Context Navigation

source: trunk/admin/cat_perm.php @ 12020

Last change on this file since 12020 was 12020, checked in by flop25, 13 years ago
token added for permissions
Property svn:eol-style set to `LF`
File size: 9.6 KB

Rev	Line
[21]	1	<?php
[362]	2	// +-----------------------------------------------------------------------+
[8728]	3	// \| Piwigo - a PHP based photo gallery \|
[2297]	4	// +-----------------------------------------------------------------------+
[8728]	5	// \| Copyright(C) 2008-2011 Piwigo Team http://piwigo.org \|
[2297]	6	// \| Copyright(C) 2003-2008 PhpWebGallery Team http://phpwebgallery.net \|
	7	// \| Copyright(C) 2002-2003 Pierrick LE GALL http://le-gall.net/pierrick \|
	8	// +-----------------------------------------------------------------------+
	9	// \| This program is free software; you can redistribute it and/or modify \|
	10	// \| it under the terms of the GNU General Public License as published by \|
	11	// \| the Free Software Foundation \|
	12	// \| \|
	13	// \| This program is distributed in the hope that it will be useful, but \|
	14	// \| WITHOUT ANY WARRANTY; without even the implied warranty of \|
	15	// \| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU \|
	16	// \| General Public License for more details. \|
	17	// \| \|
	18	// \| You should have received a copy of the GNU General Public License \|
	19	// \| along with this program; if not, write to the Free Software \|
	20	// \| Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, \|
	21	// \| USA. \|
	22	// +-----------------------------------------------------------------------+
[800]	23
	24	if (!defined('PHPWG_ROOT_PATH'))
[21]	25	{
[800]	26	die ("Hacking attempt!");
	27	}
	28
[1072]	29	include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
	30
[800]	31	// +-----------------------------------------------------------------------+
[1072]	32	// \| Check Access and exit when user status is not ok \|
	33	// +-----------------------------------------------------------------------+
	34	check_status(ACCESS_ADMINISTRATOR);
	35
	36	// +-----------------------------------------------------------------------+
[800]	37	// \| variable initialization \|
	38	// +-----------------------------------------------------------------------+
	39
	40	// if the category is not correct (not numeric, not private)
	41	if (isset($_GET['cat']) and is_numeric($_GET['cat']))
	42	{
	43	$query = '
	44	SELECT status
	45	FROM '.CATEGORIES_TABLE.'
	46	WHERE id = '.$_GET['cat'].'
	47	;';
[4325]	48	list($status) = pwg_db_fetch_row(pwg_query($query));
[800]	49
	50	if ('private' == $status)
[21]	51	{
[800]	52	$page['cat'] = $_GET['cat'];
[21]	53	}
	54	}
[800]	55
	56	if (!isset($page['cat']))
[21]	57	{
[800]	58	$query = '
	59	SELECT id
	60	FROM '.CATEGORIES_TABLE.'
	61	WHERE status = \'private\'
[4334]	62	LIMIT 1
[800]	63	;';
	64
[4325]	65	list($page['cat']) = pwg_db_fetch_row(pwg_query($query));
[800]	66	}
	67
	68	// +-----------------------------------------------------------------------+
	69	// \| form submission \|
	70	// +-----------------------------------------------------------------------+
[12020]	71	if (isset($_POST['deny_groups_submit']) or isset($_POST['grant_groups_submit']) or isset($_POST['deny_users_submit']) or isset($_POST['grant_users_submit']) )
	72	{
	73	check_pwg_token();
	74	}
[800]	75
	76	if (isset($_POST['deny_groups_submit'])
	77	and isset($_POST['deny_groups'])
	78	and count($_POST['deny_groups']) > 0)
	79	{
	80	// if you forbid access to a category, all sub-categories become
	81	// automatically forbidden
	82	$query = '
	83	DELETE
	84	FROM '.GROUP_ACCESS_TABLE.'
	85	WHERE group_id IN ('.implode(',', $_POST['deny_groups']).')
	86	AND cat_id IN ('.implode(',', get_subcat_ids(array($page['cat']))).')
	87	;';
	88	pwg_query($query);
	89	}
	90	else if (isset($_POST['grant_groups_submit'])
	91	and isset($_POST['grant_groups'])
	92	and count($_POST['grant_groups']) > 0)
	93	{
[12017]	94	$cat_ids = (isset($_POST['apply_on_sub'])) ? implode(',', get_subcat_ids(array($page['cat']))).",".implode(',', get_uppercat_ids(array($page['cat']))) : implode(',', get_uppercat_ids(array($page['cat'])));
	95
[800]	96	$query = '
	97	SELECT id
	98	FROM '.CATEGORIES_TABLE.'
[12017]	99	WHERE id IN ('.$cat_ids.')
[800]	100	AND status = \'private\'
	101	;';
[12019]	102	$private_cats = array_from_query($query, 'id');
[800]	103
	104	// We must not reinsert already existing lines in group_access table
	105	$granteds = array();
[12019]	106	foreach ($private_cats as $cat_id)
[21]	107	{
[800]	108	$granteds[$cat_id] = array();
[21]	109	}
[800]	110
	111	$query = '
	112	SELECT group_id, cat_id
	113	FROM '.GROUP_ACCESS_TABLE.'
[12019]	114	WHERE cat_id IN ('.implode(',', $private_cats).')
[800]	115	AND group_id IN ('.implode(',', $_POST['grant_groups']).')
	116	;';
	117	$result = pwg_query($query);
[4325]	118	while ($row = pwg_db_fetch_assoc($result))
[21]	119	{
[800]	120	array_push($granteds[$row['cat_id']], $row['group_id']);
	121	}
	122
	123	$inserts = array();
	124
[12019]	125	foreach ($private_cats as $cat_id)
[800]	126	{
	127	$group_ids = array_diff($_POST['grant_groups'], $granteds[$cat_id]);
	128	foreach ($group_ids as $group_id)
[21]	129	{
[800]	130	array_push($inserts, array('group_id' => $group_id,
	131	'cat_id' => $cat_id));
[21]	132	}
	133	}
[800]	134
	135	mass_inserts(GROUP_ACCESS_TABLE, array('group_id','cat_id'), $inserts);
[21]	136	}
[800]	137	else if (isset($_POST['deny_users_submit'])
	138	and isset($_POST['deny_users'])
	139	and count($_POST['deny_users']) > 0)
[21]	140	{
[800]	141	// if you forbid access to a category, all sub-categories become
	142	// automatically forbidden
	143	$query = '
	144	DELETE
	145	FROM '.USER_ACCESS_TABLE.'
	146	WHERE user_id IN ('.implode(',', $_POST['deny_users']).')
	147	AND cat_id IN ('.implode(',', get_subcat_ids(array($page['cat']))).')
	148	;';
	149	pwg_query($query);
	150	}
[11729]	151	else if (isset($_POST['grant_users_submit']))
[800]	152	{
[11729]	153	add_permission_on_category($page['cat'], $_POST['grant_users']);
[21]	154	}
[800]	155
	156	// +-----------------------------------------------------------------------+
	157	// \| template initialization \|
	158	// +-----------------------------------------------------------------------+
[817]	159
[2530]	160	$template->set_filename('cat_perm', 'cat_perm.tpl');
[800]	161
[2288]	162	$template->assign(
[817]	163	array(
[825]	164	'CATEGORIES_NAV' =>
	165	get_cat_display_name_from_id(
	166	$page['cat'],
	167	'admin.php?page=cat_modify&cat_id='
	168	),
[5920]	169	'U_HELP' => get_root_url().'admin/popuphelp.php?page=cat_perm',
[2288]	170	'F_ACTION' => get_root_url().'admin.php?page=cat_perm&cat='.$page['cat']
[817]	171	)
	172	);
[800]	173
	174	// +-----------------------------------------------------------------------+
	175	// \| form construction \|
	176	// +-----------------------------------------------------------------------+
	177
	178	// groups denied are the groups not granted. So we need to find all groups
	179	// minus groups granted to find groups denied.
	180
	181	$groups = array();
	182
	183	$query = '
	184	SELECT id, name
	185	FROM '.GROUPS_TABLE.'
[1960]	186	ORDER BY name ASC
[800]	187	;';
[2223]	188	$groups = simple_hash_from_query($query, 'id', 'name');
	189	$template->assign('all_groups', $groups);
[800]	190
[2223]	191	// groups granted to access the category
[800]	192	$query = '
	193	SELECT group_id
	194	FROM '.GROUP_ACCESS_TABLE.'
	195	WHERE cat_id = '.$page['cat'].'
	196	;';
	197	$group_granted_ids = array_from_query($query, 'group_id');
[2349]	198	$group_granted_ids = order_by_name($group_granted_ids, $groups);
[2223]	199	$template->assign('group_granted_ids', $group_granted_ids);
[800]	200
	201
	202	// groups denied
[2223]	203	$template->assign('group_denied_ids',
[2349]	204	order_by_name(array_diff(array_keys($groups), $group_granted_ids), $groups)
[2223]	205	);
[800]	206
	207	// users...
	208	$users = array();
	209
	210	$query = '
[808]	211	SELECT '.$conf['user_fields']['id'].' AS id,
	212	'.$conf['user_fields']['username'].' AS username
[800]	213	FROM '.USERS_TABLE.'
	214	;';
[2223]	215	$users = simple_hash_from_query($query, 'id', 'username');
	216	$template->assign('all_users', $users);
[800]	217
[2223]	218
[800]	219	$query = '
	220	SELECT user_id
	221	FROM '.USER_ACCESS_TABLE.'
	222	WHERE cat_id = '.$page['cat'].'
	223	;';
	224	$user_granted_direct_ids = array_from_query($query, 'user_id');
[2349]	225	$user_granted_direct_ids = order_by_name($user_granted_direct_ids, $users);
[2223]	226	$template->assign('user_granted_direct_ids', $user_granted_direct_ids);
[800]	227
[2223]	228
	229
[800]	230	$user_granted_indirect_ids = array();
	231	if (count($group_granted_ids) > 0)
	232	{
	233	$granted_groups = array();
	234
	235	$query = '
	236	SELECT user_id, group_id
	237	FROM '.USER_GROUP_TABLE.'
	238	WHERE group_id IN ('.implode(',', $group_granted_ids).')
	239	';
	240	$result = pwg_query($query);
[4325]	241	while ($row = pwg_db_fetch_assoc($result))
[21]	242	{
[800]	243	if (!isset($granted_groups[$row['group_id']]))
	244	{
	245	$granted_groups[$row['group_id']] = array();
	246	}
	247	array_push($granted_groups[$row['group_id']], $row['user_id']);
[21]	248	}
	249
[800]	250	$user_granted_by_group_ids = array();
	251
	252	foreach ($granted_groups as $group_users)
[21]	253	{
[800]	254	$user_granted_by_group_ids = array_merge($user_granted_by_group_ids,
	255	$group_users);
[21]	256	}
[800]	257	$user_granted_by_group_ids = array_unique($user_granted_by_group_ids);
	258
	259
	260	$user_granted_indirect_ids = array_diff($user_granted_by_group_ids,
	261	$user_granted_direct_ids);
[2349]	262	$user_granted_indirect_ids =
	263	order_by_name($user_granted_indirect_ids, $users);
[800]	264	foreach ($user_granted_indirect_ids as $user_id)
[21]	265	{
[800]	266	foreach ($granted_groups as $group_id => $group_users)
[21]	267	{
[800]	268	if (in_array($user_id, $group_users))
[21]	269	{
[2223]	270	$template->append(
	271	'user_granted_indirects',
	272	array(
	273	'USER'=>$users[$user_id],
	274	'GROUP'=>$groups[$group_id]
	275	)
	276	);
[800]	277	break;
[21]	278	}
	279	}
	280	}
	281	}
[800]	282
	283	$user_denied_ids = array_diff(array_keys($users),
	284	$user_granted_indirect_ids,
	285	$user_granted_direct_ids);
[2349]	286	$user_denied_ids = order_by_name($user_denied_ids, $users);
[2223]	287	$template->assign('user_denied_ids', $user_denied_ids);
[800]	288
	289
	290	// +-----------------------------------------------------------------------+
	291	// \| sending html code \|
	292	// +-----------------------------------------------------------------------+
[12020]	293	$template->assign(array('PWG_TOKEN' => get_pwg_token()));
	294
[800]	295	$template->assign_var_from_handle('ADMIN_CONTENT', 'cat_perm');
[362]	296	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: