- modification : admin/group_list screen completely rewrite to present the

  list of existing groups and a form to add a new group. Here you can delete
  a group, go to permissions management for a group, go to member list of a
  group (on admin/user_list with a filter on group).

- modification : admin/user_perm and admin/group_perm are not directly
  reachable by the admin menu anymore. Only the user/group list lets you
  reach user/group permissions management screen.


git-svn-id: http://piwigo.org/svn/trunk@815 68402e56-0260-453c-a942-63ccdbb3a9ee

1 files changed, 57 insertions, 64 deletions

diff --git a/admin/user_perm.php b/admin/user_perm.php
index 2583306a1..f23071696 100644
--- a/admin/user_perm.php
+++ b/admin/user_perm.php
@@ -31,26 +31,34 @@ if (!defined('IN_ADMIN'))
 }
 include_once(PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php');
 
-$userdata = array();
-if (isset($_POST['submituser']))
+// +-----------------------------------------------------------------------+
+// |                            variables init                             |
+// +-----------------------------------------------------------------------+
+
+if (isset($_GET['user_id']) and is_numeric($_GET['user_id']))
 {
-  $userdata = getuserdata($_POST['username']);
+  $page['user'] = $_GET['user_id'];
 }
-else if (isset($_GET['user_id']))
+else
 {
-  $userdata = getuserdata(intval($_GET['user_id']));
+  echo l10n('user_id URL parameter is missing');
+  exit();
 }
-else if (isset($_POST['falsify'])
-         and isset($_POST['cat_true'])
-         and count($_POST['cat_true']) > 0)
+
+// +-----------------------------------------------------------------------+
+// |                                updates                                |
+// +-----------------------------------------------------------------------+
+
+if (isset($_POST['falsify'])
+    and isset($_POST['cat_true'])
+    and count($_POST['cat_true']) > 0)
 {
-  $userdata = getuserdata(intval($_POST['userid']));
   // if you forbid access to a category, all sub-categories become
   // automatically forbidden
   $subcats = get_subcat_ids($_POST['cat_true']);
   $query = '
 DELETE FROM '.USER_ACCESS_TABLE.'
-  WHERE user_id = '.$userdata['id'].'
+  WHERE user_id = '.$page['user'].'
     AND cat_id IN ('.implode(',', $subcats).')
 ;';
   pwg_query($query);
@@ -59,8 +67,6 @@ else if (isset($_POST['trueify'])
          and isset($_POST['cat_false'])
          and count($_POST['cat_false']) > 0)
 {
-  $userdata = getuserdata(intval($_POST['userid']));
-    
   $uppercats = get_uppercat_ids($_POST['cat_false']);
   $private_uppercats = array();
 
@@ -84,7 +90,7 @@ SELECT id
   $query = '
 SELECT cat_id
   FROM '.USER_ACCESS_TABLE.'
-  WHERE user_id = '.$userdata['id'].'
+  WHERE user_id = '.$page['user'].'
 ;';
   $result = pwg_query($query);
   
@@ -97,74 +103,61 @@ SELECT cat_id
   $to_autorize_ids = array_diff($private_uppercats, $authorized_ids);
   foreach ($to_autorize_ids as $to_autorize_id)
   {
-    array_push($inserts, array('user_id' => $userdata['id'],
+    array_push($inserts, array('user_id' => $page['user'],
                                'cat_id' => $to_autorize_id));
   }
 
   mass_inserts(USER_ACCESS_TABLE, array('user_id','cat_id'), $inserts);
 }
 //----------------------------------------------------- template initialization
-if (empty($userdata))
-{
-  $template->set_filenames(array('user' => 'admin/user_perm.tpl'));
-
-  $base_url = PHPWG_ROOT_PATH.'admin.php?page=';
-  
-  $template->assign_vars(array(
-    'L_SELECT_USERNAME'=>$lang['Select_username'],
-    'L_LOOKUP_USER'=>$lang['Look_up_user'],
-    'L_FIND_USERNAME'=>$lang['Find_username'],
-    'L_AUTH_USER'=>$lang['permuser_only_private'],
-    'L_SUBMIT'=>$lang['submit'],
+$template->set_filenames(array('user_perm'=>'admin/cat_options.tpl'));
 
-    'F_SEARCH_USER_ACTION' => add_session_id($base_url.'user_perm'),
-    'U_SEARCH_USER' => add_session_id(PHPWG_ROOT_PATH.'admin/search.php')
-    ));
-}
-else
-{
-  $template->set_filenames(array('user'=>'admin/cat_options.tpl'));
-  $template->assign_vars(
-    array(
-      'L_RESET'=>$lang['reset'],
-      'L_CAT_OPTIONS_TRUE'=>$lang['authorized'],
-      'L_CAT_OPTIONS_FALSE'=>$lang['forbidden'],
-      'L_CAT_OPTIONS_INFO'=>$lang['permuser_info'],
-      
-      'HIDDEN_NAME'=> 'userid',
-      'HIDDEN_VALUE'=>$userdata['id'],
-      'F_ACTION' => add_session_id(PHPWG_ROOT_PATH.'admin.php?page=user_perm'),
-      ));
+$template->assign_vars(
+  array(
+    'L_RESET'=>$lang['reset'],
+    'L_CAT_OPTIONS_TRUE'=>$lang['authorized'],
+    'L_CAT_OPTIONS_FALSE'=>$lang['forbidden'],
+    'L_CAT_OPTIONS_INFO'=>$lang['permuser_info'],
+    
+    'F_ACTION' =>
+      add_session_id(
+        PHPWG_ROOT_PATH.
+        'admin.php?page=user_perm'.
+        '&user_id='.$page['user']
+        )
+    )
+  );
 
-  // only private categories are listed
-  $query_true = '
+// only private categories are listed
+$query_true = '
 SELECT id,name,uppercats,global_rank
   FROM '.CATEGORIES_TABLE.' INNER JOIN '.USER_ACCESS_TABLE.' ON cat_id = id
   WHERE status = \'private\'
-    AND user_id = '.$userdata['id'].'
+    AND user_id = '.$page['user'].'
 ;';
-  display_select_cat_wrapper($query_true,array(),'category_option_true');
+display_select_cat_wrapper($query_true,array(),'category_option_true');
   
-  $result = pwg_query($query_true);
-  $authorized_ids = array();
-  while ($row = mysql_fetch_array($result))
-  {
-    array_push($authorized_ids, $row['id']);
-  }
-  
-  $query_false = '
+$result = pwg_query($query_true);
+$authorized_ids = array();
+while ($row = mysql_fetch_array($result))
+{
+  array_push($authorized_ids, $row['id']);
+}
+
+$query_false = '
 SELECT id,name,uppercats,global_rank
   FROM '.CATEGORIES_TABLE.'
   WHERE status = \'private\'';
-  if (count($authorized_ids) > 0)
-  {
-    $query_false.= '
-    AND id NOT IN ('.implode(',', $authorized_ids).')';
-  }
+if (count($authorized_ids) > 0)
+{
   $query_false.= '
-;';
-  display_select_cat_wrapper($query_false,array(),'category_option_false');
+    AND id NOT IN ('.implode(',', $authorized_ids).')';
 }
+$query_false.= '
+;';
+display_select_cat_wrapper($query_false,array(),'category_option_false');
+
 //----------------------------------------------------------- sending html code
-$template->assign_var_from_handle('ADMIN_CONTENT', 'user');
+
+$template->assign_var_from_handle('ADMIN_CONTENT', 'user_perm');
 ?>