Changeset 11934 for extensions/Icy_Picture_Modify/icy_picture_modify.php

Timestamp:

Aug 12, 2011, 9:13:57 AM (13 years ago)

Author:

icy

Message:

Merge branch 'master' into svn

File:

• extensions/Icy_Picture_Modify/icy_picture_modify.php (modified) (18 diffs)

extensions/Icy_Picture_Modify/icy_picture_modify.php

@@ -58 +58 @@
 
 // Simplify redirect to administrator page if current user == admin
-// FIXME: when a non-existent image_id is provided, the original code
-// FIXME: picture_modify doesn't work well. It should deny to modify
-// FIXME: such picture.
 if (is_admin())
 {
@@ -68 +65 @@
     $url.= '&image_id='.$_GET['image_id'];
     $url.= isset($_GET['cat_id']) ? '&cat_id='.$_GET['cat_id'] : '';
+    // FIXME: What happens if a POST data were sent within admin uid?
     redirect_http($url);
   }
@@ -94 +92 @@
 }
 
+// <find writable categories>
+
+// * Purpose: Find all categories that are reachable for the current user.
+// * FIXME:   This query will include all readable categories, those ones
+//            use can't write to them.
+
+$my_categories = array();
+$my_permissions = null;
+
+// <community support>
+if (is_file(PHPWG_PLUGINS_PATH.'community/include/functions_community.inc.php'))
+{
+  include_once(PHPWG_PLUGINS_PATH.'community/include/functions_community.inc.php');
+  $user_permissions = community_get_user_permissions($user['id']);
+  $my_categories = $user_permissions['upload_categories'];
+}
+// </community support>
+
+// FIXME: what happens if both of the following conditions are true
+// FIXME:    * true == $user_permissions['create_whole_gallery']
+// FIXME:    * 0    <  count($my_categories)
+if (empty($user_permissions) or $user_permissions['create_whole_gallery'])
+{
+  $query = '
+  SELECT category_id
+    FROM '.IMAGE_CATEGORY_TABLE.'
+  ;';
+
+  // list of categories to which the user can access
+  $my_categories = array_diff(
+    array_from_query($query, 'category_id'),
+    explode(',',calculate_permissions($user['id'], $user['status'])));
+}
+// </find writable categories>
 
 // +-----------------------------------------------------------------------+
@@ -128 +160 @@
 ;';
 
-  $authorizeds = array_diff(
-    array_from_query($query, 'category_id'),
-    explode(',', calculate_permissions($user['id'], $user['status']))
-    );
+  $authorizeds = array_intersect($my_categories,
+    array_from_query($query, 'category_id'));
 
   foreach ($authorizeds as $category_id)
@@ -164 +194 @@
 }
 
-//--------------------------------------------------------- update informations
+// +-----------------------------------------------------------------------+
+// |                          update informations                          |
+// +-----------------------------------------------------------------------+
 
 // first, we verify whether there is a mistake on the given creation date
@@ -231 +263 @@
   array_push($page['infos'], l10n('Photo informations updated'));
 }
+
+// +-----------------------------------------------------------------------+
+// |                              associate                                |
+// +-----------------------------------------------------------------------+
 // associate the element to other categories than its storage category
+//
 if (isset($_POST['associate'])
     and isset($_POST['cat_dissociated'])
@@ -239 +276 @@
   associate_images_to_categories(
     array($_GET['image_id']),
-    $_POST['cat_dissociated']
+    array_intersect($_POST['cat_dissociated'], $my_categories)
     );
 }
+
+
 // dissociate the element from categories (but not from its storage category)
 if (isset($_POST['dissociate'])
@@ -248 +287 @@
   )
 {
+  $arr_dissociate = array_intersect($_POST['cat_associated'], $my_categories);
   $query = '
 DELETE FROM '.IMAGE_CATEGORY_TABLE.'
   WHERE image_id = '.$_GET['image_id'].'
-    AND category_id IN ('.implode(',', $_POST['cat_associated']).')
+    AND category_id IN ('.implode(',', $arr_dissociate).')
 ';
   pwg_query($query);
 
-  update_category($_POST['cat_associated']);
-}
-// elect the element to represent the given categories
+  update_category($arr_dissociate);
+}
+// select the element to represent the given categories
 if (isset($_POST['elect'])
     and isset($_POST['cat_dismissed'])
@@ -264 +304 @@
 {
   $datas = array();
-  foreach ($_POST['cat_dismissed'] as $category_id)
-  {
-    array_push($datas,
-               array('id' => $category_id,
-                     'representative_picture_id' => $_GET['image_id']));
-  }
-  $fields = array('primary' => array('id'),
-                  'update' => array('representative_picture_id'));
-  mass_updates(CATEGORIES_TABLE, $fields, $datas);
+  $arr_dimissed = array_intersect($_POST['cat_dismissed'], $my_categories);
+  if (count($arr_dimissed) > 0)
+  {
+    foreach ($arr_dimissed as $category_id)
+    {
+      array_push($datas,
+                 array('id' => $category_id,
+                       'representative_picture_id' => $_GET['image_id']));
+    }
+    $fields = array('primary' => array('id'),
+                    'update' => array('representative_picture_id'));
+    mass_updates(CATEGORIES_TABLE, $fields, $datas);
+  }
 }
 // dismiss the element as representant of the given categories
@@ -280 +324 @@
   )
 {
-  set_random_representant($_POST['cat_elected']);
+  $arr_dismiss = array_intersect($_POST['cat_elected'], $my_categories);
+  if (count($arr_dismiss) > 0)
+  {
+    set_random_representant($arr_dismiss);
+  }
 }
 
@@ -310 +358 @@
 $row = pwg_db_fetch_assoc(pwg_query($query));
 
+// the physical storage directory contains the image
 $storage_category_id = null;
 if (!empty($row['storage_category_id']))
@@ -463 +512 @@
 ;';
 
-$authorizeds = array_diff(
-  array_from_query($query, 'category_id'),
-  explode(
-    ',',
-    calculate_permissions($user['id'], $user['status'])
-    )
-  );
-
+// list of categories (OF THIS IMAGE) to which the user can access
+$authorizeds = array_intersect($my_categories,
+  array_from_query($query, 'category_id'));
+
+// if current category belongs to list of authorized categories
+// we simply provide link to that category
 if (isset($_GET['cat_id'])
     and in_array($_GET['cat_id'], $authorizeds))
@@ -482 +529 @@
     );
 }
+// otherwise we provide links to the *first* category in the list
 else
 {
@@ -493 +541 @@
         )
       );
+    // FIXME: why the first category is selected?
     break;
   }
@@ -507 +556 @@
   FROM '.CATEGORIES_TABLE.'
     INNER JOIN '.IMAGE_CATEGORY_TABLE.' ON id = category_id
-  WHERE image_id = '.$_GET['image_id'];
+  WHERE image_id = '.$_GET['image_id'] . '
+    AND id IN ('. join(",", $my_categories).')';
+// if the image belongs to a physical storage,
+// we simply ignore that storage album
 if (isset($storage_category_id))
 {
@@ -531 +583 @@
   FROM '.CATEGORIES_TABLE.'
   WHERE id NOT IN ('.implode(',', $associateds).')
+  AND id IN ('. join(",", $my_categories).')
 ;';
 display_select_cat_wrapper($query, array(), 'dissociated_options');
@@ -539 +592 @@
   FROM '.CATEGORIES_TABLE.'
   WHERE representative_picture_id = '.$_GET['image_id'].'
+    AND id IN ('. join(",", $my_categories).')
 ;';
 display_select_cat_wrapper($query, array(), 'elected_options');
@@ -545 +599 @@
 SELECT id,name,uppercats,global_rank
   FROM '.CATEGORIES_TABLE.'
-  WHERE representative_picture_id != '.$_GET['image_id'].'
-    OR representative_picture_id IS NULL
+  WHERE id IN ('. join(",", $my_categories).')
+    AND (representative_picture_id != '.$_GET['image_id'].'
+    OR representative_picture_id IS NULL)
 ;';
 display_select_cat_wrapper($query, array(), 'dismissed_options');