<?php
/* Virtual AutoGrant */
if (!defined('PHPWG_ROOT_PATH') or !defined('VAG_DIR')) die('Hacking attempt!');
global $conf;
include_once( VAG_PATH . 'VAG_default.php');
$vag = & $conf['virtual_AutoGrant'];

// General case for set private (exception synchronisation (categories are not virtual ones))
if ( $conf['newcat_default_status'] == 'public' and $vag['set_private'] == 1 
    and defined('IN_ADMIN') and IN_ADMIN and !function_exists( 'VAG_set_private' ) ) {
  add_event_handler('get_admin_plugin_menu_links', 'VAG_set_private');
  function VAG_set_private($menu) {
    global $page, $conf;
    if ( isset($page['page']) and $page['page'] != 'site_manager' )
      $conf['newcat_default_status'] = 'private';
    return $menu;
  }
} 
// General case for set public (exception synchronisation (categories are not virtual ones))
if ( $conf['newcat_default_status'] == 'private' and $vag['set_private'] == 0 
    and defined('IN_ADMIN') and IN_ADMIN and !function_exists( 'VAG_set_public' ) ) {
  add_event_handler('get_admin_plugin_menu_links', 'VAG_set_public');
  function VAG_set_public($menu) {
    global $page, $conf;
    if ( isset($page['page']) and $page['page'] != 'site_manager' )
      $conf['newcat_default_status'] = 'public';
    return $menu;
  }
} 
// General case for grant to someone
// Don't grant on physical categories 
if ( ($vag['grant_to_creator'] == 1 or $vag['grant_to_webmaster'] == 1)
    and defined('IN_ADMIN') and IN_ADMIN and !function_exists( 'VAG_grant_to_prepare' ) ) {
		add_event_handler('get_admin_plugin_menu_links', 'VAG_grant_to_prepare');
  function VAG_grant_to_prepare($menu) {
    global $conf, $page, $vag;
    if ( !isset($page['page']) or $page['page'] == 'site_manager' ) return false; # Not Virtual
    list($max_id) = pwg_db_fetch_row(pwg_query('SELECT MAX(id) FROM '.CATEGORIES_TABLE . ';'));
    $vag['lastcat before'] == $max_id;
    list($max_id) = pwg_db_fetch_row(pwg_query('SELECT MAX(id) FROM '.IMAGES_TABLE . ';'));
    $vag['lastimg before'] == $max_id;
    add_event_handler('loc_end_admin', 'VAG_grant_to_somebody');
    return $menu;
  }
  if ( !function_exists( 'VAG_grant_to_somebody' ) ) {
    function VAG_grant_to_somebody() {
      global $conf, $vag, $user;
      if ( empty($vag['lastcat before']) ) $vag['lastcat before'] = 0;
      if ( empty($vag['lastimg before']) ) $vag['lastimg before'] = 0;
      list($new_id) = pwg_db_fetch_row(pwg_query('SELECT MAX(id) FROM '.CATEGORIES_TABLE
      . ' WHERE id > ' . $vag['lastcat before'] . ' AND site_id IS NULL;'));
      if ( empty($newid) ) return false;
      if ( $vag['grant_to_creator'] == 1 or $vag['grant_to_webmaster'] == 1 ) {
        if ( $vag['grant_to_creator'] == 1 ) $insert[] = array('user_id' => $user['id'], 'cat_id' => $newid);
        if ( $user['id'] != $conf['webmaster_id'] and $vag['grant_to_webmaster'] == 1 )
          $insert[] = array('user_id' => $conf['webmaster_id'], 'cat_id' => $newid);
        mass_inserts(USER_ACCESS_TABLE, array('user_id','cat_id'), $insert);
      }
      // Who can see
      if ( $vag['set_who_can_see'] == 0 ) return false;
      if ( is_webmaster() and $vag['webmaster_set_who_can_see'] == 1) return false;
      // New image_ids
      $img_ids = array_from_query('SELECT id FROM ' . IMAGES_TABLE . ' WHERE id > ' . $vag['lastimg before'] . ';', 'id');
      if (count($img_ids) == 0) return false;
      // New image_ids which are associated to a public category at least
      if ($vag['ignore_who_can_see_on_private'] == 1)
        $img_ids = array_from_query('SELECT image_id FROM ' . IMAGE_CATEGORY_TABLE 
            . ' WHERE category_id IN (SELECT id FROM ' . CATEGORIES_TABLE . ' WHERE status = \'public\')'
            . ' AND image_id IN ('.implode(',', $img_ids).');');
      $r = pwg_query('UPDATE '.IMAGES_TABLE.' SET level = ' . $user['level'] . ' WHERE level < '. $user['level'] 
            . ' AND id IN ('.implode(',', $img_ids).');');
    }
  }
} 

// API cases : Just do it   
if ( !function_exists( 'VAG_set_private_by_API' ) ) {
	add_event_handler('invalidate_user_cache', 'VAG_set_private_by_API', 20);

	function  VAG_set_private_by_API($full) {
    if ( !function_exists( 'ws_categories_add' ) ) return false; // That isn't an API request
	  global $user, $conf;
    $vag = & $conf['virtual_AutoGrant'];
    if ( isset($_REQUEST['method']) and $_REQUEST['method'] == 'pwg.categories.add' ) {
      list($inserted_id) = pwg_db_fetch_row(pwg_query('SELECT MAX(id) FROM '.CATEGORIES_TABLE
      . ' WHERE name = \'' .pwg_db_real_escape_string($_REQUEST['name']) . '\' AND site_id IS NULL;'));
      # Note:  AND site_id IS NULL because synchro could be running in //
      if ( $vag['set_private_by_API'] == 1 ) set_cat_status(array($inserted_id), 'private');
        else set_cat_status(array($inserted_id), 'public');
      if ( ($vag['grant_to_creator'] == 1 or $vag['grant_to_webmaster'] == 1 ) and $vag['set_private_by_API'] == 1 ) {
        if ( $vag['grant_to_creator'] == 1 ) $insert[] = array('user_id' => $user['id'], 'cat_id' => $inserted_id);
        if ( $user['id'] != $conf['webmaster_id'] and $vag['grant_to_webmaster'] == 1 )
          $insert[] = array('user_id' => $conf['webmaster_id'], 'cat_id' => $inserted_id);
        mass_inserts(USER_ACCESS_TABLE, array('user_id','cat_id'), $insert);
      }
      $vag['lastcat before'] = $inserted_id; # Admin Photos Add does not need to redo the job
    }
    // "Who can see" management ( only for API, Synchro or old HTTP management on gallery side are ignored )
    if ( isset($_REQUEST['method']) and $_REQUEST['method'] == 'pwg.images.add' and isset($_REQUEST['original_sum']) 
        and $vag['set_who_can_see'] == 1 ) {
      # image to update
      if ('md5sum' == $conf['uniqueness_mode']) $where_clause = "md5sum = '".pwg_db_real_escape_string($_REQUEST['original_sum'])."'";
      if ('filename' == $conf['uniqueness_mode'] and isset($_REQUEST['original_filename']) ) 
          $where_clause = "file = '".pwg_db_real_escape_string($_REQUEST['original_filename'])."'";
      if ( !isset($where_clause) or (is_webmaster() and $vag['webmaster_set_who_can_see'] == 1) ) return false;
      if ( $user['level'] == $conf['available_permission_levels'][0] ) return false;   // Non privacy level won't force it
      if (!isset($_REQUEST['categories'])) return false;
      $tokens = explode(';', pwg_db_real_escape_string($_REQUEST['categories']));
      $cat_ids = array();
      foreach ($tokens as $token) {
        list($cat_id) = explode(',', $token);
        if (!preg_match('/^\d+$/', $cat_id)) continue;
        array_push($cat_ids, $cat_id);
      }
      $cat_ids = array_unique($cat_ids);
      if (count($cat_ids) != 0) $w = ' AND id IN ('.implode(',', $cat_ids).')'; else $w ='';
      list($count_public_cat) = pwg_db_fetch_row(pwg_query('SELECT count(*) FROM '.CATEGORIES_TABLE
      . ' WHERE status = \'public\' ' . $w . ' AND site_id IS NULL;'));
      // No public category = all are private => maybe we can ignore "Who can see"
      if ( $count_public_cat == 0 and $vag['ignore_who_can_see_on_private'] == 1 ) return false;
      $r = pwg_query('UPDATE '.IMAGES_TABLE.' SET level = ' . $user['level'] . ' WHERE level < '. $user['level'] 
          .' AND ' . $where_clause . ';');
    }
	}
}
// Configuration menu
if ( !function_exists( 'VAG_admin_menu' ) ) {
	if ( defined('IN_ADMIN') and IN_ADMIN ) {
		add_event_handler('get_admin_plugin_menu_links', 'VAG_admin_menu');
    function VAG_admin_menu($menu) {
        array_push($menu, array(
                'NAME' => 'Virtual AutoGrant',
                'URL' => get_admin_plugin_menu_link( VAG_PATH .'VAG_admin.php')
        ));
        return $menu;
    }
  }
}
?>