Context Navigation

source: trunk/admin/user_perm.php @ 1900

Last change on this file since 1900 was 1900, checked in by rub, 17 years ago
Apply property svn:eol-style Value: LF
Property svn:eol-style set to `LF` Property svn:keywords set to `Author Date Id Revision`
File size: 7.3 KB

Line
1	<?php
2	// +-----------------------------------------------------------------------+
3	// \| PhpWebGallery - a PHP based picture gallery \|
4	// \| Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net \|
5	// \| Copyright (C) 2003-2007 PhpWebGallery Team - http://phpwebgallery.net \|
6	// +-----------------------------------------------------------------------+
7	// \| branch : BSF (Best So Far)
8	// \| file : $Id: user_perm.php 1900 2007-03-12 22:33:53Z rub $
9	// \| last update : $Date: 2007-03-12 22:33:53 +0000 (Mon, 12 Mar 2007) $
10	// \| last modifier : $Author: rub $
11	// \| revision : $Revision: 1900 $
12	// +-----------------------------------------------------------------------+
13	// \| This program is free software; you can redistribute it and/or modify \|
14	// \| it under the terms of the GNU General Public License as published by \|
15	// \| the Free Software Foundation \|
16	// \| \|
17	// \| This program is distributed in the hope that it will be useful, but \|
18	// \| WITHOUT ANY WARRANTY; without even the implied warranty of \|
19	// \| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU \|
20	// \| General Public License for more details. \|
21	// \| \|
22	// \| You should have received a copy of the GNU General Public License \|
23	// \| along with this program; if not, write to the Free Software \|
24	// \| Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, \|
25	// \| USA. \|
26	// +-----------------------------------------------------------------------+
27
28	if (!defined('IN_ADMIN'))
29	{
30	die('Hacking attempt!');
31	}
32
33	include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
34
35	// +-----------------------------------------------------------------------+
36	// \| Check Access and exit when user status is not ok \|
37	// +-----------------------------------------------------------------------+
38	check_status(ACCESS_ADMINISTRATOR);
39
40	// +-----------------------------------------------------------------------+
41	// \| variables init \|
42	// +-----------------------------------------------------------------------+
43
44	if (isset($_GET['user_id']) and is_numeric($_GET['user_id']))
45	{
46	$page['user'] = $_GET['user_id'];
47	}
48	else
49	{
50	die('user_id URL parameter is missing');
51	}
52
53	// +-----------------------------------------------------------------------+
54	// \| updates \|
55	// +-----------------------------------------------------------------------+
56
57	if (isset($_POST['falsify'])
58	and isset($_POST['cat_true'])
59	and count($_POST['cat_true']) > 0)
60	{
61	// if you forbid access to a category, all sub-categories become
62	// automatically forbidden
63	$subcats = get_subcat_ids($_POST['cat_true']);
64	$query = '
65	DELETE FROM '.USER_ACCESS_TABLE.'
66	WHERE user_id = '.$page['user'].'
67	AND cat_id IN ('.implode(',', $subcats).')
68	;';
69	pwg_query($query);
70	}
71	else if (isset($_POST['trueify'])
72	and isset($_POST['cat_false'])
73	and count($_POST['cat_false']) > 0)
74	{
75	$uppercats = get_uppercat_ids($_POST['cat_false']);
76	$private_uppercats = array();
77
78	$query = '
79	SELECT id
80	FROM '.CATEGORIES_TABLE.'
81	WHERE id IN ('.implode(',', $uppercats).')
82	AND status = \'private\'
83	;';
84	$result = pwg_query($query);
85	while ($row = mysql_fetch_array($result))
86	{
87	array_push($private_uppercats, $row['id']);
88	}
89
90	// retrying to authorize a category which is already authorized may cause
91	// an error (in SQL statement), so we need to know which categories are
92	// accesible
93	$authorized_ids = array();
94
95	$query = '
96	SELECT cat_id
97	FROM '.USER_ACCESS_TABLE.'
98	WHERE user_id = '.$page['user'].'
99	;';
100	$result = pwg_query($query);
101
102	while ($row = mysql_fetch_array($result))
103	{
104	array_push($authorized_ids, $row['cat_id']);
105	}
106
107	$inserts = array();
108	$to_autorize_ids = array_diff($private_uppercats, $authorized_ids);
109	foreach ($to_autorize_ids as $to_autorize_id)
110	{
111	array_push($inserts, array('user_id' => $page['user'],
112	'cat_id' => $to_autorize_id));
113	}
114
115	mass_inserts(USER_ACCESS_TABLE, array('user_id','cat_id'), $inserts);
116	}
117
118	// +-----------------------------------------------------------------------+
119	// \| template init \|
120	// +-----------------------------------------------------------------------+
121
122	$template->set_filenames(
123	array(
124	'user_perm' => 'admin/user_perm.tpl',
125	'double_select' => 'admin/double_select.tpl'
126	)
127	);
128
129	$template->assign_vars(
130	array(
131	'TITLE' =>
132	sprintf(
133	l10n('Manage permissions for user "%s"'),
134	get_username($page['user']
135	)
136	),
137	'L_CAT_OPTIONS_TRUE'=>$lang['authorized'],
138	'L_CAT_OPTIONS_FALSE'=>$lang['forbidden'],
139
140	'F_ACTION' =>
141	PHPWG_ROOT_PATH.
142	'admin.php?page=user_perm'.
143	'&user_id='.$page['user']
144	)
145	);
146
147
148	// retrieve category ids authorized to the groups the user belongs to
149	$group_authorized = array();
150
151	$query = '
152	SELECT DISTINCT cat_id, c.uppercats, c.global_rank
153	FROM '.USER_GROUP_TABLE.' AS ug
154	INNER JOIN '.GROUP_ACCESS_TABLE.' AS ga
155	ON ug.group_id = ga.group_id
156	INNER JOIN '.CATEGORIES_TABLE.' AS c
157	ON c.id = ga.cat_id
158	WHERE ug.user_id = '.$page['user'].'
159	;';
160	$result = pwg_query($query);
161
162	if (mysql_num_rows($result) > 0)
163	{
164	$template->assign_block_vars('groups', array());
165
166	$cats = array();
167	while ($row = mysql_fetch_array($result))
168	{
169	array_push($cats, $row);
170	array_push($group_authorized, $row['cat_id']);
171	}
172	usort($cats, 'global_rank_compare');
173
174	foreach ($cats as $category)
175	{
176	$template->assign_block_vars(
177	'groups.category',
178	array(
179	'NAME' => get_cat_display_name_cache($category['uppercats'], null, false)
180	)
181	);
182	}
183	}
184
185	// only private categories are listed
186	$query_true = '
187	SELECT id,name,uppercats,global_rank
188	FROM '.CATEGORIES_TABLE.' INNER JOIN '.USER_ACCESS_TABLE.' ON cat_id = id
189	WHERE status = \'private\'
190	AND user_id = '.$page['user'];
191	if (count($group_authorized) > 0)
192	{
193	$query_true.= '
194	AND cat_id NOT IN ('.implode(',', $group_authorized).')';
195	}
196	$query_true.= '
197	;';
198	display_select_cat_wrapper($query_true,array(),'category_option_true');
199
200	$result = pwg_query($query_true);
201	$authorized_ids = array();
202	while ($row = mysql_fetch_array($result))
203	{
204	array_push($authorized_ids, $row['id']);
205	}
206
207	$query_false = '
208	SELECT id,name,uppercats,global_rank
209	FROM '.CATEGORIES_TABLE.'
210	WHERE status = \'private\'';
211	if (count($authorized_ids) > 0)
212	{
213	$query_false.= '
214	AND id NOT IN ('.implode(',', $authorized_ids).')';
215	}
216	if (count($group_authorized) > 0)
217	{
218	$query_false.= '
219	AND id NOT IN ('.implode(',', $group_authorized).')';
220	}
221	$query_false.= '
222	;';
223	display_select_cat_wrapper($query_false,array(),'category_option_false');
224
225	// +-----------------------------------------------------------------------+
226	// \| sending html code \|
227	// +-----------------------------------------------------------------------+
228
229	$template->assign_var_from_handle('DOUBLE_SELECT', 'double_select');
230	$template->assign_var_from_handle('ADMIN_CONTENT', 'user_perm');
231	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: