Context Navigation

source: trunk/admin/user_perm.php @ 2225

Last change on this file since 2225 was 2225, checked in by rvelices, 16 years ago
2 templates migrated
Property svn:eol-style set to `LF` Property svn:keywords set to `Author Date Id Revision`
File size: 7.1 KB

Line
1	<?php
2	// +-----------------------------------------------------------------------+
3	// \| PhpWebGallery - a PHP based picture gallery \|
4	// \| Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net \|
5	// \| Copyright (C) 2003-2008 PhpWebGallery Team - http://phpwebgallery.net \|
6	// +-----------------------------------------------------------------------+
7	// \| file : $Id: user_perm.php 2225 2008-02-28 12:07:00Z rvelices $
8	// \| last update : $Date: 2008-02-28 12:07:00 +0000 (Thu, 28 Feb 2008) $
9	// \| last modifier : $Author: rvelices $
10	// \| revision : $Revision: 2225 $
11	// +-----------------------------------------------------------------------+
12	// \| This program is free software; you can redistribute it and/or modify \|
13	// \| it under the terms of the GNU General Public License as published by \|
14	// \| the Free Software Foundation \|
15	// \| \|
16	// \| This program is distributed in the hope that it will be useful, but \|
17	// \| WITHOUT ANY WARRANTY; without even the implied warranty of \|
18	// \| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU \|
19	// \| General Public License for more details. \|
20	// \| \|
21	// \| You should have received a copy of the GNU General Public License \|
22	// \| along with this program; if not, write to the Free Software \|
23	// \| Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, \|
24	// \| USA. \|
25	// +-----------------------------------------------------------------------+
26
27	if (!defined('IN_ADMIN'))
28	{
29	die('Hacking attempt!');
30	}
31
32	include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
33
34	// +-----------------------------------------------------------------------+
35	// \| Check Access and exit when user status is not ok \|
36	// +-----------------------------------------------------------------------+
37	check_status(ACCESS_ADMINISTRATOR);
38
39	// +-----------------------------------------------------------------------+
40	// \| variables init \|
41	// +-----------------------------------------------------------------------+
42
43	if (isset($_GET['user_id']) and is_numeric($_GET['user_id']))
44	{
45	$page['user'] = $_GET['user_id'];
46	}
47	else
48	{
49	die('user_id URL parameter is missing');
50	}
51
52	// +-----------------------------------------------------------------------+
53	// \| updates \|
54	// +-----------------------------------------------------------------------+
55
56	if (isset($_POST['falsify'])
57	and isset($_POST['cat_true'])
58	and count($_POST['cat_true']) > 0)
59	{
60	// if you forbid access to a category, all sub-categories become
61	// automatically forbidden
62	$subcats = get_subcat_ids($_POST['cat_true']);
63	$query = '
64	DELETE FROM '.USER_ACCESS_TABLE.'
65	WHERE user_id = '.$page['user'].'
66	AND cat_id IN ('.implode(',', $subcats).')
67	;';
68	pwg_query($query);
69	}
70	else if (isset($_POST['trueify'])
71	and isset($_POST['cat_false'])
72	and count($_POST['cat_false']) > 0)
73	{
74	$uppercats = get_uppercat_ids($_POST['cat_false']);
75	$private_uppercats = array();
76
77	$query = '
78	SELECT id
79	FROM '.CATEGORIES_TABLE.'
80	WHERE id IN ('.implode(',', $uppercats).')
81	AND status = \'private\'
82	;';
83	$result = pwg_query($query);
84	while ($row = mysql_fetch_array($result))
85	{
86	array_push($private_uppercats, $row['id']);
87	}
88
89	// retrying to authorize a category which is already authorized may cause
90	// an error (in SQL statement), so we need to know which categories are
91	// accesible
92	$authorized_ids = array();
93
94	$query = '
95	SELECT cat_id
96	FROM '.USER_ACCESS_TABLE.'
97	WHERE user_id = '.$page['user'].'
98	;';
99	$result = pwg_query($query);
100
101	while ($row = mysql_fetch_array($result))
102	{
103	array_push($authorized_ids, $row['cat_id']);
104	}
105
106	$inserts = array();
107	$to_autorize_ids = array_diff($private_uppercats, $authorized_ids);
108	foreach ($to_autorize_ids as $to_autorize_id)
109	{
110	array_push($inserts, array('user_id' => $page['user'],
111	'cat_id' => $to_autorize_id));
112	}
113
114	mass_inserts(USER_ACCESS_TABLE, array('user_id','cat_id'), $inserts);
115	}
116
117	// +-----------------------------------------------------------------------+
118	// \| template init \|
119	// +-----------------------------------------------------------------------+
120
121	$template->set_filenames(
122	array(
123	'user_perm' => 'admin/user_perm.tpl',
124	'double_select' => 'admin/double_select.tpl'
125	)
126	);
127
128	$template->assign(
129	array(
130	'TITLE' =>
131	sprintf(
132	l10n('Manage permissions for user "%s"'),
133	get_username($page['user']
134	)
135	),
136	'L_CAT_OPTIONS_TRUE'=>l10n('authorized'),
137	'L_CAT_OPTIONS_FALSE'=>l10n('forbidden'),
138
139	'F_ACTION' =>
140	PHPWG_ROOT_PATH.
141	'admin.php?page=user_perm'.
142	'&user_id='.$page['user']
143	)
144	);
145
146
147	// retrieve category ids authorized to the groups the user belongs to
148	$group_authorized = array();
149
150	$query = '
151	SELECT DISTINCT cat_id, c.uppercats, c.global_rank
152	FROM '.USER_GROUP_TABLE.' AS ug
153	INNER JOIN '.GROUP_ACCESS_TABLE.' AS ga
154	ON ug.group_id = ga.group_id
155	INNER JOIN '.CATEGORIES_TABLE.' AS c
156	ON c.id = ga.cat_id
157	WHERE ug.user_id = '.$page['user'].'
158	;';
159	$result = pwg_query($query);
160
161	if (mysql_num_rows($result) > 0)
162	{
163	$cats = array();
164	while ($row = mysql_fetch_array($result))
165	{
166	array_push($cats, $row);
167	array_push($group_authorized, $row['cat_id']);
168	}
169	usort($cats, 'global_rank_compare');
170
171	foreach ($cats as $category)
172	{
173	$template->append(
174	'categories_because_of_groups',
175	get_cat_display_name_cache($category['uppercats'], null, false)
176	);
177	}
178	}
179
180	// only private categories are listed
181	$query_true = '
182	SELECT id,name,uppercats,global_rank
183	FROM '.CATEGORIES_TABLE.' INNER JOIN '.USER_ACCESS_TABLE.' ON cat_id = id
184	WHERE status = \'private\'
185	AND user_id = '.$page['user'];
186	if (count($group_authorized) > 0)
187	{
188	$query_true.= '
189	AND cat_id NOT IN ('.implode(',', $group_authorized).')';
190	}
191	$query_true.= '
192	;';
193	display_select_cat_wrapper($query_true,array(),'category_option_true');
194
195	$result = pwg_query($query_true);
196	$authorized_ids = array();
197	while ($row = mysql_fetch_array($result))
198	{
199	array_push($authorized_ids, $row['id']);
200	}
201
202	$query_false = '
203	SELECT id,name,uppercats,global_rank
204	FROM '.CATEGORIES_TABLE.'
205	WHERE status = \'private\'';
206	if (count($authorized_ids) > 0)
207	{
208	$query_false.= '
209	AND id NOT IN ('.implode(',', $authorized_ids).')';
210	}
211	if (count($group_authorized) > 0)
212	{
213	$query_false.= '
214	AND id NOT IN ('.implode(',', $group_authorized).')';
215	}
216	$query_false.= '
217	;';
218	display_select_cat_wrapper($query_false,array(),'category_option_false');
219
220	// +-----------------------------------------------------------------------+
221	// \| sending html code \|
222	// +-----------------------------------------------------------------------+
223
224	$template->assign_var_from_handle('DOUBLE_SELECT', 'double_select');
225	$template->assign_var_from_handle('ADMIN_CONTENT', 'user_perm');
226	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: