Subversion Repositories svnkaklik

Rev

Go to most recent revision | Details | Last modification | View Log

Rev Author Line No. Line
6 kaklik 1
<?php
2
// +-----------------------------------------------------------------------+
3
// | PhpWebGallery - a PHP based picture gallery                           |
4
// | Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net |
5
// | Copyright (C) 2003-2005 PhpWebGallery Team - http://phpwebgallery.net |
6
// +-----------------------------------------------------------------------+
7
// | branch        : BSF (Best So Far)
8
// | file          : $RCSfile: cat_perm.php,v $
9
// | last update   : $Date: 2005/01/07 23:10:51 $
10
// | last modifier : $Author: plg $
11
// | revision      : $Revision: 1.14 $
12
// +-----------------------------------------------------------------------+
13
// | This program is free software; you can redistribute it and/or modify  |
14
// | it under the terms of the GNU General Public License as published by  |
15
// | the Free Software Foundation                                          |
16
// |                                                                       |
17
// | This program is distributed in the hope that it will be useful, but   |
18
// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
19
// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
20
// | General Public License for more details.                              |
21
// |                                                                       |
22
// | You should have received a copy of the GNU General Public License     |
23
// | along with this program; if not, write to the Free Software           |
24
// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
25
// | USA.                                                                  |
26
// +-----------------------------------------------------------------------+
27
include_once( './admin/include/isadmin.inc.php' );
28
//----------------------------------------------------- template initialization
29
$sub = $vtp->Open( './template/'.$user['template'].'/admin/cat_perm.vtp' );
30
$error = array();
31
$tpl = array( 'permuser_authorized','permuser_forbidden','menu_groups',
32
              'submit','menu_users','permuser_parent_forbidden' );
33
templatize_array( $tpl, 'lang', $sub );
34
$vtp->setGlobalVar( $sub, 'user_template', $user['template'] );
35
//-------------------------------------------------------------- category infos
36
if ( isset( $_GET['cat_id'] ) )
37
{
38
  check_cat_id( $_GET['cat_id'] );
39
  if ( isset( $page['cat'] ) and is_numeric( $page['cat'] ) )
40
  {
41
    $result = get_cat_info( $page['cat'] );
42
    $page['cat_name']    = $result['name'];
43
    $page['id_uppercat'] = $result['id_uppercat'];
44
  }
45
}
46
//---------------------------------------------------------- permission updates
47
if ( isset( $_POST['submit'] ) )
48
{
49
  // groups access update
50
  $query = 'DELETE';
51
  $query.= ' FROM '.PREFIX_TABLE.'group_access';
52
  $query.= ' WHERE cat_id = '.$page['cat'];
53
  $query.= ';';
54
  pwg_query( $query );
55
  $query = 'SELECT id';
56
  $query.= ' FROM '.PREFIX_TABLE.'groups';
57
  $query.= ';';
58
  $result = pwg_query( $query );
59
  while ( $row = mysql_fetch_array( $result ) )
60
  {
61
    $radioname = 'groupaccess-'.$row['id'];
62
    if ( $_POST[$radioname] == 0 )
63
    {
64
      $query = 'INSERT INTO '.PREFIX_TABLE.'group_access';
65
      $query.= ' (cat_id,group_id) VALUES';
66
      $query.= ' ('.$page['cat'].','.$row['id'].')';
67
      $query.= ';';
68
      pwg_query( $query );
69
    }
70
  }
71
  // users access update
72
  $query = 'DELETE';
73
  $query.= ' FROM '.PREFIX_TABLE.'user_access';
74
  $query.= ' WHERE cat_id = '.$page['cat'];
75
  $query.= ';';
76
  pwg_query( $query );
77
  $query = 'SELECT id';
78
  $query.= ' FROM '.USERS_TABLE;
79
  $query.= ';';
80
  $result = pwg_query( $query );
81
  while ( $row = mysql_fetch_array( $result ) )
82
  {
83
    $radioname = 'useraccess-'.$row['id'];
84
    if ( $_POST[$radioname] == 0 )
85
    {
86
      $query = 'INSERT INTO '.PREFIX_TABLE.'user_access';
87
      $query.= ' (cat_id,user_id) VALUES';
88
      $query.= ' ('.$page['cat'].','.$row['id'].')';
89
      $query.= ';';
90
      pwg_query( $query );
91
    }
92
    check_favorites( $row['id'] );
93
  }
94
  // resynchronize all users
95
  synchronize_all_users();
96
}
97
//---------------------------------------------------------------------- groups
98
$query = 'SELECT id,name';
99
$query.= ' FROM '.PREFIX_TABLE.'groups';
100
$query. ';';
101
$result = pwg_query( $query );
102
if ( mysql_num_rows( $result ) > 0 )
103
{
104
  $vtp->addSession( $sub, 'groups' );
105
  // creating an array with all authorized groups for this category
106
  $query = 'SELECT group_id';
107
  $query.= ' FROM '.PREFIX_TABLE.'group_access';
108
  $query.= ' WHERE cat_id = '.$_GET['cat_id'];
109
  $query.= ';';
110
  $subresult = pwg_query( $query );
111
  $authorized_groups = array();
112
  while ( $subrow = mysql_fetch_array( $subresult ) )
113
  {
114
    array_push( $authorized_groups, $subrow['group_id'] );
115
  }
116
  // displaying each group
117
  while( $row = mysql_fetch_array( $result ) )
118
  {
119
    $vtp->addSession( $sub, 'group' );
120
    if ( in_array( $row['id'], $authorized_groups ) )
121
    {
122
      $vtp->setVar( $sub, 'group.color', 'green' );
123
      $vtp->setVar( $sub, 'group.authorized_checked', ' checked="checked"' );
124
    }
125
    else
126
    {
127
      $vtp->setVar( $sub, 'group.color', 'red' );
128
      $vtp->setVar( $sub, 'group.forbidden_checked', ' checked="checked"' );
129
    }
130
    $vtp->setVar( $sub, 'group.groupname', $row['name'] );
131
    $vtp->setVar( $sub, 'group.id', $row['id'] );
132
    $url = './admin.php?page=group_perm&amp;group_id='.$row['id'];
133
    $vtp->setVar( $sub, 'group.group_perm_link', add_session_id( $url ) );
134
    $vtp->closeSession( $sub, 'group' );
135
  }
136
  $vtp->closeSession( $sub, 'groups' );
137
}
138
//----------------------------------------------------------------------- users
139
$query = 'SELECT id,username,status';
140
$query.= ' FROM '.USERS_TABLE;
141
// only the webmaster can modify webmaster's permissions
142
if ( $user['username'] != $conf['webmaster'] )
143
{
144
  $query.= " WHERE username != '".$conf['webmaster']."'";
145
}
146
$query.= ';';
147
$result = pwg_query( $query );
148
while ( $row = mysql_fetch_array( $result ) )
149
{
150
  $vtp->addSession( $sub, 'user' );
151
  $vtp->setVar( $sub, 'user.id', $row['id'] );
152
  $url = add_session_id( './admin.php?page=user_perm&amp;user_id='.$row['id']);
153
  $vtp->setVar( $sub, 'user.user_perm_link', $url);
154
  if ( $row['username'] == 'guest' )
155
  {
156
    $row['username'] = $lang['guest'];
157
  }
158
  $vtp->setVar( $sub, 'user.username', $row['username'] );
159
 
160
  // for color of user : (red means access forbidden, green authorized) we
161
  // ask all forbidden categories, including the groups rights
162
  $restrictions = get_user_restrictions( $row['id'], $row['status'], false );
163
  $is_user_allowed = is_user_allowed( $page['cat'], $restrictions );
164
  if ( $is_user_allowed == 0 )
165
  {
166
    $vtp->setVar( $sub, 'user.color', 'green' );
167
  }
168
  else
169
  {
170
    $vtp->setVar( $sub, 'user.color', 'red' );
171
  }
172
  // for permission update button, we only ask forbidden categories for the
173
  // user, not taking into account the groups the user belongs to
174
  $restrictions = get_user_restrictions($row['id'],$row['status'],false,false);
175
  $is_user_allowed = is_user_allowed( $page['cat'], $restrictions );
176
  if ( $is_user_allowed == 2 )
177
  {
178
    $vtp->addSession( $sub, 'parent_forbidden' );
179
    $url = './admin.php?page=cat_perm&amp;cat_id='.$page['id_uppercat'];
180
    $vtp->setVar( $sub, 'parent_forbidden.url', add_session_id( $url ) );
181
    $vtp->closeSession( $sub, 'parent_forbidden' );
182
  }
183
  if ( $is_user_allowed == 0 )
184
  {
185
    $vtp->setVar( $sub, 'user.authorized_checked', ' checked="checked"' );
186
  }
187
  else
188
  {
189
    $vtp->setVar( $sub, 'user.forbidden_checked', ' checked="checked"' );
190
  }
191
  // user's group(s)
192
  $query = 'SELECT g.name as groupname, g.id as groupid';
193
  $query.= ' FROM '.PREFIX_TABLE.'groups as g';
194
  $query.= ', '.PREFIX_TABLE.'user_group as ug';
195
  $query.= ' WHERE ug.group_id = g.id';
196
  $query.= ' AND ug.user_id = '.$row['id'];
197
  $query.= ';';
198
  $subresult = pwg_query( $query );
199
  if ( mysql_num_rows( $subresult ) > 0 )
200
  {
201
    $vtp->addSession( $sub, 'usergroups' );
202
    $i = 0;
203
    while( $subrow = mysql_fetch_array( $subresult ) )
204
    {
205
      $vtp->addSession( $sub, 'usergroup' );
206
      if ( in_array( $subrow['groupid'], $authorized_groups ) )
207
      {
208
        $vtp->setVar( $sub, 'usergroup.color', 'green' );
209
      }
210
      else
211
      {
212
        $vtp->setVar( $sub, 'usergroup.color', 'red' );
213
      }
214
      $vtp->setVar( $sub, 'usergroup.name', $subrow['groupname'] );
215
      if ( $i < mysql_num_rows( $subresult ) - 1 )
216
      {
217
        $vtp->setVar( $sub, 'usergroup.separation', ',' );
218
      }
219
      $vtp->closeSession( $sub, 'usergroup' );
220
      $i++;
221
    }
222
    $vtp->closeSession( $sub, 'usergroups' );
223
  }
224
  $vtp->closeSession( $sub, 'user' );
225
}
226
//----------------------------------------------------------- sending html code
227
$vtp->Parse( $handle , 'sub', $sub );
228
?>