[25281] | 1 | <?php |
---|
| 2 | // +-----------------------------------------------------------------------+ |
---|
| 3 | // | Piwigo - a PHP based photo gallery | |
---|
| 4 | // +-----------------------------------------------------------------------+ |
---|
[26461] | 5 | // | Copyright(C) 2008-2014 Piwigo Team http://piwigo.org | |
---|
[25281] | 6 | // | Copyright(C) 2003-2008 PhpWebGallery Team http://phpwebgallery.net | |
---|
| 7 | // | Copyright(C) 2002-2003 Pierrick LE GALL http://le-gall.net/pierrick | |
---|
| 8 | // +-----------------------------------------------------------------------+ |
---|
| 9 | // | This program is free software; you can redistribute it and/or modify | |
---|
| 10 | // | it under the terms of the GNU General Public License as published by | |
---|
| 11 | // | the Free Software Foundation | |
---|
| 12 | // | | |
---|
| 13 | // | This program is distributed in the hope that it will be useful, but | |
---|
| 14 | // | WITHOUT ANY WARRANTY; without even the implied warranty of | |
---|
| 15 | // | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
---|
| 16 | // | General Public License for more details. | |
---|
| 17 | // | | |
---|
| 18 | // | You should have received a copy of the GNU General Public License | |
---|
| 19 | // | along with this program; if not, write to the Free Software | |
---|
| 20 | // | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | |
---|
| 21 | // | USA. | |
---|
| 22 | // +-----------------------------------------------------------------------+ |
---|
| 23 | |
---|
| 24 | /** |
---|
| 25 | * API method |
---|
| 26 | * Returns permissions |
---|
| 27 | * @param mixed[] $params |
---|
| 28 | * @option int[] cat_id (optional) |
---|
| 29 | * @option int[] group_id (optional) |
---|
| 30 | * @option int[] user_id (optional) |
---|
| 31 | */ |
---|
| 32 | function ws_permissions_getList($params, &$service) |
---|
| 33 | { |
---|
| 34 | $my_params = array_intersect(array_keys($params), array('cat_id','group_id','user_id')); |
---|
| 35 | if (count($my_params) > 1) |
---|
| 36 | { |
---|
| 37 | return new PwgError(WS_ERR_INVALID_PARAM, 'Too many parameters, provide cat_id OR user_id OR group_id'); |
---|
| 38 | } |
---|
| 39 | |
---|
| 40 | $cat_filter = ''; |
---|
| 41 | if (!empty($params['cat_id'])) |
---|
| 42 | { |
---|
| 43 | $cat_filter = 'WHERE cat_id IN('. implode(',', $params['cat_id']) .')'; |
---|
| 44 | } |
---|
| 45 | |
---|
| 46 | $perms = array(); |
---|
| 47 | |
---|
| 48 | // direct users |
---|
| 49 | $query = ' |
---|
| 50 | SELECT user_id, cat_id |
---|
| 51 | FROM '. USER_ACCESS_TABLE .' |
---|
| 52 | '. $cat_filter .' |
---|
| 53 | ;'; |
---|
| 54 | $result = pwg_query($query); |
---|
| 55 | |
---|
| 56 | while ($row = pwg_db_fetch_assoc($result)) |
---|
| 57 | { |
---|
| 58 | if (!isset($perms[ $row['cat_id'] ])) |
---|
| 59 | { |
---|
[25545] | 60 | $perms[ $row['cat_id'] ]['id'] = intval($row['cat_id']); |
---|
[25281] | 61 | } |
---|
[25545] | 62 | $perms[ $row['cat_id'] ]['users'][] = intval($row['user_id']); |
---|
[25281] | 63 | } |
---|
| 64 | |
---|
| 65 | // indirect users |
---|
| 66 | $query = ' |
---|
| 67 | SELECT ug.user_id, ga.cat_id |
---|
| 68 | FROM '. USER_GROUP_TABLE .' AS ug |
---|
| 69 | INNER JOIN '. GROUP_ACCESS_TABLE .' AS ga |
---|
| 70 | ON ug.group_id = ga.group_id |
---|
| 71 | '. $cat_filter .' |
---|
| 72 | ;'; |
---|
| 73 | $result = pwg_query($query); |
---|
| 74 | |
---|
| 75 | while ($row = pwg_db_fetch_assoc($result)) |
---|
| 76 | { |
---|
| 77 | if (!isset($perms[ $row['cat_id'] ])) |
---|
| 78 | { |
---|
[25545] | 79 | $perms[ $row['cat_id'] ]['id'] = intval($row['cat_id']); |
---|
[25281] | 80 | } |
---|
[25545] | 81 | $perms[ $row['cat_id'] ]['users_indirect'][] = intval($row['user_id']); |
---|
[25281] | 82 | } |
---|
| 83 | |
---|
| 84 | // groups |
---|
| 85 | $query = ' |
---|
| 86 | SELECT group_id, cat_id |
---|
| 87 | FROM '. GROUP_ACCESS_TABLE .' |
---|
| 88 | '. $cat_filter .' |
---|
| 89 | ;'; |
---|
| 90 | $result = pwg_query($query); |
---|
| 91 | |
---|
| 92 | while ($row = pwg_db_fetch_assoc($result)) |
---|
| 93 | { |
---|
| 94 | if (!isset($perms[ $row['cat_id'] ])) |
---|
| 95 | { |
---|
[25545] | 96 | $perms[ $row['cat_id'] ]['id'] = intval($row['cat_id']); |
---|
[25281] | 97 | } |
---|
[25545] | 98 | $perms[ $row['cat_id'] ]['groups'][] = intval($row['group_id']); |
---|
[25281] | 99 | } |
---|
| 100 | |
---|
| 101 | // filter by group and user |
---|
| 102 | foreach ($perms as $cat_id => &$cat) |
---|
| 103 | { |
---|
| 104 | if (isset($filters['group_id'])) |
---|
| 105 | { |
---|
| 106 | if (empty($cat['groups']) or count(array_intersect($cat['groups'], $params['group_id'])) == 0) |
---|
| 107 | { |
---|
| 108 | unset($perms[$cat_id]); |
---|
| 109 | continue; |
---|
| 110 | } |
---|
| 111 | } |
---|
| 112 | if (isset($filters['user_id'])) |
---|
| 113 | { |
---|
| 114 | if ( |
---|
| 115 | (empty($cat['users_indirect']) or count(array_intersect($cat['users_indirect'], $params['user_id'])) == 0) |
---|
| 116 | and (empty($cat['users']) or count(array_intersect($cat['users'], $params['user_id'])) == 0) |
---|
| 117 | ) { |
---|
| 118 | unset($perms[$cat_id]); |
---|
| 119 | continue; |
---|
| 120 | } |
---|
| 121 | } |
---|
| 122 | |
---|
[25545] | 123 | $cat['groups'] = !empty($cat['groups']) ? array_values(array_unique($cat['groups'])) : array(); |
---|
| 124 | $cat['users'] = !empty($cat['users']) ? array_values(array_unique($cat['users'])) : array(); |
---|
| 125 | $cat['users_indirect'] = !empty($cat['users_indirect']) ? array_values(array_unique($cat['users_indirect'])) : array(); |
---|
[25281] | 126 | } |
---|
| 127 | unset($cat); |
---|
| 128 | |
---|
| 129 | return array( |
---|
| 130 | 'categories' => new PwgNamedArray( |
---|
| 131 | array_values($perms), |
---|
| 132 | 'category', |
---|
| 133 | array('id') |
---|
| 134 | ) |
---|
| 135 | ); |
---|
| 136 | } |
---|
| 137 | |
---|
| 138 | /** |
---|
| 139 | * API method |
---|
| 140 | * Add permissions |
---|
| 141 | * @param mixed[] $params |
---|
| 142 | * @option int[] cat_id |
---|
| 143 | * @option int[] group_id (optional) |
---|
| 144 | * @option int[] user_id (optional) |
---|
| 145 | * @option bool recursive |
---|
| 146 | */ |
---|
| 147 | function ws_permissions_add($params, &$service) |
---|
| 148 | { |
---|
| 149 | include_once(PHPWG_ROOT_PATH.'admin/include/functions.php'); |
---|
| 150 | |
---|
| 151 | if (!empty($params['group_id'])) |
---|
| 152 | { |
---|
| 153 | $cat_ids = get_uppercat_ids($params['cat_id']); |
---|
| 154 | if ($params['recursive']) |
---|
| 155 | { |
---|
| 156 | $cat_ids = array_merge($cat_ids, get_subcat_ids($params['cat_id'])); |
---|
| 157 | } |
---|
| 158 | |
---|
| 159 | $query = ' |
---|
| 160 | SELECT id |
---|
| 161 | FROM '. CATEGORIES_TABLE .' |
---|
| 162 | WHERE id IN ('. implode(',', $cat_ids) .') |
---|
| 163 | AND status = \'private\' |
---|
| 164 | ;'; |
---|
| 165 | $private_cats = array_from_query($query, 'id'); |
---|
| 166 | |
---|
| 167 | $inserts = array(); |
---|
| 168 | foreach ($private_cats as $cat_id) |
---|
| 169 | { |
---|
| 170 | foreach ($params['group_id'] as $group_id) |
---|
| 171 | { |
---|
| 172 | $inserts[] = array( |
---|
| 173 | 'group_id' => $group_id, |
---|
| 174 | 'cat_id' => $cat_id |
---|
| 175 | ); |
---|
| 176 | } |
---|
| 177 | } |
---|
| 178 | |
---|
| 179 | mass_inserts( |
---|
| 180 | GROUP_ACCESS_TABLE, |
---|
| 181 | array('group_id','cat_id'), |
---|
| 182 | $inserts, |
---|
| 183 | array('ignore'=>true) |
---|
| 184 | ); |
---|
| 185 | } |
---|
| 186 | |
---|
| 187 | if (!empty($params['user_id'])) |
---|
| 188 | { |
---|
| 189 | if ($params['recursive']) $_POST['apply_on_sub'] = true; |
---|
| 190 | add_permission_on_category($params['cat_id'], $params['user_id']); |
---|
| 191 | } |
---|
| 192 | |
---|
| 193 | return $service->invoke('pwg.permissions.getList', array('cat_id'=>$params['cat_id'])); |
---|
| 194 | } |
---|
| 195 | |
---|
| 196 | /** |
---|
| 197 | * API method |
---|
| 198 | * Removes permissions |
---|
| 199 | * @param mixed[] $params |
---|
| 200 | * @option int[] cat_id |
---|
| 201 | * @option int[] group_id (optional) |
---|
| 202 | * @option int[] user_id (optional) |
---|
| 203 | */ |
---|
| 204 | function ws_permissions_remove($params, &$service) |
---|
| 205 | { |
---|
| 206 | include_once(PHPWG_ROOT_PATH.'admin/include/functions.php'); |
---|
| 207 | |
---|
| 208 | $cat_ids = get_subcat_ids($params['cat_id']); |
---|
| 209 | |
---|
| 210 | if (!empty($params['group_id'])) |
---|
| 211 | { |
---|
| 212 | $query = ' |
---|
| 213 | DELETE |
---|
| 214 | FROM '. GROUP_ACCESS_TABLE .' |
---|
| 215 | WHERE group_id IN ('. implode(',', $params['group_id']).') |
---|
| 216 | AND cat_id IN ('. implode(',', $cat_ids).') |
---|
| 217 | ;'; |
---|
| 218 | pwg_query($query); |
---|
| 219 | } |
---|
| 220 | |
---|
| 221 | if (!empty($params['user_id'])) |
---|
| 222 | { |
---|
| 223 | $query = ' |
---|
| 224 | DELETE |
---|
| 225 | FROM '. USER_ACCESS_TABLE .' |
---|
| 226 | WHERE user_id IN ('. implode(',', $params['user_id']) .') |
---|
| 227 | AND cat_id IN ('. implode(',', $cat_ids) .') |
---|
| 228 | ;'; |
---|
| 229 | pwg_query($query); |
---|
| 230 | } |
---|
| 231 | |
---|
| 232 | return $service->invoke('pwg.permissions.getList', array('cat_id'=>$params['cat_id'])); |
---|
| 233 | } |
---|
| 234 | |
---|
| 235 | ?> |
---|