aboutsummaryrefslogtreecommitdiffstats
path: root/admin
diff options
context:
space:
mode:
Diffstat (limited to 'admin')
-rw-r--r--admin/group_list.php59
-rw-r--r--admin/group_perm.php209
-rw-r--r--admin/include/isadmin.inc.php2
3 files changed, 153 insertions, 117 deletions
diff --git a/admin/group_list.php b/admin/group_list.php
index d399a6d69..2d9ff7e26 100644
--- a/admin/group_list.php
+++ b/admin/group_list.php
@@ -135,28 +135,25 @@ $groups_display .= '</select>';
$action = PHPWG_ROOT_PATH.'admin.php?page=group_list';
//----------------------------------------------------- template initialization
$template->set_filenames( array('groups'=>'admin/group_list.tpl') );
-$tpl = array( 'group_add','add','listuser_permission','delete',
- 'group_confirm','yes','no','group_list_title' );
-
$template->assign_vars(array(
'S_GROUP_SELECT'=>$groups_display,
'L_GROUP_SELECT'=>$lang['group_list_title'],
- 'L_GROUP_CONFIRM'=>$lang['group_confirm_delete'],
- 'L_LOOK_UP'=>$lang['edit'],
- 'L_GROUP_DELETE'=>$lang['delete'],
+ 'L_GROUP_CONFIRM'=>$lang['group_confirm_delete'],
+ 'L_LOOK_UP'=>$lang['edit'],
+ 'L_GROUP_DELETE'=>$lang['delete'],
'L_CREATE_NEW_GROUP'=>$lang['group_add'],
'L_GROUP_EDIT'=>$lang['group_edit'],
- 'L_USER_NAME'=>$lang['login'],
- 'L_USER_EMAIL'=>$lang['mail_address'],
- 'L_USER_SELECT'=>$lang['Select'],
- 'L_DENY_SELECTED'=>$lang['group_deny_user'],
- 'L_ADD_MEMBER'=>$lang['group_add_user'],
+ 'L_USER_NAME'=>$lang['login'],
+ 'L_USER_EMAIL'=>$lang['mail_address'],
+ 'L_USER_SELECT'=>$lang['Select'],
+ 'L_DENY_SELECTED'=>$lang['group_deny_user'],
+ 'L_ADD_MEMBER'=>$lang['group_add_user'],
'L_FIND_USERNAME'=>$lang['Find_username'],
- 'S_GROUP_ACTION'=>add_session_id($action),
- 'U_SEARCH_USER' => add_session_id(PHPWG_ROOT_PATH.'admin/search.php')
- ));
+ 'S_GROUP_ACTION'=>add_session_id($action),
+ 'U_SEARCH_USER' => add_session_id(PHPWG_ROOT_PATH.'admin/search.php')
+ ));
if ($groups_nb)
{
@@ -167,32 +164,32 @@ if ($groups_nb)
if ( isset( $_POST['edit']) || isset( $_POST['add']) || isset( $_POST['deny_user'] ))
{
// Retrieving the group name
- $query = 'SELECT id, name FROM '.GROUPS_TABLE;
+ $query = 'SELECT id, name FROM '.GROUPS_TABLE;
$query.= " WHERE id = '".$_POST['group_id']."'";
$query.= ';';
$result = mysql_fetch_array(pwg_query( $query ));
$template->assign_block_vars('edit_group',array(
'GROUP_NAME'=>$result['name'],
- 'GROUP_ID'=>$result['id']
+ 'GROUP_ID'=>$result['id']
));
// Retrieving all the users
- $query = 'SELECT id, username, mail_address';
- $query.= ' FROM ('.USERS_TABLE.' as u';
- $query.= ' LEFT JOIN '.USER_GROUP_TABLE.' as ug ON ug.user_id=u.id)';
+ $query = 'SELECT id, username, mail_address';
+ $query.= ' FROM ('.USERS_TABLE.' as u';
+ $query.= ' LEFT JOIN '.USER_GROUP_TABLE.' as ug ON ug.user_id=u.id)';
$query.= " WHERE ug.group_id = '".$_POST['group_id']."';";
- $result = pwg_query( $query );
- $i=0;
- while ( $row = mysql_fetch_array( $result ) )
- {
- $class = ($i % 2)? 'row1':'row2'; $i++;
- $template->assign_block_vars('edit_group.user',array(
- 'ID'=>$row['id'],
- 'NAME'=>$row['username'],
- 'EMAIL'=>$row['mail_address'],
- 'T_CLASS'=>$class
- ));
- }
+ $result = pwg_query( $query );
+ $i=0;
+ while ( $row = mysql_fetch_array( $result ) )
+ {
+ $class = ($i % 2)? 'row1':'row2'; $i++;
+ $template->assign_block_vars('edit_group.user',array(
+ 'ID'=>$row['id'],
+ 'NAME'=>$row['username'],
+ 'EMAIL'=>$row['mail_address'],
+ 'T_CLASS'=>$class
+ ));
+ }
}
//----------------------------------------------------------- sending html code
diff --git a/admin/group_perm.php b/admin/group_perm.php
index c60ed7420..ea81ac818 100644
--- a/admin/group_perm.php
+++ b/admin/group_perm.php
@@ -24,105 +24,144 @@
// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
// | USA. |
// +-----------------------------------------------------------------------+
-include_once( './admin/include/isadmin.inc.php' );
-//----------------------------------------------------- template initialization
-$sub = $vtp->Open( './template/'.$user['template'].'/admin/group_perm.vtp' );
-$error = array();
-$tpl = array( 'permuser_authorized','permuser_forbidden','submit',
- 'permuser_parent_forbidden','permuser_info_message',
- 'adduser_info_back','permuser_only_private' );
-templatize_array( $tpl, 'lang', $sub );
-$vtp->setGlobalVar( $sub, 'user_template', $user['template'] );
+if( !defined("PHPWG_ROOT_PATH") )
+{
+ die ("Hacking attempt!");
+}
+
+include_once( PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php' );
//--------------------------------------------------------------------- updates
-if ( isset( $_POST['submit'] ) )
+if (isset($_POST['falsify'])
+ and isset($_POST['cat_true'])
+ and count($_POST['cat_true']) > 0)
{
- // cleaning the user_access table for this group
- $query = 'DELETE FROM '.PREFIX_TABLE.'group_access';
- $query.= ' WHERE group_id = '.$_GET['group_id'];
- $query.= ';';
- pwg_query( $query );
- // selecting all private categories
- $query = 'SELECT id';
- $query.= ' FROM '.PREFIX_TABLE.'categories';
- $query.= " WHERE status = 'private'";
- $query.= ';';
- $result = pwg_query( $query );
- while ( $row = mysql_fetch_array( $result ) )
- {
- $radioname = 'access-'.$row['id'];
- if ( $_POST[$radioname] == 0 )
- {
- $query = 'INSERT INTO '.PREFIX_TABLE.'group_access';
- $query.= ' (group_id,cat_id) VALUES';
- $query.= ' ('.$_GET['group_id'].','.$row['id'].')';
- $query.= ';';
- pwg_query ( $query );
- }
- }
- // checking users favorites
- $query = 'SELECT id';
- $query.= ' FROM '.USERS_TABLE;
- $query.= ';';
- $result = pwg_query( $query );
- while ( $row = mysql_fetch_array( $result ) )
- {
- check_favorites( $row['id'] );
- }
- // synchronization of calculated data
- synchronize_group( $_GET['group_id'] );
- // confirmation display
- $vtp->addSession( $sub, 'confirmation' );
- $url = './admin.php?page=group_list';
- $vtp->setVar( $sub, 'confirmation.back_url', add_session_id( $url ) );
- $vtp->closeSession( $sub, 'confirmation' );
+ // if you forbid access to a category, all sub-categories become
+ // automatically forbidden
+ $subcats = get_subcat_ids($_POST['cat_true']);
+ $query = 'DELETE FROM '.GROUP_ACCESS_TABLE.'
+ WHERE group_id = '.$_POST['group_id'].'
+ AND cat_id IN ('.implode(',', $subcats).');';
+ pwg_query($query);
}
-//---------------------------------------------------------------- form display
-$restrictions = get_group_restrictions( $_GET['group_id'] );
-$action = './admin.php?page=group_perm&amp;group_id='.$_GET['group_id'];
-$vtp->setVar( $sub, 'action', add_session_id( $action ) );
-// only private categories are listed
-$query = 'SELECT id';
-$query.= ' FROM '.PREFIX_TABLE.'categories';
-$query.= " WHERE status = 'private'";
-$query.= ';';
-$result = pwg_query( $query );
-while ( $row = mysql_fetch_array( $result ) )
+else if (isset($_POST['trueify'])
+ and isset($_POST['cat_false'])
+ and count($_POST['cat_false']) > 0)
{
- $vtp->addSession( $sub, 'category' );
- $vtp->setVar( $sub, 'category.id', $row['id'] );
- $url = './admin.php?page=cat_perm&amp;cat_id='.$row['id'];
- $vtp->setVar( $sub, 'category.cat_perm_link', add_session_id( $url ) );
- // Is the group allowed to access this category
- $is_group_allowed = is_group_allowed( $row['id'], $restrictions );
- if ( $is_group_allowed == 0 )
+ $uppercats = get_uppercat_ids($_POST['cat_false']);
+ $private_uppercats = array();
+
+ $query = 'SELECT id
+ FROM '.CATEGORIES_TABLE.'
+ WHERE id IN ('.implode(',', $uppercats).')
+ AND status = \'private\';';
+ $result = pwg_query($query);
+ while ($row = mysql_fetch_array($result))
{
- $vtp->setVar( $sub, 'category.color', 'green' );
+ array_push($private_uppercats, $row['id']);
}
- else
+
+ // retrying to authorize a category which is already authorized may cause
+ // an error (in SQL statement), so we need to know which categories are
+ // accesible
+ $authorized_ids = array();
+
+ $query = 'SELECT cat_id
+ FROM '.GROUP_ACCESS_TABLE.'
+ WHERE group_id = '.$_POST['group_id'].';';
+ $result = pwg_query($query);
+
+ while ($row = mysql_fetch_array($result))
{
- $vtp->setVar( $sub, 'category.color', 'red' );
+ array_push($authorized_ids, $row['cat_id']);
}
- // category name
- $cat_infos = get_cat_info( $row['id'] );
- $name = get_cat_display_name($cat_infos['name']);
- $vtp->setVar( $sub, 'category.name', $name );
- // any subcat forbidden for this group ?
- if ( $is_group_allowed == 2 )
+
+ $inserts = array();
+ $to_autorize_ids = array_diff($private_uppercats, $authorized_ids);
+ foreach ($to_autorize_ids as $to_autorize_id)
{
- $vtp->addSession( $sub, 'parent_forbidden' );
- $vtp->closeSession( $sub, 'parent_forbidden' );
+ array_push($inserts, array('group_id' => $_POST['group_id'],
+ 'cat_id' => $to_autorize_id));
}
- // forbidden or authorized access ?
- if ( $is_group_allowed == 0 or $is_group_allowed == 2 )
+
+ mass_inserts(GROUP_ACCESS_TABLE, array('group_id','cat_id'), $inserts);
+}
+
+//----------------------------------------------------- template initialization
+$query = 'SELECT id,name FROM '.GROUPS_TABLE;
+$query.= ' ORDER BY id ASC;';
+$result = pwg_query( $query );
+$groups_display = '<select name="group_id">';
+$groups_nb=0;
+while ( $row = mysql_fetch_array( $result ) )
+{
+ $groups_nb++;
+ $selected = '';
+ if (isset($_POST['group_id']) && $_POST['group_id']==$row['id'])
+ $selected = 'selected';
+ $groups_display .= '<option value="' . $row['id'] . '" '.$selected.'>' . $row['name'] . '</option>';
+}
+$groups_display .= '</select>';
+
+$action = PHPWG_ROOT_PATH.'admin.php?page=group_perm';
+$template->set_filenames( array('groups'=>'admin/group_perm.tpl') );
+$template->assign_vars(array(
+ 'S_GROUP_SELECT'=>$groups_display,
+ 'L_GROUP_SELECT'=>$lang['group_list_title'],
+ 'L_LOOK_UP'=>$lang['edit'],
+ 'S_GROUP_ACTION'=>add_session_id($action)
+ ));
+
+if ($groups_nb)
+{
+ $template->assign_block_vars('select_box',array());
+}
+
+if ( isset( $_POST['edit']) || isset($_POST['falsify']) || isset($_POST['trueify']))
+{
+ $template->set_filenames(array('groups_auth'=>'admin/cat_options.tpl'));
+ $template->assign_vars(array(
+ 'L_RESET'=>$lang['reset'],
+ 'L_CAT_OPTIONS_TRUE'=>$lang['authorized'],
+ 'L_CAT_OPTIONS_FALSE'=>$lang['forbidden'],
+ 'L_CAT_OPTIONS_INFO'=>$lang['permuser_info'],
+
+ 'HIDDEN_NAME'=> 'group_id',
+ 'HIDDEN_VALUE'=>$_POST['group_id'],
+ 'F_ACTION' => add_session_id(PHPWG_ROOT_PATH.'admin.php?page=group_perm'),
+ ));
+
+ // only private categories are listed
+ $query_true = '
+SELECT id,name,uppercats,global_rank
+ FROM '.CATEGORIES_TABLE.' INNER JOIN '.GROUP_ACCESS_TABLE.' ON cat_id = id
+ WHERE status = \'private\'
+ AND group_id = '.$_POST['group_id'].'
+;';
+ display_select_cat_wrapper($query_true,array(),'category_option_true');
+
+ $result = pwg_query($query_true);
+ $authorized_ids = array();
+ while ($row = mysql_fetch_array($result))
{
- $vtp->setVar( $sub, 'category.authorized_checked', ' checked="checked"' );
+ array_push($authorized_ids, $row['id']);
}
- else
+
+ $query_false = '
+SELECT id,name,uppercats,global_rank
+ FROM '.CATEGORIES_TABLE.'
+ WHERE status = \'private\'';
+ if (count($authorized_ids) > 0)
{
- $vtp->setVar( $sub, 'category.forbidden_checked', ' checked="checked"' );
+ $query_false.= '
+ AND id NOT IN ('.implode(',', $authorized_ids).')';
}
- $vtp->closeSession( $sub, 'category' );
+ $query_false.= '
+;';
+ display_select_cat_wrapper($query_false,array(),'category_option_false');
+
+ $template->assign_var_from_handle('ADMIN_CONTENT_2', 'groups_auth');
}
//----------------------------------------------------------- sending html code
-$vtp->Parse( $handle , 'sub', $sub );
+$template->assign_var_from_handle('ADMIN_CONTENT', 'groups');
+
?>
diff --git a/admin/include/isadmin.inc.php b/admin/include/isadmin.inc.php
index 9b71cb900..0d05c9853 100644
--- a/admin/include/isadmin.inc.php
+++ b/admin/include/isadmin.inc.php
@@ -30,7 +30,7 @@ include( PHPWG_ROOT_PATH.'admin/include/functions.php' );
if ($user['status'] != 'admin')
{
echo '<div style="text-align:center;">'.$lang['access_forbiden'].'<br />';
- echo '<a href="'.PHPWG_ROOT_PATH.'identification.php">'.$lang['ident_title'].'</a></div>';
+ echo '<a href="'.PHPWG_ROOT_PATH.'identification.php">'.$lang['identification'].'</a></div>';
exit();
}
?>