- Group permission delivery

- Reorganisation of common.lang.php git-svn-id: http://piwigo.org/svn/trunk@671 68402e56-0260-453c-a942-63ccdbb3a9ee
author: gweltas <gweltas@piwigo.org> 2005-01-06 16:33:04 +0000
committer: gweltas <gweltas@piwigo.org> 2005-01-06 16:33:04 +0000
commit: 22e0536a05bbb6bca313dd05225bc4bb1963e0dc (patch)
tree: 89d5975d8ed2365a63b5263136c28cd3095e5e8e /admin/group_perm.php
parent: 0d8918b7d89eac72238ac2ea990f2ec4668d9e0a (diff)
1 files changed, 124 insertions, 85 deletions
diff --git a/admin/group_perm.php b/admin/group_perm.php
index c60ed7420..ea81ac818 100644
--- a/admin/group_perm.php
+++ b/admin/group_perm.php
@@ -24,105 +24,144 @@
 // | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
 // | USA.                                                                  |
 // +-----------------------------------------------------------------------+
-include_once( './admin/include/isadmin.inc.php' );
-//----------------------------------------------------- template initialization
-$sub = $vtp->Open( './template/'.$user['template'].'/admin/group_perm.vtp' );
-$error = array();
-$tpl = array( 'permuser_authorized','permuser_forbidden','submit',
-              'permuser_parent_forbidden','permuser_info_message',
-              'adduser_info_back','permuser_only_private' );
-templatize_array( $tpl, 'lang', $sub );
-$vtp->setGlobalVar( $sub, 'user_template', $user['template'] );
+if( !defined("PHPWG_ROOT_PATH") )
+{
+	die ("Hacking attempt!");
+}
+
+include_once( PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php' );
 //--------------------------------------------------------------------- updates
-if ( isset( $_POST['submit'] ) )
+if (isset($_POST['falsify'])
+         and isset($_POST['cat_true'])
+         and count($_POST['cat_true']) > 0)
 {
-  // cleaning the user_access table for this group
-  $query = 'DELETE FROM '.PREFIX_TABLE.'group_access';
-  $query.= ' WHERE group_id = '.$_GET['group_id'];
-  $query.= ';';
-  pwg_query( $query );
-  // selecting all private categories
-  $query = 'SELECT id';
-  $query.= ' FROM '.PREFIX_TABLE.'categories';
-  $query.= " WHERE status = 'private'";
-  $query.= ';';
-  $result = pwg_query( $query );
-  while ( $row = mysql_fetch_array( $result ) )
-  {
-    $radioname = 'access-'.$row['id'];
-    if ( $_POST[$radioname] == 0 )
-    {
-      $query = 'INSERT INTO '.PREFIX_TABLE.'group_access';
-      $query.= ' (group_id,cat_id) VALUES';
-      $query.= ' ('.$_GET['group_id'].','.$row['id'].')';
-      $query.= ';';
-      pwg_query ( $query );
-    }
-  }
-  // checking users favorites
-  $query = 'SELECT id';
-  $query.= ' FROM '.USERS_TABLE;
-  $query.= ';';
-  $result = pwg_query( $query );
-  while ( $row = mysql_fetch_array( $result ) )
-  {
-    check_favorites( $row['id'] );
-  }
-  // synchronization of calculated data
-  synchronize_group( $_GET['group_id'] );
-  // confirmation display
-  $vtp->addSession( $sub, 'confirmation' );
-  $url = './admin.php?page=group_list';
-  $vtp->setVar( $sub, 'confirmation.back_url', add_session_id( $url ) );
-  $vtp->closeSession( $sub, 'confirmation' );
+  // if you forbid access to a category, all sub-categories become
+  // automatically forbidden
+  $subcats = get_subcat_ids($_POST['cat_true']);
+  $query = 'DELETE FROM '.GROUP_ACCESS_TABLE.'
+    WHERE group_id = '.$_POST['group_id'].'
+    AND cat_id IN ('.implode(',', $subcats).');';
+  pwg_query($query);
 }
-//---------------------------------------------------------------- form display
-$restrictions = get_group_restrictions( $_GET['group_id'] );
-$action = './admin.php?page=group_perm&amp;group_id='.$_GET['group_id'];
-$vtp->setVar( $sub, 'action', add_session_id( $action ) );
-// only private categories are listed
-$query = 'SELECT id';
-$query.= ' FROM '.PREFIX_TABLE.'categories';
-$query.= " WHERE status = 'private'";
-$query.= ';';
-$result = pwg_query( $query );
-while ( $row = mysql_fetch_array( $result ) )
+else if (isset($_POST['trueify'])
+         and isset($_POST['cat_false'])
+         and count($_POST['cat_false']) > 0)
 {
-  $vtp->addSession( $sub, 'category' );
-  $vtp->setVar( $sub, 'category.id', $row['id'] );
-  $url = './admin.php?page=cat_perm&amp;cat_id='.$row['id'];
-  $vtp->setVar( $sub, 'category.cat_perm_link', add_session_id( $url ) );
-  // Is the group allowed to access this category
-  $is_group_allowed = is_group_allowed( $row['id'], $restrictions );
-  if ( $is_group_allowed == 0 )
+  $uppercats = get_uppercat_ids($_POST['cat_false']);
+  $private_uppercats = array();
+
+  $query = 'SELECT id
+    FROM '.CATEGORIES_TABLE.'
+    WHERE id IN ('.implode(',', $uppercats).')
+    AND status = \'private\';';
+  $result = pwg_query($query);
+  while ($row = mysql_fetch_array($result))
   {
-    $vtp->setVar( $sub, 'category.color', 'green' );
+    array_push($private_uppercats, $row['id']);
   }
-  else
+
+  // retrying to authorize a category which is already authorized may cause
+  // an error (in SQL statement), so we need to know which categories are
+  // accesible
+  $authorized_ids = array();
+    
+  $query = 'SELECT cat_id
+  FROM '.GROUP_ACCESS_TABLE.'
+  WHERE group_id = '.$_POST['group_id'].';';
+  $result = pwg_query($query);
+  
+  while ($row = mysql_fetch_array($result))
   {
-    $vtp->setVar( $sub, 'category.color', 'red' );
+    array_push($authorized_ids, $row['cat_id']);
   }
-  // category name
-  $cat_infos = get_cat_info( $row['id'] );
-  $name = get_cat_display_name($cat_infos['name']);
-  $vtp->setVar( $sub, 'category.name', $name );
-  // any subcat forbidden for this group ?
-  if ( $is_group_allowed == 2 )
+  
+  $inserts = array();
+  $to_autorize_ids = array_diff($private_uppercats, $authorized_ids);
+  foreach ($to_autorize_ids as $to_autorize_id)
   {
-    $vtp->addSession( $sub, 'parent_forbidden' );
-    $vtp->closeSession( $sub, 'parent_forbidden' );
+    array_push($inserts, array('group_id' => $_POST['group_id'],
+                               'cat_id' => $to_autorize_id));
   }
-  // forbidden or authorized access ?
-  if ( $is_group_allowed == 0 or $is_group_allowed == 2 )
+
+  mass_inserts(GROUP_ACCESS_TABLE, array('group_id','cat_id'), $inserts);
+}
+
+//----------------------------------------------------- template initialization
+$query = 'SELECT id,name FROM '.GROUPS_TABLE;
+$query.= ' ORDER BY id ASC;';
+$result = pwg_query( $query );
+$groups_display = '<select name="group_id">';
+$groups_nb=0;
+while ( $row = mysql_fetch_array( $result ) )
+{
+  $groups_nb++;
+  $selected = '';
+  if (isset($_POST['group_id']) && $_POST['group_id']==$row['id'])
+		$selected = 'selected';
+  $groups_display .= '<option value="' . $row['id'] . '" '.$selected.'>' . $row['name']  . '</option>';
+}
+$groups_display .= '</select>';
+
+$action = PHPWG_ROOT_PATH.'admin.php?page=group_perm';
+$template->set_filenames( array('groups'=>'admin/group_perm.tpl') );
+$template->assign_vars(array(
+  'S_GROUP_SELECT'=>$groups_display,
+  'L_GROUP_SELECT'=>$lang['group_list_title'],
+  'L_LOOK_UP'=>$lang['edit'],
+  'S_GROUP_ACTION'=>add_session_id($action)
+  ));
+  
+if ($groups_nb) 
+{
+  $template->assign_block_vars('select_box',array());
+}
+
+if ( isset( $_POST['edit']) || isset($_POST['falsify']) || isset($_POST['trueify']))
+{
+  $template->set_filenames(array('groups_auth'=>'admin/cat_options.tpl'));
+  $template->assign_vars(array(
+      'L_RESET'=>$lang['reset'],
+      'L_CAT_OPTIONS_TRUE'=>$lang['authorized'],
+      'L_CAT_OPTIONS_FALSE'=>$lang['forbidden'],
+      'L_CAT_OPTIONS_INFO'=>$lang['permuser_info'],
+      
+      'HIDDEN_NAME'=> 'group_id',
+      'HIDDEN_VALUE'=>$_POST['group_id'],
+      'F_ACTION' => add_session_id(PHPWG_ROOT_PATH.'admin.php?page=group_perm'),
+  ));
+  
+  // only private categories are listed
+  $query_true = '
+SELECT id,name,uppercats,global_rank
+  FROM '.CATEGORIES_TABLE.' INNER JOIN '.GROUP_ACCESS_TABLE.' ON cat_id = id
+  WHERE status = \'private\'
+    AND group_id = '.$_POST['group_id'].'
+;';
+  display_select_cat_wrapper($query_true,array(),'category_option_true');
+  
+  $result = pwg_query($query_true);
+  $authorized_ids = array();
+  while ($row = mysql_fetch_array($result))
   {
-    $vtp->setVar( $sub, 'category.authorized_checked', ' checked="checked"' );
+    array_push($authorized_ids, $row['id']);
   }
-  else
+  
+  $query_false = '
+SELECT id,name,uppercats,global_rank
+  FROM '.CATEGORIES_TABLE.'
+  WHERE status = \'private\'';
+  if (count($authorized_ids) > 0)
   {
-    $vtp->setVar( $sub, 'category.forbidden_checked', ' checked="checked"' );
+    $query_false.= '
+    AND id NOT IN ('.implode(',', $authorized_ids).')';
   }
-  $vtp->closeSession( $sub, 'category' );
+  $query_false.= '
+;';
+  display_select_cat_wrapper($query_false,array(),'category_option_false');
+  
+  $template->assign_var_from_handle('ADMIN_CONTENT_2', 'groups_auth');
 }
 //----------------------------------------------------------- sending html code
-$vtp->Parse( $handle , 'sub', $sub );
+$template->assign_var_from_handle('ADMIN_CONTENT', 'groups');
+
 ?>
author	gweltas <gweltas@piwigo.org>	2005-01-06 16:33:04 +0000
committer	gweltas <gweltas@piwigo.org>	2005-01-06 16:33:04 +0000
commit	22e0536a05bbb6bca313dd05225bc4bb1963e0dc (patch)
tree	89d5975d8ed2365a63b5263136c28cd3095e5e8e /admin/group_perm.php
parent	0d8918b7d89eac72238ac2ea990f2ec4668d9e0a (diff)