source: branches/2.1/admin/cat_perm.php @ 6276

Last change on this file since 6276 was 6276, checked in by plg, 14 years ago

merge r6265 from trunk to branch 2.1

Correct text alignement in .infos, .errors
30px => 53px
File size: 10.3 KB
Line 
1<?php
2// +-----------------------------------------------------------------------+
3// | Piwigo - a PHP based picture gallery                                  |
4// +-----------------------------------------------------------------------+
5// | Copyright(C) 2008-2010 Piwigo Team                  http://piwigo.org |
6// | Copyright(C) 2003-2008 PhpWebGallery Team    http://phpwebgallery.net |
7// | Copyright(C) 2002-2003 Pierrick LE GALL   http://le-gall.net/pierrick |
8// +-----------------------------------------------------------------------+
9// | This program is free software; you can redistribute it and/or modify  |
10// | it under the terms of the GNU General Public License as published by  |
11// | the Free Software Foundation                                          |
12// |                                                                       |
13// | This program is distributed in the hope that it will be useful, but   |
14// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
15// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
16// | General Public License for more details.                              |
17// |                                                                       |
18// | You should have received a copy of the GNU General Public License     |
19// | along with this program; if not, write to the Free Software           |
20// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
21// | USA.                                                                  |
22// +-----------------------------------------------------------------------+
23
24if (!defined('PHPWG_ROOT_PATH'))
25{
26  die ("Hacking attempt!");
27}
28
29include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
30
31// +-----------------------------------------------------------------------+
32// | Check Access and exit when user status is not ok                      |
33// +-----------------------------------------------------------------------+
34check_status(ACCESS_ADMINISTRATOR);
35
36// +-----------------------------------------------------------------------+
37// |                       variable initialization                         |
38// +-----------------------------------------------------------------------+
39
40// if the category is not correct (not numeric, not private)
41if (isset($_GET['cat']) and is_numeric($_GET['cat']))
42{
43  $query = '
44SELECT status
45  FROM '.CATEGORIES_TABLE.'
46  WHERE id = '.$_GET['cat'].'
47;';
48  list($status) = pwg_db_fetch_row(pwg_query($query));
49 
50  if ('private' == $status)
51  {
52    $page['cat'] = $_GET['cat'];
53  }
54}
55
56if (!isset($page['cat']))
57{
58  $query = '
59SELECT id
60  FROM '.CATEGORIES_TABLE.'
61  WHERE status = \'private\'
62  LIMIT 1
63;';
64
65  list($page['cat']) = pwg_db_fetch_row(pwg_query($query));
66}
67
68// +-----------------------------------------------------------------------+
69// |                           form submission                             |
70// +-----------------------------------------------------------------------+
71
72
73if (isset($_POST['deny_groups_submit'])
74         and isset($_POST['deny_groups'])
75         and count($_POST['deny_groups']) > 0)
76{
77  // if you forbid access to a category, all sub-categories become
78  // automatically forbidden
79  $query = '
80DELETE
81  FROM '.GROUP_ACCESS_TABLE.'
82  WHERE group_id IN ('.implode(',', $_POST['deny_groups']).')
83    AND cat_id IN ('.implode(',', get_subcat_ids(array($page['cat']))).')
84;';
85  pwg_query($query);
86}
87else if (isset($_POST['grant_groups_submit'])
88         and isset($_POST['grant_groups'])
89         and count($_POST['grant_groups']) > 0)
90{
91  $query = '
92SELECT id
93  FROM '.CATEGORIES_TABLE.'
94  WHERE id IN ('.implode(',', get_uppercat_ids(array($page['cat']))).')
95  AND status = \'private\'
96;';
97  $private_uppercats = array_from_query($query, 'id');
98
99  // We must not reinsert already existing lines in group_access table
100  $granteds = array();
101  foreach ($private_uppercats as $cat_id)
102  {
103    $granteds[$cat_id] = array();
104  }
105 
106  $query = '
107SELECT group_id, cat_id
108  FROM '.GROUP_ACCESS_TABLE.'
109  WHERE cat_id IN ('.implode(',', $private_uppercats).')
110    AND group_id IN ('.implode(',', $_POST['grant_groups']).')
111;';
112  $result = pwg_query($query);
113  while ($row = pwg_db_fetch_assoc($result))
114  {
115    array_push($granteds[$row['cat_id']], $row['group_id']);
116  }
117
118  $inserts = array();
119 
120  foreach ($private_uppercats as $cat_id)
121  {
122    $group_ids = array_diff($_POST['grant_groups'], $granteds[$cat_id]);
123    foreach ($group_ids as $group_id)
124    {
125      array_push($inserts, array('group_id' => $group_id,
126                                 'cat_id' => $cat_id));
127    }
128  }
129
130  mass_inserts(GROUP_ACCESS_TABLE, array('group_id','cat_id'), $inserts);
131}
132else if (isset($_POST['deny_users_submit'])
133         and isset($_POST['deny_users'])
134         and count($_POST['deny_users']) > 0)
135{
136  // if you forbid access to a category, all sub-categories become
137  // automatically forbidden
138  $query = '
139DELETE
140  FROM '.USER_ACCESS_TABLE.'
141  WHERE user_id IN ('.implode(',', $_POST['deny_users']).')
142    AND cat_id IN ('.implode(',', get_subcat_ids(array($page['cat']))).')
143;';
144  pwg_query($query);
145}
146else if (isset($_POST['grant_users_submit'])
147         and isset($_POST['grant_users'])
148         and count($_POST['grant_users']) > 0)
149{
150  $query = '
151SELECT id
152  FROM '.CATEGORIES_TABLE.'
153  WHERE id IN ('.implode(',', get_uppercat_ids(array($page['cat']))).')
154  AND status = \'private\'
155;';
156  $private_uppercats = array_from_query($query, 'id');
157
158  // We must not reinsert already existing lines in user_access table
159  $granteds = array();
160  foreach ($private_uppercats as $cat_id)
161  {
162    $granteds[$cat_id] = array();
163  }
164 
165  $query = '
166SELECT user_id, cat_id
167  FROM '.USER_ACCESS_TABLE.'
168  WHERE cat_id IN ('.implode(',', $private_uppercats).')
169    AND user_id IN ('.implode(',', $_POST['grant_users']).')
170;';
171  $result = pwg_query($query);
172  while ($row = pwg_db_fetch_assoc($result))
173  {
174    array_push($granteds[$row['cat_id']], $row['user_id']);
175  }
176
177  $inserts = array();
178 
179  foreach ($private_uppercats as $cat_id)
180  {
181    $user_ids = array_diff($_POST['grant_users'], $granteds[$cat_id]);
182    foreach ($user_ids as $user_id)
183    {
184      array_push($inserts, array('user_id' => $user_id,
185                                 'cat_id' => $cat_id));
186    }
187  }
188
189  mass_inserts(USER_ACCESS_TABLE, array('user_id','cat_id'), $inserts);
190}
191
192// +-----------------------------------------------------------------------+
193// |                       template initialization                         |
194// +-----------------------------------------------------------------------+
195
196$template->set_filename('cat_perm', 'cat_perm.tpl');
197
198$template->assign(
199  array(
200    'CATEGORIES_NAV' =>
201      get_cat_display_name_from_id(
202        $page['cat'],
203        'admin.php?page=cat_modify&amp;cat_id='
204        ),
205    'U_HELP' => get_root_url().'admin/popuphelp.php?page=cat_perm',
206    'F_ACTION' => get_root_url().'admin.php?page=cat_perm&amp;cat='.$page['cat']
207    )
208  );
209
210// +-----------------------------------------------------------------------+
211// |                          form construction                            |
212// +-----------------------------------------------------------------------+
213
214// groups denied are the groups not granted. So we need to find all groups
215// minus groups granted to find groups denied.
216
217$groups = array();
218
219$query = '
220SELECT id, name
221  FROM '.GROUPS_TABLE.'
222  ORDER BY name ASC
223;';
224$groups = simple_hash_from_query($query, 'id', 'name');
225$template->assign('all_groups', $groups);
226
227// groups granted to access the category
228$query = '
229SELECT group_id
230  FROM '.GROUP_ACCESS_TABLE.'
231  WHERE cat_id = '.$page['cat'].'
232;';
233$group_granted_ids = array_from_query($query, 'group_id');
234$group_granted_ids = order_by_name($group_granted_ids, $groups);
235$template->assign('group_granted_ids', $group_granted_ids);
236
237
238// groups denied
239$template->assign('group_denied_ids',
240    order_by_name(array_diff(array_keys($groups), $group_granted_ids), $groups)
241  );
242
243// users...
244$users = array();
245
246$query = '
247SELECT '.$conf['user_fields']['id'].' AS id,
248       '.$conf['user_fields']['username'].' AS username
249  FROM '.USERS_TABLE.'
250;';
251$users = simple_hash_from_query($query, 'id', 'username');
252$template->assign('all_users', $users);
253
254
255$query = '
256SELECT user_id
257  FROM '.USER_ACCESS_TABLE.'
258  WHERE cat_id = '.$page['cat'].'
259;';
260$user_granted_direct_ids = array_from_query($query, 'user_id');
261$user_granted_direct_ids = order_by_name($user_granted_direct_ids, $users);
262$template->assign('user_granted_direct_ids', $user_granted_direct_ids);
263
264
265
266$user_granted_indirect_ids = array();
267if (count($group_granted_ids) > 0)
268{
269  $granted_groups = array();
270
271  $query = '
272SELECT user_id, group_id
273  FROM '.USER_GROUP_TABLE.'
274  WHERE group_id IN ('.implode(',', $group_granted_ids).')
275';
276  $result = pwg_query($query);
277  while ($row = pwg_db_fetch_assoc($result))
278  {
279    if (!isset($granted_groups[$row['group_id']]))
280    {
281      $granted_groups[$row['group_id']] = array();
282    }
283    array_push($granted_groups[$row['group_id']], $row['user_id']);
284  }
285
286  $user_granted_by_group_ids = array();
287
288  foreach ($granted_groups as $group_users)
289  {
290    $user_granted_by_group_ids = array_merge($user_granted_by_group_ids,
291                                             $group_users);
292  }
293  $user_granted_by_group_ids = array_unique($user_granted_by_group_ids);
294 
295 
296  $user_granted_indirect_ids = array_diff($user_granted_by_group_ids,
297                                          $user_granted_direct_ids);
298  $user_granted_indirect_ids = 
299    order_by_name($user_granted_indirect_ids, $users); 
300  foreach ($user_granted_indirect_ids as $user_id)
301  {
302    foreach ($granted_groups as $group_id => $group_users)
303    {
304      if (in_array($user_id, $group_users))
305      {
306        $template->append(
307          'user_granted_indirects',
308          array(
309            'USER'=>$users[$user_id],
310            'GROUP'=>$groups[$group_id]
311            )
312          );
313        break;
314      }
315    }
316  }
317}
318
319$user_denied_ids = array_diff(array_keys($users),
320                              $user_granted_indirect_ids,
321                              $user_granted_direct_ids);
322$user_denied_ids = order_by_name($user_denied_ids, $users);
323$template->assign('user_denied_ids', $user_denied_ids);
324
325
326// +-----------------------------------------------------------------------+
327// |                           sending html code                           |
328// +-----------------------------------------------------------------------+
329$template->assign_var_from_handle('ADMIN_CONTENT', 'cat_perm');
330?>
Note: See TracBrowser for help on using the repository browser.