New feature - allow operators to restrict viewing permissions of sample variables (Requires new table)

admin/samplelist.php

@@ -82,6 +82,36 @@ if (isset($_POST['submit']))
 	$_GET['edit'] = $sample_import_id;
 }
 
+if (isset($_POST['submitvp']))
+{
+	$sample_import_id = intval($_POST['sample_import_id']);
+	
+	unset($_POST['submitvp']);
+	unset($_POST['sample_import_id']);
+
+	$db->StartTrans();
+	
+	$sql = "UPDATE sample_import_var_restrict
+		SET `restrict` = 1
+		WHERE sample_import_id = $sample_import_id";
+
+	$db->Execute($sql);
+
+	foreach($_POST as $p => $val)
+	{
+		$sql = "UPDATE sample_import_var_restrict
+			SET `restrict` = 0
+			WHERE sample_import_id = $sample_import_id
+			AND `var` LIKE " . $db->qstr($p);
+
+		$db->Execute($sql);	
+	}	
+	
+	$db->CompleteTrans();
+
+	$_GET['view'] = $sample_import_id;
+}
+
 if (isset($_GET['rename']))
 {
 	xhtml_head(T_("Rename"),true,array("../css/table.css"));
@@ -110,6 +140,63 @@ if (isset($_GET['rename']))
 	exit();
 }
 
+
+if (isset($_GET['view']))
+{
+	xhtml_head(T_("Operator viewing permissions"),true,array("../css/table.css"));
+
+	$sample_import_id = intval($_GET['view']);
+
+	$sql = "SELECT sample_id
+		FROM `sample`
+		WHERE import_id = $sample_import_id";
+	
+	$sample_id = $db->GetOne($sql);
+
+	$sql = "SELECT si.description, sv.val, sv.var,
+		CONCAT('<input type=\'checkbox\' ', CASE WHEN (sir.restrict IS NULL || sir.restrict = 0) THEN 'checked=\"checked\"' ELSE '' END   ,' name=\'',sv.var,'\' value=\'11\'/>') as box,
+		sir.restrict IS NULL as existss
+		FROM sample_import as si
+		JOIN `sample` as s ON (s.import_id = si.sample_import_id AND s.sample_id = $sample_id)
+		JOIN sample_var as sv ON (sv.sample_id = s.sample_id)
+		LEFT JOIN sample_import_var_restrict as sir ON (sir.sample_import_id = si.sample_import_id AND sir.var = sv.var)
+		WHERE si.sample_import_id = $sample_import_id";
+
+	$rs = $db->GetAll($sql);
+
+	//if not in restrict table, then insert
+	foreach($rs as $r)
+	{
+		if ($r['existss'] == 1)
+		{
+			$sql = "INSERT INTO sample_import_var_restrict (sample_import_id,var,`restrict`)
+				VALUES ($sample_import_id,'{$r['var']}',0)";
+
+			$db->Execute($sql);
+		}
+	}
+
+	print "<h2>" . T_("Operator viewing permissions") . ": " . $rs[0]['description'] . "</h2>";
+	echo "<p><a href='?'>" . T_("Go back") . "</a></p>";
+
+	print "<p>" . T_("Select which fields from this sample should be able to be viewed by operators") . "</p>";
+
+	?>
+	<form action="?" method="post">
+	<?php
+	xhtml_table($rs,array("var","val","box"),array(T_("Field"),T_("Example data"),T_("Allow operator to see?")));
+	?>
+	<div><input type='hidden' name='sample_import_id' value='<?php echo $sample_import_id;?>'/></div>
+	<div><input type="submit" name="submitvp" value="<?php echo T_("Save changes");?>"/></div>
+	</form>
+	<?php	
+
+	
+	xhtml_foot();
+	exit();
+}
+
+
 if (isset($_GET['edit']))
 {
 	xhtml_head(T_("Deidentify"),true,array("../css/table.css"));
@@ -179,6 +266,7 @@ $sql = "SELECT
 		END
 		as enabledisable,
 		CONCAT('<a href=\'?edit=',sample_import_id,'\'>" . T_("Deidentify") . "</a>')  as did,
+		CONCAT('<a href=\'?view=',sample_import_id,'\'>" . T_("Operator viewing permissions") . "</a>')  as vp,
 		CONCAT('<a href=\'?rename=',sample_import_id,'\'>" . T_("Rename") . "</a>')  as rname,
 		description
 	FROM sample_import";
@@ -187,8 +275,8 @@ $rs = $db->GetAll($sql);
 
 xhtml_head(T_("Sample list"),true,array("../css/table.css"));
 
-$columns = array("description","enabledisable","did","rname");
-$titles = array(T_("Sample"),T_("Enable/Disable"),T_("Deidentify"),T_("Rename"));
+$columns = array("description","enabledisable","did","vp","rname");
+$titles = array(T_("Sample"),T_("Enable/Disable"),T_("Deidentify"),T_("Operator viewing permissions"),T_("Rename"));
 
 xhtml_table($rs,$columns,$titles);