Ignore:
Timestamp:
Dec 8, 2013, 2:53:40 PM (10 years ago)
Author:
mistic100
Message:

photo owner has access to quick edit and delete !

File:
1 edited

Legend:

Unmodified
Added
Removed

  • extensions/AdminTools/include/events.inc.php

    r25818 r25845  
    88function admintools_add_public_controller()
    99{
    10   global $MultiView, $conf, $template, $page, $user;
    11 
    12   if (!$MultiView->is_admin())
     10  global $MultiView, $conf, $template, $page, $user, $picture;
     11
     12  $url_root = get_root_url();
     13  $tpl_vars = array();
     14
     15  if ($MultiView->is_admin())
     16  { // full options for admin
     17    $tpl_vars['U_SITE_ADMIN'] =     $url_root . 'admin.php?page=';
     18    $tpl_vars['MULTIVIEW'] =        $MultiView->get_data();
     19    $tpl_vars['USER'] =             $MultiView->get_user();
     20    $tpl_vars['CURRENT_USERNAME'] = $user['id']==$conf['guest_id'] ? l10n('guest') : $user['username'];
     21    $tpl_vars['DELETE_CACHE'] =     isset($conf['multiview_invalidate_cache']);
     22
     23    include_once(PHPWG_ROOT_PATH . 'include/functions_mail.inc.php');
     24    switch_lang_to(get_default_language());
     25  }
     26  else if (script_basename() == 'picture' and $picture['current']['added_by'] == $user['id'])
     27  { // only "edit" button for photo owner
     28  }
     29  else
    1330  {
    1431    return;
    1532  }
    1633
    17   $url_root = get_root_url();
    18 
    19   $tpl_vars = array(
    20     'U_SITE_ADMIN' =>     $url_root . 'admin.php?page=',
    21     'MULTIVIEW' =>        $MultiView->get_data(),
    22     'U_SELF' =>           $MultiView->get_clean_url(true),
    23     'USER' =>             $MultiView->get_user(),
    24     'CURRENT_USERNAME' => $user['id']==$conf['guest_id'] ? l10n('guest') : $user['username'],
    25     'PWG_TOKEN' =>        get_pwg_token(),
    26     'DELETE_CACHE' =>     isset($conf['multiview_invalidate_cache']),
    27     );
    28 
    29   // switch_lang is in mail functions file
    30   include_once(PHPWG_ROOT_PATH . 'include/functions_mail.inc.php');
    31 
    32   switch_lang_to(get_default_language());
    33 
    34   // TODO : param to allow owner modification
     34  $tpl_vars['U_SELF'] = $MultiView->get_clean_url(true);
     35
     36  // photo page
    3537  if (script_basename() == 'picture')
    3638  {
    37     global $picture;
    38 
    39     include_once(PHPWG_ROOT_PATH . 'admin/include/functions.php');
    40 
    4139    $url_self = duplicate_picture_url();
    42 
    4340    $tpl_vars['IS_PICTURE'] = true;
    4441
    45     $template->clear_assign(array(
    46       'U_SET_AS_REPRESENTATIVE',
    47       'U_PHOTO_ADMIN',
    48       'U_CADDIE',
    49       ));
    50 
    51     $template->set_prefilter('picture', 'admintools_remove_privacy');
    52 
    53     $query = '
     42    // admin can add to caddie and set representattive
     43    if ($MultiView->is_admin())
     44    {
     45      $template->clear_assign(array(
     46        'U_SET_AS_REPRESENTATIVE',
     47        'U_PHOTO_ADMIN',
     48        'U_CADDIE',
     49        ));
     50
     51      $template->set_prefilter('picture', 'admintools_remove_privacy');
     52
     53      $tpl_vars['U_CADDIE'] = add_url_params(
     54        $url_self,
     55        array('action'=>'add_to_caddie')
     56        );
     57
     58      $query = '
    5459SELECT element_id FROM ' . CADDIE_TABLE . '
    5560  WHERE element_id = ' . $page['image_id'] .'
    5661;';
    57     $tpl_vars['IS_IN_CADDIE'] = pwg_db_num_rows(pwg_query($query)) > 0;
    58 
    59     if (isset($page['category']))
    60     {
    61       $tpl_vars['CATEGORY_ID'] = $page['category']['id'];
    62 
    63       $tpl_vars['U_SET_REPRESENTATIVE'] = add_url_params(
    64         $url_self,
    65         array('action'=>'set_as_representative')
    66         );
    67 
    68       $query = '
     62      $tpl_vars['IS_IN_CADDIE'] = pwg_db_num_rows(pwg_query($query)) > 0;
     63
     64      if (isset($page['category']))
     65      {
     66        $tpl_vars['CATEGORY_ID'] = $page['category']['id'];
     67
     68        $tpl_vars['U_SET_REPRESENTATIVE'] = add_url_params(
     69          $url_self,
     70          array('action'=>'set_as_representative')
     71          );
     72
     73        $query = '
    6974SELECT id FROM ' . CATEGORIES_TABLE.'
    7075  WHERE id = ' . $page['category']['id'] .'
    7176    AND representative_picture_id = ' . $page['image_id'] .'
    7277;';
    73       $tpl_vars['IS_REPRESENTATIVE'] = pwg_db_num_rows(pwg_query($query)) > 0;
    74     }
    75 
    76     $tpl_vars['U_EDIT'] = $url_root . 'admin.php?page=photo-' . $page['image_id']
    77       .(isset($page['category']) ? '&cat_id=' . $page['category']['id'] : '');
    78 
    79     $tpl_vars['U_CADDIE'] = add_url_params(
    80       $url_self,
    81       array('action'=>'add_to_caddie')
     78        $tpl_vars['IS_REPRESENTATIVE'] = pwg_db_num_rows(pwg_query($query)) > 0;
     79      }
     80
     81      $tpl_vars['U_ADMIN_EDIT'] = $url_root . 'admin.php?page=photo-' . $page['image_id']
     82        .(isset($page['category']) ? '&cat_id=' . $page['category']['id'] : '');
     83    }
     84
     85    $tpl_vars['U_DELETE'] = add_url_params(
     86      $url_self, array(
     87        'delete'=>'',
     88        'pwg_token'=>get_pwg_token()
     89        )
    8290      );
    8391
    8492    // gets tags (full available list is loaded in ajax)
     93    include_once(PHPWG_ROOT_PATH . 'admin/include/functions.php');
     94
    8595    $query = '
    8696SELECT id, name
     
    102112      );
    103113  }
    104   else if (@$page['section'] == 'categories' and isset($page['category']))
     114  // album page (admin only)
     115  else if ($MultiView->is_admin() and @$page['section'] == 'categories' and isset($page['category']))
    105116  {
    106117    $url_self = duplicate_index_url();
     
    114125      ));
    115126
    116     $tpl_vars['U_EDIT'] = $url_root . 'admin.php?page=album-' . $page['category']['id'];
     127    $tpl_vars['U_ADMIN_EDIT'] = $url_root . 'admin.php?page=album-' . $page['category']['id'];
    117128
    118129    if (!empty($page['items']))
     
    151162  $template->parse('ato_public_controller');
    152163
    153   switch_lang_back();
     164  if ($MultiView->is_admin())
     165  {
     166    switch_lang_back();
     167  }
    154168}
    155169
     
    170184function admintools_save_picture()
    171185{
    172   global $page, $conf, $MultiView;
    173 
    174   if (!$MultiView->is_admin())
     186  global $page, $conf, $MultiView, $user, $picture;
     187
     188  $query = 'SELECT added_by FROM '. IMAGES_TABLE .' WHERE id = '. $page['image_id'] .';';
     189  list($added_by) = pwg_db_fetch_row(pwg_query($query));
     190
     191  if (!$MultiView->is_admin() && $user['id'] != $added_by)
    175192  {
    176193    return;
     
    205222      'name' =>   $_POST['name'],
    206223      'author' => $_POST['author'],
    207       'level' =>  $_POST['level'],
    208       );
     224      );
     225
     226    if ($MultiView->is_admin())
     227    {
     228      $data['level'] = $_POST['level'];
     229    }
    209230
    210231    if ($conf['allow_html_descriptions'])
     
    249270    return;
    250271  }
    251  
     272
    252273  if (@$_POST['action'] == 'quick_edit')
    253274  {
     
    270291      array('id' => $page['category']['id'])
    271292      );
    272      
     293
    273294    redirect(duplicate_index_url());
    274295  }
Note: See TracChangeset for help on using the changeset viewer.