aboutsummaryrefslogtreecommitdiffstats
path: root/admin
diff options
context:
space:
mode:
authorplegall <plg@piwigo.org>2004-12-25 19:33:36 +0000
committerplegall <plg@piwigo.org>2004-12-25 19:33:36 +0000
commit4c8d18de5b904eddaa900deca20c7d6f7ac928d1 (patch)
tree0eb36bf58ca6f4ae7018f13ecb64705fc09ca299 /admin
parent30d71ba9cb7870ae2ee2fba58d1bc157159484e5 (diff)
- user permissions ask update at each admin page generation. Table
user_forbidden must be updated only if current user is not in administrative section - bug fixed : category.php, error on page title when non category selected - admin/search : bug on variable $PHP_SELF, replaced by $_SERVER['PHP_SELF'] - admin/user_perm : inheritence management. When a category become authorized, all parent categories become authorized, when a category become forbidden, all child category become forbidden - no more recursivity in delete_categories function - new function get_fs_directories for future new method of synchronization - new function get_uppercat_ids replacing several pieces of code doing the same - new function get_fulldirs used for metadata function get_filelist and future new method of synchronization - new function get_fs for future new method of synchronization - typo correction on lang item "about_message" - no link to category privacy status management on user permission anymore (giving the menu item instead) git-svn-id: http://piwigo.org/svn/trunk@657 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to '')
-rw-r--r--admin.php8
-rw-r--r--admin/include/functions.php288
-rw-r--r--admin/include/functions_metadata.php51
-rw-r--r--admin/search.php2
-rw-r--r--admin/user_perm.php159
5 files changed, 354 insertions, 154 deletions
diff --git a/admin.php b/admin.php
index 2e6490b03..22bb2d28a 100644
--- a/admin.php
+++ b/admin.php
@@ -246,4 +246,12 @@ else
}
$template->pparse('admin');
include(PHPWG_ROOT_PATH.'include/page_tail.php');
+// +-----------------------------------------------------------------------+
+// | order permission refreshment |
+// +-----------------------------------------------------------------------+
+$query = '
+UPDATE '.USER_FORBIDDEN_TABLE.'
+ SET need_update = \'true\'
+;';
+pwg_query($query);
?>
diff --git a/admin/include/functions.php b/admin/include/functions.php
index fdf1da91c..41d3f0c8b 100644
--- a/admin/include/functions.php
+++ b/admin/include/functions.php
@@ -199,12 +199,17 @@ function delete_categories($ids)
{
return;
}
+
+ // add sub-category ids to the given ids : if a category is deleted, all
+ // sub-categories must be so
+ $ids = get_subcat_ids($ids);
// destruction of all the related elements
$query = '
SELECT id
FROM '.IMAGES_TABLE.'
- WHERE storage_category_id IN ('.implode(',', $ids).')
+ WHERE storage_category_id IN (
+'.wordwrap(implode(', ', $ids), 80, "\n").')
;';
$result = pwg_query($query);
$element_ids = array();
@@ -217,43 +222,30 @@ SELECT id
// destruction of the links between images and this category
$query = '
DELETE FROM '.IMAGE_CATEGORY_TABLE.'
- WHERE category_id IN ('.implode(',', $ids).')
+ WHERE category_id IN (
+'.wordwrap(implode(', ', $ids), 80, "\n").')
;';
pwg_query($query);
// destruction of the access linked to the category
$query = '
DELETE FROM '.USER_ACCESS_TABLE.'
- WHERE cat_id IN ('.implode(',', $ids).')
+ WHERE cat_id IN (
+'.wordwrap(implode(', ', $ids), 80, "\n").')
;';
pwg_query($query);
$query = '
DELETE FROM '.GROUP_ACCESS_TABLE.'
- WHERE cat_id IN ('.implode(',', $ids).')
+ WHERE cat_id IN (
+'.wordwrap(implode(', ', $ids), 80, "\n").')
;';
pwg_query($query);
- // destruction of the sub-categories
- $query = '
-SELECT id
- FROM '.CATEGORIES_TABLE.'
- WHERE id_uppercat IN ('.implode(',', $ids).')
-;';
- $result = pwg_query($query);
- $subcat_ids = array();
- while($row = mysql_fetch_array($result))
- {
- array_push($subcat_ids, $row['id']);
- }
- if (count($subcat_ids) > 0)
- {
- delete_categories($subcat_ids);
- }
-
// destruction of the category
$query = '
DELETE FROM '.CATEGORIES_TABLE.'
- WHERE id IN ('.implode(',', $ids).')
+ WHERE id IN (
+'.wordwrap(implode(', ', $ids), 80, "\n").')
;';
pwg_query($query);
@@ -763,6 +755,46 @@ function get_category_directories( $basedir )
return $sub_dirs;
}
+/**
+ * returns an array containing sub-directories which can be a category,
+ * recursive by default
+ *
+ * directories nammed "thumbnail", "pwg_high" or "pwg_representative" are
+ * omitted
+ *
+ * @param string $basedir
+ * @return array
+ */
+function get_fs_directories($path, $recursive = true)
+{
+ $dirs = array();
+
+ if (is_dir($path))
+ {
+ if ($contents = opendir($path))
+ {
+ while (($node = readdir($contents)) !== false)
+ {
+ if (is_dir($path.'/'.$node)
+ and $node != '.'
+ and $node != '..'
+ and $node != 'thumbnail'
+ and $node != 'pwg_high'
+ and $node != 'pwg_representative')
+ {
+ array_push($dirs, $path.'/'.$node);
+ if ($recursive)
+ {
+ $dirs = array_merge($dirs, get_fs_directories($path.'/'.$node));
+ }
+ }
+ }
+ }
+ }
+
+ return $dirs;
+}
+
// my_error returns (or send to standard output) the message concerning the
// error occured for the last mysql query.
function my_error($header, $echo = true)
@@ -1008,20 +1040,7 @@ function set_cat_visible($categories, $value)
// unlocking a category => all its parent categories become unlocked
if ($value == 'true')
{
- $uppercats = array();
- $query = '
-SELECT uppercats
- FROM '.CATEGORIES_TABLE.'
- WHERE id IN ('.implode(',', $categories).')
-;';
- $result = pwg_query($query);
- while ($row = mysql_fetch_array($result))
- {
- $uppercats = array_merge($uppercats,
- explode(',', $row['uppercats']));
- }
- $uppercats = array_unique($uppercats);
-
+ $uppercats = get_uppercat_ids($categories);
$query = '
UPDATE '.CATEGORIES_TABLE.'
SET visible = \'true\'
@@ -1059,20 +1078,7 @@ function set_cat_status($categories, $value)
// make public a category => all its parent categories become public
if ($value == 'public')
{
- $uppercats = array();
- $query = '
-SELECT uppercats
- FROM '.CATEGORIES_TABLE.'
- WHERE id IN ('.implode(',', $categories).')
-;';
- $result = pwg_query($query);
- while ($row = mysql_fetch_array($result))
- {
- $uppercats = array_merge($uppercats,
- explode(',', $row['uppercats']));
- }
- $uppercats = array_unique($uppercats);
-
+ $uppercats = get_uppercat_ids($categories);
$query = '
UPDATE '.CATEGORIES_TABLE.'
SET status = \'public\'
@@ -1094,6 +1100,37 @@ UPDATE '.CATEGORIES_TABLE.'
}
/**
+ * returns all uppercats category ids of the given category ids
+ *
+ * @param array cat_ids
+ * @return array
+ */
+function get_uppercat_ids($cat_ids)
+{
+ if (!is_array($cat_ids) or count($cat_ids) < 1)
+ {
+ return array();
+ }
+
+ $uppercats = array();
+
+ $query = '
+SELECT uppercats
+ FROM '.CATEGORIES_TABLE.'
+ WHERE id IN ('.implode(',', $cat_ids).')
+;';
+ $result = pwg_query($query);
+ while ($row = mysql_fetch_array($result))
+ {
+ $uppercats = array_merge($uppercats,
+ explode(',', $row['uppercats']));
+ }
+ $uppercats = array_unique($uppercats);
+
+ return $uppercats;
+}
+
+/**
* set a new random representant to the categories
*
* @param array categories
@@ -1157,4 +1194,155 @@ SELECT id, if(id_uppercat is null,\'\',id_uppercat) AS id_uppercat
$fields = array('primary' => array('id'), 'update' => array('rank'));
mass_updates(CATEGORIES_TABLE, $fields, $datas);
}
+
+/**
+ * returns the fulldir for each given category id
+ *
+ * @param array cat_ids
+ * @return array
+ */
+function get_fulldirs($cat_ids)
+{
+ if (count($cat_ids) == 0)
+ {
+ return array();
+ }
+
+ // caching directories of existing categories
+ $query = '
+SELECT id, dir
+ FROM '.CATEGORIES_TABLE.'
+ WHERE dir IS NOT NULL
+;';
+ $result = pwg_query($query);
+ $cat_dirs = array();
+ while ($row = mysql_fetch_array($result))
+ {
+ $cat_dirs[$row['id']] = $row['dir'];
+ }
+
+ // filling $uppercats_array : to each category id the uppercats list is
+ // associated
+ $uppercats_array = array();
+
+ $query = '
+SELECT id, uppercats
+ FROM '.CATEGORIES_TABLE.'
+ WHERE id IN (
+'.wordwrap(implode(', ', $cat_ids), 80, "\n").')
+;';
+ $result = pwg_query($query);
+ while ($row = mysql_fetch_array($result))
+ {
+ $uppercats_array[$row['id']] = $row['uppercats'];
+ }
+
+ $query = '
+SELECT galleries_url
+ FROM '.SITES_TABLE.'
+ WHERE id = 1
+';
+ $row = mysql_fetch_array(pwg_query($query));
+ $basedir = $row['galleries_url'];
+
+ // filling $cat_fulldirs
+ $cat_fulldirs = array();
+ foreach ($uppercats_array as $cat_id => $uppercats)
+ {
+ $uppercats = str_replace(',', '/', $uppercats);
+ $cat_fulldirs[$cat_id] = $basedir.preg_replace('/(\d+)/e',
+ "\$cat_dirs['$1']",
+ $uppercats);
+ }
+
+ return $cat_fulldirs;
+}
+
+/**
+ * returns an array with all file system files according to
+ * $conf['file_ext']
+ *
+ * @param string $path
+ * @param bool recursive
+ * @return array
+ */
+function get_fs($path, $recursive = true)
+{
+ global $conf;
+
+ // because isset is faster than in_array...
+ if (!isset($conf['flip_picture_ext']))
+ {
+ $conf['flip_picture_ext'] = array_flip($conf['picture_ext']);
+ }
+ if (!isset($conf['flip_file_ext']))
+ {
+ $conf['flip_file_ext'] = array_flip($conf['file_ext']);
+ }
+
+ $fs['elements'] = array();
+ $fs['thumbnails'] = array();
+ $fs['representatives'] = array();
+ $subdirs = array();
+
+ if (is_dir($path))
+ {
+ if ($contents = opendir($path))
+ {
+ while (($node = readdir($contents)) !== false)
+ {
+ if (is_file($path.'/'.$node))
+ {
+ $extension = get_extension($node);
+
+// if (in_array($extension, $conf['picture_ext']))
+ if (isset($conf['flip_picture_ext'][$extension]))
+ {
+ if (basename($path) == 'thumbnail')
+ {
+ array_push($fs['thumbnails'], $path.'/'.$node);
+ }
+ else if (basename($path) == 'pwg_representative')
+ {
+ array_push($fs['representatives'], $path.'/'.$node);
+ }
+ else
+ {
+ array_push($fs['elements'], $path.'/'.$node);
+ }
+ }
+// else if (in_array($extension, $conf['file_ext']))
+ else if (isset($conf['flip_file_ext'][$extension]))
+ {
+ array_push($fs['elements'], $path.'/'.$node);
+ }
+ }
+ else if (is_dir($path.'/'.$node)
+ and $node != '.'
+ and $node != '..'
+ and $node != 'pwg_high'
+ and $recursive)
+ {
+ array_push($subdirs, $node);
+ }
+ }
+ }
+ closedir($contents);
+
+ foreach ($subdirs as $subdir)
+ {
+ $tmp_fs = get_fs($path.'/'.$subdir);
+
+ $fs['elements'] = array_merge($fs['elements'],
+ $tmp_fs['elements']);
+
+ $fs['thumbnails'] = array_merge($fs['thumbnails'],
+ $tmp_fs['thumbnails']);
+
+ $fs['representatives'] = array_merge($fs['representatives'],
+ $tmp_fs['representatives']);
+ }
+ }
+ return $fs;
+}
?>
diff --git a/admin/include/functions_metadata.php b/admin/include/functions_metadata.php
index 023ab219e..39b3bf450 100644
--- a/admin/include/functions_metadata.php
+++ b/admin/include/functions_metadata.php
@@ -132,26 +132,11 @@ function update_metadata($files)
*/
function get_filelist($category_id = '', $recursive = false, $only_new = false)
{
- $files = array();
-
- $query = '
-SELECT id, dir
- FROM '.CATEGORIES_TABLE.'
- WHERE dir IS NOT NULL
-;';
- $result = pwg_query($query);
- $cat_dirs = array();
- while ($row = mysql_fetch_array($result))
- {
- $cat_dirs[$row['id']] = $row['dir'];
- }
-
- // filling $uppercats_array : to each category id the uppercats list is
- // associated
- $uppercats_array = array();
+ // filling $cat_ids : all categories required
+ $cat_ids = array();
$query = '
-SELECT id, uppercats
+SELECT id
FROM '.CATEGORIES_TABLE.'
WHERE site_id = 1
AND dir IS NOT NULL';
@@ -175,37 +160,20 @@ SELECT id, uppercats
$result = pwg_query($query);
while ($row = mysql_fetch_array($result))
{
- $uppercats_array[$row['id']] = $row['uppercats'];
+ array_push($cat_ids, $row['id']);
}
- if (count($uppercats_array) == 0)
+ if (count($cat_ids) == 0)
{
return array();
}
- $query = '
-SELECT galleries_url
- FROM '.SITES_TABLE.'
- WHERE id = 1
-';
- $row = mysql_fetch_array(pwg_query($query));
- $basedir = $row['galleries_url'];
-
- // filling $cat_fulldirs
- $cat_fulldirs = array();
- foreach ($uppercats_array as $cat_id => $uppercats)
- {
- $uppercats = str_replace(',', '/', $uppercats);
- $cat_fulldirs[$cat_id] = $basedir.preg_replace('/(\d+)/e',
- "\$cat_dirs['$1']",
- $uppercats);
- }
+ $files = array();
$query = '
-SELECT id, file, storage_category_id
+SELECT id, path
FROM '.IMAGES_TABLE.'
- WHERE storage_category_id IN ('.implode(','
- ,array_keys($uppercats_array)).')';
+ WHERE storage_category_id IN ('.implode(',', $cat_ids).')';
if ($only_new)
{
$query.= '
@@ -217,8 +185,7 @@ SELECT id, file, storage_category_id
$result = pwg_query($query);
while ($row = mysql_fetch_array($result))
{
- $files[$row['id']]
- = $cat_fulldirs[$row['storage_category_id']].'/'.$row['file'];
+ $files[$row['id']] = $row['path'];
}
return $files;
diff --git a/admin/search.php b/admin/search.php
index f1716ff84..8a247d942 100644
--- a/admin/search.php
+++ b/admin/search.php
@@ -44,7 +44,7 @@ $template->assign_vars(array(
'L_UPDATE_USERNAME'=>$lang['Look_up_user'],
'L_CLOSE_WINDOW'=>$lang['Close'],
- 'F_SEARCH_ACTION' => add_session_id($PHP_SELF),
+ 'F_SEARCH_ACTION' => add_session_id($_SERVER['PHP_SELF']),
));
//----------------------------------------------------------------- form action
diff --git a/admin/user_perm.php b/admin/user_perm.php
index f8c83d659..66c01e97a 100644
--- a/admin/user_perm.php
+++ b/admin/user_perm.php
@@ -25,50 +25,87 @@
// | USA. |
// +-----------------------------------------------------------------------+
-if( !defined("IN_ADMIN") )
+if (!defined('IN_ADMIN'))
{
- die ("Hacking attempt!");
+ die('Hacking attempt!');
}
-include_once( PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php' );
+include_once(PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php');
$userdata = array();
-if ( isset( $_POST['submituser'] ) )
+if (isset($_POST['submituser']))
{
$userdata = getuserdata($_POST['username']);
}
-elseif (isset($_POST['falsify']) || isset($_POST['trueify']))
+else if (isset($_POST['falsify'])
+ and isset($_POST['cat_true'])
+ and count($_POST['cat_true']) > 0)
{
$userdata = getuserdata(intval($_POST['userid']));
- // cleaning the user_access table for this user
- if (isset($_POST['cat_true']) && count($_POST['cat_true']) > 0)
+ // if you forbid access to a category, all sub-categories become
+ // automatically forbidden
+ $subcats = get_subcat_ids($_POST['cat_true']);
+ $query = '
+DELETE FROM '.USER_ACCESS_TABLE.'
+ WHERE user_id = '.$userdata['id'].'
+ AND cat_id IN ('.implode(',', $subcats).')
+;';
+ pwg_query($query);
+}
+else if (isset($_POST['trueify'])
+ and isset($_POST['cat_false'])
+ and count($_POST['cat_false']) > 0)
+{
+ $userdata = getuserdata(intval($_POST['userid']));
+
+ $uppercats = get_uppercat_ids($_POST['cat_false']);
+ $private_uppercats = array();
+
+ $query = '
+SELECT id
+ FROM '.CATEGORIES_TABLE.'
+ WHERE id IN ('.implode(',', $uppercats).')
+ AND status = \'private\'
+;';
+ $result = pwg_query($query);
+ while ($row = mysql_fetch_array($result))
{
- foreach ($_POST['cat_true'] as $auth_cat)
- {
- $query = 'DELETE FROM '.USER_ACCESS_TABLE;
- $query.= ' WHERE user_id = '.$userdata['id'];
- $query.= ' AND cat_id='.$auth_cat.';';
- pwg_query ( $query );
- }
+ array_push($private_uppercats, $row['id']);
}
+
+ // retrying to authorize a category which is already authorized may cause
+ // an error (in SQL statement), so we need to know which categories are
+ // accesible
+ $authorized_ids = array();
+
+ $query = '
+SELECT cat_id
+ FROM '.USER_ACCESS_TABLE.'
+ WHERE user_id = '.$userdata['id'].'
+;';
+ $result = pwg_query($query);
- if (isset($_POST['cat_false']) && count($_POST['cat_false']) > 0)
+ while ($row = mysql_fetch_array($result))
{
- foreach ($_POST['cat_false'] as $auth_cat)
- {
- $query = 'INSERT INTO '.USER_ACCESS_TABLE;
- $query.= ' (user_id,cat_id) VALUES';
- $query.= ' ('.$userdata['id'].','.$auth_cat.')';
- $query.= ';';
- pwg_query ( $query );
- }
+ array_push($authorized_ids, $row['cat_id']);
+ }
+
+ $inserts = array();
+ $to_autorize_ids = array_diff($private_uppercats, $authorized_ids);
+ foreach ($to_autorize_ids as $to_autorize_id)
+ {
+ array_push($inserts, array('user_id' => $userdata['id'],
+ 'cat_id' => $to_autorize_id));
}
-}
+ mass_inserts(USER_ACCESS_TABLE, array('user_id','cat_id'), $inserts);
+}
//----------------------------------------------------- template initialization
-
-if ( empty($userdata))
+if (empty($userdata))
{
- $template->set_filenames( array('user'=>'admin/user_perm.tpl') );
+ $template->set_filenames(array('user' => 'admin/user_perm.tpl'));
+
+ $base_url = PHPWG_ROOT_PATH.'admin.php?page=';
+
$template->assign_vars(array(
'L_SELECT_USERNAME'=>$lang['Select_username'],
'L_LOOKUP_USER'=>$lang['Look_up_user'],
@@ -76,54 +113,54 @@ if ( empty($userdata))
'L_AUTH_USER'=>$lang['permuser_only_private'],
'L_SUBMIT'=>$lang['submit'],
- 'F_SEARCH_USER_ACTION' => add_session_id(PHPWG_ROOT_PATH.'admin.php?page=user_perm'),
+ 'F_SEARCH_USER_ACTION' => add_session_id($base_url.'user_perm'),
'U_SEARCH_USER' => add_session_id(PHPWG_ROOT_PATH.'admin/search.php')
));
}
else
{
- $cat_url = '<a href="'.add_session_id(PHPWG_ROOT_PATH.'admin.php?page=cat_options&section=status');
- $cat_url .= '">'.$lang['permuser_info_link'].'</a>';
- $template->set_filenames( array('user'=>'admin/cat_options.tpl') );
- $template->assign_vars(array(
- 'L_RESET'=>$lang['reset'],
- 'L_CAT_OPTIONS_TRUE'=>$lang['authorized'],
- 'L_CAT_OPTIONS_FALSE'=>$lang['forbidden'],
- 'L_CAT_OPTIONS_INFO'=>$lang['permuser_info'].'&nbsp;'.$cat_url,
-
- 'HIDDEN_NAME'=> 'userid',
- 'HIDDEN_VALUE'=>$userdata['id'],
- 'F_ACTION' => add_session_id(PHPWG_ROOT_PATH.'admin.php?page=user_perm'),
- ));
-
+ $template->set_filenames(array('user'=>'admin/cat_options.tpl'));
+ $template->assign_vars(
+ array(
+ 'L_RESET'=>$lang['reset'],
+ 'L_CAT_OPTIONS_TRUE'=>$lang['authorized'],
+ 'L_CAT_OPTIONS_FALSE'=>$lang['forbidden'],
+ 'L_CAT_OPTIONS_INFO'=>$lang['permuser_info'],
+
+ 'HIDDEN_NAME'=> 'userid',
+ 'HIDDEN_VALUE'=>$userdata['id'],
+ 'F_ACTION' => add_session_id(PHPWG_ROOT_PATH.'admin.php?page=user_perm'),
+ ));
// only private categories are listed
- $query_true = 'SELECT id,name,uppercats,global_rank FROM '.CATEGORIES_TABLE;
- $query_true.= ' LEFT JOIN '.USER_ACCESS_TABLE.' as u';
- $query_true.= ' ON u.cat_id=id';
- $query_true.= ' WHERE status = \'private\' AND u.user_id='.$userdata['id'].';';
+ $query_true = '
+SELECT id,name,uppercats,global_rank
+ FROM '.CATEGORIES_TABLE.' INNER JOIN '.USER_ACCESS_TABLE.' ON cat_id = id
+ WHERE status = \'private\'
+ AND user_id = '.$userdata['id'].'
+;';
+ display_select_cat_wrapper($query_true,array(),'category_option_true');
+
$result = pwg_query($query_true);
- $categorie_true = array();
- while (!empty($result) && $row = mysql_fetch_array($result))
+ $authorized_ids = array();
+ while ($row = mysql_fetch_array($result))
{
- array_push($categorie_true, $row);
+ array_push($authorized_ids, $row['id']);
}
- $query = 'SELECT id,name,uppercats,global_rank FROM '.CATEGORIES_TABLE;
- $query.= ' WHERE status = \'private\'';
- $result = pwg_query($query);
- $categorie_false = array();
- while ($row = mysql_fetch_array($result))
+ $query_false = '
+SELECT id,name,uppercats,global_rank
+ FROM '.CATEGORIES_TABLE.'
+ WHERE status = \'private\'';
+ if (count($authorized_ids) > 0)
{
- if (!in_array($row,$categorie_true))
- array_push($categorie_false, $row);
+ $query_false.= '
+ AND id NOT IN ('.implode(',', $authorized_ids).')';
}
- usort($categorie_true, 'global_rank_compare');
- usort($categorie_false, 'global_rank_compare');
- display_select_categories($categorie_true, array(), 'category_option_true', true);
- display_select_categories($categorie_false, array(), 'category_option_false', true);
+ $query_false.= '
+;';
+ display_select_cat_wrapper($query_false,array(),'category_option_false');
}
-
//----------------------------------------------------------- sending html code
$template->assign_var_from_handle('ADMIN_CONTENT', 'user');
?>