source: trunk/admin/cat_perm.php @ 25243

Last change on this file since 25243 was 25243, checked in by mistic100, 10 years ago

remove hardly understandable code with usage of INGORE keyword in SQL query
  • Property svn:eol-style set to LF
File size: 8.8 KB
Line 
1<?php
2// +-----------------------------------------------------------------------+
3// | Piwigo - a PHP based photo gallery                                    |
4// +-----------------------------------------------------------------------+
5// | Copyright(C) 2008-2013 Piwigo Team                  http://piwigo.org |
6// | Copyright(C) 2003-2008 PhpWebGallery Team    http://phpwebgallery.net |
7// | Copyright(C) 2002-2003 Pierrick LE GALL   http://le-gall.net/pierrick |
8// +-----------------------------------------------------------------------+
9// | This program is free software; you can redistribute it and/or modify  |
10// | it under the terms of the GNU General Public License as published by  |
11// | the Free Software Foundation                                          |
12// |                                                                       |
13// | This program is distributed in the hope that it will be useful, but   |
14// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
15// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
16// | General Public License for more details.                              |
17// |                                                                       |
18// | You should have received a copy of the GNU General Public License     |
19// | along with this program; if not, write to the Free Software           |
20// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
21// | USA.                                                                  |
22// +-----------------------------------------------------------------------+
23
24if (!defined('PHPWG_ROOT_PATH'))
25{
26  die ("Hacking attempt!");
27}
28
29include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
30
31// +-----------------------------------------------------------------------+
32// | Check Access and exit when user status is not ok                      |
33// +-----------------------------------------------------------------------+
34check_status(ACCESS_ADMINISTRATOR);
35
36// +-----------------------------------------------------------------------+
37// |                       variable initialization                         |
38// +-----------------------------------------------------------------------+
39
40$page['cat'] = $category['id'];
41
42// +-----------------------------------------------------------------------+
43// |                           form submission                             |
44// +-----------------------------------------------------------------------+
45
46if (!empty($_POST))
47{
48  check_pwg_token();
49
50  if ($category['status'] != $_POST['status'])
51  {
52    set_cat_status(array($page['cat']), $_POST['status']);
53    $category['status'] = $_POST['status'];
54  }
55
56  if ('private' == $_POST['status'])
57  {
58    //
59    // manage groups
60    //
61    $query = '
62SELECT group_id
63  FROM '.GROUP_ACCESS_TABLE.'
64  WHERE cat_id = '.$page['cat'].'
65;';
66    $groups_granted = array_from_query($query, 'group_id');
67
68    if (!isset($_POST['groups']))
69    {
70      $_POST['groups'] = array();
71    }
72   
73    //
74    // remove permissions to groups
75    //
76    $deny_groups = array_diff($groups_granted, $_POST['groups']);
77    if (count($deny_groups) > 0)
78    {
79      // if you forbid access to an album, all sub-albums become
80      // automatically forbidden
81      $query = '
82DELETE
83  FROM '.GROUP_ACCESS_TABLE.'
84  WHERE group_id IN ('.implode(',', $deny_groups).')
85    AND cat_id IN ('.implode(',', get_subcat_ids(array($page['cat']))).')
86;';
87      pwg_query($query);
88    }
89
90    //
91    // add permissions to groups
92    //
93    $grant_groups = $_POST['groups'];
94    if (count($grant_groups) > 0)
95    {
96      $cat_ids = get_uppercat_ids(array($page['cat']));
97      if (isset($_POST['apply_on_sub']))
98      {
99        $cat_ids = array_merge($cat_ids, get_subcat_ids(array($page['cat'])));
100      }
101     
102      $inserts = array();
103      foreach ($cat_ids as $cat_id)
104      {
105        foreach ($grant_groups as $group_id)
106        {
107          $inserts[] = array(
108            'group_id' => $group_id,
109            'cat_id' => $cat_id
110            );
111        }
112      }
113     
114      mass_inserts(
115        GROUP_ACCESS_TABLE,
116        array('group_id','cat_id'),
117        $inserts,
118        array('ignore'=>true)
119        );
120    }
121
122    //
123    // users
124    //
125    $query = '
126SELECT user_id
127  FROM '.USER_ACCESS_TABLE.'
128  WHERE cat_id = '.$page['cat'].'
129;';
130    $users_granted = array_from_query($query, 'user_id');
131
132    if (!isset($_POST['users']))
133    {
134      $_POST['users'] = array();
135    }
136   
137    //
138    // remove permissions to users
139    //
140    $deny_users = array_diff($users_granted, $_POST['users']);
141    if (count($deny_users) > 0)
142    {
143      // if you forbid access to an album, all sub-album become automatically
144      // forbidden
145      $query = '
146DELETE
147  FROM '.USER_ACCESS_TABLE.'
148  WHERE user_id IN ('.implode(',', $deny_users).')
149    AND cat_id IN ('.implode(',', get_subcat_ids(array($page['cat']))).')
150;';
151      pwg_query($query);
152    }
153
154    //
155    // add permissions to users
156    //
157    $grant_users = $_POST['users'];
158    if (count($grant_users) > 0)
159    {
160      add_permission_on_category($page['cat'], $grant_users);
161    }
162  }
163
164  $page['infos'][] = l10n('Album updated successfully');
165}
166
167// +-----------------------------------------------------------------------+
168// |                       template initialization                         |
169// +-----------------------------------------------------------------------+
170
171$template->set_filename('cat_perm', 'cat_perm.tpl');
172
173$template->assign(
174  array(
175    'CATEGORIES_NAV' =>
176      get_cat_display_name_from_id(
177        $page['cat'],
178        'admin.php?page=album-'
179        ),
180    'U_HELP' => get_root_url().'admin/popuphelp.php?page=cat_perm',
181    'F_ACTION' => $admin_album_base_url.'-permissions',
182    'private' => ('private' == $category['status']),
183    )
184  );
185
186// +-----------------------------------------------------------------------+
187// |                          form construction                            |
188// +-----------------------------------------------------------------------+
189
190// groups denied are the groups not granted. So we need to find all groups
191// minus groups granted to find groups denied.
192
193$groups = array();
194
195$query = '
196SELECT id, name
197  FROM '.GROUPS_TABLE.'
198  ORDER BY name ASC
199;';
200$groups = simple_hash_from_query($query, 'id', 'name');
201$template->assign('groups', $groups);
202
203// groups granted to access the category
204$query = '
205SELECT group_id
206  FROM '.GROUP_ACCESS_TABLE.'
207  WHERE cat_id = '.$page['cat'].'
208;';
209$group_granted_ids = array_from_query($query, 'group_id');
210$template->assign('groups_selected', $group_granted_ids);
211
212// users...
213$users = array();
214
215$query = '
216SELECT '.$conf['user_fields']['id'].' AS id,
217       '.$conf['user_fields']['username'].' AS username
218  FROM '.USERS_TABLE.'
219;';
220$users = simple_hash_from_query($query, 'id', 'username');
221$template->assign('users', $users);
222
223
224$query = '
225SELECT user_id
226  FROM '.USER_ACCESS_TABLE.'
227  WHERE cat_id = '.$page['cat'].'
228;';
229$user_granted_direct_ids = array_from_query($query, 'user_id');
230$template->assign('users_selected', $user_granted_direct_ids);
231
232
233$user_granted_indirect_ids = array();
234if (count($group_granted_ids) > 0)
235{
236  $granted_groups = array();
237
238  $query = '
239SELECT user_id, group_id
240  FROM '.USER_GROUP_TABLE.'
241  WHERE group_id IN ('.implode(',', $group_granted_ids).')
242';
243  $result = pwg_query($query);
244  while ($row = pwg_db_fetch_assoc($result))
245  {
246    if (!isset($granted_groups[ $row['group_id'] ]))
247    {
248      $granted_groups[ $row['group_id'] ] = array();
249    }
250    $granted_groups[ $row['group_id'] ][] = $row['user_id'];
251  }
252
253  $user_granted_by_group_ids = array();
254 
255  foreach ($granted_groups as $group_users)
256  {
257    $user_granted_by_group_ids = array_merge($user_granted_by_group_ids, $group_users);
258  }
259 
260  $user_granted_by_group_ids = array_unique($user_granted_by_group_ids);
261 
262  $user_granted_indirect_ids = array_diff(
263    $user_granted_by_group_ids,
264    $user_granted_direct_ids
265    );
266
267  $template->assign('nb_users_granted_indirect', count($user_granted_indirect_ids));
268
269  foreach ($granted_groups as $group_id => $group_users)
270  {
271    $group_usernames = array();
272    foreach ($group_users as $user_id)
273    {
274      if (in_array($user_id, $user_granted_indirect_ids))
275      {
276        $group_usernames[] = $users[$user_id];
277      }
278    }
279
280    $template->append(
281      'user_granted_indirect_groups',
282      array(
283        'group_name' => $groups[$group_id],
284        'group_users' => implode(', ', $group_usernames),
285        )
286      );
287  }
288}
289
290// +-----------------------------------------------------------------------+
291// |                           sending html code                           |
292// +-----------------------------------------------------------------------+
293$template->assign(array('PWG_TOKEN' => get_pwg_token(), 'INHERIT' => $conf['inheritance_by_default']));
294
295$template->assign_var_from_handle('ADMIN_CONTENT', 'cat_perm');
296?>
Note: See TracBrowser for help on using the repository browser.