aboutsummaryrefslogtreecommitdiffstats
path: root/admin/cat_perm.php
diff options
context:
space:
mode:
authorplegall <plg@piwigo.org>2012-03-17 00:47:17 +0000
committerplegall <plg@piwigo.org>2012-03-17 00:47:17 +0000
commitb09c66fdc3aedc5d09a8b082facbf58f5b5e0478 (patch)
treeb7c1ff0637f044248c284f8a2da3f1edc9d4427d /admin/cat_perm.php
parentf3e2beed8cd7e3042b2d82ad9c6efc012a32fe13 (diff)
feature 2594: redesign on album permission screen. The choice "public/private"
is not on the "properties" tab anymore. Simpler ergonomy to select grant users and groups. git-svn-id: http://piwigo.org/svn/trunk@13580 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to '')
-rw-r--r--admin/cat_perm.php241
1 files changed, 132 insertions, 109 deletions
diff --git a/admin/cat_perm.php b/admin/cat_perm.php
index 3dc9c1e21..7b555e3be 100644
--- a/admin/cat_perm.php
+++ b/admin/cat_perm.php
@@ -37,122 +37,160 @@ check_status(ACCESS_ADMINISTRATOR);
// | variable initialization |
// +-----------------------------------------------------------------------+
-// if the category is not correct (not numeric, not private)
-if (isset($_GET['cat']) and is_numeric($_GET['cat']))
-{
- $query = '
-SELECT status
- FROM '.CATEGORIES_TABLE.'
- WHERE id = '.$_GET['cat'].'
-;';
- list($status) = pwg_db_fetch_row(pwg_query($query));
-
- if ('private' == $status)
- {
- $page['cat'] = $_GET['cat'];
- }
-}
-
-if (!isset($page['cat']))
-{
- $query = '
-SELECT id
- FROM '.CATEGORIES_TABLE.'
- WHERE status = \'private\'
- LIMIT 1
-;';
-
- list($page['cat']) = pwg_db_fetch_row(pwg_query($query));
-}
+$page['cat'] = $category['id'];
// +-----------------------------------------------------------------------+
// | form submission |
// +-----------------------------------------------------------------------+
-if (isset($_POST['deny_groups_submit']) or isset($_POST['grant_groups_submit']) or isset($_POST['deny_users_submit']) or isset($_POST['grant_users_submit']) )
+
+if (!empty($_POST))
{
check_pwg_token();
-}
-if (isset($_POST['deny_groups_submit'])
- and isset($_POST['deny_groups'])
- and count($_POST['deny_groups']) > 0)
-{
- // if you forbid access to a category, all sub-categories become
- // automatically forbidden
- $query = '
+ if ($category['status'] != $_POST['status'])
+ {
+ set_cat_status(array($page['cat']), $_POST['status']);
+ $category['status'] = $_POST['status'];
+ }
+
+ if ('private' == $_POST['status'])
+ {
+ //
+ // manage groups
+ //
+ $query = '
+SELECT group_id
+ FROM '.GROUP_ACCESS_TABLE.'
+ WHERE cat_id = '.$page['cat'].'
+;';
+ $groups_granted = array_from_query($query, 'group_id');
+
+ if (!isset($_POST['groups']))
+ {
+ $_POST['groups'] = array();
+ }
+
+ //
+ // remove permissions to groups
+ //
+ $deny_groups = array_diff($groups_granted, $_POST['groups']);
+ if (count($deny_groups) > 0)
+ {
+ // if you forbid access to an album, all sub-albums become
+ // automatically forbidden
+ $query = '
DELETE
FROM '.GROUP_ACCESS_TABLE.'
- WHERE group_id IN ('.implode(',', $_POST['deny_groups']).')
+ WHERE group_id IN ('.implode(',', $deny_groups).')
AND cat_id IN ('.implode(',', get_subcat_ids(array($page['cat']))).')
;';
- pwg_query($query);
-}
-else if (isset($_POST['grant_groups_submit'])
- and isset($_POST['grant_groups'])
- and count($_POST['grant_groups']) > 0)
-{
- $cat_ids = (isset($_POST['apply_on_sub'])) ? implode(',', get_subcat_ids(array($page['cat']))).",".implode(',', get_uppercat_ids(array($page['cat']))) : implode(',', get_uppercat_ids(array($page['cat'])));
+ pwg_query($query);
+ }
- $query = '
+ //
+ // add permissions to groups
+ //
+ $grant_groups = array_diff($_POST['groups'], $groups_granted);
+ if (count($grant_groups) > 0)
+ {
+ $cat_ids = get_uppercat_ids(array($page['cat']));
+ if (isset($_POST['apply_on_sub']))
+ {
+ $cat_ids = array_merge($cat_ids, get_subcat_ids(array($page['cat'])));
+ }
+
+ $query = '
SELECT id
FROM '.CATEGORIES_TABLE.'
- WHERE id IN ('.$cat_ids.')
- AND status = \'private\'
+ WHERE id IN ('.implode(',', $cat_ids).')
+ AND status = \'private\'
;';
- $private_cats = array_from_query($query, 'id');
+ $private_cats = array_from_query($query, 'id');
- // We must not reinsert already existing lines in group_access table
- $granteds = array();
- foreach ($private_cats as $cat_id)
- {
- $granteds[$cat_id] = array();
- }
+ // We must not reinsert already existing lines in group_access table
+ $granteds = array();
+ foreach ($private_cats as $cat_id)
+ {
+ $granteds[$cat_id] = array();
+ }
- $query = '
-SELECT group_id, cat_id
+ $query = '
+SELECT
+ group_id,
+ cat_id
FROM '.GROUP_ACCESS_TABLE.'
WHERE cat_id IN ('.implode(',', $private_cats).')
- AND group_id IN ('.implode(',', $_POST['grant_groups']).')
+ AND group_id IN ('.implode(',', $grant_groups).')
;';
- $result = pwg_query($query);
- while ($row = pwg_db_fetch_assoc($result))
- {
- array_push($granteds[$row['cat_id']], $row['group_id']);
- }
+ $result = pwg_query($query);
+ while ($row = pwg_db_fetch_assoc($result))
+ {
+ array_push($granteds[$row['cat_id']], $row['group_id']);
+ }
- $inserts = array();
-
- foreach ($private_cats as $cat_id)
- {
- $group_ids = array_diff($_POST['grant_groups'], $granteds[$cat_id]);
- foreach ($group_ids as $group_id)
- {
- array_push($inserts, array('group_id' => $group_id,
- 'cat_id' => $cat_id));
+ $inserts = array();
+
+ foreach ($private_cats as $cat_id)
+ {
+ $group_ids = array_diff($grant_groups, $granteds[$cat_id]);
+ foreach ($group_ids as $group_id)
+ {
+ array_push(
+ $inserts,
+ array(
+ 'group_id' => $group_id,
+ 'cat_id' => $cat_id
+ )
+ );
+ }
+ }
+
+ mass_inserts(GROUP_ACCESS_TABLE, array('group_id','cat_id'), $inserts);
}
- }
- mass_inserts(GROUP_ACCESS_TABLE, array('group_id','cat_id'), $inserts);
-}
-else if (isset($_POST['deny_users_submit'])
- and isset($_POST['deny_users'])
- and count($_POST['deny_users']) > 0)
-{
- // if you forbid access to a category, all sub-categories become
- // automatically forbidden
- $query = '
+ //
+ // users
+ //
+ $query = '
+SELECT user_id
+ FROM '.USER_ACCESS_TABLE.'
+ WHERE cat_id = '.$page['cat'].'
+;';
+ $users_granted = array_from_query($query, 'user_id');
+
+ if (!isset($_POST['users']))
+ {
+ $_POST['users'] = array();
+ }
+
+ //
+ // remove permissions to users
+ //
+ $deny_users = array_diff($users_granted, $_POST['users']);
+ if (count($deny_users) > 0)
+ {
+ // if you forbid access to an album, all sub-album become automatically
+ // forbidden
+ $query = '
DELETE
FROM '.USER_ACCESS_TABLE.'
- WHERE user_id IN ('.implode(',', $_POST['deny_users']).')
+ WHERE user_id IN ('.implode(',', $deny_users).')
AND cat_id IN ('.implode(',', get_subcat_ids(array($page['cat']))).')
;';
- pwg_query($query);
-}
-else if (isset($_POST['grant_users_submit'])
- and isset($_POST['grant_users'])
- and count($_POST['grant_users']) > 0)
-{
- add_permission_on_category($page['cat'], $_POST['grant_users']);
+ pwg_query($query);
+ }
+
+ //
+ // add permissions to users
+ //
+ $grant_users = array_diff($_POST['users'], $users_granted);
+ if (count($grant_users) > 0)
+ {
+ add_permission_on_category($page['cat'], $grant_users);
+ }
+ }
+
+ array_push($page['infos'], l10n('Album updated successfully'));
}
// +-----------------------------------------------------------------------+
@@ -170,6 +208,7 @@ $template->assign(
),
'U_HELP' => get_root_url().'admin/popuphelp.php?page=cat_perm',
'F_ACTION' => $admin_album_base_url.'-permissions',
+ 'private' => ('private' == $category['status']),
)
);
@@ -188,7 +227,7 @@ SELECT id, name
ORDER BY name ASC
;';
$groups = simple_hash_from_query($query, 'id', 'name');
-$template->assign('all_groups', $groups);
+$template->assign('groups', $groups);
// groups granted to access the category
$query = '
@@ -197,14 +236,7 @@ SELECT group_id
WHERE cat_id = '.$page['cat'].'
;';
$group_granted_ids = array_from_query($query, 'group_id');
-$group_granted_ids = order_by_name($group_granted_ids, $groups);
-$template->assign('group_granted_ids', $group_granted_ids);
-
-
-// groups denied
-$template->assign('group_denied_ids',
- order_by_name(array_diff(array_keys($groups), $group_granted_ids), $groups)
- );
+$template->assign('groups_selected', $group_granted_ids);
// users...
$users = array();
@@ -215,7 +247,7 @@ SELECT '.$conf['user_fields']['id'].' AS id,
FROM '.USERS_TABLE.'
;';
$users = simple_hash_from_query($query, 'id', 'username');
-$template->assign('all_users', $users);
+$template->assign('users', $users);
$query = '
@@ -224,9 +256,7 @@ SELECT user_id
WHERE cat_id = '.$page['cat'].'
;';
$user_granted_direct_ids = array_from_query($query, 'user_id');
-$user_granted_direct_ids = order_by_name($user_granted_direct_ids, $users);
-$template->assign('user_granted_direct_ids', $user_granted_direct_ids);
-
+$template->assign('users_selected', $user_granted_direct_ids);
$user_granted_indirect_ids = array();
@@ -282,13 +312,6 @@ SELECT user_id, group_id
}
}
-$user_denied_ids = array_diff(array_keys($users),
- $user_granted_indirect_ids,
- $user_granted_direct_ids);
-$user_denied_ids = order_by_name($user_denied_ids, $users);
-$template->assign('user_denied_ids', $user_denied_ids);
-
-
// +-----------------------------------------------------------------------+
// | sending html code |
// +-----------------------------------------------------------------------+