From 492a65418a68023314ff036668e3aedc8f0bef02 Mon Sep 17 00:00:00 2001
From: mistic100 <mistic@piwigo.org>
Date: Mon, 28 Oct 2013 17:20:34 +0000
Subject: feature 2976: new options for pwg.users.setInfo + user_id can be an
 array

git-svn-id: http://piwigo.org/svn/trunk@25195 68402e56-0260-453c-a942-63ccdbb3a9ee
---
 include/ws_functions.inc.php | 190 +++++++++++++++++++++++++++++++++----------
 1 file changed, 145 insertions(+), 45 deletions(-)

(limited to 'include/ws_functions.inc.php')

diff --git a/include/ws_functions.inc.php b/include/ws_functions.inc.php
index 4954ec726..eb162ec3a 100644
--- a/include/ws_functions.inc.php
+++ b/include/ws_functions.inc.php
@@ -3310,7 +3310,7 @@ SELECT COUNT(*)
     $updates['name'] = $params['name'];
   }
   
-  if ($params['is_default'] !== null)
+  if (!empty($params['is_default']) or @$params['is_default']===false)
   {
     $updates['is_default'] = boolean_to_string($params['is_default']);
   }
@@ -3528,10 +3528,15 @@ function ws_users_delete($params, &$service)
   include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
   
   // protect some users
-  $params['user_id'] = array_diff($params['user_id'], array($user['id'],
-                                                        $conf['guest_id'],
-                                                        $conf['default_user_id'],
-                                                        $conf['webmaster_id']));
+  $params['user_id'] = array_diff(
+    $params['user_id'],
+    array(
+      $user['id'],
+      $conf['guest_id'],
+      $conf['default_user_id'],
+      $conf['webmaster_id'],
+      )
+    );
   
   foreach ($params['user_id'] as $user_id)
   {
@@ -3547,10 +3552,20 @@ function ws_users_delete($params, &$service)
 /**
  * API method
  * @param mixed[] $params
- *    @option int user_id
+ *    @option int[] user_id
  *    @option string username (optional)
  *    @option string password (optional)
  *    @option string email (optional)
+ *    @option string status (optional)
+ *    @option int level (optional)
+ *    @option string language (optional)
+ *    @option string theme (optional)
+ *    @option int nb_image_page (optional)
+ *    @option int recent_period (optional)
+ *    @option bool expand (optional)
+ *    @option bool show_nb_comments (optional)
+ *    @option bool show_nb_hits (optional)
+ *    @option bool enabled_high (optional)
  */
 function ws_users_setInfo($params, &$service)
 {
@@ -3558,40 +3573,43 @@ function ws_users_setInfo($params, &$service)
   
   include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
   
-  if (get_username($params['user_id']) === false)
-  {
-    return new PwgError(WS_ERR_INVALID_PARAM, 'This user does not exist.');
-  }
-  
   $updates = $updates_infos = array();
-  $params = array_map('trim', $params);
+  $update_status = null;
   
-  if (!empty($params['username']))
+  if (count($params['user_id']) == 1)
   {
-    $user_id = get_userid($params['username']);
-    if ($user_id and $user_id != $params['user_id'])
+    if (get_username($params['user_id'][0]) === false)
     {
-      return new PwgError(WS_ERR_INVALID_PARAM, l10n('this login is already used'));
+      return new PwgError(WS_ERR_INVALID_PARAM, 'This user does not exist.');
     }
-    if ($params['username'] != strip_tags($params['username']))
+    
+    if (!empty($params['username']))
     {
-      return new PwgError(WS_ERR_INVALID_PARAM, l10n('html tags are not allowed in login'));
+      $user_id = get_userid($params['username']);
+      if ($user_id and $user_id != $params['user_id'][0])
+      {
+        return new PwgError(WS_ERR_INVALID_PARAM, l10n('this login is already used'));
+      }
+      if ($params['username'] != strip_tags($params['username']))
+      {
+        return new PwgError(WS_ERR_INVALID_PARAM, l10n('html tags are not allowed in login'));
+      }
+      $updates[ $conf['user_fields']['username'] ] = $params['username'];
     }
-    $updates[ $conf['user_fields']['username'] ] = $params['username'];
-  }
-  
-  if (!empty($params['email']))
-  {
-    if ( ($error = validate_mail_address($params['user_id'], $params['email'])) != '')
+    
+    if (!empty($params['email']))
+    {
+      if ( ($error = validate_mail_address($params['user_id'][0], $params['email'])) != '')
+      {
+        return new PwgError(WS_ERR_INVALID_PARAM, $error);
+      }
+      $updates[ $conf['user_fields']['email'] ] = $params['email'];
+    }
+    
+    if (!empty($params['password']))
     {
-      return new PwgError(WS_ERR_INVALID_PARAM, $error);
+      $updates[ $conf['user_fields']['password'] ] = $conf['password_hash']($params['password']);
     }
-    $updates[ $conf['user_fields']['email'] ] = $params['email'];
-  }
-  
-  if (!empty($params['password']))
-  {
-    $updates[ $conf['user_fields']['password'] ] = $conf['password_hash']($params['password']);
   }
   
   if (!empty($params['status']))
@@ -3600,18 +3618,28 @@ function ws_users_setInfo($params, &$service)
     {
       return new PwgError(403, 'Only webmasters can grant "webmaster" status');
     }
-    if ( $user['id'] == $params['user_id'] )
-    {
-      $params['status'] = $user['status'];
-    }
-    if ( $conf['guest_id'] == $params['user_id'] )
+    if ( !in_array($params['status'], array('generic','normal','admin','webmaster')) )
     {
-      $params['status'] = 'guest';
+      return new PwgError(WS_ERR_INVALID_PARAM, 'Invalid status');
     }
-    $updates_infos['status'] = $params['status'];
+    
+    /*
+     * status update query is separated from the rest as not applying to the same
+     * set of users (current, guest and webmaster can't be changed)
+     */
+    $params['user_id_for_status'] = array_diff(
+      $params['user_id'],
+      array(
+        $user['id'],
+        $conf['guest_id'],
+        $conf['webmaster_id'],
+        )
+      );
+    
+    $update_status = $params['status'];
   }
   
-  if ($params['level'] !== null)
+  if (!empty($params['level']) or @$params['level']===0)
   {
     if ( !in_array($params['level'], $conf['available_permission_levels']) )
     {
@@ -3620,17 +3648,89 @@ function ws_users_setInfo($params, &$service)
     $updates_infos['level'] = $params['level'];
   }
   
+  if (!empty($params['language']))
+  {
+    if ( !in_array($params['language'], array_keys(get_languages())) )
+    {
+      return new PwgError(WS_ERR_INVALID_PARAM, 'Invalid language');
+    }
+    $updates_infos['language'] = $params['language'];
+  }
+  
+  if (!empty($params['theme']))
+  {
+    if ( !in_array($params['theme'], array_keys(get_pwg_themes())) )
+    {
+      return new PwgError(WS_ERR_INVALID_PARAM, 'Invalid theme');
+    }
+    $updates_infos['theme'] = $params['theme'];
+  }
+  
+  if (!empty($params['nb_image_page']))
+  {
+    $updates_infos['nb_image_page'] = $params['nb_image_page'];
+  }
+  
+  if (!empty($params['recent_period']) or @$params['recent_period']===0)
+  {
+    $updates_infos['recent_period'] = $params['recent_period'];
+  }
+  
+  if (!empty($params['expand']) or @$params['expand']===false)
+  {
+    $updates_infos['expand'] = boolean_to_string($params['expand']);
+  }
+  
+  if (!empty($params['show_nb_comments']) or @$params['show_nb_comments']===false)
+  {
+    $updates_infos['show_nb_comments'] = boolean_to_string($params['show_nb_comments']);
+  }
+  
+  if (!empty($params['show_nb_hits']) or @$params['show_nb_hits']===false)
+  {
+    $updates_infos['show_nb_hits'] = boolean_to_string($params['show_nb_hits']);
+  }
+  
+  if (!empty($params['enabled_high']) or @$params['enabled_high']===false)
+  {
+    $updates_infos['enabled_high'] = boolean_to_string($params['enabled_high']);
+  }
+  
+  // perform updates
   single_update(
     USERS_TABLE,
     $updates,
-    array($conf['user_fields']['id'] => $params['user_id'])
+    array($conf['user_fields']['id'] => $params['user_id'][0])
     );
     
-  single_update(
-    USER_INFOS_TABLE,
-    $updates_infos,
-    array('user_id' => $params['user_id'])
-    );
+  if (isset($update_status) and count($params['user_id_for_status']) > 0)
+  {
+    $query = '
+UPDATE '. USER_INFOS_TABLE .' SET
+    status = "'. $update_status .'"
+  WHERE user_id IN('. implode(',', $params['user_id_for_status']) .')
+;';
+    pwg_query($query);
+  }
+  
+  if (count($updates_infos) > 0)
+  {
+    $query = '
+UPDATE '. USER_INFOS_TABLE .' SET ';
+
+    $first = true;
+    foreach ($updates_infos as $field => $value)
+    {
+      if (!$first) $query.= ', ';
+      else $first = false;
+      $query.= $field .' = "'. $value .'"';
+    }
+    
+    $query.= '
+  WHERE user_id IN('. implode(',', $params['user_id']) .')
+;';
+    pwg_query($query);
+  }
 
   return $service->invoke('pwg.users.getList', array('user_id' => $params['user_id']));
 }
-- 
cgit v1.2.3