From 795eb1e028e56194f4dc23089e0149c0b6acce0d Mon Sep 17 00:00:00 2001
From: Uwe Steinmann <steinm@debian.org>
Date: Tue, 12 Apr 2016 12:23:04 +0200
Subject: [PATCH] manage access restrictions

---
 op/op.RoleMgr.php                 |  2 ++
 views/bootstrap/class.RoleMgr.php | 12 ++++++++++++
 2 files changed, 14 insertions(+)

diff --git a/op/op.RoleMgr.php b/op/op.RoleMgr.php
index 73e0656b9..8b2080014 100644
--- a/op/op.RoleMgr.php
+++ b/op/op.RoleMgr.php
@@ -116,11 +116,13 @@ else if ($action == "editrole") {
 
 	$name    = $_POST["name"];
 	$role    = preg_replace('/[^0-2]+/', '', $_POST["role"]);
+	$noaccess = isset($_POST['noaccess']) ? $_POST['noaccess'] : null;
 	
 	if ($editedRole->getName() != $name)
 		$editedRole->setName($name);
 	if ($editedRole->getRole() != $role)
 		$editedRole->setRole($role);
+	$editedRole->setNoAccess($noaccess);
 
 	$session->setSplashMsg(array('type'=>'success', 'msg'=>getMLText('splash_edit_role')));
 	add_log_line(".php&action=editrole&roleid=".$roleid);
diff --git a/views/bootstrap/class.RoleMgr.php b/views/bootstrap/class.RoleMgr.php
index f807f8435..031d77238 100644
--- a/views/bootstrap/class.RoleMgr.php
+++ b/views/bootstrap/class.RoleMgr.php
@@ -149,6 +149,18 @@ $(document).ready( function() {
 			<td><?php printMLText("role_type");?>:</td>
 			<td><select name="role"><option value="<?php echo SeedDMS_Core_Role::role_user ?>"><?php printMLText("role_user"); ?></option><option value="<?php echo SeedDMS_Core_Role::role_admin ?>" <?php if($currRole && $currRole->getRole() == SeedDMS_Core_Role::role_admin) echo "selected"; ?>><?php printMLText("role_admin"); ?></option><option value="<?php echo SeedDMS_Core_Role::role_guest ?>" <?php if($currRole && $currRole->getRole() == SeedDMS_Core_Role::role_guest) echo "selected"; ?>><?php printMLText("role_guest"); ?></option></select></td>
 		</tr>
+<?php
+		if($currRole && $currRole->getRole() == SeedDMS_Core_Role::role_user) {
+			echo "<tr>";
+			echo "<td>".getMLText('restrict_access')."</td>";
+			echo "<td>";
+			foreach(array(S_DRAFT_REV, S_DRAFT_APP, S_IN_WORKFLOW, S_REJECTED, S_RELEASED, S_IN_REVISION, S_DRAFT, S_OBSOLETE) as $status) {
+				echo "<input type=\"checkbox\" name=\"noaccess[]\" value=\"".$status."\" ".(in_array($status, $currRole->getNoAccess()) ? "checked" : "")."> ".getOverallStatusText($status)."<br />";
+			}
+			echo "</td>";
+			echo "</tr>";
+		}
+?>
 		<tr>
 			<td></td>
 			<td><button type="submit" class="btn"><i class="icon-save"></i> <?php printMLText($currRole ? "save" : "add_role")?></button></td>