1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/piwigo_ynh.git synced 2024-09-03 20:06:03 +02:00
piwigo_ynh/sources/admin/cat_perm.php
2016-09-05 13:40:09 +02:00

308 lines
9 KiB
PHP

<?php
// +-----------------------------------------------------------------------+
// | Piwigo - a PHP based photo gallery |
// +-----------------------------------------------------------------------+
// | Copyright(C) 2008-2016 Piwigo Team http://piwigo.org |
// | Copyright(C) 2003-2008 PhpWebGallery Team http://phpwebgallery.net |
// | Copyright(C) 2002-2003 Pierrick LE GALL http://le-gall.net/pierrick |
// +-----------------------------------------------------------------------+
// | This program is free software; you can redistribute it and/or modify |
// | it under the terms of the GNU General Public License as published by |
// | the Free Software Foundation |
// | |
// | This program is distributed in the hope that it will be useful, but |
// | WITHOUT ANY WARRANTY; without even the implied warranty of |
// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
// | General Public License for more details. |
// | |
// | You should have received a copy of the GNU General Public License |
// | along with this program; if not, write to the Free Software |
// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
// | USA. |
// +-----------------------------------------------------------------------+
if (!defined('PHPWG_ROOT_PATH'))
{
die ("Hacking attempt!");
}
include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
// +-----------------------------------------------------------------------+
// | Check Access and exit when user status is not ok |
// +-----------------------------------------------------------------------+
check_status(ACCESS_ADMINISTRATOR);
// +-----------------------------------------------------------------------+
// | variable initialization |
// +-----------------------------------------------------------------------+
$page['cat'] = $category['id'];
// +-----------------------------------------------------------------------+
// | form submission |
// +-----------------------------------------------------------------------+
if (!empty($_POST))
{
check_pwg_token();
if ($category['status'] != $_POST['status'])
{
set_cat_status(array($page['cat']), $_POST['status']);
$category['status'] = $_POST['status'];
}
if ('private' == $_POST['status'])
{
//
// manage groups
//
$query = '
SELECT group_id
FROM '.GROUP_ACCESS_TABLE.'
WHERE cat_id = '.$page['cat'].'
;';
$groups_granted = array_from_query($query, 'group_id');
if (!isset($_POST['groups']))
{
$_POST['groups'] = array();
}
//
// remove permissions to groups
//
$deny_groups = array_diff($groups_granted, $_POST['groups']);
if (count($deny_groups) > 0)
{
// if you forbid access to an album, all sub-albums become
// automatically forbidden
$query = '
DELETE
FROM '.GROUP_ACCESS_TABLE.'
WHERE group_id IN ('.implode(',', $deny_groups).')
AND cat_id IN ('.implode(',', get_subcat_ids(array($page['cat']))).')
;';
pwg_query($query);
}
//
// add permissions to groups
//
$grant_groups = $_POST['groups'];
if (count($grant_groups) > 0)
{
$cat_ids = get_uppercat_ids(array($page['cat']));
if (isset($_POST['apply_on_sub']))
{
$cat_ids = array_merge($cat_ids, get_subcat_ids(array($page['cat'])));
}
$query = '
SELECT id
FROM '.CATEGORIES_TABLE.'
WHERE id IN ('.implode(',', $cat_ids).')
AND status = \'private\'
;';
$private_cats = array_from_query($query, 'id');
$inserts = array();
foreach ($private_cats as $cat_id)
{
foreach ($grant_groups as $group_id)
{
$inserts[] = array(
'group_id' => $group_id,
'cat_id' => $cat_id
);
}
}
mass_inserts(
GROUP_ACCESS_TABLE,
array('group_id','cat_id'),
$inserts,
array('ignore'=>true)
);
}
//
// users
//
$query = '
SELECT user_id
FROM '.USER_ACCESS_TABLE.'
WHERE cat_id = '.$page['cat'].'
;';
$users_granted = array_from_query($query, 'user_id');
if (!isset($_POST['users']))
{
$_POST['users'] = array();
}
//
// remove permissions to users
//
$deny_users = array_diff($users_granted, $_POST['users']);
if (count($deny_users) > 0)
{
// if you forbid access to an album, all sub-album become automatically
// forbidden
$query = '
DELETE
FROM '.USER_ACCESS_TABLE.'
WHERE user_id IN ('.implode(',', $deny_users).')
AND cat_id IN ('.implode(',', get_subcat_ids(array($page['cat']))).')
;';
pwg_query($query);
}
//
// add permissions to users
//
$grant_users = $_POST['users'];
if (count($grant_users) > 0)
{
add_permission_on_category($page['cat'], $grant_users);
}
}
$page['infos'][] = l10n('Album updated successfully');
}
// +-----------------------------------------------------------------------+
// | template initialization |
// +-----------------------------------------------------------------------+
$template->set_filename('cat_perm', 'cat_perm.tpl');
$template->assign(
array(
'CATEGORIES_NAV' =>
get_cat_display_name_from_id(
$page['cat'],
'admin.php?page=album-'
),
'U_HELP' => get_root_url().'admin/popuphelp.php?page=cat_perm',
'F_ACTION' => $admin_album_base_url.'-permissions',
'private' => ('private' == $category['status']),
)
);
// +-----------------------------------------------------------------------+
// | form construction |
// +-----------------------------------------------------------------------+
// groups denied are the groups not granted. So we need to find all groups
// minus groups granted to find groups denied.
$groups = array();
$query = '
SELECT id, name
FROM '.GROUPS_TABLE.'
ORDER BY name ASC
;';
$groups = simple_hash_from_query($query, 'id', 'name');
$template->assign('groups', $groups);
// groups granted to access the category
$query = '
SELECT group_id
FROM '.GROUP_ACCESS_TABLE.'
WHERE cat_id = '.$page['cat'].'
;';
$group_granted_ids = array_from_query($query, 'group_id');
$template->assign('groups_selected', $group_granted_ids);
// users...
$users = array();
$query = '
SELECT '.$conf['user_fields']['id'].' AS id,
'.$conf['user_fields']['username'].' AS username
FROM '.USERS_TABLE.'
;';
$users = simple_hash_from_query($query, 'id', 'username');
$template->assign('users', $users);
$query = '
SELECT user_id
FROM '.USER_ACCESS_TABLE.'
WHERE cat_id = '.$page['cat'].'
;';
$user_granted_direct_ids = array_from_query($query, 'user_id');
$template->assign('users_selected', $user_granted_direct_ids);
$user_granted_indirect_ids = array();
if (count($group_granted_ids) > 0)
{
$granted_groups = array();
$query = '
SELECT user_id, group_id
FROM '.USER_GROUP_TABLE.'
WHERE group_id IN ('.implode(',', $group_granted_ids).')
';
$result = pwg_query($query);
while ($row = pwg_db_fetch_assoc($result))
{
if (!isset($granted_groups[ $row['group_id'] ]))
{
$granted_groups[ $row['group_id'] ] = array();
}
$granted_groups[ $row['group_id'] ][] = $row['user_id'];
}
$user_granted_by_group_ids = array();
foreach ($granted_groups as $group_users)
{
$user_granted_by_group_ids = array_merge($user_granted_by_group_ids, $group_users);
}
$user_granted_by_group_ids = array_unique($user_granted_by_group_ids);
$user_granted_indirect_ids = array_diff(
$user_granted_by_group_ids,
$user_granted_direct_ids
);
$template->assign('nb_users_granted_indirect', count($user_granted_indirect_ids));
foreach ($granted_groups as $group_id => $group_users)
{
$group_usernames = array();
foreach ($group_users as $user_id)
{
if (in_array($user_id, $user_granted_indirect_ids))
{
$group_usernames[] = $users[$user_id];
}
}
$template->append(
'user_granted_indirect_groups',
array(
'group_name' => $groups[$group_id],
'group_users' => implode(', ', $group_usernames),
)
);
}
}
// +-----------------------------------------------------------------------+
// | sending html code |
// +-----------------------------------------------------------------------+
$template->assign(array(
'PWG_TOKEN' => get_pwg_token(),
'INHERIT' => $conf['inheritance_by_default'],
'CACHE_KEYS' => get_admin_client_cache_keys(array('groups', 'users')),
));
$template->assign_var_from_handle('ADMIN_CONTENT', 'cat_perm');
?>