Changeset 9500


Ignore:
Timestamp:
03/03/11 22:12:57 (9 years ago)
Author:
plg
Message:

a permission may not automatically apply to sub-albums

in the upload form, the album list does not show private (and unreachable for
the user) albums and public albums that contains photos invisible to the user.

Location:
extensions/community
Files:
5 edited

Legend:

Unmodified
Added
Removed
  • extensions/community/add_photos.php

    r9450 r9500  
    5151  { 
    5252    // is the user authorized to upload in this album? 
    53     if (!$user_permissions['upload_whole_gallery']) 
    54     { 
    55       if (!in_array($_POST['category'], $user_permissions['upload_categories'])) 
    56       { 
    57         echo 'Hacking attempt, you have no permission to upload in this album'; 
    58         $hacking_attempt = true; 
    59       } 
     53    if (!in_array($_POST['category'], $user_permissions['upload_categories'])) 
     54    { 
     55      echo 'Hacking attempt, you have no permission to upload in this album'; 
     56      $hacking_attempt = true; 
    6057    } 
    6158  } 
    6259  elseif ('new' == $_POST['category_type']) 
    6360  { 
    64     if (!$user_permissions['create_whole_gallery']) 
    65     { 
    66       if (!in_array($_POST['category_parent'], $user_permissions['create_categories'])) 
    67       { 
    68         echo 'Hacking attempt, you have no permission to create this album'; 
    69         $hacking_attempt = true; 
    70       } 
     61    if (!in_array($_POST['category_parent'], $user_permissions['create_categories'])) 
     62    { 
     63      echo 'Hacking attempt, you have no permission to create this album'; 
     64      $hacking_attempt = true; 
    7165    } 
    7266  } 
     
    291285include_once(PHPWG_ROOT_PATH.'admin/include/photos_add_direct_prepare.inc.php'); 
    292286 
    293 if (!$user_permissions['upload_whole_gallery']) 
    294 { 
    295   // we have to change the list of uploadable albums 
    296   $query = ' 
     287// we have to change the list of uploadable albums 
     288$query = ' 
    297289SELECT id,name,uppercats,global_rank 
    298290  FROM '.CATEGORIES_TABLE.' 
     
    300292;'; 
    301293 
    302   display_select_cat_wrapper( 
    303     $query, 
    304     $selected_category, 
    305     'category_options' 
    306     ); 
    307 } 
     294display_select_cat_wrapper( 
     295  $query, 
     296  $selected_category, 
     297  'category_options' 
     298  ); 
    308299 
    309300$create_subcategories = false; 
    310301 
    311 if ($user_permissions['create_whole_gallery'] or count($user_permissions['create_categories']) > 0) 
     302if (count($user_permissions['create_categories']) > 0) 
    312303{ 
    313304  $create_subcategories = true; 
     
    316307  $query = ' 
    317308SELECT id,name,uppercats,global_rank 
    318   FROM '.CATEGORIES_TABLE; 
    319    
    320   if (!$user_permissions['create_whole_gallery']) 
    321   { 
    322     $query.= ' 
    323   WHERE id IN ('.implode(',', $user_permissions['create_categories']).')'; 
    324   } 
    325  
    326   $query.= ' 
     309  FROM '.CATEGORIES_TABLE.' 
     310  WHERE id IN ('.implode(',', $user_permissions['create_categories']).') 
    327311;'; 
    328312 
     
    358342$title = l10n('Upload Photos'); 
    359343$page['body_id'] = 'theUploadPage'; 
    360 // include(PHPWG_ROOT_PATH.'include/page_header.php'); 
    361 // $template->pparse('add_photos'); 
    362 // include(PHPWG_ROOT_PATH.'include/page_tail.php'); 
    363344 
    364345$template->assign_var_from_handle('PLUGIN_INDEX_CONTENT_BEGIN', 'add_photos'); 
  • extensions/community/admin_permissions.php

    r9375 r9500  
    7474    'user_id' => ('user' == $_POST['who']) ? $_POST['who_user'] : null, 
    7575    'category_id' => ($_POST['category'] > 0) ? $_POST['category'] : null, 
     76    'recursive' => isset($_POST['recursive']) ? 'true' : 'false', 
    7677    'create_subcategories' => isset($_POST['create_subcategories']) ? 'true' : 'false', 
    7778    'moderated' => $_POST['moderate'], 
    7879    ); 
     80   
    7981  mass_inserts( 
    8082    COMMUNITY_PERMISSIONS_TABLE, 
     
    324326      'TRUST' => $trust, 
    325327      'TRUST_TOOLTIP' => $trust_tooltip, 
     328      'RECURSIVE' => get_boolean($permission['recursive']), 
     329      'RECURSIVE_TOOLTIP' => l10n('Apply to sub-albums'), 
    326330      'CREATE_SUBCATEGORIES' => get_boolean($permission['create_subcategories']), 
    327331      'U_DELETE' => $admin_base_url.'&delete='.$permission['id'] 
  • extensions/community/admin_permissions.tpl

    r9372 r9500  
    1010    $("[name^=who_]").hide(); 
    1111    $("[name=who_"+$(this).attr("value")+"]").show(); 
     12  }); 
     13 
     14  function checkWhereOptions() { 
     15    var recursive = $("input[name=recursive]"); 
     16    var create = $("input[name=create_subcategories]"); 
     17 
     18    if ($("select[name=category] option:selected").val() == 0) { 
     19      $(recursive).attr("disabled", true); 
     20      $(recursive).attr('checked', true); 
     21    } 
     22    else { 
     23      $(recursive).removeAttr("disabled"); 
     24    } 
     25 
     26    if (!$(recursive).is(':checked')) { 
     27      $(create).attr('checked', false); 
     28      $(create).attr("disabled", true); 
     29    } 
     30    else { 
     31      $(create).removeAttr("disabled"); 
     32    } 
     33  } 
     34 
     35  checkWhereOptions(); 
     36 
     37  $("select[name=category]").change(function() { 
     38    checkWhereOptions(); 
     39  }); 
     40 
     41  $("input[name=recursive]").change(function() { 
     42    checkWhereOptions(); 
    1243  }); 
    1344 
     
    5990      </select> 
    6091      <br> 
     92      <label><input type="checkbox" name="recursive" checked="checked"> {'Apply to sub-albums'|@translate}</label> 
     93      <br> 
    6194      <label><input type="checkbox" name="create_subcategories"> {'ability to create sub-albums'|@translate}</label> 
    6295    </p> 
     
    88121    <td> 
    89122      <span title="{$permission.TRUST_TOOLTIP}">{$permission.TRUST}</span> 
     123    {if $permission.RECURSIVE} 
     124, <span title="{$permission.RECURSIVE_TOOLTIP}">{'sub-albums'|@translate}</span> 
     125    {/if} 
    90126    {if $permission.CREATE_SUBCATEGORIES} 
    91127, {'sub-albums creation'|@translate} 
  • extensions/community/include/functions_community.inc.php

    r9452 r9500  
    2424function community_get_user_permissions($user_id) 
    2525{ 
    26   global $conf; 
    27  
    28   if (is_admin()) 
    29   { 
    30     return array( 
    31       'upload_whole_gallery' => true, 
    32       'create_whole_gallery' => true, 
    33       'create_categories' => array(), 
    34       'upload_categories' => array(), 
    35       'permission_ids' => array(), 
    36       ); 
    37   } 
     26  global $conf, $user; 
    3827 
    3928  $return = array( 
     
    5847    id, 
    5948    category_id, 
     49    recursive, 
    6050    create_subcategories 
    6151  FROM '.COMMUNITY_PERMISSIONS_TABLE.' 
     
    7868;'; 
    7969 
     70  $recursive_categories = array(); 
     71 
    8072  $result = pwg_query($query); 
    8173  while ($row = pwg_db_fetch_assoc($result)) 
     
    9082    { 
    9183      array_push($return['upload_categories'], $row['category_id']); 
     84 
     85      if ('true' == $row['recursive']) 
     86      { 
     87        array_push($recursive_categories, $row['category_id']); 
     88      } 
    9289    } 
    9390 
     
    105102  } 
    106103 
    107   if (!$return['upload_whole_gallery'] and count($return['upload_categories']) > 0) 
    108   { 
    109     $return['upload_categories'] = get_subcat_ids($return['upload_categories']); 
    110   } 
    111  
    112   if (!$return ['create_whole_gallery'] and count($return['create_categories']) > 0) 
    113   { 
     104  if (is_admin()) 
     105  { 
     106    $return ['upload_whole_gallery'] = true; 
     107    $return ['create_whole_gallery'] = true; 
     108  } 
     109 
     110  // these are categories with access permission but considering the user 
     111  // has a level 8 (maximum level). We want to keep categories with no 
     112  // photos inside (for nobody) 
     113  $forbidden_categories = calculate_permissions($user['id'], $user['status']); 
     114   
     115  $empty_categories = array_diff( 
     116    explode(',', $user['forbidden_categories']), 
     117    explode(',', $forbidden_categories) 
     118    ); 
     119 
     120  if (count($empty_categories) > 0) 
     121  { 
     122    $query = ' 
     123SELECT 
     124    category_id 
     125  FROM '.IMAGE_CATEGORY_TABLE.' 
     126    JOIN '.IMAGES_TABLE.' 
     127  WHERE category_id IN ('.implode(',', $empty_categories).') 
     128    AND level > '.$user['level'].' 
     129    AND level <= 8 
     130  GROUP BY category_id 
     131;'; 
     132    $not_really_empty_categories = array_keys(hash_from_query($query, 'category_id')); 
     133    $forbidden_categories.= ','.implode(',', $not_really_empty_categories); 
     134  } 
     135 
     136  $query = ' 
     137SELECT 
     138    id 
     139  FROM '.CATEGORIES_TABLE.' 
     140;'; 
     141  $all_categories = array_keys(hash_from_query($query, 'id')); 
     142 
     143  if ($return['upload_whole_gallery']) 
     144  { 
     145    $return['upload_categories'] = array_diff( 
     146      $all_categories, 
     147      explode(',', $forbidden_categories) 
     148      ); 
     149  } 
     150  elseif (count($return['upload_categories']) > 0) 
     151  { 
     152    if (count($recursive_categories) > 0) 
     153    { 
     154      $return['upload_categories'] = array_unique( 
     155        array_merge( 
     156          $return['upload_categories'], 
     157          get_subcat_ids($recursive_categories) 
     158          ) 
     159        ); 
     160    } 
     161 
     162    $return['upload_categories'] = array_diff( 
     163      $return['upload_categories'], 
     164      explode(',', $forbidden_categories) 
     165      ); 
     166  } 
     167 
     168  if ($return ['create_whole_gallery']) 
     169  { 
     170    $return['create_categories'] = array_diff( 
     171      $all_categories, 
     172      explode(',', $forbidden_categories) 
     173      ); 
     174  } 
     175  elseif (count($return['create_categories']) > 0) 
     176  { 
     177    // no need to check for "recursive", an upload permission can't be 
     178    // "create_subcategories" without being "recursive" 
    114179    $return['create_categories'] = get_subcat_ids($return['create_categories']); 
     180 
     181    $return['create_categories'] = array_diff( 
     182      $return['create_categories'], 
     183      explode(',', $forbidden_categories) 
     184      ); 
    115185  } 
    116186 
  • extensions/community/maintain.inc.php

    r9441 r9500  
    1919  user_id smallint(5) DEFAULT NULL, 
    2020  category_id smallint(5) unsigned DEFAULT NULL, 
     21  recursive enum(\'true\',\'false\') NOT NULL DEFAULT \'true\', 
    2122  create_subcategories enum(\'true\',\'false\') NOT NULL DEFAULT \'false\', 
    2223  moderated enum(\'true\',\'false\') NOT NULL DEFAULT \'true\', 
     
    4546  "user_id" INTEGER, 
    4647  "category_id" INTEGER, 
     48  "recursive" BOOLEAN default true, 
    4749  "create_subcategories" BOOLEAN default false, 
    4850  "moderated" BOOLEAN default true, 
     
    7173  "user_id" INTEGER, 
    7274  "category_id" INTEGER, 
     75  "recursive" BOOLEAN default true, 
    7376  "create_subcategories" BOOLEAN default false, 
    7477  "moderated" BOOLEAN default true, 
Note: See TracChangeset for help on using the changeset viewer.