Context Navigation

source: trunk/admin/cat_perm.php @ 6323

Last change on this file since 6323 was 5920, checked in by nikrou, 14 years ago
Bug 1617 fixed : help page is displayed in current theme in public or admin pages
Property svn:eol-style set to `LF`
File size: 10.3 KB

Rev	Line
[21]	1	<?php
[362]	2	// +-----------------------------------------------------------------------+
[2297]	3	// \| Piwigo - a PHP based picture gallery \|
	4	// +-----------------------------------------------------------------------+
[5196]	5	// \| Copyright(C) 2008-2010 Piwigo Team http://piwigo.org \|
[2297]	6	// \| Copyright(C) 2003-2008 PhpWebGallery Team http://phpwebgallery.net \|
	7	// \| Copyright(C) 2002-2003 Pierrick LE GALL http://le-gall.net/pierrick \|
	8	// +-----------------------------------------------------------------------+
	9	// \| This program is free software; you can redistribute it and/or modify \|
	10	// \| it under the terms of the GNU General Public License as published by \|
	11	// \| the Free Software Foundation \|
	12	// \| \|
	13	// \| This program is distributed in the hope that it will be useful, but \|
	14	// \| WITHOUT ANY WARRANTY; without even the implied warranty of \|
	15	// \| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU \|
	16	// \| General Public License for more details. \|
	17	// \| \|
	18	// \| You should have received a copy of the GNU General Public License \|
	19	// \| along with this program; if not, write to the Free Software \|
	20	// \| Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, \|
	21	// \| USA. \|
	22	// +-----------------------------------------------------------------------+
[800]	23
	24	if (!defined('PHPWG_ROOT_PATH'))
[21]	25	{
[800]	26	die ("Hacking attempt!");
	27	}
	28
[1072]	29	include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
	30
[800]	31	// +-----------------------------------------------------------------------+
[1072]	32	// \| Check Access and exit when user status is not ok \|
	33	// +-----------------------------------------------------------------------+
	34	check_status(ACCESS_ADMINISTRATOR);
	35
	36	// +-----------------------------------------------------------------------+
[800]	37	// \| variable initialization \|
	38	// +-----------------------------------------------------------------------+
	39
	40	// if the category is not correct (not numeric, not private)
	41	if (isset($_GET['cat']) and is_numeric($_GET['cat']))
	42	{
	43	$query = '
	44	SELECT status
	45	FROM '.CATEGORIES_TABLE.'
	46	WHERE id = '.$_GET['cat'].'
	47	;';
[4325]	48	list($status) = pwg_db_fetch_row(pwg_query($query));
[800]	49
	50	if ('private' == $status)
[21]	51	{
[800]	52	$page['cat'] = $_GET['cat'];
[21]	53	}
	54	}
[800]	55
	56	if (!isset($page['cat']))
[21]	57	{
[800]	58	$query = '
	59	SELECT id
	60	FROM '.CATEGORIES_TABLE.'
	61	WHERE status = \'private\'
[4334]	62	LIMIT 1
[800]	63	;';
	64
[4325]	65	list($page['cat']) = pwg_db_fetch_row(pwg_query($query));
[800]	66	}
	67
	68	// +-----------------------------------------------------------------------+
	69	// \| form submission \|
	70	// +-----------------------------------------------------------------------+
	71
	72
	73	if (isset($_POST['deny_groups_submit'])
	74	and isset($_POST['deny_groups'])
	75	and count($_POST['deny_groups']) > 0)
	76	{
	77	// if you forbid access to a category, all sub-categories become
	78	// automatically forbidden
	79	$query = '
	80	DELETE
	81	FROM '.GROUP_ACCESS_TABLE.'
	82	WHERE group_id IN ('.implode(',', $_POST['deny_groups']).')
	83	AND cat_id IN ('.implode(',', get_subcat_ids(array($page['cat']))).')
	84	;';
	85	pwg_query($query);
	86	}
	87	else if (isset($_POST['grant_groups_submit'])
	88	and isset($_POST['grant_groups'])
	89	and count($_POST['grant_groups']) > 0)
	90	{
	91	$query = '
	92	SELECT id
	93	FROM '.CATEGORIES_TABLE.'
	94	WHERE id IN ('.implode(',', get_uppercat_ids(array($page['cat']))).')
	95	AND status = \'private\'
	96	;';
	97	$private_uppercats = array_from_query($query, 'id');
	98
	99	// We must not reinsert already existing lines in group_access table
	100	$granteds = array();
	101	foreach ($private_uppercats as $cat_id)
[21]	102	{
[800]	103	$granteds[$cat_id] = array();
[21]	104	}
[800]	105
	106	$query = '
	107	SELECT group_id, cat_id
	108	FROM '.GROUP_ACCESS_TABLE.'
	109	WHERE cat_id IN ('.implode(',', $private_uppercats).')
	110	AND group_id IN ('.implode(',', $_POST['grant_groups']).')
	111	;';
	112	$result = pwg_query($query);
[4325]	113	while ($row = pwg_db_fetch_assoc($result))
[21]	114	{
[800]	115	array_push($granteds[$row['cat_id']], $row['group_id']);
	116	}
	117
	118	$inserts = array();
	119
	120	foreach ($private_uppercats as $cat_id)
	121	{
	122	$group_ids = array_diff($_POST['grant_groups'], $granteds[$cat_id]);
	123	foreach ($group_ids as $group_id)
[21]	124	{
[800]	125	array_push($inserts, array('group_id' => $group_id,
	126	'cat_id' => $cat_id));
[21]	127	}
	128	}
[800]	129
	130	mass_inserts(GROUP_ACCESS_TABLE, array('group_id','cat_id'), $inserts);
[21]	131	}
[800]	132	else if (isset($_POST['deny_users_submit'])
	133	and isset($_POST['deny_users'])
	134	and count($_POST['deny_users']) > 0)
[21]	135	{
[800]	136	// if you forbid access to a category, all sub-categories become
	137	// automatically forbidden
	138	$query = '
	139	DELETE
	140	FROM '.USER_ACCESS_TABLE.'
	141	WHERE user_id IN ('.implode(',', $_POST['deny_users']).')
	142	AND cat_id IN ('.implode(',', get_subcat_ids(array($page['cat']))).')
	143	;';
	144	pwg_query($query);
	145	}
	146	else if (isset($_POST['grant_users_submit'])
	147	and isset($_POST['grant_users'])
	148	and count($_POST['grant_users']) > 0)
	149	{
	150	$query = '
	151	SELECT id
	152	FROM '.CATEGORIES_TABLE.'
	153	WHERE id IN ('.implode(',', get_uppercat_ids(array($page['cat']))).')
	154	AND status = \'private\'
	155	;';
	156	$private_uppercats = array_from_query($query, 'id');
	157
	158	// We must not reinsert already existing lines in user_access table
	159	$granteds = array();
	160	foreach ($private_uppercats as $cat_id)
[21]	161	{
[800]	162	$granteds[$cat_id] = array();
[21]	163	}
[800]	164
	165	$query = '
	166	SELECT user_id, cat_id
	167	FROM '.USER_ACCESS_TABLE.'
	168	WHERE cat_id IN ('.implode(',', $private_uppercats).')
	169	AND user_id IN ('.implode(',', $_POST['grant_users']).')
	170	;';
	171	$result = pwg_query($query);
[4325]	172	while ($row = pwg_db_fetch_assoc($result))
[21]	173	{
[800]	174	array_push($granteds[$row['cat_id']], $row['user_id']);
	175	}
	176
	177	$inserts = array();
	178
	179	foreach ($private_uppercats as $cat_id)
	180	{
	181	$user_ids = array_diff($_POST['grant_users'], $granteds[$cat_id]);
	182	foreach ($user_ids as $user_id)
[21]	183	{
[800]	184	array_push($inserts, array('user_id' => $user_id,
	185	'cat_id' => $cat_id));
[21]	186	}
	187	}
[800]	188
	189	mass_inserts(USER_ACCESS_TABLE, array('user_id','cat_id'), $inserts);
[21]	190	}
[800]	191
	192	// +-----------------------------------------------------------------------+
	193	// \| template initialization \|
	194	// +-----------------------------------------------------------------------+
[817]	195
[2530]	196	$template->set_filename('cat_perm', 'cat_perm.tpl');
[800]	197
[2288]	198	$template->assign(
[817]	199	array(
[825]	200	'CATEGORIES_NAV' =>
	201	get_cat_display_name_from_id(
	202	$page['cat'],
	203	'admin.php?page=cat_modify&cat_id='
	204	),
[5920]	205	'U_HELP' => get_root_url().'admin/popuphelp.php?page=cat_perm',
[2288]	206	'F_ACTION' => get_root_url().'admin.php?page=cat_perm&cat='.$page['cat']
[817]	207	)
	208	);
[800]	209
	210	// +-----------------------------------------------------------------------+
	211	// \| form construction \|
	212	// +-----------------------------------------------------------------------+
	213
	214	// groups denied are the groups not granted. So we need to find all groups
	215	// minus groups granted to find groups denied.
	216
	217	$groups = array();
	218
	219	$query = '
	220	SELECT id, name
	221	FROM '.GROUPS_TABLE.'
[1960]	222	ORDER BY name ASC
[800]	223	;';
[2223]	224	$groups = simple_hash_from_query($query, 'id', 'name');
	225	$template->assign('all_groups', $groups);
[800]	226
[2223]	227	// groups granted to access the category
[800]	228	$query = '
	229	SELECT group_id
	230	FROM '.GROUP_ACCESS_TABLE.'
	231	WHERE cat_id = '.$page['cat'].'
	232	;';
	233	$group_granted_ids = array_from_query($query, 'group_id');
[2349]	234	$group_granted_ids = order_by_name($group_granted_ids, $groups);
[2223]	235	$template->assign('group_granted_ids', $group_granted_ids);
[800]	236
	237
	238	// groups denied
[2223]	239	$template->assign('group_denied_ids',
[2349]	240	order_by_name(array_diff(array_keys($groups), $group_granted_ids), $groups)
[2223]	241	);
[800]	242
	243	// users...
	244	$users = array();
	245
	246	$query = '
[808]	247	SELECT '.$conf['user_fields']['id'].' AS id,
	248	'.$conf['user_fields']['username'].' AS username
[800]	249	FROM '.USERS_TABLE.'
	250	;';
[2223]	251	$users = simple_hash_from_query($query, 'id', 'username');
	252	$template->assign('all_users', $users);
[800]	253
[2223]	254
[800]	255	$query = '
	256	SELECT user_id
	257	FROM '.USER_ACCESS_TABLE.'
	258	WHERE cat_id = '.$page['cat'].'
	259	;';
	260	$user_granted_direct_ids = array_from_query($query, 'user_id');
[2349]	261	$user_granted_direct_ids = order_by_name($user_granted_direct_ids, $users);
[2223]	262	$template->assign('user_granted_direct_ids', $user_granted_direct_ids);
[800]	263
[2223]	264
	265
[800]	266	$user_granted_indirect_ids = array();
	267	if (count($group_granted_ids) > 0)
	268	{
	269	$granted_groups = array();
	270
	271	$query = '
	272	SELECT user_id, group_id
	273	FROM '.USER_GROUP_TABLE.'
	274	WHERE group_id IN ('.implode(',', $group_granted_ids).')
	275	';
	276	$result = pwg_query($query);
[4325]	277	while ($row = pwg_db_fetch_assoc($result))
[21]	278	{
[800]	279	if (!isset($granted_groups[$row['group_id']]))
	280	{
	281	$granted_groups[$row['group_id']] = array();
	282	}
	283	array_push($granted_groups[$row['group_id']], $row['user_id']);
[21]	284	}
	285
[800]	286	$user_granted_by_group_ids = array();
	287
	288	foreach ($granted_groups as $group_users)
[21]	289	{
[800]	290	$user_granted_by_group_ids = array_merge($user_granted_by_group_ids,
	291	$group_users);
[21]	292	}
[800]	293	$user_granted_by_group_ids = array_unique($user_granted_by_group_ids);
	294
	295
	296	$user_granted_indirect_ids = array_diff($user_granted_by_group_ids,
	297	$user_granted_direct_ids);
[2349]	298	$user_granted_indirect_ids =
	299	order_by_name($user_granted_indirect_ids, $users);
[800]	300	foreach ($user_granted_indirect_ids as $user_id)
[21]	301	{
[800]	302	foreach ($granted_groups as $group_id => $group_users)
[21]	303	{
[800]	304	if (in_array($user_id, $group_users))
[21]	305	{
[2223]	306	$template->append(
	307	'user_granted_indirects',
	308	array(
	309	'USER'=>$users[$user_id],
	310	'GROUP'=>$groups[$group_id]
	311	)
	312	);
[800]	313	break;
[21]	314	}
	315	}
	316	}
	317	}
[800]	318
	319	$user_denied_ids = array_diff(array_keys($users),
	320	$user_granted_indirect_ids,
	321	$user_granted_direct_ids);
[2349]	322	$user_denied_ids = order_by_name($user_denied_ids, $users);
[2223]	323	$template->assign('user_denied_ids', $user_denied_ids);
[800]	324
	325
	326	// +-----------------------------------------------------------------------+
	327	// \| sending html code \|
	328	// +-----------------------------------------------------------------------+
	329	$template->assign_var_from_handle('ADMIN_CONTENT', 'cat_perm');
[362]	330	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: