diff options
| author | rvelices <rv-github@modusoptimus.com> | 2007-09-11 02:24:51 +0000 |
|---|---|---|
| committer | rvelices <rv-github@modusoptimus.com> | 2007-09-11 02:24:51 +0000 |
| commit | 92f80e5d799aa7fef5f00cbf5c27e32f92c4b2ea (patch) | |
| tree | cbde0a4b03ea5733bf71ce1db3c8ec993825c38e /include | |
| parent | 45fde2cc6b34d3acdfd43b487eb4b7dbeede05a8 (diff) | |
feature 731: permissions at image level
- this is the first version - I wait for feedback before changing help files
git-svn-id: http://piwigo.org/svn/trunk@2084 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to 'include')
| -rw-r--r-- | include/config_default.inc.php | 23 | ||||
| -rw-r--r-- | include/functions_user.inc.php | 96 |
2 files changed, 81 insertions, 38 deletions
diff --git a/include/config_default.inc.php b/include/config_default.inc.php index a12770ef2..64ade722b 100644 --- a/include/config_default.inc.php +++ b/include/config_default.inc.php @@ -168,14 +168,14 @@ $conf['show_version'] = true; // ); // // Advenced use: -// You can also used special options. Instead to pass a string like parameter value +// You can also used special options. Instead to pass a string like parameter value // you can pass a array with different optional parameter values // $conf['links'] = array( // 'http://phpwebgallery.net' => array('label' => 'PWG website', 'new_window' => false, 'eval_visible' => 'return true;'), // 'http://forum.phpwebgallery.net' => array('label' => 'For ADMIN', 'new_window' => true, 'eval_visible' => 'return is_admin();'), // 'http://phpwebgallery.net/doc' => array('label' => 'For Guest', 'new_window' => true, 'eval_visible' => 'return is_a_guest();'), -// 'http://download.gna.org/phpwebgallery/' => -// array('label' => 'PopUp', 'new_window' => true, +// 'http://download.gna.org/phpwebgallery/' => +// array('label' => 'PopUp', 'new_window' => true, // 'nw_name' => 'PopUp', 'nw_features' => 'width=800,height=450,location=no,status=no,toolbar=no,scrollbars=no,menubar=no'), // ); // Parameters: @@ -263,6 +263,9 @@ $conf['prefix_thumbnail'] = 'TN-'; // Administration>Identification>Users? $conf['users_page'] = 20; +// image level permissions available in the admin interface +$conf['available_permission_levels'] = array(0,1,2,4,8); + // mail_options: only set it true if you have a send mail warning with // "options" parameter missing on mail() function execution. $conf['mail_options'] = false; @@ -614,11 +617,11 @@ $conf['allow_web_services'] = true; $conf['ws_max_images_per_page'] = 500; // On Access control false / Admim Web Service need Php cURL extension -// Controls are done on public basis or +// Controls are done on public basis or // if connected on member authorization basis $conf['ws_access_control'] = false; - -// On Access control true + +// On Access control true // Additionnal controls are made based on Web Service Access Table // Max returned rows number ( > 0 ) @@ -628,10 +631,10 @@ $conf['ws_access_control'] = false; // 0 it's Now(), don't remove that one $conf['ws_postponed_start'] = array(0,1,2,3,5,7,14,30); /* In days */ -// By default 10, 5, 2, 1 year(s) or 6, 3, 1 month(s) +// By default 10, 5, 2, 1 year(s) or 6, 3, 1 month(s) // or 15, 10, 7, 5, 1, 0 day(s) // 0 it's temporary closed (Useful for one access) - $conf['ws_durations'] = array(3650,1825,730,365,182,91,30,15,10,7,5,1,0); + $conf['ws_durations'] = array(3650,1825,730,365,182,91,30,15,10,7,5,1,0); // +-----------------------------------------------------------------------+ // | Filter | @@ -675,12 +678,12 @@ $conf['filter_pages'] = array // +-----------------------------------------------------------------------+ // | Light slideshow | // +-----------------------------------------------------------------------+ -// $conf['light_slideshow'] indicates to use slideshow.tpl in state of +// $conf['light_slideshow'] indicates to use slideshow.tpl in state of // picture.tpl for slideshow // Take care to have slideshow.tpl in all available templates // Or set it false. // Check if Picture's plugins are compliant with it // Every plugin from 1.7 would be design to manage light_slideshow case. -$conf['light_slideshow'] = true; +$conf['light_slideshow'] = true; ?> diff --git a/include/functions_user.inc.php b/include/functions_user.inc.php index f3b078dbf..1c4500328 100644 --- a/include/functions_user.inc.php +++ b/include/functions_user.inc.php @@ -257,6 +257,22 @@ SELECT ui.*, uc.* $userdata['forbidden_categories'] = calculate_permissions($userdata['id'], $userdata['status']); + /* now we build the list of forbidden images (this list does not contain + images that are not in at least an authorized category)*/ + $query = ' +SELECT DISTINCT(id) + FROM '.IMAGES_TABLE.' INNER JOIN '.IMAGE_CATEGORY_TABLE.' ON id=image_id + WHERE category_id NOT IN ('.$userdata['forbidden_categories'].') + AND level>'.$userdata['level']; + $forbidden_ids = array_from_query($query, 'id'); + + if ( empty($forbidden_ids) ) + { + array_push( $forbidden_ids, 0 ); + } + $userdata['image_access_type'] = 'NOT IN'; //TODO maybe later + $userdata['image_access_list'] = implode(',',$forbidden_ids); + update_user_cache_categories($userdata); // Set need update are done @@ -269,6 +285,7 @@ SELECT ui.*, uc.* SELECT COUNT(DISTINCT(image_id)) as total FROM '.IMAGE_CATEGORY_TABLE.' WHERE category_id NOT IN ('.$userdata['forbidden_categories'].') + AND image_id '.$userdata['image_access_type'].' ('.$userdata['image_access_list'].') ;'; list($userdata['nb_total_images']) = mysql_fetch_array(pwg_query($query)); @@ -281,10 +298,12 @@ DELETE FROM '.USER_CACHE_TABLE.' $query = ' INSERT INTO '.USER_CACHE_TABLE.' - (user_id, need_update, forbidden_categories, nb_total_images) + (user_id, need_update, forbidden_categories, nb_total_images, + image_access_type, image_access_list) VALUES ('.$userdata['id'].',\''.boolean_to_string($userdata['need_update']).'\',\'' - .$userdata['forbidden_categories'].'\','.$userdata['nb_total_images'].') + .$userdata['forbidden_categories'].'\','.$userdata['nb_total_images'].',"' + .$userdata['image_access_type'].'","'.$userdata['image_access_list'].'") ;'; pwg_query($query); } @@ -527,26 +546,20 @@ function get_computed_categories($userdata, $filter_days=null) $group_by = ''; $query = 'SELECT c.id cat_id, global_rank'; - if ( !isset($filter_days) ) - { - $query .= ', - date_last cat_date_last, - nb_images cat_nb_images - FROM '.CATEGORIES_TABLE.' as c'; - } - else + // Count by date_available to avoid count null + $query .= ', + MAX(date_available) cat_date_last, COUNT(date_available) cat_nb_images +FROM '.CATEGORIES_TABLE.' as c + LEFT JOIN '.IMAGE_CATEGORY_TABLE.' AS ic ON ic.category_id = c.id + LEFT JOIN '.IMAGES_TABLE.' AS i + ON ic.image_id = i.id + AND i.level<='.$userdata['level']; + + if ( isset($filter_days) ) { - // Count by date_available to avoid count null - $query .= ', - MAX(date_available) cat_date_last, - COUNT(date_available) cat_nb_images - FROM '.CATEGORIES_TABLE.' as c - LEFT JOIN '.IMAGE_CATEGORY_TABLE.' AS ic ON ic.category_id = c.id - LEFT JOIN '.IMAGES_TABLE.' AS i - ON ic.image_id = i.id AND - i.date_available > SUBDATE(CURRENT_DATE,INTERVAL '.$filter_days.' DAY)'; - $group_by = 'c.id'; + $query .= ' AND i.date_available > SUBDATE(CURRENT_DATE,INTERVAL '.$filter_days.' DAY)'; } + $group_by = 'c.id'; if ( !empty($userdata['forbidden_categories']) ) { @@ -719,7 +732,7 @@ SELECT COUNT(*) function get_default_user_info($convert_str = true) { global $page, $conf; - + if (!isset($page['cache_default_user'])) { $query = 'select * from '.USER_INFOS_TABLE. @@ -727,7 +740,7 @@ function get_default_user_info($convert_str = true) $result = pwg_query($query); $page['cache_default_user'] = mysql_fetch_assoc($result); - + if ($page['cache_default_user'] !== false) { unset($page['cache_default_user']['user_id']); @@ -839,11 +852,13 @@ function create_user_infos($arg_id, $override_values = null) foreach ($user_ids as $user_id) { + $level= isset($default_user['level']) ? $default_user['level'] : 0; if ($user_id == $conf['webmaster_id']) { $status = 'webmaster'; + $level = max( $conf['available_permission_levels'] ); } - else if (($user_id == $conf['guest_id']) or + else if (($user_id == $conf['guest_id']) or ($user_id == $conf['default_user_id'])) { $status = 'guest'; @@ -858,11 +873,12 @@ function create_user_infos($arg_id, $override_values = null) array( 'user_id' => $user_id, 'status' => $status, - 'registration_date' => $dbnow + 'registration_date' => $dbnow, + 'level' => $level )); array_push($inserts, $insert); - } + } include_once(PHPWG_ROOT_PATH.'admin/include/functions.php'); mass_inserts(USER_INFOS_TABLE, array_keys($inserts[0]), $inserts); @@ -901,7 +917,7 @@ SELECT name * return the file path of the given language filename, depending on the * availability of the file * - * in descending order of preference: + * in descending order of preference: * param language, user language, default language * PhpWebGallery default language. * @@ -1290,14 +1306,38 @@ function get_sql_condition_FandF( break; } case 'visible_images': - { if (!empty($filter['visible_images'])) { $sql_list[] = $field_name.' IN ('.$filter['visible_images'].')'; } + // note there is no break - visible include forbidden + case 'forbidden_images': + if ( + !empty($user['image_access_list']) + or $user['image_access_type']!='NOT IN' + ) + { + $table_prefix=null; + if ($field_name=='id') + { + $table_prefix = ''; + } + elseif ($field_name=='i.id') + { + $table_prefix = 'i.'; + } + if ( isset($table_prefix) ) + { + $sql_list[]=$table_prefix.'level<='.$user['level']; + } + else + { + $sql_list[]=$field_name.' '.$user['image_access_type'] + .' ('.$user['image_access_list'].')'; + } + } break; - } default: { die('Unknow condition'); |