[9372] | 1 | <?php |
---|
| 2 | // +-----------------------------------------------------------------------+ |
---|
| 3 | // | Piwigo - a PHP based photo gallery | |
---|
| 4 | // +-----------------------------------------------------------------------+ |
---|
| 5 | // | Copyright(C) 2008-2011 Piwigo Team http://piwigo.org | |
---|
| 6 | // | Copyright(C) 2003-2008 PhpWebGallery Team http://phpwebgallery.net | |
---|
| 7 | // | Copyright(C) 2002-2003 Pierrick LE GALL http://le-gall.net/pierrick | |
---|
| 8 | // +-----------------------------------------------------------------------+ |
---|
| 9 | // | This program is free software; you can redistribute it and/or modify | |
---|
| 10 | // | it under the terms of the GNU General Public License as published by | |
---|
| 11 | // | the Free Software Foundation | |
---|
| 12 | // | | |
---|
| 13 | // | This program is distributed in the hope that it will be useful, but | |
---|
| 14 | // | WITHOUT ANY WARRANTY; without even the implied warranty of | |
---|
| 15 | // | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
---|
| 16 | // | General Public License for more details. | |
---|
| 17 | // | | |
---|
| 18 | // | You should have received a copy of the GNU General Public License | |
---|
| 19 | // | along with this program; if not, write to the Free Software | |
---|
| 20 | // | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | |
---|
| 21 | // | USA. | |
---|
| 22 | // +-----------------------------------------------------------------------+ |
---|
| 23 | |
---|
| 24 | function community_get_user_permissions($user_id) |
---|
| 25 | { |
---|
[23085] | 26 | // echo __FUNCTION__.' => call for user '.$user_id.'<br>'; |
---|
| 27 | |
---|
[9500] | 28 | global $conf, $user; |
---|
[9372] | 29 | |
---|
[9583] | 30 | $cache_key = community_get_cache_key(); |
---|
| 31 | if (!isset($cache_key)) |
---|
[9501] | 32 | { |
---|
[9583] | 33 | $cache_key = community_update_cache_key(); |
---|
[9501] | 34 | } |
---|
[9583] | 35 | |
---|
| 36 | // I (plg) don't understand why, but when you connect, you keep the |
---|
[9584] | 37 | // permissions calculated for the "guest" : the session "inherits" |
---|
| 38 | // variables from guest to the connected user, so I add a |
---|
[9583] | 39 | // $_SESSION['community_user_id'] to force refresh if the permissions were |
---|
| 40 | // not calculated for the right user |
---|
| 41 | if ( |
---|
| 42 | isset($_SESSION['community_user_id']) |
---|
| 43 | and $_SESSION['community_user_id'] == $user_id |
---|
| 44 | and $_SESSION['community_cache_key'] == $cache_key |
---|
| 45 | ) |
---|
[9501] | 46 | { |
---|
[9583] | 47 | return $_SESSION['community_user_permissions']; |
---|
[9501] | 48 | } |
---|
| 49 | |
---|
[9372] | 50 | $return = array( |
---|
| 51 | 'upload_whole_gallery' => false, |
---|
| 52 | 'create_whole_gallery' => false, |
---|
[23085] | 53 | 'user_album' => false, |
---|
[9372] | 54 | 'create_categories' => array(), |
---|
| 55 | 'upload_categories' => array(), |
---|
| 56 | 'permission_ids' => array(), |
---|
[23037] | 57 | 'nb_photos' => 0, |
---|
| 58 | 'storage' => 0, |
---|
[9372] | 59 | ); |
---|
| 60 | |
---|
| 61 | // what are the user groups? |
---|
| 62 | $query = ' |
---|
| 63 | SELECT |
---|
| 64 | group_id |
---|
| 65 | FROM '.USER_GROUP_TABLE.' |
---|
| 66 | WHERE user_id = '.$user_id.' |
---|
| 67 | ;'; |
---|
| 68 | $user_group_ids = array_from_query($query, 'group_id'); |
---|
| 69 | |
---|
| 70 | $query = ' |
---|
| 71 | SELECT |
---|
| 72 | id, |
---|
[23085] | 73 | type, |
---|
[9372] | 74 | category_id, |
---|
[23085] | 75 | user_album, |
---|
[9500] | 76 | recursive, |
---|
[23037] | 77 | create_subcategories, |
---|
| 78 | nb_photos, |
---|
| 79 | storage |
---|
[9372] | 80 | FROM '.COMMUNITY_PERMISSIONS_TABLE.' |
---|
| 81 | WHERE (type = \'any_visitor\')'; |
---|
| 82 | |
---|
| 83 | if ($user_id != $conf['guest_id']) |
---|
| 84 | { |
---|
[9376] | 85 | $query.= ' |
---|
[9372] | 86 | OR (type = \'any_registered_user\') |
---|
[9376] | 87 | OR (type = \'user\' AND user_id = '.$user_id.')'; |
---|
| 88 | |
---|
| 89 | if (count($user_group_ids) > 0) |
---|
| 90 | { |
---|
| 91 | $query.= ' |
---|
| 92 | OR (type = \'group\' AND group_id IN ('.implode(',', $user_group_ids).'))'; |
---|
| 93 | } |
---|
[9372] | 94 | } |
---|
| 95 | |
---|
| 96 | $query.= ' |
---|
| 97 | ;'; |
---|
| 98 | |
---|
[9500] | 99 | $recursive_categories = array(); |
---|
| 100 | |
---|
[9372] | 101 | $result = pwg_query($query); |
---|
| 102 | while ($row = pwg_db_fetch_assoc($result)) |
---|
| 103 | { |
---|
| 104 | array_push($return['permission_ids'], $row['id']); |
---|
[23085] | 105 | |
---|
| 106 | if ('false' == $row['user_album']) |
---|
[9372] | 107 | { |
---|
[23085] | 108 | if (empty($row['category_id'])) |
---|
[9500] | 109 | { |
---|
[23085] | 110 | $return['upload_whole_gallery'] = true; |
---|
[9500] | 111 | } |
---|
[23085] | 112 | else |
---|
| 113 | { |
---|
| 114 | array_push($return['upload_categories'], $row['category_id']); |
---|
| 115 | |
---|
| 116 | if ('true' == $row['recursive']) |
---|
| 117 | { |
---|
| 118 | array_push($recursive_categories, $row['category_id']); |
---|
| 119 | } |
---|
| 120 | } |
---|
[9372] | 121 | } |
---|
| 122 | |
---|
| 123 | if ('true' == $row['create_subcategories']) |
---|
| 124 | { |
---|
| 125 | if (empty($row['category_id'])) |
---|
| 126 | { |
---|
| 127 | $return ['create_whole_gallery'] = true; |
---|
| 128 | } |
---|
| 129 | else |
---|
| 130 | { |
---|
| 131 | array_push($return['create_categories'], $row['category_id']); |
---|
| 132 | } |
---|
| 133 | } |
---|
[23037] | 134 | |
---|
| 135 | if ($return['nb_photos'] != -1) |
---|
| 136 | { |
---|
| 137 | if (empty($row['nb_photos']) or -1 == $row['nb_photos']) |
---|
| 138 | { |
---|
| 139 | // that means "no limit" |
---|
| 140 | $return['nb_photos'] = -1; |
---|
| 141 | } |
---|
| 142 | elseif ($row['nb_photos'] > $return['nb_photos']) |
---|
| 143 | { |
---|
| 144 | $return['nb_photos'] = $row['nb_photos']; |
---|
| 145 | } |
---|
| 146 | } |
---|
| 147 | |
---|
| 148 | if ($return['storage'] != -1) |
---|
| 149 | { |
---|
| 150 | if (empty($row['storage']) or -1 == $row['storage']) |
---|
| 151 | { |
---|
| 152 | // that means "no limit" |
---|
| 153 | $return['storage'] = -1; |
---|
| 154 | } |
---|
| 155 | elseif ($row['storage'] > $return['storage']) |
---|
| 156 | { |
---|
| 157 | $return['storage'] = $row['storage']; |
---|
| 158 | } |
---|
| 159 | } |
---|
[23085] | 160 | |
---|
| 161 | if ($conf['community']['user_albums'] and 'any_visitor' != $row['type']) |
---|
| 162 | { |
---|
| 163 | $return['user_album'] = true; |
---|
| 164 | } |
---|
[9372] | 165 | } |
---|
| 166 | |
---|
[9500] | 167 | if (is_admin()) |
---|
[9372] | 168 | { |
---|
[9500] | 169 | $return ['upload_whole_gallery'] = true; |
---|
| 170 | $return ['create_whole_gallery'] = true; |
---|
[23037] | 171 | $return['nb_photos'] = -1; |
---|
| 172 | $return['storage'] = -1; |
---|
[9372] | 173 | } |
---|
| 174 | |
---|
[9500] | 175 | // these are categories with access permission but considering the user |
---|
| 176 | // has a level 8 (maximum level). We want to keep categories with no |
---|
| 177 | // photos inside (for nobody) |
---|
| 178 | $forbidden_categories = calculate_permissions($user['id'], $user['status']); |
---|
| 179 | |
---|
| 180 | $empty_categories = array_diff( |
---|
| 181 | explode(',', $user['forbidden_categories']), |
---|
| 182 | explode(',', $forbidden_categories) |
---|
| 183 | ); |
---|
| 184 | |
---|
| 185 | if (count($empty_categories) > 0) |
---|
[9372] | 186 | { |
---|
[9500] | 187 | $query = ' |
---|
| 188 | SELECT |
---|
| 189 | category_id |
---|
| 190 | FROM '.IMAGE_CATEGORY_TABLE.' |
---|
[10770] | 191 | JOIN '.IMAGES_TABLE.' ON image_id = id |
---|
[9500] | 192 | WHERE category_id IN ('.implode(',', $empty_categories).') |
---|
| 193 | AND level > '.$user['level'].' |
---|
| 194 | AND level <= 8 |
---|
| 195 | GROUP BY category_id |
---|
| 196 | ;'; |
---|
| 197 | $not_really_empty_categories = array_keys(hash_from_query($query, 'category_id')); |
---|
| 198 | $forbidden_categories.= ','.implode(',', $not_really_empty_categories); |
---|
| 199 | } |
---|
| 200 | |
---|
| 201 | $query = ' |
---|
| 202 | SELECT |
---|
| 203 | id |
---|
| 204 | FROM '.CATEGORIES_TABLE.' |
---|
| 205 | ;'; |
---|
| 206 | $all_categories = array_keys(hash_from_query($query, 'id')); |
---|
| 207 | |
---|
| 208 | if ($return['upload_whole_gallery']) |
---|
| 209 | { |
---|
| 210 | $return['upload_categories'] = array_diff( |
---|
| 211 | $all_categories, |
---|
| 212 | explode(',', $forbidden_categories) |
---|
| 213 | ); |
---|
| 214 | } |
---|
| 215 | elseif (count($return['upload_categories']) > 0) |
---|
| 216 | { |
---|
| 217 | if (count($recursive_categories) > 0) |
---|
| 218 | { |
---|
| 219 | $return['upload_categories'] = array_unique( |
---|
| 220 | array_merge( |
---|
| 221 | $return['upload_categories'], |
---|
| 222 | get_subcat_ids($recursive_categories) |
---|
| 223 | ) |
---|
| 224 | ); |
---|
| 225 | } |
---|
| 226 | |
---|
| 227 | $return['upload_categories'] = array_diff( |
---|
| 228 | $return['upload_categories'], |
---|
| 229 | explode(',', $forbidden_categories) |
---|
| 230 | ); |
---|
| 231 | } |
---|
| 232 | |
---|
| 233 | if ($return ['create_whole_gallery']) |
---|
| 234 | { |
---|
| 235 | $return['create_categories'] = array_diff( |
---|
| 236 | $all_categories, |
---|
| 237 | explode(',', $forbidden_categories) |
---|
| 238 | ); |
---|
| 239 | } |
---|
| 240 | elseif (count($return['create_categories']) > 0) |
---|
| 241 | { |
---|
| 242 | // no need to check for "recursive", an upload permission can't be |
---|
| 243 | // "create_subcategories" without being "recursive" |
---|
[9372] | 244 | $return['create_categories'] = get_subcat_ids($return['create_categories']); |
---|
[9500] | 245 | |
---|
| 246 | $return['create_categories'] = array_diff( |
---|
| 247 | $return['create_categories'], |
---|
| 248 | explode(',', $forbidden_categories) |
---|
| 249 | ); |
---|
[9372] | 250 | } |
---|
| 251 | |
---|
[23085] | 252 | if ($return['user_album']) |
---|
| 253 | { |
---|
| 254 | $user_album_category_id = community_get_user_album($user_id); |
---|
| 255 | |
---|
| 256 | if (!empty($user_album_category_id) and !in_array($user_album_category_id, $return['upload_categories'])) |
---|
| 257 | { |
---|
| 258 | array_push($return['upload_categories'], $user_album_category_id); |
---|
| 259 | } |
---|
| 260 | } |
---|
| 261 | |
---|
| 262 | // is the user allowed to use community upload? |
---|
| 263 | if (count($return['upload_categories']) > 0 or $return['create_whole_gallery'] or $return['user_album']) |
---|
| 264 | { |
---|
| 265 | $return['community_enabled'] = true; |
---|
| 266 | } |
---|
| 267 | else |
---|
| 268 | { |
---|
| 269 | $return['community_enabled'] = false; |
---|
| 270 | } |
---|
| 271 | |
---|
[9501] | 272 | $_SESSION['community_user_permissions'] = $return; |
---|
[9583] | 273 | $_SESSION['community_cache_key'] = $cache_key; |
---|
| 274 | $_SESSION['community_user_id'] = $user_id; |
---|
[9501] | 275 | |
---|
[23085] | 276 | // echo __FUNCTION__.' => cache reset for user '.$user_id.'<br>'; |
---|
| 277 | |
---|
[9501] | 278 | return $_SESSION['community_user_permissions']; |
---|
[9372] | 279 | } |
---|
| 280 | |
---|
[23085] | 281 | /** |
---|
| 282 | * return the user album category_id. The album is automatically created if |
---|
| 283 | * it does not exist (or has been deleted) |
---|
| 284 | */ |
---|
| 285 | function community_get_user_album($user_id) |
---|
| 286 | { |
---|
| 287 | global $conf; |
---|
| 288 | |
---|
| 289 | $user_album_category_id = null; |
---|
| 290 | |
---|
| 291 | $query = ' |
---|
| 292 | SELECT * |
---|
| 293 | FROM '.CATEGORIES_TABLE.' |
---|
| 294 | WHERE community_user = '.$user_id.' |
---|
| 295 | ;'; |
---|
| 296 | $result = pwg_query($query); |
---|
| 297 | while ($row = pwg_db_fetch_assoc($result)) |
---|
| 298 | { |
---|
| 299 | $user_album_category_id = $row['id']; |
---|
| 300 | break; |
---|
| 301 | } |
---|
| 302 | |
---|
| 303 | if (!isset($user_album_category_id)) |
---|
| 304 | { |
---|
| 305 | $user_infos = getuserdata($user_id, false); |
---|
| 306 | |
---|
| 307 | include_once(PHPWG_ROOT_PATH.'admin/include/functions.php'); |
---|
| 308 | $category_info = create_virtual_category($user_infos['username'], $conf['community']['user_albums_parent']); |
---|
| 309 | |
---|
| 310 | single_update( |
---|
| 311 | CATEGORIES_TABLE, |
---|
| 312 | array('community_user' => $user_id), |
---|
| 313 | array('id' => $category_info['id']) |
---|
| 314 | ); |
---|
| 315 | |
---|
| 316 | $user_album_category_id = $category_info['id']; |
---|
| 317 | |
---|
| 318 | // in functions_html::get_cat_display_name_cache we use a cache and this |
---|
| 319 | // cache must be reset so that new album is included inside it. |
---|
| 320 | global $cache; |
---|
| 321 | unset($cache['cat_names']); |
---|
| 322 | } |
---|
| 323 | |
---|
| 324 | return $user_album_category_id; |
---|
| 325 | } |
---|
| 326 | |
---|
[9452] | 327 | function community_reject_pendings($image_ids) |
---|
| 328 | { |
---|
| 329 | if (count($image_ids) == 0) |
---|
| 330 | { |
---|
| 331 | return; |
---|
| 332 | } |
---|
| 333 | |
---|
| 334 | $query = ' |
---|
| 335 | DELETE |
---|
| 336 | FROM '.COMMUNITY_PENDINGS_TABLE.' |
---|
| 337 | WHERE image_id IN ('.implode(',', $image_ids).') |
---|
| 338 | ;'; |
---|
| 339 | pwg_query($query); |
---|
| 340 | |
---|
| 341 | // needs to be in administration panel |
---|
| 342 | delete_elements($image_ids, true); |
---|
| 343 | } |
---|
| 344 | |
---|
| 345 | function community_reject_user_pendings($user_id) |
---|
| 346 | { |
---|
| 347 | $query = ' |
---|
| 348 | SELECT |
---|
| 349 | image_id |
---|
| 350 | FROM '.COMMUNITY_PENDINGS_TABLE.' AS cp |
---|
| 351 | INNER JOIN '.IMAGES_TABLE.' AS i ON i.id = cp.image_id |
---|
| 352 | WHERE state != \'validated\' |
---|
| 353 | AND added_by = '.$user_id.' |
---|
| 354 | ;'; |
---|
| 355 | $result = pwg_query($query); |
---|
| 356 | $image_ids = array(); |
---|
| 357 | while ($row = pwg_db_fetch_assoc($result)) |
---|
| 358 | { |
---|
| 359 | array_push($image_ids, $row['image_id']); |
---|
| 360 | } |
---|
| 361 | |
---|
| 362 | community_reject_pendings($image_ids); |
---|
| 363 | } |
---|
| 364 | |
---|
[9583] | 365 | function community_update_cache_key() |
---|
| 366 | { |
---|
| 367 | $cache_key = generate_key(20); |
---|
| 368 | conf_update_param('community_cache_key', $cache_key); |
---|
| 369 | return $cache_key; |
---|
| 370 | } |
---|
| 371 | |
---|
| 372 | function community_get_cache_key() |
---|
| 373 | { |
---|
| 374 | global $conf; |
---|
| 375 | |
---|
| 376 | if (isset($conf['community_cache_key'])) |
---|
| 377 | { |
---|
| 378 | return $conf['community_cache_key']; |
---|
| 379 | } |
---|
| 380 | else |
---|
| 381 | { |
---|
| 382 | return null; |
---|
| 383 | } |
---|
| 384 | } |
---|
[23037] | 385 | |
---|
| 386 | function community_get_user_limits($user_id) |
---|
| 387 | { |
---|
| 388 | // how many photos and storage for this user? |
---|
| 389 | $query = ' |
---|
| 390 | SELECT |
---|
| 391 | COUNT(id) AS nb_photos, |
---|
| 392 | IFNULL(FLOOR(SUM(filesize)/1024), 0) AS storage |
---|
| 393 | FROM '.IMAGES_TABLE.' |
---|
| 394 | WHERE added_by = '.$user_id.' |
---|
| 395 | ;'; |
---|
| 396 | return pwg_db_fetch_assoc(pwg_query($query)); |
---|
| 397 | } |
---|
[9372] | 398 | ?> |
---|