Ignore:
Timestamp:
Dec 20, 2004, 1:30:36 PM (19 years ago)
Author:
plg
Message:
  • new table user_forbidden {user_id,need_update,forbidden_categories} and deletion of field users.forbidden_categories
  • new function calculate_permissions to update table user_forbidden when needed
  • simplification of include/user.inc.php
  • in footer of each page, use "-" instead of "::" to separate page information
File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/include/functions_user.inc.php

    r647 r648  
    277277  }
    278278}
     279
     280/**
     281 * update table user_forbidden for the given user
     282 *
     283 * table user_forbidden contains calculated data. Calculation is based on
     284 * private categories minus categories authorized to the groups the user
     285 * belongs to minus the categories directly authorized to the user
     286 *
     287 * @param int user_id
     288 * @return string forbidden_categories
     289 */
     290function calculate_permissions($user_id)
     291{
     292  $private_array = array();
     293  $authorized_array = array();
     294
     295  $query = '
     296SELECT id
     297  FROM '.CATEGORIES_TABLE.'
     298  WHERE status = \'private\'
     299;';
     300  $result = pwg_query($query);
     301  while ($row = mysql_fetch_array($result))
     302  {
     303    array_push($private_array, $row['id']);
     304  }
     305 
     306  // retrieve category ids directly authorized to the user
     307  $query = '
     308SELECT cat_id
     309  FROM '.USER_ACCESS_TABLE.'
     310  WHERE user_id = '.$user_id.'
     311;';
     312  $result = pwg_query($query);
     313  while ($row = mysql_fetch_array($result))
     314  {
     315    array_push($authorized_array, $row['cat_id']);
     316  }
     317
     318  // retrieve category ids authorized to the groups the user belongs to
     319  $query = '
     320SELECT cat_id
     321  FROM '.USER_GROUP_TABLE.' AS ug INNER JOIN '.GROUP_ACCESS_TABLE.' AS ga
     322    ON ug.group_id = ga.group_id
     323  WHERE ug.user_id = '.$user_id.'
     324;';
     325  $result = pwg_query($query);
     326  while ($row = mysql_fetch_array($result))
     327  {
     328    array_push($authorized_array, $row['cat_id']);
     329  }
     330
     331  // uniquify ids : some private categories might be authorized for the
     332  // groups and for the user
     333  $authorized_array = array_unique($authorized_array);
     334
     335  // only unauthorized private categories are forbidden
     336  $forbidden_array = array_diff($private_array, $authorized_array);
     337
     338  $query = '
     339DELETE FROM '.USER_FORBIDDEN_TABLE.'
     340  WHERE user_id = '.$user_id.'
     341;';
     342  pwg_query($query);
     343
     344  $forbidden_categories = implode(',', $forbidden_array);
     345 
     346  $query = '
     347INSERT INTO '.USER_FORBIDDEN_TABLE.'
     348  (user_id,need_update,forbidden_categories)
     349  VALUES
     350  ('.$user_id.',\'false\',\''.$forbidden_categories.'\')
     351;';
     352  pwg_query($query);
     353 
     354  return $forbidden_categories;
     355}
    279356?>
Note: See TracChangeset for help on using the changeset viewer.