1 | <?php |
---|
2 | /* Virtual AutoGrant */ |
---|
3 | if (!defined('PHPWG_ROOT_PATH') or !defined('VAG_DIR')) die('Hacking attempt!'); |
---|
4 | global $conf; |
---|
5 | include_once( VAG_PATH . 'VAG_default.php'); |
---|
6 | $vag = & $conf['virtual_AutoGrant']; |
---|
7 | |
---|
8 | // General case for set private (exception synchronisation (categories are not virtual ones)) |
---|
9 | if ( $conf['newcat_default_status'] == 'public' and $vag['set_private'] == 1 |
---|
10 | and defined('IN_ADMIN') and IN_ADMIN and !function_exists( 'VAG_set_private' ) ) { |
---|
11 | add_event_handler('get_admin_plugin_menu_links', 'VAG_set_private'); |
---|
12 | function VAG_set_private($menu) { |
---|
13 | global $page, $conf; |
---|
14 | if ( isset($page['page']) and $page['page'] != 'site_manager' ) |
---|
15 | $conf['newcat_default_status'] = 'private'; |
---|
16 | return $menu; |
---|
17 | } |
---|
18 | } |
---|
19 | // General case for set public (exception synchronisation (categories are not virtual ones)) |
---|
20 | if ( $conf['newcat_default_status'] == 'private' and $vag['set_private'] == 0 |
---|
21 | and defined('IN_ADMIN') and IN_ADMIN and !function_exists( 'VAG_set_public' ) ) { |
---|
22 | add_event_handler('get_admin_plugin_menu_links', 'VAG_set_public'); |
---|
23 | function VAG_set_public($menu) { |
---|
24 | global $page, $conf; |
---|
25 | if ( isset($page['page']) and $page['page'] != 'site_manager' ) |
---|
26 | $conf['newcat_default_status'] = 'public'; |
---|
27 | return $menu; |
---|
28 | } |
---|
29 | } |
---|
30 | // General case for grant to someone |
---|
31 | // Don't grant on physical categories |
---|
32 | if ( ($vag['grant_to_creator'] == 1 or $vag['grant_to_webmaster'] == 1) |
---|
33 | and defined('IN_ADMIN') and IN_ADMIN and !function_exists( 'VAG_grant_to_prepare' ) ) { |
---|
34 | add_event_handler('get_admin_plugin_menu_links', 'VAG_grant_to_prepare'); |
---|
35 | function VAG_grant_to_prepare($menu) { |
---|
36 | global $conf, $page, $vag; |
---|
37 | if ( !isset($page['page']) or $page['page'] == 'site_manager' ) return false; # Not Virtual |
---|
38 | list($max_id) = pwg_db_fetch_row(pwg_query('SELECT MAX(id) FROM '.CATEGORIES_TABLE . ';')); |
---|
39 | $vag['lastcat before'] == $max_id; |
---|
40 | add_event_handler('loc_end_admin', 'VAG_grant_to_somebody'); |
---|
41 | return $menu; |
---|
42 | } |
---|
43 | if ( !function_exists( 'VAG_grant_to_somebody' ) ) { |
---|
44 | function VAG_grant_to_somebody() { |
---|
45 | global $conf, $vag, $user; |
---|
46 | if ( !isset($vag['lastcat before']) ) return false; |
---|
47 | list($new_id) = pwg_db_fetch_row(pwg_query('SELECT MAX(id) FROM '.CATEGORIES_TABLE |
---|
48 | . ' WHERE id > ' . $vag['lastcat before'] . ' AND site_id IS NULL;')); |
---|
49 | if ( empty($newid) ) return false; |
---|
50 | if ( $vag['grant_to_creator'] == 1 or $vag['grant_to_webmaster'] == 1 ) { |
---|
51 | if ( $vag['grant_to_creator'] == 1 ) $insert[] = array('user_id' => $user['id'], 'cat_id' => $newid); |
---|
52 | if ( $user['id'] != $conf['webmaster_id'] and $vag['grant_to_webmaster'] == 1 ) |
---|
53 | $insert[] = array('user_id' => $conf['webmaster_id'], 'cat_id' => $newid); |
---|
54 | mass_inserts(USER_ACCESS_TABLE, array('user_id','cat_id'), $insert); |
---|
55 | } |
---|
56 | // To do set level |
---|
57 | } |
---|
58 | } |
---|
59 | } |
---|
60 | |
---|
61 | // API cases : Just do it |
---|
62 | if ( !function_exists( 'VAG_set_private_by_API' ) ) { |
---|
63 | add_event_handler('invalidate_user_cache', 'VAG_set_private_by_API', 20); |
---|
64 | |
---|
65 | function VAG_set_private_by_API($full) { |
---|
66 | if ( !function_exists( 'ws_categories_add' ) ) return false; // That isn't an API request |
---|
67 | global $user, $conf; |
---|
68 | $vag = & $conf['virtual_AutoGrant']; |
---|
69 | if ( isset($_REQUEST['method']) and $_REQUEST['method'] == 'pwg.categories.add' ) { |
---|
70 | list($inserted_id) = pwg_db_fetch_row(pwg_query('SELECT MAX(id) FROM '.CATEGORIES_TABLE |
---|
71 | . ' WHERE name = \'' .pwg_db_real_escape_string($_REQUEST['name']) . '\' AND site_id IS NULL;')); |
---|
72 | # Note: AND site_id IS NULL because synchro could be running in // |
---|
73 | if ( $vag['set_private_by_API'] == 1 ) set_cat_status(array($inserted_id), 'private'); |
---|
74 | else set_cat_status(array($inserted_id), 'public'); |
---|
75 | if ( ($vag['grant_to_creator'] == 1 or $vag['grant_to_webmaster'] == 1 ) and $vag['set_private_by_API'] == 1 ) { |
---|
76 | if ( $vag['grant_to_creator'] == 1 ) $insert[] = array('user_id' => $user['id'], 'cat_id' => $inserted_id); |
---|
77 | if ( $user['id'] != $conf['webmaster_id'] and $vag['grant_to_webmaster'] == 1 ) |
---|
78 | $insert[] = array('user_id' => $conf['webmaster_id'], 'cat_id' => $inserted_id); |
---|
79 | mass_inserts(USER_ACCESS_TABLE, array('user_id','cat_id'), $insert); |
---|
80 | } |
---|
81 | $vag['lastcat before'] = $inserted_id; # Admin Photos Add does not need to redo the job |
---|
82 | } |
---|
83 | // "Who can see" management ( only for API, Synchro or old HTTP management on gallery side are ignored ) |
---|
84 | if ( isset($_REQUEST['method']) and $_REQUEST['method'] == 'pwg.images.add' and isset($_REQUEST['original_sum']) |
---|
85 | and $vag['set_who_can_see'] == 1 ) { |
---|
86 | # image to update |
---|
87 | if ('md5sum' == $conf['uniqueness_mode']) $where_clause = "md5sum = '".pwg_db_real_escape_string($_REQUEST['original_sum'])."'"; |
---|
88 | if ('filename' == $conf['uniqueness_mode'] and isset($_REQUEST['original_filename']) ) |
---|
89 | $where_clause = "file = '".pwg_db_real_escape_string($_REQUEST['original_filename'])."'"; |
---|
90 | if ( !isset($where_clause) or (is_webmaster() and $vag['webmaster_set_who_can_see'] == 1) ) return false; |
---|
91 | if ( $user['level'] == $conf['available_permission_levels'][0] ) return false; // Non privacy level won't force it |
---|
92 | if (!isset($_REQUEST['categories'])) return false; |
---|
93 | $tokens = explode(';', pwg_db_real_escape_string($_REQUEST['categories'])); |
---|
94 | $cat_ids = array(); |
---|
95 | foreach ($tokens as $token) { |
---|
96 | list($cat_id) = explode(',', $token); |
---|
97 | if (!preg_match('/^\d+$/', $cat_id)) continue; |
---|
98 | array_push($cat_ids, $cat_id); |
---|
99 | } |
---|
100 | $cat_ids = array_unique($cat_ids); |
---|
101 | if (count($cat_ids) != 0) $w = ' AND id IN ('.implode(',', $cat_ids).')'; else $w =''; |
---|
102 | list($count_public_cat) = pwg_db_fetch_row(pwg_query('SELECT count(*) FROM '.CATEGORIES_TABLE |
---|
103 | . ' WHERE status = \'public\' ' . $w . ' AND site_id IS NULL;')); |
---|
104 | // No public category = all are private => maybe we can ignore "Who can see" |
---|
105 | if ( $count_public_cat == 0 and $vag['ignore_who_can_see_on_private'] == 1 ) return false; |
---|
106 | $r = pwg_query('UPDATE '.IMAGES_TABLE.' SET level = ' . $user['level'] . ' WHERE level < '. $user['level'] |
---|
107 | .' AND ' . $where_clause . ';'); |
---|
108 | } |
---|
109 | } |
---|
110 | } |
---|
111 | // Configuration menu |
---|
112 | if ( !function_exists( 'VAG_admin_menu' ) ) { |
---|
113 | if ( defined('IN_ADMIN') and IN_ADMIN ) { |
---|
114 | add_event_handler('get_admin_plugin_menu_links', 'VAG_admin_menu'); |
---|
115 | function VAG_admin_menu($menu) { |
---|
116 | array_push($menu, array( |
---|
117 | 'NAME' => 'Virtual AutoGrant', |
---|
118 | 'URL' => get_admin_plugin_menu_link(dirname(__FILE__).'/VAG_admin.php') |
---|
119 | )); |
---|
120 | return $menu; |
---|
121 | } |
---|
122 | } |
---|
123 | } |
---|
124 | ?> |
---|