source: extensions/community/admin_permissions.php @ 9958

Last change on this file since 9958 was 9583, checked in by plg, 14 years ago

bug fixed: invalidate_user_cache now also invalidates community user
permissions cache

bug fixed: community permissions cache was not refreshed when user connects,
I have added $_SESSIONcommunity_user_id to make sure the permissions are
related to the correct user

change: use a random key for cache update to avoid "in the same second
refresh".

filter the list of parent albums for "create a new album" based on permissions
even when create_whole_gallery is true

File size: 12.1 KB
Line 
1<?php
2// +-----------------------------------------------------------------------+
3// | Piwigo - a PHP based picture gallery                                  |
4// +-----------------------------------------------------------------------+
5// | Copyright(C) 2008-2011 Piwigo Team                  http://piwigo.org |
6// | Copyright(C) 2003-2008 PhpWebGallery Team    http://phpwebgallery.net |
7// | Copyright(C) 2002-2003 Pierrick LE GALL   http://le-gall.net/pierrick |
8// +-----------------------------------------------------------------------+
9// | This program is free software; you can redistribute it and/or modify  |
10// | it under the terms of the GNU General Public License as published by  |
11// | the Free Software Foundation                                          |
12// |                                                                       |
13// | This program is distributed in the hope that it will be useful, but   |
14// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
15// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
16// | General Public License for more details.                              |
17// |                                                                       |
18// | You should have received a copy of the GNU General Public License     |
19// | along with this program; if not, write to the Free Software           |
20// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
21// | USA.                                                                  |
22// +-----------------------------------------------------------------------+
23
24if( !defined("PHPWG_ROOT_PATH") )
25{
26  die ("Hacking attempt!");
27}
28
29include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
30load_language('plugin.lang', COMMUNITY_PATH);
31
32$admin_base_url = get_root_url().'admin.php?page=plugin-community-permissions';
33
34$who_options = array(
35  'any_visitor' => l10n('any visitor'),
36  'any_registered_user' => l10n('any registered user'),
37  'user' => l10n('a specific user'),
38  'group' => l10n('a group'),
39  );
40
41// +-----------------------------------------------------------------------+
42// | Check Access and exit when user status is not ok                      |
43// +-----------------------------------------------------------------------+
44
45check_status(ACCESS_ADMINISTRATOR);
46
47// +-----------------------------------------------------------------------+
48// |                            add permissions                            |
49// +-----------------------------------------------------------------------+
50
51if (isset($_POST['submit_add']))
52{
53  if (!in_array($_POST['who'], array_keys($who_options)))
54  {
55    die('hacking attempt: invalid "who" option');
56  }
57 
58  if ('user' == $_POST['who'])
59  {
60    check_input_parameter('who_user', $_POST, false, PATTERN_ID);
61  }
62
63  if ('group' == $_POST['who'])
64  {
65    check_input_parameter('who_group', $_POST, false, PATTERN_ID);
66  }
67
68  if (-1 != $_POST['category'])
69  {
70    check_input_parameter('category', $_POST, false, PATTERN_ID);
71  }
72
73  check_input_parameter('moderated', $_POST, false, '/^(true|false)$/');
74
75  // creating the permission
76  $insert = array(
77    'type' => $_POST['who'],
78    'group_id' => ('group' == $_POST['who']) ? $_POST['who_group'] : null,
79    'user_id' => ('user' == $_POST['who']) ? $_POST['who_user'] : null,
80    'category_id' => ($_POST['category'] > 0) ? $_POST['category'] : null,
81    'recursive' => isset($_POST['recursive']) ? 'true' : 'false',
82    'create_subcategories' => isset($_POST['create_subcategories']) ? 'true' : 'false',
83    'moderated' => $_POST['moderated'],
84    );
85
86  // does this permission already exist?
87  //
88  // a permission is identified by a who+where
89  $query = '
90SELECT
91    id
92  FROM '.COMMUNITY_PERMISSIONS_TABLE.'
93  WHERE type = \''.$insert['type'].'\'
94    AND user_id '.(isset($insert['user_id']) ? '= '.$insert['user_id'] : 'is null').'
95    AND group_id '.(isset($insert['group_id']) ? '= '.$insert['group_id'] : 'is null').'
96    AND category_id '.(isset($insert['category_id']) ? '= '.$insert['category_id'] : 'is null').'
97;';
98  $result = pwg_query($query);
99  $row = pwg_db_fetch_assoc($result);
100  if (isset($row['id']))
101  {
102    if (isset($_POST['edit']))
103    {
104      check_input_parameter('edit', $_POST, false, PATTERN_ID);
105     
106      if ($_POST['edit'] != $row['id'])
107      {
108        // we have to delete the edited permission
109        $query = '
110DELETE
111  FROM '.COMMUNITY_PERMISSIONS_TABLE.'
112  WHERE id = '.$_POST['edit'].'
113;';
114        pwg_query($query);
115      }
116    }
117
118    $_POST['edit'] = $row['id'];
119  }
120
121  if (isset($_POST['edit']))
122  {
123    check_input_parameter('edit', $_POST, false, PATTERN_ID);
124
125    $insert['id'] = $_POST['edit'];
126
127    mass_updates(
128      COMMUNITY_PERMISSIONS_TABLE,
129      array(
130        'primary' => array('id'),
131        'update' => array_keys($insert),
132        ),
133      array($insert)
134      );
135
136    $page['highlight'] = $insert['id'];
137
138    array_push(
139      $page['infos'],
140      l10n('Permission updated')
141      );
142  }
143  else
144  {
145    mass_inserts(
146      COMMUNITY_PERMISSIONS_TABLE,
147      array_keys($insert),
148      array($insert)
149      );
150
151    $page['highlight'] = pwg_db_insert_id(COMMUNITY_PERMISSIONS_TABLE);
152 
153    array_push(
154      $page['infos'],
155      l10n('Permission added')
156      );
157  }
158
159  community_update_cache_key();
160}
161
162// +-----------------------------------------------------------------------+
163// |                           remove permissions                          |
164// +-----------------------------------------------------------------------+
165
166if (isset($_GET['delete']))
167{
168  check_input_parameter('delete', $_GET, false, PATTERN_ID);
169 
170  $query = '
171DELETE
172  FROM '.COMMUNITY_PERMISSIONS_TABLE.'
173  WHERE id = '.$_GET['delete'].'
174;';
175  pwg_query($query);
176
177  community_update_cache_key();
178
179  $_SESSION['page_infos'] = array(l10n('Permission removed'));
180  redirect($admin_base_url);
181}
182
183// +-----------------------------------------------------------------------+
184// | template init                                                         |
185// +-----------------------------------------------------------------------+
186
187$template->set_filenames(
188  array(
189    'plugin_admin_content' => dirname(__FILE__).'/admin_permissions.tpl'
190    )
191  );
192
193// +-----------------------------------------------------------------------+
194// | prepare form                                                          |
195// +-----------------------------------------------------------------------+
196
197// edit mode?
198if (isset($_GET['edit']))
199{
200  check_input_parameter('edit', $_GET, false, PATTERN_ID);
201 
202  $query = '
203SELECT
204    *
205  FROM '.COMMUNITY_PERMISSIONS_TABLE.'
206  WHERE id = '.$_GET['edit'].'
207;';
208  $result = pwg_query($query);
209  $row = pwg_db_fetch_assoc($result);
210
211  if (isset($row['id']))
212  {
213    $template->assign(
214      array(
215        'edit' => $row['id'],
216        'who_options_selected' => $row['type'],
217        'user_options_selected' => $row['user_id'],
218        'group_options_selected' => $row['group_id'],
219        'category_options_selected' => $row['category_id'],
220        'recursive' => get_boolean($row['recursive']),
221        'create_subcategories' => get_boolean($row['create_subcategories']),
222        'moderated' => get_boolean($row['moderated']),
223        )
224      );
225  }
226}
227else
228{
229  $template->assign(
230    array(
231      'moderated' => true,
232      )
233    );
234}
235
236// who options
237$template->assign(
238  array(
239    'who_options' => $who_options,
240    )
241  );
242
243// list of users
244$users = array();
245
246$query = '
247SELECT
248    '.$conf['user_fields']['id'].' AS id,
249    '.$conf['user_fields']['username'].' AS username
250  FROM '.USERS_TABLE.' AS u
251    INNER JOIN '.USER_INFOS_TABLE.' AS uf ON uf.user_id = id
252  WHERE uf.status IN (\'normal\',\'generic\')
253;';
254$result = pwg_query($query);
255while ($row = pwg_db_fetch_assoc($result))
256{
257  $users[$row['id']] = $row['username'];
258}
259
260natcasesort($users);
261
262$template->assign(
263  array(
264    'user_options' => $users,
265    )
266  );
267
268// list of groups
269$groups = array();
270
271$query = '
272SELECT
273    id,
274    name
275  FROM '.GROUPS_TABLE.'
276;';
277$result = pwg_query($query);
278while ($row = pwg_db_fetch_assoc($result))
279{
280  $groups[$row['id']] = $row['name'];
281}
282
283natcasesort($groups);
284
285$template->assign(
286  array(
287    'group_options' => $groups,
288    )
289  );
290
291
292$template->assign(
293  array(
294    'F_ADD_ACTION' => COMMUNITY_BASE_URL.'-'.$page['tab'],
295    )
296  );
297
298// list of albums
299$query = '
300SELECT id,name,uppercats,global_rank
301  FROM '.CATEGORIES_TABLE.'
302;';
303
304display_select_cat_wrapper(
305  $query,
306  array(),
307  'category_options'
308  );
309
310// +-----------------------------------------------------------------------+
311// | permission list                                                       |
312// +-----------------------------------------------------------------------+
313
314// user with community permissions
315$query = '
316SELECT
317    *
318  FROM '.COMMUNITY_PERMISSIONS_TABLE.'
319  ORDER BY id DESC
320;';
321$result = pwg_query($query);
322
323$permissions = array();
324$user_ids = array();
325$group_ids = array();
326$category_ids = array();
327
328while ($row = mysql_fetch_assoc($result))
329{
330  array_push($permissions, $row);
331
332  if (!empty($row['user_id']))
333  {
334    array_push($user_ids, $row['user_id']);
335  }
336
337  if (!empty($row['group_id']))
338  {
339    array_push($group_ids, $row['group_id']);
340  }
341
342  if (!empty($row['category_id']))
343  {
344    array_push($category_ids, $row['category_id']);
345  }
346}
347
348if (!empty($user_ids))
349{
350  $query = '
351SELECT
352    '.$conf['user_fields']['id'].' AS id,
353    '.$conf['user_fields']['username'].' AS username
354  FROM '.USERS_TABLE.'
355  WHERE '.$conf['user_fields']['id'].' IN ('.implode(',', $user_ids).')
356;';
357  $result = pwg_query($query);
358  while ($row = pwg_db_fetch_assoc($result))
359  {
360    $name_of_user[ $row['id'] ] = $row['username'];
361  }
362}
363
364if (!empty($group_ids))
365{
366  $query = '
367SELECT
368    id,
369    name
370  FROM '.GROUPS_TABLE.'
371  WHERE id IN ('.implode(',', $group_ids).')
372;';
373  $result = pwg_query($query);
374  while ($row = pwg_db_fetch_assoc($result))
375  {
376    $name_of_group[ $row['id'] ] = $row['name'];
377  }
378}
379
380if (!empty($category_ids))
381{
382  $query = '
383SELECT
384    id,
385    uppercats
386  FROM '.CATEGORIES_TABLE.'
387  WHERE id IN ('.implode(',', $category_ids).')
388;';
389  $result = pwg_query($query);
390
391  while ($row = pwg_db_fetch_assoc($result))
392  {
393    $name_of_category[ $row['id'] ] = get_cat_display_name_cache(
394      $row['uppercats'],
395      null,
396      false
397      );
398  }
399}
400
401foreach ($permissions as $permission)
402{
403  $where = l10n('The whole gallery');
404  if (isset($permission['category_id']))
405  {
406    $where = $name_of_category[ $permission['category_id'] ];
407  }
408
409  $who = l10n('any visitor');
410  if ('any_registered_user' == $permission['type'])
411  {
412    $who = l10n('any registered user');
413  }
414  elseif ('user' == $permission['type'])
415  {
416    $who = sprintf(
417      l10n('%s (the user)'),
418      $name_of_user[$permission['user_id']]
419      );
420  }
421  elseif ('group' == $permission['type'])
422  {
423    $who = sprintf(
424      l10n('%s (the group)'),
425      $name_of_group[$permission['group_id']]
426      );
427  }
428
429  $trust = l10n('low trust');
430  $trust_tooltip = l10n('uploaded photos must be validated by an administrator');
431  if ('false' == $permission['moderated'])
432  {
433    $trust = l10n('high trust');
434    $trust_tooltip = l10n('uploaded photos are directly displayed in the gallery');
435  }
436
437  $highlight = false;
438  if (isset($_GET['edit']) and $permission['id'] == $_GET['edit'])
439  {
440    $highlight = true;
441  }
442  if (isset($page['highlight']) and $permission['id'] == $page['highlight'])
443  {
444    $highlight = true;
445  }
446 
447 
448  $template->append(
449    'permissions',
450    array(
451      'WHO' => $who,
452      'WHERE' => $where,
453      'TRUST' => $trust,
454      'TRUST_TOOLTIP' => $trust_tooltip,
455      'RECURSIVE' => get_boolean($permission['recursive']),
456      'RECURSIVE_TOOLTIP' => l10n('Apply to sub-albums'),
457      'CREATE_SUBCATEGORIES' => get_boolean($permission['create_subcategories']),
458      'U_DELETE' => $admin_base_url.'&amp;delete='.$permission['id'],
459      'U_EDIT' => $admin_base_url.'&amp;edit='.$permission['id'],
460      'HIGHLIGHT' => $highlight,
461      )
462    );
463}
464
465// +-----------------------------------------------------------------------+
466// | sending html code                                                     |
467// +-----------------------------------------------------------------------+
468
469$template->assign_var_from_handle('ADMIN_CONTENT', 'plugin_admin_content');
470?>
Note: See TracBrowser for help on using the repository browser.