Changeset 9500 for extensions/community/include

Timestamp:

Mar 3, 2011, 10:12:57 PM (13 years ago)

Author:

plg

Message:

a permission may not automatically apply to sub-albums

in the upload form, the album list does not show private (and unreachable for
the user) albums and public albums that contains photos invisible to the user.

File:

• extensions/community/include/functions_community.inc.php (modified) (5 diffs)

extensions/community/include/functions_community.inc.php

@@ -24 +24 @@
 function community_get_user_permissions($user_id)
 {
-  global $conf;
-
-  if (is_admin())
-  {
-    return array(
-      'upload_whole_gallery' => true,
-      'create_whole_gallery' => true,
-      'create_categories' => array(),
-      'upload_categories' => array(),
-      'permission_ids' => array(),
-      );
-  }
+  global $conf, $user;
 
   $return = array(
@@ -58 +47 @@
     id,
     category_id,
+    recursive,
     create_subcategories
   FROM '.COMMUNITY_PERMISSIONS_TABLE.'
@@ -78 +68 @@
 ;';
 
+  $recursive_categories = array();
+
   $result = pwg_query($query);
   while ($row = pwg_db_fetch_assoc($result))
@@ -90 +82 @@
     {
       array_push($return['upload_categories'], $row['category_id']);
+
+      if ('true' == $row['recursive'])
+      {
+        array_push($recursive_categories, $row['category_id']);
+      }
     }
 
@@ -105 +102 @@
   }
 
-  if (!$return['upload_whole_gallery'] and count($return['upload_categories']) > 0)
-  {
-    $return['upload_categories'] = get_subcat_ids($return['upload_categories']);
-  }
-
-  if (!$return ['create_whole_gallery'] and count($return['create_categories']) > 0)
-  {
+  if (is_admin())
+  {
+    $return ['upload_whole_gallery'] = true;
+    $return ['create_whole_gallery'] = true;
+  }
+
+  // these are categories with access permission but considering the user
+  // has a level 8 (maximum level). We want to keep categories with no
+  // photos inside (for nobody)
+  $forbidden_categories = calculate_permissions($user['id'], $user['status']);
+  
+  $empty_categories = array_diff(
+    explode(',', $user['forbidden_categories']),
+    explode(',', $forbidden_categories)
+    );
+
+  if (count($empty_categories) > 0)
+  {
+    $query = '
+SELECT
+    category_id
+  FROM '.IMAGE_CATEGORY_TABLE.'
+    JOIN '.IMAGES_TABLE.'
+  WHERE category_id IN ('.implode(',', $empty_categories).')
+    AND level > '.$user['level'].'
+    AND level <= 8
+  GROUP BY category_id
+;';
+    $not_really_empty_categories = array_keys(hash_from_query($query, 'category_id'));
+    $forbidden_categories.= ','.implode(',', $not_really_empty_categories);
+  }
+
+  $query = '
+SELECT
+    id
+  FROM '.CATEGORIES_TABLE.'
+;';
+  $all_categories = array_keys(hash_from_query($query, 'id'));
+
+  if ($return['upload_whole_gallery'])
+  {
+    $return['upload_categories'] = array_diff(
+      $all_categories,
+      explode(',', $forbidden_categories)
+      );
+  }
+  elseif (count($return['upload_categories']) > 0)
+  {
+    if (count($recursive_categories) > 0)
+    {
+      $return['upload_categories'] = array_unique(
+        array_merge(
+          $return['upload_categories'],
+          get_subcat_ids($recursive_categories)
+          )
+        );
+    }
+
+    $return['upload_categories'] = array_diff(
+      $return['upload_categories'],
+      explode(',', $forbidden_categories)
+      );
+  }
+
+  if ($return ['create_whole_gallery'])
+  {
+    $return['create_categories'] = array_diff(
+      $all_categories,
+      explode(',', $forbidden_categories)
+      );
+  }
+  elseif (count($return['create_categories']) > 0)
+  {
+    // no need to check for "recursive", an upload permission can't be
+    // "create_subcategories" without being "recursive"
     $return['create_categories'] = get_subcat_ids($return['create_categories']);
+
+    $return['create_categories'] = array_diff(
+      $return['create_categories'],
+      explode(',', $forbidden_categories)
+      );
   }