store requested groups
- $groups_adh = $post['groups_adh'] ?? null;
- $managed_groups_adh = $post['groups_managed_adh'] ?? null;
-
- //add/remove user from groups
- $add_groups = Groups::addMemberToGroups(
- $member,
- $groups_adh
- );
+ if ($this->login->isGroupManager()) {
+ //store requested groups
+ $groups_adh = $post['groups_adh'] ?? null;
+ $managed_groups_adh = $post['groups_managed_adh'] ?? null;
+
+ //add/remove user from groups
+ $add_groups = Groups::addMemberToGroups(
+ $member,
+ $groups_adh
+ );
- if ($add_groups === false) {
- $error_detected[] = _T("An error occurred adding member to its groups.");
- }
+ if ($add_groups === false) {
+ $error_detected[] = _T("An error occurred adding member to its groups.");
+ }
- //add/remove manager from groups
- $add_groups = Groups::addMemberToGroups(
- $member,
- $managed_groups_adh,
- true
- );
- $member->loadGroups();
+ //add/remove manager from groups
+ $add_groups = Groups::addMemberToGroups(
+ $member,
+ $managed_groups_adh,
+ true
+ );
+ $member->loadGroups();
- if ($add_groups === false) {
- $error_detected[] = _T("An error occurred adding member to its groups as manager.");
+ if ($add_groups === false) {
+ $error_detected[] = _T("An error occurred adding member to its groups as manager.");
+ }
}
} else {
//something went wrong :'(
*/
public static function addMemberToGroups($adh, $groups, $manager = false, $transaction = false)
{
- global $zdb;
+ global $zdb, $login;
+
+ $managed_groups = [];
+ if (!$login->isSuperAdmin() && !$login->isAdmin() && !$login->isStaff()) {
+ $managed_groups = $login->getManagedGroups();
+ }
+
try {
if ($transaction === false) {
$zdb->connection->beginTransaction();
//first, remove current groups members
$delete = $zdb->delete($table);
$delete->where([Adherent::PK => $adh->id]);
+ if (count($managed_groups)) {
+ $delete->where->in(Group::PK, $managed_groups);
+ }
$zdb->execute($delete);
$msg = null;
foreach ($groups as $group) {
list($gid, $gname) = explode('|', $group);
+ if (count($managed_groups) && !in_array($gid, $managed_groups)) {
+ continue;
+ }
+
$result = $stmt->execute(
array(
'group' => $gid,