6 files changed, 188 insertions, 16 deletions

diff --git a/include/common.inc.php b/include/common.inc.php
index 06eed3757..285d1bdb3 100644
--- a/include/common.inc.php
+++ b/include/common.inc.php
@@ -172,7 +172,7 @@ include(PHPWG_ROOT_PATH.'include/user.inc.php');
 
 // language files
 load_language('common.lang');
-if (defined('IN_ADMIN') and IN_ADMIN)
+if ( is_admin() || (defined('IN_ADMIN') and IN_ADMIN) )
 {
   load_language('admin.lang');
 }
diff --git a/include/ws_functions.inc.php b/include/ws_functions.inc.php
index dc10719b6..72540f2da 100644
--- a/include/ws_functions.inc.php
+++ b/include/ws_functions.inc.php
@@ -824,6 +824,35 @@ SELECT * FROM '.IMAGES_TABLE.'
     );
 }
 
+function ws_images_setPrivacyLevel($params, &$service)
+{
+  if (!is_admin() || is_adviser() )
+  {
+    return new PwgError(401, 'Access denied');
+  }
+  if ( empty($params['image_id']) )
+  {
+    return new PwgError(WS_ERR_INVALID_PARAM, "Invalid image_id");
+  }
+  global $conf;
+  if ( !in_array( (int)$params['level'], $conf['available_permission_levels']) )
+  {
+    return new PwgError(WS_ERR_INVALID_PARAM, "Invalid level");
+  }
+  $query = '
+UPDATE '.IMAGES_TABLE.'
+  SET level='.(int)$params['level'].'
+  WHERE id IN ('.implode(',',$params['image_id']).')';
+  $result = pwg_query($query);
+  $affected_rows = mysql_affected_rows();
+  if ($affected_rows)
+  {
+    include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
+    invalidate_user_cache();
+  }
+  return $affected_rows;
+}
+
 /**
  * perform a login (web service method)
  */
diff --git a/picture.php b/picture.php
index 1e6e1c811..84dd43c04 100644
--- a/picture.php
+++ b/picture.php
@@ -25,7 +25,6 @@ define('PHPWG_ROOT_PATH','./');
 include_once(PHPWG_ROOT_PATH.'include/common.inc.php');
 include(PHPWG_ROOT_PATH.'include/section_init.inc.php');
 include_once(PHPWG_ROOT_PATH.'include/functions_picture.inc.php');
-include_once(PHPWG_ROOT_PATH.'include/functions_session.inc.php');
 
 // Check Access and exit when user status is not ok
 check_status(ACCESS_GUEST);
@@ -530,14 +529,17 @@ foreach (array('first','previous','next','last', 'current') as $which_image)
   {
     $template->assign(
       $which_image,
-      array(
-        'TITLE' => $picture[$which_image]['name'],
-        'THUMB_SRC' => $picture[$which_image]['thumbnail'],
-        // Params slideshow was transmit to navigation buttons
-        'U_IMG' =>
-          add_url_params(
-            $picture[$which_image]['url'], $slideshow_url_params),
-        'U_DOWNLOAD' => @$picture['current']['download_url'],
+      array_merge(
+        $picture[$which_image],
+        array(
+          'TITLE' => $picture[$which_image]['name'],
+          'THUMB_SRC' => $picture[$which_image]['thumbnail'],
+          // Params slideshow was transmit to navigation buttons
+          'U_IMG' =>
+            add_url_params(
+              $picture[$which_image]['url'], $slideshow_url_params),
+          'U_DOWNLOAD' => @$picture['current']['download_url'],
+          )
         )
       );
   }
@@ -806,21 +808,21 @@ if ( count($tags) )
   {
     $template->append(
         'related_tags',
-        array(
-          'ID'    => $tag['id'],
-          'NAME'  => $tag['name'],
-          'U_TAG' => make_index_url(
+        array_merge( $tag,
+          array(
+            'URL' => make_index_url(
                       array(
                         'tags' => array($tag)
                         )
                       ),
-          'U_TAG_IMAGE' => duplicate_picture_url(
+            'U_TAG_IMAGE' => duplicate_picture_url(
                       array(
                         'section' => 'tags',
                         'tags' => array($tag)
                         )
                     )
           )
+        )
       );
   }
 }
@@ -868,6 +870,10 @@ $element_content = trigger_event(
   );
 $template->assign( 'ELEMENT_CONTENT', $element_content );
 
+if (is_admin())
+{
+  $template->assign('available_permission_levels', $conf['available_permission_levels']);
+}
 // +-----------------------------------------------------------------------+
 // |                               sub pages                               |
 // +-----------------------------------------------------------------------+
diff --git a/template-common/scripts.js b/template-common/scripts.js
index 83f4815e7..452be1699 100644
--- a/template-common/scripts.js
+++ b/template-common/scripts.js
@@ -72,3 +72,108 @@ function popuphelp(url)
   );
 }
 
+
+
+Function.prototype.pwgBind = function() {
+	var __method = this, object = arguments[0], args = new Array();
+	for (var i=1; i<arguments.length; i++)
+		args[i-1] = arguments[i];
+	return function() { return __method.apply(object, args); }
+}
+
+PwgWS = function(urlRoot)
+{
+	this.urlRoot = urlRoot;
+	this.options = {
+		method: "GET",
+		async:  true,
+		onFailure: null,
+		onSuccess: null
+	};
+};
+
+PwgWS.prototype = {
+
+	callService : function(method, parameters, options)
+	{
+		if (options)
+		{
+			for (var property in options)
+				this.options[property] = options[property];
+		}
+		try { this.transport = new XMLHttpRequest();}
+		catch(e) {
+			try { this.transport = new ActiveXObject('Msxml2.XMLHTTP'); }
+			catch(e) {
+				try { this.transport = new ActiveXObject('Microsoft.XMLHTTP'); }
+				catch (e){
+					dispatchError(0, "Cannot create request object");
+				}
+			}
+		}
+		this.transport.onreadystatechange = this.onStateChange.pwgBind(this);
+
+		var url = this.urlRoot;
+		url += "ws.php?format=json&method="+method;
+		if (parameters)
+		{
+			for (var property in parameters)
+			{
+				if ( typeof parameters[property] == 'object' && parameters[property])
+				{
+					for (var i=0; i<parameters[property].length; i++)
+						url += "&"+property+"[]="+parameters[property][i];
+				}
+				else
+					url += "&"+property+"="+parameters[property];
+			}
+		}
+		this.transport.open(this.options.method, url, this.options.async);
+		this.transport.send(null);
+	},
+
+	onStateChange: function() {
+		var readyState = this.transport.readyState;
+		if (readyState == 4)
+			this.respondToReadyState(this.transport.readyState);
+	},
+
+	dispatchError: function( httpCode, text )
+	{
+		!this.options.onFailure || this.options.onFailure( httpCode, text);
+	},
+
+	respondToReadyState: function(readyState)
+	{
+		var transport = this.transport;
+		if (readyState==4 && transport.status == 200)
+		{
+			var resp;
+			try {
+				eval('resp = ' + transport.responseText);
+			}
+			catch (e)
+			{
+				this.dispatchError( 200, e.message + '\n' + transport.responseText.substr(0,256).escapeHTML() );
+			}
+			if (resp!=null)
+			{
+				if (resp.stat==null)
+					this.dispatchError( 200, "Invalid response" );
+				else if (resp.stat=='ok')
+				{
+					if (this.options.onSuccess) this.options.onSuccess( resp.result );
+				}
+				else
+					this.dispatchError( 200, resp.err + " " + resp.message);
+			}
+		}
+		if (readyState==4 && transport.status != 200)
+			this.dispatchError( transport.status, transport.statusText );
+	},
+
+
+	transport: null,
+	urlRoot: null,
+	options: {}
+}
diff --git a/template/yoga/picture.tpl b/template/yoga/picture.tpl
index fc5fce450..e52a7a7a7 100644
--- a/template/yoga/picture.tpl
+++ b/template/yoga/picture.tpl
@@ -117,7 +117,7 @@
     <td class="value">
       {if isset($related_tags)}
         {foreach from=$related_tags item=tag name=tag_loop}{if !$smarty.foreach.tag_loop.first}, {/if}
-        <a href="{$tag.U_TAG}">{$tag.NAME}</a>{/foreach}
+        <a href="{$tag.URL}">{$tag.name}</a>{/foreach}
       {/if}
     </td>
   </tr>
@@ -137,6 +137,32 @@
     <td class="label">{'Visits'|@translate}</td>
     <td class="value">{$INFO_VISITS}</td>
   </tr>
+  {if isset($available_permission_levels) }
+  <tr>
+    <td class="label">{'Privacy level'|@translate}:</td>
+    <td class="value"> 
+<script type="text/javascript">
+{literal}function setPrivacyLevel(selectElement, rootUrl, id, level)
+{
+selectElement.disabled = true;
+var y = new PwgWS(rootUrl);
+
+y.callService(
+  "pwg.images.setPrivacyLevel", {image_id: id, level:level} ,
+  {
+    onFailure: function(num, text) { selectElement.disabled = false; alert(num + " " + text); },
+    onSuccess: function(result) { selectElement.disabled = false; }
+  }
+  );
+}{/literal}
+</script>
+    <select onchange="setPrivacyLevel(this, '{$ROOT_URL|@escape:'javascript'}', {$current.id}, this.options[selectedIndex].value)">
+    {foreach from=$available_permission_levels item=level}
+        <option value="{$level}"{if $current.level==$level} selected="selected"{/if}>{$pwg->l10n($pwg->sprintf('Level %d',$level))}</option>
+    {/foreach}
+    </select>
+  </td></tr>
+  {/if}
   {if isset($rate_summary) }
   <tr>
     <td class="label">{'Average rate'|@translate}</td>
diff --git a/ws.php b/ws.php
index 80f543f06..45601a1cb 100644
--- a/ws.php
+++ b/ws.php
@@ -115,6 +115,12 @@ function ws_addDefaultMethods( $arr )
       ),
       'Returns elements for the corresponding query search.'
     );
+  $service->addMethod('pwg.images.setPrivacyLevel', 'ws_images_setPrivacyLevel',
+      array(
+        'image_id' => array('flags'=>WS_PARAM_FORCE_ARRAY),
+        'level' => array('maxValue'=>$conf['available_permission_levels']),
+      ),
+      'sets the privacy levels for the images' );
 
   $service->addMethod('pwg.session.getStatus', 'ws_session_getStatus', null, '' );
   $service->addMethod('pwg.session.login', 'ws_session_login',