Context Navigation

source: extensions/community/admin_permissions.php @ 9510

Last change on this file since 9510 was 9510, checked in by plg, 13 years ago
edit a permission
File size: 11.2 KB

Line
1	<?php
2	// +-----------------------------------------------------------------------+
3	// \| Piwigo - a PHP based picture gallery \|
4	// +-----------------------------------------------------------------------+
5	// \| Copyright(C) 2008-2011 Piwigo Team http://piwigo.org \|
6	// \| Copyright(C) 2003-2008 PhpWebGallery Team http://phpwebgallery.net \|
7	// \| Copyright(C) 2002-2003 Pierrick LE GALL http://le-gall.net/pierrick \|
8	// +-----------------------------------------------------------------------+
9	// \| This program is free software; you can redistribute it and/or modify \|
10	// \| it under the terms of the GNU General Public License as published by \|
11	// \| the Free Software Foundation \|
12	// \| \|
13	// \| This program is distributed in the hope that it will be useful, but \|
14	// \| WITHOUT ANY WARRANTY; without even the implied warranty of \|
15	// \| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU \|
16	// \| General Public License for more details. \|
17	// \| \|
18	// \| You should have received a copy of the GNU General Public License \|
19	// \| along with this program; if not, write to the Free Software \|
20	// \| Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, \|
21	// \| USA. \|
22	// +-----------------------------------------------------------------------+
23
24	if( !defined("PHPWG_ROOT_PATH") )
25	{
26	die ("Hacking attempt!");
27	}
28
29	include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
30	load_language('plugin.lang', COMMUNITY_PATH);
31
32	$admin_base_url = get_root_url().'admin.php?page=plugin-community-permissions';
33
34	$who_options = array(
35	'any_visitor' => l10n('any visitor'),
36	'any_registered_user' => l10n('any registered user'),
37	'user' => l10n('a specific user'),
38	'group' => l10n('a group'),
39	);
40
41	// +-----------------------------------------------------------------------+
42	// \| Check Access and exit when user status is not ok \|
43	// +-----------------------------------------------------------------------+
44
45	check_status(ACCESS_ADMINISTRATOR);
46
47	// +-----------------------------------------------------------------------+
48	// \| add permissions \|
49	// +-----------------------------------------------------------------------+
50
51	if (isset($_POST['submit_add']))
52	{
53	if (!in_array($_POST['who'], array_keys($who_options)))
54	{
55	die('hacking attempt: invalid "who" option');
56	}
57
58	if ('user' == $_POST['who'])
59	{
60	check_input_parameter('who_user', $_POST, false, PATTERN_ID);
61	}
62
63	if ('group' == $_POST['who'])
64	{
65	check_input_parameter('who_group', $_POST, false, PATTERN_ID);
66	}
67
68	if (-1 != $_POST['category'])
69	{
70	check_input_parameter('category', $_POST, false, PATTERN_ID);
71	}
72
73	check_input_parameter('moderated', $_POST, false, '/^(true\|false)$/');
74
75	// creating the permission
76	$insert = array(
77	'type' => $_POST['who'],
78	'group_id' => ('group' == $_POST['who']) ? $_POST['who_group'] : null,
79	'user_id' => ('user' == $_POST['who']) ? $_POST['who_user'] : null,
80	'category_id' => ($_POST['category'] > 0) ? $_POST['category'] : null,
81	'recursive' => isset($_POST['recursive']) ? 'true' : 'false',
82	'create_subcategories' => isset($_POST['create_subcategories']) ? 'true' : 'false',
83	'moderated' => $_POST['moderated'],
84	);
85
86	if (isset($_POST['edit']))
87	{
88	check_input_parameter('edit', $_POST, false, PATTERN_ID);
89
90	$insert['id'] = $_POST['edit'];
91
92	mass_updates(
93	COMMUNITY_PERMISSIONS_TABLE,
94	array(
95	'primary' => array('id'),
96	'update' => array_keys($insert),
97	),
98	array($insert)
99	);
100
101	$page['highlight'] = $insert['id'];
102
103	array_push(
104	$page['infos'],
105	l10n('Permission updated')
106	);
107	}
108	else
109	{
110	mass_inserts(
111	COMMUNITY_PERMISSIONS_TABLE,
112	array_keys($insert),
113	array($insert)
114	);
115
116	$page['highlight'] = pwg_db_insert_id(COMMUNITY_PERMISSIONS_TABLE);
117
118	array_push(
119	$page['infos'],
120	l10n('Permission added')
121	);
122	}
123
124	conf_update_param('community_update', time());
125	}
126
127	// +-----------------------------------------------------------------------+
128	// \| remove permissions \|
129	// +-----------------------------------------------------------------------+
130
131	if (isset($_GET['delete']))
132	{
133	check_input_parameter('delete', $_GET, false, PATTERN_ID);
134
135	$query = '
136	DELETE
137	FROM '.COMMUNITY_PERMISSIONS_TABLE.'
138	WHERE id = '.$_GET['delete'].'
139	;';
140	pwg_query($query);
141
142	conf_update_param('community_update', time());
143
144	$_SESSION['page_infos'] = array(l10n('Permission removed'));
145	redirect($admin_base_url);
146	}
147
148	// +-----------------------------------------------------------------------+
149	// \| template init \|
150	// +-----------------------------------------------------------------------+
151
152	$template->set_filenames(
153	array(
154	'plugin_admin_content' => dirname(__FILE__).'/admin_permissions.tpl'
155	)
156	);
157
158	// +-----------------------------------------------------------------------+
159	// \| prepare form \|
160	// +-----------------------------------------------------------------------+
161
162	// edit mode?
163	if (isset($_GET['edit']))
164	{
165	check_input_parameter('edit', $_GET, false, PATTERN_ID);
166
167	$query = '
168	SELECT
169	*
170	FROM '.COMMUNITY_PERMISSIONS_TABLE.'
171	WHERE id = '.$_GET['edit'].'
172	;';
173	$result = pwg_query($query);
174	$row = pwg_db_fetch_assoc($result);
175
176	if (isset($row['id']))
177	{
178	$template->assign(
179	array(
180	'edit' => $row['id'],
181	'who_options_selected' => $row['type'],
182	'user_options_selected' => $row['user_id'],
183	'group_options_selected' => $row['group_id'],
184	'category_options_selected' => $row['category_id'],
185	'recursive' => get_boolean($row['recursive']),
186	'create_subcategories' => get_boolean($row['create_subcategories']),
187	'moderated' => get_boolean($row['moderated']),
188	)
189	);
190	}
191	}
192	else
193	{
194	$template->assign(
195	array(
196	'moderated' => true,
197	)
198	);
199	}
200
201	// who options
202	$template->assign(
203	array(
204	'who_options' => $who_options,
205	)
206	);
207
208	// list of users
209	$users = array();
210
211	$query = '
212	SELECT
213	'.$conf['user_fields']['id'].' AS id,
214	'.$conf['user_fields']['username'].' AS username
215	FROM '.USERS_TABLE.' AS u
216	INNER JOIN '.USER_INFOS_TABLE.' AS uf ON uf.user_id = id
217	WHERE uf.status IN (\'normal\',\'generic\')
218	;';
219	$result = pwg_query($query);
220	while ($row = pwg_db_fetch_assoc($result))
221	{
222	$users[$row['id']] = $row['username'];
223	}
224
225	natcasesort($users);
226
227	$template->assign(
228	array(
229	'user_options' => $users,
230	)
231	);
232
233	// list of groups
234	$groups = array();
235
236	$query = '
237	SELECT
238	id,
239	name
240	FROM '.GROUPS_TABLE.'
241	;';
242	$result = pwg_query($query);
243	while ($row = pwg_db_fetch_assoc($result))
244	{
245	$groups[$row['id']] = $row['name'];
246	}
247
248	natcasesort($groups);
249
250	$template->assign(
251	array(
252	'group_options' => $groups,
253	)
254	);
255
256
257	$template->assign(
258	array(
259	'F_ADD_ACTION' => COMMUNITY_BASE_URL.'-'.$page['tab'],
260	)
261	);
262
263	// list of albums
264	$query = '
265	SELECT id,name,uppercats,global_rank
266	FROM '.CATEGORIES_TABLE.'
267	;';
268
269	display_select_cat_wrapper(
270	$query,
271	array(),
272	'category_options'
273	);
274
275	// +-----------------------------------------------------------------------+
276	// \| permission list \|
277	// +-----------------------------------------------------------------------+
278
279	// user with community permissions
280	$query = '
281	SELECT
282	*
283	FROM '.COMMUNITY_PERMISSIONS_TABLE.'
284	ORDER BY id DESC
285	;';
286	$result = pwg_query($query);
287
288	$permissions = array();
289	$user_ids = array();
290	$group_ids = array();
291	$category_ids = array();
292
293	while ($row = mysql_fetch_assoc($result))
294	{
295	array_push($permissions, $row);
296
297	if (!empty($row['user_id']))
298	{
299	array_push($user_ids, $row['user_id']);
300	}
301
302	if (!empty($row['group_id']))
303	{
304	array_push($group_ids, $row['group_id']);
305	}
306
307	if (!empty($row['category_id']))
308	{
309	array_push($category_ids, $row['category_id']);
310	}
311	}
312
313	if (!empty($user_ids))
314	{
315	$query = '
316	SELECT
317	'.$conf['user_fields']['id'].' AS id,
318	'.$conf['user_fields']['username'].' AS username
319	FROM '.USERS_TABLE.'
320	WHERE '.$conf['user_fields']['id'].' IN ('.implode(',', $user_ids).')
321	;';
322	$result = pwg_query($query);
323	while ($row = pwg_db_fetch_assoc($result))
324	{
325	$name_of_user[ $row['id'] ] = $row['username'];
326	}
327	}
328
329	if (!empty($group_ids))
330	{
331	$query = '
332	SELECT
333	id,
334	name
335	FROM '.GROUPS_TABLE.'
336	WHERE id IN ('.implode(',', $group_ids).')
337	;';
338	$result = pwg_query($query);
339	while ($row = pwg_db_fetch_assoc($result))
340	{
341	$name_of_group[ $row['id'] ] = $row['name'];
342	}
343	}
344
345	if (!empty($category_ids))
346	{
347	$query = '
348	SELECT
349	id,
350	uppercats
351	FROM '.CATEGORIES_TABLE.'
352	WHERE id IN ('.implode(',', $category_ids).')
353	;';
354	$result = pwg_query($query);
355
356	while ($row = pwg_db_fetch_assoc($result))
357	{
358	$name_of_category[ $row['id'] ] = get_cat_display_name_cache(
359	$row['uppercats'],
360	null,
361	false
362	);
363	}
364	}
365
366	foreach ($permissions as $permission)
367	{
368	$where = l10n('The whole gallery');
369	if (isset($permission['category_id']))
370	{
371	$where = $name_of_category[ $permission['category_id'] ];
372	}
373
374	$who = l10n('any visitor');
375	if ('any_registered_user' == $permission['type'])
376	{
377	$who = l10n('any registered user');
378	}
379	elseif ('user' == $permission['type'])
380	{
381	$who = sprintf(
382	l10n('%s (the user)'),
383	$name_of_user[$permission['user_id']]
384	);
385	}
386	elseif ('group' == $permission['type'])
387	{
388	$who = sprintf(
389	l10n('%s (the group)'),
390	$name_of_group[$permission['group_id']]
391	);
392	}
393
394	$trust = l10n('low trust');
395	$trust_tooltip = l10n('uploaded photos must be validated by an administrator');
396	if ('false' == $permission['moderated'])
397	{
398	$trust = l10n('high trust');
399	$trust_tooltip = l10n('uploaded photos are directly displayed in the gallery');
400	}
401
402	$highlight = false;
403	if (isset($_GET['edit']) and $permission['id'] == $_GET['edit'])
404	{
405	$highlight = true;
406	}
407	if (isset($page['highlight']) and $permission['id'] == $page['highlight'])
408	{
409	$highlight = true;
410	}
411
412
413	$template->append(
414	'permissions',
415	array(
416	'WHO' => $who,
417	'WHERE' => $where,
418	'TRUST' => $trust,
419	'TRUST_TOOLTIP' => $trust_tooltip,
420	'RECURSIVE' => get_boolean($permission['recursive']),
421	'RECURSIVE_TOOLTIP' => l10n('Apply to sub-albums'),
422	'CREATE_SUBCATEGORIES' => get_boolean($permission['create_subcategories']),
423	'U_DELETE' => $admin_base_url.'&delete='.$permission['id'],
424	'U_EDIT' => $admin_base_url.'&edit='.$permission['id'],
425	'HIGHLIGHT' => $highlight,
426	)
427	);
428	}
429
430	// +-----------------------------------------------------------------------+
431	// \| sending html code \|
432	// +-----------------------------------------------------------------------+
433
434	$template->assign_var_from_handle('ADMIN_CONTENT', 'plugin_admin_content');
435	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: