source: trunk/admin/user_perm.php @ 2297

Last change on this file since 2297 was 2297, checked in by plg, 16 years ago

Modification: new header on PHP files, PhpWebGallery renamed Piwigo.
  • Property svn:eol-style set to LF
  • Property svn:keywords set to Author Date Id Revision
File size: 8.7 KB
Line 
1<?php
2// +-----------------------------------------------------------------------+
3// | Piwigo - a PHP based picture gallery                                  |
4// +-----------------------------------------------------------------------+
5// | Copyright(C) 2008      Piwigo Team                  http://piwigo.org |
6// | Copyright(C) 2003-2008 PhpWebGallery Team    http://phpwebgallery.net |
7// | Copyright(C) 2002-2003 Pierrick LE GALL   http://le-gall.net/pierrick |
8// +-----------------------------------------------------------------------+
9// | This program is free software; you can redistribute it and/or modify  |
10// | it under the terms of the GNU General Public License as published by  |
11// | the Free Software Foundation                                          |
12// |                                                                       |
13// | This program is distributed in the hope that it will be useful, but   |
14// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
15// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
16// | General Public License for more details.                              |
17// |                                                                       |
18// | You should have received a copy of the GNU General Public License     |
19// | along with this program; if not, write to the Free Software           |
20// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
21// | USA.                                                                  |
22// +-----------------------------------------------------------------------+
23// +-----------------------------------------------------------------------+
24// | PhpWebGallery - a PHP based picture gallery                           |
25// | Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net |
26// | Copyright (C) 2003-2008 PhpWebGallery Team - http://phpwebgallery.net |
27// +-----------------------------------------------------------------------+
28// | file          : $Id: user_perm.php 2297 2008-04-04 22:57:23Z plg $
29// | last update   : $Date: 2008-04-04 22:57:23 +0000 (Fri, 04 Apr 2008) $
30// | last modifier : $Author: plg $
31// | revision      : $Revision: 2297 $
32// +-----------------------------------------------------------------------+
33// | This program is free software; you can redistribute it and/or modify  |
34// | it under the terms of the GNU General Public License as published by  |
35// | the Free Software Foundation                                          |
36// |                                                                       |
37// | This program is distributed in the hope that it will be useful, but   |
38// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
39// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
40// | General Public License for more details.                              |
41// |                                                                       |
42// | You should have received a copy of the GNU General Public License     |
43// | along with this program; if not, write to the Free Software           |
44// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
45// | USA.                                                                  |
46// +-----------------------------------------------------------------------+
47
48if (!defined('IN_ADMIN'))
49{
50  die('Hacking attempt!');
51}
52
53include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
54
55// +-----------------------------------------------------------------------+
56// | Check Access and exit when user status is not ok                      |
57// +-----------------------------------------------------------------------+
58check_status(ACCESS_ADMINISTRATOR);
59
60// +-----------------------------------------------------------------------+
61// |                            variables init                             |
62// +-----------------------------------------------------------------------+
63
64if (isset($_GET['user_id']) and is_numeric($_GET['user_id']))
65{
66  $page['user'] = $_GET['user_id'];
67}
68else
69{
70  die('user_id URL parameter is missing');
71}
72
73// +-----------------------------------------------------------------------+
74// |                                updates                                |
75// +-----------------------------------------------------------------------+
76
77if (isset($_POST['falsify'])
78    and isset($_POST['cat_true'])
79    and count($_POST['cat_true']) > 0)
80{
81  // if you forbid access to a category, all sub-categories become
82  // automatically forbidden
83  $subcats = get_subcat_ids($_POST['cat_true']);
84  $query = '
85DELETE FROM '.USER_ACCESS_TABLE.'
86  WHERE user_id = '.$page['user'].'
87    AND cat_id IN ('.implode(',', $subcats).')
88;';
89  pwg_query($query);
90}
91else if (isset($_POST['trueify'])
92         and isset($_POST['cat_false'])
93         and count($_POST['cat_false']) > 0)
94{
95  $uppercats = get_uppercat_ids($_POST['cat_false']);
96  $private_uppercats = array();
97
98  $query = '
99SELECT id
100  FROM '.CATEGORIES_TABLE.'
101  WHERE id IN ('.implode(',', $uppercats).')
102    AND status = \'private\'
103;';
104  $result = pwg_query($query);
105  while ($row = mysql_fetch_array($result))
106  {
107    array_push($private_uppercats, $row['id']);
108  }
109
110  // retrying to authorize a category which is already authorized may cause
111  // an error (in SQL statement), so we need to know which categories are
112  // accesible
113  $authorized_ids = array();
114
115  $query = '
116SELECT cat_id
117  FROM '.USER_ACCESS_TABLE.'
118  WHERE user_id = '.$page['user'].'
119;';
120  $result = pwg_query($query);
121
122  while ($row = mysql_fetch_array($result))
123  {
124    array_push($authorized_ids, $row['cat_id']);
125  }
126
127  $inserts = array();
128  $to_autorize_ids = array_diff($private_uppercats, $authorized_ids);
129  foreach ($to_autorize_ids as $to_autorize_id)
130  {
131    array_push($inserts, array('user_id' => $page['user'],
132                               'cat_id' => $to_autorize_id));
133  }
134
135  mass_inserts(USER_ACCESS_TABLE, array('user_id','cat_id'), $inserts);
136}
137
138// +-----------------------------------------------------------------------+
139// |                             template init                             |
140// +-----------------------------------------------------------------------+
141
142$template->set_filenames(
143  array(
144    'user_perm' => 'admin/user_perm.tpl',
145    'double_select' => 'admin/double_select.tpl'
146    )
147  );
148
149$template->assign(
150  array(
151    'TITLE' =>
152      sprintf(
153        l10n('Manage permissions for user "%s"'),
154        get_username($page['user']
155          )
156        ),
157    'L_CAT_OPTIONS_TRUE'=>l10n('authorized'),
158    'L_CAT_OPTIONS_FALSE'=>l10n('forbidden'),
159
160    'F_ACTION' =>
161        PHPWG_ROOT_PATH.
162        'admin.php?page=user_perm'.
163        '&amp;user_id='.$page['user']
164    )
165  );
166
167
168// retrieve category ids authorized to the groups the user belongs to
169$group_authorized = array();
170
171$query = '
172SELECT DISTINCT cat_id, c.uppercats, c.global_rank
173  FROM '.USER_GROUP_TABLE.' AS ug
174    INNER JOIN '.GROUP_ACCESS_TABLE.' AS ga
175      ON ug.group_id = ga.group_id
176    INNER JOIN '.CATEGORIES_TABLE.' AS c
177      ON c.id = ga.cat_id
178  WHERE ug.user_id = '.$page['user'].'
179;';
180$result = pwg_query($query);
181
182if (mysql_num_rows($result) > 0)
183{
184  $cats = array();
185  while ($row = mysql_fetch_array($result))
186  {
187    array_push($cats, $row);
188    array_push($group_authorized, $row['cat_id']);
189  }
190  usort($cats, 'global_rank_compare');
191
192  foreach ($cats as $category)
193  {
194    $template->append(
195      'categories_because_of_groups',
196      get_cat_display_name_cache($category['uppercats'], null, false)
197      );
198  }
199}
200
201// only private categories are listed
202$query_true = '
203SELECT id,name,uppercats,global_rank
204  FROM '.CATEGORIES_TABLE.' INNER JOIN '.USER_ACCESS_TABLE.' ON cat_id = id
205  WHERE status = \'private\'
206    AND user_id = '.$page['user'];
207if (count($group_authorized) > 0)
208{
209  $query_true.= '
210    AND cat_id NOT IN ('.implode(',', $group_authorized).')';
211}
212$query_true.= '
213;';
214display_select_cat_wrapper($query_true,array(),'category_option_true');
215
216$result = pwg_query($query_true);
217$authorized_ids = array();
218while ($row = mysql_fetch_array($result))
219{
220  array_push($authorized_ids, $row['id']);
221}
222
223$query_false = '
224SELECT id,name,uppercats,global_rank
225  FROM '.CATEGORIES_TABLE.'
226  WHERE status = \'private\'';
227if (count($authorized_ids) > 0)
228{
229  $query_false.= '
230    AND id NOT IN ('.implode(',', $authorized_ids).')';
231}
232if (count($group_authorized) > 0)
233{
234  $query_false.= '
235    AND id NOT IN ('.implode(',', $group_authorized).')';
236}
237$query_false.= '
238;';
239display_select_cat_wrapper($query_false,array(),'category_option_false');
240
241// +-----------------------------------------------------------------------+
242// |                           sending html code                           |
243// +-----------------------------------------------------------------------+
244
245$template->assign_var_from_handle('DOUBLE_SELECT', 'double_select');
246$template->assign_var_from_handle('ADMIN_CONTENT', 'user_perm');
247?>
Note: See TracBrowser for help on using the repository browser.