Context Navigation

source: extensions/community/admin_permissions.php @ 15682

Last change on this file since 15682 was 10772, checked in by plg, 14 years ago
bug 2293 fixed: use pwg_db_fetch_assoc instead of mysql_fetch_assoc for PostgreSQL compatibility, patch by leloupv
File size: 12.2 KB

Rev	Line
[9372]	1	<?php
	2	// +-----------------------------------------------------------------------+
	3	// \| Piwigo - a PHP based picture gallery \|
	4	// +-----------------------------------------------------------------------+
	5	// \| Copyright(C) 2008-2011 Piwigo Team http://piwigo.org \|
	6	// \| Copyright(C) 2003-2008 PhpWebGallery Team http://phpwebgallery.net \|
	7	// \| Copyright(C) 2002-2003 Pierrick LE GALL http://le-gall.net/pierrick \|
	8	// +-----------------------------------------------------------------------+
	9	// \| This program is free software; you can redistribute it and/or modify \|
	10	// \| it under the terms of the GNU General Public License as published by \|
	11	// \| the Free Software Foundation \|
	12	// \| \|
	13	// \| This program is distributed in the hope that it will be useful, but \|
	14	// \| WITHOUT ANY WARRANTY; without even the implied warranty of \|
	15	// \| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU \|
	16	// \| General Public License for more details. \|
	17	// \| \|
	18	// \| You should have received a copy of the GNU General Public License \|
	19	// \| along with this program; if not, write to the Free Software \|
	20	// \| Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, \|
	21	// \| USA. \|
	22	// +-----------------------------------------------------------------------+
	23
	24	if( !defined("PHPWG_ROOT_PATH") )
	25	{
	26	die ("Hacking attempt!");
	27	}
	28
	29	include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
	30	load_language('plugin.lang', COMMUNITY_PATH);
	31
	32	$admin_base_url = get_root_url().'admin.php?page=plugin-community-permissions';
	33
[9510]	34	$who_options = array(
	35	'any_visitor' => l10n('any visitor'),
	36	'any_registered_user' => l10n('any registered user'),
	37	'user' => l10n('a specific user'),
	38	'group' => l10n('a group'),
	39	);
	40
[9372]	41	// +-----------------------------------------------------------------------+
	42	// \| Check Access and exit when user status is not ok \|
	43	// +-----------------------------------------------------------------------+
	44
	45	check_status(ACCESS_ADMINISTRATOR);
	46
	47	// +-----------------------------------------------------------------------+
	48	// \| add permissions \|
	49	// +-----------------------------------------------------------------------+
	50
	51	if (isset($_POST['submit_add']))
	52	{
[9510]	53	if (!in_array($_POST['who'], array_keys($who_options)))
[9372]	54	{
	55	die('hacking attempt: invalid "who" option');
	56	}
	57
	58	if ('user' == $_POST['who'])
	59	{
	60	check_input_parameter('who_user', $_POST, false, PATTERN_ID);
	61	}
	62
	63	if ('group' == $_POST['who'])
	64	{
	65	check_input_parameter('who_group', $_POST, false, PATTERN_ID);
	66	}
	67
	68	if (-1 != $_POST['category'])
	69	{
	70	check_input_parameter('category', $_POST, false, PATTERN_ID);
	71	}
	72
[9510]	73	check_input_parameter('moderated', $_POST, false, '/^(true\|false)$/');
[9372]	74
	75	// creating the permission
	76	$insert = array(
	77	'type' => $_POST['who'],
	78	'group_id' => ('group' == $_POST['who']) ? $_POST['who_group'] : null,
	79	'user_id' => ('user' == $_POST['who']) ? $_POST['who_user'] : null,
	80	'category_id' => ($_POST['category'] > 0) ? $_POST['category'] : null,
[9500]	81	'recursive' => isset($_POST['recursive']) ? 'true' : 'false',
[9372]	82	'create_subcategories' => isset($_POST['create_subcategories']) ? 'true' : 'false',
[9510]	83	'moderated' => $_POST['moderated'],
[9372]	84	);
[9510]	85
[9511]	86	// does this permission already exist?
	87	//
	88	// a permission is identified by a who+where
	89	$query = '
	90	SELECT
	91	id
	92	FROM '.COMMUNITY_PERMISSIONS_TABLE.'
	93	WHERE type = \''.$insert['type'].'\'
	94	AND user_id '.(isset($insert['user_id']) ? '= '.$insert['user_id'] : 'is null').'
	95	AND group_id '.(isset($insert['group_id']) ? '= '.$insert['group_id'] : 'is null').'
[9536]	96	AND category_id '.(isset($insert['category_id']) ? '= '.$insert['category_id'] : 'is null').'
[9511]	97	;';
	98	$result = pwg_query($query);
	99	$row = pwg_db_fetch_assoc($result);
	100	if (isset($row['id']))
	101	{
	102	if (isset($_POST['edit']))
	103	{
	104	check_input_parameter('edit', $_POST, false, PATTERN_ID);
	105
	106	if ($_POST['edit'] != $row['id'])
	107	{
	108	// we have to delete the edited permission
	109	$query = '
	110	DELETE
	111	FROM '.COMMUNITY_PERMISSIONS_TABLE.'
	112	WHERE id = '.$_POST['edit'].'
	113	;';
	114	pwg_query($query);
	115	}
	116	}
	117
	118	$_POST['edit'] = $row['id'];
	119	}
	120
[9510]	121	if (isset($_POST['edit']))
	122	{
	123	check_input_parameter('edit', $_POST, false, PATTERN_ID);
	124
	125	$insert['id'] = $_POST['edit'];
	126
	127	mass_updates(
	128	COMMUNITY_PERMISSIONS_TABLE,
	129	array(
	130	'primary' => array('id'),
	131	'update' => array_keys($insert),
	132	),
	133	array($insert)
	134	);
	135
	136	$page['highlight'] = $insert['id'];
	137
	138	array_push(
	139	$page['infos'],
	140	l10n('Permission updated')
	141	);
	142	}
	143	else
	144	{
	145	mass_inserts(
	146	COMMUNITY_PERMISSIONS_TABLE,
	147	array_keys($insert),
	148	array($insert)
	149	);
	150
	151	$page['highlight'] = pwg_db_insert_id(COMMUNITY_PERMISSIONS_TABLE);
[9500]	152
[9510]	153	array_push(
	154	$page['infos'],
	155	l10n('Permission added')
	156	);
	157	}
[9501]	158
[9583]	159	community_update_cache_key();
[9372]	160	}
	161
	162	// +-----------------------------------------------------------------------+
	163	// \| remove permissions \|
	164	// +-----------------------------------------------------------------------+
	165
	166	if (isset($_GET['delete']))
	167	{
	168	check_input_parameter('delete', $_GET, false, PATTERN_ID);
	169
	170	$query = '
	171	DELETE
	172	FROM '.COMMUNITY_PERMISSIONS_TABLE.'
	173	WHERE id = '.$_GET['delete'].'
	174	;';
	175	pwg_query($query);
	176
[9583]	177	community_update_cache_key();
[9501]	178
[9372]	179	$_SESSION['page_infos'] = array(l10n('Permission removed'));
	180	redirect($admin_base_url);
	181	}
	182
	183	// +-----------------------------------------------------------------------+
	184	// \| template init \|
	185	// +-----------------------------------------------------------------------+
	186
	187	$template->set_filenames(
	188	array(
	189	'plugin_admin_content' => dirname(__FILE__).'/admin_permissions.tpl'
	190	)
	191	);
	192
	193	// +-----------------------------------------------------------------------+
	194	// \| prepare form \|
	195	// +-----------------------------------------------------------------------+
	196
[9510]	197	// edit mode?
	198	if (isset($_GET['edit']))
	199	{
	200	check_input_parameter('edit', $_GET, false, PATTERN_ID);
	201
	202	$query = '
	203	SELECT
	204	*
	205	FROM '.COMMUNITY_PERMISSIONS_TABLE.'
	206	WHERE id = '.$_GET['edit'].'
	207	;';
	208	$result = pwg_query($query);
	209	$row = pwg_db_fetch_assoc($result);
[9372]	210
[9510]	211	if (isset($row['id']))
	212	{
[10095]	213	$category_options_selected = $row['category_id'];
	214
[9510]	215	$template->assign(
	216	array(
	217	'edit' => $row['id'],
	218	'who_options_selected' => $row['type'],
	219	'user_options_selected' => $row['user_id'],
	220	'group_options_selected' => $row['group_id'],
	221	'recursive' => get_boolean($row['recursive']),
	222	'create_subcategories' => get_boolean($row['create_subcategories']),
	223	'moderated' => get_boolean($row['moderated']),
	224	)
	225	);
	226	}
	227	}
	228	else
	229	{
	230	$template->assign(
	231	array(
	232	'moderated' => true,
	233	)
	234	);
	235	}
	236
	237	// who options
	238	$template->assign(
	239	array(
	240	'who_options' => $who_options,
	241	)
	242	);
	243
[9372]	244	// list of users
	245	$users = array();
	246
	247	$query = '
	248	SELECT
	249	'.$conf['user_fields']['id'].' AS id,
	250	'.$conf['user_fields']['username'].' AS username
	251	FROM '.USERS_TABLE.' AS u
	252	INNER JOIN '.USER_INFOS_TABLE.' AS uf ON uf.user_id = id
	253	WHERE uf.status IN (\'normal\',\'generic\')
	254	;';
	255	$result = pwg_query($query);
	256	while ($row = pwg_db_fetch_assoc($result))
	257	{
	258	$users[$row['id']] = $row['username'];
	259	}
	260
	261	natcasesort($users);
	262
	263	$template->assign(
	264	array(
	265	'user_options' => $users,
	266	)
	267	);
	268
	269	// list of groups
[9375]	270	$groups = array();
	271
[9372]	272	$query = '
	273	SELECT
	274	id,
	275	name
	276	FROM '.GROUPS_TABLE.'
	277	;';
	278	$result = pwg_query($query);
	279	while ($row = pwg_db_fetch_assoc($result))
	280	{
	281	$groups[$row['id']] = $row['name'];
	282	}
	283
	284	natcasesort($groups);
	285
	286	$template->assign(
	287	array(
	288	'group_options' => $groups,
	289	)
	290	);
	291
	292
	293	$template->assign(
	294	array(
	295	'F_ADD_ACTION' => COMMUNITY_BASE_URL.'-'.$page['tab'],
	296	)
	297	);
	298
	299	// list of albums
	300	$query = '
	301	SELECT id,name,uppercats,global_rank
	302	FROM '.CATEGORIES_TABLE.'
	303	;';
	304
	305	display_select_cat_wrapper(
	306	$query,
[10095]	307	isset($category_options_selected) ? $category_options_selected : array(),
[9372]	308	'category_options'
	309	);
	310
	311	// +-----------------------------------------------------------------------+
	312	// \| permission list \|
	313	// +-----------------------------------------------------------------------+
	314
	315	// user with community permissions
	316	$query = '
	317	SELECT
	318	*
	319	FROM '.COMMUNITY_PERMISSIONS_TABLE.'
	320	ORDER BY id DESC
	321	;';
	322	$result = pwg_query($query);
	323
	324	$permissions = array();
	325	$user_ids = array();
	326	$group_ids = array();
	327	$category_ids = array();
	328
[10772]	329	while ($row = pwg_db_fetch_assoc($result))
[9372]	330	{
	331	array_push($permissions, $row);
	332
	333	if (!empty($row['user_id']))
	334	{
	335	array_push($user_ids, $row['user_id']);
	336	}
	337
	338	if (!empty($row['group_id']))
	339	{
	340	array_push($group_ids, $row['group_id']);
	341	}
	342
	343	if (!empty($row['category_id']))
	344	{
	345	array_push($category_ids, $row['category_id']);
	346	}
	347	}
	348
	349	if (!empty($user_ids))
	350	{
	351	$query = '
	352	SELECT
	353	'.$conf['user_fields']['id'].' AS id,
	354	'.$conf['user_fields']['username'].' AS username
	355	FROM '.USERS_TABLE.'
	356	WHERE '.$conf['user_fields']['id'].' IN ('.implode(',', $user_ids).')
	357	;';
	358	$result = pwg_query($query);
	359	while ($row = pwg_db_fetch_assoc($result))
	360	{
	361	$name_of_user[ $row['id'] ] = $row['username'];
	362	}
	363	}
	364
	365	if (!empty($group_ids))
	366	{
	367	$query = '
	368	SELECT
	369	id,
	370	name
	371	FROM '.GROUPS_TABLE.'
	372	WHERE id IN ('.implode(',', $group_ids).')
	373	;';
	374	$result = pwg_query($query);
	375	while ($row = pwg_db_fetch_assoc($result))
	376	{
	377	$name_of_group[ $row['id'] ] = $row['name'];
	378	}
	379	}
	380
	381	if (!empty($category_ids))
	382	{
	383	$query = '
	384	SELECT
	385	id,
	386	uppercats
	387	FROM '.CATEGORIES_TABLE.'
	388	WHERE id IN ('.implode(',', $category_ids).')
	389	;';
	390	$result = pwg_query($query);
	391
	392	while ($row = pwg_db_fetch_assoc($result))
	393	{
	394	$name_of_category[ $row['id'] ] = get_cat_display_name_cache(
	395	$row['uppercats'],
	396	null,
	397	false
	398	);
	399	}
	400	}
	401
	402	foreach ($permissions as $permission)
	403	{
	404	$where = l10n('The whole gallery');
	405	if (isset($permission['category_id']))
	406	{
	407	$where = $name_of_category[ $permission['category_id'] ];
	408	}
	409
	410	$who = l10n('any visitor');
	411	if ('any_registered_user' == $permission['type'])
	412	{
	413	$who = l10n('any registered user');
	414	}
	415	elseif ('user' == $permission['type'])
	416	{
	417	$who = sprintf(
	418	l10n('%s (the user)'),
	419	$name_of_user[$permission['user_id']]
	420	);
	421	}
	422	elseif ('group' == $permission['type'])
	423	{
	424	$who = sprintf(
	425	l10n('%s (the group)'),
	426	$name_of_group[$permission['group_id']]
	427	);
	428	}
	429
	430	$trust = l10n('low trust');
	431	$trust_tooltip = l10n('uploaded photos must be validated by an administrator');
	432	if ('false' == $permission['moderated'])
	433	{
	434	$trust = l10n('high trust');
	435	$trust_tooltip = l10n('uploaded photos are directly displayed in the gallery');
	436	}
[9510]	437
	438	$highlight = false;
	439	if (isset($_GET['edit']) and $permission['id'] == $_GET['edit'])
	440	{
	441	$highlight = true;
	442	}
	443	if (isset($page['highlight']) and $permission['id'] == $page['highlight'])
	444	{
	445	$highlight = true;
	446	}
[9372]	447
[9510]	448
[9372]	449	$template->append(
	450	'permissions',
	451	array(
	452	'WHO' => $who,
	453	'WHERE' => $where,
	454	'TRUST' => $trust,
	455	'TRUST_TOOLTIP' => $trust_tooltip,
[9500]	456	'RECURSIVE' => get_boolean($permission['recursive']),
	457	'RECURSIVE_TOOLTIP' => l10n('Apply to sub-albums'),
[9372]	458	'CREATE_SUBCATEGORIES' => get_boolean($permission['create_subcategories']),
[9510]	459	'U_DELETE' => $admin_base_url.'&delete='.$permission['id'],
	460	'U_EDIT' => $admin_base_url.'&edit='.$permission['id'],
	461	'HIGHLIGHT' => $highlight,
[9372]	462	)
	463	);
	464	}
	465
	466	// +-----------------------------------------------------------------------+
	467	// \| sending html code \|
	468	// +-----------------------------------------------------------------------+
	469
	470	$template->assign_var_from_handle('ADMIN_CONTENT', 'plugin_admin_content');
	471	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: