source: extensions/community/main.inc.php @ 11217

Revision 10096, 13.0 KB checked in by plg, 9 years ago (diff)

bug 2246 fixed: the new permission system (including moderation) works with
pLoader or any remote software using pwg.images.add or pwg.images.addSimple

For now, you can't create sub-albums and there is email notification to the
administrators.

Line 
1<?php
2/*
3Plugin Name: Community
4Version: auto
5Description: Non admin users can add photos
6Plugin URI: http://piwigo.org/ext/extension_view.php?eid=303
7Author: plg
8Author URI: http://piwigo.wordpress.com
9*/
10
11if (!defined('PHPWG_ROOT_PATH'))
12{
13  die('Hacking attempt!');
14}
15
16define('COMMUNITY_PATH' , PHPWG_PLUGINS_PATH.basename(dirname(__FILE__)).'/');
17
18global $prefixeTable;
19define('COMMUNITY_PERMISSIONS_TABLE', $prefixeTable.'community_permissions');
20define('COMMUNITY_PENDINGS_TABLE', $prefixeTable.'community_pendings');
21
22include_once(COMMUNITY_PATH.'include/functions_community.inc.php');
23
24/* Plugin admin */
25add_event_handler('get_admin_plugin_menu_links', 'community_admin_menu');
26function community_admin_menu($menu)
27{
28  global $page;
29 
30  $query = '
31SELECT
32    COUNT(*)
33  FROM '.COMMUNITY_PENDINGS_TABLE.'
34  WHERE state = \'moderation_pending\'
35;';
36  $result = pwg_query($query);
37  list($page['community_nb_pendings']) = pwg_db_fetch_row($result);
38
39  $name = 'Community';
40  if ($page['community_nb_pendings'] > 0)
41  {
42    $style = 'background-color:#666;';
43    $style.= 'color:white;';
44    $style.= 'padding:1px 5px;';
45    $style.= '-moz-border-radius:10px;';
46    $style.= '-webkit-border-radius:10px;';
47    $style.= '-border-radius:10px;';
48    $style.= 'margin-left:5px;';
49   
50    $name.= '<span style="'.$style.'">'.$page['community_nb_pendings'].'</span>';
51
52    if (defined('IN_ADMIN') and IN_ADMIN and $page['page'] == 'intro')
53    {
54      global $template;
55     
56      $template->set_prefilter('intro', 'community_pendings_on_intro');
57      $template->assign(
58        array(
59          'COMMUNITY_PENDINGS' => sprintf(
60            '<a href="%s">'.l10n('%u pending photos').'</a>',
61            get_root_url().'admin.php?page=plugin-community-pendings',
62            $page['community_nb_pendings']
63            ),
64          )
65        );
66    }
67  }
68
69  array_push(
70    $menu,
71    array(
72      'NAME' => $name,
73      'URL'  => get_root_url().'admin.php?page=plugin-community'
74      )
75    );
76
77  return $menu;
78}
79
80function community_pendings_on_intro($content, &$smarty)
81{
82  $pattern = '#<li>\s*{\$DB_ELEMENTS\}#ms';
83  $replacement = '<li>{$COMMUNITY_PENDINGS}</li><li>{$DB_ELEMENTS}';
84  return preg_replace($pattern, $replacement, $content);
85}
86
87add_event_handler('init', 'community_load_language');
88function community_load_language()
89{
90  if (!defined('IN_ADMIN') or !IN_ADMIN)
91  {
92    load_language('admin.lang');
93  }
94 
95  load_language('plugin.lang', COMMUNITY_PATH);
96}
97
98
99add_event_handler('loc_end_section_init', 'community_section_init');
100function community_section_init()
101{
102  global $tokens, $page;
103 
104  if ($tokens[0] == 'add_photos')
105  {
106    $page['section'] = 'add_photos';
107  }
108}
109
110add_event_handler('loc_end_index', 'community_index');
111function community_index()
112{
113  global $page;
114 
115  if (isset($page['section']) and $page['section'] == 'add_photos')
116  {
117    include(COMMUNITY_PATH.'add_photos.php');
118  }
119}
120
121add_event_handler('blockmanager_apply' , 'community_gallery_menu');
122function community_gallery_menu($menu_ref_arr)
123{
124  global $conf, $user;
125
126  // conditional : depending on community permissions, display the "Add
127  // photos" link in the gallery menu
128  $user_permissions = community_get_user_permissions($user['id']);
129
130  if (count($user_permissions['upload_categories']) == 0 and !$user_permissions ['create_whole_gallery'])
131  {
132    return;
133  }
134
135  $menu = & $menu_ref_arr[0];
136
137  if (($block = $menu->get_block('mbMenu')) != null )
138  {
139    load_language('plugin.lang', COMMUNITY_PATH);
140
141    array_splice(
142      $block->data,
143      count($block->data),
144      0,
145      array(
146        '' => array(
147          'URL' => make_index_url(array('section' => 'add_photos')),
148          'TITLE' => l10n('Upload your own photos'),
149          'NAME' => l10n('Upload Photos')
150          )
151        )
152      );
153  }
154}
155
156
157add_event_handler('ws_invoke_allowed', 'community_switch_user_to_admin', EVENT_HANDLER_PRIORITY_NEUTRAL, 3);
158function community_switch_user_to_admin($res, $methodName, $params)
159{
160  global $user, $community;
161
162  if (is_admin())
163  {
164    return $res;
165  }
166 
167  $community = array('method' => $methodName);
168
169  if ('pwg.images.addSimple' == $community['method'])
170  {
171    $community['category'] = $params['category'];
172  }
173  elseif ('pwg.images.add' == $community['method'])
174  {
175    $community['category'] = $params['categories'];
176    $community['md5sum'] = $params['original_sum'];
177  }
178
179  // $print_params = $params;
180  // unset($print_params['data']);
181  // file_put_contents('/tmp/community.log', '['.$methodName.'] '.json_encode($print_params)."\n" ,FILE_APPEND);
182
183  // conditional : depending on community permissions, display the "Add
184  // photos" link in the gallery menu
185  $user_permissions = community_get_user_permissions($user['id']);
186
187  if (count($user_permissions['upload_categories']) == 0 and !$user_permissions ['create_whole_gallery'])
188  {
189    return $res;
190  }
191
192  // if level of trust is low, then we have to set level to 16
193
194  $methods = array();
195  $methods[] = 'pwg.tags.add';
196  $methods[] = 'pwg.images.exist';
197  $methods[] = 'pwg.images.add';
198  $methods[] = 'pwg.images.addSimple';
199  $methods[] = 'pwg.images.addChunk';
200  $methods[] = 'pwg.images.checkUpload';
201  $methods[] = 'pwg.images.checkFiles';
202  $methods[] = 'pwg.images.setInfo';
203
204  // TODO ability to create sub-albums with the web API
205  $methods_creates = array(
206    'pwg.categories.add',
207    'pwg.categories.setInfo',
208    );
209   
210  if (in_array($methodName, $methods))
211  {
212    $user['status'] = 'admin';
213  }
214
215  return $res;
216}
217
218add_event_handler('ws_add_methods', 'community_ws_replace_methods', EVENT_HANDLER_PRIORITY_NEUTRAL+5);
219function community_ws_replace_methods($arr)
220{
221  global $conf, $user;
222 
223  $service = &$arr[0];
224
225  if (is_admin())
226  {
227    return;
228  }
229
230  $user_permissions = community_get_user_permissions($user['id']);
231 
232  if (count($user_permissions['permission_ids']) == 0)
233  {
234    return;
235  }
236 
237  // the plugin Community is activated, the user has upload permissions, we
238  // use a specific function to list available categories, assuming the use
239  // want to list categories where upload is possible for him
240 
241  $service->addMethod(
242    'pwg.categories.getList',
243    'community_ws_categories_getList',
244    array(
245      'cat_id' => array('default'=>0),
246      'recursive' => array('default'=>false),
247      'public' => array('default'=>false),
248      ),
249    'retrieves a list of categories'
250    );
251 
252  $service->addMethod(
253    'pwg.tags.getAdminList',
254    'community_ws_tags_getAdminList',
255    array(),
256    'administration method only'
257    );
258}
259
260/**
261 * returns a list of categories (web service method)
262 */
263function community_ws_categories_getList($params, &$service)
264{
265  global $user, $conf;
266
267  $where = array('1=1');
268  $join_type = 'LEFT';
269  $join_user = $user['id'];
270
271  if (!$params['recursive'])
272  {
273    if ($params['cat_id']>0)
274      $where[] = '(id_uppercat='.(int)($params['cat_id']).'
275    OR id='.(int)($params['cat_id']).')';
276    else
277      $where[] = 'id_uppercat IS NULL';
278  }
279  else if ($params['cat_id']>0)
280  {
281    $where[] = 'uppercats '.DB_REGEX_OPERATOR.' \'(^|,)'.
282      (int)($params['cat_id'])
283      .'(,|$)\'';
284  }
285
286  if ($params['public'])
287  {
288    $where[] = 'status = "public"';
289    $where[] = 'visible = "true"';
290   
291    $join_user = $conf['guest_id'];
292  }
293
294  $user_permissions = community_get_user_permissions($user['id']);
295  $upload_categories = $user_permissions['upload_categories'];
296  if (count($upload_categories) == 0)
297  {
298    $upload_categories = array(-1);
299  }
300
301  $where[] = 'id IN ('.implode(',', $upload_categories).')';
302
303  $query = '
304SELECT
305    id,
306    name,
307    permalink,
308    uppercats,
309    global_rank,
310    comment,
311    nb_images,
312    count_images AS total_nb_images,
313    date_last,
314    max_date_last,
315    count_categories AS nb_categories
316  FROM '.CATEGORIES_TABLE.'
317   '.$join_type.' JOIN '.USER_CACHE_CATEGORIES_TABLE.' ON id=cat_id AND user_id='.$join_user.'
318  WHERE '. implode('
319    AND ', $where);
320
321  $result = pwg_query($query);
322
323  $cats = array();
324  while ($row = pwg_db_fetch_assoc($result))
325  {
326    $row['url'] = make_index_url(
327        array(
328          'category' => $row
329          )
330      );
331    foreach( array('id','nb_images','total_nb_images','nb_categories') as $key)
332    {
333      $row[$key] = (int)$row[$key];
334    }
335
336    $row['name'] = strip_tags(
337      trigger_event(
338        'render_category_name',
339        $row['name'],
340        'ws_categories_getList'
341        )
342      );
343   
344    $row['comment'] = strip_tags(
345      trigger_event(
346        'render_category_description',
347        $row['comment'],
348        'ws_categories_getList'
349        )
350      );
351   
352    array_push($cats, $row);
353  }
354  usort($cats, 'global_rank_compare');
355  return array(
356    'categories' => new PwgNamedArray(
357      $cats,
358      'category',
359      array(
360        'id',
361        'url',
362        'nb_images',
363        'total_nb_images',
364        'nb_categories',
365        'date_last',
366        'max_date_last',
367        )
368      )
369    );
370}
371
372function community_ws_tags_getAdminList($params, &$service)
373{
374  $tags = get_available_tags();
375
376  // keep orphan tags
377  include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
378  $orphan_tags = get_orphan_tags();
379  if (count($orphan_tags) > 0)
380  {
381    $orphan_tag_ids = array();
382    foreach ($orphan_tags as $tag)
383    {
384      $orphan_tag_ids[] = $tag['id'];
385    }
386   
387    $query = '
388SELECT *
389  FROM '.TAGS_TABLE.'
390  WHERE id IN ('.implode(',', $orphan_tag_ids).')
391;';
392    $result = pwg_query($query);
393    while ($row = pwg_db_fetch_assoc($result))
394    {
395      $tags[] = $row;
396    }
397  }
398
399  usort($tags, 'tag_alpha_compare');
400 
401  return array(
402    'tags' => new PwgNamedArray(
403      $tags,
404      'tag',
405      array(
406        'name',
407        'id',
408        'url_name',
409        )
410      )
411    );
412}
413
414add_event_handler('sendResponse', 'community_sendResponse');
415function community_sendResponse($encodedResponse)
416{
417  global $community, $user;
418
419  if (!isset($community['method']))
420  {
421    return;
422  }
423
424  if ('pwg.images.addSimple' == $community['method'])
425  {
426    $response = json_decode($encodedResponse);
427    $image_id = $response->result->image_id;
428  }
429  elseif ('pwg.images.add' == $community['method'])
430  {   
431    $query = '
432SELECT
433    id
434  FROM '.IMAGES_TABLE.'
435  WHERE md5sum = \''.$community['md5sum'].'\'
436  ORDER BY id DESC
437  LIMIT 1
438;';
439    list($image_id) = pwg_db_fetch_row(pwg_query($query));
440  }
441  else
442  {
443    return;
444  }
445 
446  $image_ids = array($image_id);
447
448  // $category_id is set in the photos_add_direct_process.inc.php included script
449  $category_infos = get_cat_info($community['category']);
450
451  // should the photos be moderated?
452  //
453  // if one of the user community permissions is not moderated on the path
454  // to gallery root, then the upload is not moderated. For example, if the
455  // user is allowed to upload to events/parties with no admin moderation,
456  // then he's not moderated when uploading in
457  // events/parties/happyNewYear2011
458  $moderate = true;
459
460  $user_permissions = community_get_user_permissions($user['id']);
461  $query = '
462SELECT
463    cp.category_id,
464    c.uppercats
465  FROM '.COMMUNITY_PERMISSIONS_TABLE.' AS cp
466    LEFT JOIN '.CATEGORIES_TABLE.' AS c ON category_id = c.id
467  WHERE cp.id IN ('.implode(',', $user_permissions['permission_ids']).')
468    AND cp.moderated = \'false\'
469;';
470  $result = pwg_query($query);
471  while ($row = pwg_db_fetch_assoc($result))
472  {
473    if (empty($row['category_id']))
474    {
475      $moderate = false;
476    }
477    elseif (preg_match('/^'.$row['uppercats'].'(,|$)/', $category_infos['uppercats']))
478    {
479      $moderate = false;
480    }
481  }
482 
483  if ($moderate)
484  {
485    $inserts = array();
486
487    $query = '
488SELECT
489    id,
490    date_available
491  FROM '.IMAGES_TABLE.'
492  WHERE id IN ('.implode(',', $image_ids).')
493;';
494    $result = pwg_query($query);
495    while ($row = pwg_db_fetch_assoc($result))
496    {
497      array_push(
498        $inserts,
499        array(
500          'image_id' => $row['id'],
501          'added_on' => $row['date_available'],
502          'state' => 'moderation_pending',
503          )
504        );
505    }
506   
507    mass_inserts(
508      COMMUNITY_PENDINGS_TABLE,
509      array_keys($inserts[0]),
510      $inserts
511      );
512   
513    // the level of a user upload photo with moderation is 16
514    $level = 16;
515  }
516  else
517  {
518    // the level of a user upload photo with no moderation is 0
519    $level = 0;
520  }
521
522  $query = '
523UPDATE '.IMAGES_TABLE.'
524  SET level = '.$level.'
525  WHERE id IN ('.implode(',', $image_ids).')
526;';
527  pwg_query($query);
528
529  invalidate_user_cache();
530}
531
532add_event_handler('delete_user', 'community_delete_user');
533function community_delete_user($user_id)
534{
535  $query = '
536DELETE
537  FROM '.COMMUNITY_PERMISSIONS_TABLE.'
538  WHERE user_id = '.$user_id.'
539;';
540  pwg_query($query);
541
542  community_reject_user_pendings($user_id);
543}
544
545add_event_handler('delete_categories', 'community_delete_category');
546function community_delete_category($category_ids)
547{
548  // $category_ids includes all the sub-category ids
549  $query = '
550DELETE
551  FROM '.COMMUNITY_PERMISSIONS_TABLE.'
552  WHERE category_id IN ('.implode(',', $category_ids).')
553;';
554  pwg_query($query);
555 
556  community_update_cache_key();
557}
558
559add_event_handler('invalidate_user_cache', 'community_refresh_cache_update_time');
560function community_refresh_cache_update_time()
561{
562  community_update_cache_key();
563}
564?>
Note: See TracBrowser for help on using the repository browser.