Context Navigation

source: trunk/admin/cat_perm.php @ 1930

Last change on this file since 1930 was 1930, checked in by rub, 17 years ago

Issue 578
User guest must be real user

Step 2: Installation finished, guest must be used on list and group, corrections

Property svn:eol-style set to LF
Property svn:keywords set to Author Date Id Revision

File size: 10.7 KB

Line
1	<?php
2	// +-----------------------------------------------------------------------+
3	// \| PhpWebGallery - a PHP based picture gallery \|
4	// \| Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net \|
5	// \| Copyright (C) 2003-2005 PhpWebGallery Team - http://phpwebgallery.net \|
6	// +-----------------------------------------------------------------------+
7	// \| branch : BSF (Best So Far)
8	// \| file : $RCSfile$
9	// \| last update : $Date: 2007-03-28 22:30:04 +0000 (Wed, 28 Mar 2007) $
10	// \| last modifier : $Author: rub $
11	// \| revision : $Revision: 1930 $
12	// +-----------------------------------------------------------------------+
13	// \| This program is free software; you can redistribute it and/or modify \|
14	// \| it under the terms of the GNU General Public License as published by \|
15	// \| the Free Software Foundation \|
16	// \| \|
17	// \| This program is distributed in the hope that it will be useful, but \|
18	// \| WITHOUT ANY WARRANTY; without even the implied warranty of \|
19	// \| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU \|
20	// \| General Public License for more details. \|
21	// \| \|
22	// \| You should have received a copy of the GNU General Public License \|
23	// \| along with this program; if not, write to the Free Software \|
24	// \| Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, \|
25	// \| USA. \|
26	// +-----------------------------------------------------------------------+
27
28	if (!defined('PHPWG_ROOT_PATH'))
29	{
30	die ("Hacking attempt!");
31	}
32
33	include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
34
35	// +-----------------------------------------------------------------------+
36	// \| Check Access and exit when user status is not ok \|
37	// +-----------------------------------------------------------------------+
38	check_status(ACCESS_ADMINISTRATOR);
39
40	// +-----------------------------------------------------------------------+
41	// \| variable initialization \|
42	// +-----------------------------------------------------------------------+
43
44	// if the category is not correct (not numeric, not private)
45	if (isset($_GET['cat']) and is_numeric($_GET['cat']))
46	{
47	$query = '
48	SELECT status
49	FROM '.CATEGORIES_TABLE.'
50	WHERE id = '.$_GET['cat'].'
51	;';
52	list($status) = mysql_fetch_array(pwg_query($query));
53
54	if ('private' == $status)
55	{
56	$page['cat'] = $_GET['cat'];
57	}
58	}
59
60	if (!isset($page['cat']))
61	{
62	$query = '
63	SELECT id
64	FROM '.CATEGORIES_TABLE.'
65	WHERE status = \'private\'
66	LIMIT 0,1
67	;';
68
69	list($page['cat']) = mysql_fetch_array(pwg_query($query));
70	}
71
72	// +-----------------------------------------------------------------------+
73	// \| form submission \|
74	// +-----------------------------------------------------------------------+
75
76	if (isset($_POST) and false)
77	{
78	echo '<pre>';
79	print_r($_POST);
80	echo '</pre>';
81	}
82
83	if (isset($_POST['deny_groups_submit'])
84	and isset($_POST['deny_groups'])
85	and count($_POST['deny_groups']) > 0)
86	{
87	// if you forbid access to a category, all sub-categories become
88	// automatically forbidden
89	$query = '
90	DELETE
91	FROM '.GROUP_ACCESS_TABLE.'
92	WHERE group_id IN ('.implode(',', $_POST['deny_groups']).')
93	AND cat_id IN ('.implode(',', get_subcat_ids(array($page['cat']))).')
94	;';
95	pwg_query($query);
96	}
97	else if (isset($_POST['grant_groups_submit'])
98	and isset($_POST['grant_groups'])
99	and count($_POST['grant_groups']) > 0)
100	{
101	$query = '
102	SELECT id
103	FROM '.CATEGORIES_TABLE.'
104	WHERE id IN ('.implode(',', get_uppercat_ids(array($page['cat']))).')
105	AND status = \'private\'
106	;';
107	$private_uppercats = array_from_query($query, 'id');
108
109	// We must not reinsert already existing lines in group_access table
110	$granteds = array();
111	foreach ($private_uppercats as $cat_id)
112	{
113	$granteds[$cat_id] = array();
114	}
115
116	$query = '
117	SELECT group_id, cat_id
118	FROM '.GROUP_ACCESS_TABLE.'
119	WHERE cat_id IN ('.implode(',', $private_uppercats).')
120	AND group_id IN ('.implode(',', $_POST['grant_groups']).')
121	;';
122	$result = pwg_query($query);
123	while ($row = mysql_fetch_array($result))
124	{
125	array_push($granteds[$row['cat_id']], $row['group_id']);
126	}
127
128	$inserts = array();
129
130	foreach ($private_uppercats as $cat_id)
131	{
132	$group_ids = array_diff($_POST['grant_groups'], $granteds[$cat_id]);
133	foreach ($group_ids as $group_id)
134	{
135	array_push($inserts, array('group_id' => $group_id,
136	'cat_id' => $cat_id));
137	}
138	}
139
140	mass_inserts(GROUP_ACCESS_TABLE, array('group_id','cat_id'), $inserts);
141	}
142	else if (isset($_POST['deny_users_submit'])
143	and isset($_POST['deny_users'])
144	and count($_POST['deny_users']) > 0)
145	{
146	// if you forbid access to a category, all sub-categories become
147	// automatically forbidden
148	$query = '
149	DELETE
150	FROM '.USER_ACCESS_TABLE.'
151	WHERE user_id IN ('.implode(',', $_POST['deny_users']).')
152	AND cat_id IN ('.implode(',', get_subcat_ids(array($page['cat']))).')
153	;';
154	pwg_query($query);
155	}
156	else if (isset($_POST['grant_users_submit'])
157	and isset($_POST['grant_users'])
158	and count($_POST['grant_users']) > 0)
159	{
160	$query = '
161	SELECT id
162	FROM '.CATEGORIES_TABLE.'
163	WHERE id IN ('.implode(',', get_uppercat_ids(array($page['cat']))).')
164	AND status = \'private\'
165	;';
166	$private_uppercats = array_from_query($query, 'id');
167
168	// We must not reinsert already existing lines in user_access table
169	$granteds = array();
170	foreach ($private_uppercats as $cat_id)
171	{
172	$granteds[$cat_id] = array();
173	}
174
175	$query = '
176	SELECT user_id, cat_id
177	FROM '.USER_ACCESS_TABLE.'
178	WHERE cat_id IN ('.implode(',', $private_uppercats).')
179	AND user_id IN ('.implode(',', $_POST['grant_users']).')
180	;';
181	$result = pwg_query($query);
182	while ($row = mysql_fetch_array($result))
183	{
184	array_push($granteds[$row['cat_id']], $row['user_id']);
185	}
186
187	$inserts = array();
188
189	foreach ($private_uppercats as $cat_id)
190	{
191	$user_ids = array_diff($_POST['grant_users'], $granteds[$cat_id]);
192	foreach ($user_ids as $user_id)
193	{
194	array_push($inserts, array('user_id' => $user_id,
195	'cat_id' => $cat_id));
196	}
197	}
198
199	mass_inserts(USER_ACCESS_TABLE, array('user_id','cat_id'), $inserts);
200	}
201
202	// +-----------------------------------------------------------------------+
203	// \| template initialization \|
204	// +-----------------------------------------------------------------------+
205
206	$template->set_filenames(array('cat_perm'=>'admin/cat_perm.tpl'));
207
208	$template->assign_vars(
209	array(
210	'CATEGORIES_NAV' =>
211	get_cat_display_name_from_id(
212	$page['cat'],
213	'admin.php?page=cat_modify&cat_id='
214	),
215	'U_HELP' => PHPWG_ROOT_PATH.'popuphelp.php?page=cat_perm',
216	'F_ACTION' => PHPWG_ROOT_PATH.'admin.php?page=cat_perm&cat='.$page['cat']
217	)
218	);
219
220	// +-----------------------------------------------------------------------+
221	// \| form construction \|
222	// +-----------------------------------------------------------------------+
223
224	// groups denied are the groups not granted. So we need to find all groups
225	// minus groups granted to find groups denied.
226
227	$groups = array();
228
229	$query = '
230	SELECT id, name
231	FROM '.GROUPS_TABLE.'
232	;';
233	$result = pwg_query($query);
234
235	while ($row = mysql_fetch_array($result))
236	{
237	$groups[$row['id']] = $row['name'];
238	}
239
240	$query = '
241	SELECT group_id
242	FROM '.GROUP_ACCESS_TABLE.'
243	WHERE cat_id = '.$page['cat'].'
244	;';
245	$group_granted_ids = array_from_query($query, 'group_id');
246
247	// groups granted to access the category
248	foreach ($group_granted_ids as $group_id)
249	{
250	$template->assign_block_vars(
251	'group_granted',
252	array(
253	'NAME'=>$groups[$group_id],
254	'ID'=>$group_id
255	)
256	);
257	}
258
259	// groups denied
260	foreach (array_diff(array_keys($groups), $group_granted_ids) as $group_id)
261	{
262	$template->assign_block_vars(
263	'group_denied',
264	array(
265	'NAME'=>$groups[$group_id],
266	'ID'=>$group_id
267	)
268	);
269	}
270
271	// users...
272	$users = array();
273
274	$query = '
275	SELECT '.$conf['user_fields']['id'].' AS id,
276	'.$conf['user_fields']['username'].' AS username
277	FROM '.USERS_TABLE.'
278	;';
279	$result = pwg_query($query);
280	while($row = mysql_fetch_array($result))
281	{
282	$users[$row['id']] = $row['username'];
283	}
284
285	$query = '
286	SELECT user_id
287	FROM '.USER_ACCESS_TABLE.'
288	WHERE cat_id = '.$page['cat'].'
289	;';
290	$user_granted_direct_ids = array_from_query($query, 'user_id');
291
292	foreach ($user_granted_direct_ids as $user_id)
293	{
294	$template->assign_block_vars(
295	'user_granted',
296	array(
297	'NAME'=>$users[$user_id],
298	'ID'=>$user_id
299	)
300	);
301	}
302
303	$user_granted_indirect_ids = array();
304	if (count($group_granted_ids) > 0)
305	{
306	$granted_groups = array();
307
308	$query = '
309	SELECT user_id, group_id
310	FROM '.USER_GROUP_TABLE.'
311	WHERE group_id IN ('.implode(',', $group_granted_ids).')
312	';
313	$result = pwg_query($query);
314	while ($row = mysql_fetch_array($result))
315	{
316	if (!isset($granted_groups[$row['group_id']]))
317	{
318	$granted_groups[$row['group_id']] = array();
319	}
320	array_push($granted_groups[$row['group_id']], $row['user_id']);
321	}
322
323	$user_granted_by_group_ids = array();
324
325	foreach ($granted_groups as $group_users)
326	{
327	$user_granted_by_group_ids = array_merge($user_granted_by_group_ids,
328	$group_users);
329	}
330	$user_granted_by_group_ids = array_unique($user_granted_by_group_ids);
331
332
333	$user_granted_indirect_ids = array_diff($user_granted_by_group_ids,
334	$user_granted_direct_ids);
335
336	foreach ($user_granted_indirect_ids as $user_id)
337	{
338	$group = '';
339
340	foreach ($granted_groups as $group_id => $group_users)
341	{
342	if (in_array($user_id, $group_users))
343	{
344	$group = $groups[$group_id];
345	break;
346	}
347	}
348
349	$template->assign_block_vars(
350	'user_granted_indirect',
351	array(
352	'NAME'=>$users[$user_id],
353	'GROUP'=>$group
354	)
355	);
356	}
357	}
358
359	$user_denied_ids = array_diff(array_keys($users),
360	$user_granted_indirect_ids,
361	$user_granted_direct_ids);
362
363	foreach ($user_denied_ids as $user_id)
364	{
365	$template->assign_block_vars(
366	'user_denied',
367	array(
368	'NAME'=>$users[$user_id],
369	'ID'=>$user_id
370	)
371	);
372	}
373
374
375	// +-----------------------------------------------------------------------+
376	// \| sending html code \|
377	// +-----------------------------------------------------------------------+
378	$template->assign_var_from_handle('ADMIN_CONTENT', 'cat_perm');
379	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: