source: trunk/admin/user_perm.php @ 2403

Last change on this file since 2403 was 2299, checked in by plg, 17 years ago

Bug fixed: as rvelices notified me by email, my header replacement script was
bugged (r2297 was repeating new and old header).

By the way, I've also removed the replacement keywords. We were using them
because it was a common usage with CVS but it is advised not to use them with
Subversion. Personnaly, it is a problem when I search differences between 2
Piwigo installations outside Subversion.

  • Property svn:eol-style set to LF
  • Property svn:keywords set to Author Date Id Revision
File size: 7.1 KB
Line 
1<?php
2// +-----------------------------------------------------------------------+
3// | Piwigo - a PHP based picture gallery                                  |
4// +-----------------------------------------------------------------------+
5// | Copyright(C) 2008      Piwigo Team                  http://piwigo.org |
6// | Copyright(C) 2003-2008 PhpWebGallery Team    http://phpwebgallery.net |
7// | Copyright(C) 2002-2003 Pierrick LE GALL   http://le-gall.net/pierrick |
8// +-----------------------------------------------------------------------+
9// | This program is free software; you can redistribute it and/or modify  |
10// | it under the terms of the GNU General Public License as published by  |
11// | the Free Software Foundation                                          |
12// |                                                                       |
13// | This program is distributed in the hope that it will be useful, but   |
14// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
15// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
16// | General Public License for more details.                              |
17// |                                                                       |
18// | You should have received a copy of the GNU General Public License     |
19// | along with this program; if not, write to the Free Software           |
20// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
21// | USA.                                                                  |
22// +-----------------------------------------------------------------------+
23
24if (!defined('IN_ADMIN'))
25{
26  die('Hacking attempt!');
27}
28
29include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
30
31// +-----------------------------------------------------------------------+
32// | Check Access and exit when user status is not ok                      |
33// +-----------------------------------------------------------------------+
34check_status(ACCESS_ADMINISTRATOR);
35
36// +-----------------------------------------------------------------------+
37// |                            variables init                             |
38// +-----------------------------------------------------------------------+
39
40if (isset($_GET['user_id']) and is_numeric($_GET['user_id']))
41{
42  $page['user'] = $_GET['user_id'];
43}
44else
45{
46  die('user_id URL parameter is missing');
47}
48
49// +-----------------------------------------------------------------------+
50// |                                updates                                |
51// +-----------------------------------------------------------------------+
52
53if (isset($_POST['falsify'])
54    and isset($_POST['cat_true'])
55    and count($_POST['cat_true']) > 0)
56{
57  // if you forbid access to a category, all sub-categories become
58  // automatically forbidden
59  $subcats = get_subcat_ids($_POST['cat_true']);
60  $query = '
61DELETE FROM '.USER_ACCESS_TABLE.'
62  WHERE user_id = '.$page['user'].'
63    AND cat_id IN ('.implode(',', $subcats).')
64;';
65  pwg_query($query);
66}
67else if (isset($_POST['trueify'])
68         and isset($_POST['cat_false'])
69         and count($_POST['cat_false']) > 0)
70{
71  $uppercats = get_uppercat_ids($_POST['cat_false']);
72  $private_uppercats = array();
73
74  $query = '
75SELECT id
76  FROM '.CATEGORIES_TABLE.'
77  WHERE id IN ('.implode(',', $uppercats).')
78    AND status = \'private\'
79;';
80  $result = pwg_query($query);
81  while ($row = mysql_fetch_array($result))
82  {
83    array_push($private_uppercats, $row['id']);
84  }
85
86  // retrying to authorize a category which is already authorized may cause
87  // an error (in SQL statement), so we need to know which categories are
88  // accesible
89  $authorized_ids = array();
90
91  $query = '
92SELECT cat_id
93  FROM '.USER_ACCESS_TABLE.'
94  WHERE user_id = '.$page['user'].'
95;';
96  $result = pwg_query($query);
97
98  while ($row = mysql_fetch_array($result))
99  {
100    array_push($authorized_ids, $row['cat_id']);
101  }
102
103  $inserts = array();
104  $to_autorize_ids = array_diff($private_uppercats, $authorized_ids);
105  foreach ($to_autorize_ids as $to_autorize_id)
106  {
107    array_push($inserts, array('user_id' => $page['user'],
108                               'cat_id' => $to_autorize_id));
109  }
110
111  mass_inserts(USER_ACCESS_TABLE, array('user_id','cat_id'), $inserts);
112}
113
114// +-----------------------------------------------------------------------+
115// |                             template init                             |
116// +-----------------------------------------------------------------------+
117
118$template->set_filenames(
119  array(
120    'user_perm' => 'admin/user_perm.tpl',
121    'double_select' => 'admin/double_select.tpl'
122    )
123  );
124
125$template->assign(
126  array(
127    'TITLE' =>
128      sprintf(
129        l10n('Manage permissions for user "%s"'),
130        get_username($page['user']
131          )
132        ),
133    'L_CAT_OPTIONS_TRUE'=>l10n('authorized'),
134    'L_CAT_OPTIONS_FALSE'=>l10n('forbidden'),
135
136    'F_ACTION' =>
137        PHPWG_ROOT_PATH.
138        'admin.php?page=user_perm'.
139        '&amp;user_id='.$page['user']
140    )
141  );
142
143
144// retrieve category ids authorized to the groups the user belongs to
145$group_authorized = array();
146
147$query = '
148SELECT DISTINCT cat_id, c.uppercats, c.global_rank
149  FROM '.USER_GROUP_TABLE.' AS ug
150    INNER JOIN '.GROUP_ACCESS_TABLE.' AS ga
151      ON ug.group_id = ga.group_id
152    INNER JOIN '.CATEGORIES_TABLE.' AS c
153      ON c.id = ga.cat_id
154  WHERE ug.user_id = '.$page['user'].'
155;';
156$result = pwg_query($query);
157
158if (mysql_num_rows($result) > 0)
159{
160  $cats = array();
161  while ($row = mysql_fetch_array($result))
162  {
163    array_push($cats, $row);
164    array_push($group_authorized, $row['cat_id']);
165  }
166  usort($cats, 'global_rank_compare');
167
168  foreach ($cats as $category)
169  {
170    $template->append(
171      'categories_because_of_groups',
172      get_cat_display_name_cache($category['uppercats'], null, false)
173      );
174  }
175}
176
177// only private categories are listed
178$query_true = '
179SELECT id,name,uppercats,global_rank
180  FROM '.CATEGORIES_TABLE.' INNER JOIN '.USER_ACCESS_TABLE.' ON cat_id = id
181  WHERE status = \'private\'
182    AND user_id = '.$page['user'];
183if (count($group_authorized) > 0)
184{
185  $query_true.= '
186    AND cat_id NOT IN ('.implode(',', $group_authorized).')';
187}
188$query_true.= '
189;';
190display_select_cat_wrapper($query_true,array(),'category_option_true');
191
192$result = pwg_query($query_true);
193$authorized_ids = array();
194while ($row = mysql_fetch_array($result))
195{
196  array_push($authorized_ids, $row['id']);
197}
198
199$query_false = '
200SELECT id,name,uppercats,global_rank
201  FROM '.CATEGORIES_TABLE.'
202  WHERE status = \'private\'';
203if (count($authorized_ids) > 0)
204{
205  $query_false.= '
206    AND id NOT IN ('.implode(',', $authorized_ids).')';
207}
208if (count($group_authorized) > 0)
209{
210  $query_false.= '
211    AND id NOT IN ('.implode(',', $group_authorized).')';
212}
213$query_false.= '
214;';
215display_select_cat_wrapper($query_false,array(),'category_option_false');
216
217// +-----------------------------------------------------------------------+
218// |                           sending html code                           |
219// +-----------------------------------------------------------------------+
220
221$template->assign_var_from_handle('DOUBLE_SELECT', 'double_select');
222$template->assign_var_from_handle('ADMIN_CONTENT', 'user_perm');
223?>
Note: See TracBrowser for help on using the repository browser.