Context Navigation

source: trunk/admin/cat_perm.php @ 25085

Last change on this file since 25085 was 25018, checked in by mistic100, 11 years ago
remove all array_push (50% slower than []) + some changes missing for feature:2978
Property svn:eol-style set to `LF`
File size: 9.5 KB

Line
1	<?php
2	// +-----------------------------------------------------------------------+
3	// \| Piwigo - a PHP based photo gallery \|
4	// +-----------------------------------------------------------------------+
5	// \| Copyright(C) 2008-2013 Piwigo Team http://piwigo.org \|
6	// \| Copyright(C) 2003-2008 PhpWebGallery Team http://phpwebgallery.net \|
7	// \| Copyright(C) 2002-2003 Pierrick LE GALL http://le-gall.net/pierrick \|
8	// +-----------------------------------------------------------------------+
9	// \| This program is free software; you can redistribute it and/or modify \|
10	// \| it under the terms of the GNU General Public License as published by \|
11	// \| the Free Software Foundation \|
12	// \| \|
13	// \| This program is distributed in the hope that it will be useful, but \|
14	// \| WITHOUT ANY WARRANTY; without even the implied warranty of \|
15	// \| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU \|
16	// \| General Public License for more details. \|
17	// \| \|
18	// \| You should have received a copy of the GNU General Public License \|
19	// \| along with this program; if not, write to the Free Software \|
20	// \| Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, \|
21	// \| USA. \|
22	// +-----------------------------------------------------------------------+
23
24	if (!defined('PHPWG_ROOT_PATH'))
25	{
26	die ("Hacking attempt!");
27	}
28
29	include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
30
31	// +-----------------------------------------------------------------------+
32	// \| Check Access and exit when user status is not ok \|
33	// +-----------------------------------------------------------------------+
34	check_status(ACCESS_ADMINISTRATOR);
35
36	// +-----------------------------------------------------------------------+
37	// \| variable initialization \|
38	// +-----------------------------------------------------------------------+
39
40	$page['cat'] = $category['id'];
41
42	// +-----------------------------------------------------------------------+
43	// \| form submission \|
44	// +-----------------------------------------------------------------------+
45
46	if (!empty($_POST))
47	{
48	check_pwg_token();
49
50	if ($category['status'] != $_POST['status'])
51	{
52	set_cat_status(array($page['cat']), $_POST['status']);
53	$category['status'] = $_POST['status'];
54	}
55
56	if ('private' == $_POST['status'])
57	{
58	//
59	// manage groups
60	//
61	$query = '
62	SELECT group_id
63	FROM '.GROUP_ACCESS_TABLE.'
64	WHERE cat_id = '.$page['cat'].'
65	;';
66	$groups_granted = array_from_query($query, 'group_id');
67
68	if (!isset($_POST['groups']))
69	{
70	$_POST['groups'] = array();
71	}
72
73	//
74	// remove permissions to groups
75	//
76	$deny_groups = array_diff($groups_granted, $_POST['groups']);
77	if (count($deny_groups) > 0)
78	{
79	// if you forbid access to an album, all sub-albums become
80	// automatically forbidden
81	$query = '
82	DELETE
83	FROM '.GROUP_ACCESS_TABLE.'
84	WHERE group_id IN ('.implode(',', $deny_groups).')
85	AND cat_id IN ('.implode(',', get_subcat_ids(array($page['cat']))).')
86	;';
87	pwg_query($query);
88	}
89
90	//
91	// add permissions to groups
92	//
93	$grant_groups = $_POST['groups'];
94	if (count($grant_groups) > 0)
95	{
96	$cat_ids = get_uppercat_ids(array($page['cat']));
97	if (isset($_POST['apply_on_sub']))
98	{
99	$cat_ids = array_merge($cat_ids, get_subcat_ids(array($page['cat'])));
100	}
101
102	$query = '
103	SELECT id
104	FROM '.CATEGORIES_TABLE.'
105	WHERE id IN ('.implode(',', $cat_ids).')
106	AND status = \'private\'
107	;';
108	$private_cats = array_from_query($query, 'id');
109
110	// We must not reinsert already existing lines in group_access table
111	$granteds = array();
112	foreach ($private_cats as $cat_id)
113	{
114	$granteds[$cat_id] = array();
115	}
116
117	$query = '
118	SELECT
119	group_id,
120	cat_id
121	FROM '.GROUP_ACCESS_TABLE.'
122	WHERE cat_id IN ('.implode(',', $private_cats).')
123	AND group_id IN ('.implode(',', $grant_groups).')
124	;';
125	$result = pwg_query($query);
126	while ($row = pwg_db_fetch_assoc($result))
127	{
128	$granteds[ $row['cat_id'] ][] = $row['group_id'];
129	}
130
131	$inserts = array();
132
133	foreach ($private_cats as $cat_id)
134	{
135	$group_ids = array_diff($grant_groups, $granteds[$cat_id]);
136	foreach ($group_ids as $group_id)
137	{
138	$inserts[] = array(
139	'group_id' => $group_id,
140	'cat_id' => $cat_id
141	);
142	}
143	}
144
145	mass_inserts(GROUP_ACCESS_TABLE, array('group_id','cat_id'), $inserts);
146	}
147
148	//
149	// users
150	//
151	$query = '
152	SELECT user_id
153	FROM '.USER_ACCESS_TABLE.'
154	WHERE cat_id = '.$page['cat'].'
155	;';
156	$users_granted = array_from_query($query, 'user_id');
157
158	if (!isset($_POST['users']))
159	{
160	$_POST['users'] = array();
161	}
162
163	//
164	// remove permissions to users
165	//
166	$deny_users = array_diff($users_granted, $_POST['users']);
167	if (count($deny_users) > 0)
168	{
169	// if you forbid access to an album, all sub-album become automatically
170	// forbidden
171	$query = '
172	DELETE
173	FROM '.USER_ACCESS_TABLE.'
174	WHERE user_id IN ('.implode(',', $deny_users).')
175	AND cat_id IN ('.implode(',', get_subcat_ids(array($page['cat']))).')
176	;';
177	pwg_query($query);
178	}
179
180	//
181	// add permissions to users
182	//
183	$grant_users = $_POST['users'];
184	if (count($grant_users) > 0)
185	{
186	add_permission_on_category($page['cat'], $grant_users);
187	}
188	}
189
190	$page['infos'][] = l10n('Album updated successfully');
191	}
192
193	// +-----------------------------------------------------------------------+
194	// \| template initialization \|
195	// +-----------------------------------------------------------------------+
196
197	$template->set_filename('cat_perm', 'cat_perm.tpl');
198
199	$template->assign(
200	array(
201	'CATEGORIES_NAV' =>
202	get_cat_display_name_from_id(
203	$page['cat'],
204	'admin.php?page=album-'
205	),
206	'U_HELP' => get_root_url().'admin/popuphelp.php?page=cat_perm',
207	'F_ACTION' => $admin_album_base_url.'-permissions',
208	'private' => ('private' == $category['status']),
209	)
210	);
211
212	// +-----------------------------------------------------------------------+
213	// \| form construction \|
214	// +-----------------------------------------------------------------------+
215
216	// groups denied are the groups not granted. So we need to find all groups
217	// minus groups granted to find groups denied.
218
219	$groups = array();
220
221	$query = '
222	SELECT id, name
223	FROM '.GROUPS_TABLE.'
224	ORDER BY name ASC
225	;';
226	$groups = simple_hash_from_query($query, 'id', 'name');
227	$template->assign('groups', $groups);
228
229	// groups granted to access the category
230	$query = '
231	SELECT group_id
232	FROM '.GROUP_ACCESS_TABLE.'
233	WHERE cat_id = '.$page['cat'].'
234	;';
235	$group_granted_ids = array_from_query($query, 'group_id');
236	$template->assign('groups_selected', $group_granted_ids);
237
238	// users...
239	$users = array();
240
241	$query = '
242	SELECT '.$conf['user_fields']['id'].' AS id,
243	'.$conf['user_fields']['username'].' AS username
244	FROM '.USERS_TABLE.'
245	;';
246	$users = simple_hash_from_query($query, 'id', 'username');
247	$template->assign('users', $users);
248
249
250	$query = '
251	SELECT user_id
252	FROM '.USER_ACCESS_TABLE.'
253	WHERE cat_id = '.$page['cat'].'
254	;';
255	$user_granted_direct_ids = array_from_query($query, 'user_id');
256	$template->assign('users_selected', $user_granted_direct_ids);
257
258
259	$user_granted_indirect_ids = array();
260	if (count($group_granted_ids) > 0)
261	{
262	$granted_groups = array();
263
264	$query = '
265	SELECT user_id, group_id
266	FROM '.USER_GROUP_TABLE.'
267	WHERE group_id IN ('.implode(',', $group_granted_ids).')
268	';
269	$result = pwg_query($query);
270	while ($row = pwg_db_fetch_assoc($result))
271	{
272	if (!isset($granted_groups[ $row['group_id'] ]))
273	{
274	$granted_groups[ $row['group_id'] ] = array();
275	}
276	$granted_groups[ $row['group_id'] ][] = $row['user_id'];
277	}
278
279	$user_granted_by_group_ids = array();
280
281	foreach ($granted_groups as $group_users)
282	{
283	$user_granted_by_group_ids = array_merge($user_granted_by_group_ids, $group_users);
284	}
285
286	$user_granted_by_group_ids = array_unique($user_granted_by_group_ids);
287
288	$user_granted_indirect_ids = array_diff(
289	$user_granted_by_group_ids,
290	$user_granted_direct_ids
291	);
292
293	$template->assign('nb_users_granted_indirect', count($user_granted_indirect_ids));
294
295	foreach ($granted_groups as $group_id => $group_users)
296	{
297	$group_usernames = array();
298	foreach ($group_users as $user_id)
299	{
300	if (in_array($user_id, $user_granted_indirect_ids))
301	{
302	$group_usernames[] = $users[$user_id];
303	}
304	}
305
306	$template->append(
307	'user_granted_indirect_groups',
308	array(
309	'group_name' => $groups[$group_id],
310	'group_users' => implode(', ', $group_usernames),
311	)
312	);
313	}
314	}
315
316	// +-----------------------------------------------------------------------+
317	// \| sending html code \|
318	// +-----------------------------------------------------------------------+
319	$template->assign(array('PWG_TOKEN' => get_pwg_token(), 'INHERIT' => $conf['inheritance_by_default']));
320
321	$template->assign_var_from_handle('ADMIN_CONTENT', 'cat_perm');
322	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: