Context Navigation

source: extensions/community/admin_permissions.php @ 23037

Last change on this file since 23037 was 23037, checked in by plg, 11 years ago
manage quota (number of photos, disk usage)
File size: 13.3 KB

Line
1	<?php
2	// +-----------------------------------------------------------------------+
3	// \| Piwigo - a PHP based picture gallery \|
4	// +-----------------------------------------------------------------------+
5	// \| Copyright(C) 2008-2011 Piwigo Team http://piwigo.org \|
6	// \| Copyright(C) 2003-2008 PhpWebGallery Team http://phpwebgallery.net \|
7	// \| Copyright(C) 2002-2003 Pierrick LE GALL http://le-gall.net/pierrick \|
8	// +-----------------------------------------------------------------------+
9	// \| This program is free software; you can redistribute it and/or modify \|
10	// \| it under the terms of the GNU General Public License as published by \|
11	// \| the Free Software Foundation \|
12	// \| \|
13	// \| This program is distributed in the hope that it will be useful, but \|
14	// \| WITHOUT ANY WARRANTY; without even the implied warranty of \|
15	// \| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU \|
16	// \| General Public License for more details. \|
17	// \| \|
18	// \| You should have received a copy of the GNU General Public License \|
19	// \| along with this program; if not, write to the Free Software \|
20	// \| Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, \|
21	// \| USA. \|
22	// +-----------------------------------------------------------------------+
23
24	if( !defined("PHPWG_ROOT_PATH") )
25	{
26	die ("Hacking attempt!");
27	}
28
29	include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
30	load_language('plugin.lang', COMMUNITY_PATH);
31
32	$admin_base_url = get_root_url().'admin.php?page=plugin-community-permissions';
33
34	$who_options = array(
35	'any_visitor' => l10n('any visitor'),
36	'any_registered_user' => l10n('any registered user'),
37	'user' => l10n('a specific user'),
38	'group' => l10n('a group'),
39	);
40
41	// +-----------------------------------------------------------------------+
42	// \| Check Access and exit when user status is not ok \|
43	// +-----------------------------------------------------------------------+
44
45	check_status(ACCESS_ADMINISTRATOR);
46
47	// +-----------------------------------------------------------------------+
48	// \| add permissions \|
49	// +-----------------------------------------------------------------------+
50
51	if (isset($_POST['submit_add']))
52	{
53	if (!in_array($_POST['who'], array_keys($who_options)))
54	{
55	die('hacking attempt: invalid "who" option');
56	}
57
58	if ('user' == $_POST['who'])
59	{
60	check_input_parameter('who_user', $_POST, false, PATTERN_ID);
61	}
62
63	if ('group' == $_POST['who'])
64	{
65	check_input_parameter('who_group', $_POST, false, PATTERN_ID);
66	}
67
68	if (-1 != $_POST['category'])
69	{
70	check_input_parameter('category', $_POST, false, PATTERN_ID);
71	}
72
73	check_input_parameter('moderated', $_POST, false, '/^(true\|false)$/');
74
75	if (-1 != $_POST['nb_photos'])
76	{
77	check_input_parameter('nb_photos', $_POST, false, PATTERN_ID);
78	}
79
80	if (-1 != $_POST['storage'])
81	{
82	check_input_parameter('storage', $_POST, false, PATTERN_ID);
83	}
84
85	// creating the permission
86	$insert = array(
87	'type' => $_POST['who'],
88	'group_id' => ('group' == $_POST['who']) ? $_POST['who_group'] : null,
89	'user_id' => ('user' == $_POST['who']) ? $_POST['who_user'] : null,
90	'category_id' => ($_POST['category'] > 0) ? $_POST['category'] : null,
91	'recursive' => isset($_POST['recursive']) ? 'true' : 'false',
92	'create_subcategories' => isset($_POST['create_subcategories']) ? 'true' : 'false',
93	'moderated' => $_POST['moderated'],
94	'nb_photos' => $_POST['nb_photos'],
95	'storage' => $_POST['storage'],
96	);
97
98	// does this permission already exist?
99	//
100	// a permission is identified by a who+where
101	$query = '
102	SELECT
103	id
104	FROM '.COMMUNITY_PERMISSIONS_TABLE.'
105	WHERE type = \''.$insert['type'].'\'
106	AND user_id '.(isset($insert['user_id']) ? '= '.$insert['user_id'] : 'is null').'
107	AND group_id '.(isset($insert['group_id']) ? '= '.$insert['group_id'] : 'is null').'
108	AND category_id '.(isset($insert['category_id']) ? '= '.$insert['category_id'] : 'is null').'
109	;';
110	$result = pwg_query($query);
111	$row = pwg_db_fetch_assoc($result);
112	if (isset($row['id']))
113	{
114	if (isset($_POST['edit']))
115	{
116	check_input_parameter('edit', $_POST, false, PATTERN_ID);
117
118	if ($_POST['edit'] != $row['id'])
119	{
120	// we have to delete the edited permission
121	$query = '
122	DELETE
123	FROM '.COMMUNITY_PERMISSIONS_TABLE.'
124	WHERE id = '.$_POST['edit'].'
125	;';
126	pwg_query($query);
127	}
128	}
129
130	$_POST['edit'] = $row['id'];
131	}
132
133	if (isset($_POST['edit']))
134	{
135	check_input_parameter('edit', $_POST, false, PATTERN_ID);
136
137	$insert['id'] = $_POST['edit'];
138
139	mass_updates(
140	COMMUNITY_PERMISSIONS_TABLE,
141	array(
142	'primary' => array('id'),
143	'update' => array_keys($insert),
144	),
145	array($insert)
146	);
147
148	$page['highlight'] = $insert['id'];
149
150	array_push(
151	$page['infos'],
152	l10n('Permission updated')
153	);
154	}
155	else
156	{
157	mass_inserts(
158	COMMUNITY_PERMISSIONS_TABLE,
159	array_keys($insert),
160	array($insert)
161	);
162
163	$page['highlight'] = pwg_db_insert_id(COMMUNITY_PERMISSIONS_TABLE);
164
165	array_push(
166	$page['infos'],
167	l10n('Permission added')
168	);
169	}
170
171	community_update_cache_key();
172	}
173
174	// +-----------------------------------------------------------------------+
175	// \| remove permissions \|
176	// +-----------------------------------------------------------------------+
177
178	if (isset($_GET['delete']))
179	{
180	check_input_parameter('delete', $_GET, false, PATTERN_ID);
181
182	$query = '
183	DELETE
184	FROM '.COMMUNITY_PERMISSIONS_TABLE.'
185	WHERE id = '.$_GET['delete'].'
186	;';
187	pwg_query($query);
188
189	community_update_cache_key();
190
191	$_SESSION['page_infos'] = array(l10n('Permission removed'));
192	redirect($admin_base_url);
193	}
194
195	// +-----------------------------------------------------------------------+
196	// \| template init \|
197	// +-----------------------------------------------------------------------+
198
199	$template->set_filenames(
200	array(
201	'plugin_admin_content' => dirname(__FILE__).'/admin_permissions.tpl'
202	)
203	);
204
205	// +-----------------------------------------------------------------------+
206	// \| prepare form \|
207	// +-----------------------------------------------------------------------+
208
209	// edit mode?
210	if (isset($_GET['edit']))
211	{
212	check_input_parameter('edit', $_GET, false, PATTERN_ID);
213
214	$query = '
215	SELECT
216	*
217	FROM '.COMMUNITY_PERMISSIONS_TABLE.'
218	WHERE id = '.$_GET['edit'].'
219	;';
220	$result = pwg_query($query);
221	$row = pwg_db_fetch_assoc($result);
222
223	if (isset($row['id']))
224	{
225	$category_options_selected = $row['category_id'];
226
227	$template->assign(
228	array(
229	'edit' => $row['id'],
230	'who_options_selected' => $row['type'],
231	'user_options_selected' => $row['user_id'],
232	'group_options_selected' => $row['group_id'],
233	'recursive' => get_boolean($row['recursive']),
234	'create_subcategories' => get_boolean($row['create_subcategories']),
235	'moderated' => get_boolean($row['moderated']),
236	'nb_photos' => empty($row['nb_photos']) ? -1 : $row['nb_photos'],
237	'storage' => empty($row['storage']) ? -1 : $row['storage'],
238	)
239	);
240	}
241	}
242	else
243	{
244	$template->assign(
245	array(
246	'moderated' => true,
247	'nb_photos' => -1,
248	'storage' => -1,
249	)
250	);
251	}
252
253	// who options
254	$template->assign(
255	array(
256	'who_options' => $who_options,
257	)
258	);
259
260	// list of users
261	$users = array();
262
263	$query = '
264	SELECT
265	'.$conf['user_fields']['id'].' AS id,
266	'.$conf['user_fields']['username'].' AS username
267	FROM '.USERS_TABLE.' AS u
268	INNER JOIN '.USER_INFOS_TABLE.' AS uf ON uf.user_id = id
269	WHERE uf.status IN (\'normal\',\'generic\')
270	;';
271	$result = pwg_query($query);
272	while ($row = pwg_db_fetch_assoc($result))
273	{
274	$users[$row['id']] = $row['username'];
275	}
276
277	natcasesort($users);
278
279	$template->assign(
280	array(
281	'user_options' => $users,
282	)
283	);
284
285	// list of groups
286	$groups = array();
287
288	$query = '
289	SELECT
290	id,
291	name
292	FROM '.GROUPS_TABLE.'
293	;';
294	$result = pwg_query($query);
295	while ($row = pwg_db_fetch_assoc($result))
296	{
297	$groups[$row['id']] = $row['name'];
298	}
299
300	natcasesort($groups);
301
302	$template->assign(
303	array(
304	'group_options' => $groups,
305	)
306	);
307
308
309	$template->assign(
310	array(
311	'F_ADD_ACTION' => COMMUNITY_BASE_URL.'-'.$page['tab'],
312	)
313	);
314
315	// list of albums
316	$query = '
317	SELECT id,name,uppercats,global_rank
318	FROM '.CATEGORIES_TABLE.'
319	;';
320
321	display_select_cat_wrapper(
322	$query,
323	isset($category_options_selected) ? $category_options_selected : array(),
324	'category_options'
325	);
326
327	// +-----------------------------------------------------------------------+
328	// \| permission list \|
329	// +-----------------------------------------------------------------------+
330
331	// user with community permissions
332	$query = '
333	SELECT
334	*
335	FROM '.COMMUNITY_PERMISSIONS_TABLE.'
336	ORDER BY id DESC
337	;';
338	$result = pwg_query($query);
339
340	$permissions = array();
341	$user_ids = array();
342	$group_ids = array();
343	$category_ids = array();
344
345	while ($row = pwg_db_fetch_assoc($result))
346	{
347	array_push($permissions, $row);
348
349	if (!empty($row['user_id']))
350	{
351	array_push($user_ids, $row['user_id']);
352	}
353
354	if (!empty($row['group_id']))
355	{
356	array_push($group_ids, $row['group_id']);
357	}
358
359	if (!empty($row['category_id']))
360	{
361	array_push($category_ids, $row['category_id']);
362	}
363	}
364
365	if (!empty($user_ids))
366	{
367	$query = '
368	SELECT
369	'.$conf['user_fields']['id'].' AS id,
370	'.$conf['user_fields']['username'].' AS username
371	FROM '.USERS_TABLE.'
372	WHERE '.$conf['user_fields']['id'].' IN ('.implode(',', $user_ids).')
373	;';
374	$result = pwg_query($query);
375	while ($row = pwg_db_fetch_assoc($result))
376	{
377	$name_of_user[ $row['id'] ] = $row['username'];
378	}
379	}
380
381	if (!empty($group_ids))
382	{
383	$query = '
384	SELECT
385	id,
386	name
387	FROM '.GROUPS_TABLE.'
388	WHERE id IN ('.implode(',', $group_ids).')
389	;';
390	$result = pwg_query($query);
391	while ($row = pwg_db_fetch_assoc($result))
392	{
393	$name_of_group[ $row['id'] ] = $row['name'];
394	}
395	}
396
397	if (!empty($category_ids))
398	{
399	$query = '
400	SELECT
401	id,
402	uppercats
403	FROM '.CATEGORIES_TABLE.'
404	WHERE id IN ('.implode(',', $category_ids).')
405	;';
406	$result = pwg_query($query);
407
408	while ($row = pwg_db_fetch_assoc($result))
409	{
410	$name_of_category[ $row['id'] ] = get_cat_display_name_cache(
411	$row['uppercats'],
412	null,
413	false
414	);
415	}
416	}
417
418	foreach ($permissions as $permission)
419	{
420	$where = l10n('The whole gallery');
421	if (isset($permission['category_id']))
422	{
423	$where = $name_of_category[ $permission['category_id'] ];
424	}
425
426	$who = l10n('any visitor');
427	if ('any_registered_user' == $permission['type'])
428	{
429	$who = l10n('any registered user');
430	}
431	elseif ('user' == $permission['type'])
432	{
433	$who = sprintf(
434	l10n('%s (the user)'),
435	$name_of_user[$permission['user_id']]
436	);
437	}
438	elseif ('group' == $permission['type'])
439	{
440	$who = sprintf(
441	l10n('%s (the group)'),
442	$name_of_group[$permission['group_id']]
443	);
444	}
445
446	$trust = l10n('low trust');
447	$trust_tooltip = l10n('uploaded photos must be validated by an administrator');
448	if ('false' == $permission['moderated'])
449	{
450	$trust = l10n('high trust');
451	$trust_tooltip = l10n('uploaded photos are directly displayed in the gallery');
452	}
453
454	$highlight = false;
455	if (isset($_GET['edit']) and $permission['id'] == $_GET['edit'])
456	{
457	$highlight = true;
458	}
459	if (isset($page['highlight']) and $permission['id'] == $page['highlight'])
460	{
461	$highlight = true;
462	}
463
464	$nb_photos = false;
465	$nb_photos_tooltip = null;
466	if (!empty($permission['nb_photos']) and $permission['nb_photos'] > 0)
467	{
468	$nb_photos = $permission['nb_photos'];
469	$nb_photos_tooltip = sprintf(
470	l10n('up to %d photos (for each user)'),
471	$nb_photos
472	);
473	}
474
475	$storage = false;
476	$storage_tooltip = null;
477	if (!empty($permission['storage']) and $permission['storage'] > 0)
478	{
479	$storage = $permission['storage'];
480	$storage_tooltip = sprintf(
481	l10n('up to %dMB (for each user)'),
482	$storage
483	);
484	}
485
486
487	$template->append(
488	'permissions',
489	array(
490	'WHO' => $who,
491	'WHERE' => $where,
492	'TRUST' => $trust,
493	'TRUST_TOOLTIP' => $trust_tooltip,
494	'RECURSIVE' => get_boolean($permission['recursive']),
495	'RECURSIVE_TOOLTIP' => l10n('Apply to sub-albums'),
496	'NB_PHOTOS' => $nb_photos,
497	'NB_PHOTOS_TOOLTIP' => $nb_photos_tooltip,
498	'STORAGE' => $storage,
499	'STORAGE_TOOLTIP' => $storage_tooltip,
500	'CREATE_SUBCATEGORIES' => get_boolean($permission['create_subcategories']),
501	'U_DELETE' => $admin_base_url.'&delete='.$permission['id'],
502	'U_EDIT' => $admin_base_url.'&edit='.$permission['id'],
503	'HIGHLIGHT' => $highlight,
504	)
505	);
506	}
507
508	// +-----------------------------------------------------------------------+
509	// \| sending html code \|
510	// +-----------------------------------------------------------------------+
511
512	$template->assign_var_from_handle('ADMIN_CONTENT', 'plugin_admin_content');
513	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: