diff options
Diffstat (limited to '')
-rw-r--r-- | BSF/admin/cat_perm.php | 330 |
1 files changed, 330 insertions, 0 deletions
diff --git a/BSF/admin/cat_perm.php b/BSF/admin/cat_perm.php new file mode 100644 index 000000000..45eb15937 --- /dev/null +++ b/BSF/admin/cat_perm.php @@ -0,0 +1,330 @@ +<?php +// +-----------------------------------------------------------------------+ +// | Piwigo - a PHP based picture gallery | +// +-----------------------------------------------------------------------+ +// | Copyright(C) 2008 Piwigo Team http://piwigo.org | +// | Copyright(C) 2003-2008 PhpWebGallery Team http://phpwebgallery.net | +// | Copyright(C) 2002-2003 Pierrick LE GALL http://le-gall.net/pierrick | +// +-----------------------------------------------------------------------+ +// | This program is free software; you can redistribute it and/or modify | +// | it under the terms of the GNU General Public License as published by | +// | the Free Software Foundation | +// | | +// | This program is distributed in the hope that it will be useful, but | +// | WITHOUT ANY WARRANTY; without even the implied warranty of | +// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | +// | General Public License for more details. | +// | | +// | You should have received a copy of the GNU General Public License | +// | along with this program; if not, write to the Free Software | +// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | +// | USA. | +// +-----------------------------------------------------------------------+ + +if (!defined('PHPWG_ROOT_PATH')) +{ + die ("Hacking attempt!"); +} + +include_once(PHPWG_ROOT_PATH.'admin/include/functions.php'); + +// +-----------------------------------------------------------------------+ +// | Check Access and exit when user status is not ok | +// +-----------------------------------------------------------------------+ +check_status(ACCESS_ADMINISTRATOR); + +// +-----------------------------------------------------------------------+ +// | variable initialization | +// +-----------------------------------------------------------------------+ + +// if the category is not correct (not numeric, not private) +if (isset($_GET['cat']) and is_numeric($_GET['cat'])) +{ + $query = ' +SELECT status + FROM '.CATEGORIES_TABLE.' + WHERE id = '.$_GET['cat'].' +;'; + list($status) = mysql_fetch_array(pwg_query($query)); + + if ('private' == $status) + { + $page['cat'] = $_GET['cat']; + } +} + +if (!isset($page['cat'])) +{ + $query = ' +SELECT id + FROM '.CATEGORIES_TABLE.' + WHERE status = \'private\' + LIMIT 0,1 +;'; + + list($page['cat']) = mysql_fetch_array(pwg_query($query)); +} + +// +-----------------------------------------------------------------------+ +// | form submission | +// +-----------------------------------------------------------------------+ + + +if (isset($_POST['deny_groups_submit']) + and isset($_POST['deny_groups']) + and count($_POST['deny_groups']) > 0) +{ + // if you forbid access to a category, all sub-categories become + // automatically forbidden + $query = ' +DELETE + FROM '.GROUP_ACCESS_TABLE.' + WHERE group_id IN ('.implode(',', $_POST['deny_groups']).') + AND cat_id IN ('.implode(',', get_subcat_ids(array($page['cat']))).') +;'; + pwg_query($query); +} +else if (isset($_POST['grant_groups_submit']) + and isset($_POST['grant_groups']) + and count($_POST['grant_groups']) > 0) +{ + $query = ' +SELECT id + FROM '.CATEGORIES_TABLE.' + WHERE id IN ('.implode(',', get_uppercat_ids(array($page['cat']))).') + AND status = \'private\' +;'; + $private_uppercats = array_from_query($query, 'id'); + + // We must not reinsert already existing lines in group_access table + $granteds = array(); + foreach ($private_uppercats as $cat_id) + { + $granteds[$cat_id] = array(); + } + + $query = ' +SELECT group_id, cat_id + FROM '.GROUP_ACCESS_TABLE.' + WHERE cat_id IN ('.implode(',', $private_uppercats).') + AND group_id IN ('.implode(',', $_POST['grant_groups']).') +;'; + $result = pwg_query($query); + while ($row = mysql_fetch_array($result)) + { + array_push($granteds[$row['cat_id']], $row['group_id']); + } + + $inserts = array(); + + foreach ($private_uppercats as $cat_id) + { + $group_ids = array_diff($_POST['grant_groups'], $granteds[$cat_id]); + foreach ($group_ids as $group_id) + { + array_push($inserts, array('group_id' => $group_id, + 'cat_id' => $cat_id)); + } + } + + mass_inserts(GROUP_ACCESS_TABLE, array('group_id','cat_id'), $inserts); +} +else if (isset($_POST['deny_users_submit']) + and isset($_POST['deny_users']) + and count($_POST['deny_users']) > 0) +{ + // if you forbid access to a category, all sub-categories become + // automatically forbidden + $query = ' +DELETE + FROM '.USER_ACCESS_TABLE.' + WHERE user_id IN ('.implode(',', $_POST['deny_users']).') + AND cat_id IN ('.implode(',', get_subcat_ids(array($page['cat']))).') +;'; + pwg_query($query); +} +else if (isset($_POST['grant_users_submit']) + and isset($_POST['grant_users']) + and count($_POST['grant_users']) > 0) +{ + $query = ' +SELECT id + FROM '.CATEGORIES_TABLE.' + WHERE id IN ('.implode(',', get_uppercat_ids(array($page['cat']))).') + AND status = \'private\' +;'; + $private_uppercats = array_from_query($query, 'id'); + + // We must not reinsert already existing lines in user_access table + $granteds = array(); + foreach ($private_uppercats as $cat_id) + { + $granteds[$cat_id] = array(); + } + + $query = ' +SELECT user_id, cat_id + FROM '.USER_ACCESS_TABLE.' + WHERE cat_id IN ('.implode(',', $private_uppercats).') + AND user_id IN ('.implode(',', $_POST['grant_users']).') +;'; + $result = pwg_query($query); + while ($row = mysql_fetch_array($result)) + { + array_push($granteds[$row['cat_id']], $row['user_id']); + } + + $inserts = array(); + + foreach ($private_uppercats as $cat_id) + { + $user_ids = array_diff($_POST['grant_users'], $granteds[$cat_id]); + foreach ($user_ids as $user_id) + { + array_push($inserts, array('user_id' => $user_id, + 'cat_id' => $cat_id)); + } + } + + mass_inserts(USER_ACCESS_TABLE, array('user_id','cat_id'), $inserts); +} + +// +-----------------------------------------------------------------------+ +// | template initialization | +// +-----------------------------------------------------------------------+ + +$template->set_filename('cat_perm', 'admin/cat_perm.tpl'); + +$template->assign( + array( + 'CATEGORIES_NAV' => + get_cat_display_name_from_id( + $page['cat'], + 'admin.php?page=cat_modify&cat_id=' + ), + 'U_HELP' => get_root_url().'popuphelp.php?page=cat_perm', + 'F_ACTION' => get_root_url().'admin.php?page=cat_perm&cat='.$page['cat'] + ) + ); + +// +-----------------------------------------------------------------------+ +// | form construction | +// +-----------------------------------------------------------------------+ + +// groups denied are the groups not granted. So we need to find all groups +// minus groups granted to find groups denied. + +$groups = array(); + +$query = ' +SELECT id, name + FROM '.GROUPS_TABLE.' + ORDER BY name ASC +;'; +$groups = simple_hash_from_query($query, 'id', 'name'); +$template->assign('all_groups', $groups); + +// groups granted to access the category +$query = ' +SELECT group_id + FROM '.GROUP_ACCESS_TABLE.' + WHERE cat_id = '.$page['cat'].' +;'; +$group_granted_ids = array_from_query($query, 'group_id'); +$group_granted_ids = order_by_name($group_granted_ids, $groups); +$template->assign('group_granted_ids', $group_granted_ids); + + +// groups denied +$template->assign('group_denied_ids', + order_by_name(array_diff(array_keys($groups), $group_granted_ids), $groups) + ); + +// users... +$users = array(); + +$query = ' +SELECT '.$conf['user_fields']['id'].' AS id, + '.$conf['user_fields']['username'].' AS username + FROM '.USERS_TABLE.' +;'; +$users = simple_hash_from_query($query, 'id', 'username'); +$template->assign('all_users', $users); + + +$query = ' +SELECT user_id + FROM '.USER_ACCESS_TABLE.' + WHERE cat_id = '.$page['cat'].' +;'; +$user_granted_direct_ids = array_from_query($query, 'user_id'); +$user_granted_direct_ids = order_by_name($user_granted_direct_ids, $users); +$template->assign('user_granted_direct_ids', $user_granted_direct_ids); + + + +$user_granted_indirect_ids = array(); +if (count($group_granted_ids) > 0) +{ + $granted_groups = array(); + + $query = ' +SELECT user_id, group_id + FROM '.USER_GROUP_TABLE.' + WHERE group_id IN ('.implode(',', $group_granted_ids).') +'; + $result = pwg_query($query); + while ($row = mysql_fetch_array($result)) + { + if (!isset($granted_groups[$row['group_id']])) + { + $granted_groups[$row['group_id']] = array(); + } + array_push($granted_groups[$row['group_id']], $row['user_id']); + } + + $user_granted_by_group_ids = array(); + + foreach ($granted_groups as $group_users) + { + $user_granted_by_group_ids = array_merge($user_granted_by_group_ids, + $group_users); + } + $user_granted_by_group_ids = array_unique($user_granted_by_group_ids); + + + $user_granted_indirect_ids = array_diff($user_granted_by_group_ids, + $user_granted_direct_ids); + $user_granted_indirect_ids = + order_by_name($user_granted_indirect_ids, $users); + foreach ($user_granted_indirect_ids as $user_id) + { + foreach ($granted_groups as $group_id => $group_users) + { + if (in_array($user_id, $group_users)) + { + $template->append( + 'user_granted_indirects', + array( + 'USER'=>$users[$user_id], + 'GROUP'=>$groups[$group_id] + ) + ); + break; + } + } + } +} + +$user_denied_ids = array_diff(array_keys($users), + $user_granted_indirect_ids, + $user_granted_direct_ids); +$user_denied_ids = order_by_name($user_denied_ids, $users); +$template->assign('user_denied_ids', $user_denied_ids); + + +// +-----------------------------------------------------------------------+ +// | sending html code | +// +-----------------------------------------------------------------------+ +$template->assign_var_from_handle('ADMIN_CONTENT', 'cat_perm'); +?> |