Changeset 657 for trunk/admin/user_perm.php

Timestamp:

Dec 25, 2004, 8:33:36 PM (19 years ago)

Author:

plg

Message:

• user permissions ask update at each admin page generation. Table user_forbidden must be updated only if current user is not in administrative section

• bug fixed : category.php, error on page title when non category selected

• admin/search : bug on variable $PHP_SELF, replaced by $_SERVERPHP_SELF

• admin/user_perm : inheritence management. When a category become authorized, all parent categories become authorized, when a category become forbidden, all child category become forbidden

• no more recursivity in delete_categories function

• new function get_fs_directories for future new method of synchronization

• new function get_uppercat_ids replacing several pieces of code doing the same

• new function get_fulldirs used for metadata function get_filelist and future new method of synchronization

• new function get_fs for future new method of synchronization

• typo correction on lang item "about_message"

• no link to category privacy status management on user permission anymore (giving the menu item instead)

File:

• trunk/admin/user_perm.php (modified) (3 diffs)

trunk/admin/user_perm.php

@@ -26 +26 @@
 // +-----------------------------------------------------------------------+
 
-if( !defined("IN_ADMIN") )
+if (!defined('IN_ADMIN'))
 {
-  die ("Hacking attempt!");
+  die('Hacking attempt!');
 }
-include_once( PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php' );
+include_once(PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php');
 
 $userdata = array();
-if ( isset( $_POST['submituser'] ) )
+if (isset($_POST['submituser']))
 {
   $userdata = getuserdata($_POST['username']);
 }
-elseif (isset($_POST['falsify']) || isset($_POST['trueify']))
+else if (isset($_POST['falsify'])
+         and isset($_POST['cat_true'])
+         and count($_POST['cat_true']) > 0)
 {
   $userdata = getuserdata(intval($_POST['userid']));
-  // cleaning the user_access table for this user
-  if (isset($_POST['cat_true']) && count($_POST['cat_true']) > 0)
+  // if you forbid access to a category, all sub-categories become
+  // automatically forbidden
+  $subcats = get_subcat_ids($_POST['cat_true']);
+  $query = '
+DELETE FROM '.USER_ACCESS_TABLE.'
+  WHERE user_id = '.$userdata['id'].'
+    AND cat_id IN ('.implode(',', $subcats).')
+;';
+  pwg_query($query);
+}
+else if (isset($_POST['trueify'])
+         and isset($_POST['cat_false'])
+         and count($_POST['cat_false']) > 0)
+{
+  $userdata = getuserdata(intval($_POST['userid']));
+    
+  $uppercats = get_uppercat_ids($_POST['cat_false']);
+  $private_uppercats = array();
+
+  $query = '
+SELECT id
+  FROM '.CATEGORIES_TABLE.'
+  WHERE id IN ('.implode(',', $uppercats).')
+    AND status = \'private\'
+;';
+  $result = pwg_query($query);
+  while ($row = mysql_fetch_array($result))
   {
-    foreach ($_POST['cat_true'] as $auth_cat)
-        {
-          $query = 'DELETE FROM '.USER_ACCESS_TABLE;
-      $query.= ' WHERE user_id = '.$userdata['id'];
-      $query.= ' AND cat_id='.$auth_cat.';';
-      pwg_query ( $query );
-        }
+    array_push($private_uppercats, $row['id']);
+  }
+
+  // retrying to authorize a category which is already authorized may cause
+  // an error (in SQL statement), so we need to know which categories are
+  // accesible
+  $authorized_ids = array();
+    
+  $query = '
+SELECT cat_id
+  FROM '.USER_ACCESS_TABLE.'
+  WHERE user_id = '.$userdata['id'].'
+;';
+  $result = pwg_query($query);
+  
+  while ($row = mysql_fetch_array($result))
+  {
+    array_push($authorized_ids, $row['cat_id']);
   }
   
-  if (isset($_POST['cat_false']) && count($_POST['cat_false']) > 0)
+  $inserts = array();
+  $to_autorize_ids = array_diff($private_uppercats, $authorized_ids);
+  foreach ($to_autorize_ids as $to_autorize_id)
   {
-    foreach ($_POST['cat_false'] as $auth_cat)
-        {
-          $query = 'INSERT INTO '.USER_ACCESS_TABLE;
-      $query.= ' (user_id,cat_id) VALUES';
-      $query.= ' ('.$userdata['id'].','.$auth_cat.')';
-      $query.= ';';
-      pwg_query ( $query );
-        }
+    array_push($inserts, array('user_id' => $userdata['id'],
+                               'cat_id' => $to_autorize_id));
   }
+
+  mass_inserts(USER_ACCESS_TABLE, array('user_id','cat_id'), $inserts);
 }
+//----------------------------------------------------- template initialization
+if (empty($userdata))
+{
+  $template->set_filenames(array('user' => 'admin/user_perm.tpl'));
 
-//----------------------------------------------------- template initialization
-
-if ( empty($userdata))
-{
-  $template->set_filenames( array('user'=>'admin/user_perm.tpl') );
+  $base_url = PHPWG_ROOT_PATH.'admin.php?page=';
+  
   $template->assign_vars(array(
     'L_SELECT_USERNAME'=>$lang['Select_username'],
@@ -77 +114 @@
     'L_SUBMIT'=>$lang['submit'],
 
-    'F_SEARCH_USER_ACTION' => add_session_id(PHPWG_ROOT_PATH.'admin.php?page=user_perm'),
+    'F_SEARCH_USER_ACTION' => add_session_id($base_url.'user_perm'),
     'U_SEARCH_USER' => add_session_id(PHPWG_ROOT_PATH.'admin/search.php')
     ));
@@ -83 +120 @@
 else
 {
-  $cat_url = '<a href="'.add_session_id(PHPWG_ROOT_PATH.'admin.php?page=cat_options&section=status');
-  $cat_url .= '">'.$lang['permuser_info_link'].'</a>';
-  $template->set_filenames( array('user'=>'admin/cat_options.tpl') );
-  $template->assign_vars(array(
-    'L_RESET'=>$lang['reset'],
-    'L_CAT_OPTIONS_TRUE'=>$lang['authorized'],
-    'L_CAT_OPTIONS_FALSE'=>$lang['forbidden'],
-    'L_CAT_OPTIONS_INFO'=>$lang['permuser_info'].'&nbsp;'.$cat_url,
-        
-        'HIDDEN_NAME'=> 'userid',
-        'HIDDEN_VALUE'=>$userdata['id'],
-    'F_ACTION' => add_session_id(PHPWG_ROOT_PATH.'admin.php?page=user_perm'),
-    ));
-
+  $template->set_filenames(array('user'=>'admin/cat_options.tpl'));
+  $template->assign_vars(
+    array(
+      'L_RESET'=>$lang['reset'],
+      'L_CAT_OPTIONS_TRUE'=>$lang['authorized'],
+      'L_CAT_OPTIONS_FALSE'=>$lang['forbidden'],
+      'L_CAT_OPTIONS_INFO'=>$lang['permuser_info'],
+      
+      'HIDDEN_NAME'=> 'userid',
+      'HIDDEN_VALUE'=>$userdata['id'],
+      'F_ACTION' => add_session_id(PHPWG_ROOT_PATH.'admin.php?page=user_perm'),
+      ));
 
   // only private categories are listed
-  $query_true = 'SELECT id,name,uppercats,global_rank FROM '.CATEGORIES_TABLE;
-  $query_true.= ' LEFT JOIN '.USER_ACCESS_TABLE.' as u';
-  $query_true.= ' ON u.cat_id=id';
-  $query_true.= ' WHERE status = \'private\' AND u.user_id='.$userdata['id'].';';
+  $query_true = '
+SELECT id,name,uppercats,global_rank
+  FROM '.CATEGORIES_TABLE.' INNER JOIN '.USER_ACCESS_TABLE.' ON cat_id = id
+  WHERE status = \'private\'
+    AND user_id = '.$userdata['id'].'
+;';
+  display_select_cat_wrapper($query_true,array(),'category_option_true');
+  
   $result = pwg_query($query_true);
-  $categorie_true = array();
-  while (!empty($result) && $row = mysql_fetch_array($result))
+  $authorized_ids = array();
+  while ($row = mysql_fetch_array($result))
   {
-    array_push($categorie_true, $row);
+    array_push($authorized_ids, $row['id']);
   }
   
-  $query = 'SELECT id,name,uppercats,global_rank FROM '.CATEGORIES_TABLE;
-  $query.= ' WHERE status = \'private\'';
-  $result = pwg_query($query);
-  $categorie_false = array();
-  while ($row = mysql_fetch_array($result))
+  $query_false = '
+SELECT id,name,uppercats,global_rank
+  FROM '.CATEGORIES_TABLE.'
+  WHERE status = \'private\'';
+  if (count($authorized_ids) > 0)
   {
-    if (!in_array($row,$categorie_true))
-          array_push($categorie_false, $row);
+    $query_false.= '
+    AND id NOT IN ('.implode(',', $authorized_ids).')';
   }
-  usort($categorie_true, 'global_rank_compare');
-  usort($categorie_false, 'global_rank_compare');
-  display_select_categories($categorie_true, array(), 'category_option_true', true);
-  display_select_categories($categorie_false, array(), 'category_option_false', true);
+  $query_false.= '
+;';
+  display_select_cat_wrapper($query_false,array(),'category_option_false');
 }
-
 //----------------------------------------------------------- sending html code
 $template->assign_var_from_handle('ADMIN_CONTENT', 'user');