diff options
Diffstat (limited to 'admin')
-rw-r--r-- | admin/group_list.php | 59 | ||||
-rw-r--r-- | admin/group_perm.php | 209 | ||||
-rw-r--r-- | admin/include/isadmin.inc.php | 2 |
3 files changed, 153 insertions, 117 deletions
diff --git a/admin/group_list.php b/admin/group_list.php index d399a6d69..2d9ff7e26 100644 --- a/admin/group_list.php +++ b/admin/group_list.php @@ -135,28 +135,25 @@ $groups_display .= '</select>'; $action = PHPWG_ROOT_PATH.'admin.php?page=group_list'; //----------------------------------------------------- template initialization $template->set_filenames( array('groups'=>'admin/group_list.tpl') ); -$tpl = array( 'group_add','add','listuser_permission','delete', - 'group_confirm','yes','no','group_list_title' ); - $template->assign_vars(array( 'S_GROUP_SELECT'=>$groups_display, 'L_GROUP_SELECT'=>$lang['group_list_title'], - 'L_GROUP_CONFIRM'=>$lang['group_confirm_delete'], - 'L_LOOK_UP'=>$lang['edit'], - 'L_GROUP_DELETE'=>$lang['delete'], + 'L_GROUP_CONFIRM'=>$lang['group_confirm_delete'], + 'L_LOOK_UP'=>$lang['edit'], + 'L_GROUP_DELETE'=>$lang['delete'], 'L_CREATE_NEW_GROUP'=>$lang['group_add'], 'L_GROUP_EDIT'=>$lang['group_edit'], - 'L_USER_NAME'=>$lang['login'], - 'L_USER_EMAIL'=>$lang['mail_address'], - 'L_USER_SELECT'=>$lang['Select'], - 'L_DENY_SELECTED'=>$lang['group_deny_user'], - 'L_ADD_MEMBER'=>$lang['group_add_user'], + 'L_USER_NAME'=>$lang['login'], + 'L_USER_EMAIL'=>$lang['mail_address'], + 'L_USER_SELECT'=>$lang['Select'], + 'L_DENY_SELECTED'=>$lang['group_deny_user'], + 'L_ADD_MEMBER'=>$lang['group_add_user'], 'L_FIND_USERNAME'=>$lang['Find_username'], - 'S_GROUP_ACTION'=>add_session_id($action), - 'U_SEARCH_USER' => add_session_id(PHPWG_ROOT_PATH.'admin/search.php') - )); + 'S_GROUP_ACTION'=>add_session_id($action), + 'U_SEARCH_USER' => add_session_id(PHPWG_ROOT_PATH.'admin/search.php') + )); if ($groups_nb) { @@ -167,32 +164,32 @@ if ($groups_nb) if ( isset( $_POST['edit']) || isset( $_POST['add']) || isset( $_POST['deny_user'] )) { // Retrieving the group name - $query = 'SELECT id, name FROM '.GROUPS_TABLE; + $query = 'SELECT id, name FROM '.GROUPS_TABLE; $query.= " WHERE id = '".$_POST['group_id']."'"; $query.= ';'; $result = mysql_fetch_array(pwg_query( $query )); $template->assign_block_vars('edit_group',array( 'GROUP_NAME'=>$result['name'], - 'GROUP_ID'=>$result['id'] + 'GROUP_ID'=>$result['id'] )); // Retrieving all the users - $query = 'SELECT id, username, mail_address'; - $query.= ' FROM ('.USERS_TABLE.' as u'; - $query.= ' LEFT JOIN '.USER_GROUP_TABLE.' as ug ON ug.user_id=u.id)'; + $query = 'SELECT id, username, mail_address'; + $query.= ' FROM ('.USERS_TABLE.' as u'; + $query.= ' LEFT JOIN '.USER_GROUP_TABLE.' as ug ON ug.user_id=u.id)'; $query.= " WHERE ug.group_id = '".$_POST['group_id']."';"; - $result = pwg_query( $query ); - $i=0; - while ( $row = mysql_fetch_array( $result ) ) - { - $class = ($i % 2)? 'row1':'row2'; $i++; - $template->assign_block_vars('edit_group.user',array( - 'ID'=>$row['id'], - 'NAME'=>$row['username'], - 'EMAIL'=>$row['mail_address'], - 'T_CLASS'=>$class - )); - } + $result = pwg_query( $query ); + $i=0; + while ( $row = mysql_fetch_array( $result ) ) + { + $class = ($i % 2)? 'row1':'row2'; $i++; + $template->assign_block_vars('edit_group.user',array( + 'ID'=>$row['id'], + 'NAME'=>$row['username'], + 'EMAIL'=>$row['mail_address'], + 'T_CLASS'=>$class + )); + } } //----------------------------------------------------------- sending html code diff --git a/admin/group_perm.php b/admin/group_perm.php index c60ed7420..ea81ac818 100644 --- a/admin/group_perm.php +++ b/admin/group_perm.php @@ -24,105 +24,144 @@ // | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | // | USA. | // +-----------------------------------------------------------------------+ -include_once( './admin/include/isadmin.inc.php' ); -//----------------------------------------------------- template initialization -$sub = $vtp->Open( './template/'.$user['template'].'/admin/group_perm.vtp' ); -$error = array(); -$tpl = array( 'permuser_authorized','permuser_forbidden','submit', - 'permuser_parent_forbidden','permuser_info_message', - 'adduser_info_back','permuser_only_private' ); -templatize_array( $tpl, 'lang', $sub ); -$vtp->setGlobalVar( $sub, 'user_template', $user['template'] ); +if( !defined("PHPWG_ROOT_PATH") ) +{ + die ("Hacking attempt!"); +} + +include_once( PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php' ); //--------------------------------------------------------------------- updates -if ( isset( $_POST['submit'] ) ) +if (isset($_POST['falsify']) + and isset($_POST['cat_true']) + and count($_POST['cat_true']) > 0) { - // cleaning the user_access table for this group - $query = 'DELETE FROM '.PREFIX_TABLE.'group_access'; - $query.= ' WHERE group_id = '.$_GET['group_id']; - $query.= ';'; - pwg_query( $query ); - // selecting all private categories - $query = 'SELECT id'; - $query.= ' FROM '.PREFIX_TABLE.'categories'; - $query.= " WHERE status = 'private'"; - $query.= ';'; - $result = pwg_query( $query ); - while ( $row = mysql_fetch_array( $result ) ) - { - $radioname = 'access-'.$row['id']; - if ( $_POST[$radioname] == 0 ) - { - $query = 'INSERT INTO '.PREFIX_TABLE.'group_access'; - $query.= ' (group_id,cat_id) VALUES'; - $query.= ' ('.$_GET['group_id'].','.$row['id'].')'; - $query.= ';'; - pwg_query ( $query ); - } - } - // checking users favorites - $query = 'SELECT id'; - $query.= ' FROM '.USERS_TABLE; - $query.= ';'; - $result = pwg_query( $query ); - while ( $row = mysql_fetch_array( $result ) ) - { - check_favorites( $row['id'] ); - } - // synchronization of calculated data - synchronize_group( $_GET['group_id'] ); - // confirmation display - $vtp->addSession( $sub, 'confirmation' ); - $url = './admin.php?page=group_list'; - $vtp->setVar( $sub, 'confirmation.back_url', add_session_id( $url ) ); - $vtp->closeSession( $sub, 'confirmation' ); + // if you forbid access to a category, all sub-categories become + // automatically forbidden + $subcats = get_subcat_ids($_POST['cat_true']); + $query = 'DELETE FROM '.GROUP_ACCESS_TABLE.' + WHERE group_id = '.$_POST['group_id'].' + AND cat_id IN ('.implode(',', $subcats).');'; + pwg_query($query); } -//---------------------------------------------------------------- form display -$restrictions = get_group_restrictions( $_GET['group_id'] ); -$action = './admin.php?page=group_perm&group_id='.$_GET['group_id']; -$vtp->setVar( $sub, 'action', add_session_id( $action ) ); -// only private categories are listed -$query = 'SELECT id'; -$query.= ' FROM '.PREFIX_TABLE.'categories'; -$query.= " WHERE status = 'private'"; -$query.= ';'; -$result = pwg_query( $query ); -while ( $row = mysql_fetch_array( $result ) ) +else if (isset($_POST['trueify']) + and isset($_POST['cat_false']) + and count($_POST['cat_false']) > 0) { - $vtp->addSession( $sub, 'category' ); - $vtp->setVar( $sub, 'category.id', $row['id'] ); - $url = './admin.php?page=cat_perm&cat_id='.$row['id']; - $vtp->setVar( $sub, 'category.cat_perm_link', add_session_id( $url ) ); - // Is the group allowed to access this category - $is_group_allowed = is_group_allowed( $row['id'], $restrictions ); - if ( $is_group_allowed == 0 ) + $uppercats = get_uppercat_ids($_POST['cat_false']); + $private_uppercats = array(); + + $query = 'SELECT id + FROM '.CATEGORIES_TABLE.' + WHERE id IN ('.implode(',', $uppercats).') + AND status = \'private\';'; + $result = pwg_query($query); + while ($row = mysql_fetch_array($result)) { - $vtp->setVar( $sub, 'category.color', 'green' ); + array_push($private_uppercats, $row['id']); } - else + + // retrying to authorize a category which is already authorized may cause + // an error (in SQL statement), so we need to know which categories are + // accesible + $authorized_ids = array(); + + $query = 'SELECT cat_id + FROM '.GROUP_ACCESS_TABLE.' + WHERE group_id = '.$_POST['group_id'].';'; + $result = pwg_query($query); + + while ($row = mysql_fetch_array($result)) { - $vtp->setVar( $sub, 'category.color', 'red' ); + array_push($authorized_ids, $row['cat_id']); } - // category name - $cat_infos = get_cat_info( $row['id'] ); - $name = get_cat_display_name($cat_infos['name']); - $vtp->setVar( $sub, 'category.name', $name ); - // any subcat forbidden for this group ? - if ( $is_group_allowed == 2 ) + + $inserts = array(); + $to_autorize_ids = array_diff($private_uppercats, $authorized_ids); + foreach ($to_autorize_ids as $to_autorize_id) { - $vtp->addSession( $sub, 'parent_forbidden' ); - $vtp->closeSession( $sub, 'parent_forbidden' ); + array_push($inserts, array('group_id' => $_POST['group_id'], + 'cat_id' => $to_autorize_id)); } - // forbidden or authorized access ? - if ( $is_group_allowed == 0 or $is_group_allowed == 2 ) + + mass_inserts(GROUP_ACCESS_TABLE, array('group_id','cat_id'), $inserts); +} + +//----------------------------------------------------- template initialization +$query = 'SELECT id,name FROM '.GROUPS_TABLE; +$query.= ' ORDER BY id ASC;'; +$result = pwg_query( $query ); +$groups_display = '<select name="group_id">'; +$groups_nb=0; +while ( $row = mysql_fetch_array( $result ) ) +{ + $groups_nb++; + $selected = ''; + if (isset($_POST['group_id']) && $_POST['group_id']==$row['id']) + $selected = 'selected'; + $groups_display .= '<option value="' . $row['id'] . '" '.$selected.'>' . $row['name'] . '</option>'; +} +$groups_display .= '</select>'; + +$action = PHPWG_ROOT_PATH.'admin.php?page=group_perm'; +$template->set_filenames( array('groups'=>'admin/group_perm.tpl') ); +$template->assign_vars(array( + 'S_GROUP_SELECT'=>$groups_display, + 'L_GROUP_SELECT'=>$lang['group_list_title'], + 'L_LOOK_UP'=>$lang['edit'], + 'S_GROUP_ACTION'=>add_session_id($action) + )); + +if ($groups_nb) +{ + $template->assign_block_vars('select_box',array()); +} + +if ( isset( $_POST['edit']) || isset($_POST['falsify']) || isset($_POST['trueify'])) +{ + $template->set_filenames(array('groups_auth'=>'admin/cat_options.tpl')); + $template->assign_vars(array( + 'L_RESET'=>$lang['reset'], + 'L_CAT_OPTIONS_TRUE'=>$lang['authorized'], + 'L_CAT_OPTIONS_FALSE'=>$lang['forbidden'], + 'L_CAT_OPTIONS_INFO'=>$lang['permuser_info'], + + 'HIDDEN_NAME'=> 'group_id', + 'HIDDEN_VALUE'=>$_POST['group_id'], + 'F_ACTION' => add_session_id(PHPWG_ROOT_PATH.'admin.php?page=group_perm'), + )); + + // only private categories are listed + $query_true = ' +SELECT id,name,uppercats,global_rank + FROM '.CATEGORIES_TABLE.' INNER JOIN '.GROUP_ACCESS_TABLE.' ON cat_id = id + WHERE status = \'private\' + AND group_id = '.$_POST['group_id'].' +;'; + display_select_cat_wrapper($query_true,array(),'category_option_true'); + + $result = pwg_query($query_true); + $authorized_ids = array(); + while ($row = mysql_fetch_array($result)) { - $vtp->setVar( $sub, 'category.authorized_checked', ' checked="checked"' ); + array_push($authorized_ids, $row['id']); } - else + + $query_false = ' +SELECT id,name,uppercats,global_rank + FROM '.CATEGORIES_TABLE.' + WHERE status = \'private\''; + if (count($authorized_ids) > 0) { - $vtp->setVar( $sub, 'category.forbidden_checked', ' checked="checked"' ); + $query_false.= ' + AND id NOT IN ('.implode(',', $authorized_ids).')'; } - $vtp->closeSession( $sub, 'category' ); + $query_false.= ' +;'; + display_select_cat_wrapper($query_false,array(),'category_option_false'); + + $template->assign_var_from_handle('ADMIN_CONTENT_2', 'groups_auth'); } //----------------------------------------------------------- sending html code -$vtp->Parse( $handle , 'sub', $sub ); +$template->assign_var_from_handle('ADMIN_CONTENT', 'groups'); + ?> diff --git a/admin/include/isadmin.inc.php b/admin/include/isadmin.inc.php index 9b71cb900..0d05c9853 100644 --- a/admin/include/isadmin.inc.php +++ b/admin/include/isadmin.inc.php @@ -30,7 +30,7 @@ include( PHPWG_ROOT_PATH.'admin/include/functions.php' ); if ($user['status'] != 'admin') { echo '<div style="text-align:center;">'.$lang['access_forbiden'].'<br />'; - echo '<a href="'.PHPWG_ROOT_PATH.'identification.php">'.$lang['ident_title'].'</a></div>'; + echo '<a href="'.PHPWG_ROOT_PATH.'identification.php">'.$lang['identification'].'</a></div>'; exit(); } ?> |