From f4bc5f53024721a970cf06e0d8297d89bc5d959a Mon Sep 17 00:00:00 2001
From: Mr SL1D3R <76396365+Mr-sl1d3r@users.noreply.github.com>
Date: Fri, 5 Dec 2025 09:07:35 +0100
Subject: [PATCH] Fixate viste

---
 php/admin/bibliotecari.php | 79 ++++++--------------------------------
 php/admin/users.php        | 52 +++++++------------------
 2 files changed, 25 insertions(+), 106 deletions(-)

diff --git a/php/admin/bibliotecari.php b/php/admin/bibliotecari.php
index 5cbc07a..c650d9c 100644
--- a/php/admin/bibliotecari.php
+++ b/php/admin/bibliotecari.php
@@ -13,21 +13,7 @@ $msg = null; $err = null;
 // Azioni POST
 if ($_SERVER['REQUEST_METHOD'] === 'POST') {
     $azione = $_POST['azione'] ?? '';
-    if ($azione === 'set_ruolo') {
-        $userId = (int)($_POST['user_id'] ?? 0);
-        $roleId = (int)($_POST['role_id'] ?? 0); // 2=bibliotecario, 3=utente
-        if ($userId > 0 && in_array($roleId, [2,3], true)) {
-            $oggi = date('Y-m-d');
-            $sql = "INSERT INTO `permission` (user_id, role, data) VALUES ($userId, $roleId, '$oggi')";
-            if (mysqli_query($conn, $sql)) {
-                $msg = 'Ruolo aggiornato';
-            } else {
-                $err = 'Errore aggiornamento ruolo';
-            }
-        } else {
-            $err = 'Dati ruolo non validi';
-        }
-    } elseif ($azione === 'crea_bibliotecario') {
+    if ($azione === 'crea_bibliotecario') {
         // Creazione nuovo account bibliotecario manuale
         $nome = trim($_POST['nome'] ?? '');
         $cognome = trim($_POST['cognome'] ?? '');
@@ -82,23 +68,22 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
     }
 }
 
-// Query elenco bibliotecari
+// Query elenco bibliotecari correnti, basata sul ruolo più recente
 $sql_b = "SELECT u.user_id, u.descrizione AS username, p.nome, p.cognome, p.cod_fiscale, p.telefono
           FROM `user` u
           JOIN `person` p ON p.id_persona = u.person_id
           LEFT JOIN `permission` pm ON pm.user_id = u.user_id
+              AND pm.data = (SELECT MAX(pm2.data) FROM `permission` pm2 WHERE pm2.user_id = u.user_id)
+              AND pm.role = (
+                  SELECT MIN(pm3.role)
+                  FROM `permission` pm3
+                  WHERE pm3.user_id = u.user_id AND pm3.data = pm.data
+              )
           WHERE pm.role = 2
-          GROUP BY u.user_id, u.descrizione, p.nome, p.cognome, p.cod_fiscale, p.telefono";
+          ORDER BY u.user_id ASC";
 $biblios = mysqli_query($conn, $sql_b);
 
-// Query elenco utenti con ultimo ruolo
-$sql_u = "SELECT u.user_id, u.descrizione AS username, COALESCE(r.name,'utente') AS ruolo
-          FROM `user` u
-          LEFT JOIN `permission` pm ON pm.user_id = u.user_id
-          LEFT JOIN `role` r ON r.id = pm.role
-          GROUP BY u.user_id
-          ORDER BY u.user_id ASC";
-$utenti = mysqli_query($conn, $sql_u);
+ 
 ?>
 <!DOCTYPE html>
 <html lang="it">
@@ -207,49 +192,7 @@ $utenti = mysqli_query($conn, $sql_u);
       </section>
     </div>
 
-    <section class="mt-8 bg-white shadow rounded p-4 border border-[#e5e7eb]">
-      <h2 class="text-lg font-semibold mb-3">Utenti e Ruoli</h2>
-      <div class="overflow-x-auto">
-        <table class="min-w-full divide-y divide-gray-200">
-          <thead class="bg-gray-50">
-            <tr>
-              <th class="px-4 py-2 text-left text-xs font-medium text-gray-500 uppercase tracking-wider">ID</th>
-              <th class="px-4 py-2 text-left text-xs font-medium text-gray-500 uppercase tracking-wider">Username</th>
-              <th class="px-4 py-2 text-left text-xs font-medium text-gray-500 uppercase tracking-wider">Ruolo</th>
-              <th class="px-4 py-2 text-left text-xs font-medium text-gray-500 uppercase tracking-wider">Azione</th>
-            </tr>
-          </thead>
-          <tbody class="bg-white divide-y divide-gray-200">
-            <?php if ($utenti && mysqli_num_rows($utenti) > 0): ?>
-              <?php while ($u = mysqli_fetch_assoc($utenti)): ?>
-                <tr class="hover:bg-gray-50">
-                  <td class="px-4 py-2 text-sm text-gray-700"><?php echo (int)$u['user_id']; ?></td>
-                  <td class="px-4 py-2 text-sm text-gray-700"><?php echo htmlspecialchars($u['username']); ?></td>
-                  <td class="px-4 py-2 text-sm">
-                    <span class="px-2 py-1 rounded bg-[#84dd63] text-[#1f2937] text-xs font-medium"><?php echo htmlspecialchars($u['ruolo']); ?></span>
-                  </td>
-                  <td class="px-4 py-2 text-sm">
-                    <form method="post" class="inline">
-                      <input type="hidden" name="azione" value="set_ruolo" />
-                      <input type="hidden" name="user_id" value="<?php echo (int)$u['user_id']; ?>" />
-                      <?php if ($u['ruolo'] !== 'bibliotecario'): ?>
-                        <input type="hidden" name="role_id" value="2" />
-                        <button class="px-3 py-1 bg-[#6baa75] text-white rounded hover:bg-[#84dd63]">Promuovi a Bibliotecario</button>
-                      <?php else: ?>
-                        <input type="hidden" name="role_id" value="3" />
-                        <button class="px-3 py-1 bg-[#69747c] text-white rounded hover:bg-[#545454]">Retrocedi a Utente</button>
-                      <?php endif; ?>
-                    </form>
-                  </td>
-                </tr>
-              <?php endwhile; ?>
-            <?php else: ?>
-              <tr><td colspan="4" class="px-4 py-6 text-center text-sm text-gray-500">Nessun utente</td></tr>
-            <?php endif; ?>
-          </tbody>
-        </table>
-      </div>
-    </section>
+    
   </main>
 </body>
 </html>
diff --git a/php/admin/users.php b/php/admin/users.php
index c122eae..d5773fa 100644
--- a/php/admin/users.php
+++ b/php/admin/users.php
@@ -23,7 +23,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
         $telefono = preg_replace('/\D+/', '', $_POST['telefono'] ?? '');
         $username = trim($_POST['username'] ?? '');
         $password = trim($_POST['password'] ?? '');
-        $role_id = (int)($_POST['role_id'] ?? 3); // default utente
+        $role_id = 3;
 
         $errors = [];
         if ($nome === '' || $cognome === '' || $luogo_nascita === '') $errors[] = 'Campi anagrafici obbligatori';
@@ -34,7 +34,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
         if ($password === '' || preg_match('/\s/', $password) || strlen($password) < 8 || !preg_match('/[a-z]/', $password) || !preg_match('/[A-Z]/', $password) || !preg_match('/[^a-zA-Z0-9]/', $password)) {
             $errors[] = 'Password non conforme ai requisiti';
         }
-        if (!in_array($role_id, [2,3], true)) $errors[] = 'Ruolo non valido';
+        
 
         $username_e = mysqli_real_escape_string($conn, $username);
         $check = mysqli_query($conn, "SELECT user_id FROM `user` WHERE descrizione = '$username_e' LIMIT 1");
@@ -125,30 +125,22 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
                 else { $error = 'Errore eliminazione utente'; }
             } else { $error = 'Utente non trovato'; }
         }
-    } elseif ($azione === 'set_ruolo') {
-        $userId = (int)($_POST['user_id'] ?? 0);
-        $roleId = (int)($_POST['role_id'] ?? 0);
-        if ($userId > 0 && in_array($roleId, [2,3], true)) {
-            $oggi = date('Y-m-d');
-            $sql = "INSERT INTO `permission` (user_id, role, data) VALUES ($userId, $roleId, '$oggi')";
-            if (mysqli_query($conn, $sql)) {
-                $msg = 'Ruolo aggiornato';
-            } else {
-                $error = 'Errore aggiornamento ruolo';
-            }
-        } else { $error = 'Dati ruolo non validi'; }
     }
 }
 
-// Query utenti con persona e ultimo ruolo assegnato
+// Query utenti con persona e ruolo corrente (ultimo per data, ruolo più alto in parità)
 $sql = "SELECT u.user_id, u.descrizione AS username, u.data AS registrato_il,
                p.nome, p.cognome, p.cod_fiscale, p.telefono,
-               COALESCE(r.name, 'utente') AS role_name
+               COALESCE((
+                   SELECT r.name
+                   FROM `permission` pm
+                   JOIN `role` r ON r.id = pm.role
+                   WHERE pm.user_id = u.user_id
+                   ORDER BY pm.data DESC, pm.role ASC
+                   LIMIT 1
+               ), 'utente') AS role_name
         FROM `user` u
         JOIN `person` p ON p.id_persona = u.person_id
-        LEFT JOIN `permission` pm ON pm.user_id = u.user_id
-            AND pm.data = (SELECT MAX(pm2.data) FROM `permission` pm2 WHERE pm2.user_id = u.user_id)
-        LEFT JOIN `role` r ON r.id = pm.role
         ORDER BY u.user_id ASC";
 
 $result = mysqli_query($conn, $sql);
@@ -200,7 +192,7 @@ if ($editId > 0) {
 
     <!-- Crea Utente/Bibliotecario -->
     <section class="bg-white shadow rounded p-4 border border-[#e5e7eb] mb-6">
-      <h2 class="text-lg font-semibold mb-3">Crea Utente / Bibliotecario</h2>
+      <h2 class="text-lg font-semibold mb-3">Crea Utente</h2>
       <form method="post" class="grid grid-cols-1 md:grid-cols-2 gap-3">
         <input type="hidden" name="azione" value="create_user" />
         <div>
@@ -238,13 +230,7 @@ if ($editId > 0) {
           <label class="block text-sm text-gray-600">Password</label>
           <input type="password" name="password" required class="mt-1 w-full border rounded px-3 py-2" />
         </div>
-        <div class="md:col-span-2">
-          <label class="block text-sm text-gray-600">Ruolo</label>
-          <select name="role_id" class="mt-1 w-full border rounded px-3 py-2">
-            <option value="3">Utente</option>
-            <option value="2">Bibliotecario</option>
-          </select>
-        </div>
+        
         <div class="md:col-span-2 mt-2">
           <button class="px-4 py-2 bg-[#6baa75] text-white rounded hover:bg-[#84dd63]">Crea</button>
         </div>
@@ -338,17 +324,7 @@ if ($editId > 0) {
                       <input type="hidden" name="user_id" value="<?php echo (int)$row['user_id']; ?>" />
                       <button class="px-3 py-1 bg-red-600 text-white rounded hover:bg-red-700">Elimina</button>
                     </form>
-                    <form method="post" class="inline">
-                      <input type="hidden" name="azione" value="set_ruolo" />
-                      <input type="hidden" name="user_id" value="<?php echo (int)$row['user_id']; ?>" />
-                      <?php if ($row['role_name'] !== 'bibliotecario'): ?>
-                        <input type="hidden" name="role_id" value="2" />
-                        <button class="px-3 py-1 bg-[#69747c] text-white rounded hover:bg-[#545454]">Promuovi a Bibliotecario</button>
-                      <?php else: ?>
-                        <input type="hidden" name="role_id" value="3" />
-                        <button class="px-3 py-1 bg-[#69747c] text-white rounded hover:bg-[#545454]">Retrocedi a Utente</button>
-                      <?php endif; ?>
-                    </form>
+                    
                   </div>
                 </td>
               </tr>