source: extensions/community/admin_permissions.php @ 9501

Last change on this file since 9501 was 9501, checked in by plg, 13 years ago

optimization: only calculate upload permissions once in a user session

File size: 9.3 KB
Line 
1<?php
2// +-----------------------------------------------------------------------+
3// | Piwigo - a PHP based picture gallery                                  |
4// +-----------------------------------------------------------------------+
5// | Copyright(C) 2008-2011 Piwigo Team                  http://piwigo.org |
6// | Copyright(C) 2003-2008 PhpWebGallery Team    http://phpwebgallery.net |
7// | Copyright(C) 2002-2003 Pierrick LE GALL   http://le-gall.net/pierrick |
8// +-----------------------------------------------------------------------+
9// | This program is free software; you can redistribute it and/or modify  |
10// | it under the terms of the GNU General Public License as published by  |
11// | the Free Software Foundation                                          |
12// |                                                                       |
13// | This program is distributed in the hope that it will be useful, but   |
14// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
15// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
16// | General Public License for more details.                              |
17// |                                                                       |
18// | You should have received a copy of the GNU General Public License     |
19// | along with this program; if not, write to the Free Software           |
20// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
21// | USA.                                                                  |
22// +-----------------------------------------------------------------------+
23
24if( !defined("PHPWG_ROOT_PATH") )
25{
26  die ("Hacking attempt!");
27}
28
29include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
30load_language('plugin.lang', COMMUNITY_PATH);
31
32$admin_base_url = get_root_url().'admin.php?page=plugin-community-permissions';
33
34// +-----------------------------------------------------------------------+
35// | Check Access and exit when user status is not ok                      |
36// +-----------------------------------------------------------------------+
37
38check_status(ACCESS_ADMINISTRATOR);
39
40// +-----------------------------------------------------------------------+
41// |                            add permissions                            |
42// +-----------------------------------------------------------------------+
43
44if (isset($_POST['submit_add']))
45{
46  $who_options = array('any_visitor', 'any_registered_user', 'user', 'group');
47 
48  if (!in_array($_POST['who'], $who_options))
49  {
50    die('hacking attempt: invalid "who" option');
51  }
52 
53  if ('user' == $_POST['who'])
54  {
55    check_input_parameter('who_user', $_POST, false, PATTERN_ID);
56  }
57
58  if ('group' == $_POST['who'])
59  {
60    check_input_parameter('who_group', $_POST, false, PATTERN_ID);
61  }
62
63  if (-1 != $_POST['category'])
64  {
65    check_input_parameter('category', $_POST, false, PATTERN_ID);
66  }
67
68  check_input_parameter('moderate', $_POST, false, '/^(true|false)$/');
69
70  // creating the permission
71  $insert = array(
72    'type' => $_POST['who'],
73    'group_id' => ('group' == $_POST['who']) ? $_POST['who_group'] : null,
74    'user_id' => ('user' == $_POST['who']) ? $_POST['who_user'] : null,
75    'category_id' => ($_POST['category'] > 0) ? $_POST['category'] : null,
76    'recursive' => isset($_POST['recursive']) ? 'true' : 'false',
77    'create_subcategories' => isset($_POST['create_subcategories']) ? 'true' : 'false',
78    'moderated' => $_POST['moderate'],
79    );
80 
81  mass_inserts(
82    COMMUNITY_PERMISSIONS_TABLE,
83    array_keys($insert),
84    array($insert)
85    );
86 
87  array_push(
88    $page['infos'],
89    l10n('Permission added')
90    );
91
92  conf_update_param('community_update', time());
93}
94
95// +-----------------------------------------------------------------------+
96// |                           remove permissions                          |
97// +-----------------------------------------------------------------------+
98
99if (isset($_GET['delete']))
100{
101  check_input_parameter('delete', $_GET, false, PATTERN_ID);
102 
103  $query = '
104DELETE
105  FROM '.COMMUNITY_PERMISSIONS_TABLE.'
106  WHERE id = '.$_GET['delete'].'
107;';
108  pwg_query($query);
109
110  conf_update_param('community_update', time());
111
112  $_SESSION['page_infos'] = array(l10n('Permission removed'));
113  redirect($admin_base_url);
114}
115
116// +-----------------------------------------------------------------------+
117// | template init                                                         |
118// +-----------------------------------------------------------------------+
119
120$template->set_filenames(
121  array(
122    'plugin_admin_content' => dirname(__FILE__).'/admin_permissions.tpl'
123    )
124  );
125
126// +-----------------------------------------------------------------------+
127// | prepare form                                                          |
128// +-----------------------------------------------------------------------+
129
130
131// list of users
132$users = array();
133
134$query = '
135SELECT
136    '.$conf['user_fields']['id'].' AS id,
137    '.$conf['user_fields']['username'].' AS username
138  FROM '.USERS_TABLE.' AS u
139    INNER JOIN '.USER_INFOS_TABLE.' AS uf ON uf.user_id = id
140  WHERE uf.status IN (\'normal\',\'generic\')
141;';
142$result = pwg_query($query);
143while ($row = pwg_db_fetch_assoc($result))
144{
145  $users[$row['id']] = $row['username'];
146}
147
148natcasesort($users);
149
150$template->assign(
151  array(
152    'user_options' => $users,
153    )
154  );
155
156// list of groups
157$groups = array();
158
159$query = '
160SELECT
161    id,
162    name
163  FROM '.GROUPS_TABLE.'
164;';
165$result = pwg_query($query);
166while ($row = pwg_db_fetch_assoc($result))
167{
168  $groups[$row['id']] = $row['name'];
169}
170
171natcasesort($groups);
172
173$template->assign(
174  array(
175    'group_options' => $groups,
176    )
177  );
178
179
180$template->assign(
181  array(
182    'F_ADD_ACTION' => COMMUNITY_BASE_URL.'-'.$page['tab'],
183    )
184  );
185
186// list of albums
187$query = '
188SELECT id,name,uppercats,global_rank
189  FROM '.CATEGORIES_TABLE.'
190;';
191
192display_select_cat_wrapper(
193  $query,
194  array(),
195  'category_options'
196  );
197
198// +-----------------------------------------------------------------------+
199// | permission list                                                       |
200// +-----------------------------------------------------------------------+
201
202// user with community permissions
203$query = '
204SELECT
205    *
206  FROM '.COMMUNITY_PERMISSIONS_TABLE.'
207  ORDER BY id DESC
208;';
209$result = pwg_query($query);
210
211$permissions = array();
212$user_ids = array();
213$group_ids = array();
214$category_ids = array();
215
216while ($row = mysql_fetch_assoc($result))
217{
218  array_push($permissions, $row);
219
220  if (!empty($row['user_id']))
221  {
222    array_push($user_ids, $row['user_id']);
223  }
224
225  if (!empty($row['group_id']))
226  {
227    array_push($group_ids, $row['group_id']);
228  }
229
230  if (!empty($row['category_id']))
231  {
232    array_push($category_ids, $row['category_id']);
233  }
234}
235
236if (!empty($user_ids))
237{
238  $query = '
239SELECT
240    '.$conf['user_fields']['id'].' AS id,
241    '.$conf['user_fields']['username'].' AS username
242  FROM '.USERS_TABLE.'
243  WHERE '.$conf['user_fields']['id'].' IN ('.implode(',', $user_ids).')
244;';
245  $result = pwg_query($query);
246  while ($row = pwg_db_fetch_assoc($result))
247  {
248    $name_of_user[ $row['id'] ] = $row['username'];
249  }
250}
251
252if (!empty($group_ids))
253{
254  $query = '
255SELECT
256    id,
257    name
258  FROM '.GROUPS_TABLE.'
259  WHERE id IN ('.implode(',', $group_ids).')
260;';
261  $result = pwg_query($query);
262  while ($row = pwg_db_fetch_assoc($result))
263  {
264    $name_of_group[ $row['id'] ] = $row['name'];
265  }
266}
267
268if (!empty($category_ids))
269{
270  $query = '
271SELECT
272    id,
273    uppercats
274  FROM '.CATEGORIES_TABLE.'
275  WHERE id IN ('.implode(',', $category_ids).')
276;';
277  $result = pwg_query($query);
278
279  while ($row = pwg_db_fetch_assoc($result))
280  {
281    $name_of_category[ $row['id'] ] = get_cat_display_name_cache(
282      $row['uppercats'],
283      null,
284      false
285      );
286  }
287}
288
289foreach ($permissions as $permission)
290{
291  $where = l10n('The whole gallery');
292  if (isset($permission['category_id']))
293  {
294    $where = $name_of_category[ $permission['category_id'] ];
295  }
296
297  $who = l10n('any visitor');
298  if ('any_registered_user' == $permission['type'])
299  {
300    $who = l10n('any registered user');
301  }
302  elseif ('user' == $permission['type'])
303  {
304    $who = sprintf(
305      l10n('%s (the user)'),
306      $name_of_user[$permission['user_id']]
307      );
308  }
309  elseif ('group' == $permission['type'])
310  {
311    $who = sprintf(
312      l10n('%s (the group)'),
313      $name_of_group[$permission['group_id']]
314      );
315  }
316
317  $trust = l10n('low trust');
318  $trust_tooltip = l10n('uploaded photos must be validated by an administrator');
319  if ('false' == $permission['moderated'])
320  {
321    $trust = l10n('high trust');
322    $trust_tooltip = l10n('uploaded photos are directly displayed in the gallery');
323  }
324 
325  $template->append(
326    'permissions',
327    array(
328      'WHO' => $who,
329      'WHERE' => $where,
330      'TRUST' => $trust,
331      'TRUST_TOOLTIP' => $trust_tooltip,
332      'RECURSIVE' => get_boolean($permission['recursive']),
333      'RECURSIVE_TOOLTIP' => l10n('Apply to sub-albums'),
334      'CREATE_SUBCATEGORIES' => get_boolean($permission['create_subcategories']),
335      'U_DELETE' => $admin_base_url.'&amp;delete='.$permission['id']
336      )
337    );
338}
339
340// +-----------------------------------------------------------------------+
341// | sending html code                                                     |
342// +-----------------------------------------------------------------------+
343
344$template->assign_var_from_handle('ADMIN_CONTENT', 'plugin_admin_content');
345?>
Note: See TracBrowser for help on using the repository browser.