From b09c66fdc3aedc5d09a8b082facbf58f5b5e0478 Mon Sep 17 00:00:00 2001
From: plegall <plg@piwigo.org>
Date: Sat, 17 Mar 2012 00:47:17 +0000
Subject: feature 2594: redesign on album permission screen. The choice
 "public/private" is not on the "properties" tab anymore. Simpler ergonomy to
 select grant users and groups.

git-svn-id: http://piwigo.org/svn/trunk@13580 68402e56-0260-453c-a942-63ccdbb3a9ee
---
 admin/cat_perm.php | 241 +++++++++++++++++++++++++++++------------------------
 1 file changed, 132 insertions(+), 109 deletions(-)

(limited to 'admin/cat_perm.php')

diff --git a/admin/cat_perm.php b/admin/cat_perm.php
index 3dc9c1e21..7b555e3be 100644
--- a/admin/cat_perm.php
+++ b/admin/cat_perm.php
@@ -37,122 +37,160 @@ check_status(ACCESS_ADMINISTRATOR);
 // |                       variable initialization                         |
 // +-----------------------------------------------------------------------+
 
-// if the category is not correct (not numeric, not private)
-if (isset($_GET['cat']) and is_numeric($_GET['cat']))
-{
-  $query = '
-SELECT status
-  FROM '.CATEGORIES_TABLE.'
-  WHERE id = '.$_GET['cat'].'
-;';
-  list($status) = pwg_db_fetch_row(pwg_query($query));
-  
-  if ('private' == $status)
-  {
-    $page['cat'] = $_GET['cat'];
-  }
-}
-
-if (!isset($page['cat']))
-{
-  $query = '
-SELECT id
-  FROM '.CATEGORIES_TABLE.'
-  WHERE status = \'private\'
-  LIMIT 1
-;';
-
-  list($page['cat']) = pwg_db_fetch_row(pwg_query($query));
-}
+$page['cat'] = $category['id'];
 
 // +-----------------------------------------------------------------------+
 // |                           form submission                             |
 // +-----------------------------------------------------------------------+
-if (isset($_POST['deny_groups_submit']) or isset($_POST['grant_groups_submit']) or isset($_POST['deny_users_submit']) or isset($_POST['grant_users_submit']) )
+
+if (!empty($_POST))
 {
   check_pwg_token();
-}
 
-if (isset($_POST['deny_groups_submit'])
-         and isset($_POST['deny_groups'])
-         and count($_POST['deny_groups']) > 0)
-{
-  // if you forbid access to a category, all sub-categories become
-  // automatically forbidden
-  $query = '
+  if ($category['status'] != $_POST['status'])
+  {
+    set_cat_status(array($page['cat']), $_POST['status']);
+    $category['status'] = $_POST['status'];
+  }
+
+  if ('private' == $_POST['status'])
+  {
+    //
+    // manage groups
+    //
+    $query = '
+SELECT group_id
+  FROM '.GROUP_ACCESS_TABLE.'
+  WHERE cat_id = '.$page['cat'].'
+;';
+    $groups_granted = array_from_query($query, 'group_id');
+
+    if (!isset($_POST['groups']))
+    {
+      $_POST['groups'] = array();
+    }
+    
+    //
+    // remove permissions to groups
+    //
+    $deny_groups = array_diff($groups_granted, $_POST['groups']);
+    if (count($deny_groups) > 0)
+    {
+      // if you forbid access to an album, all sub-albums become
+      // automatically forbidden
+      $query = '
 DELETE
   FROM '.GROUP_ACCESS_TABLE.'
-  WHERE group_id IN ('.implode(',', $_POST['deny_groups']).')
+  WHERE group_id IN ('.implode(',', $deny_groups).')
     AND cat_id IN ('.implode(',', get_subcat_ids(array($page['cat']))).')
 ;';
-  pwg_query($query);
-}
-else if (isset($_POST['grant_groups_submit'])
-         and isset($_POST['grant_groups'])
-         and count($_POST['grant_groups']) > 0)
-{
-  $cat_ids = (isset($_POST['apply_on_sub'])) ? implode(',', get_subcat_ids(array($page['cat']))).",".implode(',', get_uppercat_ids(array($page['cat']))) : implode(',', get_uppercat_ids(array($page['cat'])));
+      pwg_query($query);
+    }
 
-  $query = '
+    //
+    // add permissions to groups
+    //
+    $grant_groups = array_diff($_POST['groups'], $groups_granted);
+    if (count($grant_groups) > 0)
+    {
+      $cat_ids = get_uppercat_ids(array($page['cat']));
+      if (isset($_POST['apply_on_sub']))
+      {
+        $cat_ids = array_merge($cat_ids, get_subcat_ids(array($page['cat'])));
+      }
+      
+      $query = '
 SELECT id
   FROM '.CATEGORIES_TABLE.'
-  WHERE id IN ('.$cat_ids.')
-  AND status = \'private\'
+  WHERE id IN ('.implode(',', $cat_ids).')
+    AND status = \'private\'
 ;';
-  $private_cats = array_from_query($query, 'id');
+      $private_cats = array_from_query($query, 'id');
 
-  // We must not reinsert already existing lines in group_access table
-  $granteds = array();
-  foreach ($private_cats as $cat_id)
-  {
-    $granteds[$cat_id] = array();
-  }
+      // We must not reinsert already existing lines in group_access table
+      $granteds = array();
+      foreach ($private_cats as $cat_id)
+      {
+        $granteds[$cat_id] = array();
+      }
   
-  $query = '
-SELECT group_id, cat_id
+      $query = '
+SELECT
+    group_id,
+    cat_id
   FROM '.GROUP_ACCESS_TABLE.'
   WHERE cat_id IN ('.implode(',', $private_cats).')
-    AND group_id IN ('.implode(',', $_POST['grant_groups']).')
+    AND group_id IN ('.implode(',', $grant_groups).')
 ;';
-  $result = pwg_query($query);
-  while ($row = pwg_db_fetch_assoc($result))
-  {
-    array_push($granteds[$row['cat_id']], $row['group_id']);
-  }
+      $result = pwg_query($query);
+      while ($row = pwg_db_fetch_assoc($result))
+      {
+        array_push($granteds[$row['cat_id']], $row['group_id']);
+      }
 
-  $inserts = array();
-  
-  foreach ($private_cats as $cat_id)
-  {
-    $group_ids = array_diff($_POST['grant_groups'], $granteds[$cat_id]);
-    foreach ($group_ids as $group_id)
-    {
-      array_push($inserts, array('group_id' => $group_id,
-                                 'cat_id' => $cat_id));
+      $inserts = array();
+      
+      foreach ($private_cats as $cat_id)
+      {
+        $group_ids = array_diff($grant_groups, $granteds[$cat_id]);
+        foreach ($group_ids as $group_id)
+        {
+          array_push(
+            $inserts,
+            array(
+              'group_id' => $group_id,
+              'cat_id' => $cat_id
+              )
+            );
+        }
+      }
+
+      mass_inserts(GROUP_ACCESS_TABLE, array('group_id','cat_id'), $inserts);
     }
-  }
 
-  mass_inserts(GROUP_ACCESS_TABLE, array('group_id','cat_id'), $inserts);
-}
-else if (isset($_POST['deny_users_submit'])
-         and isset($_POST['deny_users'])
-         and count($_POST['deny_users']) > 0)
-{
-  // if you forbid access to a category, all sub-categories become
-  // automatically forbidden
-  $query = '
+    //
+    // users
+    //
+    $query = '
+SELECT user_id
+  FROM '.USER_ACCESS_TABLE.'
+  WHERE cat_id = '.$page['cat'].'
+;';
+    $users_granted = array_from_query($query, 'user_id');
+
+    if (!isset($_POST['users']))
+    {
+      $_POST['users'] = array();
+    }
+    
+    //
+    // remove permissions to users
+    //
+    $deny_users = array_diff($users_granted, $_POST['users']);
+    if (count($deny_users) > 0)
+    {
+      // if you forbid access to an album, all sub-album become automatically
+      // forbidden
+      $query = '
 DELETE
   FROM '.USER_ACCESS_TABLE.'
-  WHERE user_id IN ('.implode(',', $_POST['deny_users']).')
+  WHERE user_id IN ('.implode(',', $deny_users).')
     AND cat_id IN ('.implode(',', get_subcat_ids(array($page['cat']))).')
 ;';
-  pwg_query($query);
-}
-else if (isset($_POST['grant_users_submit'])
-         and isset($_POST['grant_users'])
-         and count($_POST['grant_users']) > 0)
-{
-  add_permission_on_category($page['cat'], $_POST['grant_users']);
+      pwg_query($query);
+    }
+
+    //
+    // add permissions to users
+    //
+    $grant_users = array_diff($_POST['users'], $users_granted);
+    if (count($grant_users) > 0)
+    {
+      add_permission_on_category($page['cat'], $grant_users);
+    }
+  }
+
+  array_push($page['infos'], l10n('Album updated successfully'));
 }
 
 // +-----------------------------------------------------------------------+
@@ -170,6 +208,7 @@ $template->assign(
         ),
     'U_HELP' => get_root_url().'admin/popuphelp.php?page=cat_perm',
     'F_ACTION' => $admin_album_base_url.'-permissions',
+    'private' => ('private' == $category['status']),
     )
   );
 
@@ -188,7 +227,7 @@ SELECT id, name
   ORDER BY name ASC
 ;';
 $groups = simple_hash_from_query($query, 'id', 'name');
-$template->assign('all_groups', $groups);
+$template->assign('groups', $groups);
 
 // groups granted to access the category
 $query = '
@@ -197,14 +236,7 @@ SELECT group_id
   WHERE cat_id = '.$page['cat'].'
 ;';
 $group_granted_ids = array_from_query($query, 'group_id');
-$group_granted_ids = order_by_name($group_granted_ids, $groups);
-$template->assign('group_granted_ids', $group_granted_ids);
-
-
-// groups denied
-$template->assign('group_denied_ids',
-    order_by_name(array_diff(array_keys($groups), $group_granted_ids), $groups)
-  );
+$template->assign('groups_selected', $group_granted_ids);
 
 // users...
 $users = array();
@@ -215,7 +247,7 @@ SELECT '.$conf['user_fields']['id'].' AS id,
   FROM '.USERS_TABLE.'
 ;';
 $users = simple_hash_from_query($query, 'id', 'username');
-$template->assign('all_users', $users);
+$template->assign('users', $users);
 
 
 $query = '
@@ -224,9 +256,7 @@ SELECT user_id
   WHERE cat_id = '.$page['cat'].'
 ;';
 $user_granted_direct_ids = array_from_query($query, 'user_id');
-$user_granted_direct_ids = order_by_name($user_granted_direct_ids, $users);
-$template->assign('user_granted_direct_ids', $user_granted_direct_ids);
-
+$template->assign('users_selected', $user_granted_direct_ids);
 
 
 $user_granted_indirect_ids = array();
@@ -282,13 +312,6 @@ SELECT user_id, group_id
   }
 }
 
-$user_denied_ids = array_diff(array_keys($users),
-                              $user_granted_indirect_ids,
-                              $user_granted_direct_ids);
-$user_denied_ids = order_by_name($user_denied_ids, $users);
-$template->assign('user_denied_ids', $user_denied_ids);
-
-
 // +-----------------------------------------------------------------------+
 // |                           sending html code                           |
 // +-----------------------------------------------------------------------+
-- 
cgit v1.2.3