Context Navigation

source: extensions/community/admin_permissions.php @ 11217

Last change on this file since 11217 was 10772, checked in by plg, 13 years ago
bug 2293 fixed: use pwg_db_fetch_assoc instead of mysql_fetch_assoc for PostgreSQL compatibility, patch by leloupv
File size: 12.2 KB

Line
1	<?php
2	// +-----------------------------------------------------------------------+
3	// \| Piwigo - a PHP based picture gallery \|
4	// +-----------------------------------------------------------------------+
5	// \| Copyright(C) 2008-2011 Piwigo Team http://piwigo.org \|
6	// \| Copyright(C) 2003-2008 PhpWebGallery Team http://phpwebgallery.net \|
7	// \| Copyright(C) 2002-2003 Pierrick LE GALL http://le-gall.net/pierrick \|
8	// +-----------------------------------------------------------------------+
9	// \| This program is free software; you can redistribute it and/or modify \|
10	// \| it under the terms of the GNU General Public License as published by \|
11	// \| the Free Software Foundation \|
12	// \| \|
13	// \| This program is distributed in the hope that it will be useful, but \|
14	// \| WITHOUT ANY WARRANTY; without even the implied warranty of \|
15	// \| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU \|
16	// \| General Public License for more details. \|
17	// \| \|
18	// \| You should have received a copy of the GNU General Public License \|
19	// \| along with this program; if not, write to the Free Software \|
20	// \| Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, \|
21	// \| USA. \|
22	// +-----------------------------------------------------------------------+
23
24	if( !defined("PHPWG_ROOT_PATH") )
25	{
26	die ("Hacking attempt!");
27	}
28
29	include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
30	load_language('plugin.lang', COMMUNITY_PATH);
31
32	$admin_base_url = get_root_url().'admin.php?page=plugin-community-permissions';
33
34	$who_options = array(
35	'any_visitor' => l10n('any visitor'),
36	'any_registered_user' => l10n('any registered user'),
37	'user' => l10n('a specific user'),
38	'group' => l10n('a group'),
39	);
40
41	// +-----------------------------------------------------------------------+
42	// \| Check Access and exit when user status is not ok \|
43	// +-----------------------------------------------------------------------+
44
45	check_status(ACCESS_ADMINISTRATOR);
46
47	// +-----------------------------------------------------------------------+
48	// \| add permissions \|
49	// +-----------------------------------------------------------------------+
50
51	if (isset($_POST['submit_add']))
52	{
53	if (!in_array($_POST['who'], array_keys($who_options)))
54	{
55	die('hacking attempt: invalid "who" option');
56	}
57
58	if ('user' == $_POST['who'])
59	{
60	check_input_parameter('who_user', $_POST, false, PATTERN_ID);
61	}
62
63	if ('group' == $_POST['who'])
64	{
65	check_input_parameter('who_group', $_POST, false, PATTERN_ID);
66	}
67
68	if (-1 != $_POST['category'])
69	{
70	check_input_parameter('category', $_POST, false, PATTERN_ID);
71	}
72
73	check_input_parameter('moderated', $_POST, false, '/^(true\|false)$/');
74
75	// creating the permission
76	$insert = array(
77	'type' => $_POST['who'],
78	'group_id' => ('group' == $_POST['who']) ? $_POST['who_group'] : null,
79	'user_id' => ('user' == $_POST['who']) ? $_POST['who_user'] : null,
80	'category_id' => ($_POST['category'] > 0) ? $_POST['category'] : null,
81	'recursive' => isset($_POST['recursive']) ? 'true' : 'false',
82	'create_subcategories' => isset($_POST['create_subcategories']) ? 'true' : 'false',
83	'moderated' => $_POST['moderated'],
84	);
85
86	// does this permission already exist?
87	//
88	// a permission is identified by a who+where
89	$query = '
90	SELECT
91	id
92	FROM '.COMMUNITY_PERMISSIONS_TABLE.'
93	WHERE type = \''.$insert['type'].'\'
94	AND user_id '.(isset($insert['user_id']) ? '= '.$insert['user_id'] : 'is null').'
95	AND group_id '.(isset($insert['group_id']) ? '= '.$insert['group_id'] : 'is null').'
96	AND category_id '.(isset($insert['category_id']) ? '= '.$insert['category_id'] : 'is null').'
97	;';
98	$result = pwg_query($query);
99	$row = pwg_db_fetch_assoc($result);
100	if (isset($row['id']))
101	{
102	if (isset($_POST['edit']))
103	{
104	check_input_parameter('edit', $_POST, false, PATTERN_ID);
105
106	if ($_POST['edit'] != $row['id'])
107	{
108	// we have to delete the edited permission
109	$query = '
110	DELETE
111	FROM '.COMMUNITY_PERMISSIONS_TABLE.'
112	WHERE id = '.$_POST['edit'].'
113	;';
114	pwg_query($query);
115	}
116	}
117
118	$_POST['edit'] = $row['id'];
119	}
120
121	if (isset($_POST['edit']))
122	{
123	check_input_parameter('edit', $_POST, false, PATTERN_ID);
124
125	$insert['id'] = $_POST['edit'];
126
127	mass_updates(
128	COMMUNITY_PERMISSIONS_TABLE,
129	array(
130	'primary' => array('id'),
131	'update' => array_keys($insert),
132	),
133	array($insert)
134	);
135
136	$page['highlight'] = $insert['id'];
137
138	array_push(
139	$page['infos'],
140	l10n('Permission updated')
141	);
142	}
143	else
144	{
145	mass_inserts(
146	COMMUNITY_PERMISSIONS_TABLE,
147	array_keys($insert),
148	array($insert)
149	);
150
151	$page['highlight'] = pwg_db_insert_id(COMMUNITY_PERMISSIONS_TABLE);
152
153	array_push(
154	$page['infos'],
155	l10n('Permission added')
156	);
157	}
158
159	community_update_cache_key();
160	}
161
162	// +-----------------------------------------------------------------------+
163	// \| remove permissions \|
164	// +-----------------------------------------------------------------------+
165
166	if (isset($_GET['delete']))
167	{
168	check_input_parameter('delete', $_GET, false, PATTERN_ID);
169
170	$query = '
171	DELETE
172	FROM '.COMMUNITY_PERMISSIONS_TABLE.'
173	WHERE id = '.$_GET['delete'].'
174	;';
175	pwg_query($query);
176
177	community_update_cache_key();
178
179	$_SESSION['page_infos'] = array(l10n('Permission removed'));
180	redirect($admin_base_url);
181	}
182
183	// +-----------------------------------------------------------------------+
184	// \| template init \|
185	// +-----------------------------------------------------------------------+
186
187	$template->set_filenames(
188	array(
189	'plugin_admin_content' => dirname(__FILE__).'/admin_permissions.tpl'
190	)
191	);
192
193	// +-----------------------------------------------------------------------+
194	// \| prepare form \|
195	// +-----------------------------------------------------------------------+
196
197	// edit mode?
198	if (isset($_GET['edit']))
199	{
200	check_input_parameter('edit', $_GET, false, PATTERN_ID);
201
202	$query = '
203	SELECT
204	*
205	FROM '.COMMUNITY_PERMISSIONS_TABLE.'
206	WHERE id = '.$_GET['edit'].'
207	;';
208	$result = pwg_query($query);
209	$row = pwg_db_fetch_assoc($result);
210
211	if (isset($row['id']))
212	{
213	$category_options_selected = $row['category_id'];
214
215	$template->assign(
216	array(
217	'edit' => $row['id'],
218	'who_options_selected' => $row['type'],
219	'user_options_selected' => $row['user_id'],
220	'group_options_selected' => $row['group_id'],
221	'recursive' => get_boolean($row['recursive']),
222	'create_subcategories' => get_boolean($row['create_subcategories']),
223	'moderated' => get_boolean($row['moderated']),
224	)
225	);
226	}
227	}
228	else
229	{
230	$template->assign(
231	array(
232	'moderated' => true,
233	)
234	);
235	}
236
237	// who options
238	$template->assign(
239	array(
240	'who_options' => $who_options,
241	)
242	);
243
244	// list of users
245	$users = array();
246
247	$query = '
248	SELECT
249	'.$conf['user_fields']['id'].' AS id,
250	'.$conf['user_fields']['username'].' AS username
251	FROM '.USERS_TABLE.' AS u
252	INNER JOIN '.USER_INFOS_TABLE.' AS uf ON uf.user_id = id
253	WHERE uf.status IN (\'normal\',\'generic\')
254	;';
255	$result = pwg_query($query);
256	while ($row = pwg_db_fetch_assoc($result))
257	{
258	$users[$row['id']] = $row['username'];
259	}
260
261	natcasesort($users);
262
263	$template->assign(
264	array(
265	'user_options' => $users,
266	)
267	);
268
269	// list of groups
270	$groups = array();
271
272	$query = '
273	SELECT
274	id,
275	name
276	FROM '.GROUPS_TABLE.'
277	;';
278	$result = pwg_query($query);
279	while ($row = pwg_db_fetch_assoc($result))
280	{
281	$groups[$row['id']] = $row['name'];
282	}
283
284	natcasesort($groups);
285
286	$template->assign(
287	array(
288	'group_options' => $groups,
289	)
290	);
291
292
293	$template->assign(
294	array(
295	'F_ADD_ACTION' => COMMUNITY_BASE_URL.'-'.$page['tab'],
296	)
297	);
298
299	// list of albums
300	$query = '
301	SELECT id,name,uppercats,global_rank
302	FROM '.CATEGORIES_TABLE.'
303	;';
304
305	display_select_cat_wrapper(
306	$query,
307	isset($category_options_selected) ? $category_options_selected : array(),
308	'category_options'
309	);
310
311	// +-----------------------------------------------------------------------+
312	// \| permission list \|
313	// +-----------------------------------------------------------------------+
314
315	// user with community permissions
316	$query = '
317	SELECT
318	*
319	FROM '.COMMUNITY_PERMISSIONS_TABLE.'
320	ORDER BY id DESC
321	;';
322	$result = pwg_query($query);
323
324	$permissions = array();
325	$user_ids = array();
326	$group_ids = array();
327	$category_ids = array();
328
329	while ($row = pwg_db_fetch_assoc($result))
330	{
331	array_push($permissions, $row);
332
333	if (!empty($row['user_id']))
334	{
335	array_push($user_ids, $row['user_id']);
336	}
337
338	if (!empty($row['group_id']))
339	{
340	array_push($group_ids, $row['group_id']);
341	}
342
343	if (!empty($row['category_id']))
344	{
345	array_push($category_ids, $row['category_id']);
346	}
347	}
348
349	if (!empty($user_ids))
350	{
351	$query = '
352	SELECT
353	'.$conf['user_fields']['id'].' AS id,
354	'.$conf['user_fields']['username'].' AS username
355	FROM '.USERS_TABLE.'
356	WHERE '.$conf['user_fields']['id'].' IN ('.implode(',', $user_ids).')
357	;';
358	$result = pwg_query($query);
359	while ($row = pwg_db_fetch_assoc($result))
360	{
361	$name_of_user[ $row['id'] ] = $row['username'];
362	}
363	}
364
365	if (!empty($group_ids))
366	{
367	$query = '
368	SELECT
369	id,
370	name
371	FROM '.GROUPS_TABLE.'
372	WHERE id IN ('.implode(',', $group_ids).')
373	;';
374	$result = pwg_query($query);
375	while ($row = pwg_db_fetch_assoc($result))
376	{
377	$name_of_group[ $row['id'] ] = $row['name'];
378	}
379	}
380
381	if (!empty($category_ids))
382	{
383	$query = '
384	SELECT
385	id,
386	uppercats
387	FROM '.CATEGORIES_TABLE.'
388	WHERE id IN ('.implode(',', $category_ids).')
389	;';
390	$result = pwg_query($query);
391
392	while ($row = pwg_db_fetch_assoc($result))
393	{
394	$name_of_category[ $row['id'] ] = get_cat_display_name_cache(
395	$row['uppercats'],
396	null,
397	false
398	);
399	}
400	}
401
402	foreach ($permissions as $permission)
403	{
404	$where = l10n('The whole gallery');
405	if (isset($permission['category_id']))
406	{
407	$where = $name_of_category[ $permission['category_id'] ];
408	}
409
410	$who = l10n('any visitor');
411	if ('any_registered_user' == $permission['type'])
412	{
413	$who = l10n('any registered user');
414	}
415	elseif ('user' == $permission['type'])
416	{
417	$who = sprintf(
418	l10n('%s (the user)'),
419	$name_of_user[$permission['user_id']]
420	);
421	}
422	elseif ('group' == $permission['type'])
423	{
424	$who = sprintf(
425	l10n('%s (the group)'),
426	$name_of_group[$permission['group_id']]
427	);
428	}
429
430	$trust = l10n('low trust');
431	$trust_tooltip = l10n('uploaded photos must be validated by an administrator');
432	if ('false' == $permission['moderated'])
433	{
434	$trust = l10n('high trust');
435	$trust_tooltip = l10n('uploaded photos are directly displayed in the gallery');
436	}
437
438	$highlight = false;
439	if (isset($_GET['edit']) and $permission['id'] == $_GET['edit'])
440	{
441	$highlight = true;
442	}
443	if (isset($page['highlight']) and $permission['id'] == $page['highlight'])
444	{
445	$highlight = true;
446	}
447
448
449	$template->append(
450	'permissions',
451	array(
452	'WHO' => $who,
453	'WHERE' => $where,
454	'TRUST' => $trust,
455	'TRUST_TOOLTIP' => $trust_tooltip,
456	'RECURSIVE' => get_boolean($permission['recursive']),
457	'RECURSIVE_TOOLTIP' => l10n('Apply to sub-albums'),
458	'CREATE_SUBCATEGORIES' => get_boolean($permission['create_subcategories']),
459	'U_DELETE' => $admin_base_url.'&delete='.$permission['id'],
460	'U_EDIT' => $admin_base_url.'&edit='.$permission['id'],
461	'HIGHLIGHT' => $highlight,
462	)
463	);
464	}
465
466	// +-----------------------------------------------------------------------+
467	// \| sending html code \|
468	// +-----------------------------------------------------------------------+
469
470	$template->assign_var_from_handle('ADMIN_CONTENT', 'plugin_admin_content');
471	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: