Update Permissions User Roles & Permissions using multiple checkboxes in PHP-CodePudding

I am making a project in which their are multiple users with different roles & permissions. Each user according to his role have permissions to (access, create, update, delete). I have made a piece of code but whenever I try to update a role permissions it doesn't update the right table columns.

#PERMISSIONS table structure

#PERMISSIONS FORM


<form id="updatePermissionForm">

    <input type="hidden" value="<?= $role_id ?>" name="role_id">
    <input type="hidden" value="update_role" name="action">

    <div >
        <table >
            <thead>
                <tr>
                    <th >Module Permission</th>
                    <th >Accès</th>
                    <th >Ecrire</th>
                    <th >Modifier</th>
                    <th >Supprimer</th>
                </tr>
            </thead>
            <tbody>
                <?php foreach($permissions as $prm) : ?>                                        
                    <tr>
                        <td>
                            <i ></i> <?= moduleName($prm->module_id);?> 
                            <input type="hidden" value="<?= $prm->module_id ?>" name="module_id[]" >
                        </td>       
                        <td >
                            <input  type="checkbox" <?= ($prm->can_access) ? 'checked="checked"' : ''; ?> name="can_access[]" value="<?= $prm->can_access ?>">
                        </td>                
                        <td >
                            <input type="checkbox" <?= ($prm->can_create) ? 'checked="checked"' : ''; ?> name="can_create[]" value="<?= $prm->can_create ?>">
                        </td>
                        <td >
                            <input type="checkbox" <?= ($prm->can_update) ? 'checked="checked"' : ''; ?> name="can_update[]" value="<?= $prm->can_update ?>">
                        </td>
                        <td >
                            <input  type="checkbox" <?= ($prm->can_delete) ? 'checked="checked"' : ''; ?> name="can_delete[]" value="<?= $prm->can_delete ?>">
                        </td>
                    </tr>

                <?php endforeach; ?>
            </tbody>
        </table>
    </div>

    <div >
        <button  id="updatePermissionBtn" type="submit" >Sauvegarder</button>
    </div>
    
</form>

#AJAX

$(document.body).on('submit',  "#updatePermissionForm", function(e){
    e.preventDefault()     
    
    $.ajax({

        type: "POST",
        url: `ajax/roles/roles_actions.php`,
        data: new FormData(this),
        dataType: 'json',
        contentType: false,
        cache: false,
        processData: false,
        dataType: "json",

        beforeSend: function() {
            $("#updatePermissionBtn").prop("disabled", true);
            $("#updatePermissionBtn").html('<i ></i>  Sauvegarde en cours ...');
        },
        success: function(response) {
            $("#updatePermissionBtn").prop("disabled", false);
            $("#updatePermissionBtn").html("Sauvegader");

            if (response.status == 1) {
                Swal.fire("Succès!", response.message, "success");
                
            } else {                            
                Swal.fire("Attention!", response.message, "error");
            }
        },
    });
});

#roles_actions.php

if(isset($_POST["action"])){
     if($_POST['action'] == 'update_role'){
      
        foreach ($_POST['module_id'] as $key => $value) {

            $query = "UPDATE `permissions` SET
                            can_access=:can_access,
                            can_create=:can_create,
                            can_update=:can_update,
                            can_delete=:can_delete
                            
                        WHERE role_id=:role_id 
                        AND   module_id=:module_id
            ";

            $can_access = empty($_POST['can_access'][$value]) ? 0 : 1;
            $can_create = empty($_POST['can_create'][$value]) ? 0 : 1;
            $can_update = empty($_POST['can_update'][$value]) ? 0 : 1;
            $can_delete = empty($_POST['can_delete'][$value]) ? 0 : 1;

            $stmt = $PDO->prepare($query);  
           
            $stmt->bindParam(':can_access', $can_access, PDO::PARAM_INT);
            $stmt->bindParam(':can_create', $can_create, PDO::PARAM_INT);
            $stmt->bindParam(':can_update', $can_update, PDO::PARAM_INT);
            $stmt->bindParam(':can_delete', $can_delete, PDO::PARAM_INT);
            $stmt->bindParam(':role_id'   , $_POST['role_id']   , PDO::PARAM_INT);
            $stmt->bindParam(':module_id' ,$_POST['module_id'][$key] , PDO::PARAM_INT);
            $stmt->execute();
            
            if($stmt){    
                $response['status'] = 1;
                $response['message'] = 'Permission du rôle ont été mise à jour avec succès!';
            }
        }
    }

}
echo json_encode($response);

Did I missed something here?

CodePudding user response：

You should change two things in your solution:

in the <form> change how you structure your name attributes, from this:

<input ... name="can_update[]" value="<?= $prm->can_update ?>">

to something like this:

<input ... name="permission[<?= $prm->module_id ?>][can_update]" value="1">

which will produce something like this (e.g. module_id = 2):

<input type="checkbox" checked name="permission[2][can_update]" value="1">

and will be accessed in php via $_POST['permission'][2]['can_update']=1

Then in the roles_actions.php:

Change how you search for permissions in $_POST:

<?php
...

foreach ($_POST['module_id'] as $module_id) {
    ...
    $can_update = empty($_POST['permission'][$module_id]['can_update']) ? 0 : 1;
    ...