diff options
| author | plegall <plg@piwigo.org> | 2004-12-20 12:30:36 +0000 |
|---|---|---|
| committer | plegall <plg@piwigo.org> | 2004-12-20 12:30:36 +0000 |
| commit | 5a8ecfbfb140333e08d85b1d4a7e97bbba78bfcc (patch) | |
| tree | c1150d0d69d278bd32abb4e318ad8e12fa8c9ed5 /include/functions_user.inc.php | |
| parent | f0e9cd804af6512529982e66f73a27fa7658c46c (diff) | |
- in picture.php, $user['maxwidth'] and $user['maxheight'] can be unset if
NULL in database
- new table user_forbidden {user_id,need_update,forbidden_categories} and
deletion of field users.forbidden_categories
- new function calculate_permissions to update table user_forbidden when
needed
- simplification of include/user.inc.php
- in footer of each page, use "-" instead of "::" to separate page
information
git-svn-id: http://piwigo.org/svn/trunk@648 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to 'include/functions_user.inc.php')
| -rw-r--r-- | include/functions_user.inc.php | 77 |
1 files changed, 77 insertions, 0 deletions
diff --git a/include/functions_user.inc.php b/include/functions_user.inc.php index c00ba2f4a..474fa8154 100644 --- a/include/functions_user.inc.php +++ b/include/functions_user.inc.php @@ -276,4 +276,81 @@ DELETE FROM '.FAVORITES_TABLE.' pwg_query($query); } } + +/** + * update table user_forbidden for the given user + * + * table user_forbidden contains calculated data. Calculation is based on + * private categories minus categories authorized to the groups the user + * belongs to minus the categories directly authorized to the user + * + * @param int user_id + * @return string forbidden_categories + */ +function calculate_permissions($user_id) +{ + $private_array = array(); + $authorized_array = array(); + + $query = ' +SELECT id + FROM '.CATEGORIES_TABLE.' + WHERE status = \'private\' +;'; + $result = pwg_query($query); + while ($row = mysql_fetch_array($result)) + { + array_push($private_array, $row['id']); + } + + // retrieve category ids directly authorized to the user + $query = ' +SELECT cat_id + FROM '.USER_ACCESS_TABLE.' + WHERE user_id = '.$user_id.' +;'; + $result = pwg_query($query); + while ($row = mysql_fetch_array($result)) + { + array_push($authorized_array, $row['cat_id']); + } + + // retrieve category ids authorized to the groups the user belongs to + $query = ' +SELECT cat_id + FROM '.USER_GROUP_TABLE.' AS ug INNER JOIN '.GROUP_ACCESS_TABLE.' AS ga + ON ug.group_id = ga.group_id + WHERE ug.user_id = '.$user_id.' +;'; + $result = pwg_query($query); + while ($row = mysql_fetch_array($result)) + { + array_push($authorized_array, $row['cat_id']); + } + + // uniquify ids : some private categories might be authorized for the + // groups and for the user + $authorized_array = array_unique($authorized_array); + + // only unauthorized private categories are forbidden + $forbidden_array = array_diff($private_array, $authorized_array); + + $query = ' +DELETE FROM '.USER_FORBIDDEN_TABLE.' + WHERE user_id = '.$user_id.' +;'; + pwg_query($query); + + $forbidden_categories = implode(',', $forbidden_array); + + $query = ' +INSERT INTO '.USER_FORBIDDEN_TABLE.' + (user_id,need_update,forbidden_categories) + VALUES + ('.$user_id.',\'false\',\''.$forbidden_categories.'\') +;'; + pwg_query($query); + + return $forbidden_categories; +} ?> |