From 867c2379ff66ce0f2c4f872a13027fd649aa076d Mon Sep 17 00:00:00 2001
From: z0rglub <z0rglub@piwigo.org>
Date: Fri, 9 May 2003 12:42:42 +0000
Subject: Initial revision

git-svn-id: http://piwigo.org/svn/trunk@2 68402e56-0260-453c-a942-63ccdbb3a9ee
---
 admin/perm.php | 270 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 270 insertions(+)
 create mode 100644 admin/perm.php

(limited to 'admin/perm.php')

diff --git a/admin/perm.php b/admin/perm.php
new file mode 100644
index 000000000..2407d9f6f
--- /dev/null
+++ b/admin/perm.php
@@ -0,0 +1,270 @@
+<?php
+/***************************************************************************
+ *                     perm.php is a part of PhpWebGallery                 *
+ *                            -------------------                          *
+ *   last update          : Tuesday, July 16, 2002                         *
+ *   email                : pierrick@z0rglub.com                           *
+ *                                                                         *
+ ***************************************************************************/
+
+/***************************************************************************
+ *                                                                         *
+ *   This program is free software; you can redistribute it and/or modify  *
+ *   it under the terms of the GNU General Public License as published by  *
+ *   the Free Software Foundation;                                         *
+ *                                                                         *
+ ***************************************************************************/
+	include_once( "./include/isadmin.inc.php" );
+	//---------------------------------------------------données de l'utilisateur
+	if ( isset( $HTTP_GET_VARS['user_id'] ) )
+	{
+		$query = "select id,pseudo,status from $prefixeTable"."users where id = '".$HTTP_GET_VARS['user_id']."';";
+		$result = mysql_query( $query );
+		$row = mysql_fetch_array( $result );
+		$page['pseudo'] = $row['pseudo'];
+		$page['status'] = $row['status'];
+		if ( mysql_num_rows( $result ) == 0 )
+		{
+			echo"<div class=\"erreur\">".$lang['user_err_unknown']."</div>";
+			$erreur = true;
+		}
+		if ( $row['pseudo'] == $conf['webmaster'] )
+		{
+			echo"<div class=\"erreur\">".$lang['user_err_modify']."</div>";
+			$erreur = true;
+		}
+	}
+	//---------------------------------------------------données de la catégorie
+	if ( isset( $HTTP_GET_VARS['cat_id'] ) )
+	{
+		$HTTP_GET_VARS['cat'] = $HTTP_GET_VARS['cat_id'];
+		check_cat_id( $HTTP_GET_VARS['cat_id'] );
+		if ( isset( $page['cat'] ) )
+		{
+			$result = get_cat_info( $page['cat'] );
+			$page['cat_name'] = $result['name'];
+			$page['id_uppercat'] = $result['id_uppercat'];
+		}
+	}
+	//--------------------------------------------------------------- mise à jour
+	if ( isset( $HTTP_POST_VARS['submit'] ) )
+	{
+		if ( isset( $HTTP_GET_VARS['user_id'] ) )
+		{
+			mysql_query ( "delete from $prefixeTable"."restrictions where user_id = ".$HTTP_GET_VARS['user_id'].";" );
+			$result = mysql_query ( "select id from $prefixeTable"."categories;" );
+			while ( $row = mysql_fetch_array ( $result ) )
+			{
+				$nom_select = "acces-".$row['id'];
+				if ( $HTTP_POST_VARS[$nom_select] == 1 )
+				{
+					mysql_query ( "insert into $prefixeTable"."restrictions (user_id,cat_id) values ('".$HTTP_GET_VARS['user_id']."','".$row['id']."');" );
+				}
+			}
+			check_favorites( $HTTP_GET_VARS['user_id'] );
+			echo "<div class=\"info\">".$lang['permuser_info_message']." [ <a href=\"".add_session_id_to_url( "./admin.php?page=liste_users" )."\">".$lang['adduser_info_back']."</a> ]</div>";
+		}
+		else if ( isset( $HTTP_GET_VARS['cat_id'] ) )
+		{
+			mysql_query ( "delete from $prefixeTable"."restrictions where cat_id = '".$page['cat']."';" );
+			$result = mysql_query( "select id from $prefixeTable"."users where pseudo != '".$conf['webmaster']."';" );
+			while ( $row = mysql_fetch_array ( $result ) )
+			{
+				$nom_select = "acces-".$row['id'];
+				if ( $HTTP_POST_VARS[$nom_select] == 1 )
+				{
+					mysql_query ( "insert into $prefixeTable"."restrictions (user_id,cat_id) values ('".$row['id']."','".$page['cat']."');" );
+				}
+				check_favorites( $row['id'] );
+			}
+			echo "<div class=\"info\">".$lang['permuser_info_message']." [ <a href=\"".add_session_id_to_url( "./admin.php?page=cat" )."\">".$lang['editcat_back']."</a> ]</div>";
+		}
+	}
+	//--------------------------------------------------------------- formulaire
+	function display_cat_manager( $id_uppercat, $indent, $uppercat_authorized, $level, $restriction )
+	{
+		global $prefixeTable,$lang,$conf;
+		
+		$output = "";
+		
+		// will we use <th> or <td> lines ?
+		if ( $level == 0 )
+		{
+			$start_line = "<th ";
+			$start_line2 = "<th ";
+			$end_line = "</th>";
+		}
+		else
+		{
+			$start_line = "<td ";
+			$end_line = "</td>";
+			if ( $level == 1 )
+			{
+				$start_line2 = "<td class=\"row1\" ";
+			}
+			else if ( $level == 2 )
+			{
+				$start_line2 = "<td class=\"row2\" ";
+			}
+			else if ( $level == 3 )
+			{
+				$start_line2 = "<td class=\"row3\" ";
+			}
+			else if ( $level == 4 )
+			{
+				$start_line2 = "<td class=\"row4\" ";
+			}
+			else
+			{
+				$start_line2 = "<td ";
+			}
+		}
+		
+		$query = "select id,name,dir,rank";
+		$query.= " from $prefixeTable"."categories";
+		if ( !is_numeric( $id_uppercat ) )
+		{
+			$query.= " where id_uppercat is NULL";
+		}
+		else
+		{
+			$query.= " where id_uppercat = $id_uppercat";
+		}
+		$query.= " order by rank asc;";
+		$result = mysql_query( $query );
+		while ( $row = mysql_fetch_array( $result ) )
+		{
+			$subcat_authorized = true;
+			
+			$output.= "\n<tr>";
+			$output.= "\n\t".$start_line."style=\"width:85%;text-align:left;\">$indent<img src=\"".$conf['lien_puce']."\" alt=\"&gt;\" />&nbsp;";
+			if ( in_array( $row['id'], $restriction ) || !$uppercat_authorized )
+			{
+				$subcat_authorized = false;
+				$color = "red";
+			}
+			else
+			{
+				$color = "green";
+			}
+			$output.= "<span style=\"color:$color;\">";
+			if ( $row['name'] == "" )
+			{
+				$output.= str_replace( "_", " ", $row['dir'] );
+			}
+			else
+			{
+				$output.= $row['name'];
+			}
+			$output.= " [ dir : ".$row['dir']." ]";
+			$output.= "</span>".$end_line;
+			$output.= "\n\t".$start_line2." style=\"width:15%;white-space:nowrap;text-align:right;font-weight:normal;\">";
+			$output.= "\n\t\t<input type=\"radio\" name=\"acces-".$row['id']."\" value=\"0\" checked=\"checked\"/>".$lang['permuser_authorized'];
+			$output.= "\n\t\t<input type=\"radio\" name=\"acces-".$row['id']."\" value=\"1\"";
+			if ( in_array( $row['id'], $restriction ) )
+			{
+				$output.= " checked=\"checked\"";
+			}
+			$output.= "/>".$lang['permuser_forbidden'];
+			$output.= $end_line;
+			$output.= "\n<tr>";
+			$output.= display_cat_manager( $row['id'], $indent."&nbsp;&nbsp;&nbsp;&nbsp;", $subcat_authorized, $level + 1, $restriction );
+		}
+		return $output;
+	}
+	
+	if ( !$erreur )
+	{
+		//----------------------------------------------
+		// cas 1 : permissions pour un utilisateur donné
+		if ( isset( $HTTP_GET_VARS['user_id'] ) )
+		{
+			echo"
+			<table style=\"width:100%;\">
+				<tr>
+					<th>".$lang['permuser_title']." \"".$page['pseudo']."\"</th>
+				</tr>
+			</table>";
+			$restriction = get_restrictions( $HTTP_GET_VARS['user_id'], $page['status'], false );
+			echo"
+			<form action=\"".add_session_id_to_url( "./admin.php?page=perm&amp;user_id=".$HTTP_GET_VARS['user_id'] )."\" method=\"post\">
+				<div style=\"color:darkblue;margin:10px;text-align:center;\">".$lang['permuser_warning']."</div>
+				<table style=\"width:100%;\">";
+
+			echo display_cat_manager( "NULL", "&nbsp;&nbsp;&nbsp;&nbsp;", true, 0, $restriction );
+
+			echo"
+					<tr>
+						<td colspan=\"2\" align=\"center\"><input type=\"submit\" name=\"submit\" value=\"".$lang['submit']."\"/></td>
+					</tr>
+				<table>
+			</form>";
+		}
+		//----------------------------------------------
+		// cas 2 : permissions pour une catégorie donnée
+		else if ( isset( $HTTP_GET_VARS['cat_id'] ) )
+		{
+			echo"
+			<table style=\"width:100%;\">
+				<tr>
+					<th>".$lang['permuser_cat_title']."\"".get_cat_display_name( $page['cat_name'], " - ", "font-style:italic;" )."\"</th>
+				</tr>
+			</table>";
+			echo"
+			<form action=\"".add_session_id_to_url( "./admin.php?page=perm&amp;cat_id=".$page['cat'] )."\" method=\"post\">
+				<table style=\"width:100%;\">";
+			
+			$result = mysql_query( "select id,pseudo,status from $prefixeTable"."users where pseudo != '".$conf['webmaster']."';" );
+			$i = 0;
+			while ( $row = mysql_fetch_array( $result ) )
+			{
+				$restrictions = get_restrictions( $row['id'], $row['status'], false );
+				$is_user_allowed = is_user_allowed( $page['cat'], $restrictions );
+				$class = "";
+				if ( $i%2 == 1 )
+				{
+					$class = "class=\"row2\"";
+				}
+				echo"
+					<tr>
+						<td $class><a href=\"".add_session_id_to_url( "./admin.php?page=perm&amp;user_id=".$row['id'] )."\">";
+				echo "<span style=\"color:";
+				if ( $is_user_allowed > 0 )
+				{
+					echo "red";
+				}
+				else
+				{
+					echo "green";
+				}
+				echo "\">".$row['pseudo']."</span></a></td>
+						<td $class style=\"text-align:right;\">";
+				if ( $is_user_allowed == 2 )
+				{
+					echo "<a href=\"".add_session_id_to_url( "./admin.php?page=perm&amp;cat_id=".$page['id_uppercat'] )."\"><span style=\"color:red;\">".$lang['permuser_parent_forbidden']."</span></a>";
+				}
+				else
+				{
+					echo"
+							<input type=\"radio\" name=\"acces-".$row['id']."\" value=\"0\" checked=\"checked\"/>".$lang['permuser_authorized']."
+							<input type=\"radio\" name=\"acces-".$row['id']."\" value=\"1\"";
+					if ( $is_user_allowed == 1 )
+					{
+						echo" checked=\"checked\"";
+					}
+					echo"/>".$lang['permuser_forbidden'];
+				}
+				echo"
+						</td>
+					</tr>";
+				$i++;
+			}
+			echo"
+					<tr>
+						<td colspan=\"2\" align=\"center\"><input type=\"submit\" name=\"submit\" value=\"".$lang['submit']."\"/></td>
+					</tr>
+				</table>
+			</form>";
+		}
+	}
+?>
\ No newline at end of file
-- 
cgit v1.2.3