Ignore:
Timestamp:
Mar 3, 2011, 10:12:57 PM (13 years ago)
Author:
plg
Message:

a permission may not automatically apply to sub-albums

in the upload form, the album list does not show private (and unreachable for
the user) albums and public albums that contains photos invisible to the user.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • extensions/community/add_photos.php

    r9450 r9500  
    5151  {
    5252    // is the user authorized to upload in this album?
    53     if (!$user_permissions['upload_whole_gallery'])
    54     {
    55       if (!in_array($_POST['category'], $user_permissions['upload_categories']))
    56       {
    57         echo 'Hacking attempt, you have no permission to upload in this album';
    58         $hacking_attempt = true;
    59       }
     53    if (!in_array($_POST['category'], $user_permissions['upload_categories']))
     54    {
     55      echo 'Hacking attempt, you have no permission to upload in this album';
     56      $hacking_attempt = true;
    6057    }
    6158  }
    6259  elseif ('new' == $_POST['category_type'])
    6360  {
    64     if (!$user_permissions['create_whole_gallery'])
    65     {
    66       if (!in_array($_POST['category_parent'], $user_permissions['create_categories']))
    67       {
    68         echo 'Hacking attempt, you have no permission to create this album';
    69         $hacking_attempt = true;
    70       }
     61    if (!in_array($_POST['category_parent'], $user_permissions['create_categories']))
     62    {
     63      echo 'Hacking attempt, you have no permission to create this album';
     64      $hacking_attempt = true;
    7165    }
    7266  }
     
    291285include_once(PHPWG_ROOT_PATH.'admin/include/photos_add_direct_prepare.inc.php');
    292286
    293 if (!$user_permissions['upload_whole_gallery'])
    294 {
    295   // we have to change the list of uploadable albums
    296   $query = '
     287// we have to change the list of uploadable albums
     288$query = '
    297289SELECT id,name,uppercats,global_rank
    298290  FROM '.CATEGORIES_TABLE.'
     
    300292;';
    301293
    302   display_select_cat_wrapper(
    303     $query,
    304     $selected_category,
    305     'category_options'
    306     );
    307 }
     294display_select_cat_wrapper(
     295  $query,
     296  $selected_category,
     297  'category_options'
     298  );
    308299
    309300$create_subcategories = false;
    310301
    311 if ($user_permissions['create_whole_gallery'] or count($user_permissions['create_categories']) > 0)
     302if (count($user_permissions['create_categories']) > 0)
    312303{
    313304  $create_subcategories = true;
     
    316307  $query = '
    317308SELECT id,name,uppercats,global_rank
    318   FROM '.CATEGORIES_TABLE;
    319  
    320   if (!$user_permissions['create_whole_gallery'])
    321   {
    322     $query.= '
    323   WHERE id IN ('.implode(',', $user_permissions['create_categories']).')';
    324   }
    325 
    326   $query.= '
     309  FROM '.CATEGORIES_TABLE.'
     310  WHERE id IN ('.implode(',', $user_permissions['create_categories']).')
    327311;';
    328312
     
    358342$title = l10n('Upload Photos');
    359343$page['body_id'] = 'theUploadPage';
    360 // include(PHPWG_ROOT_PATH.'include/page_header.php');
    361 // $template->pparse('add_photos');
    362 // include(PHPWG_ROOT_PATH.'include/page_tail.php');
    363344
    364345$template->assign_var_from_handle('PLUGIN_INDEX_CONTENT_BEGIN', 'add_photos');
Note: See TracChangeset for help on using the changeset viewer.