aboutsummaryrefslogtreecommitdiffstats
path: root/admin/user_perm.php
diff options
context:
space:
mode:
Diffstat (limited to 'admin/user_perm.php')
-rw-r--r--admin/user_perm.php159
1 files changed, 98 insertions, 61 deletions
diff --git a/admin/user_perm.php b/admin/user_perm.php
index f8c83d659..66c01e97a 100644
--- a/admin/user_perm.php
+++ b/admin/user_perm.php
@@ -25,50 +25,87 @@
// | USA. |
// +-----------------------------------------------------------------------+
-if( !defined("IN_ADMIN") )
+if (!defined('IN_ADMIN'))
{
- die ("Hacking attempt!");
+ die('Hacking attempt!');
}
-include_once( PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php' );
+include_once(PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php');
$userdata = array();
-if ( isset( $_POST['submituser'] ) )
+if (isset($_POST['submituser']))
{
$userdata = getuserdata($_POST['username']);
}
-elseif (isset($_POST['falsify']) || isset($_POST['trueify']))
+else if (isset($_POST['falsify'])
+ and isset($_POST['cat_true'])
+ and count($_POST['cat_true']) > 0)
{
$userdata = getuserdata(intval($_POST['userid']));
- // cleaning the user_access table for this user
- if (isset($_POST['cat_true']) && count($_POST['cat_true']) > 0)
+ // if you forbid access to a category, all sub-categories become
+ // automatically forbidden
+ $subcats = get_subcat_ids($_POST['cat_true']);
+ $query = '
+DELETE FROM '.USER_ACCESS_TABLE.'
+ WHERE user_id = '.$userdata['id'].'
+ AND cat_id IN ('.implode(',', $subcats).')
+;';
+ pwg_query($query);
+}
+else if (isset($_POST['trueify'])
+ and isset($_POST['cat_false'])
+ and count($_POST['cat_false']) > 0)
+{
+ $userdata = getuserdata(intval($_POST['userid']));
+
+ $uppercats = get_uppercat_ids($_POST['cat_false']);
+ $private_uppercats = array();
+
+ $query = '
+SELECT id
+ FROM '.CATEGORIES_TABLE.'
+ WHERE id IN ('.implode(',', $uppercats).')
+ AND status = \'private\'
+;';
+ $result = pwg_query($query);
+ while ($row = mysql_fetch_array($result))
{
- foreach ($_POST['cat_true'] as $auth_cat)
- {
- $query = 'DELETE FROM '.USER_ACCESS_TABLE;
- $query.= ' WHERE user_id = '.$userdata['id'];
- $query.= ' AND cat_id='.$auth_cat.';';
- pwg_query ( $query );
- }
+ array_push($private_uppercats, $row['id']);
}
+
+ // retrying to authorize a category which is already authorized may cause
+ // an error (in SQL statement), so we need to know which categories are
+ // accesible
+ $authorized_ids = array();
+
+ $query = '
+SELECT cat_id
+ FROM '.USER_ACCESS_TABLE.'
+ WHERE user_id = '.$userdata['id'].'
+;';
+ $result = pwg_query($query);
- if (isset($_POST['cat_false']) && count($_POST['cat_false']) > 0)
+ while ($row = mysql_fetch_array($result))
{
- foreach ($_POST['cat_false'] as $auth_cat)
- {
- $query = 'INSERT INTO '.USER_ACCESS_TABLE;
- $query.= ' (user_id,cat_id) VALUES';
- $query.= ' ('.$userdata['id'].','.$auth_cat.')';
- $query.= ';';
- pwg_query ( $query );
- }
+ array_push($authorized_ids, $row['cat_id']);
+ }
+
+ $inserts = array();
+ $to_autorize_ids = array_diff($private_uppercats, $authorized_ids);
+ foreach ($to_autorize_ids as $to_autorize_id)
+ {
+ array_push($inserts, array('user_id' => $userdata['id'],
+ 'cat_id' => $to_autorize_id));
}
-}
+ mass_inserts(USER_ACCESS_TABLE, array('user_id','cat_id'), $inserts);
+}
//----------------------------------------------------- template initialization
-
-if ( empty($userdata))
+if (empty($userdata))
{
- $template->set_filenames( array('user'=>'admin/user_perm.tpl') );
+ $template->set_filenames(array('user' => 'admin/user_perm.tpl'));
+
+ $base_url = PHPWG_ROOT_PATH.'admin.php?page=';
+
$template->assign_vars(array(
'L_SELECT_USERNAME'=>$lang['Select_username'],
'L_LOOKUP_USER'=>$lang['Look_up_user'],
@@ -76,54 +113,54 @@ if ( empty($userdata))
'L_AUTH_USER'=>$lang['permuser_only_private'],
'L_SUBMIT'=>$lang['submit'],
- 'F_SEARCH_USER_ACTION' => add_session_id(PHPWG_ROOT_PATH.'admin.php?page=user_perm'),
+ 'F_SEARCH_USER_ACTION' => add_session_id($base_url.'user_perm'),
'U_SEARCH_USER' => add_session_id(PHPWG_ROOT_PATH.'admin/search.php')
));
}
else
{
- $cat_url = '<a href="'.add_session_id(PHPWG_ROOT_PATH.'admin.php?page=cat_options&section=status');
- $cat_url .= '">'.$lang['permuser_info_link'].'</a>';
- $template->set_filenames( array('user'=>'admin/cat_options.tpl') );
- $template->assign_vars(array(
- 'L_RESET'=>$lang['reset'],
- 'L_CAT_OPTIONS_TRUE'=>$lang['authorized'],
- 'L_CAT_OPTIONS_FALSE'=>$lang['forbidden'],
- 'L_CAT_OPTIONS_INFO'=>$lang['permuser_info'].'&nbsp;'.$cat_url,
-
- 'HIDDEN_NAME'=> 'userid',
- 'HIDDEN_VALUE'=>$userdata['id'],
- 'F_ACTION' => add_session_id(PHPWG_ROOT_PATH.'admin.php?page=user_perm'),
- ));
-
+ $template->set_filenames(array('user'=>'admin/cat_options.tpl'));
+ $template->assign_vars(
+ array(
+ 'L_RESET'=>$lang['reset'],
+ 'L_CAT_OPTIONS_TRUE'=>$lang['authorized'],
+ 'L_CAT_OPTIONS_FALSE'=>$lang['forbidden'],
+ 'L_CAT_OPTIONS_INFO'=>$lang['permuser_info'],
+
+ 'HIDDEN_NAME'=> 'userid',
+ 'HIDDEN_VALUE'=>$userdata['id'],
+ 'F_ACTION' => add_session_id(PHPWG_ROOT_PATH.'admin.php?page=user_perm'),
+ ));
// only private categories are listed
- $query_true = 'SELECT id,name,uppercats,global_rank FROM '.CATEGORIES_TABLE;
- $query_true.= ' LEFT JOIN '.USER_ACCESS_TABLE.' as u';
- $query_true.= ' ON u.cat_id=id';
- $query_true.= ' WHERE status = \'private\' AND u.user_id='.$userdata['id'].';';
+ $query_true = '
+SELECT id,name,uppercats,global_rank
+ FROM '.CATEGORIES_TABLE.' INNER JOIN '.USER_ACCESS_TABLE.' ON cat_id = id
+ WHERE status = \'private\'
+ AND user_id = '.$userdata['id'].'
+;';
+ display_select_cat_wrapper($query_true,array(),'category_option_true');
+
$result = pwg_query($query_true);
- $categorie_true = array();
- while (!empty($result) && $row = mysql_fetch_array($result))
+ $authorized_ids = array();
+ while ($row = mysql_fetch_array($result))
{
- array_push($categorie_true, $row);
+ array_push($authorized_ids, $row['id']);
}
- $query = 'SELECT id,name,uppercats,global_rank FROM '.CATEGORIES_TABLE;
- $query.= ' WHERE status = \'private\'';
- $result = pwg_query($query);
- $categorie_false = array();
- while ($row = mysql_fetch_array($result))
+ $query_false = '
+SELECT id,name,uppercats,global_rank
+ FROM '.CATEGORIES_TABLE.'
+ WHERE status = \'private\'';
+ if (count($authorized_ids) > 0)
{
- if (!in_array($row,$categorie_true))
- array_push($categorie_false, $row);
+ $query_false.= '
+ AND id NOT IN ('.implode(',', $authorized_ids).')';
}
- usort($categorie_true, 'global_rank_compare');
- usort($categorie_false, 'global_rank_compare');
- display_select_categories($categorie_true, array(), 'category_option_true', true);
- display_select_categories($categorie_false, array(), 'category_option_false', true);
+ $query_false.= '
+;';
+ display_select_cat_wrapper($query_false,array(),'category_option_false');
}
-
//----------------------------------------------------------- sending html code
$template->assign_var_from_handle('ADMIN_CONTENT', 'user');
?>