mirror of
https://github.com/Piwigo/Piwigo.git
synced 2026-06-02 04:15:05 +02:00
- Group permission delivery
- Reorganisation of common.lang.php git-svn-id: http://piwigo.org/svn/trunk@671 68402e56-0260-453c-a942-63ccdbb3a9ee
This commit is contained in:
gweltas
+129
-90
@@ -24,105 +24,144 @@
|
||||
// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
|
||||
// | USA. |
|
||||
// +-----------------------------------------------------------------------+
|
||||
include_once( './admin/include/isadmin.inc.php' );
|
||||
//----------------------------------------------------- template initialization
|
||||
$sub = $vtp->Open( './template/'.$user['template'].'/admin/group_perm.vtp' );
|
||||
$error = array();
|
||||
$tpl = array( 'permuser_authorized','permuser_forbidden','submit',
|
||||
'permuser_parent_forbidden','permuser_info_message',
|
||||
'adduser_info_back','permuser_only_private' );
|
||||
templatize_array( $tpl, 'lang', $sub );
|
||||
$vtp->setGlobalVar( $sub, 'user_template', $user['template'] );
|
||||
//--------------------------------------------------------------------- updates
|
||||
if ( isset( $_POST['submit'] ) )
|
||||
if( !defined("PHPWG_ROOT_PATH") )
|
||||
{
|
||||
// cleaning the user_access table for this group
|
||||
$query = 'DELETE FROM '.PREFIX_TABLE.'group_access';
|
||||
$query.= ' WHERE group_id = '.$_GET['group_id'];
|
||||
$query.= ';';
|
||||
pwg_query( $query );
|
||||
// selecting all private categories
|
||||
$query = 'SELECT id';
|
||||
$query.= ' FROM '.PREFIX_TABLE.'categories';
|
||||
$query.= " WHERE status = 'private'";
|
||||
$query.= ';';
|
||||
$result = pwg_query( $query );
|
||||
while ( $row = mysql_fetch_array( $result ) )
|
||||
{
|
||||
$radioname = 'access-'.$row['id'];
|
||||
if ( $_POST[$radioname] == 0 )
|
||||
{
|
||||
$query = 'INSERT INTO '.PREFIX_TABLE.'group_access';
|
||||
$query.= ' (group_id,cat_id) VALUES';
|
||||
$query.= ' ('.$_GET['group_id'].','.$row['id'].')';
|
||||
$query.= ';';
|
||||
pwg_query ( $query );
|
||||
}
|
||||
}
|
||||
// checking users favorites
|
||||
$query = 'SELECT id';
|
||||
$query.= ' FROM '.USERS_TABLE;
|
||||
$query.= ';';
|
||||
$result = pwg_query( $query );
|
||||
while ( $row = mysql_fetch_array( $result ) )
|
||||
{
|
||||
check_favorites( $row['id'] );
|
||||
}
|
||||
// synchronization of calculated data
|
||||
synchronize_group( $_GET['group_id'] );
|
||||
// confirmation display
|
||||
$vtp->addSession( $sub, 'confirmation' );
|
||||
$url = './admin.php?page=group_list';
|
||||
$vtp->setVar( $sub, 'confirmation.back_url', add_session_id( $url ) );
|
||||
$vtp->closeSession( $sub, 'confirmation' );
|
||||
die ("Hacking attempt!");
|
||||
}
|
||||
//---------------------------------------------------------------- form display
|
||||
$restrictions = get_group_restrictions( $_GET['group_id'] );
|
||||
$action = './admin.php?page=group_perm&group_id='.$_GET['group_id'];
|
||||
$vtp->setVar( $sub, 'action', add_session_id( $action ) );
|
||||
// only private categories are listed
|
||||
$query = 'SELECT id';
|
||||
$query.= ' FROM '.PREFIX_TABLE.'categories';
|
||||
$query.= " WHERE status = 'private'";
|
||||
$query.= ';';
|
||||
|
||||
include_once( PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php' );
|
||||
//--------------------------------------------------------------------- updates
|
||||
if (isset($_POST['falsify'])
|
||||
and isset($_POST['cat_true'])
|
||||
and count($_POST['cat_true']) > 0)
|
||||
{
|
||||
// if you forbid access to a category, all sub-categories become
|
||||
// automatically forbidden
|
||||
$subcats = get_subcat_ids($_POST['cat_true']);
|
||||
$query = 'DELETE FROM '.GROUP_ACCESS_TABLE.'
|
||||
WHERE group_id = '.$_POST['group_id'].'
|
||||
AND cat_id IN ('.implode(',', $subcats).');';
|
||||
pwg_query($query);
|
||||
}
|
||||
else if (isset($_POST['trueify'])
|
||||
and isset($_POST['cat_false'])
|
||||
and count($_POST['cat_false']) > 0)
|
||||
{
|
||||
$uppercats = get_uppercat_ids($_POST['cat_false']);
|
||||
$private_uppercats = array();
|
||||
|
||||
$query = 'SELECT id
|
||||
FROM '.CATEGORIES_TABLE.'
|
||||
WHERE id IN ('.implode(',', $uppercats).')
|
||||
AND status = \'private\';';
|
||||
$result = pwg_query($query);
|
||||
while ($row = mysql_fetch_array($result))
|
||||
{
|
||||
array_push($private_uppercats, $row['id']);
|
||||
}
|
||||
|
||||
// retrying to authorize a category which is already authorized may cause
|
||||
// an error (in SQL statement), so we need to know which categories are
|
||||
// accesible
|
||||
$authorized_ids = array();
|
||||
|
||||
$query = 'SELECT cat_id
|
||||
FROM '.GROUP_ACCESS_TABLE.'
|
||||
WHERE group_id = '.$_POST['group_id'].';';
|
||||
$result = pwg_query($query);
|
||||
|
||||
while ($row = mysql_fetch_array($result))
|
||||
{
|
||||
array_push($authorized_ids, $row['cat_id']);
|
||||
}
|
||||
|
||||
$inserts = array();
|
||||
$to_autorize_ids = array_diff($private_uppercats, $authorized_ids);
|
||||
foreach ($to_autorize_ids as $to_autorize_id)
|
||||
{
|
||||
array_push($inserts, array('group_id' => $_POST['group_id'],
|
||||
'cat_id' => $to_autorize_id));
|
||||
}
|
||||
|
||||
mass_inserts(GROUP_ACCESS_TABLE, array('group_id','cat_id'), $inserts);
|
||||
}
|
||||
|
||||
//----------------------------------------------------- template initialization
|
||||
$query = 'SELECT id,name FROM '.GROUPS_TABLE;
|
||||
$query.= ' ORDER BY id ASC;';
|
||||
$result = pwg_query( $query );
|
||||
$groups_display = '<select name="group_id">';
|
||||
$groups_nb=0;
|
||||
while ( $row = mysql_fetch_array( $result ) )
|
||||
{
|
||||
$vtp->addSession( $sub, 'category' );
|
||||
$vtp->setVar( $sub, 'category.id', $row['id'] );
|
||||
$url = './admin.php?page=cat_perm&cat_id='.$row['id'];
|
||||
$vtp->setVar( $sub, 'category.cat_perm_link', add_session_id( $url ) );
|
||||
// Is the group allowed to access this category
|
||||
$is_group_allowed = is_group_allowed( $row['id'], $restrictions );
|
||||
if ( $is_group_allowed == 0 )
|
||||
$groups_nb++;
|
||||
$selected = '';
|
||||
if (isset($_POST['group_id']) && $_POST['group_id']==$row['id'])
|
||||
$selected = 'selected';
|
||||
$groups_display .= '<option value="' . $row['id'] . '" '.$selected.'>' . $row['name'] . '</option>';
|
||||
}
|
||||
$groups_display .= '</select>';
|
||||
|
||||
$action = PHPWG_ROOT_PATH.'admin.php?page=group_perm';
|
||||
$template->set_filenames( array('groups'=>'admin/group_perm.tpl') );
|
||||
$template->assign_vars(array(
|
||||
'S_GROUP_SELECT'=>$groups_display,
|
||||
'L_GROUP_SELECT'=>$lang['group_list_title'],
|
||||
'L_LOOK_UP'=>$lang['edit'],
|
||||
'S_GROUP_ACTION'=>add_session_id($action)
|
||||
));
|
||||
|
||||
if ($groups_nb)
|
||||
{
|
||||
$template->assign_block_vars('select_box',array());
|
||||
}
|
||||
|
||||
if ( isset( $_POST['edit']) || isset($_POST['falsify']) || isset($_POST['trueify']))
|
||||
{
|
||||
$template->set_filenames(array('groups_auth'=>'admin/cat_options.tpl'));
|
||||
$template->assign_vars(array(
|
||||
'L_RESET'=>$lang['reset'],
|
||||
'L_CAT_OPTIONS_TRUE'=>$lang['authorized'],
|
||||
'L_CAT_OPTIONS_FALSE'=>$lang['forbidden'],
|
||||
'L_CAT_OPTIONS_INFO'=>$lang['permuser_info'],
|
||||
|
||||
'HIDDEN_NAME'=> 'group_id',
|
||||
'HIDDEN_VALUE'=>$_POST['group_id'],
|
||||
'F_ACTION' => add_session_id(PHPWG_ROOT_PATH.'admin.php?page=group_perm'),
|
||||
));
|
||||
|
||||
// only private categories are listed
|
||||
$query_true = '
|
||||
SELECT id,name,uppercats,global_rank
|
||||
FROM '.CATEGORIES_TABLE.' INNER JOIN '.GROUP_ACCESS_TABLE.' ON cat_id = id
|
||||
WHERE status = \'private\'
|
||||
AND group_id = '.$_POST['group_id'].'
|
||||
;';
|
||||
display_select_cat_wrapper($query_true,array(),'category_option_true');
|
||||
|
||||
$result = pwg_query($query_true);
|
||||
$authorized_ids = array();
|
||||
while ($row = mysql_fetch_array($result))
|
||||
{
|
||||
$vtp->setVar( $sub, 'category.color', 'green' );
|
||||
array_push($authorized_ids, $row['id']);
|
||||
}
|
||||
else
|
||||
|
||||
$query_false = '
|
||||
SELECT id,name,uppercats,global_rank
|
||||
FROM '.CATEGORIES_TABLE.'
|
||||
WHERE status = \'private\'';
|
||||
if (count($authorized_ids) > 0)
|
||||
{
|
||||
$vtp->setVar( $sub, 'category.color', 'red' );
|
||||
$query_false.= '
|
||||
AND id NOT IN ('.implode(',', $authorized_ids).')';
|
||||
}
|
||||
// category name
|
||||
$cat_infos = get_cat_info( $row['id'] );
|
||||
$name = get_cat_display_name($cat_infos['name']);
|
||||
$vtp->setVar( $sub, 'category.name', $name );
|
||||
// any subcat forbidden for this group ?
|
||||
if ( $is_group_allowed == 2 )
|
||||
{
|
||||
$vtp->addSession( $sub, 'parent_forbidden' );
|
||||
$vtp->closeSession( $sub, 'parent_forbidden' );
|
||||
}
|
||||
// forbidden or authorized access ?
|
||||
if ( $is_group_allowed == 0 or $is_group_allowed == 2 )
|
||||
{
|
||||
$vtp->setVar( $sub, 'category.authorized_checked', ' checked="checked"' );
|
||||
}
|
||||
else
|
||||
{
|
||||
$vtp->setVar( $sub, 'category.forbidden_checked', ' checked="checked"' );
|
||||
}
|
||||
$vtp->closeSession( $sub, 'category' );
|
||||
$query_false.= '
|
||||
;';
|
||||
display_select_cat_wrapper($query_false,array(),'category_option_false');
|
||||
|
||||
$template->assign_var_from_handle('ADMIN_CONTENT_2', 'groups_auth');
|
||||
}
|
||||
//----------------------------------------------------------- sending html code
|
||||
$vtp->Parse( $handle , 'sub', $sub );
|
||||
$template->assign_var_from_handle('ADMIN_CONTENT', 'groups');
|
||||
|
||||
?>
|
||||
|
||||
Reference in New Issue
Block a user