Context Navigation

source: extensions/community/main.inc.php @ 10096

Last change on this file since 10096 was 10096, checked in by plg, 13 years ago

bug 2246 fixed: the new permission system (including moderation) works with
pLoader or any remote software using pwg.images.add or pwg.images.addSimple

For now, you can't create sub-albums and there is email notification to the
administrators.

File size: 13.0 KB

Line
1	<?php
2	/*
3	Plugin Name: Community
4	Version: auto
5	Description: Non admin users can add photos
6	Plugin URI: http://piwigo.org/ext/extension_view.php?eid=303
7	Author: plg
8	Author URI: http://piwigo.wordpress.com
9	*/
10
11	if (!defined('PHPWG_ROOT_PATH'))
12	{
13	die('Hacking attempt!');
14	}
15
16	define('COMMUNITY_PATH' , PHPWG_PLUGINS_PATH.basename(dirname(__FILE__)).'/');
17
18	global $prefixeTable;
19	define('COMMUNITY_PERMISSIONS_TABLE', $prefixeTable.'community_permissions');
20	define('COMMUNITY_PENDINGS_TABLE', $prefixeTable.'community_pendings');
21
22	include_once(COMMUNITY_PATH.'include/functions_community.inc.php');
23
24	/* Plugin admin */
25	add_event_handler('get_admin_plugin_menu_links', 'community_admin_menu');
26	function community_admin_menu($menu)
27	{
28	global $page;
29
30	$query = '
31	SELECT
32	COUNT(*)
33	FROM '.COMMUNITY_PENDINGS_TABLE.'
34	WHERE state = \'moderation_pending\'
35	;';
36	$result = pwg_query($query);
37	list($page['community_nb_pendings']) = pwg_db_fetch_row($result);
38
39	$name = 'Community';
40	if ($page['community_nb_pendings'] > 0)
41	{
42	$style = 'background-color:#666;';
43	$style.= 'color:white;';
44	$style.= 'padding:1px 5px;';
45	$style.= '-moz-border-radius:10px;';
46	$style.= '-webkit-border-radius:10px;';
47	$style.= '-border-radius:10px;';
48	$style.= 'margin-left:5px;';
49
50	$name.= '<span style="'.$style.'">'.$page['community_nb_pendings'].'</span>';
51
52	if (defined('IN_ADMIN') and IN_ADMIN and $page['page'] == 'intro')
53	{
54	global $template;
55
56	$template->set_prefilter('intro', 'community_pendings_on_intro');
57	$template->assign(
58	array(
59	'COMMUNITY_PENDINGS' => sprintf(
60	'<a href="%s">'.l10n('%u pending photos').'</a>',
61	get_root_url().'admin.php?page=plugin-community-pendings',
62	$page['community_nb_pendings']
63	),
64	)
65	);
66	}
67	}
68
69	array_push(
70	$menu,
71	array(
72	'NAME' => $name,
73	'URL' => get_root_url().'admin.php?page=plugin-community'
74	)
75	);
76
77	return $menu;
78	}
79
80	function community_pendings_on_intro($content, &$smarty)
81	{
82	$pattern = '#<li>\s*{\$DB_ELEMENTS\}#ms';
83	$replacement = '<li>{$COMMUNITY_PENDINGS}</li><li>{$DB_ELEMENTS}';
84	return preg_replace($pattern, $replacement, $content);
85	}
86
87	add_event_handler('init', 'community_load_language');
88	function community_load_language()
89	{
90	if (!defined('IN_ADMIN') or !IN_ADMIN)
91	{
92	load_language('admin.lang');
93	}
94
95	load_language('plugin.lang', COMMUNITY_PATH);
96	}
97
98
99	add_event_handler('loc_end_section_init', 'community_section_init');
100	function community_section_init()
101	{
102	global $tokens, $page;
103
104	if ($tokens[0] == 'add_photos')
105	{
106	$page['section'] = 'add_photos';
107	}
108	}
109
110	add_event_handler('loc_end_index', 'community_index');
111	function community_index()
112	{
113	global $page;
114
115	if (isset($page['section']) and $page['section'] == 'add_photos')
116	{
117	include(COMMUNITY_PATH.'add_photos.php');
118	}
119	}
120
121	add_event_handler('blockmanager_apply' , 'community_gallery_menu');
122	function community_gallery_menu($menu_ref_arr)
123	{
124	global $conf, $user;
125
126	// conditional : depending on community permissions, display the "Add
127	// photos" link in the gallery menu
128	$user_permissions = community_get_user_permissions($user['id']);
129
130	if (count($user_permissions['upload_categories']) == 0 and !$user_permissions ['create_whole_gallery'])
131	{
132	return;
133	}
134
135	$menu = & $menu_ref_arr[0];
136
137	if (($block = $menu->get_block('mbMenu')) != null )
138	{
139	load_language('plugin.lang', COMMUNITY_PATH);
140
141	array_splice(
142	$block->data,
143	count($block->data),
144	0,
145	array(
146	'' => array(
147	'URL' => make_index_url(array('section' => 'add_photos')),
148	'TITLE' => l10n('Upload your own photos'),
149	'NAME' => l10n('Upload Photos')
150	)
151	)
152	);
153	}
154	}
155
156
157	add_event_handler('ws_invoke_allowed', 'community_switch_user_to_admin', EVENT_HANDLER_PRIORITY_NEUTRAL, 3);
158	function community_switch_user_to_admin($res, $methodName, $params)
159	{
160	global $user, $community;
161
162	if (is_admin())
163	{
164	return $res;
165	}
166
167	$community = array('method' => $methodName);
168
169	if ('pwg.images.addSimple' == $community['method'])
170	{
171	$community['category'] = $params['category'];
172	}
173	elseif ('pwg.images.add' == $community['method'])
174	{
175	$community['category'] = $params['categories'];
176	$community['md5sum'] = $params['original_sum'];
177	}
178
179	// $print_params = $params;
180	// unset($print_params['data']);
181	// file_put_contents('/tmp/community.log', '['.$methodName.'] '.json_encode($print_params)."\n" ,FILE_APPEND);
182
183	// conditional : depending on community permissions, display the "Add
184	// photos" link in the gallery menu
185	$user_permissions = community_get_user_permissions($user['id']);
186
187	if (count($user_permissions['upload_categories']) == 0 and !$user_permissions ['create_whole_gallery'])
188	{
189	return $res;
190	}
191
192	// if level of trust is low, then we have to set level to 16
193
194	$methods = array();
195	$methods[] = 'pwg.tags.add';
196	$methods[] = 'pwg.images.exist';
197	$methods[] = 'pwg.images.add';
198	$methods[] = 'pwg.images.addSimple';
199	$methods[] = 'pwg.images.addChunk';
200	$methods[] = 'pwg.images.checkUpload';
201	$methods[] = 'pwg.images.checkFiles';
202	$methods[] = 'pwg.images.setInfo';
203
204	// TODO ability to create sub-albums with the web API
205	$methods_creates = array(
206	'pwg.categories.add',
207	'pwg.categories.setInfo',
208	);
209
210	if (in_array($methodName, $methods))
211	{
212	$user['status'] = 'admin';
213	}
214
215	return $res;
216	}
217
218	add_event_handler('ws_add_methods', 'community_ws_replace_methods', EVENT_HANDLER_PRIORITY_NEUTRAL+5);
219	function community_ws_replace_methods($arr)
220	{
221	global $conf, $user;
222
223	$service = &$arr[0];
224
225	if (is_admin())
226	{
227	return;
228	}
229
230	$user_permissions = community_get_user_permissions($user['id']);
231
232	if (count($user_permissions['permission_ids']) == 0)
233	{
234	return;
235	}
236
237	// the plugin Community is activated, the user has upload permissions, we
238	// use a specific function to list available categories, assuming the use
239	// want to list categories where upload is possible for him
240
241	$service->addMethod(
242	'pwg.categories.getList',
243	'community_ws_categories_getList',
244	array(
245	'cat_id' => array('default'=>0),
246	'recursive' => array('default'=>false),
247	'public' => array('default'=>false),
248	),
249	'retrieves a list of categories'
250	);
251
252	$service->addMethod(
253	'pwg.tags.getAdminList',
254	'community_ws_tags_getAdminList',
255	array(),
256	'administration method only'
257	);
258	}
259
260	/**
261	* returns a list of categories (web service method)
262	*/
263	function community_ws_categories_getList($params, &$service)
264	{
265	global $user, $conf;
266
267	$where = array('1=1');
268	$join_type = 'LEFT';
269	$join_user = $user['id'];
270
271	if (!$params['recursive'])
272	{
273	if ($params['cat_id']>0)
274	$where[] = '(id_uppercat='.(int)($params['cat_id']).'
275	OR id='.(int)($params['cat_id']).')';
276	else
277	$where[] = 'id_uppercat IS NULL';
278	}
279	else if ($params['cat_id']>0)
280	{
281	$where[] = 'uppercats '.DB_REGEX_OPERATOR.' \'(^\|,)'.
282	(int)($params['cat_id'])
283	.'(,\|$)\'';
284	}
285
286	if ($params['public'])
287	{
288	$where[] = 'status = "public"';
289	$where[] = 'visible = "true"';
290
291	$join_user = $conf['guest_id'];
292	}
293
294	$user_permissions = community_get_user_permissions($user['id']);
295	$upload_categories = $user_permissions['upload_categories'];
296	if (count($upload_categories) == 0)
297	{
298	$upload_categories = array(-1);
299	}
300
301	$where[] = 'id IN ('.implode(',', $upload_categories).')';
302
303	$query = '
304	SELECT
305	id,
306	name,
307	permalink,
308	uppercats,
309	global_rank,
310	comment,
311	nb_images,
312	count_images AS total_nb_images,
313	date_last,
314	max_date_last,
315	count_categories AS nb_categories
316	FROM '.CATEGORIES_TABLE.'
317	'.$join_type.' JOIN '.USER_CACHE_CATEGORIES_TABLE.' ON id=cat_id AND user_id='.$join_user.'
318	WHERE '. implode('
319	AND ', $where);
320
321	$result = pwg_query($query);
322
323	$cats = array();
324	while ($row = pwg_db_fetch_assoc($result))
325	{
326	$row['url'] = make_index_url(
327	array(
328	'category' => $row
329	)
330	);
331	foreach( array('id','nb_images','total_nb_images','nb_categories') as $key)
332	{
333	$row[$key] = (int)$row[$key];
334	}
335
336	$row['name'] = strip_tags(
337	trigger_event(
338	'render_category_name',
339	$row['name'],
340	'ws_categories_getList'
341	)
342	);
343
344	$row['comment'] = strip_tags(
345	trigger_event(
346	'render_category_description',
347	$row['comment'],
348	'ws_categories_getList'
349	)
350	);
351
352	array_push($cats, $row);
353	}
354	usort($cats, 'global_rank_compare');
355	return array(
356	'categories' => new PwgNamedArray(
357	$cats,
358	'category',
359	array(
360	'id',
361	'url',
362	'nb_images',
363	'total_nb_images',
364	'nb_categories',
365	'date_last',
366	'max_date_last',
367	)
368	)
369	);
370	}
371
372	function community_ws_tags_getAdminList($params, &$service)
373	{
374	$tags = get_available_tags();
375
376	// keep orphan tags
377	include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
378	$orphan_tags = get_orphan_tags();
379	if (count($orphan_tags) > 0)
380	{
381	$orphan_tag_ids = array();
382	foreach ($orphan_tags as $tag)
383	{
384	$orphan_tag_ids[] = $tag['id'];
385	}
386
387	$query = '
388	SELECT *
389	FROM '.TAGS_TABLE.'
390	WHERE id IN ('.implode(',', $orphan_tag_ids).')
391	;';
392	$result = pwg_query($query);
393	while ($row = pwg_db_fetch_assoc($result))
394	{
395	$tags[] = $row;
396	}
397	}
398
399	usort($tags, 'tag_alpha_compare');
400
401	return array(
402	'tags' => new PwgNamedArray(
403	$tags,
404	'tag',
405	array(
406	'name',
407	'id',
408	'url_name',
409	)
410	)
411	);
412	}
413
414	add_event_handler('sendResponse', 'community_sendResponse');
415	function community_sendResponse($encodedResponse)
416	{
417	global $community, $user;
418
419	if (!isset($community['method']))
420	{
421	return;
422	}
423
424	if ('pwg.images.addSimple' == $community['method'])
425	{
426	$response = json_decode($encodedResponse);
427	$image_id = $response->result->image_id;
428	}
429	elseif ('pwg.images.add' == $community['method'])
430	{
431	$query = '
432	SELECT
433	id
434	FROM '.IMAGES_TABLE.'
435	WHERE md5sum = \''.$community['md5sum'].'\'
436	ORDER BY id DESC
437	LIMIT 1
438	;';
439	list($image_id) = pwg_db_fetch_row(pwg_query($query));
440	}
441	else
442	{
443	return;
444	}
445
446	$image_ids = array($image_id);
447
448	// $category_id is set in the photos_add_direct_process.inc.php included script
449	$category_infos = get_cat_info($community['category']);
450
451	// should the photos be moderated?
452	//
453	// if one of the user community permissions is not moderated on the path
454	// to gallery root, then the upload is not moderated. For example, if the
455	// user is allowed to upload to events/parties with no admin moderation,
456	// then he's not moderated when uploading in
457	// events/parties/happyNewYear2011
458	$moderate = true;
459
460	$user_permissions = community_get_user_permissions($user['id']);
461	$query = '
462	SELECT
463	cp.category_id,
464	c.uppercats
465	FROM '.COMMUNITY_PERMISSIONS_TABLE.' AS cp
466	LEFT JOIN '.CATEGORIES_TABLE.' AS c ON category_id = c.id
467	WHERE cp.id IN ('.implode(',', $user_permissions['permission_ids']).')
468	AND cp.moderated = \'false\'
469	;';
470	$result = pwg_query($query);
471	while ($row = pwg_db_fetch_assoc($result))
472	{
473	if (empty($row['category_id']))
474	{
475	$moderate = false;
476	}
477	elseif (preg_match('/^'.$row['uppercats'].'(,\|$)/', $category_infos['uppercats']))
478	{
479	$moderate = false;
480	}
481	}
482
483	if ($moderate)
484	{
485	$inserts = array();
486
487	$query = '
488	SELECT
489	id,
490	date_available
491	FROM '.IMAGES_TABLE.'
492	WHERE id IN ('.implode(',', $image_ids).')
493	;';
494	$result = pwg_query($query);
495	while ($row = pwg_db_fetch_assoc($result))
496	{
497	array_push(
498	$inserts,
499	array(
500	'image_id' => $row['id'],
501	'added_on' => $row['date_available'],
502	'state' => 'moderation_pending',
503	)
504	);
505	}
506
507	mass_inserts(
508	COMMUNITY_PENDINGS_TABLE,
509	array_keys($inserts[0]),
510	$inserts
511	);
512
513	// the level of a user upload photo with moderation is 16
514	$level = 16;
515	}
516	else
517	{
518	// the level of a user upload photo with no moderation is 0
519	$level = 0;
520	}
521
522	$query = '
523	UPDATE '.IMAGES_TABLE.'
524	SET level = '.$level.'
525	WHERE id IN ('.implode(',', $image_ids).')
526	;';
527	pwg_query($query);
528
529	invalidate_user_cache();
530	}
531
532	add_event_handler('delete_user', 'community_delete_user');
533	function community_delete_user($user_id)
534	{
535	$query = '
536	DELETE
537	FROM '.COMMUNITY_PERMISSIONS_TABLE.'
538	WHERE user_id = '.$user_id.'
539	;';
540	pwg_query($query);
541
542	community_reject_user_pendings($user_id);
543	}
544
545	add_event_handler('delete_categories', 'community_delete_category');
546	function community_delete_category($category_ids)
547	{
548	// $category_ids includes all the sub-category ids
549	$query = '
550	DELETE
551	FROM '.COMMUNITY_PERMISSIONS_TABLE.'
552	WHERE category_id IN ('.implode(',', $category_ids).')
553	;';
554	pwg_query($query);
555
556	community_update_cache_key();
557	}
558
559	add_event_handler('invalidate_user_cache', 'community_refresh_cache_update_time');
560	function community_refresh_cache_update_time()
561	{
562	community_update_cache_key();
563	}
564	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: