<?php
// +-----------------------------------------------------------------------+
// | Piwigo - a PHP based photo gallery                                    |
// +-----------------------------------------------------------------------+
// | Copyright(C) 2008-2012 Piwigo Team                  http://piwigo.org |
// | Copyright(C) 2003-2008 PhpWebGallery Team    http://phpwebgallery.net |
// | Copyright(C) 2002-2003 Pierrick LE GALL   http://le-gall.net/pierrick |
// +-----------------------------------------------------------------------+
// | This program is free software; you can redistribute it and/or modify  |
// | it under the terms of the GNU General Public License as published by  |
// | the Free Software Foundation                                          |
// |                                                                       |
// | This program is distributed in the hope that it will be useful, but   |
// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
// | General Public License for more details.                              |
// |                                                                       |
// | You should have received a copy of the GNU General Public License     |
// | along with this program; if not, write to the Free Software           |
// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
// | USA.                                                                  |
// +-----------------------------------------------------------------------+

if (!defined('PHPWG_ROOT_PATH'))
{
  die ("Hacking attempt!");
}

include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');

// +-----------------------------------------------------------------------+
// | Check Access and exit when user status is not ok                      |
// +-----------------------------------------------------------------------+
check_status(ACCESS_ADMINISTRATOR);

// +-----------------------------------------------------------------------+
// |                       variable initialization                         |
// +-----------------------------------------------------------------------+

$page['cat'] = $category['id'];

// +-----------------------------------------------------------------------+
// |                           form submission                             |
// +-----------------------------------------------------------------------+

if (!empty($_POST))
{
  check_pwg_token();

  if ($category['status'] != $_POST['status'])
  {
    set_cat_status(array($page['cat']), $_POST['status']);
    $category['status'] = $_POST['status'];
  }

  if ('private' == $_POST['status'])
  {
    //
    // manage groups
    //
    $query = '
SELECT group_id
  FROM '.GROUP_ACCESS_TABLE.'
  WHERE cat_id = '.$page['cat'].'
;';
    $groups_granted = array_from_query($query, 'group_id');

    if (!isset($_POST['groups']))
    {
      $_POST['groups'] = array();
    }
    
    //
    // remove permissions to groups
    //
    $deny_groups = array_diff($groups_granted, $_POST['groups']);
    if (count($deny_groups) > 0)
    {
      // if you forbid access to an album, all sub-albums become
      // automatically forbidden
      $query = '
DELETE
  FROM '.GROUP_ACCESS_TABLE.'
  WHERE group_id IN ('.implode(',', $deny_groups).')
    AND cat_id IN ('.implode(',', get_subcat_ids(array($page['cat']))).')
;';
      pwg_query($query);
    }

    //
    // add permissions to groups
    //
    $grant_groups = array_diff($_POST['groups'], $groups_granted);
    if (count($grant_groups) > 0)
    {
      $cat_ids = get_uppercat_ids(array($page['cat']));
      if (isset($_POST['apply_on_sub']))
      {
        $cat_ids = array_merge($cat_ids, get_subcat_ids(array($page['cat'])));
      }
      
      $query = '
SELECT id
  FROM '.CATEGORIES_TABLE.'
  WHERE id IN ('.implode(',', $cat_ids).')
    AND status = \'private\'
;';
      $private_cats = array_from_query($query, 'id');

      // We must not reinsert already existing lines in group_access table
      $granteds = array();
      foreach ($private_cats as $cat_id)
      {
        $granteds[$cat_id] = array();
      }
  
      $query = '
SELECT
    group_id,
    cat_id
  FROM '.GROUP_ACCESS_TABLE.'
  WHERE cat_id IN ('.implode(',', $private_cats).')
    AND group_id IN ('.implode(',', $grant_groups).')
;';
      $result = pwg_query($query);
      while ($row = pwg_db_fetch_assoc($result))
      {
        array_push($granteds[$row['cat_id']], $row['group_id']);
      }

      $inserts = array();
      
      foreach ($private_cats as $cat_id)
      {
        $group_ids = array_diff($grant_groups, $granteds[$cat_id]);
        foreach ($group_ids as $group_id)
        {
          array_push(
            $inserts,
            array(
              'group_id' => $group_id,
              'cat_id' => $cat_id
              )
            );
        }
      }

      mass_inserts(GROUP_ACCESS_TABLE, array('group_id','cat_id'), $inserts);
    }

    //
    // users
    //
    $query = '
SELECT user_id
  FROM '.USER_ACCESS_TABLE.'
  WHERE cat_id = '.$page['cat'].'
;';
    $users_granted = array_from_query($query, 'user_id');

    if (!isset($_POST['users']))
    {
      $_POST['users'] = array();
    }
    
    //
    // remove permissions to users
    //
    $deny_users = array_diff($users_granted, $_POST['users']);
    if (count($deny_users) > 0)
    {
      // if you forbid access to an album, all sub-album become automatically
      // forbidden
      $query = '
DELETE
  FROM '.USER_ACCESS_TABLE.'
  WHERE user_id IN ('.implode(',', $deny_users).')
    AND cat_id IN ('.implode(',', get_subcat_ids(array($page['cat']))).')
;';
      pwg_query($query);
    }

    //
    // add permissions to users
    //
    $grant_users = array_diff($_POST['users'], $users_granted);
    if (count($grant_users) > 0)
    {
      add_permission_on_category($page['cat'], $grant_users);
    }
  }

  array_push($page['infos'], l10n('Album updated successfully'));
}

// +-----------------------------------------------------------------------+
// |                       template initialization                         |
// +-----------------------------------------------------------------------+

$template->set_filename('cat_perm', 'cat_perm.tpl');

$template->assign(
  array(
    'CATEGORIES_NAV' =>
      get_cat_display_name_from_id(
        $page['cat'],
        'admin.php?page=album-'
        ),
    'U_HELP' => get_root_url().'admin/popuphelp.php?page=cat_perm',
    'F_ACTION' => $admin_album_base_url.'-permissions',
    'private' => ('private' == $category['status']),
    )
  );

// +-----------------------------------------------------------------------+
// |                          form construction                            |
// +-----------------------------------------------------------------------+

// groups denied are the groups not granted. So we need to find all groups
// minus groups granted to find groups denied.

$groups = array();

$query = '
SELECT id, name
  FROM '.GROUPS_TABLE.'
  ORDER BY name ASC
;';
$groups = simple_hash_from_query($query, 'id', 'name');
$template->assign('groups', $groups);

// groups granted to access the category
$query = '
SELECT group_id
  FROM '.GROUP_ACCESS_TABLE.'
  WHERE cat_id = '.$page['cat'].'
;';
$group_granted_ids = array_from_query($query, 'group_id');
$template->assign('groups_selected', $group_granted_ids);

// users...
$users = array();

$query = '
SELECT '.$conf['user_fields']['id'].' AS id,
       '.$conf['user_fields']['username'].' AS username
  FROM '.USERS_TABLE.'
;';
$users = simple_hash_from_query($query, 'id', 'username');
$template->assign('users', $users);


$query = '
SELECT user_id
  FROM '.USER_ACCESS_TABLE.'
  WHERE cat_id = '.$page['cat'].'
;';
$user_granted_direct_ids = array_from_query($query, 'user_id');
$template->assign('users_selected', $user_granted_direct_ids);


$user_granted_indirect_ids = array();
if (count($group_granted_ids) > 0)
{
  $granted_groups = array();

  $query = '
SELECT user_id, group_id
  FROM '.USER_GROUP_TABLE.'
  WHERE group_id IN ('.implode(',', $group_granted_ids).') 
';
  $result = pwg_query($query);
  while ($row = pwg_db_fetch_assoc($result))
  {
    if (!isset($granted_groups[$row['group_id']]))
    {
      $granted_groups[$row['group_id']] = array();
    }
    array_push($granted_groups[$row['group_id']], $row['user_id']);
  }

  $user_granted_by_group_ids = array();
  
  foreach ($granted_groups as $group_users)
  {
    $user_granted_by_group_ids = array_merge($user_granted_by_group_ids, $group_users);
  }
  
  $user_granted_by_group_ids = array_unique($user_granted_by_group_ids);
  
  $user_granted_indirect_ids = array_diff(
    $user_granted_by_group_ids,
    $user_granted_direct_ids
    );

  $template->assign('nb_users_granted_indirect', count($user_granted_indirect_ids));

  foreach ($granted_groups as $group_id => $group_users)
  {
    $group_usernames = array();
    foreach ($group_users as $user_id)
    {
      if (in_array($user_id, $user_granted_indirect_ids))
      {
        array_push($group_usernames, $users[$user_id]);
      }
    }

    $template->append(
      'user_granted_indirect_groups',
      array(
        'group_name' => $groups[$group_id],
        'group_users' => implode(', ', $group_usernames),
        )
      );
  }
}

// +-----------------------------------------------------------------------+
// |                           sending html code                           |
// +-----------------------------------------------------------------------+
$template->assign(array('PWG_TOKEN' => get_pwg_token()));

$template->assign_var_from_handle('ADMIN_CONTENT', 'cat_perm');
?>