Context Navigation

source: trunk/admin/user_perm.php @ 7995

Last change on this file since 7995 was 6363, checked in by plg, 15 years ago
remove all svn:mergeinfo properties
Property svn:eol-style set to `LF`
File size: 7.1 KB

Rev	Line
[21]	1	<?php
[362]	2	// +-----------------------------------------------------------------------+
[2297]	3	// \| Piwigo - a PHP based picture gallery \|
	4	// +-----------------------------------------------------------------------+
[5196]	5	// \| Copyright(C) 2008-2010 Piwigo Team http://piwigo.org \|
[2297]	6	// \| Copyright(C) 2003-2008 PhpWebGallery Team http://phpwebgallery.net \|
	7	// \| Copyright(C) 2002-2003 Pierrick LE GALL http://le-gall.net/pierrick \|
	8	// +-----------------------------------------------------------------------+
	9	// \| This program is free software; you can redistribute it and/or modify \|
	10	// \| it under the terms of the GNU General Public License as published by \|
	11	// \| the Free Software Foundation \|
	12	// \| \|
	13	// \| This program is distributed in the hope that it will be useful, but \|
	14	// \| WITHOUT ANY WARRANTY; without even the implied warranty of \|
	15	// \| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU \|
	16	// \| General Public License for more details. \|
	17	// \| \|
	18	// \| You should have received a copy of the GNU General Public License \|
	19	// \| along with this program; if not, write to the Free Software \|
	20	// \| Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, \|
	21	// \| USA. \|
	22	// +-----------------------------------------------------------------------+
[393]	23
[657]	24	if (!defined('IN_ADMIN'))
[393]	25	{
[657]	26	die('Hacking attempt!');
[393]	27	}
	28
[1072]	29	include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
	30
[815]	31	// +-----------------------------------------------------------------------+
[1072]	32	// \| Check Access and exit when user status is not ok \|
	33	// +-----------------------------------------------------------------------+
	34	check_status(ACCESS_ADMINISTRATOR);
	35
	36	// +-----------------------------------------------------------------------+
[815]	37	// \| variables init \|
	38	// +-----------------------------------------------------------------------+
	39
	40	if (isset($_GET['user_id']) and is_numeric($_GET['user_id']))
[393]	41	{
[815]	42	$page['user'] = $_GET['user_id'];
[393]	43	}
[815]	44	else
[709]	45	{
[1754]	46	die('user_id URL parameter is missing');
[709]	47	}
[815]	48
	49	// +-----------------------------------------------------------------------+
	50	// \| updates \|
	51	// +-----------------------------------------------------------------------+
	52
	53	if (isset($_POST['falsify'])
	54	and isset($_POST['cat_true'])
	55	and count($_POST['cat_true']) > 0)
[393]	56	{
[657]	57	// if you forbid access to a category, all sub-categories become
	58	// automatically forbidden
	59	$subcats = get_subcat_ids($_POST['cat_true']);
	60	$query = '
	61	DELETE FROM '.USER_ACCESS_TABLE.'
[815]	62	WHERE user_id = '.$page['user'].'
[657]	63	AND cat_id IN ('.implode(',', $subcats).')
	64	;';
	65	pwg_query($query);
	66	}
	67	else if (isset($_POST['trueify'])
	68	and isset($_POST['cat_false'])
	69	and count($_POST['cat_false']) > 0)
	70	{
	71	$uppercats = get_uppercat_ids($_POST['cat_false']);
	72	$private_uppercats = array();
	73
	74	$query = '
	75	SELECT id
	76	FROM '.CATEGORIES_TABLE.'
	77	WHERE id IN ('.implode(',', $uppercats).')
	78	AND status = \'private\'
	79	;';
	80	$result = pwg_query($query);
[4325]	81	while ($row = pwg_db_fetch_assoc($result))
[21]	82	{
[657]	83	array_push($private_uppercats, $row['id']);
[655]	84	}
[657]	85
	86	// retrying to authorize a category which is already authorized may cause
	87	// an error (in SQL statement), so we need to know which categories are
	88	// accesible
	89	$authorized_ids = array();
[1092]	90
[657]	91	$query = '
	92	SELECT cat_id
	93	FROM '.USER_ACCESS_TABLE.'
[815]	94	WHERE user_id = '.$page['user'].'
[657]	95	;';
	96	$result = pwg_query($query);
[1092]	97
[4325]	98	while ($row = pwg_db_fetch_assoc($result))
[655]	99	{
[657]	100	array_push($authorized_ids, $row['cat_id']);
[21]	101	}
[1092]	102
[657]	103	$inserts = array();
	104	$to_autorize_ids = array_diff($private_uppercats, $authorized_ids);
	105	foreach ($to_autorize_ids as $to_autorize_id)
	106	{
[815]	107	array_push($inserts, array('user_id' => $page['user'],
[657]	108	'cat_id' => $to_autorize_id));
	109	}
	110
	111	mass_inserts(USER_ACCESS_TABLE, array('user_id','cat_id'), $inserts);
[21]	112	}
[655]	113
[817]	114	// +-----------------------------------------------------------------------+
	115	// \| template init \|
	116	// +-----------------------------------------------------------------------+
	117
	118	$template->set_filenames(
	119	array(
[2530]	120	'user_perm' => 'user_perm.tpl',
	121	'double_select' => 'double_select.tpl'
[817]	122	)
	123	);
	124
[2225]	125	$template->assign(
[815]	126	array(
[817]	127	'TITLE' =>
	128	sprintf(
[5206]	129	l10n('Manage permissions for user "%s"'),
[817]	130	get_username($page['user']
	131	)
	132	),
[5021]	133	'L_CAT_OPTIONS_TRUE'=>l10n('Authorized'),
	134	'L_CAT_OPTIONS_FALSE'=>l10n('Forbidden'),
[1092]	135
[815]	136	'F_ACTION' =>
	137	PHPWG_ROOT_PATH.
	138	'admin.php?page=user_perm'.
	139	'&user_id='.$page['user']
	140	)
	141	);
[655]	142
[818]	143
	144	// retrieve category ids authorized to the groups the user belongs to
	145	$group_authorized = array();
	146
	147	$query = '
	148	SELECT DISTINCT cat_id, c.uppercats, c.global_rank
	149	FROM '.USER_GROUP_TABLE.' AS ug
	150	INNER JOIN '.GROUP_ACCESS_TABLE.' AS ga
	151	ON ug.group_id = ga.group_id
	152	INNER JOIN '.CATEGORIES_TABLE.' AS c
	153	ON c.id = ga.cat_id
	154	WHERE ug.user_id = '.$page['user'].'
	155	;';
	156	$result = pwg_query($query);
	157
[4325]	158	if (pwg_db_num_rows($result) > 0)
[818]	159	{
	160	$cats = array();
[4325]	161	while ($row = pwg_db_fetch_assoc($result))
[818]	162	{
	163	array_push($cats, $row);
	164	array_push($group_authorized, $row['cat_id']);
	165	}
	166	usort($cats, 'global_rank_compare');
	167
	168	foreach ($cats as $category)
	169	{
[2225]	170	$template->append(
	171	'categories_because_of_groups',
	172	get_cat_display_name_cache($category['uppercats'], null, false)
[818]	173	);
	174	}
	175	}
	176
[815]	177	// only private categories are listed
	178	$query_true = '
[657]	179	SELECT id,name,uppercats,global_rank
	180	FROM '.CATEGORIES_TABLE.' INNER JOIN '.USER_ACCESS_TABLE.' ON cat_id = id
	181	WHERE status = \'private\'
[818]	182	AND user_id = '.$page['user'];
	183	if (count($group_authorized) > 0)
	184	{
	185	$query_true.= '
	186	AND cat_id NOT IN ('.implode(',', $group_authorized).')';
	187	}
	188	$query_true.= '
[657]	189	;';
[815]	190	display_select_cat_wrapper($query_true,array(),'category_option_true');
[1092]	191
[815]	192	$result = pwg_query($query_true);
	193	$authorized_ids = array();
[4325]	194	while ($row = pwg_db_fetch_assoc($result))
[815]	195	{
	196	array_push($authorized_ids, $row['id']);
	197	}
	198
	199	$query_false = '
[657]	200	SELECT id,name,uppercats,global_rank
	201	FROM '.CATEGORIES_TABLE.'
	202	WHERE status = \'private\'';
[815]	203	if (count($authorized_ids) > 0)
	204	{
	205	$query_false.= '
[657]	206	AND id NOT IN ('.implode(',', $authorized_ids).')';
[815]	207	}
[818]	208	if (count($group_authorized) > 0)
	209	{
	210	$query_false.= '
	211	AND id NOT IN ('.implode(',', $group_authorized).')';
	212	}
[815]	213	$query_false.= '
[657]	214	;';
[815]	215	display_select_cat_wrapper($query_false,array(),'category_option_false');
	216
[817]	217	// +-----------------------------------------------------------------------+
	218	// \| sending html code \|
	219	// +-----------------------------------------------------------------------+
[815]	220
[817]	221	$template->assign_var_from_handle('DOUBLE_SELECT', 'double_select');
[815]	222	$template->assign_var_from_handle('ADMIN_CONTENT', 'user_perm');
[362]	223	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: