Changeset 9500


Ignore:
Timestamp:
Mar 3, 2011, 10:12:57 PM (9 years ago)
Author:
plg
Message:

a permission may not automatically apply to sub-albums

in the upload form, the album list does not show private (and unreachable for
the user) albums and public albums that contains photos invisible to the user.

Location:
extensions/community
Files:
5 edited

Legend:

Unmodified
Added
Removed
  • extensions/community/add_photos.php

    r9450 r9500  
    5151  {
    5252    // is the user authorized to upload in this album?
    53     if (!$user_permissions['upload_whole_gallery'])
    54     {
    55       if (!in_array($_POST['category'], $user_permissions['upload_categories']))
    56       {
    57         echo 'Hacking attempt, you have no permission to upload in this album';
    58         $hacking_attempt = true;
    59       }
     53    if (!in_array($_POST['category'], $user_permissions['upload_categories']))
     54    {
     55      echo 'Hacking attempt, you have no permission to upload in this album';
     56      $hacking_attempt = true;
    6057    }
    6158  }
    6259  elseif ('new' == $_POST['category_type'])
    6360  {
    64     if (!$user_permissions['create_whole_gallery'])
    65     {
    66       if (!in_array($_POST['category_parent'], $user_permissions['create_categories']))
    67       {
    68         echo 'Hacking attempt, you have no permission to create this album';
    69         $hacking_attempt = true;
    70       }
     61    if (!in_array($_POST['category_parent'], $user_permissions['create_categories']))
     62    {
     63      echo 'Hacking attempt, you have no permission to create this album';
     64      $hacking_attempt = true;
    7165    }
    7266  }
     
    291285include_once(PHPWG_ROOT_PATH.'admin/include/photos_add_direct_prepare.inc.php');
    292286
    293 if (!$user_permissions['upload_whole_gallery'])
    294 {
    295   // we have to change the list of uploadable albums
    296   $query = '
     287// we have to change the list of uploadable albums
     288$query = '
    297289SELECT id,name,uppercats,global_rank
    298290  FROM '.CATEGORIES_TABLE.'
     
    300292;';
    301293
    302   display_select_cat_wrapper(
    303     $query,
    304     $selected_category,
    305     'category_options'
    306     );
    307 }
     294display_select_cat_wrapper(
     295  $query,
     296  $selected_category,
     297  'category_options'
     298  );
    308299
    309300$create_subcategories = false;
    310301
    311 if ($user_permissions['create_whole_gallery'] or count($user_permissions['create_categories']) > 0)
     302if (count($user_permissions['create_categories']) > 0)
    312303{
    313304  $create_subcategories = true;
     
    316307  $query = '
    317308SELECT id,name,uppercats,global_rank
    318   FROM '.CATEGORIES_TABLE;
    319  
    320   if (!$user_permissions['create_whole_gallery'])
    321   {
    322     $query.= '
    323   WHERE id IN ('.implode(',', $user_permissions['create_categories']).')';
    324   }
    325 
    326   $query.= '
     309  FROM '.CATEGORIES_TABLE.'
     310  WHERE id IN ('.implode(',', $user_permissions['create_categories']).')
    327311;';
    328312
     
    358342$title = l10n('Upload Photos');
    359343$page['body_id'] = 'theUploadPage';
    360 // include(PHPWG_ROOT_PATH.'include/page_header.php');
    361 // $template->pparse('add_photos');
    362 // include(PHPWG_ROOT_PATH.'include/page_tail.php');
    363344
    364345$template->assign_var_from_handle('PLUGIN_INDEX_CONTENT_BEGIN', 'add_photos');
  • extensions/community/admin_permissions.php

    r9375 r9500  
    7474    'user_id' => ('user' == $_POST['who']) ? $_POST['who_user'] : null,
    7575    'category_id' => ($_POST['category'] > 0) ? $_POST['category'] : null,
     76    'recursive' => isset($_POST['recursive']) ? 'true' : 'false',
    7677    'create_subcategories' => isset($_POST['create_subcategories']) ? 'true' : 'false',
    7778    'moderated' => $_POST['moderate'],
    7879    );
     80 
    7981  mass_inserts(
    8082    COMMUNITY_PERMISSIONS_TABLE,
     
    324326      'TRUST' => $trust,
    325327      'TRUST_TOOLTIP' => $trust_tooltip,
     328      'RECURSIVE' => get_boolean($permission['recursive']),
     329      'RECURSIVE_TOOLTIP' => l10n('Apply to sub-albums'),
    326330      'CREATE_SUBCATEGORIES' => get_boolean($permission['create_subcategories']),
    327331      'U_DELETE' => $admin_base_url.'&delete='.$permission['id']
  • extensions/community/admin_permissions.tpl

    r9372 r9500  
    1010    $("[name^=who_]").hide();
    1111    $("[name=who_"+$(this).attr("value")+"]").show();
     12  });
     13
     14  function checkWhereOptions() {
     15    var recursive = $("input[name=recursive]");
     16    var create = $("input[name=create_subcategories]");
     17
     18    if ($("select[name=category] option:selected").val() == 0) {
     19      $(recursive).attr("disabled", true);
     20      $(recursive).attr('checked', true);
     21    }
     22    else {
     23      $(recursive).removeAttr("disabled");
     24    }
     25
     26    if (!$(recursive).is(':checked')) {
     27      $(create).attr('checked', false);
     28      $(create).attr("disabled", true);
     29    }
     30    else {
     31      $(create).removeAttr("disabled");
     32    }
     33  }
     34
     35  checkWhereOptions();
     36
     37  $("select[name=category]").change(function() {
     38    checkWhereOptions();
     39  });
     40
     41  $("input[name=recursive]").change(function() {
     42    checkWhereOptions();
    1243  });
    1344
     
    5990      </select>
    6091      <br>
     92      <label><input type="checkbox" name="recursive" checked="checked"> {'Apply to sub-albums'|@translate}</label>
     93      <br>
    6194      <label><input type="checkbox" name="create_subcategories"> {'ability to create sub-albums'|@translate}</label>
    6295    </p>
     
    88121    <td>
    89122      <span title="{$permission.TRUST_TOOLTIP}">{$permission.TRUST}</span>
     123    {if $permission.RECURSIVE}
     124, <span title="{$permission.RECURSIVE_TOOLTIP}">{'sub-albums'|@translate}</span>
     125    {/if}
    90126    {if $permission.CREATE_SUBCATEGORIES}
    91127, {'sub-albums creation'|@translate}
  • extensions/community/include/functions_community.inc.php

    r9452 r9500  
    2424function community_get_user_permissions($user_id)
    2525{
    26   global $conf;
    27 
    28   if (is_admin())
    29   {
    30     return array(
    31       'upload_whole_gallery' => true,
    32       'create_whole_gallery' => true,
    33       'create_categories' => array(),
    34       'upload_categories' => array(),
    35       'permission_ids' => array(),
    36       );
    37   }
     26  global $conf, $user;
    3827
    3928  $return = array(
     
    5847    id,
    5948    category_id,
     49    recursive,
    6050    create_subcategories
    6151  FROM '.COMMUNITY_PERMISSIONS_TABLE.'
     
    7868;';
    7969
     70  $recursive_categories = array();
     71
    8072  $result = pwg_query($query);
    8173  while ($row = pwg_db_fetch_assoc($result))
     
    9082    {
    9183      array_push($return['upload_categories'], $row['category_id']);
     84
     85      if ('true' == $row['recursive'])
     86      {
     87        array_push($recursive_categories, $row['category_id']);
     88      }
    9289    }
    9390
     
    105102  }
    106103
    107   if (!$return['upload_whole_gallery'] and count($return['upload_categories']) > 0)
    108   {
    109     $return['upload_categories'] = get_subcat_ids($return['upload_categories']);
    110   }
    111 
    112   if (!$return ['create_whole_gallery'] and count($return['create_categories']) > 0)
    113   {
     104  if (is_admin())
     105  {
     106    $return ['upload_whole_gallery'] = true;
     107    $return ['create_whole_gallery'] = true;
     108  }
     109
     110  // these are categories with access permission but considering the user
     111  // has a level 8 (maximum level). We want to keep categories with no
     112  // photos inside (for nobody)
     113  $forbidden_categories = calculate_permissions($user['id'], $user['status']);
     114 
     115  $empty_categories = array_diff(
     116    explode(',', $user['forbidden_categories']),
     117    explode(',', $forbidden_categories)
     118    );
     119
     120  if (count($empty_categories) > 0)
     121  {
     122    $query = '
     123SELECT
     124    category_id
     125  FROM '.IMAGE_CATEGORY_TABLE.'
     126    JOIN '.IMAGES_TABLE.'
     127  WHERE category_id IN ('.implode(',', $empty_categories).')
     128    AND level > '.$user['level'].'
     129    AND level <= 8
     130  GROUP BY category_id
     131;';
     132    $not_really_empty_categories = array_keys(hash_from_query($query, 'category_id'));
     133    $forbidden_categories.= ','.implode(',', $not_really_empty_categories);
     134  }
     135
     136  $query = '
     137SELECT
     138    id
     139  FROM '.CATEGORIES_TABLE.'
     140;';
     141  $all_categories = array_keys(hash_from_query($query, 'id'));
     142
     143  if ($return['upload_whole_gallery'])
     144  {
     145    $return['upload_categories'] = array_diff(
     146      $all_categories,
     147      explode(',', $forbidden_categories)
     148      );
     149  }
     150  elseif (count($return['upload_categories']) > 0)
     151  {
     152    if (count($recursive_categories) > 0)
     153    {
     154      $return['upload_categories'] = array_unique(
     155        array_merge(
     156          $return['upload_categories'],
     157          get_subcat_ids($recursive_categories)
     158          )
     159        );
     160    }
     161
     162    $return['upload_categories'] = array_diff(
     163      $return['upload_categories'],
     164      explode(',', $forbidden_categories)
     165      );
     166  }
     167
     168  if ($return ['create_whole_gallery'])
     169  {
     170    $return['create_categories'] = array_diff(
     171      $all_categories,
     172      explode(',', $forbidden_categories)
     173      );
     174  }
     175  elseif (count($return['create_categories']) > 0)
     176  {
     177    // no need to check for "recursive", an upload permission can't be
     178    // "create_subcategories" without being "recursive"
    114179    $return['create_categories'] = get_subcat_ids($return['create_categories']);
     180
     181    $return['create_categories'] = array_diff(
     182      $return['create_categories'],
     183      explode(',', $forbidden_categories)
     184      );
    115185  }
    116186
  • extensions/community/maintain.inc.php

    r9441 r9500  
    1919  user_id smallint(5) DEFAULT NULL,
    2020  category_id smallint(5) unsigned DEFAULT NULL,
     21  recursive enum(\'true\',\'false\') NOT NULL DEFAULT \'true\',
    2122  create_subcategories enum(\'true\',\'false\') NOT NULL DEFAULT \'false\',
    2223  moderated enum(\'true\',\'false\') NOT NULL DEFAULT \'true\',
     
    4546  "user_id" INTEGER,
    4647  "category_id" INTEGER,
     48  "recursive" BOOLEAN default true,
    4749  "create_subcategories" BOOLEAN default false,
    4850  "moderated" BOOLEAN default true,
     
    7173  "user_id" INTEGER,
    7274  "category_id" INTEGER,
     75  "recursive" BOOLEAN default true,
    7376  "create_subcategories" BOOLEAN default false,
    7477  "moderated" BOOLEAN default true,
Note: See TracChangeset for help on using the changeset viewer.