diff options
author | plegall <plg@piwigo.org> | 2004-12-25 19:33:36 +0000 |
---|---|---|
committer | plegall <plg@piwigo.org> | 2004-12-25 19:33:36 +0000 |
commit | 4c8d18de5b904eddaa900deca20c7d6f7ac928d1 (patch) | |
tree | 0eb36bf58ca6f4ae7018f13ecb64705fc09ca299 /admin | |
parent | 30d71ba9cb7870ae2ee2fba58d1bc157159484e5 (diff) |
- user permissions ask update at each admin page generation. Table
user_forbidden must be updated only if current user is not in
administrative section
- bug fixed : category.php, error on page title when non category selected
- admin/search : bug on variable $PHP_SELF, replaced by $_SERVER['PHP_SELF']
- admin/user_perm : inheritence management. When a category become
authorized, all parent categories become authorized, when a category
become forbidden, all child category become forbidden
- no more recursivity in delete_categories function
- new function get_fs_directories for future new method of synchronization
- new function get_uppercat_ids replacing several pieces of code doing the
same
- new function get_fulldirs used for metadata function get_filelist and
future new method of synchronization
- new function get_fs for future new method of synchronization
- typo correction on lang item "about_message"
- no link to category privacy status management on user permission anymore
(giving the menu item instead)
git-svn-id: http://piwigo.org/svn/trunk@657 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to '')
-rw-r--r-- | admin.php | 8 | ||||
-rw-r--r-- | admin/include/functions.php | 288 | ||||
-rw-r--r-- | admin/include/functions_metadata.php | 51 | ||||
-rw-r--r-- | admin/search.php | 2 | ||||
-rw-r--r-- | admin/user_perm.php | 159 |
5 files changed, 354 insertions, 154 deletions
@@ -246,4 +246,12 @@ else } $template->pparse('admin'); include(PHPWG_ROOT_PATH.'include/page_tail.php'); +// +-----------------------------------------------------------------------+ +// | order permission refreshment | +// +-----------------------------------------------------------------------+ +$query = ' +UPDATE '.USER_FORBIDDEN_TABLE.' + SET need_update = \'true\' +;'; +pwg_query($query); ?> diff --git a/admin/include/functions.php b/admin/include/functions.php index fdf1da91c..41d3f0c8b 100644 --- a/admin/include/functions.php +++ b/admin/include/functions.php @@ -199,12 +199,17 @@ function delete_categories($ids) { return; } + + // add sub-category ids to the given ids : if a category is deleted, all + // sub-categories must be so + $ids = get_subcat_ids($ids); // destruction of all the related elements $query = ' SELECT id FROM '.IMAGES_TABLE.' - WHERE storage_category_id IN ('.implode(',', $ids).') + WHERE storage_category_id IN ( +'.wordwrap(implode(', ', $ids), 80, "\n").') ;'; $result = pwg_query($query); $element_ids = array(); @@ -217,43 +222,30 @@ SELECT id // destruction of the links between images and this category $query = ' DELETE FROM '.IMAGE_CATEGORY_TABLE.' - WHERE category_id IN ('.implode(',', $ids).') + WHERE category_id IN ( +'.wordwrap(implode(', ', $ids), 80, "\n").') ;'; pwg_query($query); // destruction of the access linked to the category $query = ' DELETE FROM '.USER_ACCESS_TABLE.' - WHERE cat_id IN ('.implode(',', $ids).') + WHERE cat_id IN ( +'.wordwrap(implode(', ', $ids), 80, "\n").') ;'; pwg_query($query); $query = ' DELETE FROM '.GROUP_ACCESS_TABLE.' - WHERE cat_id IN ('.implode(',', $ids).') + WHERE cat_id IN ( +'.wordwrap(implode(', ', $ids), 80, "\n").') ;'; pwg_query($query); - // destruction of the sub-categories - $query = ' -SELECT id - FROM '.CATEGORIES_TABLE.' - WHERE id_uppercat IN ('.implode(',', $ids).') -;'; - $result = pwg_query($query); - $subcat_ids = array(); - while($row = mysql_fetch_array($result)) - { - array_push($subcat_ids, $row['id']); - } - if (count($subcat_ids) > 0) - { - delete_categories($subcat_ids); - } - // destruction of the category $query = ' DELETE FROM '.CATEGORIES_TABLE.' - WHERE id IN ('.implode(',', $ids).') + WHERE id IN ( +'.wordwrap(implode(', ', $ids), 80, "\n").') ;'; pwg_query($query); @@ -763,6 +755,46 @@ function get_category_directories( $basedir ) return $sub_dirs; } +/** + * returns an array containing sub-directories which can be a category, + * recursive by default + * + * directories nammed "thumbnail", "pwg_high" or "pwg_representative" are + * omitted + * + * @param string $basedir + * @return array + */ +function get_fs_directories($path, $recursive = true) +{ + $dirs = array(); + + if (is_dir($path)) + { + if ($contents = opendir($path)) + { + while (($node = readdir($contents)) !== false) + { + if (is_dir($path.'/'.$node) + and $node != '.' + and $node != '..' + and $node != 'thumbnail' + and $node != 'pwg_high' + and $node != 'pwg_representative') + { + array_push($dirs, $path.'/'.$node); + if ($recursive) + { + $dirs = array_merge($dirs, get_fs_directories($path.'/'.$node)); + } + } + } + } + } + + return $dirs; +} + // my_error returns (or send to standard output) the message concerning the // error occured for the last mysql query. function my_error($header, $echo = true) @@ -1008,20 +1040,7 @@ function set_cat_visible($categories, $value) // unlocking a category => all its parent categories become unlocked if ($value == 'true') { - $uppercats = array(); - $query = ' -SELECT uppercats - FROM '.CATEGORIES_TABLE.' - WHERE id IN ('.implode(',', $categories).') -;'; - $result = pwg_query($query); - while ($row = mysql_fetch_array($result)) - { - $uppercats = array_merge($uppercats, - explode(',', $row['uppercats'])); - } - $uppercats = array_unique($uppercats); - + $uppercats = get_uppercat_ids($categories); $query = ' UPDATE '.CATEGORIES_TABLE.' SET visible = \'true\' @@ -1059,20 +1078,7 @@ function set_cat_status($categories, $value) // make public a category => all its parent categories become public if ($value == 'public') { - $uppercats = array(); - $query = ' -SELECT uppercats - FROM '.CATEGORIES_TABLE.' - WHERE id IN ('.implode(',', $categories).') -;'; - $result = pwg_query($query); - while ($row = mysql_fetch_array($result)) - { - $uppercats = array_merge($uppercats, - explode(',', $row['uppercats'])); - } - $uppercats = array_unique($uppercats); - + $uppercats = get_uppercat_ids($categories); $query = ' UPDATE '.CATEGORIES_TABLE.' SET status = \'public\' @@ -1094,6 +1100,37 @@ UPDATE '.CATEGORIES_TABLE.' } /** + * returns all uppercats category ids of the given category ids + * + * @param array cat_ids + * @return array + */ +function get_uppercat_ids($cat_ids) +{ + if (!is_array($cat_ids) or count($cat_ids) < 1) + { + return array(); + } + + $uppercats = array(); + + $query = ' +SELECT uppercats + FROM '.CATEGORIES_TABLE.' + WHERE id IN ('.implode(',', $cat_ids).') +;'; + $result = pwg_query($query); + while ($row = mysql_fetch_array($result)) + { + $uppercats = array_merge($uppercats, + explode(',', $row['uppercats'])); + } + $uppercats = array_unique($uppercats); + + return $uppercats; +} + +/** * set a new random representant to the categories * * @param array categories @@ -1157,4 +1194,155 @@ SELECT id, if(id_uppercat is null,\'\',id_uppercat) AS id_uppercat $fields = array('primary' => array('id'), 'update' => array('rank')); mass_updates(CATEGORIES_TABLE, $fields, $datas); } + +/** + * returns the fulldir for each given category id + * + * @param array cat_ids + * @return array + */ +function get_fulldirs($cat_ids) +{ + if (count($cat_ids) == 0) + { + return array(); + } + + // caching directories of existing categories + $query = ' +SELECT id, dir + FROM '.CATEGORIES_TABLE.' + WHERE dir IS NOT NULL +;'; + $result = pwg_query($query); + $cat_dirs = array(); + while ($row = mysql_fetch_array($result)) + { + $cat_dirs[$row['id']] = $row['dir']; + } + + // filling $uppercats_array : to each category id the uppercats list is + // associated + $uppercats_array = array(); + + $query = ' +SELECT id, uppercats + FROM '.CATEGORIES_TABLE.' + WHERE id IN ( +'.wordwrap(implode(', ', $cat_ids), 80, "\n").') +;'; + $result = pwg_query($query); + while ($row = mysql_fetch_array($result)) + { + $uppercats_array[$row['id']] = $row['uppercats']; + } + + $query = ' +SELECT galleries_url + FROM '.SITES_TABLE.' + WHERE id = 1 +'; + $row = mysql_fetch_array(pwg_query($query)); + $basedir = $row['galleries_url']; + + // filling $cat_fulldirs + $cat_fulldirs = array(); + foreach ($uppercats_array as $cat_id => $uppercats) + { + $uppercats = str_replace(',', '/', $uppercats); + $cat_fulldirs[$cat_id] = $basedir.preg_replace('/(\d+)/e', + "\$cat_dirs['$1']", + $uppercats); + } + + return $cat_fulldirs; +} + +/** + * returns an array with all file system files according to + * $conf['file_ext'] + * + * @param string $path + * @param bool recursive + * @return array + */ +function get_fs($path, $recursive = true) +{ + global $conf; + + // because isset is faster than in_array... + if (!isset($conf['flip_picture_ext'])) + { + $conf['flip_picture_ext'] = array_flip($conf['picture_ext']); + } + if (!isset($conf['flip_file_ext'])) + { + $conf['flip_file_ext'] = array_flip($conf['file_ext']); + } + + $fs['elements'] = array(); + $fs['thumbnails'] = array(); + $fs['representatives'] = array(); + $subdirs = array(); + + if (is_dir($path)) + { + if ($contents = opendir($path)) + { + while (($node = readdir($contents)) !== false) + { + if (is_file($path.'/'.$node)) + { + $extension = get_extension($node); + +// if (in_array($extension, $conf['picture_ext'])) + if (isset($conf['flip_picture_ext'][$extension])) + { + if (basename($path) == 'thumbnail') + { + array_push($fs['thumbnails'], $path.'/'.$node); + } + else if (basename($path) == 'pwg_representative') + { + array_push($fs['representatives'], $path.'/'.$node); + } + else + { + array_push($fs['elements'], $path.'/'.$node); + } + } +// else if (in_array($extension, $conf['file_ext'])) + else if (isset($conf['flip_file_ext'][$extension])) + { + array_push($fs['elements'], $path.'/'.$node); + } + } + else if (is_dir($path.'/'.$node) + and $node != '.' + and $node != '..' + and $node != 'pwg_high' + and $recursive) + { + array_push($subdirs, $node); + } + } + } + closedir($contents); + + foreach ($subdirs as $subdir) + { + $tmp_fs = get_fs($path.'/'.$subdir); + + $fs['elements'] = array_merge($fs['elements'], + $tmp_fs['elements']); + + $fs['thumbnails'] = array_merge($fs['thumbnails'], + $tmp_fs['thumbnails']); + + $fs['representatives'] = array_merge($fs['representatives'], + $tmp_fs['representatives']); + } + } + return $fs; +} ?> diff --git a/admin/include/functions_metadata.php b/admin/include/functions_metadata.php index 023ab219e..39b3bf450 100644 --- a/admin/include/functions_metadata.php +++ b/admin/include/functions_metadata.php @@ -132,26 +132,11 @@ function update_metadata($files) */ function get_filelist($category_id = '', $recursive = false, $only_new = false) { - $files = array(); - - $query = ' -SELECT id, dir - FROM '.CATEGORIES_TABLE.' - WHERE dir IS NOT NULL -;'; - $result = pwg_query($query); - $cat_dirs = array(); - while ($row = mysql_fetch_array($result)) - { - $cat_dirs[$row['id']] = $row['dir']; - } - - // filling $uppercats_array : to each category id the uppercats list is - // associated - $uppercats_array = array(); + // filling $cat_ids : all categories required + $cat_ids = array(); $query = ' -SELECT id, uppercats +SELECT id FROM '.CATEGORIES_TABLE.' WHERE site_id = 1 AND dir IS NOT NULL'; @@ -175,37 +160,20 @@ SELECT id, uppercats $result = pwg_query($query); while ($row = mysql_fetch_array($result)) { - $uppercats_array[$row['id']] = $row['uppercats']; + array_push($cat_ids, $row['id']); } - if (count($uppercats_array) == 0) + if (count($cat_ids) == 0) { return array(); } - $query = ' -SELECT galleries_url - FROM '.SITES_TABLE.' - WHERE id = 1 -'; - $row = mysql_fetch_array(pwg_query($query)); - $basedir = $row['galleries_url']; - - // filling $cat_fulldirs - $cat_fulldirs = array(); - foreach ($uppercats_array as $cat_id => $uppercats) - { - $uppercats = str_replace(',', '/', $uppercats); - $cat_fulldirs[$cat_id] = $basedir.preg_replace('/(\d+)/e', - "\$cat_dirs['$1']", - $uppercats); - } + $files = array(); $query = ' -SELECT id, file, storage_category_id +SELECT id, path FROM '.IMAGES_TABLE.' - WHERE storage_category_id IN ('.implode(',' - ,array_keys($uppercats_array)).')'; + WHERE storage_category_id IN ('.implode(',', $cat_ids).')'; if ($only_new) { $query.= ' @@ -217,8 +185,7 @@ SELECT id, file, storage_category_id $result = pwg_query($query); while ($row = mysql_fetch_array($result)) { - $files[$row['id']] - = $cat_fulldirs[$row['storage_category_id']].'/'.$row['file']; + $files[$row['id']] = $row['path']; } return $files; diff --git a/admin/search.php b/admin/search.php index f1716ff84..8a247d942 100644 --- a/admin/search.php +++ b/admin/search.php @@ -44,7 +44,7 @@ $template->assign_vars(array( 'L_UPDATE_USERNAME'=>$lang['Look_up_user'], 'L_CLOSE_WINDOW'=>$lang['Close'], - 'F_SEARCH_ACTION' => add_session_id($PHP_SELF), + 'F_SEARCH_ACTION' => add_session_id($_SERVER['PHP_SELF']), )); //----------------------------------------------------------------- form action diff --git a/admin/user_perm.php b/admin/user_perm.php index f8c83d659..66c01e97a 100644 --- a/admin/user_perm.php +++ b/admin/user_perm.php @@ -25,50 +25,87 @@ // | USA. | // +-----------------------------------------------------------------------+ -if( !defined("IN_ADMIN") ) +if (!defined('IN_ADMIN')) { - die ("Hacking attempt!"); + die('Hacking attempt!'); } -include_once( PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php' ); +include_once(PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php'); $userdata = array(); -if ( isset( $_POST['submituser'] ) ) +if (isset($_POST['submituser'])) { $userdata = getuserdata($_POST['username']); } -elseif (isset($_POST['falsify']) || isset($_POST['trueify'])) +else if (isset($_POST['falsify']) + and isset($_POST['cat_true']) + and count($_POST['cat_true']) > 0) { $userdata = getuserdata(intval($_POST['userid'])); - // cleaning the user_access table for this user - if (isset($_POST['cat_true']) && count($_POST['cat_true']) > 0) + // if you forbid access to a category, all sub-categories become + // automatically forbidden + $subcats = get_subcat_ids($_POST['cat_true']); + $query = ' +DELETE FROM '.USER_ACCESS_TABLE.' + WHERE user_id = '.$userdata['id'].' + AND cat_id IN ('.implode(',', $subcats).') +;'; + pwg_query($query); +} +else if (isset($_POST['trueify']) + and isset($_POST['cat_false']) + and count($_POST['cat_false']) > 0) +{ + $userdata = getuserdata(intval($_POST['userid'])); + + $uppercats = get_uppercat_ids($_POST['cat_false']); + $private_uppercats = array(); + + $query = ' +SELECT id + FROM '.CATEGORIES_TABLE.' + WHERE id IN ('.implode(',', $uppercats).') + AND status = \'private\' +;'; + $result = pwg_query($query); + while ($row = mysql_fetch_array($result)) { - foreach ($_POST['cat_true'] as $auth_cat) - { - $query = 'DELETE FROM '.USER_ACCESS_TABLE; - $query.= ' WHERE user_id = '.$userdata['id']; - $query.= ' AND cat_id='.$auth_cat.';'; - pwg_query ( $query ); - } + array_push($private_uppercats, $row['id']); } + + // retrying to authorize a category which is already authorized may cause + // an error (in SQL statement), so we need to know which categories are + // accesible + $authorized_ids = array(); + + $query = ' +SELECT cat_id + FROM '.USER_ACCESS_TABLE.' + WHERE user_id = '.$userdata['id'].' +;'; + $result = pwg_query($query); - if (isset($_POST['cat_false']) && count($_POST['cat_false']) > 0) + while ($row = mysql_fetch_array($result)) { - foreach ($_POST['cat_false'] as $auth_cat) - { - $query = 'INSERT INTO '.USER_ACCESS_TABLE; - $query.= ' (user_id,cat_id) VALUES'; - $query.= ' ('.$userdata['id'].','.$auth_cat.')'; - $query.= ';'; - pwg_query ( $query ); - } + array_push($authorized_ids, $row['cat_id']); + } + + $inserts = array(); + $to_autorize_ids = array_diff($private_uppercats, $authorized_ids); + foreach ($to_autorize_ids as $to_autorize_id) + { + array_push($inserts, array('user_id' => $userdata['id'], + 'cat_id' => $to_autorize_id)); } -} + mass_inserts(USER_ACCESS_TABLE, array('user_id','cat_id'), $inserts); +} //----------------------------------------------------- template initialization - -if ( empty($userdata)) +if (empty($userdata)) { - $template->set_filenames( array('user'=>'admin/user_perm.tpl') ); + $template->set_filenames(array('user' => 'admin/user_perm.tpl')); + + $base_url = PHPWG_ROOT_PATH.'admin.php?page='; + $template->assign_vars(array( 'L_SELECT_USERNAME'=>$lang['Select_username'], 'L_LOOKUP_USER'=>$lang['Look_up_user'], @@ -76,54 +113,54 @@ if ( empty($userdata)) 'L_AUTH_USER'=>$lang['permuser_only_private'], 'L_SUBMIT'=>$lang['submit'], - 'F_SEARCH_USER_ACTION' => add_session_id(PHPWG_ROOT_PATH.'admin.php?page=user_perm'), + 'F_SEARCH_USER_ACTION' => add_session_id($base_url.'user_perm'), 'U_SEARCH_USER' => add_session_id(PHPWG_ROOT_PATH.'admin/search.php') )); } else { - $cat_url = '<a href="'.add_session_id(PHPWG_ROOT_PATH.'admin.php?page=cat_options§ion=status'); - $cat_url .= '">'.$lang['permuser_info_link'].'</a>'; - $template->set_filenames( array('user'=>'admin/cat_options.tpl') ); - $template->assign_vars(array( - 'L_RESET'=>$lang['reset'], - 'L_CAT_OPTIONS_TRUE'=>$lang['authorized'], - 'L_CAT_OPTIONS_FALSE'=>$lang['forbidden'], - 'L_CAT_OPTIONS_INFO'=>$lang['permuser_info'].' '.$cat_url, - - 'HIDDEN_NAME'=> 'userid', - 'HIDDEN_VALUE'=>$userdata['id'], - 'F_ACTION' => add_session_id(PHPWG_ROOT_PATH.'admin.php?page=user_perm'), - )); - + $template->set_filenames(array('user'=>'admin/cat_options.tpl')); + $template->assign_vars( + array( + 'L_RESET'=>$lang['reset'], + 'L_CAT_OPTIONS_TRUE'=>$lang['authorized'], + 'L_CAT_OPTIONS_FALSE'=>$lang['forbidden'], + 'L_CAT_OPTIONS_INFO'=>$lang['permuser_info'], + + 'HIDDEN_NAME'=> 'userid', + 'HIDDEN_VALUE'=>$userdata['id'], + 'F_ACTION' => add_session_id(PHPWG_ROOT_PATH.'admin.php?page=user_perm'), + )); // only private categories are listed - $query_true = 'SELECT id,name,uppercats,global_rank FROM '.CATEGORIES_TABLE; - $query_true.= ' LEFT JOIN '.USER_ACCESS_TABLE.' as u'; - $query_true.= ' ON u.cat_id=id'; - $query_true.= ' WHERE status = \'private\' AND u.user_id='.$userdata['id'].';'; + $query_true = ' +SELECT id,name,uppercats,global_rank + FROM '.CATEGORIES_TABLE.' INNER JOIN '.USER_ACCESS_TABLE.' ON cat_id = id + WHERE status = \'private\' + AND user_id = '.$userdata['id'].' +;'; + display_select_cat_wrapper($query_true,array(),'category_option_true'); + $result = pwg_query($query_true); - $categorie_true = array(); - while (!empty($result) && $row = mysql_fetch_array($result)) + $authorized_ids = array(); + while ($row = mysql_fetch_array($result)) { - array_push($categorie_true, $row); + array_push($authorized_ids, $row['id']); } - $query = 'SELECT id,name,uppercats,global_rank FROM '.CATEGORIES_TABLE; - $query.= ' WHERE status = \'private\''; - $result = pwg_query($query); - $categorie_false = array(); - while ($row = mysql_fetch_array($result)) + $query_false = ' +SELECT id,name,uppercats,global_rank + FROM '.CATEGORIES_TABLE.' + WHERE status = \'private\''; + if (count($authorized_ids) > 0) { - if (!in_array($row,$categorie_true)) - array_push($categorie_false, $row); + $query_false.= ' + AND id NOT IN ('.implode(',', $authorized_ids).')'; } - usort($categorie_true, 'global_rank_compare'); - usort($categorie_false, 'global_rank_compare'); - display_select_categories($categorie_true, array(), 'category_option_true', true); - display_select_categories($categorie_false, array(), 'category_option_false', true); + $query_false.= ' +;'; + display_select_cat_wrapper($query_false,array(),'category_option_false'); } - //----------------------------------------------------------- sending html code $template->assign_var_from_handle('ADMIN_CONTENT', 'user'); ?> |