aboutsummaryrefslogtreecommitdiffstats
path: root/include/functions_user.inc.php
diff options
context:
space:
mode:
authorplegall <plg@piwigo.org>2004-12-20 12:30:36 +0000
committerplegall <plg@piwigo.org>2004-12-20 12:30:36 +0000
commit5a8ecfbfb140333e08d85b1d4a7e97bbba78bfcc (patch)
treec1150d0d69d278bd32abb4e318ad8e12fa8c9ed5 /include/functions_user.inc.php
parentf0e9cd804af6512529982e66f73a27fa7658c46c (diff)
- in picture.php, $user['maxwidth'] and $user['maxheight'] can be unset if
NULL in database - new table user_forbidden {user_id,need_update,forbidden_categories} and deletion of field users.forbidden_categories - new function calculate_permissions to update table user_forbidden when needed - simplification of include/user.inc.php - in footer of each page, use "-" instead of "::" to separate page information git-svn-id: http://piwigo.org/svn/trunk@648 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to '')
-rw-r--r--include/functions_user.inc.php77
1 files changed, 77 insertions, 0 deletions
diff --git a/include/functions_user.inc.php b/include/functions_user.inc.php
index c00ba2f4a..474fa8154 100644
--- a/include/functions_user.inc.php
+++ b/include/functions_user.inc.php
@@ -276,4 +276,81 @@ DELETE FROM '.FAVORITES_TABLE.'
pwg_query($query);
}
}
+
+/**
+ * update table user_forbidden for the given user
+ *
+ * table user_forbidden contains calculated data. Calculation is based on
+ * private categories minus categories authorized to the groups the user
+ * belongs to minus the categories directly authorized to the user
+ *
+ * @param int user_id
+ * @return string forbidden_categories
+ */
+function calculate_permissions($user_id)
+{
+ $private_array = array();
+ $authorized_array = array();
+
+ $query = '
+SELECT id
+ FROM '.CATEGORIES_TABLE.'
+ WHERE status = \'private\'
+;';
+ $result = pwg_query($query);
+ while ($row = mysql_fetch_array($result))
+ {
+ array_push($private_array, $row['id']);
+ }
+
+ // retrieve category ids directly authorized to the user
+ $query = '
+SELECT cat_id
+ FROM '.USER_ACCESS_TABLE.'
+ WHERE user_id = '.$user_id.'
+;';
+ $result = pwg_query($query);
+ while ($row = mysql_fetch_array($result))
+ {
+ array_push($authorized_array, $row['cat_id']);
+ }
+
+ // retrieve category ids authorized to the groups the user belongs to
+ $query = '
+SELECT cat_id
+ FROM '.USER_GROUP_TABLE.' AS ug INNER JOIN '.GROUP_ACCESS_TABLE.' AS ga
+ ON ug.group_id = ga.group_id
+ WHERE ug.user_id = '.$user_id.'
+;';
+ $result = pwg_query($query);
+ while ($row = mysql_fetch_array($result))
+ {
+ array_push($authorized_array, $row['cat_id']);
+ }
+
+ // uniquify ids : some private categories might be authorized for the
+ // groups and for the user
+ $authorized_array = array_unique($authorized_array);
+
+ // only unauthorized private categories are forbidden
+ $forbidden_array = array_diff($private_array, $authorized_array);
+
+ $query = '
+DELETE FROM '.USER_FORBIDDEN_TABLE.'
+ WHERE user_id = '.$user_id.'
+;';
+ pwg_query($query);
+
+ $forbidden_categories = implode(',', $forbidden_array);
+
+ $query = '
+INSERT INTO '.USER_FORBIDDEN_TABLE.'
+ (user_id,need_update,forbidden_categories)
+ VALUES
+ ('.$user_id.',\'false\',\''.$forbidden_categories.'\')
+;';
+ pwg_query($query);
+
+ return $forbidden_categories;
+}
?>