diff --git a/action.php b/action.php index bd62b2bb3..d1d382c35 100644 --- a/action.php +++ b/action.php @@ -89,7 +89,10 @@ SELECT id INNER JOIN '.IMAGE_CATEGORY_TABLE.' ON category_id = id WHERE image_id = '.$_GET['id'].' '.get_sql_condition_FandF( - array('forbidden_categories' => 'category_id'), + array( + 'forbidden_categories' => 'category_id', + 'forbidden_images' => 'image_id', + ), ' AND' ).' LIMIT 1 diff --git a/admin/element_set_global.php b/admin/element_set_global.php index b3f254b10..6cb0aab39 100644 --- a/admin/element_set_global.php +++ b/admin/element_set_global.php @@ -136,7 +136,7 @@ DELETE $datas = array(); $dbfields = array('primary' => array('id'), 'update' => array()); - $formfields = array('author', 'name', 'date_creation'); + $formfields = array('author', 'name', 'date_creation', 'level'); foreach ($formfields as $formfield) { if ($_POST[$formfield.'_action'] != 'leave') @@ -163,7 +163,6 @@ SELECT id if ('set' == $_POST['author_action']) { $data['author'] = $_POST['author']; - if ('' == $data['author']) { unset($data['author']); @@ -173,7 +172,6 @@ SELECT id if ('set' == $_POST['name_action']) { $data['name'] = $_POST['name']; - if ('' == $data['name']) { unset($data['name']); @@ -189,6 +187,11 @@ SELECT id ; } + if ('set' == $_POST['level_action']) + { + $data['level'] = $_POST['level']; + } + array_push($datas, $data); } // echo '
'; print_r($datas); echo '
'; @@ -345,6 +348,18 @@ else } $template->assign_vars(array('DATE_CREATION_YEAR_VALUE'=>$year)); +// image level options +$blockname = 'level_option'; +foreach ($conf['available_permission_levels'] as $level) +{ + $template->assign_block_vars( + $blockname, + array( + 'VALUE' => $level, + 'CONTENT' => l10n( sprintf('Level %d', $level) ), + )); +} + // +-----------------------------------------------------------------------+ // | global mode thumbnails | // +-----------------------------------------------------------------------+ @@ -377,7 +392,7 @@ if (count($page['cat_elements_id']) > 0) $template->assign_vars(array('NAV_BAR' => $nav_bar)); $query = ' -SELECT id,path,tn_ext,file,filesize +SELECT id,path,tn_ext,file,filesize,level FROM '.IMAGES_TABLE.' WHERE id IN ('.implode(',', $page['cat_elements_id']).') '.$conf['order_by'].' @@ -405,6 +420,16 @@ SELECT id,path,tn_ext,file,filesize 'TITLE' => get_thumbnail_title($row) ) ); + + if ( $row['level']>0 ) + { + $template->assign_block_vars('thumbnails.thumbnail.level', + array( + 'LEVEL' => $row['level'], + 'TITLE' => l10n( sprintf('Level %d', $row['level']) ), + ) + ); + } } } diff --git a/admin/user_list.php b/admin/user_list.php index 1c7a752d4..8e3e06d65 100644 --- a/admin/user_list.php +++ b/admin/user_list.php @@ -97,7 +97,8 @@ SELECT DISTINCT u.'.$conf['user_fields']['id'].' AS id, u.'.$conf['user_fields']['email'].' AS email, ui.status, ui.adviser, - ui.enabled_high + ui.enabled_high, + ui.level FROM '.USERS_TABLE.' AS u INNER JOIN '.USER_INFOS_TABLE.' AS ui ON u.'.$conf['user_fields']['id'].' = ui.user_id @@ -256,7 +257,7 @@ if (isset($_POST['delete']) and count($collection) > 0) { array_push($page['errors'], l10n('Guest cannot be deleted')); } - if (($conf['guest_id'] != $conf['default_user_id']) and + if (($conf['guest_id'] != $conf['default_user_id']) and in_array($conf['default_user_id'], $collection)) { array_push($page['errors'], l10n('Default user cannot be deleted')); @@ -351,9 +352,10 @@ DELETE FROM '.USER_GROUP_TABLE.' $formfields = array('nb_image_line', 'nb_line_page', 'template', 'language', 'recent_period', 'maxwidth', 'expand', 'show_nb_comments', - 'show_nb_hits', 'maxheight', 'status', 'enabled_high'); + 'show_nb_hits', 'maxheight', 'status', 'enabled_high', + 'level'); - $true_false_fields = array('expand', 'show_nb_comments', + $true_false_fields = array('expand', 'show_nb_comments', 'show_nb_hits', 'enabled_high'); if ($conf['allow_adviser']) { @@ -756,6 +758,19 @@ foreach ($groups as $group_id => $group_name) )); } +// user level options +$blockname = 'level_option'; +foreach ($conf['available_permission_levels'] as $level) +{ + $template->assign_block_vars( + $blockname, + array( + 'VALUE' => $level, + 'CONTENT' => l10n( sprintf('Level %d', $level) ), + 'SELECTED' => $level==$default_user['level'] ? 'selected="selected"' : '', + )); +} + // +-----------------------------------------------------------------------+ // | navigation bar | // +-----------------------------------------------------------------------+ @@ -818,6 +833,13 @@ foreach ($visible_user_list as $num => $local_user) $checked = ''; } + $properties = array(); + $properties[] = + (isset($local_user['enabled_high']) and ($local_user['enabled_high'] == 'true')) + ? $lang['is_high_enabled'] : $lang['is_high_disabled']; + + $properties[] = l10n( sprintf('Level %d', $local_user['level']) ); + $template->assign_block_vars( 'user', array( @@ -836,9 +858,8 @@ foreach ($visible_user_list as $num => $local_user) ? '
['.l10n('adviser').']' : ''), 'EMAIL' => get_email_address_as_display_text($local_user['email']), 'GROUPS' => $groups_string, - 'PROPERTIES' => - (isset($local_user['enabled_high']) and ($local_user['enabled_high'] == 'true')) - ? $lang['is_high_enabled'] : $lang['is_high_disabled'] + 'PROPERTIES' => implode( ',', $properties), + ) ); trigger_action('loc_assign_block_var_local_user_list', $local_user); diff --git a/include/config_default.inc.php b/include/config_default.inc.php index a12770ef2..64ade722b 100644 --- a/include/config_default.inc.php +++ b/include/config_default.inc.php @@ -168,14 +168,14 @@ $conf['show_version'] = true; // ); // // Advenced use: -// You can also used special options. Instead to pass a string like parameter value +// You can also used special options. Instead to pass a string like parameter value // you can pass a array with different optional parameter values // $conf['links'] = array( // 'http://phpwebgallery.net' => array('label' => 'PWG website', 'new_window' => false, 'eval_visible' => 'return true;'), // 'http://forum.phpwebgallery.net' => array('label' => 'For ADMIN', 'new_window' => true, 'eval_visible' => 'return is_admin();'), // 'http://phpwebgallery.net/doc' => array('label' => 'For Guest', 'new_window' => true, 'eval_visible' => 'return is_a_guest();'), -// 'http://download.gna.org/phpwebgallery/' => -// array('label' => 'PopUp', 'new_window' => true, +// 'http://download.gna.org/phpwebgallery/' => +// array('label' => 'PopUp', 'new_window' => true, // 'nw_name' => 'PopUp', 'nw_features' => 'width=800,height=450,location=no,status=no,toolbar=no,scrollbars=no,menubar=no'), // ); // Parameters: @@ -263,6 +263,9 @@ $conf['prefix_thumbnail'] = 'TN-'; // Administration>Identification>Users? $conf['users_page'] = 20; +// image level permissions available in the admin interface +$conf['available_permission_levels'] = array(0,1,2,4,8); + // mail_options: only set it true if you have a send mail warning with // "options" parameter missing on mail() function execution. $conf['mail_options'] = false; @@ -614,11 +617,11 @@ $conf['allow_web_services'] = true; $conf['ws_max_images_per_page'] = 500; // On Access control false / Admim Web Service need Php cURL extension -// Controls are done on public basis or +// Controls are done on public basis or // if connected on member authorization basis $conf['ws_access_control'] = false; - -// On Access control true + +// On Access control true // Additionnal controls are made based on Web Service Access Table // Max returned rows number ( > 0 ) @@ -628,10 +631,10 @@ $conf['ws_access_control'] = false; // 0 it's Now(), don't remove that one $conf['ws_postponed_start'] = array(0,1,2,3,5,7,14,30); /* In days */ -// By default 10, 5, 2, 1 year(s) or 6, 3, 1 month(s) +// By default 10, 5, 2, 1 year(s) or 6, 3, 1 month(s) // or 15, 10, 7, 5, 1, 0 day(s) // 0 it's temporary closed (Useful for one access) - $conf['ws_durations'] = array(3650,1825,730,365,182,91,30,15,10,7,5,1,0); + $conf['ws_durations'] = array(3650,1825,730,365,182,91,30,15,10,7,5,1,0); // +-----------------------------------------------------------------------+ // | Filter | @@ -675,12 +678,12 @@ $conf['filter_pages'] = array // +-----------------------------------------------------------------------+ // | Light slideshow | // +-----------------------------------------------------------------------+ -// $conf['light_slideshow'] indicates to use slideshow.tpl in state of +// $conf['light_slideshow'] indicates to use slideshow.tpl in state of // picture.tpl for slideshow // Take care to have slideshow.tpl in all available templates // Or set it false. // Check if Picture's plugins are compliant with it // Every plugin from 1.7 would be design to manage light_slideshow case. -$conf['light_slideshow'] = true; +$conf['light_slideshow'] = true; ?> diff --git a/include/functions_user.inc.php b/include/functions_user.inc.php index f3b078dbf..1c4500328 100644 --- a/include/functions_user.inc.php +++ b/include/functions_user.inc.php @@ -257,6 +257,22 @@ SELECT ui.*, uc.* $userdata['forbidden_categories'] = calculate_permissions($userdata['id'], $userdata['status']); + /* now we build the list of forbidden images (this list does not contain + images that are not in at least an authorized category)*/ + $query = ' +SELECT DISTINCT(id) + FROM '.IMAGES_TABLE.' INNER JOIN '.IMAGE_CATEGORY_TABLE.' ON id=image_id + WHERE category_id NOT IN ('.$userdata['forbidden_categories'].') + AND level>'.$userdata['level']; + $forbidden_ids = array_from_query($query, 'id'); + + if ( empty($forbidden_ids) ) + { + array_push( $forbidden_ids, 0 ); + } + $userdata['image_access_type'] = 'NOT IN'; //TODO maybe later + $userdata['image_access_list'] = implode(',',$forbidden_ids); + update_user_cache_categories($userdata); // Set need update are done @@ -269,6 +285,7 @@ SELECT ui.*, uc.* SELECT COUNT(DISTINCT(image_id)) as total FROM '.IMAGE_CATEGORY_TABLE.' WHERE category_id NOT IN ('.$userdata['forbidden_categories'].') + AND image_id '.$userdata['image_access_type'].' ('.$userdata['image_access_list'].') ;'; list($userdata['nb_total_images']) = mysql_fetch_array(pwg_query($query)); @@ -281,10 +298,12 @@ DELETE FROM '.USER_CACHE_TABLE.' $query = ' INSERT INTO '.USER_CACHE_TABLE.' - (user_id, need_update, forbidden_categories, nb_total_images) + (user_id, need_update, forbidden_categories, nb_total_images, + image_access_type, image_access_list) VALUES ('.$userdata['id'].',\''.boolean_to_string($userdata['need_update']).'\',\'' - .$userdata['forbidden_categories'].'\','.$userdata['nb_total_images'].') + .$userdata['forbidden_categories'].'\','.$userdata['nb_total_images'].',"' + .$userdata['image_access_type'].'","'.$userdata['image_access_list'].'") ;'; pwg_query($query); } @@ -527,26 +546,20 @@ function get_computed_categories($userdata, $filter_days=null) $group_by = ''; $query = 'SELECT c.id cat_id, global_rank'; - if ( !isset($filter_days) ) + // Count by date_available to avoid count null + $query .= ', + MAX(date_available) cat_date_last, COUNT(date_available) cat_nb_images +FROM '.CATEGORIES_TABLE.' as c + LEFT JOIN '.IMAGE_CATEGORY_TABLE.' AS ic ON ic.category_id = c.id + LEFT JOIN '.IMAGES_TABLE.' AS i + ON ic.image_id = i.id + AND i.level<='.$userdata['level']; + + if ( isset($filter_days) ) { - $query .= ', - date_last cat_date_last, - nb_images cat_nb_images - FROM '.CATEGORIES_TABLE.' as c'; - } - else - { - // Count by date_available to avoid count null - $query .= ', - MAX(date_available) cat_date_last, - COUNT(date_available) cat_nb_images - FROM '.CATEGORIES_TABLE.' as c - LEFT JOIN '.IMAGE_CATEGORY_TABLE.' AS ic ON ic.category_id = c.id - LEFT JOIN '.IMAGES_TABLE.' AS i - ON ic.image_id = i.id AND - i.date_available > SUBDATE(CURRENT_DATE,INTERVAL '.$filter_days.' DAY)'; - $group_by = 'c.id'; + $query .= ' AND i.date_available > SUBDATE(CURRENT_DATE,INTERVAL '.$filter_days.' DAY)'; } + $group_by = 'c.id'; if ( !empty($userdata['forbidden_categories']) ) { @@ -719,7 +732,7 @@ SELECT COUNT(*) function get_default_user_info($convert_str = true) { global $page, $conf; - + if (!isset($page['cache_default_user'])) { $query = 'select * from '.USER_INFOS_TABLE. @@ -727,7 +740,7 @@ function get_default_user_info($convert_str = true) $result = pwg_query($query); $page['cache_default_user'] = mysql_fetch_assoc($result); - + if ($page['cache_default_user'] !== false) { unset($page['cache_default_user']['user_id']); @@ -839,11 +852,13 @@ function create_user_infos($arg_id, $override_values = null) foreach ($user_ids as $user_id) { + $level= isset($default_user['level']) ? $default_user['level'] : 0; if ($user_id == $conf['webmaster_id']) { $status = 'webmaster'; + $level = max( $conf['available_permission_levels'] ); } - else if (($user_id == $conf['guest_id']) or + else if (($user_id == $conf['guest_id']) or ($user_id == $conf['default_user_id'])) { $status = 'guest'; @@ -858,11 +873,12 @@ function create_user_infos($arg_id, $override_values = null) array( 'user_id' => $user_id, 'status' => $status, - 'registration_date' => $dbnow + 'registration_date' => $dbnow, + 'level' => $level )); array_push($inserts, $insert); - } + } include_once(PHPWG_ROOT_PATH.'admin/include/functions.php'); mass_inserts(USER_INFOS_TABLE, array_keys($inserts[0]), $inserts); @@ -901,7 +917,7 @@ SELECT name * return the file path of the given language filename, depending on the * availability of the file * - * in descending order of preference: + * in descending order of preference: * param language, user language, default language * PhpWebGallery default language. * @@ -1290,14 +1306,38 @@ function get_sql_condition_FandF( break; } case 'visible_images': - { if (!empty($filter['visible_images'])) { $sql_list[] = $field_name.' IN ('.$filter['visible_images'].')'; } + // note there is no break - visible include forbidden + case 'forbidden_images': + if ( + !empty($user['image_access_list']) + or $user['image_access_type']!='NOT IN' + ) + { + $table_prefix=null; + if ($field_name=='id') + { + $table_prefix = ''; + } + elseif ($field_name=='i.id') + { + $table_prefix = 'i.'; + } + if ( isset($table_prefix) ) + { + $sql_list[]=$table_prefix.'level<='.$user['level']; + } + else + { + $sql_list[]=$field_name.' '.$user['image_access_type'] + .' ('.$user['image_access_list'].')'; + } + } break; - } default: { die('Unknow condition'); diff --git a/install/db/63-database.php b/install/db/63-database.php new file mode 100644 index 000000000..582150e5f --- /dev/null +++ b/install/db/63-database.php @@ -0,0 +1,76 @@ + diff --git a/install/phpwebgallery_structure.sql b/install/phpwebgallery_structure.sql index 24e69005c..3a086c3c7 100644 --- a/install/phpwebgallery_structure.sql +++ b/install/phpwebgallery_structure.sql @@ -198,6 +198,7 @@ CREATE TABLE `phpwebgallery_images` ( `path` varchar(255) NOT NULL default '', `storage_category_id` smallint(5) unsigned default NULL, `high_filesize` mediumint(9) unsigned default NULL, + `level` tinyint unsigned NOT NULL default '0', PRIMARY KEY (`id`), KEY `images_i2` (`date_available`), KEY `images_i3` (`average_rate`), @@ -328,6 +329,8 @@ CREATE TABLE `phpwebgallery_user_cache` ( `need_update` enum('true','false') NOT NULL default 'true', `forbidden_categories` text, `nb_total_images` mediumint(8) unsigned default NULL, + `image_access_type` enum('NOT IN','IN') NOT NULL default 'NOT IN', + `image_access_list` text default NULL, PRIMARY KEY (`user_id`) ) TYPE=MyISAM; @@ -389,6 +392,7 @@ CREATE TABLE `phpwebgallery_user_infos` ( `template` varchar(255) NOT NULL default 'yoga/clear', `registration_date` datetime NOT NULL default '0000-00-00 00:00:00', `enabled_high` enum('true','false') NOT NULL default 'true', + `level` tinyint unsigned NOT NULL default '0', UNIQUE KEY `user_infos_ui1` (`user_id`) ) TYPE=MyISAM; diff --git a/language/en_UK.iso-8859-1/admin.lang.php b/language/en_UK.iso-8859-1/admin.lang.php index 4100d86b7..1f4b379f6 100644 --- a/language/en_UK.iso-8859-1/admin.lang.php +++ b/language/en_UK.iso-8859-1/admin.lang.php @@ -641,4 +641,11 @@ $lang['display_thumbnail_classic'] = 'Classic display'; $lang['display_thumbnail_hoverbox'] = 'Hoverbox display'; $lang['Thumbnails'] = 'Thumbnails'; $lang['obligatory_user_mail_address'] = 'Mail address is obligatory for all users'; +$lang['Minimum privacy level'] = 'Minimum privacy level'; +$lang['Privacy level'] = 'Privacy level'; +$lang['Level 0'] = 'Public'; +$lang['Level 1'] = 'Contacts'; +$lang['Level 2'] = 'Friends'; +$lang['Level 4'] = 'Family'; +$lang['Level 8'] = 'Admins'; ?> diff --git a/language/fr_FR.iso-8859-1/admin.lang.php b/language/fr_FR.iso-8859-1/admin.lang.php index 6ba441aa9..5c9f5ead4 100644 --- a/language/fr_FR.iso-8859-1/admin.lang.php +++ b/language/fr_FR.iso-8859-1/admin.lang.php @@ -642,4 +642,11 @@ $lang['display_thumbnail_classic'] = 'Affichage classique'; $lang['display_thumbnail_hoverbox'] = 'Affichage lors du survol'; $lang['Thumbnails'] = 'Miniatures'; $lang['obligatory_user_mail_address'] = 'L\'adresse mail est obligatoire pour tous les utilisateurs'; +$lang['Minimum privacy level'] = 'Niveau minimal de confidentialité'; +$lang['Privacy level'] = 'Niveau de confidentialité'; +$lang['Level 0'] = 'Public'; +$lang['Level 1'] = 'Contacts'; +$lang['Level 2'] = 'Amis'; +$lang['Level 4'] = 'Famille'; +$lang['Level 8'] = 'Admins'; ?> diff --git a/template/yoga/admin/element_set_global.tpl b/template/yoga/admin/element_set_global.tpl index de8217104..b99789413 100644 --- a/template/yoga/admin/element_set_global.tpl +++ b/template/yoga/admin/element_set_global.tpl @@ -34,7 +34,11 @@