source: trunk/admin/user_perm.php @ 20321

Last change on this file since 20321 was 19703, checked in by plg, 11 years ago

update Piwigo headers to 2013 (the end of the world didn't occur as expected on r12922)

  • Property svn:eol-style set to LF
File size: 6.0 KB
Line 
1<?php
2// +-----------------------------------------------------------------------+
3// | Piwigo - a PHP based photo gallery                                    |
4// +-----------------------------------------------------------------------+
5// | Copyright(C) 2008-2013 Piwigo Team                  http://piwigo.org |
6// | Copyright(C) 2003-2008 PhpWebGallery Team    http://phpwebgallery.net |
7// | Copyright(C) 2002-2003 Pierrick LE GALL   http://le-gall.net/pierrick |
8// +-----------------------------------------------------------------------+
9// | This program is free software; you can redistribute it and/or modify  |
10// | it under the terms of the GNU General Public License as published by  |
11// | the Free Software Foundation                                          |
12// |                                                                       |
13// | This program is distributed in the hope that it will be useful, but   |
14// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
15// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
16// | General Public License for more details.                              |
17// |                                                                       |
18// | You should have received a copy of the GNU General Public License     |
19// | along with this program; if not, write to the Free Software           |
20// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
21// | USA.                                                                  |
22// +-----------------------------------------------------------------------+
23
24if (!defined('IN_ADMIN'))
25{
26  die('Hacking attempt!');
27}
28
29include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
30
31// +-----------------------------------------------------------------------+
32// | Check Access and exit when user status is not ok                      |
33// +-----------------------------------------------------------------------+
34check_status(ACCESS_ADMINISTRATOR);
35
36// +-----------------------------------------------------------------------+
37// |                            variables init                             |
38// +-----------------------------------------------------------------------+
39
40if (isset($_GET['user_id']) and is_numeric($_GET['user_id']))
41{
42  $page['user'] = $_GET['user_id'];
43}
44else
45{
46  die('user_id URL parameter is missing');
47}
48
49// +-----------------------------------------------------------------------+
50// |                                updates                                |
51// +-----------------------------------------------------------------------+
52
53if (isset($_POST['falsify'])
54    and isset($_POST['cat_true'])
55    and count($_POST['cat_true']) > 0)
56{
57  // if you forbid access to a category, all sub-categories become
58  // automatically forbidden
59  $subcats = get_subcat_ids($_POST['cat_true']);
60  $query = '
61DELETE FROM '.USER_ACCESS_TABLE.'
62  WHERE user_id = '.$page['user'].'
63    AND cat_id IN ('.implode(',', $subcats).')
64;';
65  pwg_query($query);
66}
67else if (isset($_POST['trueify']))
68{
69  add_permission_on_category($_POST['cat_false'], $page['user']);
70}
71
72// +-----------------------------------------------------------------------+
73// |                             template init                             |
74// +-----------------------------------------------------------------------+
75
76$template->set_filenames(
77  array(
78    'user_perm' => 'user_perm.tpl',
79    'double_select' => 'double_select.tpl'
80    )
81  );
82
83$template->assign(
84  array(
85    'TITLE' =>
86      sprintf(
87        l10n('Manage permissions for user "%s"'),
88        get_username($page['user']
89          )
90        ),
91    'L_CAT_OPTIONS_TRUE'=>l10n('Authorized'),
92    'L_CAT_OPTIONS_FALSE'=>l10n('Forbidden'),
93
94    'F_ACTION' =>
95        PHPWG_ROOT_PATH.
96        'admin.php?page=user_perm'.
97        '&amp;user_id='.$page['user']
98    )
99  );
100
101
102// retrieve category ids authorized to the groups the user belongs to
103$group_authorized = array();
104
105$query = '
106SELECT DISTINCT cat_id, c.uppercats, c.global_rank
107  FROM '.USER_GROUP_TABLE.' AS ug
108    INNER JOIN '.GROUP_ACCESS_TABLE.' AS ga
109      ON ug.group_id = ga.group_id
110    INNER JOIN '.CATEGORIES_TABLE.' AS c
111      ON c.id = ga.cat_id
112  WHERE ug.user_id = '.$page['user'].'
113;';
114$result = pwg_query($query);
115
116if (pwg_db_num_rows($result) > 0)
117{
118  $cats = array();
119  while ($row = pwg_db_fetch_assoc($result))
120  {
121    array_push($cats, $row);
122    array_push($group_authorized, $row['cat_id']);
123  }
124  usort($cats, 'global_rank_compare');
125
126  foreach ($cats as $category)
127  {
128    $template->append(
129      'categories_because_of_groups',
130      get_cat_display_name_cache($category['uppercats'], null, false)
131      );
132  }
133}
134
135// only private categories are listed
136$query_true = '
137SELECT id,name,uppercats,global_rank
138  FROM '.CATEGORIES_TABLE.' INNER JOIN '.USER_ACCESS_TABLE.' ON cat_id = id
139  WHERE status = \'private\'
140    AND user_id = '.$page['user'];
141if (count($group_authorized) > 0)
142{
143  $query_true.= '
144    AND cat_id NOT IN ('.implode(',', $group_authorized).')';
145}
146$query_true.= '
147;';
148display_select_cat_wrapper($query_true,array(),'category_option_true');
149
150$result = pwg_query($query_true);
151$authorized_ids = array();
152while ($row = pwg_db_fetch_assoc($result))
153{
154  array_push($authorized_ids, $row['id']);
155}
156
157$query_false = '
158SELECT id,name,uppercats,global_rank
159  FROM '.CATEGORIES_TABLE.'
160  WHERE status = \'private\'';
161if (count($authorized_ids) > 0)
162{
163  $query_false.= '
164    AND id NOT IN ('.implode(',', $authorized_ids).')';
165}
166if (count($group_authorized) > 0)
167{
168  $query_false.= '
169    AND id NOT IN ('.implode(',', $group_authorized).')';
170}
171$query_false.= '
172;';
173display_select_cat_wrapper($query_false,array(),'category_option_false');
174
175// +-----------------------------------------------------------------------+
176// |                           sending html code                           |
177// +-----------------------------------------------------------------------+
178
179$template->assign_var_from_handle('DOUBLE_SELECT', 'double_select');
180$template->assign_var_from_handle('ADMIN_CONTENT', 'user_perm');
181?>
Note: See TracBrowser for help on using the repository browser.