source: trunk/admin/group_perm.php @ 20939

Last change on this file since 20939 was 19703, checked in by plg, 12 years ago

update Piwigo headers to 2013 (the end of the world didn't occur as expected on r12922)

  • Property svn:eol-style set to LF
File size: 6.1 KB
Line 
1<?php
2// +-----------------------------------------------------------------------+
3// | Piwigo - a PHP based photo gallery                                    |
4// +-----------------------------------------------------------------------+
5// | Copyright(C) 2008-2013 Piwigo Team                  http://piwigo.org |
6// | Copyright(C) 2003-2008 PhpWebGallery Team    http://phpwebgallery.net |
7// | Copyright(C) 2002-2003 Pierrick LE GALL   http://le-gall.net/pierrick |
8// +-----------------------------------------------------------------------+
9// | This program is free software; you can redistribute it and/or modify  |
10// | it under the terms of the GNU General Public License as published by  |
11// | the Free Software Foundation                                          |
12// |                                                                       |
13// | This program is distributed in the hope that it will be useful, but   |
14// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
15// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
16// | General Public License for more details.                              |
17// |                                                                       |
18// | You should have received a copy of the GNU General Public License     |
19// | along with this program; if not, write to the Free Software           |
20// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
21// | USA.                                                                  |
22// +-----------------------------------------------------------------------+
23
24if( !defined("PHPWG_ROOT_PATH") )
25{
26  die ("Hacking attempt!");
27}
28
29include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
30
31// +-----------------------------------------------------------------------+
32// | Check Access and exit when user status is not ok                      |
33// +-----------------------------------------------------------------------+
34check_status(ACCESS_ADMINISTRATOR);
35
36// +-----------------------------------------------------------------------+
37// |                            variables init                             |
38// +-----------------------------------------------------------------------+
39
40if (isset($_GET['group_id']) and is_numeric($_GET['group_id']))
41{
42  $page['group'] = $_GET['group_id'];
43}
44else
45{
46  die('group_id URL parameter is missing');
47}
48
49// +-----------------------------------------------------------------------+
50// |                                updates                                |
51// +-----------------------------------------------------------------------+
52
53if (isset($_POST['falsify'])
54    and isset($_POST['cat_true'])
55    and count($_POST['cat_true']) > 0)
56{
57  // if you forbid access to a category, all sub-categories become
58  // automatically forbidden
59  $subcats = get_subcat_ids($_POST['cat_true']);
60  $query = '
61DELETE
62  FROM '.GROUP_ACCESS_TABLE.'
63  WHERE group_id = '.$page['group'].'
64  AND cat_id IN ('.implode(',', $subcats).')
65;';
66  pwg_query($query);
67}
68else if (isset($_POST['trueify'])
69         and isset($_POST['cat_false'])
70         and count($_POST['cat_false']) > 0)
71{
72  $uppercats = get_uppercat_ids($_POST['cat_false']);
73  $private_uppercats = array();
74
75  $query = '
76SELECT id
77  FROM '.CATEGORIES_TABLE.'
78  WHERE id IN ('.implode(',', $uppercats).')
79  AND status = \'private\'
80;';
81  $result = pwg_query($query);
82  while ($row = pwg_db_fetch_assoc($result))
83  {
84    array_push($private_uppercats, $row['id']);
85  }
86
87  // retrying to authorize a category which is already authorized may cause
88  // an error (in SQL statement), so we need to know which categories are
89  // accesible
90  $authorized_ids = array();
91
92  $query = '
93SELECT cat_id
94  FROM '.GROUP_ACCESS_TABLE.'
95  WHERE group_id = '.$page['group'].'
96;';
97  $result = pwg_query($query);
98
99  while ($row = pwg_db_fetch_assoc($result))
100  {
101    array_push($authorized_ids, $row['cat_id']);
102  }
103
104  $inserts = array();
105  $to_autorize_ids = array_diff($private_uppercats, $authorized_ids);
106  foreach ($to_autorize_ids as $to_autorize_id)
107  {
108    array_push(
109      $inserts,
110      array(
111        'group_id' => $page['group'],
112        'cat_id' => $to_autorize_id
113        )
114      );
115  }
116
117  mass_inserts(GROUP_ACCESS_TABLE, array('group_id','cat_id'), $inserts);
118}
119
120// +-----------------------------------------------------------------------+
121// |                             template init                             |
122// +-----------------------------------------------------------------------+
123
124$template->set_filenames(
125  array(
126    'group_perm' => 'group_perm.tpl',
127    'double_select' => 'double_select.tpl'
128    )
129  );
130
131$template->assign(
132  array(
133    'TITLE' =>
134      sprintf(
135        l10n('Manage permissions for group "%s"'),
136        get_groupname($page['group']
137          )
138        ),
139    'L_CAT_OPTIONS_TRUE'=>l10n('Authorized'),
140    'L_CAT_OPTIONS_FALSE'=>l10n('Forbidden'),
141
142    'F_ACTION' =>
143        get_root_url().
144        'admin.php?page=group_perm&amp;group_id='.
145        $page['group']
146    )
147  );
148
149// only private categories are listed
150$query_true = '
151SELECT id,name,uppercats,global_rank
152  FROM '.CATEGORIES_TABLE.' INNER JOIN '.GROUP_ACCESS_TABLE.' ON cat_id = id
153  WHERE status = \'private\'
154    AND group_id = '.$page['group'].'
155;';
156display_select_cat_wrapper($query_true,array(),'category_option_true');
157
158$result = pwg_query($query_true);
159$authorized_ids = array();
160while ($row = pwg_db_fetch_assoc($result))
161{
162  array_push($authorized_ids, $row['id']);
163}
164
165$query_false = '
166SELECT id,name,uppercats,global_rank
167  FROM '.CATEGORIES_TABLE.'
168  WHERE status = \'private\'';
169if (count($authorized_ids) > 0)
170{
171  $query_false.= '
172    AND id NOT IN ('.implode(',', $authorized_ids).')';
173}
174$query_false.= '
175;';
176display_select_cat_wrapper($query_false,array(),'category_option_false');
177
178// +-----------------------------------------------------------------------+
179// |                           html code display                           |
180// +-----------------------------------------------------------------------+
181
182$template->assign_var_from_handle('DOUBLE_SELECT', 'double_select');
183$template->assign_var_from_handle('ADMIN_CONTENT', 'group_perm');
184
185?>
Note: See TracBrowser for help on using the repository browser.