Context Navigation

source: extensions/community/admin_permissions.php @ 9500

Last change on this file since 9500 was 9500, checked in by plg, 13 years ago

a permission may not automatically apply to sub-albums

in the upload form, the album list does not show private (and unreachable for
the user) albums and public albums that contains photos invisible to the user.

File size: 9.2 KB

Line
1	<?php
2	// +-----------------------------------------------------------------------+
3	// \| Piwigo - a PHP based picture gallery \|
4	// +-----------------------------------------------------------------------+
5	// \| Copyright(C) 2008-2011 Piwigo Team http://piwigo.org \|
6	// \| Copyright(C) 2003-2008 PhpWebGallery Team http://phpwebgallery.net \|
7	// \| Copyright(C) 2002-2003 Pierrick LE GALL http://le-gall.net/pierrick \|
8	// +-----------------------------------------------------------------------+
9	// \| This program is free software; you can redistribute it and/or modify \|
10	// \| it under the terms of the GNU General Public License as published by \|
11	// \| the Free Software Foundation \|
12	// \| \|
13	// \| This program is distributed in the hope that it will be useful, but \|
14	// \| WITHOUT ANY WARRANTY; without even the implied warranty of \|
15	// \| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU \|
16	// \| General Public License for more details. \|
17	// \| \|
18	// \| You should have received a copy of the GNU General Public License \|
19	// \| along with this program; if not, write to the Free Software \|
20	// \| Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, \|
21	// \| USA. \|
22	// +-----------------------------------------------------------------------+
23
24	if( !defined("PHPWG_ROOT_PATH") )
25	{
26	die ("Hacking attempt!");
27	}
28
29	include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
30	load_language('plugin.lang', COMMUNITY_PATH);
31
32	$admin_base_url = get_root_url().'admin.php?page=plugin-community-permissions';
33
34	// +-----------------------------------------------------------------------+
35	// \| Check Access and exit when user status is not ok \|
36	// +-----------------------------------------------------------------------+
37
38	check_status(ACCESS_ADMINISTRATOR);
39
40	// +-----------------------------------------------------------------------+
41	// \| add permissions \|
42	// +-----------------------------------------------------------------------+
43
44	if (isset($_POST['submit_add']))
45	{
46	$who_options = array('any_visitor', 'any_registered_user', 'user', 'group');
47
48	if (!in_array($_POST['who'], $who_options))
49	{
50	die('hacking attempt: invalid "who" option');
51	}
52
53	if ('user' == $_POST['who'])
54	{
55	check_input_parameter('who_user', $_POST, false, PATTERN_ID);
56	}
57
58	if ('group' == $_POST['who'])
59	{
60	check_input_parameter('who_group', $_POST, false, PATTERN_ID);
61	}
62
63	if (-1 != $_POST['category'])
64	{
65	check_input_parameter('category', $_POST, false, PATTERN_ID);
66	}
67
68	check_input_parameter('moderate', $_POST, false, '/^(true\|false)$/');
69
70	// creating the permission
71	$insert = array(
72	'type' => $_POST['who'],
73	'group_id' => ('group' == $_POST['who']) ? $_POST['who_group'] : null,
74	'user_id' => ('user' == $_POST['who']) ? $_POST['who_user'] : null,
75	'category_id' => ($_POST['category'] > 0) ? $_POST['category'] : null,
76	'recursive' => isset($_POST['recursive']) ? 'true' : 'false',
77	'create_subcategories' => isset($_POST['create_subcategories']) ? 'true' : 'false',
78	'moderated' => $_POST['moderate'],
79	);
80
81	mass_inserts(
82	COMMUNITY_PERMISSIONS_TABLE,
83	array_keys($insert),
84	array($insert)
85	);
86
87	array_push(
88	$page['infos'],
89	l10n('Permission added')
90	);
91	}
92
93	// +-----------------------------------------------------------------------+
94	// \| remove permissions \|
95	// +-----------------------------------------------------------------------+
96
97	if (isset($_GET['delete']))
98	{
99	check_input_parameter('delete', $_GET, false, PATTERN_ID);
100
101	$query = '
102	DELETE
103	FROM '.COMMUNITY_PERMISSIONS_TABLE.'
104	WHERE id = '.$_GET['delete'].'
105	;';
106	pwg_query($query);
107
108	$_SESSION['page_infos'] = array(l10n('Permission removed'));
109	redirect($admin_base_url);
110	}
111
112	// +-----------------------------------------------------------------------+
113	// \| template init \|
114	// +-----------------------------------------------------------------------+
115
116	$template->set_filenames(
117	array(
118	'plugin_admin_content' => dirname(__FILE__).'/admin_permissions.tpl'
119	)
120	);
121
122	// +-----------------------------------------------------------------------+
123	// \| prepare form \|
124	// +-----------------------------------------------------------------------+
125
126
127	// list of users
128	$users = array();
129
130	$query = '
131	SELECT
132	'.$conf['user_fields']['id'].' AS id,
133	'.$conf['user_fields']['username'].' AS username
134	FROM '.USERS_TABLE.' AS u
135	INNER JOIN '.USER_INFOS_TABLE.' AS uf ON uf.user_id = id
136	WHERE uf.status IN (\'normal\',\'generic\')
137	;';
138	$result = pwg_query($query);
139	while ($row = pwg_db_fetch_assoc($result))
140	{
141	$users[$row['id']] = $row['username'];
142	}
143
144	natcasesort($users);
145
146	$template->assign(
147	array(
148	'user_options' => $users,
149	)
150	);
151
152	// list of groups
153	$groups = array();
154
155	$query = '
156	SELECT
157	id,
158	name
159	FROM '.GROUPS_TABLE.'
160	;';
161	$result = pwg_query($query);
162	while ($row = pwg_db_fetch_assoc($result))
163	{
164	$groups[$row['id']] = $row['name'];
165	}
166
167	natcasesort($groups);
168
169	$template->assign(
170	array(
171	'group_options' => $groups,
172	)
173	);
174
175
176	$template->assign(
177	array(
178	'F_ADD_ACTION' => COMMUNITY_BASE_URL.'-'.$page['tab'],
179	)
180	);
181
182	// list of albums
183	$query = '
184	SELECT id,name,uppercats,global_rank
185	FROM '.CATEGORIES_TABLE.'
186	;';
187
188	display_select_cat_wrapper(
189	$query,
190	array(),
191	'category_options'
192	);
193
194	// +-----------------------------------------------------------------------+
195	// \| permission list \|
196	// +-----------------------------------------------------------------------+
197
198	// user with community permissions
199	$query = '
200	SELECT
201	*
202	FROM '.COMMUNITY_PERMISSIONS_TABLE.'
203	ORDER BY id DESC
204	;';
205	$result = pwg_query($query);
206
207	$permissions = array();
208	$user_ids = array();
209	$group_ids = array();
210	$category_ids = array();
211
212	while ($row = mysql_fetch_assoc($result))
213	{
214	array_push($permissions, $row);
215
216	if (!empty($row['user_id']))
217	{
218	array_push($user_ids, $row['user_id']);
219	}
220
221	if (!empty($row['group_id']))
222	{
223	array_push($group_ids, $row['group_id']);
224	}
225
226	if (!empty($row['category_id']))
227	{
228	array_push($category_ids, $row['category_id']);
229	}
230	}
231
232	if (!empty($user_ids))
233	{
234	$query = '
235	SELECT
236	'.$conf['user_fields']['id'].' AS id,
237	'.$conf['user_fields']['username'].' AS username
238	FROM '.USERS_TABLE.'
239	WHERE '.$conf['user_fields']['id'].' IN ('.implode(',', $user_ids).')
240	;';
241	$result = pwg_query($query);
242	while ($row = pwg_db_fetch_assoc($result))
243	{
244	$name_of_user[ $row['id'] ] = $row['username'];
245	}
246	}
247
248	if (!empty($group_ids))
249	{
250	$query = '
251	SELECT
252	id,
253	name
254	FROM '.GROUPS_TABLE.'
255	WHERE id IN ('.implode(',', $group_ids).')
256	;';
257	$result = pwg_query($query);
258	while ($row = pwg_db_fetch_assoc($result))
259	{
260	$name_of_group[ $row['id'] ] = $row['name'];
261	}
262	}
263
264	if (!empty($category_ids))
265	{
266	$query = '
267	SELECT
268	id,
269	uppercats
270	FROM '.CATEGORIES_TABLE.'
271	WHERE id IN ('.implode(',', $category_ids).')
272	;';
273	$result = pwg_query($query);
274
275	while ($row = pwg_db_fetch_assoc($result))
276	{
277	$name_of_category[ $row['id'] ] = get_cat_display_name_cache(
278	$row['uppercats'],
279	null,
280	false
281	);
282	}
283	}
284
285	foreach ($permissions as $permission)
286	{
287	$where = l10n('The whole gallery');
288	if (isset($permission['category_id']))
289	{
290	$where = $name_of_category[ $permission['category_id'] ];
291	}
292
293	$who = l10n('any visitor');
294	if ('any_registered_user' == $permission['type'])
295	{
296	$who = l10n('any registered user');
297	}
298	elseif ('user' == $permission['type'])
299	{
300	$who = sprintf(
301	l10n('%s (the user)'),
302	$name_of_user[$permission['user_id']]
303	);
304	}
305	elseif ('group' == $permission['type'])
306	{
307	$who = sprintf(
308	l10n('%s (the group)'),
309	$name_of_group[$permission['group_id']]
310	);
311	}
312
313	$trust = l10n('low trust');
314	$trust_tooltip = l10n('uploaded photos must be validated by an administrator');
315	if ('false' == $permission['moderated'])
316	{
317	$trust = l10n('high trust');
318	$trust_tooltip = l10n('uploaded photos are directly displayed in the gallery');
319	}
320
321	$template->append(
322	'permissions',
323	array(
324	'WHO' => $who,
325	'WHERE' => $where,
326	'TRUST' => $trust,
327	'TRUST_TOOLTIP' => $trust_tooltip,
328	'RECURSIVE' => get_boolean($permission['recursive']),
329	'RECURSIVE_TOOLTIP' => l10n('Apply to sub-albums'),
330	'CREATE_SUBCATEGORIES' => get_boolean($permission['create_subcategories']),
331	'U_DELETE' => $admin_base_url.'&delete='.$permission['id']
332	)
333	);
334	}
335
336	// +-----------------------------------------------------------------------+
337	// \| sending html code \|
338	// +-----------------------------------------------------------------------+
339
340	$template->assign_var_from_handle('ADMIN_CONTENT', 'plugin_admin_content');
341	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: