[6603] | 1 | <?php |
---|
| 2 | /* Virtual AutoGrant */ |
---|
| 3 | if (!defined('PHPWG_ROOT_PATH') or !defined('VAG_DIR')) die('Hacking attempt!'); |
---|
[6610] | 4 | global $conf; |
---|
| 5 | include_once( VAG_PATH . 'VAG_default.php'); |
---|
[6603] | 6 | |
---|
[6650] | 7 | // Internal case |
---|
| 8 | if ( defined('IN_ADMIN') and IN_ADMIN and !function_exists( 'VAG_internal_add_case' ) ) { |
---|
| 9 | add_event_handler('invalidate_user_cache', 'VAG_internal_add_case', 21 ); |
---|
| 10 | function VAG_internal_add_case($full) { |
---|
| 11 | if ( !defined('PHOTOS_ADD_BASE_URL') ) return false; # Nothing else to do |
---|
| 12 | global $conf, $user, $page, $category_id, $image_ids, $category_name; |
---|
| 13 | load_language('plugin.lang', VAG_PATH); |
---|
| 14 | $vag = & $conf['virtual_AutoGrant']; |
---|
| 15 | # Note: don't change it if existing |
---|
| 16 | if ( 'new' == $_POST['category_type'] ) { |
---|
| 17 | if ( $vag['set_private'] == 1 ) set_cat_status(array($category_id), 'private'); |
---|
| 18 | else set_cat_status(array($category_id), 'public'); |
---|
| 19 | if ( $vag['grant_to_creator'] == 1 ) $insert[] = array('user_id' => $user['id'], 'cat_id' => $category_id); |
---|
| 20 | if ( $user['id'] != $conf['webmaster_id'] and $vag['grant_to_webmaster'] == 1 ) |
---|
| 21 | $insert[] = array('user_id' => $conf['webmaster_id'], 'cat_id' => $category_id); |
---|
| 22 | if ( $vag['grant_to_creator'] == 1 or $vag['grant_to_webmaster'] == 1 and $vag['set_private'] == 1 ) |
---|
[6610] | 23 | mass_inserts(USER_ACCESS_TABLE, array('user_id','cat_id'), $insert); |
---|
[6650] | 24 | array_push( $page['infos'], sprintf( l10n('You have got a private access to %s'), '<em>'.$category_name.'</em>') ); |
---|
| 25 | } |
---|
| 26 | // Who can see New image_ids |
---|
| 27 | if (count($image_ids) == 0) return true; |
---|
| 28 | if ( $vag['set_who_can_see'] == 0 ) return true; |
---|
| 29 | if ( is_webmaster() and $vag['webmaster_set_who_can_see'] == 1) return true; |
---|
| 30 | // New image_ids which are associated to a public category at least |
---|
| 31 | if ($vag['ignore_who_can_see_on_private'] == 1) |
---|
| 32 | $image_ids = array_from_query('SELECT image_id FROM ' . IMAGE_CATEGORY_TABLE |
---|
| 33 | . ' WHERE category_id IN (SELECT id FROM ' . CATEGORIES_TABLE . ' WHERE status = \'public\')' |
---|
| 34 | . ' AND image_id IN ('.implode(',', $image_ids).');'); |
---|
| 35 | if (count($image_ids) > 0) { |
---|
[6619] | 36 | $r = pwg_query('UPDATE '.IMAGES_TABLE.' SET level = ' . $user['level'] . ' WHERE level < '. $user['level'] |
---|
[6650] | 37 | . ' AND id IN ('.implode(',', $image_ids).');'); |
---|
| 38 | array_push( $page['infos'], |
---|
| 39 | l10n_dec( 'Virtual AutoGrant has forced "Who can see" on %d image', |
---|
| 40 | 'Virtual AutoGrant has forced "Who can see" on %d images', |
---|
| 41 | pwg_db_changes($r) ) . ' - ' . |
---|
| 42 | sprintf( l10n('Privacy level set to "%s"'), l10n( sprintf('Level %d', $user['level']) ) ) |
---|
| 43 | ); |
---|
[6610] | 44 | } |
---|
[6650] | 45 | return true; |
---|
[6610] | 46 | } |
---|
| 47 | } |
---|
| 48 | |
---|
[6613] | 49 | // API cases : Just do it |
---|
[6650] | 50 | if ( !function_exists( 'VAG_add_case_by_API' ) ) { |
---|
| 51 | add_event_handler('invalidate_user_cache', 'VAG_add_case_by_API', 22 ); |
---|
[6610] | 52 | |
---|
[6650] | 53 | function VAG_add_case_by_API($full) { |
---|
[6610] | 54 | if ( !function_exists( 'ws_categories_add' ) ) return false; // That isn't an API request |
---|
[6613] | 55 | global $user, $conf; |
---|
| 56 | $vag = & $conf['virtual_AutoGrant']; |
---|
| 57 | if ( isset($_REQUEST['method']) and $_REQUEST['method'] == 'pwg.categories.add' ) { |
---|
[6603] | 58 | list($inserted_id) = pwg_db_fetch_row(pwg_query('SELECT MAX(id) FROM '.CATEGORIES_TABLE |
---|
[6610] | 59 | . ' WHERE name = \'' .pwg_db_real_escape_string($_REQUEST['name']) . '\' AND site_id IS NULL;')); |
---|
| 60 | # Note: AND site_id IS NULL because synchro could be running in // |
---|
| 61 | if ( $vag['set_private_by_API'] == 1 ) set_cat_status(array($inserted_id), 'private'); |
---|
| 62 | else set_cat_status(array($inserted_id), 'public'); |
---|
| 63 | if ( ($vag['grant_to_creator'] == 1 or $vag['grant_to_webmaster'] == 1 ) and $vag['set_private_by_API'] == 1 ) { |
---|
| 64 | if ( $vag['grant_to_creator'] == 1 ) $insert[] = array('user_id' => $user['id'], 'cat_id' => $inserted_id); |
---|
| 65 | if ( $user['id'] != $conf['webmaster_id'] and $vag['grant_to_webmaster'] == 1 ) |
---|
| 66 | $insert[] = array('user_id' => $conf['webmaster_id'], 'cat_id' => $inserted_id); |
---|
| 67 | mass_inserts(USER_ACCESS_TABLE, array('user_id','cat_id'), $insert); |
---|
| 68 | } |
---|
[6603] | 69 | } |
---|
[6610] | 70 | // "Who can see" management ( only for API, Synchro or old HTTP management on gallery side are ignored ) |
---|
[6613] | 71 | if ( isset($_REQUEST['method']) and $_REQUEST['method'] == 'pwg.images.add' and isset($_REQUEST['original_sum']) |
---|
[6610] | 72 | and $vag['set_who_can_see'] == 1 ) { |
---|
[6603] | 73 | # image to update |
---|
| 74 | if ('md5sum' == $conf['uniqueness_mode']) $where_clause = "md5sum = '".pwg_db_real_escape_string($_REQUEST['original_sum'])."'"; |
---|
| 75 | if ('filename' == $conf['uniqueness_mode'] and isset($_REQUEST['original_filename']) ) |
---|
| 76 | $where_clause = "file = '".pwg_db_real_escape_string($_REQUEST['original_filename'])."'"; |
---|
[6610] | 77 | if ( !isset($where_clause) or (is_webmaster() and $vag['webmaster_set_who_can_see'] == 1) ) return false; |
---|
| 78 | if ( $user['level'] == $conf['available_permission_levels'][0] ) return false; // Non privacy level won't force it |
---|
| 79 | if (!isset($_REQUEST['categories'])) return false; |
---|
| 80 | $tokens = explode(';', pwg_db_real_escape_string($_REQUEST['categories'])); |
---|
| 81 | $cat_ids = array(); |
---|
| 82 | foreach ($tokens as $token) { |
---|
| 83 | list($cat_id) = explode(',', $token); |
---|
| 84 | if (!preg_match('/^\d+$/', $cat_id)) continue; |
---|
| 85 | array_push($cat_ids, $cat_id); |
---|
| 86 | } |
---|
| 87 | $cat_ids = array_unique($cat_ids); |
---|
| 88 | if (count($cat_ids) != 0) $w = ' AND id IN ('.implode(',', $cat_ids).')'; else $w =''; |
---|
| 89 | list($count_public_cat) = pwg_db_fetch_row(pwg_query('SELECT count(*) FROM '.CATEGORIES_TABLE |
---|
| 90 | . ' WHERE status = \'public\' ' . $w . ' AND site_id IS NULL;')); |
---|
| 91 | // No public category = all are private => maybe we can ignore "Who can see" |
---|
| 92 | if ( $count_public_cat == 0 and $vag['ignore_who_can_see_on_private'] == 1 ) return false; |
---|
[6603] | 93 | $r = pwg_query('UPDATE '.IMAGES_TABLE.' SET level = ' . $user['level'] . ' WHERE level < '. $user['level'] |
---|
| 94 | .' AND ' . $where_clause . ';'); |
---|
| 95 | } |
---|
| 96 | } |
---|
| 97 | } |
---|
[6610] | 98 | // Configuration menu |
---|
| 99 | if ( !function_exists( 'VAG_admin_menu' ) ) { |
---|
| 100 | if ( defined('IN_ADMIN') and IN_ADMIN ) { |
---|
| 101 | add_event_handler('get_admin_plugin_menu_links', 'VAG_admin_menu'); |
---|
| 102 | function VAG_admin_menu($menu) { |
---|
[6650] | 103 | global $conf; |
---|
[6610] | 104 | array_push($menu, array( |
---|
| 105 | 'NAME' => 'Virtual AutoGrant', |
---|
[9996] | 106 | 'URL' => get_root_url().'admin.php?page=plugin-'.basename(VAG_PATH) |
---|
[6610] | 107 | )); |
---|
| 108 | return $menu; |
---|
| 109 | } |
---|
| 110 | } |
---|
| 111 | } |
---|
[6603] | 112 | ?> |
---|