diff options
Diffstat (limited to 'admin/user_perm.php')
-rw-r--r-- | admin/user_perm.php | 174 |
1 files changed, 174 insertions, 0 deletions
diff --git a/admin/user_perm.php b/admin/user_perm.php new file mode 100644 index 000000000..081560c54 --- /dev/null +++ b/admin/user_perm.php @@ -0,0 +1,174 @@ +<?php +/*************************************************************************** + * user_perm.php * + * ------------------ * + * application : PhpWebGallery 1.3 * + * author : Pierrick LE GALL <pierrick@z0rglub.com> * + * * + ***************************************************************************/ + +/*************************************************************************** + * * + * This program is free software; you can redistribute it and/or modify * + * it under the terms of the GNU General Public License as published by * + * the Free Software Foundation; * + * * + ***************************************************************************/ +include_once( './include/isadmin.inc.php' ); +//----------------------------------------------------- template initialization +$sub = $vtp->Open( '../template/'.$user['template'].'/admin/user_perm.vtp' ); +$error = array(); +$tpl = array( 'permuser_authorized','permuser_forbidden','submit', + 'permuser_parent_forbidden','permuser_info_message', + 'adduser_info_back' ); +templatize_array( $tpl, 'lang', $sub ); +//--------------------------------------------------------------------- updates +if ( isset( $_POST['submit'] ) ) +{ + // cleaning the user_access table for this user + $query = 'DELETE FROM '.PREFIX_TABLE.'user_access'; + $query.= ' WHERE user_id = '.$_GET['user_id']; + $query.= ';'; + mysql_query( $query ); + // selecting all private categories + $query = 'SELECT id'; + $query.= ' FROM '.PREFIX_TABLE.'categories'; + $query.= " WHERE status = 'private'"; + $query.= ';'; + $result = mysql_query( $query ); + while ( $row = mysql_fetch_array( $result ) ) + { + $radioname = 'access-'.$row['id']; + if ( $_POST[$radioname] == 0 ) + { + $query = 'INSERT INTO '.PREFIX_TABLE.'user_access'; + $query.= ' (user_id,cat_id) VALUES'; + $query.= ' ('.$_GET['user_id'].','.$row['id'].')'; + $query.= ';'; + mysql_query ( $query ); + } + } + check_favorites( $_GET['user_id'] ); + $vtp->addSession( $sub, 'confirmation' ); + $url = './admin.php?page=user_list'; + $vtp->setVar( $sub, 'confirmation.back_url', add_session_id( $url ) ); + $vtp->closeSession( $sub, 'confirmation' ); +} +//---------------------------------------------------------------- form display +$restrictions = get_restrictions( $_GET['user_id'], $page['user_status'], + false, false ); +$action = './admin.php?page=user_perm&user_id='.$_GET['user_id']; +$vtp->setVar( $sub, 'action', add_session_id( $action ) ); +// Association of group_ids with group_names -> caching informations +$query = 'SELECT id,name'; +$query.= ' FROM '.PREFIX_TABLE.'groups'; +$query.= ';'; +$result = mysql_query( $query ); +$groups = array(); +while ( $row = mysql_fetch_array( $result ) ) +{ + $groups[$row['id']] = $row['name']; +} +// Listing of groups the user belongs to +$query = 'SELECT ug.group_id as groupid'; +$query.= ' FROM '.PREFIX_TABLE.'user_group as ug'; +$query.= ' WHERE user_id = '.$_GET['user_id']; +$query.= ';'; +$result = mysql_query( $query ); +$usergroups = array(); +while ( $row = mysql_fetch_array( $result ) ) +{ + array_push( $usergroups, $row['groupid'] ); +} +// only private categories are listed +$query = 'SELECT id'; +$query.= ' FROM '.PREFIX_TABLE.'categories'; +$query.= " WHERE status = 'private'"; +$query.= ';'; +$result = mysql_query( $query ); +while ( $row = mysql_fetch_array( $result ) ) +{ + $vtp->addSession( $sub, 'category' ); + $vtp->setVar( $sub, 'category.id', $row['id'] ); + // we have to know whether the user is authorized to access this + // category. The category can be accessible for this user thanks to his + // personnal access rights OR thanks to the access rights of a group he + // belongs to. + // 1. group access : + // retrieving all authorized groups for this category and for this user + $query = 'SELECT ga.group_id as groupid'; + $query.= ' FROM '.PREFIX_TABLE.'group_access as ga'; + $query.= ', '.PREFIX_TABLE.'user_group as ug'; + $query.= ' WHERE ga.group_id = ug.group_id'; + $query.= ' AND ug.user_id = '.$_GET['user_id']; + $query.= ' AND cat_id = '.$row['id']; + $query.= ';'; + $subresult = mysql_query( $query ); + $authorized_groups = array(); + while ( $subrow = mysql_fetch_array( $subresult ) ) + { + array_push( $authorized_groups, $subrow['groupid'] ); + } + // 2. personnal access + $is_user_allowed = is_user_allowed( $row['id'], $restrictions ); + // link to the category permission management + $url = './admin.php?page=cat_perm&cat_id='.$row['id']; + $vtp->setVar( $sub, 'category.cat_perm_link', add_session_id( $url ) ); + // color of the category : green if the user is allowed by himself or + // thanks to a group he belongs to + if ( $is_user_allowed == 0 or count( $authorized_groups ) > 0 ) + { + $vtp->setVar( $sub, 'category.color', 'green' ); + } + else + { + $vtp->setVar( $sub, 'category.color', 'red' ); + } + // category name + $cat_infos = get_cat_info( $row['id'] ); + $name = get_cat_display_name( $cat_infos['name'],' > ', + 'font-weight:bold;' ); + $vtp->setVar( $sub, 'category.name', $name ); + // usergroups + if ( count( $usergroups ) > 0 ) + { + $vtp->addSession( $sub, 'usergroups' ); + foreach ( $usergroups as $i => $usergroup ) { + $vtp->addSession( $sub, 'usergroup' ); + $vtp->setVar( $sub, 'usergroup.name', $groups[$usergroup] ); + if ( in_array( $usergroup, $authorized_groups ) ) + { + $vtp->setVar( $sub, 'usergroup.color', 'green' ); + } + else + { + $vtp->setVar( $sub, 'usergroup.color', 'red' ); + } + if ( $i < count( $usergroups ) - 1 ) + { + $vtp->setVar( $sub, 'usergroup.separation', ',' ); + } + $vtp->closeSession( $sub, 'usergroup' ); + } + $vtp->closeSession( $sub, 'usergroups' ); + } + // any subcat forbidden for this user ? + if ( $is_user_allowed == 2 ) + { + $vtp->addSession( $sub, 'parent_forbidden' ); + $vtp->closeSession( $sub, 'parent_forbidden' ); + } + // personnal forbidden or authorized access ? + if ( $is_user_allowed == 0 ) + { + $vtp->setVar( $sub, 'category.authorized_checked', ' checked="checked"' ); + } + else + { + $vtp->setVar( $sub, 'category.forbidden_checked', ' checked="checked"' ); + } + $vtp->closeSession( $sub, 'category' ); +} +//----------------------------------------------------------- sending html code +$vtp->Parse( $handle , 'sub', $sub ); +?>
\ No newline at end of file |