diff options
Diffstat (limited to '')
| -rw-r--r-- | BSF/admin/group_perm.php | 185 |
1 files changed, 185 insertions, 0 deletions
diff --git a/BSF/admin/group_perm.php b/BSF/admin/group_perm.php new file mode 100644 index 000000000..430730001 --- /dev/null +++ b/BSF/admin/group_perm.php @@ -0,0 +1,185 @@ +<?php +// +-----------------------------------------------------------------------+ +// | Piwigo - a PHP based picture gallery | +// +-----------------------------------------------------------------------+ +// | Copyright(C) 2008 Piwigo Team http://piwigo.org | +// | Copyright(C) 2003-2008 PhpWebGallery Team http://phpwebgallery.net | +// | Copyright(C) 2002-2003 Pierrick LE GALL http://le-gall.net/pierrick | +// +-----------------------------------------------------------------------+ +// | This program is free software; you can redistribute it and/or modify | +// | it under the terms of the GNU General Public License as published by | +// | the Free Software Foundation | +// | | +// | This program is distributed in the hope that it will be useful, but | +// | WITHOUT ANY WARRANTY; without even the implied warranty of | +// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | +// | General Public License for more details. | +// | | +// | You should have received a copy of the GNU General Public License | +// | along with this program; if not, write to the Free Software | +// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | +// | USA. | +// +-----------------------------------------------------------------------+ + +if( !defined("PHPWG_ROOT_PATH") ) +{ + die ("Hacking attempt!"); +} + +include_once(PHPWG_ROOT_PATH.'admin/include/functions.php'); + +// +-----------------------------------------------------------------------+ +// | Check Access and exit when user status is not ok | +// +-----------------------------------------------------------------------+ +check_status(ACCESS_ADMINISTRATOR); + +// +-----------------------------------------------------------------------+ +// | variables init | +// +-----------------------------------------------------------------------+ + +if (isset($_GET['group_id']) and is_numeric($_GET['group_id'])) +{ + $page['group'] = $_GET['group_id']; +} +else +{ + die('group_id URL parameter is missing'); +} + +// +-----------------------------------------------------------------------+ +// | updates | +// +-----------------------------------------------------------------------+ + +if (isset($_POST['falsify']) + and isset($_POST['cat_true']) + and count($_POST['cat_true']) > 0) +{ + // if you forbid access to a category, all sub-categories become + // automatically forbidden + $subcats = get_subcat_ids($_POST['cat_true']); + $query = ' +DELETE + FROM '.GROUP_ACCESS_TABLE.' + WHERE group_id = '.$page['group'].' + AND cat_id IN ('.implode(',', $subcats).') +;'; + pwg_query($query); +} +else if (isset($_POST['trueify']) + and isset($_POST['cat_false']) + and count($_POST['cat_false']) > 0) +{ + $uppercats = get_uppercat_ids($_POST['cat_false']); + $private_uppercats = array(); + + $query = ' +SELECT id + FROM '.CATEGORIES_TABLE.' + WHERE id IN ('.implode(',', $uppercats).') + AND status = \'private\' +;'; + $result = pwg_query($query); + while ($row = mysql_fetch_array($result)) + { + array_push($private_uppercats, $row['id']); + } + + // retrying to authorize a category which is already authorized may cause + // an error (in SQL statement), so we need to know which categories are + // accesible + $authorized_ids = array(); + + $query = ' +SELECT cat_id + FROM '.GROUP_ACCESS_TABLE.' + WHERE group_id = '.$page['group'].' +;'; + $result = pwg_query($query); + + while ($row = mysql_fetch_array($result)) + { + array_push($authorized_ids, $row['cat_id']); + } + + $inserts = array(); + $to_autorize_ids = array_diff($private_uppercats, $authorized_ids); + foreach ($to_autorize_ids as $to_autorize_id) + { + array_push( + $inserts, + array( + 'group_id' => $page['group'], + 'cat_id' => $to_autorize_id + ) + ); + } + + mass_inserts(GROUP_ACCESS_TABLE, array('group_id','cat_id'), $inserts); +} + +// +-----------------------------------------------------------------------+ +// | template init | +// +-----------------------------------------------------------------------+ + +$template->set_filenames( + array( + 'group_perm' => 'admin/group_perm.tpl', + 'double_select' => 'admin/double_select.tpl' + ) + ); + +$template->assign( + array( + 'TITLE' => + sprintf( + l10n('Manage permissions for group "%s"'), + get_groupname($page['group'] + ) + ), + 'L_CAT_OPTIONS_TRUE'=>l10n('authorized'), + 'L_CAT_OPTIONS_FALSE'=>l10n('forbidden'), + + 'F_ACTION' => + get_root_url(). + 'admin.php?page=group_perm&group_id='. + $page['group'] + ) + ); + +// only private categories are listed +$query_true = ' +SELECT id,name,uppercats,global_rank + FROM '.CATEGORIES_TABLE.' INNER JOIN '.GROUP_ACCESS_TABLE.' ON cat_id = id + WHERE status = \'private\' + AND group_id = '.$page['group'].' +;'; +display_select_cat_wrapper($query_true,array(),'category_option_true'); + +$result = pwg_query($query_true); +$authorized_ids = array(); +while ($row = mysql_fetch_array($result)) +{ + array_push($authorized_ids, $row['id']); +} + +$query_false = ' +SELECT id,name,uppercats,global_rank + FROM '.CATEGORIES_TABLE.' + WHERE status = \'private\''; +if (count($authorized_ids) > 0) +{ + $query_false.= ' + AND id NOT IN ('.implode(',', $authorized_ids).')'; +} +$query_false.= ' +;'; +display_select_cat_wrapper($query_false,array(),'category_option_false'); + +// +-----------------------------------------------------------------------+ +// | html code display | +// +-----------------------------------------------------------------------+ + +$template->assign_var_from_handle('DOUBLE_SELECT', 'double_select'); +$template->assign_var_from_handle('ADMIN_CONTENT', 'group_perm'); + +?> |