diff options
Diffstat (limited to '')
| -rw-r--r-- | admin/cat_perm.php | 210 |
1 files changed, 210 insertions, 0 deletions
diff --git a/admin/cat_perm.php b/admin/cat_perm.php new file mode 100644 index 000000000..d8e0f28dc --- /dev/null +++ b/admin/cat_perm.php @@ -0,0 +1,210 @@ +<?php +/*************************************************************************** + * cat_perm.php * + * ------------------ * + * application : PhpWebGallery 1.3 * + * author : Pierrick LE GALL <pierrick@z0rglub.com> * + * * + ***************************************************************************/ + +/*************************************************************************** + * * + * This program is free software; you can redistribute it and/or modify * + * it under the terms of the GNU General Public License as published by * + * the Free Software Foundation; * + * * + ***************************************************************************/ +include_once( './include/isadmin.inc.php' ); +//----------------------------------------------------- template initialization +$sub = $vtp->Open( '../template/'.$user['template'].'/admin/cat_perm.vtp' ); +$error = array(); +$tpl = array( 'permuser_authorized','permuser_forbidden','menu_groups', + 'submit','menu_users','permuser_parent_forbidden' ); +templatize_array( $tpl, 'lang', $sub ); +//-------------------------------------------------------------- category infos +if ( isset( $_GET['cat_id'] ) ) +{ + check_cat_id( $_GET['cat_id'] ); + if ( isset( $page['cat'] ) and is_numeric( $page['cat'] ) ) + { + $result = get_cat_info( $page['cat'] ); + $page['cat_name'] = $result['name']; + $page['id_uppercat'] = $result['id_uppercat']; + } +} +//---------------------------------------------------------- permission updates +if ( isset( $_POST['submit'] ) ) +{ + // groups access update + $query = 'DELETE'; + $query.= ' FROM '.PREFIX_TABLE.'group_access'; + $query.= ' WHERE cat_id = '.$page['cat']; + $query.= ';'; + mysql_query( $query ); + $query = 'SELECT id'; + $query.= ' FROM '.PREFIX_TABLE.'groups'; + $query.= ';'; + $result = mysql_query( $query ); + while ( $row = mysql_fetch_array( $result ) ) + { + $radioname = 'groupaccess-'.$row['id']; + if ( $_POST[$radioname] == 0 ) + { + $query = 'INSERT INTO '.PREFIX_TABLE.'group_access'; + $query.= ' (cat_id,group_id) VALUES'; + $query.= ' ('.$page['cat'].','.$row['id'].')'; + $query.= ';'; + mysql_query( $query ); + } + } + // users access update + $query = 'DELETE'; + $query.= ' FROM '.PREFIX_TABLE.'user_access'; + $query.= ' WHERE cat_id = '.$page['cat']; + $query.= ';'; + mysql_query( $query ); + $query = 'SELECT id'; + $query.= ' FROM '.PREFIX_TABLE.'users'; + $query.= ';'; + $result = mysql_query( $query ); + while ( $row = mysql_fetch_array( $result ) ) + { + $radioname = 'useraccess-'.$row['id']; + if ( $_POST[$radioname] == 0 ) + { + $query = 'INSERT INTO '.PREFIX_TABLE.'user_access'; + $query.= ' (cat_id,user_id) VALUES'; + $query.= ' ('.$page['cat'].','.$row['id'].')'; + $query.= ';'; + mysql_query( $query ); + } + check_favorites( $row['id'] ); + } + // echo "<div class=\"info\">".$lang['permuser_info_message']." [ <a href=\"".add_session_id_to_url( "./admin.php?page=cat" )."\">".$lang['editcat_back']."</a> ]</div>"; +} +//---------------------------------------------------------------------- groups +$query = 'SELECT id,name'; +$query.= ' FROM '.PREFIX_TABLE.'groups'; +$query. ';'; +$result = mysql_query( $query ); +if ( mysql_num_rows( $result ) > 0 ) +{ + $vtp->addSession( $sub, 'groups' ); + // creating an array with all authorized groups for this category + $query = 'SELECT group_id'; + $query.= ' FROM '.PREFIX_TABLE.'group_access'; + $query.= ' WHERE cat_id = '.$_GET['cat_id']; + $query.= ';'; + $subresult = mysql_query( $query ); + $authorized_groups = array(); + while ( $subrow = mysql_fetch_array( $subresult ) ) + { + array_push( $authorized_groups, $subrow['group_id'] ); + } + // displaying each group + while( $row = mysql_fetch_array( $result ) ) + { + $vtp->addSession( $sub, 'group' ); + if ( in_array( $row['id'], $authorized_groups ) ) + { + $vtp->setVar( $sub, 'group.color', 'green' ); + $vtp->setVar( $sub, 'group.authorized_checked', ' checked="checked"' ); + } + else + { + $vtp->setVar( $sub, 'group.color', 'red' ); + $vtp->setVar( $sub, 'group.forbidden_checked', ' checked="checked"' ); + } + $vtp->setVar( $sub, 'group.groupname', $row['name'] ); + $vtp->setVar( $sub, 'group.id', $row['id'] ); + $vtp->closeSession( $sub, 'group' ); + } + $vtp->closeSession( $sub, 'groups' ); +} +//----------------------------------------------------------------------- users +$query = 'SELECT id,username,status'; +$query.= ' FROM '.PREFIX_TABLE.'users'; +$query.= " WHERE username != '".$conf['webmaster']."'"; +$query.= ';'; +$result = mysql_query( $query ); +while ( $row = mysql_fetch_array( $result ) ) +{ + $vtp->addSession( $sub, 'user' ); + $vtp->setVar( $sub, 'user.id', $row['id'] ); + $url = add_session_id( './admin.php?page=user_perm&user_id='.$row['id']); + $vtp->setVar( $sub, 'user.user_perm_link', $url); + if ( $row['username'] == 'guest' ) + { + $row['username'] = $lang['guest']; + } + $vtp->setVar( $sub, 'user.username', $row['username'] ); + + // for color of user : (red means access forbidden, green authorized) we + // ask all forbidden categories, including the groups rights + $restrictions = get_restrictions( $row['id'], $row['status'], false ); + $is_user_allowed = is_user_allowed( $page['cat'], $restrictions ); + if ( $is_user_allowed == 0 ) + { + $vtp->setVar( $sub, 'user.color', 'green' ); + } + else + { + $vtp->setVar( $sub, 'user.color', 'red' ); + } + // for permission update button, we only ask forbidden categories for the + // user, not taking into account the groups the user belongs to + $restrictions = get_restrictions( $row['id'], $row['status'], false, false ); + $is_user_allowed = is_user_allowed( $page['cat'], $restrictions ); + if ( $is_user_allowed == 2 ) + { + $vtp->addSession( $sub, 'parent_forbidden' ); + $url = './admin.php?page=cat_perm&cat_id='.$page['id_uppercat']; + $vtp->setVar( $sub, 'parent_forbidden.url', add_session_id( $url ) ); + $vtp->closeSession( $sub, 'parent_forbidden' ); + } + if ( $is_user_allowed == 0 ) + { + $vtp->setVar( $sub, 'user.authorized_checked', ' checked="checked"' ); + } + else + { + $vtp->setVar( $sub, 'user.forbidden_checked', ' checked="checked"' ); + } + // user's group(s) + $query = 'SELECT g.name as groupname, g.id as groupid'; + $query.= ' FROM '.PREFIX_TABLE.'groups as g'; + $query.= ', '.PREFIX_TABLE.'user_group as ug'; + $query.= ' WHERE ug.group_id = g.id'; + $query.= ' AND ug.user_id = '.$row['id']; + $query.= ';'; + $subresult = mysql_query( $query ); + if ( mysql_num_rows( $subresult ) > 0 ) + { + $vtp->addSession( $sub, 'usergroups' ); + $i = 0; + while( $subrow = mysql_fetch_array( $subresult ) ) + { + $vtp->addSession( $sub, 'usergroup' ); + if ( in_array( $subrow['groupid'], $authorized_groups ) ) + { + $vtp->setVar( $sub, 'usergroup.color', 'green' ); + } + else + { + $vtp->setVar( $sub, 'usergroup.color', 'red' ); + } + $vtp->setVar( $sub, 'usergroup.name', $subrow['groupname'] ); + if ( $i < mysql_num_rows( $subresult ) - 1 ) + { + $vtp->setVar( $sub, 'usergroup.separation', ',' ); + } + $vtp->closeSession( $sub, 'usergroup' ); + $i++; + } + $vtp->closeSession( $sub, 'usergroups' ); + } + $vtp->closeSession( $sub, 'user' ); +} +//----------------------------------------------------------- sending html code +$vtp->Parse( $handle , 'sub', $sub ); +?>
\ No newline at end of file |