Changeset 800 for trunk/admin/cat_perm.php
- Timestamp:
- Jun 30, 2005, 11:20:06 PM (19 years ago)
- File:
-
- 1 edited
-
trunk/admin/cat_perm.php (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
trunk/admin/cat_perm.php
r675 r800 25 25 // | USA. | 26 26 // +-----------------------------------------------------------------------+ 27 include_once( './admin/include/isadmin.inc.php' ); 28 //----------------------------------------------------- template initialization 29 $sub = $vtp->Open( './template/'.$user['template'].'/admin/cat_perm.vtp' ); 30 $error = array(); 31 $tpl = array( 'permuser_authorized','permuser_forbidden','menu_groups', 32 'submit','menu_users','permuser_parent_forbidden' ); 33 templatize_array( $tpl, 'lang', $sub ); 34 $vtp->setGlobalVar( $sub, 'user_template', $user['template'] ); 35 //-------------------------------------------------------------- category infos 36 if ( isset( $_GET['cat_id'] ) ) 37 { 38 check_cat_id( $_GET['cat_id'] ); 39 if ( isset( $page['cat'] ) and is_numeric( $page['cat'] ) ) 40 { 41 $result = get_cat_info( $page['cat'] ); 42 $page['cat_name'] = $result['name']; 43 $page['id_uppercat'] = $result['id_uppercat']; 44 } 45 } 46 //---------------------------------------------------------- permission updates 47 if ( isset( $_POST['submit'] ) ) 48 { 49 // groups access update 50 $query = 'DELETE'; 51 $query.= ' FROM '.PREFIX_TABLE.'group_access'; 52 $query.= ' WHERE cat_id = '.$page['cat']; 53 $query.= ';'; 54 pwg_query( $query ); 55 $query = 'SELECT id'; 56 $query.= ' FROM '.PREFIX_TABLE.'groups'; 57 $query.= ';'; 58 $result = pwg_query( $query ); 59 while ( $row = mysql_fetch_array( $result ) ) 60 { 61 $radioname = 'groupaccess-'.$row['id']; 62 if ( $_POST[$radioname] == 0 ) 27 28 if (!defined('PHPWG_ROOT_PATH')) 29 { 30 die ("Hacking attempt!"); 31 } 32 include_once(PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php'); 33 34 // +-----------------------------------------------------------------------+ 35 // | variable initialization | 36 // +-----------------------------------------------------------------------+ 37 38 // if the category is not correct (not numeric, not private) 39 if (isset($_GET['cat']) and is_numeric($_GET['cat'])) 40 { 41 $query = ' 42 SELECT status 43 FROM '.CATEGORIES_TABLE.' 44 WHERE id = '.$_GET['cat'].' 45 ;'; 46 list($status) = mysql_fetch_array(pwg_query($query)); 47 48 if ('private' == $status) 49 { 50 $page['cat'] = $_GET['cat']; 51 } 52 } 53 54 if (!isset($page['cat'])) 55 { 56 $query = ' 57 SELECT id 58 FROM '.CATEGORIES_TABLE.' 59 WHERE status = \'private\' 60 LIMIT 0,1 61 ;'; 62 63 list($page['cat']) = mysql_fetch_array(pwg_query($query)); 64 } 65 66 // +-----------------------------------------------------------------------+ 67 // | form submission | 68 // +-----------------------------------------------------------------------+ 69 70 if (isset($_POST) and false) 71 { 72 echo '<pre>'; 73 print_r($_POST); 74 echo '</pre>'; 75 } 76 77 if (isset($_POST['deny_groups_submit']) 78 and isset($_POST['deny_groups']) 79 and count($_POST['deny_groups']) > 0) 80 { 81 // if you forbid access to a category, all sub-categories become 82 // automatically forbidden 83 $query = ' 84 DELETE 85 FROM '.GROUP_ACCESS_TABLE.' 86 WHERE group_id IN ('.implode(',', $_POST['deny_groups']).') 87 AND cat_id IN ('.implode(',', get_subcat_ids(array($page['cat']))).') 88 ;'; 89 pwg_query($query); 90 } 91 else if (isset($_POST['grant_groups_submit']) 92 and isset($_POST['grant_groups']) 93 and count($_POST['grant_groups']) > 0) 94 { 95 $query = ' 96 SELECT id 97 FROM '.CATEGORIES_TABLE.' 98 WHERE id IN ('.implode(',', get_uppercat_ids(array($page['cat']))).') 99 AND status = \'private\' 100 ;'; 101 $private_uppercats = array_from_query($query, 'id'); 102 103 // We must not reinsert already existing lines in group_access table 104 $granteds = array(); 105 foreach ($private_uppercats as $cat_id) 106 { 107 $granteds[$cat_id] = array(); 108 } 109 110 $query = ' 111 SELECT group_id, cat_id 112 FROM '.GROUP_ACCESS_TABLE.' 113 WHERE cat_id IN ('.implode(',', $private_uppercats).') 114 AND group_id IN ('.implode(',', $_POST['grant_groups']).') 115 ;'; 116 $result = pwg_query($query); 117 while ($row = mysql_fetch_array($result)) 118 { 119 array_push($granteds[$row['cat_id']], $row['group_id']); 120 } 121 122 $inserts = array(); 123 124 foreach ($private_uppercats as $cat_id) 125 { 126 $group_ids = array_diff($_POST['grant_groups'], $granteds[$cat_id]); 127 foreach ($group_ids as $group_id) 63 128 { 64 $query = 'INSERT INTO '.PREFIX_TABLE.'group_access'; 65 $query.= ' (cat_id,group_id) VALUES'; 66 $query.= ' ('.$page['cat'].','.$row['id'].')'; 67 $query.= ';'; 68 pwg_query( $query ); 129 array_push($inserts, array('group_id' => $group_id, 130 'cat_id' => $cat_id)); 69 131 } 70 132 } 71 // users access update 72 $query = 'DELETE'; 73 $query.= ' FROM '.PREFIX_TABLE.'user_access'; 74 $query.= ' WHERE cat_id = '.$page['cat']; 75 $query.= ';'; 76 pwg_query( $query ); 77 $query = 'SELECT id'; 78 $query.= ' FROM '.USERS_TABLE; 79 $query.= ';'; 80 $result = pwg_query( $query ); 81 while ( $row = mysql_fetch_array( $result ) ) 82 { 83 $radioname = 'useraccess-'.$row['id']; 84 if ( $_POST[$radioname] == 0 ) 133 134 mass_inserts(GROUP_ACCESS_TABLE, array('group_id','cat_id'), $inserts); 135 } 136 else if (isset($_POST['deny_users_submit']) 137 and isset($_POST['deny_users']) 138 and count($_POST['deny_users']) > 0) 139 { 140 // if you forbid access to a category, all sub-categories become 141 // automatically forbidden 142 $query = ' 143 DELETE 144 FROM '.USER_ACCESS_TABLE.' 145 WHERE user_id IN ('.implode(',', $_POST['deny_users']).') 146 AND cat_id IN ('.implode(',', get_subcat_ids(array($page['cat']))).') 147 ;'; 148 pwg_query($query); 149 } 150 else if (isset($_POST['grant_users_submit']) 151 and isset($_POST['grant_users']) 152 and count($_POST['grant_users']) > 0) 153 { 154 $query = ' 155 SELECT id 156 FROM '.CATEGORIES_TABLE.' 157 WHERE id IN ('.implode(',', get_uppercat_ids(array($page['cat']))).') 158 AND status = \'private\' 159 ;'; 160 $private_uppercats = array_from_query($query, 'id'); 161 162 // We must not reinsert already existing lines in user_access table 163 $granteds = array(); 164 foreach ($private_uppercats as $cat_id) 165 { 166 $granteds[$cat_id] = array(); 167 } 168 169 $query = ' 170 SELECT user_id, cat_id 171 FROM '.USER_ACCESS_TABLE.' 172 WHERE cat_id IN ('.implode(',', $private_uppercats).') 173 AND user_id IN ('.implode(',', $_POST['grant_users']).') 174 ;'; 175 $result = pwg_query($query); 176 while ($row = mysql_fetch_array($result)) 177 { 178 array_push($granteds[$row['cat_id']], $row['user_id']); 179 } 180 181 $inserts = array(); 182 183 foreach ($private_uppercats as $cat_id) 184 { 185 $user_ids = array_diff($_POST['grant_users'], $granteds[$cat_id]); 186 foreach ($user_ids as $user_id) 85 187 { 86 $query = 'INSERT INTO '.PREFIX_TABLE.'user_access'; 87 $query.= ' (cat_id,user_id) VALUES'; 88 $query.= ' ('.$page['cat'].','.$row['id'].')'; 89 $query.= ';'; 90 pwg_query( $query ); 188 array_push($inserts, array('user_id' => $user_id, 189 'cat_id' => $cat_id)); 91 190 } 92 check_favorites( $row['id'] ); 93 } 94 // resynchronize all users 95 synchronize_all_users(); 96 } 97 //---------------------------------------------------------------------- groups 98 $query = 'SELECT id,name'; 99 $query.= ' FROM '.PREFIX_TABLE.'groups'; 100 $query. ';'; 101 $result = pwg_query( $query ); 102 if ( mysql_num_rows( $result ) > 0 ) 103 { 104 $vtp->addSession( $sub, 'groups' ); 105 // creating an array with all authorized groups for this category 106 $query = 'SELECT group_id'; 107 $query.= ' FROM '.PREFIX_TABLE.'group_access'; 108 $query.= ' WHERE cat_id = '.$_GET['cat_id']; 109 $query.= ';'; 110 $subresult = pwg_query( $query ); 111 $authorized_groups = array(); 112 while ( $subrow = mysql_fetch_array( $subresult ) ) 113 { 114 array_push( $authorized_groups, $subrow['group_id'] ); 115 } 116 // displaying each group 117 while( $row = mysql_fetch_array( $result ) ) 118 { 119 $vtp->addSession( $sub, 'group' ); 120 if ( in_array( $row['id'], $authorized_groups ) ) 191 } 192 193 mass_inserts(USER_ACCESS_TABLE, array('user_id','cat_id'), $inserts); 194 } 195 196 // +-----------------------------------------------------------------------+ 197 // | template initialization | 198 // +-----------------------------------------------------------------------+ 199 $template->set_filenames(array('cat_perm'=>'admin/cat_perm.tpl')); 200 201 $form_action = PHPWG_ROOT_PATH.'admin.php'; 202 $form_action.= '?page=cat_perm&cat='.$page['cat']; 203 204 $template->assign_vars(array('F_ACTION' => $form_action)); 205 206 // +-----------------------------------------------------------------------+ 207 // | form construction | 208 // +-----------------------------------------------------------------------+ 209 210 // groups denied are the groups not granted. So we need to find all groups 211 // minus groups granted to find groups denied. 212 213 $groups = array(); 214 215 $query = ' 216 SELECT id, name 217 FROM '.GROUPS_TABLE.' 218 ;'; 219 $result = pwg_query($query); 220 221 while ($row = mysql_fetch_array($result)) 222 { 223 $groups[$row['id']] = $row['name']; 224 } 225 226 $query = ' 227 SELECT group_id 228 FROM '.GROUP_ACCESS_TABLE.' 229 WHERE cat_id = '.$page['cat'].' 230 ;'; 231 $group_granted_ids = array_from_query($query, 'group_id'); 232 233 // groups granted to access the category 234 foreach ($group_granted_ids as $group_id) 235 { 236 $template->assign_block_vars( 237 'group_granted', 238 array( 239 'NAME'=>$groups[$group_id], 240 'ID'=>$group_id 241 ) 242 ); 243 } 244 245 // groups denied 246 foreach (array_diff(array_keys($groups), $group_granted_ids) as $group_id) 247 { 248 $template->assign_block_vars( 249 'group_denied', 250 array( 251 'NAME'=>$groups[$group_id], 252 'ID'=>$group_id 253 ) 254 ); 255 } 256 257 // users... 258 $users = array(); 259 260 $query = ' 261 SELECT id, username 262 FROM '.USERS_TABLE.' 263 WHERE id != 2 264 ;'; 265 $result = pwg_query($query); 266 while($row = mysql_fetch_array($result)) 267 { 268 $users[$row['id']] = $row['username']; 269 } 270 271 $query = ' 272 SELECT user_id 273 FROM '.USER_ACCESS_TABLE.' 274 WHERE cat_id = '.$page['cat'].' 275 ;'; 276 $user_granted_direct_ids = array_from_query($query, 'user_id'); 277 278 foreach ($user_granted_direct_ids as $user_id) 279 { 280 $template->assign_block_vars( 281 'user_granted', 282 array( 283 'NAME'=>$users[$user_id], 284 'ID'=>$user_id 285 ) 286 ); 287 } 288 289 $user_granted_indirect_ids = array(); 290 if (count($group_granted_ids) > 0) 291 { 292 $granted_groups = array(); 293 294 $query = ' 295 SELECT user_id, group_id 296 FROM '.USER_GROUP_TABLE.' 297 WHERE group_id IN ('.implode(',', $group_granted_ids).') 298 '; 299 $result = pwg_query($query); 300 while ($row = mysql_fetch_array($result)) 301 { 302 if (!isset($granted_groups[$row['group_id']])) 121 303 { 122 $vtp->setVar( $sub, 'group.color', 'green' ); 123 $vtp->setVar( $sub, 'group.authorized_checked', ' checked="checked"' ); 304 $granted_groups[$row['group_id']] = array(); 124 305 } 125 else 306 array_push($granted_groups[$row['group_id']], $row['user_id']); 307 } 308 309 $user_granted_by_group_ids = array(); 310 311 foreach ($granted_groups as $group_users) 312 { 313 $user_granted_by_group_ids = array_merge($user_granted_by_group_ids, 314 $group_users); 315 } 316 $user_granted_by_group_ids = array_unique($user_granted_by_group_ids); 317 318 319 $user_granted_indirect_ids = array_diff($user_granted_by_group_ids, 320 $user_granted_direct_ids); 321 322 foreach ($user_granted_indirect_ids as $user_id) 323 { 324 $group = ''; 325 326 foreach ($granted_groups as $group_id => $group_users) 126 327 { 127 $vtp->setVar( $sub, 'group.color', 'red' ); 128 $vtp->setVar( $sub, 'group.forbidden_checked', ' checked="checked"' ); 328 if (in_array($user_id, $group_users)) 329 { 330 $group = $groups[$group_id]; 331 break; 332 } 129 333 } 130 $vtp->setVar( $sub, 'group.groupname', $row['name'] ); 131 $vtp->setVar( $sub, 'group.id', $row['id'] ); 132 $url = './admin.php?page=group_perm&group_id='.$row['id']; 133 $vtp->setVar( $sub, 'group.group_perm_link', add_session_id( $url ) ); 134 $vtp->closeSession( $sub, 'group' ); 135 } 136 $vtp->closeSession( $sub, 'groups' ); 137 } 138 //----------------------------------------------------------------------- users 139 $query = 'SELECT id,username,status'; 140 $query.= ' FROM '.USERS_TABLE; 141 // only the webmaster can modify webmaster's permissions 142 if ( $user['username'] != $conf['webmaster'] ) 143 { 144 $query.= " WHERE username != '".$conf['webmaster']."'"; 145 } 146 $query.= ';'; 147 $result = pwg_query( $query ); 148 while ( $row = mysql_fetch_array( $result ) ) 149 { 150 $vtp->addSession( $sub, 'user' ); 151 $vtp->setVar( $sub, 'user.id', $row['id'] ); 152 $url = add_session_id( './admin.php?page=user_perm&user_id='.$row['id']); 153 $vtp->setVar( $sub, 'user.user_perm_link', $url); 154 if ( $row['username'] == 'guest' ) 155 { 156 $row['username'] = $lang['guest']; 157 } 158 $vtp->setVar( $sub, 'user.username', $row['username'] ); 159 160 // for color of user : (red means access forbidden, green authorized) we 161 // ask all forbidden categories, including the groups rights 162 $restrictions = get_user_restrictions( $row['id'], $row['status'], false ); 163 $is_user_allowed = is_user_allowed( $page['cat'], $restrictions ); 164 if ( $is_user_allowed == 0 ) 165 { 166 $vtp->setVar( $sub, 'user.color', 'green' ); 167 } 168 else 169 { 170 $vtp->setVar( $sub, 'user.color', 'red' ); 171 } 172 // for permission update button, we only ask forbidden categories for the 173 // user, not taking into account the groups the user belongs to 174 $restrictions = get_user_restrictions($row['id'],$row['status'],false,false); 175 $is_user_allowed = is_user_allowed( $page['cat'], $restrictions ); 176 if ( $is_user_allowed == 2 ) 177 { 178 $vtp->addSession( $sub, 'parent_forbidden' ); 179 $url = './admin.php?page=cat_perm&cat_id='.$page['id_uppercat']; 180 $vtp->setVar( $sub, 'parent_forbidden.url', add_session_id( $url ) ); 181 $vtp->closeSession( $sub, 'parent_forbidden' ); 182 } 183 if ( $is_user_allowed == 0 ) 184 { 185 $vtp->setVar( $sub, 'user.authorized_checked', ' checked="checked"' ); 186 } 187 else 188 { 189 $vtp->setVar( $sub, 'user.forbidden_checked', ' checked="checked"' ); 190 } 191 // user's group(s) 192 $query = 'SELECT g.name as groupname, g.id as groupid'; 193 $query.= ' FROM '.PREFIX_TABLE.'groups as g'; 194 $query.= ', '.PREFIX_TABLE.'user_group as ug'; 195 $query.= ' WHERE ug.group_id = g.id'; 196 $query.= ' AND ug.user_id = '.$row['id']; 197 $query.= ';'; 198 $subresult = pwg_query( $query ); 199 if ( mysql_num_rows( $subresult ) > 0 ) 200 { 201 $vtp->addSession( $sub, 'usergroups' ); 202 $i = 0; 203 while( $subrow = mysql_fetch_array( $subresult ) ) 204 { 205 $vtp->addSession( $sub, 'usergroup' ); 206 if ( in_array( $subrow['groupid'], $authorized_groups ) ) 207 { 208 $vtp->setVar( $sub, 'usergroup.color', 'green' ); 209 } 210 else 211 { 212 $vtp->setVar( $sub, 'usergroup.color', 'red' ); 213 } 214 $vtp->setVar( $sub, 'usergroup.name', $subrow['groupname'] ); 215 if ( $i < mysql_num_rows( $subresult ) - 1 ) 216 { 217 $vtp->setVar( $sub, 'usergroup.separation', ',' ); 218 } 219 $vtp->closeSession( $sub, 'usergroup' ); 220 $i++; 221 } 222 $vtp->closeSession( $sub, 'usergroups' ); 223 } 224 $vtp->closeSession( $sub, 'user' ); 225 } 226 //----------------------------------------------------------- sending html code 227 $vtp->Parse( $handle , 'sub', $sub ); 334 335 $template->assign_block_vars( 336 'user_granted_indirect', 337 array( 338 'NAME'=>$users[$user_id], 339 'GROUP'=>$group 340 ) 341 ); 342 } 343 } 344 345 $user_denied_ids = array_diff(array_keys($users), 346 $user_granted_indirect_ids, 347 $user_granted_direct_ids); 348 349 foreach ($user_denied_ids as $user_id) 350 { 351 $template->assign_block_vars( 352 'user_denied', 353 array( 354 'NAME'=>$users[$user_id], 355 'ID'=>$user_id 356 ) 357 ); 358 } 359 360 361 // +-----------------------------------------------------------------------+ 362 // | sending html code | 363 // +-----------------------------------------------------------------------+ 364 $template->assign_var_from_handle('ADMIN_CONTENT', 'cat_perm'); 228 365 ?>
Note: See TracChangeset
for help on using the changeset viewer.
