Context Navigation

source: trunk/admin/cat_perm.php @ 2297

Last change on this file since 2297 was 2297, checked in by plg, 16 years ago
Modification: new header on PHP files, PhpWebGallery renamed Piwigo.
Property svn:eol-style set to `LF` Property svn:keywords set to `Author Date Id Revision`
File size: 11.7 KB

Line
1	<?php
2	// +-----------------------------------------------------------------------+
3	// \| Piwigo - a PHP based picture gallery \|
4	// +-----------------------------------------------------------------------+
5	// \| Copyright(C) 2008 Piwigo Team http://piwigo.org \|
6	// \| Copyright(C) 2003-2008 PhpWebGallery Team http://phpwebgallery.net \|
7	// \| Copyright(C) 2002-2003 Pierrick LE GALL http://le-gall.net/pierrick \|
8	// +-----------------------------------------------------------------------+
9	// \| This program is free software; you can redistribute it and/or modify \|
10	// \| it under the terms of the GNU General Public License as published by \|
11	// \| the Free Software Foundation \|
12	// \| \|
13	// \| This program is distributed in the hope that it will be useful, but \|
14	// \| WITHOUT ANY WARRANTY; without even the implied warranty of \|
15	// \| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU \|
16	// \| General Public License for more details. \|
17	// \| \|
18	// \| You should have received a copy of the GNU General Public License \|
19	// \| along with this program; if not, write to the Free Software \|
20	// \| Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, \|
21	// \| USA. \|
22	// +-----------------------------------------------------------------------+
23	// +-----------------------------------------------------------------------+
24	// \| PhpWebGallery - a PHP based picture gallery \|
25	// \| Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net \|
26	// \| Copyright (C) 2003-2008 PhpWebGallery Team - http://phpwebgallery.net \|
27	// +-----------------------------------------------------------------------+
28	// \| file : $Id: cat_perm.php 2297 2008-04-04 22:57:23Z plg $
29	// \| last update : $Date: 2008-04-04 22:57:23 +0000 (Fri, 04 Apr 2008) $
30	// \| last modifier : $Author: plg $
31	// \| revision : $Revision: 2297 $
32	// +-----------------------------------------------------------------------+
33	// \| This program is free software; you can redistribute it and/or modify \|
34	// \| it under the terms of the GNU General Public License as published by \|
35	// \| the Free Software Foundation \|
36	// \| \|
37	// \| This program is distributed in the hope that it will be useful, but \|
38	// \| WITHOUT ANY WARRANTY; without even the implied warranty of \|
39	// \| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU \|
40	// \| General Public License for more details. \|
41	// \| \|
42	// \| You should have received a copy of the GNU General Public License \|
43	// \| along with this program; if not, write to the Free Software \|
44	// \| Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, \|
45	// \| USA. \|
46	// +-----------------------------------------------------------------------+
47
48	if (!defined('PHPWG_ROOT_PATH'))
49	{
50	die ("Hacking attempt!");
51	}
52
53	include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
54
55	// +-----------------------------------------------------------------------+
56	// \| Check Access and exit when user status is not ok \|
57	// +-----------------------------------------------------------------------+
58	check_status(ACCESS_ADMINISTRATOR);
59
60	// +-----------------------------------------------------------------------+
61	// \| variable initialization \|
62	// +-----------------------------------------------------------------------+
63
64	// if the category is not correct (not numeric, not private)
65	if (isset($_GET['cat']) and is_numeric($_GET['cat']))
66	{
67	$query = '
68	SELECT status
69	FROM '.CATEGORIES_TABLE.'
70	WHERE id = '.$_GET['cat'].'
71	;';
72	list($status) = mysql_fetch_array(pwg_query($query));
73
74	if ('private' == $status)
75	{
76	$page['cat'] = $_GET['cat'];
77	}
78	}
79
80	if (!isset($page['cat']))
81	{
82	$query = '
83	SELECT id
84	FROM '.CATEGORIES_TABLE.'
85	WHERE status = \'private\'
86	LIMIT 0,1
87	;';
88
89	list($page['cat']) = mysql_fetch_array(pwg_query($query));
90	}
91
92	// +-----------------------------------------------------------------------+
93	// \| form submission \|
94	// +-----------------------------------------------------------------------+
95
96
97	if (isset($_POST['deny_groups_submit'])
98	and isset($_POST['deny_groups'])
99	and count($_POST['deny_groups']) > 0)
100	{
101	// if you forbid access to a category, all sub-categories become
102	// automatically forbidden
103	$query = '
104	DELETE
105	FROM '.GROUP_ACCESS_TABLE.'
106	WHERE group_id IN ('.implode(',', $_POST['deny_groups']).')
107	AND cat_id IN ('.implode(',', get_subcat_ids(array($page['cat']))).')
108	;';
109	pwg_query($query);
110	}
111	else if (isset($_POST['grant_groups_submit'])
112	and isset($_POST['grant_groups'])
113	and count($_POST['grant_groups']) > 0)
114	{
115	$query = '
116	SELECT id
117	FROM '.CATEGORIES_TABLE.'
118	WHERE id IN ('.implode(',', get_uppercat_ids(array($page['cat']))).')
119	AND status = \'private\'
120	;';
121	$private_uppercats = array_from_query($query, 'id');
122
123	// We must not reinsert already existing lines in group_access table
124	$granteds = array();
125	foreach ($private_uppercats as $cat_id)
126	{
127	$granteds[$cat_id] = array();
128	}
129
130	$query = '
131	SELECT group_id, cat_id
132	FROM '.GROUP_ACCESS_TABLE.'
133	WHERE cat_id IN ('.implode(',', $private_uppercats).')
134	AND group_id IN ('.implode(',', $_POST['grant_groups']).')
135	;';
136	$result = pwg_query($query);
137	while ($row = mysql_fetch_array($result))
138	{
139	array_push($granteds[$row['cat_id']], $row['group_id']);
140	}
141
142	$inserts = array();
143
144	foreach ($private_uppercats as $cat_id)
145	{
146	$group_ids = array_diff($_POST['grant_groups'], $granteds[$cat_id]);
147	foreach ($group_ids as $group_id)
148	{
149	array_push($inserts, array('group_id' => $group_id,
150	'cat_id' => $cat_id));
151	}
152	}
153
154	mass_inserts(GROUP_ACCESS_TABLE, array('group_id','cat_id'), $inserts);
155	}
156	else if (isset($_POST['deny_users_submit'])
157	and isset($_POST['deny_users'])
158	and count($_POST['deny_users']) > 0)
159	{
160	// if you forbid access to a category, all sub-categories become
161	// automatically forbidden
162	$query = '
163	DELETE
164	FROM '.USER_ACCESS_TABLE.'
165	WHERE user_id IN ('.implode(',', $_POST['deny_users']).')
166	AND cat_id IN ('.implode(',', get_subcat_ids(array($page['cat']))).')
167	;';
168	pwg_query($query);
169	}
170	else if (isset($_POST['grant_users_submit'])
171	and isset($_POST['grant_users'])
172	and count($_POST['grant_users']) > 0)
173	{
174	$query = '
175	SELECT id
176	FROM '.CATEGORIES_TABLE.'
177	WHERE id IN ('.implode(',', get_uppercat_ids(array($page['cat']))).')
178	AND status = \'private\'
179	;';
180	$private_uppercats = array_from_query($query, 'id');
181
182	// We must not reinsert already existing lines in user_access table
183	$granteds = array();
184	foreach ($private_uppercats as $cat_id)
185	{
186	$granteds[$cat_id] = array();
187	}
188
189	$query = '
190	SELECT user_id, cat_id
191	FROM '.USER_ACCESS_TABLE.'
192	WHERE cat_id IN ('.implode(',', $private_uppercats).')
193	AND user_id IN ('.implode(',', $_POST['grant_users']).')
194	;';
195	$result = pwg_query($query);
196	while ($row = mysql_fetch_array($result))
197	{
198	array_push($granteds[$row['cat_id']], $row['user_id']);
199	}
200
201	$inserts = array();
202
203	foreach ($private_uppercats as $cat_id)
204	{
205	$user_ids = array_diff($_POST['grant_users'], $granteds[$cat_id]);
206	foreach ($user_ids as $user_id)
207	{
208	array_push($inserts, array('user_id' => $user_id,
209	'cat_id' => $cat_id));
210	}
211	}
212
213	mass_inserts(USER_ACCESS_TABLE, array('user_id','cat_id'), $inserts);
214	}
215
216	// +-----------------------------------------------------------------------+
217	// \| template initialization \|
218	// +-----------------------------------------------------------------------+
219
220	$template->set_filename('cat_perm', 'admin/cat_perm.tpl');
221
222	$template->assign(
223	array(
224	'CATEGORIES_NAV' =>
225	get_cat_display_name_from_id(
226	$page['cat'],
227	'admin.php?page=cat_modify&cat_id='
228	),
229	'U_HELP' => get_root_url().'popuphelp.php?page=cat_perm',
230	'F_ACTION' => get_root_url().'admin.php?page=cat_perm&cat='.$page['cat']
231	)
232	);
233
234	// +-----------------------------------------------------------------------+
235	// \| form construction \|
236	// +-----------------------------------------------------------------------+
237
238	// groups denied are the groups not granted. So we need to find all groups
239	// minus groups granted to find groups denied.
240
241	$groups = array();
242
243	$query = '
244	SELECT id, name
245	FROM '.GROUPS_TABLE.'
246	ORDER BY name ASC
247	;';
248	$groups = simple_hash_from_query($query, 'id', 'name');
249	$template->assign('all_groups', $groups);
250
251	// groups granted to access the category
252	$query = '
253	SELECT group_id
254	FROM '.GROUP_ACCESS_TABLE.'
255	WHERE cat_id = '.$page['cat'].'
256	;';
257	$group_granted_ids = array_from_query($query, 'group_id');
258	$template->assign('group_granted_ids', $group_granted_ids);
259
260
261	// groups denied
262	$template->assign('group_denied_ids',
263	array_diff(array_keys($groups), $group_granted_ids)
264	);
265
266	// users...
267	$users = array();
268
269	$query = '
270	SELECT '.$conf['user_fields']['id'].' AS id,
271	'.$conf['user_fields']['username'].' AS username
272	FROM '.USERS_TABLE.'
273	;';
274	$users = simple_hash_from_query($query, 'id', 'username');
275	$template->assign('all_users', $users);
276
277
278	$query = '
279	SELECT user_id
280	FROM '.USER_ACCESS_TABLE.'
281	WHERE cat_id = '.$page['cat'].'
282	;';
283	$user_granted_direct_ids = array_from_query($query, 'user_id');
284
285	$template->assign('user_granted_direct_ids', $user_granted_direct_ids);
286
287
288
289	$user_granted_indirect_ids = array();
290	if (count($group_granted_ids) > 0)
291	{
292	$granted_groups = array();
293
294	$query = '
295	SELECT user_id, group_id
296	FROM '.USER_GROUP_TABLE.'
297	WHERE group_id IN ('.implode(',', $group_granted_ids).')
298	';
299	$result = pwg_query($query);
300	while ($row = mysql_fetch_array($result))
301	{
302	if (!isset($granted_groups[$row['group_id']]))
303	{
304	$granted_groups[$row['group_id']] = array();
305	}
306	array_push($granted_groups[$row['group_id']], $row['user_id']);
307	}
308
309	$user_granted_by_group_ids = array();
310
311	foreach ($granted_groups as $group_users)
312	{
313	$user_granted_by_group_ids = array_merge($user_granted_by_group_ids,
314	$group_users);
315	}
316	$user_granted_by_group_ids = array_unique($user_granted_by_group_ids);
317
318
319	$user_granted_indirect_ids = array_diff($user_granted_by_group_ids,
320	$user_granted_direct_ids);
321
322	foreach ($user_granted_indirect_ids as $user_id)
323	{
324	foreach ($granted_groups as $group_id => $group_users)
325	{
326	if (in_array($user_id, $group_users))
327	{
328	$template->append(
329	'user_granted_indirects',
330	array(
331	'USER'=>$users[$user_id],
332	'GROUP'=>$groups[$group_id]
333	)
334	);
335	break;
336	}
337	}
338	}
339	}
340
341	$user_denied_ids = array_diff(array_keys($users),
342	$user_granted_indirect_ids,
343	$user_granted_direct_ids);
344	$template->assign('user_denied_ids', $user_denied_ids);
345
346
347	// +-----------------------------------------------------------------------+
348	// \| sending html code \|
349	// +-----------------------------------------------------------------------+
350	$template->assign_var_from_handle('ADMIN_CONTENT', 'cat_perm');
351	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: