Context Navigation

cat_perm.php @ 13013

Last change on this file since 13013 was 13013, checked in by plg, 12 years ago

feature 2561: redesign on album administration screen.

only one form on the screen and several tabs

simpler URL pattern : page=album-123-properties / page=album-123-sort_order / page=album-123-permissions

action to associate all photos of an album to another (new) virtual album was removed. This can be easily done with the new Batch Manager

notification by email on an album still has to be moved on a new dedicated tab

action icons (jump to album, manage photos, manage sub-albums, delete album...) replaced by plain text links

Property svn:eol-style set to LF

File size: 9.7 KB

Rev	Line
[21]	1	<?php
[362]	2	// +-----------------------------------------------------------------------+
[8728]	3	// \| Piwigo - a PHP based photo gallery \|
[2297]	4	// +-----------------------------------------------------------------------+
[12922]	5	// \| Copyright(C) 2008-2012 Piwigo Team http://piwigo.org \|
[2297]	6	// \| Copyright(C) 2003-2008 PhpWebGallery Team http://phpwebgallery.net \|
	7	// \| Copyright(C) 2002-2003 Pierrick LE GALL http://le-gall.net/pierrick \|
	8	// +-----------------------------------------------------------------------+
	9	// \| This program is free software; you can redistribute it and/or modify \|
	10	// \| it under the terms of the GNU General Public License as published by \|
	11	// \| the Free Software Foundation \|
	12	// \| \|
	13	// \| This program is distributed in the hope that it will be useful, but \|
	14	// \| WITHOUT ANY WARRANTY; without even the implied warranty of \|
	15	// \| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU \|
	16	// \| General Public License for more details. \|
	17	// \| \|
	18	// \| You should have received a copy of the GNU General Public License \|
	19	// \| along with this program; if not, write to the Free Software \|
	20	// \| Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, \|
	21	// \| USA. \|
	22	// +-----------------------------------------------------------------------+
[800]	23
	24	if (!defined('PHPWG_ROOT_PATH'))
[21]	25	{
[800]	26	die ("Hacking attempt!");
	27	}
	28
[1072]	29	include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
	30
[800]	31	// +-----------------------------------------------------------------------+
[1072]	32	// \| Check Access and exit when user status is not ok \|
	33	// +-----------------------------------------------------------------------+
	34	check_status(ACCESS_ADMINISTRATOR);
	35
	36	// +-----------------------------------------------------------------------+
[800]	37	// \| variable initialization \|
	38	// +-----------------------------------------------------------------------+
	39
	40	// if the category is not correct (not numeric, not private)
	41	if (isset($_GET['cat']) and is_numeric($_GET['cat']))
	42	{
	43	$query = '
	44	SELECT status
	45	FROM '.CATEGORIES_TABLE.'
	46	WHERE id = '.$_GET['cat'].'
	47	;';
[4325]	48	list($status) = pwg_db_fetch_row(pwg_query($query));
[800]	49
	50	if ('private' == $status)
[21]	51	{
[800]	52	$page['cat'] = $_GET['cat'];
[21]	53	}
	54	}
[800]	55
	56	if (!isset($page['cat']))
[21]	57	{
[800]	58	$query = '
	59	SELECT id
	60	FROM '.CATEGORIES_TABLE.'
	61	WHERE status = \'private\'
[4334]	62	LIMIT 1
[800]	63	;';
	64
[4325]	65	list($page['cat']) = pwg_db_fetch_row(pwg_query($query));
[800]	66	}
	67
	68	// +-----------------------------------------------------------------------+
	69	// \| form submission \|
	70	// +-----------------------------------------------------------------------+
[12020]	71	if (isset($_POST['deny_groups_submit']) or isset($_POST['grant_groups_submit']) or isset($_POST['deny_users_submit']) or isset($_POST['grant_users_submit']) )
	72	{
	73	check_pwg_token();
	74	}
[800]	75
	76	if (isset($_POST['deny_groups_submit'])
	77	and isset($_POST['deny_groups'])
	78	and count($_POST['deny_groups']) > 0)
	79	{
	80	// if you forbid access to a category, all sub-categories become
	81	// automatically forbidden
	82	$query = '
	83	DELETE
	84	FROM '.GROUP_ACCESS_TABLE.'
	85	WHERE group_id IN ('.implode(',', $_POST['deny_groups']).')
	86	AND cat_id IN ('.implode(',', get_subcat_ids(array($page['cat']))).')
	87	;';
	88	pwg_query($query);
	89	}
	90	else if (isset($_POST['grant_groups_submit'])
	91	and isset($_POST['grant_groups'])
	92	and count($_POST['grant_groups']) > 0)
	93	{
[12017]	94	$cat_ids = (isset($_POST['apply_on_sub'])) ? implode(',', get_subcat_ids(array($page['cat']))).",".implode(',', get_uppercat_ids(array($page['cat']))) : implode(',', get_uppercat_ids(array($page['cat'])));
	95
[800]	96	$query = '
	97	SELECT id
	98	FROM '.CATEGORIES_TABLE.'
[12017]	99	WHERE id IN ('.$cat_ids.')
[800]	100	AND status = \'private\'
	101	;';
[12019]	102	$private_cats = array_from_query($query, 'id');
[800]	103
	104	// We must not reinsert already existing lines in group_access table
	105	$granteds = array();
[12019]	106	foreach ($private_cats as $cat_id)
[21]	107	{
[800]	108	$granteds[$cat_id] = array();
[21]	109	}
[800]	110
	111	$query = '
	112	SELECT group_id, cat_id
	113	FROM '.GROUP_ACCESS_TABLE.'
[12019]	114	WHERE cat_id IN ('.implode(',', $private_cats).')
[800]	115	AND group_id IN ('.implode(',', $_POST['grant_groups']).')
	116	;';
	117	$result = pwg_query($query);
[4325]	118	while ($row = pwg_db_fetch_assoc($result))
[21]	119	{
[800]	120	array_push($granteds[$row['cat_id']], $row['group_id']);
	121	}
	122
	123	$inserts = array();
	124
[12019]	125	foreach ($private_cats as $cat_id)
[800]	126	{
	127	$group_ids = array_diff($_POST['grant_groups'], $granteds[$cat_id]);
	128	foreach ($group_ids as $group_id)
[21]	129	{
[800]	130	array_push($inserts, array('group_id' => $group_id,
	131	'cat_id' => $cat_id));
[21]	132	}
	133	}
[800]	134
	135	mass_inserts(GROUP_ACCESS_TABLE, array('group_id','cat_id'), $inserts);
[21]	136	}
[800]	137	else if (isset($_POST['deny_users_submit'])
	138	and isset($_POST['deny_users'])
	139	and count($_POST['deny_users']) > 0)
[21]	140	{
[800]	141	// if you forbid access to a category, all sub-categories become
	142	// automatically forbidden
	143	$query = '
	144	DELETE
	145	FROM '.USER_ACCESS_TABLE.'
	146	WHERE user_id IN ('.implode(',', $_POST['deny_users']).')
	147	AND cat_id IN ('.implode(',', get_subcat_ids(array($page['cat']))).')
	148	;';
	149	pwg_query($query);
	150	}
[12825]	151	else if (isset($_POST['grant_users_submit'])
	152	and isset($_POST['grant_users'])
	153	and count($_POST['grant_users']) > 0)
[800]	154	{
[11729]	155	add_permission_on_category($page['cat'], $_POST['grant_users']);
[21]	156	}
[800]	157
	158	// +-----------------------------------------------------------------------+
	159	// \| template initialization \|
	160	// +-----------------------------------------------------------------------+
[817]	161
[2530]	162	$template->set_filename('cat_perm', 'cat_perm.tpl');
[800]	163
[2288]	164	$template->assign(
[817]	165	array(
[825]	166	'CATEGORIES_NAV' =>
	167	get_cat_display_name_from_id(
	168	$page['cat'],
[13013]	169	'admin.php?page=album-'
[825]	170	),
[5920]	171	'U_HELP' => get_root_url().'admin/popuphelp.php?page=cat_perm',
[13013]	172	'F_ACTION' => $admin_album_base_url.'-permissions',
[817]	173	)
	174	);
[800]	175
	176	// +-----------------------------------------------------------------------+
	177	// \| form construction \|
	178	// +-----------------------------------------------------------------------+
	179
	180	// groups denied are the groups not granted. So we need to find all groups
	181	// minus groups granted to find groups denied.
	182
	183	$groups = array();
	184
	185	$query = '
	186	SELECT id, name
	187	FROM '.GROUPS_TABLE.'
[1960]	188	ORDER BY name ASC
[800]	189	;';
[2223]	190	$groups = simple_hash_from_query($query, 'id', 'name');
	191	$template->assign('all_groups', $groups);
[800]	192
[2223]	193	// groups granted to access the category
[800]	194	$query = '
	195	SELECT group_id
	196	FROM '.GROUP_ACCESS_TABLE.'
	197	WHERE cat_id = '.$page['cat'].'
	198	;';
	199	$group_granted_ids = array_from_query($query, 'group_id');
[2349]	200	$group_granted_ids = order_by_name($group_granted_ids, $groups);
[2223]	201	$template->assign('group_granted_ids', $group_granted_ids);
[800]	202
	203
	204	// groups denied
[2223]	205	$template->assign('group_denied_ids',
[2349]	206	order_by_name(array_diff(array_keys($groups), $group_granted_ids), $groups)
[2223]	207	);
[800]	208
	209	// users...
	210	$users = array();
	211
	212	$query = '
[808]	213	SELECT '.$conf['user_fields']['id'].' AS id,
	214	'.$conf['user_fields']['username'].' AS username
[800]	215	FROM '.USERS_TABLE.'
	216	;';
[2223]	217	$users = simple_hash_from_query($query, 'id', 'username');
	218	$template->assign('all_users', $users);
[800]	219
[2223]	220
[800]	221	$query = '
	222	SELECT user_id
	223	FROM '.USER_ACCESS_TABLE.'
	224	WHERE cat_id = '.$page['cat'].'
	225	;';
	226	$user_granted_direct_ids = array_from_query($query, 'user_id');
[2349]	227	$user_granted_direct_ids = order_by_name($user_granted_direct_ids, $users);
[2223]	228	$template->assign('user_granted_direct_ids', $user_granted_direct_ids);
[800]	229
[2223]	230
	231
[800]	232	$user_granted_indirect_ids = array();
	233	if (count($group_granted_ids) > 0)
	234	{
	235	$granted_groups = array();
	236
	237	$query = '
	238	SELECT user_id, group_id
	239	FROM '.USER_GROUP_TABLE.'
	240	WHERE group_id IN ('.implode(',', $group_granted_ids).')
	241	';
	242	$result = pwg_query($query);
[4325]	243	while ($row = pwg_db_fetch_assoc($result))
[21]	244	{
[800]	245	if (!isset($granted_groups[$row['group_id']]))
	246	{
	247	$granted_groups[$row['group_id']] = array();
	248	}
	249	array_push($granted_groups[$row['group_id']], $row['user_id']);
[21]	250	}
	251
[800]	252	$user_granted_by_group_ids = array();
	253
	254	foreach ($granted_groups as $group_users)
[21]	255	{
[800]	256	$user_granted_by_group_ids = array_merge($user_granted_by_group_ids,
	257	$group_users);
[21]	258	}
[800]	259	$user_granted_by_group_ids = array_unique($user_granted_by_group_ids);
	260
	261
	262	$user_granted_indirect_ids = array_diff($user_granted_by_group_ids,
	263	$user_granted_direct_ids);
[2349]	264	$user_granted_indirect_ids =
	265	order_by_name($user_granted_indirect_ids, $users);
[800]	266	foreach ($user_granted_indirect_ids as $user_id)
[21]	267	{
[800]	268	foreach ($granted_groups as $group_id => $group_users)
[21]	269	{
[800]	270	if (in_array($user_id, $group_users))
[21]	271	{
[2223]	272	$template->append(
	273	'user_granted_indirects',
	274	array(
	275	'USER'=>$users[$user_id],
	276	'GROUP'=>$groups[$group_id]
	277	)
	278	);
[800]	279	break;
[21]	280	}
	281	}
	282	}
	283	}
[800]	284
	285	$user_denied_ids = array_diff(array_keys($users),
	286	$user_granted_indirect_ids,
	287	$user_granted_direct_ids);
[2349]	288	$user_denied_ids = order_by_name($user_denied_ids, $users);
[2223]	289	$template->assign('user_denied_ids', $user_denied_ids);
[800]	290
	291
	292	// +-----------------------------------------------------------------------+
	293	// \| sending html code \|
	294	// +-----------------------------------------------------------------------+
[12020]	295	$template->assign(array('PWG_TOKEN' => get_pwg_token()));
	296
[800]	297	$template->assign_var_from_handle('ADMIN_CONTENT', 'cat_perm');
[362]	298	?>

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: trunk/admin/cat_perm.php @ 13013

Download in other formats: