Changeset 10096


Ignore:
Timestamp:
Apr 6, 2011, 10:53:13 AM (10 years ago)
Author:
plg
Message:

bug 2246 fixed: the new permission system (including moderation) works with
pLoader or any remote software using pwg.images.add or pwg.images.addSimple

For now, you can't create sub-albums and there is email notification to the
administrators.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • extensions/community/main.inc.php

    r9845 r10096  
    156156
    157157add_event_handler('ws_invoke_allowed', 'community_switch_user_to_admin', EVENT_HANDLER_PRIORITY_NEUTRAL, 3);
    158 
    159158function community_switch_user_to_admin($res, $methodName, $params)
    160159{
    161   global $user;
    162 
    163   $methods_of_permission_level[1] = array(
     160  global $user, $community;
     161
     162  if (is_admin())
     163  {
     164    return $res;
     165  }
     166 
     167  $community = array('method' => $methodName);
     168
     169  if ('pwg.images.addSimple' == $community['method'])
     170  {
     171    $community['category'] = $params['category'];
     172  }
     173  elseif ('pwg.images.add' == $community['method'])
     174  {
     175    $community['category'] = $params['categories'];
     176    $community['md5sum'] = $params['original_sum'];
     177  }
     178
     179  // $print_params = $params;
     180  // unset($print_params['data']);
     181  // file_put_contents('/tmp/community.log', '['.$methodName.'] '.json_encode($print_params)."\n" ,FILE_APPEND);
     182
     183  // conditional : depending on community permissions, display the "Add
     184  // photos" link in the gallery menu
     185  $user_permissions = community_get_user_permissions($user['id']);
     186
     187  if (count($user_permissions['upload_categories']) == 0 and !$user_permissions ['create_whole_gallery'])
     188  {
     189    return $res;
     190  }
     191
     192  // if level of trust is low, then we have to set level to 16
     193
     194  $methods = array();
     195  $methods[] = 'pwg.tags.add';
     196  $methods[] = 'pwg.images.exist';
     197  $methods[] = 'pwg.images.add';
     198  $methods[] = 'pwg.images.addSimple';
     199  $methods[] = 'pwg.images.addChunk';
     200  $methods[] = 'pwg.images.checkUpload';
     201  $methods[] = 'pwg.images.checkFiles';
     202  $methods[] = 'pwg.images.setInfo';
     203
     204  // TODO ability to create sub-albums with the web API
     205  $methods_creates = array(
     206    'pwg.categories.add',
     207    'pwg.categories.setInfo',
     208    );
     209   
     210  if (in_array($methodName, $methods))
     211  {
     212    $user['status'] = 'admin';
     213  }
     214
     215  return $res;
     216}
     217
     218add_event_handler('ws_add_methods', 'community_ws_replace_methods', EVENT_HANDLER_PRIORITY_NEUTRAL+5);
     219function community_ws_replace_methods($arr)
     220{
     221  global $conf, $user;
     222 
     223  $service = &$arr[0];
     224
     225  if (is_admin())
     226  {
     227    return;
     228  }
     229
     230  $user_permissions = community_get_user_permissions($user['id']);
     231 
     232  if (count($user_permissions['permission_ids']) == 0)
     233  {
     234    return;
     235  }
     236 
     237  // the plugin Community is activated, the user has upload permissions, we
     238  // use a specific function to list available categories, assuming the use
     239  // want to list categories where upload is possible for him
     240 
     241  $service->addMethod(
    164242    'pwg.categories.getList',
     243    'community_ws_categories_getList',
     244    array(
     245      'cat_id' => array('default'=>0),
     246      'recursive' => array('default'=>false),
     247      'public' => array('default'=>false),
     248      ),
     249    'retrieves a list of categories'
     250    );
     251 
     252  $service->addMethod(
    165253    'pwg.tags.getAdminList',
    166     'pwg.tags.add',
    167     'pwg.images.exist',
    168     'pwg.images.add',
    169     'pwg.images.setInfo',
    170     'pwg.images.addChunk',
    171     'pwg.images.checkUpload',
     254    'community_ws_tags_getAdminList',
     255    array(),
     256    'administration method only'
    172257    );
    173 
    174   // permission_level 2 has all methods of level 1 + others
    175   $methods_of_permission_level[2] = array_merge(
    176     $methods_of_permission_level[1],
    177     array(
    178       'pwg.categories.add',
    179       'pwg.categories.setInfo',
     258}
     259
     260/**
     261 * returns a list of categories (web service method)
     262 */
     263function community_ws_categories_getList($params, &$service)
     264{
     265  global $user, $conf;
     266
     267  $where = array('1=1');
     268  $join_type = 'LEFT';
     269  $join_user = $user['id'];
     270
     271  if (!$params['recursive'])
     272  {
     273    if ($params['cat_id']>0)
     274      $where[] = '(id_uppercat='.(int)($params['cat_id']).'
     275    OR id='.(int)($params['cat_id']).')';
     276    else
     277      $where[] = 'id_uppercat IS NULL';
     278  }
     279  else if ($params['cat_id']>0)
     280  {
     281    $where[] = 'uppercats '.DB_REGEX_OPERATOR.' \'(^|,)'.
     282      (int)($params['cat_id'])
     283      .'(,|$)\'';
     284  }
     285
     286  if ($params['public'])
     287  {
     288    $where[] = 'status = "public"';
     289    $where[] = 'visible = "true"';
     290   
     291    $join_user = $conf['guest_id'];
     292  }
     293
     294  $user_permissions = community_get_user_permissions($user['id']);
     295  $upload_categories = $user_permissions['upload_categories'];
     296  if (count($upload_categories) == 0)
     297  {
     298    $upload_categories = array(-1);
     299  }
     300
     301  $where[] = 'id IN ('.implode(',', $upload_categories).')';
     302
     303  $query = '
     304SELECT
     305    id,
     306    name,
     307    permalink,
     308    uppercats,
     309    global_rank,
     310    comment,
     311    nb_images,
     312    count_images AS total_nb_images,
     313    date_last,
     314    max_date_last,
     315    count_categories AS nb_categories
     316  FROM '.CATEGORIES_TABLE.'
     317   '.$join_type.' JOIN '.USER_CACHE_CATEGORIES_TABLE.' ON id=cat_id AND user_id='.$join_user.'
     318  WHERE '. implode('
     319    AND ', $where);
     320
     321  $result = pwg_query($query);
     322
     323  $cats = array();
     324  while ($row = pwg_db_fetch_assoc($result))
     325  {
     326    $row['url'] = make_index_url(
     327        array(
     328          'category' => $row
     329          )
     330      );
     331    foreach( array('id','nb_images','total_nb_images','nb_categories') as $key)
     332    {
     333      $row[$key] = (int)$row[$key];
     334    }
     335
     336    $row['name'] = strip_tags(
     337      trigger_event(
     338        'render_category_name',
     339        $row['name'],
     340        'ws_categories_getList'
     341        )
     342      );
     343   
     344    $row['comment'] = strip_tags(
     345      trigger_event(
     346        'render_category_description',
     347        $row['comment'],
     348        'ws_categories_getList'
     349        )
     350      );
     351   
     352    array_push($cats, $row);
     353  }
     354  usort($cats, 'global_rank_compare');
     355  return array(
     356    'categories' => new PwgNamedArray(
     357      $cats,
     358      'category',
     359      array(
     360        'id',
     361        'url',
     362        'nb_images',
     363        'total_nb_images',
     364        'nb_categories',
     365        'date_last',
     366        'max_date_last',
     367        )
    180368      )
    181369    );
    182    
     370}
     371
     372function community_ws_tags_getAdminList($params, &$service)
     373{
     374  $tags = get_available_tags();
     375
     376  // keep orphan tags
     377  include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
     378  $orphan_tags = get_orphan_tags();
     379  if (count($orphan_tags) > 0)
     380  {
     381    $orphan_tag_ids = array();
     382    foreach ($orphan_tags as $tag)
     383    {
     384      $orphan_tag_ids[] = $tag['id'];
     385    }
     386   
     387    $query = '
     388SELECT *
     389  FROM '.TAGS_TABLE.'
     390  WHERE id IN ('.implode(',', $orphan_tag_ids).')
     391;';
     392    $result = pwg_query($query);
     393    while ($row = pwg_db_fetch_assoc($result))
     394    {
     395      $tags[] = $row;
     396    }
     397  }
     398
     399  usort($tags, 'tag_alpha_compare');
     400 
     401  return array(
     402    'tags' => new PwgNamedArray(
     403      $tags,
     404      'tag',
     405      array(
     406        'name',
     407        'id',
     408        'url_name',
     409        )
     410      )
     411    );
     412}
     413
     414add_event_handler('sendResponse', 'community_sendResponse');
     415function community_sendResponse($encodedResponse)
     416{
     417  global $community, $user;
     418
     419  if (!isset($community['method']))
     420  {
     421    return;
     422  }
     423
     424  if ('pwg.images.addSimple' == $community['method'])
     425  {
     426    $response = json_decode($encodedResponse);
     427    $image_id = $response->result->image_id;
     428  }
     429  elseif ('pwg.images.add' == $community['method'])
     430  {   
     431    $query = '
     432SELECT
     433    id
     434  FROM '.IMAGES_TABLE.'
     435  WHERE md5sum = \''.$community['md5sum'].'\'
     436  ORDER BY id DESC
     437  LIMIT 1
     438;';
     439    list($image_id) = pwg_db_fetch_row(pwg_query($query));
     440  }
     441  else
     442  {
     443    return;
     444  }
     445 
     446  $image_ids = array($image_id);
     447
     448  // $category_id is set in the photos_add_direct_process.inc.php included script
     449  $category_infos = get_cat_info($community['category']);
     450
     451  // should the photos be moderated?
     452  //
     453  // if one of the user community permissions is not moderated on the path
     454  // to gallery root, then the upload is not moderated. For example, if the
     455  // user is allowed to upload to events/parties with no admin moderation,
     456  // then he's not moderated when uploading in
     457  // events/parties/happyNewYear2011
     458  $moderate = true;
     459
     460  $user_permissions = community_get_user_permissions($user['id']);
    183461  $query = '
    184462SELECT
    185     permission_level
    186   FROM '.COMMUNITY_TABLE.'
    187   WHERE user_id = '.$user['id'].'
     463    cp.category_id,
     464    c.uppercats
     465  FROM '.COMMUNITY_PERMISSIONS_TABLE.' AS cp
     466    LEFT JOIN '.CATEGORIES_TABLE.' AS c ON category_id = c.id
     467  WHERE cp.id IN ('.implode(',', $user_permissions['permission_ids']).')
     468    AND cp.moderated = \'false\'
    188469;';
    189470  $result = pwg_query($query);
    190   if (1 == mysql_num_rows($result))
    191   {
    192     list($permission_level) = mysql_fetch_row($result);
    193 
    194     if (in_array($methodName, $methods_of_permission_level[$permission_level]))
    195     {
    196       $user['status'] = 'admin';
    197     }
    198   }
    199 
    200   return $res;
     471  while ($row = pwg_db_fetch_assoc($result))
     472  {
     473    if (empty($row['category_id']))
     474    {
     475      $moderate = false;
     476    }
     477    elseif (preg_match('/^'.$row['uppercats'].'(,|$)/', $category_infos['uppercats']))
     478    {
     479      $moderate = false;
     480    }
     481  }
     482 
     483  if ($moderate)
     484  {
     485    $inserts = array();
     486
     487    $query = '
     488SELECT
     489    id,
     490    date_available
     491  FROM '.IMAGES_TABLE.'
     492  WHERE id IN ('.implode(',', $image_ids).')
     493;';
     494    $result = pwg_query($query);
     495    while ($row = pwg_db_fetch_assoc($result))
     496    {
     497      array_push(
     498        $inserts,
     499        array(
     500          'image_id' => $row['id'],
     501          'added_on' => $row['date_available'],
     502          'state' => 'moderation_pending',
     503          )
     504        );
     505    }
     506   
     507    mass_inserts(
     508      COMMUNITY_PENDINGS_TABLE,
     509      array_keys($inserts[0]),
     510      $inserts
     511      );
     512   
     513    // the level of a user upload photo with moderation is 16
     514    $level = 16;
     515  }
     516  else
     517  {
     518    // the level of a user upload photo with no moderation is 0
     519    $level = 0;
     520  }
     521
     522  $query = '
     523UPDATE '.IMAGES_TABLE.'
     524  SET level = '.$level.'
     525  WHERE id IN ('.implode(',', $image_ids).')
     526;';
     527  pwg_query($query);
     528
     529  invalidate_user_cache();
    201530}
    202531
Note: See TracChangeset for help on using the changeset viewer.