Context Navigation

source: trunk/admin/cat_perm.php @ 1961

Last change on this file since 1961 was 1961, checked in by rub, 17 years ago
Change cat_*.php header
Property svn:eol-style set to `LF` Property svn:keywords set to `Author Date Id Revision`
File size: 10.7 KB

Line
1	<?php
2	// +-----------------------------------------------------------------------+
3	// \| PhpWebGallery - a PHP based picture gallery \|
4	// \| Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net \|
5	// \| Copyright (C) 2003-2007 PhpWebGallery Team - http://phpwebgallery.net \|
6	// +-----------------------------------------------------------------------+
7	// \| file : $Id: cat_perm.php 1961 2007-04-19 06:01:28Z rub $
8	// \| last update : $Date: 2007-04-19 06:01:28 +0000 (Thu, 19 Apr 2007) $
9	// \| last modifier : $Author: rub $
10	// \| revision : $Revision: 1961 $
11	// +-----------------------------------------------------------------------+
12	// \| This program is free software; you can redistribute it and/or modify \|
13	// \| it under the terms of the GNU General Public License as published by \|
14	// \| the Free Software Foundation \|
15	// \| \|
16	// \| This program is distributed in the hope that it will be useful, but \|
17	// \| WITHOUT ANY WARRANTY; without even the implied warranty of \|
18	// \| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU \|
19	// \| General Public License for more details. \|
20	// \| \|
21	// \| You should have received a copy of the GNU General Public License \|
22	// \| along with this program; if not, write to the Free Software \|
23	// \| Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, \|
24	// \| USA. \|
25	// +-----------------------------------------------------------------------+
26
27	if (!defined('PHPWG_ROOT_PATH'))
28	{
29	die ("Hacking attempt!");
30	}
31
32	include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
33
34	// +-----------------------------------------------------------------------+
35	// \| Check Access and exit when user status is not ok \|
36	// +-----------------------------------------------------------------------+
37	check_status(ACCESS_ADMINISTRATOR);
38
39	// +-----------------------------------------------------------------------+
40	// \| variable initialization \|
41	// +-----------------------------------------------------------------------+
42
43	// if the category is not correct (not numeric, not private)
44	if (isset($_GET['cat']) and is_numeric($_GET['cat']))
45	{
46	$query = '
47	SELECT status
48	FROM '.CATEGORIES_TABLE.'
49	WHERE id = '.$_GET['cat'].'
50	;';
51	list($status) = mysql_fetch_array(pwg_query($query));
52
53	if ('private' == $status)
54	{
55	$page['cat'] = $_GET['cat'];
56	}
57	}
58
59	if (!isset($page['cat']))
60	{
61	$query = '
62	SELECT id
63	FROM '.CATEGORIES_TABLE.'
64	WHERE status = \'private\'
65	LIMIT 0,1
66	;';
67
68	list($page['cat']) = mysql_fetch_array(pwg_query($query));
69	}
70
71	// +-----------------------------------------------------------------------+
72	// \| form submission \|
73	// +-----------------------------------------------------------------------+
74
75	if (isset($_POST) and false)
76	{
77	echo '<pre>';
78	print_r($_POST);
79	echo '</pre>';
80	}
81
82	if (isset($_POST['deny_groups_submit'])
83	and isset($_POST['deny_groups'])
84	and count($_POST['deny_groups']) > 0)
85	{
86	// if you forbid access to a category, all sub-categories become
87	// automatically forbidden
88	$query = '
89	DELETE
90	FROM '.GROUP_ACCESS_TABLE.'
91	WHERE group_id IN ('.implode(',', $_POST['deny_groups']).')
92	AND cat_id IN ('.implode(',', get_subcat_ids(array($page['cat']))).')
93	;';
94	pwg_query($query);
95	}
96	else if (isset($_POST['grant_groups_submit'])
97	and isset($_POST['grant_groups'])
98	and count($_POST['grant_groups']) > 0)
99	{
100	$query = '
101	SELECT id
102	FROM '.CATEGORIES_TABLE.'
103	WHERE id IN ('.implode(',', get_uppercat_ids(array($page['cat']))).')
104	AND status = \'private\'
105	;';
106	$private_uppercats = array_from_query($query, 'id');
107
108	// We must not reinsert already existing lines in group_access table
109	$granteds = array();
110	foreach ($private_uppercats as $cat_id)
111	{
112	$granteds[$cat_id] = array();
113	}
114
115	$query = '
116	SELECT group_id, cat_id
117	FROM '.GROUP_ACCESS_TABLE.'
118	WHERE cat_id IN ('.implode(',', $private_uppercats).')
119	AND group_id IN ('.implode(',', $_POST['grant_groups']).')
120	;';
121	$result = pwg_query($query);
122	while ($row = mysql_fetch_array($result))
123	{
124	array_push($granteds[$row['cat_id']], $row['group_id']);
125	}
126
127	$inserts = array();
128
129	foreach ($private_uppercats as $cat_id)
130	{
131	$group_ids = array_diff($_POST['grant_groups'], $granteds[$cat_id]);
132	foreach ($group_ids as $group_id)
133	{
134	array_push($inserts, array('group_id' => $group_id,
135	'cat_id' => $cat_id));
136	}
137	}
138
139	mass_inserts(GROUP_ACCESS_TABLE, array('group_id','cat_id'), $inserts);
140	}
141	else if (isset($_POST['deny_users_submit'])
142	and isset($_POST['deny_users'])
143	and count($_POST['deny_users']) > 0)
144	{
145	// if you forbid access to a category, all sub-categories become
146	// automatically forbidden
147	$query = '
148	DELETE
149	FROM '.USER_ACCESS_TABLE.'
150	WHERE user_id IN ('.implode(',', $_POST['deny_users']).')
151	AND cat_id IN ('.implode(',', get_subcat_ids(array($page['cat']))).')
152	;';
153	pwg_query($query);
154	}
155	else if (isset($_POST['grant_users_submit'])
156	and isset($_POST['grant_users'])
157	and count($_POST['grant_users']) > 0)
158	{
159	$query = '
160	SELECT id
161	FROM '.CATEGORIES_TABLE.'
162	WHERE id IN ('.implode(',', get_uppercat_ids(array($page['cat']))).')
163	AND status = \'private\'
164	;';
165	$private_uppercats = array_from_query($query, 'id');
166
167	// We must not reinsert already existing lines in user_access table
168	$granteds = array();
169	foreach ($private_uppercats as $cat_id)
170	{
171	$granteds[$cat_id] = array();
172	}
173
174	$query = '
175	SELECT user_id, cat_id
176	FROM '.USER_ACCESS_TABLE.'
177	WHERE cat_id IN ('.implode(',', $private_uppercats).')
178	AND user_id IN ('.implode(',', $_POST['grant_users']).')
179	;';
180	$result = pwg_query($query);
181	while ($row = mysql_fetch_array($result))
182	{
183	array_push($granteds[$row['cat_id']], $row['user_id']);
184	}
185
186	$inserts = array();
187
188	foreach ($private_uppercats as $cat_id)
189	{
190	$user_ids = array_diff($_POST['grant_users'], $granteds[$cat_id]);
191	foreach ($user_ids as $user_id)
192	{
193	array_push($inserts, array('user_id' => $user_id,
194	'cat_id' => $cat_id));
195	}
196	}
197
198	mass_inserts(USER_ACCESS_TABLE, array('user_id','cat_id'), $inserts);
199	}
200
201	// +-----------------------------------------------------------------------+
202	// \| template initialization \|
203	// +-----------------------------------------------------------------------+
204
205	$template->set_filenames(array('cat_perm'=>'admin/cat_perm.tpl'));
206
207	$template->assign_vars(
208	array(
209	'CATEGORIES_NAV' =>
210	get_cat_display_name_from_id(
211	$page['cat'],
212	'admin.php?page=cat_modify&cat_id='
213	),
214	'U_HELP' => PHPWG_ROOT_PATH.'popuphelp.php?page=cat_perm',
215	'F_ACTION' => PHPWG_ROOT_PATH.'admin.php?page=cat_perm&cat='.$page['cat']
216	)
217	);
218
219	// +-----------------------------------------------------------------------+
220	// \| form construction \|
221	// +-----------------------------------------------------------------------+
222
223	// groups denied are the groups not granted. So we need to find all groups
224	// minus groups granted to find groups denied.
225
226	$groups = array();
227
228	$query = '
229	SELECT id, name
230	FROM '.GROUPS_TABLE.'
231	ORDER BY name ASC
232	;';
233	$result = pwg_query($query);
234
235	while ($row = mysql_fetch_array($result))
236	{
237	$groups[$row['id']] = $row['name'];
238	}
239
240	$query = '
241	SELECT group_id
242	FROM '.GROUP_ACCESS_TABLE.'
243	WHERE cat_id = '.$page['cat'].'
244	;';
245	$group_granted_ids = array_from_query($query, 'group_id');
246
247	// groups granted to access the category
248	foreach ($group_granted_ids as $group_id)
249	{
250	$template->assign_block_vars(
251	'group_granted',
252	array(
253	'NAME'=>$groups[$group_id],
254	'ID'=>$group_id
255	)
256	);
257	}
258
259	// groups denied
260	foreach (array_diff(array_keys($groups), $group_granted_ids) as $group_id)
261	{
262	$template->assign_block_vars(
263	'group_denied',
264	array(
265	'NAME'=>$groups[$group_id],
266	'ID'=>$group_id
267	)
268	);
269	}
270
271	// users...
272	$users = array();
273
274	$query = '
275	SELECT '.$conf['user_fields']['id'].' AS id,
276	'.$conf['user_fields']['username'].' AS username
277	FROM '.USERS_TABLE.'
278	;';
279	$result = pwg_query($query);
280	while($row = mysql_fetch_array($result))
281	{
282	$users[$row['id']] = $row['username'];
283	}
284
285	$query = '
286	SELECT user_id
287	FROM '.USER_ACCESS_TABLE.'
288	WHERE cat_id = '.$page['cat'].'
289	;';
290	$user_granted_direct_ids = array_from_query($query, 'user_id');
291
292	foreach ($user_granted_direct_ids as $user_id)
293	{
294	$template->assign_block_vars(
295	'user_granted',
296	array(
297	'NAME'=>$users[$user_id],
298	'ID'=>$user_id
299	)
300	);
301	}
302
303	$user_granted_indirect_ids = array();
304	if (count($group_granted_ids) > 0)
305	{
306	$granted_groups = array();
307
308	$query = '
309	SELECT user_id, group_id
310	FROM '.USER_GROUP_TABLE.'
311	WHERE group_id IN ('.implode(',', $group_granted_ids).')
312	';
313	$result = pwg_query($query);
314	while ($row = mysql_fetch_array($result))
315	{
316	if (!isset($granted_groups[$row['group_id']]))
317	{
318	$granted_groups[$row['group_id']] = array();
319	}
320	array_push($granted_groups[$row['group_id']], $row['user_id']);
321	}
322
323	$user_granted_by_group_ids = array();
324
325	foreach ($granted_groups as $group_users)
326	{
327	$user_granted_by_group_ids = array_merge($user_granted_by_group_ids,
328	$group_users);
329	}
330	$user_granted_by_group_ids = array_unique($user_granted_by_group_ids);
331
332
333	$user_granted_indirect_ids = array_diff($user_granted_by_group_ids,
334	$user_granted_direct_ids);
335
336	foreach ($user_granted_indirect_ids as $user_id)
337	{
338	$group = '';
339
340	foreach ($granted_groups as $group_id => $group_users)
341	{
342	if (in_array($user_id, $group_users))
343	{
344	$group = $groups[$group_id];
345	break;
346	}
347	}
348
349	$template->assign_block_vars(
350	'user_granted_indirect',
351	array(
352	'NAME'=>$users[$user_id],
353	'GROUP'=>$group
354	)
355	);
356	}
357	}
358
359	$user_denied_ids = array_diff(array_keys($users),
360	$user_granted_indirect_ids,
361	$user_granted_direct_ids);
362
363	foreach ($user_denied_ids as $user_id)
364	{
365	$template->assign_block_vars(
366	'user_denied',
367	array(
368	'NAME'=>$users[$user_id],
369	'ID'=>$user_id
370	)
371	);
372	}
373
374
375	// +-----------------------------------------------------------------------+
376	// \| sending html code \|
377	// +-----------------------------------------------------------------------+
378	$template->assign_var_from_handle('ADMIN_CONTENT', 'cat_perm');
379	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: