iarv/Piwigo
1
0
Fork 0
mirror of https://github.com/Piwigo/Piwigo.git synced 2026-03-28 17:42:57 +01:00
Code Issues Packages Projects Releases Wiki Activity

- user permissions ask update at each admin page generation. Table

Browse Source 
user_forbidden must be updated only if current user is not in
  administrative section

- bug fixed : category.php, error on page title when non category selected

- admin/search : bug on variable $PHP_SELF, replaced by $_SERVER['PHP_SELF']

- admin/user_perm : inheritence management. When a category become
  authorized, all parent categories become authorized, when a category
  become forbidden, all child category become forbidden

- no more recursivity in delete_categories function

- new function get_fs_directories for future new method of synchronization

- new function get_uppercat_ids replacing several pieces of code doing the
  same

- new function get_fulldirs used for metadata function get_filelist and
  future new method of synchronization

- new function get_fs for future new method of synchronization

- typo correction on lang item "about_message"

- no link to category privacy status management on user permission anymore
  (giving the menu item instead)


git-svn-id: http://piwigo.org/svn/trunk@657 68402e56-0260-453c-a942-63ccdbb3a9ee
This commit is contained in:
plegall
2004-12-25 19:33:36 +00:00
parent 30d71ba9cb
commit 4c8d18de5b
11 changed files with 382 additions and 174 deletions
Download Patch File Download Diff File Expand all files Collapse all files

163
admin/user_perm.php
View File

@@ -25,50 +25,87 @@
// | USA. |
// +-----------------------------------------------------------------------+
if( !defined("IN_ADMIN") )
if (!defined('IN_ADMIN'))
{
die ("Hacking attempt!");
die('Hacking attempt!');
}
include_once( PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php' );
include_once(PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php');
$userdata = array();
if ( isset( $_POST['submituser'] ) )
if (isset($_POST['submituser']))
{
$userdata = getuserdata($_POST['username']);
}
elseif (isset($_POST['falsify']) || isset($_POST['trueify']))
else if (isset($_POST['falsify'])
and isset($_POST['cat_true'])
and count($_POST['cat_true']) > 0)
{
$userdata = getuserdata(intval($_POST['userid']));
// cleaning the user_access table for this user
if (isset($_POST['cat_true']) && count($_POST['cat_true']) > 0)
// if you forbid access to a category, all sub-categories become
// automatically forbidden
$subcats = get_subcat_ids($_POST['cat_true']);
$query = '
DELETE FROM '.USER_ACCESS_TABLE.'
WHERE user_id = '.$userdata['id'].'
AND cat_id IN ('.implode(',', $subcats).')
;';
pwg_query($query);
}
else if (isset($_POST['trueify'])
and isset($_POST['cat_false'])
and count($_POST['cat_false']) > 0)
{
$userdata = getuserdata(intval($_POST['userid']));
$uppercats = get_uppercat_ids($_POST['cat_false']);
$private_uppercats = array();
$query = '
SELECT id
FROM '.CATEGORIES_TABLE.'
WHERE id IN ('.implode(',', $uppercats).')
AND status = \'private\'
;';
$result = pwg_query($query);
while ($row = mysql_fetch_array($result))
{
foreach ($_POST['cat_true'] as $auth_cat)
{
$query = 'DELETE FROM '.USER_ACCESS_TABLE;
$query.= ' WHERE user_id = '.$userdata['id'];
$query.= ' AND cat_id='.$auth_cat.';';
pwg_query ( $query );
}
array_push($private_uppercats, $row['id']);
}
// retrying to authorize a category which is already authorized may cause
// an error (in SQL statement), so we need to know which categories are
// accesible
$authorized_ids = array();
$query = '
SELECT cat_id
FROM '.USER_ACCESS_TABLE.'
WHERE user_id = '.$userdata['id'].'
;';
$result = pwg_query($query);
while ($row = mysql_fetch_array($result))
{
array_push($authorized_ids, $row['cat_id']);
}
if (isset($_POST['cat_false']) && count($_POST['cat_false']) > 0)
$inserts = array();
$to_autorize_ids = array_diff($private_uppercats, $authorized_ids);
foreach ($to_autorize_ids as $to_autorize_id)
{
foreach ($_POST['cat_false'] as $auth_cat)
{
$query = 'INSERT INTO '.USER_ACCESS_TABLE;
$query.= ' (user_id,cat_id) VALUES';
$query.= ' ('.$userdata['id'].','.$auth_cat.')';
$query.= ';';
pwg_query ( $query );
}
array_push($inserts, array('user_id' => $userdata['id'],
'cat_id' => $to_autorize_id));
}
mass_inserts(USER_ACCESS_TABLE, array('user_id','cat_id'), $inserts);
}
//----------------------------------------------------- template initialization
if ( empty($userdata))
if (empty($userdata))
{
$template->set_filenames( array('user'=>'admin/user_perm.tpl') );
$template->set_filenames(array('user' => 'admin/user_perm.tpl'));
$base_url = PHPWG_ROOT_PATH.'admin.php?page=';
$template->assign_vars(array(
'L_SELECT_USERNAME'=>$lang['Select_username'],
'L_LOOKUP_USER'=>$lang['Look_up_user'],
@@ -76,54 +113,54 @@ if ( empty($userdata))
'L_AUTH_USER'=>$lang['permuser_only_private'],
'L_SUBMIT'=>$lang['submit'],
'F_SEARCH_USER_ACTION' => add_session_id(PHPWG_ROOT_PATH.'admin.php?page=user_perm'),
'F_SEARCH_USER_ACTION' => add_session_id($base_url.'user_perm'),
'U_SEARCH_USER' => add_session_id(PHPWG_ROOT_PATH.'admin/search.php')
));
}
else
{
$cat_url = '<a href="'.add_session_id(PHPWG_ROOT_PATH.'admin.php?page=cat_options&section=status');
$cat_url .= '">'.$lang['permuser_info_link'].'</a>';
$template->set_filenames( array('user'=>'admin/cat_options.tpl') );
$template->assign_vars(array(
'L_RESET'=>$lang['reset'],
'L_CAT_OPTIONS_TRUE'=>$lang['authorized'],
'L_CAT_OPTIONS_FALSE'=>$lang['forbidden'],
'L_CAT_OPTIONS_INFO'=>$lang['permuser_info'].'&nbsp;'.$cat_url,
'HIDDEN_NAME'=> 'userid',
'HIDDEN_VALUE'=>$userdata['id'],
'F_ACTION' => add_session_id(PHPWG_ROOT_PATH.'admin.php?page=user_perm'),
));
$template->set_filenames(array('user'=>'admin/cat_options.tpl'));
$template->assign_vars(
array(
'L_RESET'=>$lang['reset'],
'L_CAT_OPTIONS_TRUE'=>$lang['authorized'],
'L_CAT_OPTIONS_FALSE'=>$lang['forbidden'],
'L_CAT_OPTIONS_INFO'=>$lang['permuser_info'],
'HIDDEN_NAME'=> 'userid',
'HIDDEN_VALUE'=>$userdata['id'],
'F_ACTION' => add_session_id(PHPWG_ROOT_PATH.'admin.php?page=user_perm'),
));
// only private categories are listed
$query_true = 'SELECT id,name,uppercats,global_rank FROM '.CATEGORIES_TABLE;
$query_true.= ' LEFT JOIN '.USER_ACCESS_TABLE.' as u';
$query_true.= ' ON u.cat_id=id';
$query_true.= ' WHERE status = \'private\' AND u.user_id='.$userdata['id'].';';
$result = pwg_query($query_true);
$categorie_true = array();
while (!empty($result) && $row = mysql_fetch_array($result))
{
array_push($categorie_true, $row);
}
$query_true = '
SELECT id,name,uppercats,global_rank
FROM '.CATEGORIES_TABLE.' INNER JOIN '.USER_ACCESS_TABLE.' ON cat_id = id
WHERE status = \'private\'
AND user_id = '.$userdata['id'].'
;';
display_select_cat_wrapper($query_true,array(),'category_option_true');
$query = 'SELECT id,name,uppercats,global_rank FROM '.CATEGORIES_TABLE;
$query.= ' WHERE status = \'private\'';
$result = pwg_query($query);
$categorie_false = array();
$result = pwg_query($query_true);
$authorized_ids = array();
while ($row = mysql_fetch_array($result))
{
if (!in_array($row,$categorie_true))
array_push($categorie_false, $row);
array_push($authorized_ids, $row['id']);
}
usort($categorie_true, 'global_rank_compare');
usort($categorie_false, 'global_rank_compare');
display_select_categories($categorie_true, array(), 'category_option_true', true);
display_select_categories($categorie_false, array(), 'category_option_false', true);
$query_false = '
SELECT id,name,uppercats,global_rank
FROM '.CATEGORIES_TABLE.'
WHERE status = \'private\'';
if (count($authorized_ids) > 0)
{
$query_false.= '
AND id NOT IN ('.implode(',', $authorized_ids).')';
}
$query_false.= '
;';
display_select_cat_wrapper($query_false,array(),'category_option_false');
}
//----------------------------------------------------------- sending html code
$template->assign_var_from_handle('ADMIN_CONTENT', 'user');
?>