Context Navigation

cat_perm.php @ 13580

Visit:

Revision 13580, 9.6 KB (checked in by plg, 14 months ago)
feature 2594: redesign on album permission screen. The choice "public/private" is not on the "properties" tab anymore. Simpler ergonomy to select grant users and groups.
Property svn:eol-style set to `LF`

Line
1	<?php
2	// +-----------------------------------------------------------------------+
3	// \| Piwigo - a PHP based photo gallery \|
4	// +-----------------------------------------------------------------------+
5	// \| Copyright(C) 2008-2012 Piwigo Team http://piwigo.org \|
6	// \| Copyright(C) 2003-2008 PhpWebGallery Team http://phpwebgallery.net \|
7	// \| Copyright(C) 2002-2003 Pierrick LE GALL http://le-gall.net/pierrick \|
8	// +-----------------------------------------------------------------------+
9	// \| This program is free software; you can redistribute it and/or modify \|
10	// \| it under the terms of the GNU General Public License as published by \|
11	// \| the Free Software Foundation \|
12	// \| \|
13	// \| This program is distributed in the hope that it will be useful, but \|
14	// \| WITHOUT ANY WARRANTY; without even the implied warranty of \|
15	// \| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU \|
16	// \| General Public License for more details. \|
17	// \| \|
18	// \| You should have received a copy of the GNU General Public License \|
19	// \| along with this program; if not, write to the Free Software \|
20	// \| Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, \|
21	// \| USA. \|
22	// +-----------------------------------------------------------------------+
23
24	if (!defined('PHPWG_ROOT_PATH'))
25	{
26	die ("Hacking attempt!");
27	}
28
29	include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
30
31	// +-----------------------------------------------------------------------+
32	// \| Check Access and exit when user status is not ok \|
33	// +-----------------------------------------------------------------------+
34	check_status(ACCESS_ADMINISTRATOR);
35
36	// +-----------------------------------------------------------------------+
37	// \| variable initialization \|
38	// +-----------------------------------------------------------------------+
39
40	$page['cat'] = $category['id'];
41
42	// +-----------------------------------------------------------------------+
43	// \| form submission \|
44	// +-----------------------------------------------------------------------+
45
46	if (!empty($_POST))
47	{
48	check_pwg_token();
49
50	if ($category['status'] != $_POST['status'])
51	{
52	set_cat_status(array($page['cat']), $_POST['status']);
53	$category['status'] = $_POST['status'];
54	}
55
56	if ('private' == $_POST['status'])
57	{
58	//
59	// manage groups
60	//
61	$query = '
62	SELECT group_id
63	FROM '.GROUP_ACCESS_TABLE.'
64	WHERE cat_id = '.$page['cat'].'
65	;';
66	$groups_granted = array_from_query($query, 'group_id');
67
68	if (!isset($_POST['groups']))
69	{
70	$_POST['groups'] = array();
71	}
72
73	//
74	// remove permissions to groups
75	//
76	$deny_groups = array_diff($groups_granted, $_POST['groups']);
77	if (count($deny_groups) > 0)
78	{
79	// if you forbid access to an album, all sub-albums become
80	// automatically forbidden
81	$query = '
82	DELETE
83	FROM '.GROUP_ACCESS_TABLE.'
84	WHERE group_id IN ('.implode(',', $deny_groups).')
85	AND cat_id IN ('.implode(',', get_subcat_ids(array($page['cat']))).')
86	;';
87	pwg_query($query);
88	}
89
90	//
91	// add permissions to groups
92	//
93	$grant_groups = array_diff($_POST['groups'], $groups_granted);
94	if (count($grant_groups) > 0)
95	{
96	$cat_ids = get_uppercat_ids(array($page['cat']));
97	if (isset($_POST['apply_on_sub']))
98	{
99	$cat_ids = array_merge($cat_ids, get_subcat_ids(array($page['cat'])));
100	}
101
102	$query = '
103	SELECT id
104	FROM '.CATEGORIES_TABLE.'
105	WHERE id IN ('.implode(',', $cat_ids).')
106	AND status = \'private\'
107	;';
108	$private_cats = array_from_query($query, 'id');
109
110	// We must not reinsert already existing lines in group_access table
111	$granteds = array();
112	foreach ($private_cats as $cat_id)
113	{
114	$granteds[$cat_id] = array();
115	}
116
117	$query = '
118	SELECT
119	group_id,
120	cat_id
121	FROM '.GROUP_ACCESS_TABLE.'
122	WHERE cat_id IN ('.implode(',', $private_cats).')
123	AND group_id IN ('.implode(',', $grant_groups).')
124	;';
125	$result = pwg_query($query);
126	while ($row = pwg_db_fetch_assoc($result))
127	{
128	array_push($granteds[$row['cat_id']], $row['group_id']);
129	}
130
131	$inserts = array();
132
133	foreach ($private_cats as $cat_id)
134	{
135	$group_ids = array_diff($grant_groups, $granteds[$cat_id]);
136	foreach ($group_ids as $group_id)
137	{
138	array_push(
139	$inserts,
140	array(
141	'group_id' => $group_id,
142	'cat_id' => $cat_id
143	)
144	);
145	}
146	}
147
148	mass_inserts(GROUP_ACCESS_TABLE, array('group_id','cat_id'), $inserts);
149	}
150
151	//
152	// users
153	//
154	$query = '
155	SELECT user_id
156	FROM '.USER_ACCESS_TABLE.'
157	WHERE cat_id = '.$page['cat'].'
158	;';
159	$users_granted = array_from_query($query, 'user_id');
160
161	if (!isset($_POST['users']))
162	{
163	$_POST['users'] = array();
164	}
165
166	//
167	// remove permissions to users
168	//
169	$deny_users = array_diff($users_granted, $_POST['users']);
170	if (count($deny_users) > 0)
171	{
172	// if you forbid access to an album, all sub-album become automatically
173	// forbidden
174	$query = '
175	DELETE
176	FROM '.USER_ACCESS_TABLE.'
177	WHERE user_id IN ('.implode(',', $deny_users).')
178	AND cat_id IN ('.implode(',', get_subcat_ids(array($page['cat']))).')
179	;';
180	pwg_query($query);
181	}
182
183	//
184	// add permissions to users
185	//
186	$grant_users = array_diff($_POST['users'], $users_granted);
187	if (count($grant_users) > 0)
188	{
189	add_permission_on_category($page['cat'], $grant_users);
190	}
191	}
192
193	array_push($page['infos'], l10n('Album updated successfully'));
194	}
195
196	// +-----------------------------------------------------------------------+
197	// \| template initialization \|
198	// +-----------------------------------------------------------------------+
199
200	$template->set_filename('cat_perm', 'cat_perm.tpl');
201
202	$template->assign(
203	array(
204	'CATEGORIES_NAV' =>
205	get_cat_display_name_from_id(
206	$page['cat'],
207	'admin.php?page=album-'
208	),
209	'U_HELP' => get_root_url().'admin/popuphelp.php?page=cat_perm',
210	'F_ACTION' => $admin_album_base_url.'-permissions',
211	'private' => ('private' == $category['status']),
212	)
213	);
214
215	// +-----------------------------------------------------------------------+
216	// \| form construction \|
217	// +-----------------------------------------------------------------------+
218
219	// groups denied are the groups not granted. So we need to find all groups
220	// minus groups granted to find groups denied.
221
222	$groups = array();
223
224	$query = '
225	SELECT id, name
226	FROM '.GROUPS_TABLE.'
227	ORDER BY name ASC
228	;';
229	$groups = simple_hash_from_query($query, 'id', 'name');
230	$template->assign('groups', $groups);
231
232	// groups granted to access the category
233	$query = '
234	SELECT group_id
235	FROM '.GROUP_ACCESS_TABLE.'
236	WHERE cat_id = '.$page['cat'].'
237	;';
238	$group_granted_ids = array_from_query($query, 'group_id');
239	$template->assign('groups_selected', $group_granted_ids);
240
241	// users...
242	$users = array();
243
244	$query = '
245	SELECT '.$conf['user_fields']['id'].' AS id,
246	'.$conf['user_fields']['username'].' AS username
247	FROM '.USERS_TABLE.'
248	;';
249	$users = simple_hash_from_query($query, 'id', 'username');
250	$template->assign('users', $users);
251
252
253	$query = '
254	SELECT user_id
255	FROM '.USER_ACCESS_TABLE.'
256	WHERE cat_id = '.$page['cat'].'
257	;';
258	$user_granted_direct_ids = array_from_query($query, 'user_id');
259	$template->assign('users_selected', $user_granted_direct_ids);
260
261
262	$user_granted_indirect_ids = array();
263	if (count($group_granted_ids) > 0)
264	{
265	$granted_groups = array();
266
267	$query = '
268	SELECT user_id, group_id
269	FROM '.USER_GROUP_TABLE.'
270	WHERE group_id IN ('.implode(',', $group_granted_ids).')
271	';
272	$result = pwg_query($query);
273	while ($row = pwg_db_fetch_assoc($result))
274	{
275	if (!isset($granted_groups[$row['group_id']]))
276	{
277	$granted_groups[$row['group_id']] = array();
278	}
279	array_push($granted_groups[$row['group_id']], $row['user_id']);
280	}
281
282	$user_granted_by_group_ids = array();
283
284	foreach ($granted_groups as $group_users)
285	{
286	$user_granted_by_group_ids = array_merge($user_granted_by_group_ids,
287	$group_users);
288	}
289	$user_granted_by_group_ids = array_unique($user_granted_by_group_ids);
290
291
292	$user_granted_indirect_ids = array_diff($user_granted_by_group_ids,
293	$user_granted_direct_ids);
294	$user_granted_indirect_ids =
295	order_by_name($user_granted_indirect_ids, $users);
296	foreach ($user_granted_indirect_ids as $user_id)
297	{
298	foreach ($granted_groups as $group_id => $group_users)
299	{
300	if (in_array($user_id, $group_users))
301	{
302	$template->append(
303	'user_granted_indirects',
304	array(
305	'USER'=>$users[$user_id],
306	'GROUP'=>$groups[$group_id]
307	)
308	);
309	break;
310	}
311	}
312	}
313	}
314
315	// +-----------------------------------------------------------------------+
316	// \| sending html code \|
317	// +-----------------------------------------------------------------------+
318	$template->assign(array('PWG_TOKEN' => get_pwg_token()));
319
320	$template->assign_var_from_handle('ADMIN_CONTENT', 'cat_perm');
321	?>

Note: See TracBrowser for help on using the browser.

Context Navigation

root/trunk/admin/cat_perm.php @ 13580

Download in other formats: