source: trunk/admin/cat_perm.php @ 2288

Last change on this file since 2288 was 2288, checked in by rvelices, 17 years ago
  • minor language changes and use template->assign instead of template->assign_var
  • Property svn:eol-style set to LF
  • Property svn:keywords set to Author Date Id Revision
File size: 10.1 KB
Line 
1<?php
2// +-----------------------------------------------------------------------+
3// | PhpWebGallery - a PHP based picture gallery                           |
4// | Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net |
5// | Copyright (C) 2003-2008 PhpWebGallery Team - http://phpwebgallery.net |
6// +-----------------------------------------------------------------------+
7// | file          : $Id: cat_perm.php 2288 2008-03-21 01:01:25Z rvelices $
8// | last update   : $Date: 2008-03-21 01:01:25 +0000 (Fri, 21 Mar 2008) $
9// | last modifier : $Author: rvelices $
10// | revision      : $Revision: 2288 $
11// +-----------------------------------------------------------------------+
12// | This program is free software; you can redistribute it and/or modify  |
13// | it under the terms of the GNU General Public License as published by  |
14// | the Free Software Foundation                                          |
15// |                                                                       |
16// | This program is distributed in the hope that it will be useful, but   |
17// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
18// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
19// | General Public License for more details.                              |
20// |                                                                       |
21// | You should have received a copy of the GNU General Public License     |
22// | along with this program; if not, write to the Free Software           |
23// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
24// | USA.                                                                  |
25// +-----------------------------------------------------------------------+
26
27if (!defined('PHPWG_ROOT_PATH'))
28{
29  die ("Hacking attempt!");
30}
31
32include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
33
34// +-----------------------------------------------------------------------+
35// | Check Access and exit when user status is not ok                      |
36// +-----------------------------------------------------------------------+
37check_status(ACCESS_ADMINISTRATOR);
38
39// +-----------------------------------------------------------------------+
40// |                       variable initialization                         |
41// +-----------------------------------------------------------------------+
42
43// if the category is not correct (not numeric, not private)
44if (isset($_GET['cat']) and is_numeric($_GET['cat']))
45{
46  $query = '
47SELECT status
48  FROM '.CATEGORIES_TABLE.'
49  WHERE id = '.$_GET['cat'].'
50;';
51  list($status) = mysql_fetch_array(pwg_query($query));
52 
53  if ('private' == $status)
54  {
55    $page['cat'] = $_GET['cat'];
56  }
57}
58
59if (!isset($page['cat']))
60{
61  $query = '
62SELECT id
63  FROM '.CATEGORIES_TABLE.'
64  WHERE status = \'private\'
65  LIMIT 0,1
66;';
67
68  list($page['cat']) = mysql_fetch_array(pwg_query($query));
69}
70
71// +-----------------------------------------------------------------------+
72// |                           form submission                             |
73// +-----------------------------------------------------------------------+
74
75
76if (isset($_POST['deny_groups_submit'])
77         and isset($_POST['deny_groups'])
78         and count($_POST['deny_groups']) > 0)
79{
80  // if you forbid access to a category, all sub-categories become
81  // automatically forbidden
82  $query = '
83DELETE
84  FROM '.GROUP_ACCESS_TABLE.'
85  WHERE group_id IN ('.implode(',', $_POST['deny_groups']).')
86    AND cat_id IN ('.implode(',', get_subcat_ids(array($page['cat']))).')
87;';
88  pwg_query($query);
89}
90else if (isset($_POST['grant_groups_submit'])
91         and isset($_POST['grant_groups'])
92         and count($_POST['grant_groups']) > 0)
93{
94  $query = '
95SELECT id
96  FROM '.CATEGORIES_TABLE.'
97  WHERE id IN ('.implode(',', get_uppercat_ids(array($page['cat']))).')
98  AND status = \'private\'
99;';
100  $private_uppercats = array_from_query($query, 'id');
101
102  // We must not reinsert already existing lines in group_access table
103  $granteds = array();
104  foreach ($private_uppercats as $cat_id)
105  {
106    $granteds[$cat_id] = array();
107  }
108 
109  $query = '
110SELECT group_id, cat_id
111  FROM '.GROUP_ACCESS_TABLE.'
112  WHERE cat_id IN ('.implode(',', $private_uppercats).')
113    AND group_id IN ('.implode(',', $_POST['grant_groups']).')
114;';
115  $result = pwg_query($query);
116  while ($row = mysql_fetch_array($result))
117  {
118    array_push($granteds[$row['cat_id']], $row['group_id']);
119  }
120
121  $inserts = array();
122 
123  foreach ($private_uppercats as $cat_id)
124  {
125    $group_ids = array_diff($_POST['grant_groups'], $granteds[$cat_id]);
126    foreach ($group_ids as $group_id)
127    {
128      array_push($inserts, array('group_id' => $group_id,
129                                 'cat_id' => $cat_id));
130    }
131  }
132
133  mass_inserts(GROUP_ACCESS_TABLE, array('group_id','cat_id'), $inserts);
134}
135else if (isset($_POST['deny_users_submit'])
136         and isset($_POST['deny_users'])
137         and count($_POST['deny_users']) > 0)
138{
139  // if you forbid access to a category, all sub-categories become
140  // automatically forbidden
141  $query = '
142DELETE
143  FROM '.USER_ACCESS_TABLE.'
144  WHERE user_id IN ('.implode(',', $_POST['deny_users']).')
145    AND cat_id IN ('.implode(',', get_subcat_ids(array($page['cat']))).')
146;';
147  pwg_query($query);
148}
149else if (isset($_POST['grant_users_submit'])
150         and isset($_POST['grant_users'])
151         and count($_POST['grant_users']) > 0)
152{
153  $query = '
154SELECT id
155  FROM '.CATEGORIES_TABLE.'
156  WHERE id IN ('.implode(',', get_uppercat_ids(array($page['cat']))).')
157  AND status = \'private\'
158;';
159  $private_uppercats = array_from_query($query, 'id');
160
161  // We must not reinsert already existing lines in user_access table
162  $granteds = array();
163  foreach ($private_uppercats as $cat_id)
164  {
165    $granteds[$cat_id] = array();
166  }
167 
168  $query = '
169SELECT user_id, cat_id
170  FROM '.USER_ACCESS_TABLE.'
171  WHERE cat_id IN ('.implode(',', $private_uppercats).')
172    AND user_id IN ('.implode(',', $_POST['grant_users']).')
173;';
174  $result = pwg_query($query);
175  while ($row = mysql_fetch_array($result))
176  {
177    array_push($granteds[$row['cat_id']], $row['user_id']);
178  }
179
180  $inserts = array();
181 
182  foreach ($private_uppercats as $cat_id)
183  {
184    $user_ids = array_diff($_POST['grant_users'], $granteds[$cat_id]);
185    foreach ($user_ids as $user_id)
186    {
187      array_push($inserts, array('user_id' => $user_id,
188                                 'cat_id' => $cat_id));
189    }
190  }
191
192  mass_inserts(USER_ACCESS_TABLE, array('user_id','cat_id'), $inserts);
193}
194
195// +-----------------------------------------------------------------------+
196// |                       template initialization                         |
197// +-----------------------------------------------------------------------+
198
199$template->set_filename('cat_perm', 'admin/cat_perm.tpl');
200
201$template->assign(
202  array(
203    'CATEGORIES_NAV' =>
204      get_cat_display_name_from_id(
205        $page['cat'],
206        'admin.php?page=cat_modify&amp;cat_id='
207        ),
208    'U_HELP' => get_root_url().'popuphelp.php?page=cat_perm',
209    'F_ACTION' => get_root_url().'admin.php?page=cat_perm&amp;cat='.$page['cat']
210    )
211  );
212
213// +-----------------------------------------------------------------------+
214// |                          form construction                            |
215// +-----------------------------------------------------------------------+
216
217// groups denied are the groups not granted. So we need to find all groups
218// minus groups granted to find groups denied.
219
220$groups = array();
221
222$query = '
223SELECT id, name
224  FROM '.GROUPS_TABLE.'
225  ORDER BY name ASC
226;';
227$groups = simple_hash_from_query($query, 'id', 'name');
228$template->assign('all_groups', $groups);
229
230// groups granted to access the category
231$query = '
232SELECT group_id
233  FROM '.GROUP_ACCESS_TABLE.'
234  WHERE cat_id = '.$page['cat'].'
235;';
236$group_granted_ids = array_from_query($query, 'group_id');
237$template->assign('group_granted_ids', $group_granted_ids);
238
239
240// groups denied
241$template->assign('group_denied_ids',
242      array_diff(array_keys($groups), $group_granted_ids)
243  );
244
245// users...
246$users = array();
247
248$query = '
249SELECT '.$conf['user_fields']['id'].' AS id,
250       '.$conf['user_fields']['username'].' AS username
251  FROM '.USERS_TABLE.'
252;';
253$users = simple_hash_from_query($query, 'id', 'username');
254$template->assign('all_users', $users);
255
256
257$query = '
258SELECT user_id
259  FROM '.USER_ACCESS_TABLE.'
260  WHERE cat_id = '.$page['cat'].'
261;';
262$user_granted_direct_ids = array_from_query($query, 'user_id');
263
264$template->assign('user_granted_direct_ids', $user_granted_direct_ids);
265
266
267
268$user_granted_indirect_ids = array();
269if (count($group_granted_ids) > 0)
270{
271  $granted_groups = array();
272
273  $query = '
274SELECT user_id, group_id
275  FROM '.USER_GROUP_TABLE.'
276  WHERE group_id IN ('.implode(',', $group_granted_ids).')
277';
278  $result = pwg_query($query);
279  while ($row = mysql_fetch_array($result))
280  {
281    if (!isset($granted_groups[$row['group_id']]))
282    {
283      $granted_groups[$row['group_id']] = array();
284    }
285    array_push($granted_groups[$row['group_id']], $row['user_id']);
286  }
287
288  $user_granted_by_group_ids = array();
289
290  foreach ($granted_groups as $group_users)
291  {
292    $user_granted_by_group_ids = array_merge($user_granted_by_group_ids,
293                                             $group_users);
294  }
295  $user_granted_by_group_ids = array_unique($user_granted_by_group_ids);
296 
297 
298  $user_granted_indirect_ids = array_diff($user_granted_by_group_ids,
299                                          $user_granted_direct_ids);
300 
301  foreach ($user_granted_indirect_ids as $user_id)
302  {
303    foreach ($granted_groups as $group_id => $group_users)
304    {
305      if (in_array($user_id, $group_users))
306      {
307        $template->append(
308          'user_granted_indirects',
309          array(
310            'USER'=>$users[$user_id],
311            'GROUP'=>$groups[$group_id]
312            )
313          );
314        break;
315      }
316    }
317  }
318}
319
320$user_denied_ids = array_diff(array_keys($users),
321                              $user_granted_indirect_ids,
322                              $user_granted_direct_ids);
323$template->assign('user_denied_ids', $user_denied_ids);
324
325
326// +-----------------------------------------------------------------------+
327// |                           sending html code                           |
328// +-----------------------------------------------------------------------+
329$template->assign_var_from_handle('ADMIN_CONTENT', 'cat_perm');
330?>
Note: See TracBrowser for help on using the repository browser.