Context Navigation

source: trunk/admin/cat_perm.php @ 27867

Last change on this file since 27867 was 26461, checked in by mistic100, 10 years ago
Update headers to 2014. Happy new year!!
Property svn:eol-style set to `LF`
File size: 9.0 KB

Rev	Line
[21]	1	<?php
[362]	2	// +-----------------------------------------------------------------------+
[8728]	3	// \| Piwigo - a PHP based photo gallery \|
[2297]	4	// +-----------------------------------------------------------------------+
[26461]	5	// \| Copyright(C) 2008-2014 Piwigo Team http://piwigo.org \|
[2297]	6	// \| Copyright(C) 2003-2008 PhpWebGallery Team http://phpwebgallery.net \|
	7	// \| Copyright(C) 2002-2003 Pierrick LE GALL http://le-gall.net/pierrick \|
	8	// +-----------------------------------------------------------------------+
	9	// \| This program is free software; you can redistribute it and/or modify \|
	10	// \| it under the terms of the GNU General Public License as published by \|
	11	// \| the Free Software Foundation \|
	12	// \| \|
	13	// \| This program is distributed in the hope that it will be useful, but \|
	14	// \| WITHOUT ANY WARRANTY; without even the implied warranty of \|
	15	// \| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU \|
	16	// \| General Public License for more details. \|
	17	// \| \|
	18	// \| You should have received a copy of the GNU General Public License \|
	19	// \| along with this program; if not, write to the Free Software \|
	20	// \| Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, \|
	21	// \| USA. \|
	22	// +-----------------------------------------------------------------------+
[800]	23
	24	if (!defined('PHPWG_ROOT_PATH'))
[21]	25	{
[800]	26	die ("Hacking attempt!");
	27	}
	28
[1072]	29	include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
	30
[800]	31	// +-----------------------------------------------------------------------+
[1072]	32	// \| Check Access and exit when user status is not ok \|
	33	// +-----------------------------------------------------------------------+
	34	check_status(ACCESS_ADMINISTRATOR);
	35
	36	// +-----------------------------------------------------------------------+
[800]	37	// \| variable initialization \|
	38	// +-----------------------------------------------------------------------+
	39
[13580]	40	$page['cat'] = $category['id'];
[800]	41
	42	// +-----------------------------------------------------------------------+
	43	// \| form submission \|
	44	// +-----------------------------------------------------------------------+
[13580]	45
	46	if (!empty($_POST))
[12020]	47	{
	48	check_pwg_token();
[800]	49
[13580]	50	if ($category['status'] != $_POST['status'])
	51	{
	52	set_cat_status(array($page['cat']), $_POST['status']);
	53	$category['status'] = $_POST['status'];
	54	}
	55
	56	if ('private' == $_POST['status'])
	57	{
	58	//
	59	// manage groups
	60	//
	61	$query = '
	62	SELECT group_id
	63	FROM '.GROUP_ACCESS_TABLE.'
	64	WHERE cat_id = '.$page['cat'].'
	65	;';
	66	$groups_granted = array_from_query($query, 'group_id');
	67
	68	if (!isset($_POST['groups']))
	69	{
	70	$_POST['groups'] = array();
	71	}
	72
	73	//
	74	// remove permissions to groups
	75	//
	76	$deny_groups = array_diff($groups_granted, $_POST['groups']);
	77	if (count($deny_groups) > 0)
	78	{
	79	// if you forbid access to an album, all sub-albums become
	80	// automatically forbidden
	81	$query = '
[800]	82	DELETE
	83	FROM '.GROUP_ACCESS_TABLE.'
[13580]	84	WHERE group_id IN ('.implode(',', $deny_groups).')
[800]	85	AND cat_id IN ('.implode(',', get_subcat_ids(array($page['cat']))).')
	86	;';
[13580]	87	pwg_query($query);
	88	}
[12017]	89
[13580]	90	//
	91	// add permissions to groups
	92	//
[17561]	93	$grant_groups = $_POST['groups'];
[13580]	94	if (count($grant_groups) > 0)
	95	{
	96	$cat_ids = get_uppercat_ids(array($page['cat']));
	97	if (isset($_POST['apply_on_sub']))
	98	{
	99	$cat_ids = array_merge($cat_ids, get_subcat_ids(array($page['cat'])));
	100	}
[25243]	101
[25244]	102	$query = '
	103	SELECT id
	104	FROM '.CATEGORIES_TABLE.'
	105	WHERE id IN ('.implode(',', $cat_ids).')
	106	AND status = \'private\'
	107	;';
	108	$private_cats = array_from_query($query, 'id');
	109
[13580]	110	$inserts = array();
[25244]	111	foreach ($private_cats as $cat_id)
[13580]	112	{
[25243]	113	foreach ($grant_groups as $group_id)
[13580]	114	{
[25018]	115	$inserts[] = array(
	116	'group_id' => $group_id,
	117	'cat_id' => $cat_id
[13580]	118	);
	119	}
	120	}
[25243]	121
	122	mass_inserts(
	123	GROUP_ACCESS_TABLE,
	124	array('group_id','cat_id'),
	125	$inserts,
	126	array('ignore'=>true)
	127	);
[13580]	128	}
	129
	130	//
	131	// users
	132	//
	133	$query = '
	134	SELECT user_id
	135	FROM '.USER_ACCESS_TABLE.'
	136	WHERE cat_id = '.$page['cat'].'
	137	;';
	138	$users_granted = array_from_query($query, 'user_id');
	139
	140	if (!isset($_POST['users']))
[21]	141	{
[13580]	142	$_POST['users'] = array();
[21]	143	}
[13580]	144
	145	//
	146	// remove permissions to users
	147	//
	148	$deny_users = array_diff($users_granted, $_POST['users']);
	149	if (count($deny_users) > 0)
	150	{
	151	// if you forbid access to an album, all sub-album become automatically
	152	// forbidden
	153	$query = '
[800]	154	DELETE
	155	FROM '.USER_ACCESS_TABLE.'
[13580]	156	WHERE user_id IN ('.implode(',', $deny_users).')
[800]	157	AND cat_id IN ('.implode(',', get_subcat_ids(array($page['cat']))).')
	158	;';
[13580]	159	pwg_query($query);
	160	}
	161
	162	//
	163	// add permissions to users
	164	//
[17561]	165	$grant_users = $_POST['users'];
[13580]	166	if (count($grant_users) > 0)
	167	{
	168	add_permission_on_category($page['cat'], $grant_users);
	169	}
	170	}
	171
[25018]	172	$page['infos'][] = l10n('Album updated successfully');
[800]	173	}
	174
	175	// +-----------------------------------------------------------------------+
	176	// \| template initialization \|
	177	// +-----------------------------------------------------------------------+
[817]	178
[2530]	179	$template->set_filename('cat_perm', 'cat_perm.tpl');
[800]	180
[2288]	181	$template->assign(
[817]	182	array(
[825]	183	'CATEGORIES_NAV' =>
	184	get_cat_display_name_from_id(
	185	$page['cat'],
[13013]	186	'admin.php?page=album-'
[825]	187	),
[5920]	188	'U_HELP' => get_root_url().'admin/popuphelp.php?page=cat_perm',
[13013]	189	'F_ACTION' => $admin_album_base_url.'-permissions',
[13580]	190	'private' => ('private' == $category['status']),
[817]	191	)
	192	);
[800]	193
	194	// +-----------------------------------------------------------------------+
	195	// \| form construction \|
	196	// +-----------------------------------------------------------------------+
	197
	198	// groups denied are the groups not granted. So we need to find all groups
	199	// minus groups granted to find groups denied.
	200
	201	$groups = array();
	202
	203	$query = '
	204	SELECT id, name
	205	FROM '.GROUPS_TABLE.'
[1960]	206	ORDER BY name ASC
[800]	207	;';
[2223]	208	$groups = simple_hash_from_query($query, 'id', 'name');
[13580]	209	$template->assign('groups', $groups);
[800]	210
[2223]	211	// groups granted to access the category
[800]	212	$query = '
	213	SELECT group_id
	214	FROM '.GROUP_ACCESS_TABLE.'
	215	WHERE cat_id = '.$page['cat'].'
	216	;';
	217	$group_granted_ids = array_from_query($query, 'group_id');
[13580]	218	$template->assign('groups_selected', $group_granted_ids);
[800]	219
	220	// users...
	221	$users = array();
	222
	223	$query = '
[808]	224	SELECT '.$conf['user_fields']['id'].' AS id,
	225	'.$conf['user_fields']['username'].' AS username
[800]	226	FROM '.USERS_TABLE.'
	227	;';
[2223]	228	$users = simple_hash_from_query($query, 'id', 'username');
[13580]	229	$template->assign('users', $users);
[800]	230
[2223]	231
[800]	232	$query = '
	233	SELECT user_id
	234	FROM '.USER_ACCESS_TABLE.'
	235	WHERE cat_id = '.$page['cat'].'
	236	;';
	237	$user_granted_direct_ids = array_from_query($query, 'user_id');
[13580]	238	$template->assign('users_selected', $user_granted_direct_ids);
[800]	239
[2223]	240
[800]	241	$user_granted_indirect_ids = array();
	242	if (count($group_granted_ids) > 0)
	243	{
	244	$granted_groups = array();
	245
	246	$query = '
	247	SELECT user_id, group_id
	248	FROM '.USER_GROUP_TABLE.'
	249	WHERE group_id IN ('.implode(',', $group_granted_ids).')
	250	';
	251	$result = pwg_query($query);
[4325]	252	while ($row = pwg_db_fetch_assoc($result))
[21]	253	{
[25018]	254	if (!isset($granted_groups[ $row['group_id'] ]))
[800]	255	{
[25018]	256	$granted_groups[ $row['group_id'] ] = array();
[800]	257	}
[25018]	258	$granted_groups[ $row['group_id'] ][] = $row['user_id'];
[21]	259	}
	260
[800]	261	$user_granted_by_group_ids = array();
[13593]	262
[800]	263	foreach ($granted_groups as $group_users)
[21]	264	{
[13593]	265	$user_granted_by_group_ids = array_merge($user_granted_by_group_ids, $group_users);
[21]	266	}
[13593]	267
[800]	268	$user_granted_by_group_ids = array_unique($user_granted_by_group_ids);
	269
[13593]	270	$user_granted_indirect_ids = array_diff(
	271	$user_granted_by_group_ids,
	272	$user_granted_direct_ids
	273	);
	274
	275	$template->assign('nb_users_granted_indirect', count($user_granted_indirect_ids));
	276
	277	foreach ($granted_groups as $group_id => $group_users)
[21]	278	{
[13593]	279	$group_usernames = array();
	280	foreach ($group_users as $user_id)
[21]	281	{
[13593]	282	if (in_array($user_id, $user_granted_indirect_ids))
[21]	283	{
[25018]	284	$group_usernames[] = $users[$user_id];
[21]	285	}
	286	}
[13593]	287
	288	$template->append(
	289	'user_granted_indirect_groups',
	290	array(
	291	'group_name' => $groups[$group_id],
	292	'group_users' => implode(', ', $group_usernames),
	293	)
	294	);
[21]	295	}
	296	}
[800]	297
	298	// +-----------------------------------------------------------------------+
	299	// \| sending html code \|
	300	// +-----------------------------------------------------------------------+
[23430]	301	$template->assign(array('PWG_TOKEN' => get_pwg_token(), 'INHERIT' => $conf['inheritance_by_default']));
[12020]	302
[800]	303	$template->assign_var_from_handle('ADMIN_CONTENT', 'cat_perm');
[362]	304	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: