mirrors/Piwigo
1
0
Fork 0
mirror of https://github.com/Piwigo/Piwigo.git synced 2025-04-28 04:09:56 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

- category permissions management comes back! (it disappeared in branch 1.4)

Browse source 
This time, it is designed to support better long users list. On this
  screen, for a particular category, admin can say which groups and users
  are permitted.


git-svn-id: http://piwigo.org/svn/trunk@800 68402e56-0260-453c-a942-63ccdbb3a9ee
This commit is contained in:
plegall 2005-06-30 21:20:06 +00:00
parent 3e1604f748
commit 315f9c5670
8 changed files with 409 additions and 249 deletions
Download patch file Download diff file Expand all files Collapse all files

4
admin.php
View file

@ -96,9 +96,9 @@ switch ( $_GET['page'] )
$title = $lang['title_instructions']; $page_valide = true; break; $title = $lang['title_instructions']; $page_valide = true; break;
case 'cat_perm': case 'cat_perm':
$title = $lang['title_cat_perm']; $title = $lang['title_cat_perm'];
if ( isset( $_GET['cat_id'] ) ) if ( isset( $_GET['cat'] ) )
{ {
check_cat_id( $_GET['cat_id'] ); check_cat_id( $_GET['cat'] );
if ( isset( $page['cat'] ) and is_numeric( $page['cat'] ) ) if ( isset( $page['cat'] ) and is_numeric( $page['cat'] ) )
{ {
$result = get_cat_info( $page['cat'] ); $result = get_cat_info( $page['cat'] );

497
admin/cat_perm.php
View file

@ -24,205 +24,342 @@
// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | // | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
// | USA. | // | USA. |
// +-----------------------------------------------------------------------+ // +-----------------------------------------------------------------------+
include_once( './admin/include/isadmin.inc.php' );
//----------------------------------------------------- template initialization
$sub = $vtp->Open( './template/'.$user['template'].'/admin/cat_perm.vtp' );
$error = array();
$tpl = array( 'permuser_authorized','permuser_forbidden','menu_groups',
'submit','menu_users','permuser_parent_forbidden' );
templatize_array( $tpl, 'lang', $sub );
$vtp->setGlobalVar( $sub, 'user_template', $user['template'] );
//-------------------------------------------------------------- category infos
if ( isset( $_GET['cat_id'] ) )
{
check_cat_id( $_GET['cat_id'] );
if ( isset( $page['cat'] ) and is_numeric( $page['cat'] ) )
{
$result = get_cat_info( $page['cat'] );
$page['cat_name'] = $result['name'];
$page['id_uppercat'] = $result['id_uppercat'];
}
}
//---------------------------------------------------------- permission updates
if ( isset( $_POST['submit'] ) )
{
// groups access update
$query = 'DELETE';
$query.= ' FROM '.PREFIX_TABLE.'group_access';
$query.= ' WHERE cat_id = '.$page['cat'];
$query.= ';';
pwg_query( $query );
$query = 'SELECT id';
$query.= ' FROM '.PREFIX_TABLE.'groups';
$query.= ';';
$result = pwg_query( $query );
while ( $row = mysql_fetch_array( $result ) )
{
$radioname = 'groupaccess-'.$row['id'];
if ( $_POST[$radioname] == 0 )
{
$query = 'INSERT INTO '.PREFIX_TABLE.'group_access';
$query.= ' (cat_id,group_id) VALUES';
$query.= ' ('.$page['cat'].','.$row['id'].')';
$query.= ';';
pwg_query( $query );
}
}
// users access update
$query = 'DELETE';
$query.= ' FROM '.PREFIX_TABLE.'user_access';
$query.= ' WHERE cat_id = '.$page['cat'];
$query.= ';';
pwg_query( $query );
$query = 'SELECT id';
$query.= ' FROM '.USERS_TABLE;
$query.= ';';
$result = pwg_query( $query );
while ( $row = mysql_fetch_array( $result ) )
{
$radioname = 'useraccess-'.$row['id'];
if ( $_POST[$radioname] == 0 )
{
$query = 'INSERT INTO '.PREFIX_TABLE.'user_access';
$query.= ' (cat_id,user_id) VALUES';
$query.= ' ('.$page['cat'].','.$row['id'].')';
$query.= ';';
pwg_query( $query );
}
check_favorites( $row['id'] );
}
// resynchronize all users
synchronize_all_users();
}
//---------------------------------------------------------------------- groups
$query = 'SELECT id,name';
$query.= ' FROM '.PREFIX_TABLE.'groups';
$query. ';';
$result = pwg_query( $query );
if ( mysql_num_rows( $result ) > 0 )
{
$vtp->addSession( $sub, 'groups' );
// creating an array with all authorized groups for this category
$query = 'SELECT group_id';
$query.= ' FROM '.PREFIX_TABLE.'group_access';
$query.= ' WHERE cat_id = '.$_GET['cat_id'];
$query.= ';';
$subresult = pwg_query( $query );
$authorized_groups = array();
while ( $subrow = mysql_fetch_array( $subresult ) )
{
array_push( $authorized_groups, $subrow['group_id'] );
}
// displaying each group
while( $row = mysql_fetch_array( $result ) )
{
$vtp->addSession( $sub, 'group' );
if ( in_array( $row['id'], $authorized_groups ) )
{
$vtp->setVar( $sub, 'group.color', 'green' );
$vtp->setVar( $sub, 'group.authorized_checked', ' checked="checked"' );
}
else
{
$vtp->setVar( $sub, 'group.color', 'red' );
$vtp->setVar( $sub, 'group.forbidden_checked', ' checked="checked"' );
}
$vtp->setVar( $sub, 'group.groupname', $row['name'] );
$vtp->setVar( $sub, 'group.id', $row['id'] );
$url = './admin.php?page=group_perm&group_id='.$row['id'];
$vtp->setVar( $sub, 'group.group_perm_link', add_session_id( $url ) );
$vtp->closeSession( $sub, 'group' );
}
$vtp->closeSession( $sub, 'groups' );
}
//----------------------------------------------------------------------- users
$query = 'SELECT id,username,status';
$query.= ' FROM '.USERS_TABLE;
// only the webmaster can modify webmaster's permissions
if ( $user['username'] != $conf['webmaster'] )
{
$query.= " WHERE username != '".$conf['webmaster']."'";
}
$query.= ';';
$result = pwg_query( $query );
while ( $row = mysql_fetch_array( $result ) )
{
$vtp->addSession( $sub, 'user' );
$vtp->setVar( $sub, 'user.id', $row['id'] );
$url = add_session_id( './admin.php?page=user_perm&user_id='.$row['id']);
$vtp->setVar( $sub, 'user.user_perm_link', $url);
if ( $row['username'] == 'guest' )
{
$row['username'] = $lang['guest'];
}
$vtp->setVar( $sub, 'user.username', $row['username'] );
// for color of user : (red means access forbidden, green authorized) we if (!defined('PHPWG_ROOT_PATH'))
// ask all forbidden categories, including the groups rights
$restrictions = get_user_restrictions( $row['id'], $row['status'], false );
$is_user_allowed = is_user_allowed( $page['cat'], $restrictions );
if ( $is_user_allowed == 0 )
{ {
$vtp->setVar( $sub, 'user.color', 'green' ); die ("Hacking attempt!");
} }
else include_once(PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php');
// +-----------------------------------------------------------------------+
// | variable initialization |
// +-----------------------------------------------------------------------+
// if the category is not correct (not numeric, not private)
if (isset($_GET['cat']) and is_numeric($_GET['cat']))
{ {
$vtp->setVar( $sub, 'user.color', 'red' ); $query = '
} SELECT status
// for permission update button, we only ask forbidden categories for the FROM '.CATEGORIES_TABLE.'
// user, not taking into account the groups the user belongs to WHERE id = '.$_GET['cat'].'
$restrictions = get_user_restrictions($row['id'],$row['status'],false,false); ;';
$is_user_allowed = is_user_allowed( $page['cat'], $restrictions ); list($status) = mysql_fetch_array(pwg_query($query));
if ( $is_user_allowed == 2 )
if ('private' == $status)
{ {
$vtp->addSession( $sub, 'parent_forbidden' ); $page['cat'] = $_GET['cat'];
$url = './admin.php?page=cat_perm&cat_id='.$page['id_uppercat'];
$vtp->setVar( $sub, 'parent_forbidden.url', add_session_id( $url ) );
$vtp->closeSession( $sub, 'parent_forbidden' );
} }
if ( $is_user_allowed == 0 ) }
if (!isset($page['cat']))
{ {
$vtp->setVar( $sub, 'user.authorized_checked', ' checked="checked"' ); $query = '
SELECT id
FROM '.CATEGORIES_TABLE.'
WHERE status = \'private\'
LIMIT 0,1
;';
list($page['cat']) = mysql_fetch_array(pwg_query($query));
} }
else
// +-----------------------------------------------------------------------+
// | form submission |
// +-----------------------------------------------------------------------+
if (isset($_POST) and false)
{ {
$vtp->setVar( $sub, 'user.forbidden_checked', ' checked="checked"' ); echo '<pre>';
print_r($_POST);
echo '</pre>';
} }
// user's group(s)
$query = 'SELECT g.name as groupname, g.id as groupid'; if (isset($_POST['deny_groups_submit'])
$query.= ' FROM '.PREFIX_TABLE.'groups as g'; and isset($_POST['deny_groups'])
$query.= ', '.PREFIX_TABLE.'user_group as ug'; and count($_POST['deny_groups']) > 0)
$query.= ' WHERE ug.group_id = g.id';
$query.= ' AND ug.user_id = '.$row['id'];
$query.= ';';
$subresult = pwg_query( $query );
if ( mysql_num_rows( $subresult ) > 0 )
{ {
$vtp->addSession( $sub, 'usergroups' ); // if you forbid access to a category, all sub-categories become
$i = 0; // automatically forbidden
while( $subrow = mysql_fetch_array( $subresult ) ) $query = '
DELETE
FROM '.GROUP_ACCESS_TABLE.'
WHERE group_id IN ('.implode(',', $_POST['deny_groups']).')
AND cat_id IN ('.implode(',', get_subcat_ids(array($page['cat']))).')
;';
pwg_query($query);
}
else if (isset($_POST['grant_groups_submit'])
and isset($_POST['grant_groups'])
and count($_POST['grant_groups']) > 0)
{ {
$vtp->addSession( $sub, 'usergroup' ); $query = '
if ( in_array( $subrow['groupid'], $authorized_groups ) ) SELECT id
FROM '.CATEGORIES_TABLE.'
WHERE id IN ('.implode(',', get_uppercat_ids(array($page['cat']))).')
AND status = \'private\'
;';
$private_uppercats = array_from_query($query, 'id');
// We must not reinsert already existing lines in group_access table
$granteds = array();
foreach ($private_uppercats as $cat_id)
{ {
$vtp->setVar( $sub, 'usergroup.color', 'green' ); $granteds[$cat_id] = array();
} }
else
$query = '
SELECT group_id, cat_id
FROM '.GROUP_ACCESS_TABLE.'
WHERE cat_id IN ('.implode(',', $private_uppercats).')
AND group_id IN ('.implode(',', $_POST['grant_groups']).')
;';
$result = pwg_query($query);
while ($row = mysql_fetch_array($result))
{ {
$vtp->setVar( $sub, 'usergroup.color', 'red' ); array_push($granteds[$row['cat_id']], $row['group_id']);
} }
$vtp->setVar( $sub, 'usergroup.name', $subrow['groupname'] );
if ( $i < mysql_num_rows( $subresult ) - 1 ) $inserts = array();
foreach ($private_uppercats as $cat_id)
{ {
$vtp->setVar( $sub, 'usergroup.separation', ',' ); $group_ids = array_diff($_POST['grant_groups'], $granteds[$cat_id]);
foreach ($group_ids as $group_id)
{
array_push($inserts, array('group_id' => $group_id,
'cat_id' => $cat_id));
} }
$vtp->closeSession( $sub, 'usergroup' );
$i++;
} }
$vtp->closeSession( $sub, 'usergroups' );
mass_inserts(GROUP_ACCESS_TABLE, array('group_id','cat_id'), $inserts);
} }
$vtp->closeSession( $sub, 'user' ); else if (isset($_POST['deny_users_submit'])
and isset($_POST['deny_users'])
and count($_POST['deny_users']) > 0)
{
// if you forbid access to a category, all sub-categories become
// automatically forbidden
$query = '
DELETE
FROM '.USER_ACCESS_TABLE.'
WHERE user_id IN ('.implode(',', $_POST['deny_users']).')
AND cat_id IN ('.implode(',', get_subcat_ids(array($page['cat']))).')
;';
pwg_query($query);
} }
//----------------------------------------------------------- sending html code else if (isset($_POST['grant_users_submit'])
$vtp->Parse( $handle , 'sub', $sub ); and isset($_POST['grant_users'])
and count($_POST['grant_users']) > 0)
{
$query = '
SELECT id
FROM '.CATEGORIES_TABLE.'
WHERE id IN ('.implode(',', get_uppercat_ids(array($page['cat']))).')
AND status = \'private\'
;';
$private_uppercats = array_from_query($query, 'id');
// We must not reinsert already existing lines in user_access table
$granteds = array();
foreach ($private_uppercats as $cat_id)
{
$granteds[$cat_id] = array();
}
$query = '
SELECT user_id, cat_id
FROM '.USER_ACCESS_TABLE.'
WHERE cat_id IN ('.implode(',', $private_uppercats).')
AND user_id IN ('.implode(',', $_POST['grant_users']).')
;';
$result = pwg_query($query);
while ($row = mysql_fetch_array($result))
{
array_push($granteds[$row['cat_id']], $row['user_id']);
}
$inserts = array();
foreach ($private_uppercats as $cat_id)
{
$user_ids = array_diff($_POST['grant_users'], $granteds[$cat_id]);
foreach ($user_ids as $user_id)
{
array_push($inserts, array('user_id' => $user_id,
'cat_id' => $cat_id));
}
}
mass_inserts(USER_ACCESS_TABLE, array('user_id','cat_id'), $inserts);
}
// +-----------------------------------------------------------------------+
// | template initialization |
// +-----------------------------------------------------------------------+
$template->set_filenames(array('cat_perm'=>'admin/cat_perm.tpl'));
$form_action = PHPWG_ROOT_PATH.'admin.php';
$form_action.= '?page=cat_perm&amp;cat='.$page['cat'];
$template->assign_vars(array('F_ACTION' => $form_action));
// +-----------------------------------------------------------------------+
// | form construction |
// +-----------------------------------------------------------------------+
// groups denied are the groups not granted. So we need to find all groups
// minus groups granted to find groups denied.
$groups = array();
$query = '
SELECT id, name
FROM '.GROUPS_TABLE.'
;';
$result = pwg_query($query);
while ($row = mysql_fetch_array($result))
{
$groups[$row['id']] = $row['name'];
}
$query = '
SELECT group_id
FROM '.GROUP_ACCESS_TABLE.'
WHERE cat_id = '.$page['cat'].'
;';
$group_granted_ids = array_from_query($query, 'group_id');
// groups granted to access the category
foreach ($group_granted_ids as $group_id)
{
$template->assign_block_vars(
'group_granted',
array(
'NAME'=>$groups[$group_id],
'ID'=>$group_id
)
);
}
// groups denied
foreach (array_diff(array_keys($groups), $group_granted_ids) as $group_id)
{
$template->assign_block_vars(
'group_denied',
array(
'NAME'=>$groups[$group_id],
'ID'=>$group_id
)
);
}
// users...
$users = array();
$query = '
SELECT id, username
FROM '.USERS_TABLE.'
WHERE id != 2
;';
$result = pwg_query($query);
while($row = mysql_fetch_array($result))
{
$users[$row['id']] = $row['username'];
}
$query = '
SELECT user_id
FROM '.USER_ACCESS_TABLE.'
WHERE cat_id = '.$page['cat'].'
;';
$user_granted_direct_ids = array_from_query($query, 'user_id');
foreach ($user_granted_direct_ids as $user_id)
{
$template->assign_block_vars(
'user_granted',
array(
'NAME'=>$users[$user_id],
'ID'=>$user_id
)
);
}
$user_granted_indirect_ids = array();
if (count($group_granted_ids) > 0)
{
$granted_groups = array();
$query = '
SELECT user_id, group_id
FROM '.USER_GROUP_TABLE.'
WHERE group_id IN ('.implode(',', $group_granted_ids).')
';
$result = pwg_query($query);
while ($row = mysql_fetch_array($result))
{
if (!isset($granted_groups[$row['group_id']]))
{
$granted_groups[$row['group_id']] = array();
}
array_push($granted_groups[$row['group_id']], $row['user_id']);
}
$user_granted_by_group_ids = array();
foreach ($granted_groups as $group_users)
{
$user_granted_by_group_ids = array_merge($user_granted_by_group_ids,
$group_users);
}
$user_granted_by_group_ids = array_unique($user_granted_by_group_ids);
$user_granted_indirect_ids = array_diff($user_granted_by_group_ids,
$user_granted_direct_ids);
foreach ($user_granted_indirect_ids as $user_id)
{
$group = '';
foreach ($granted_groups as $group_id => $group_users)
{
if (in_array($user_id, $group_users))
{
$group = $groups[$group_id];
break;
}
}
$template->assign_block_vars(
'user_granted_indirect',
array(
'NAME'=>$users[$user_id],
'GROUP'=>$group
)
);
}
}
$user_denied_ids = array_diff(array_keys($users),
$user_granted_indirect_ids,
$user_granted_direct_ids);
foreach ($user_denied_ids as $user_id)
{
$template->assign_block_vars(
'user_denied',
array(
'NAME'=>$users[$user_id],
'ID'=>$user_id
)
);
}
// +-----------------------------------------------------------------------+
// | sending html code |
// +-----------------------------------------------------------------------+
$template->assign_var_from_handle('ADMIN_CONTENT', 'cat_perm');
?> ?>

7
doc/ChangeLog
View file

@ -1,3 +1,10 @@
2005-06-30 Pierrick LE GALL
* category permissions management comes back! (it disappeared in
branch 1.4) This time, it is designed to support better long users
list. On this screen, for a particular category, admin can say
which groups and users are permitted.
2005-06-30 Pierrick LE GALL 2005-06-30 Pierrick LE GALL
* users managment : change display of filter (according to filter * users managment : change display of filter (according to filter

3
template/default/admin/cat_list.tpl
View file

@ -14,6 +14,9 @@
<li><a href="{category.elements.URL}" title="{lang:manage category elements}"><img src="./template/default/theme/category_elements.png" alt="{lang:elements}" /></a></li> <li><a href="{category.elements.URL}" title="{lang:manage category elements}"><img src="./template/default/theme/category_elements.png" alt="{lang:elements}" /></a></li>
<!-- END elements --> <!-- END elements -->
<li><a href="{category.U_CHILDREN}" title="{lang:manage sub-categories}"><img src="./template/default/theme/category_children.png" alt="{lang:sub-categories}" /></a></li> <li><a href="{category.U_CHILDREN}" title="{lang:manage sub-categories}"><img src="./template/default/theme/category_children.png" alt="{lang:sub-categories}" /></a></li>
<!-- BEGIN permissions -->
<li><a href="{category.permissions.URL}" title="{lang:edit category permissions}" ><img src="./template/default/theme/category_permissions.png" alt="{lang:permissions}" /></a></li>
<!-- END permissions -->
<!-- BEGIN delete --> <!-- BEGIN delete -->
<li><a href="{category.delete.URL}" title="{lang:delete category}"><img src="./template/default/theme/category_delete.png" alt="{lang:delete}" /></a></li> <li><a href="{category.delete.URL}" title="{lang:delete category}"><img src="./template/default/theme/category_delete.png" alt="{lang:delete}" /></a></li>
<!-- END delete --> <!-- END delete -->

56
template/default/admin/cat_perm.tpl Normal file
View file

@ -0,0 +1,56 @@
<form action="{F_ACTION}" method="post" id="categoryPermissions">
<h2>{lang:Groups}</h2>
<fieldset>
<legend>{lang:Permission granted}</legend>
<ul>
<!-- BEGIN group_granted -->
<li><label><input type="checkbox" name="deny_groups[]" value="{group_granted.ID}" /> {group_granted.NAME}</label></li>
<!-- END group_granted -->
</ul>
<input type="submit" name="deny_groups_submit" value="{lang:Deny selected groups}" />
</fieldset>
<fieldset>
<legend>{lang:Permission denied}</legend>
<ul>
<!-- BEGIN group_denied -->
<li><label><input type="checkbox" name="grant_groups[]" value="{group_denied.ID}"> {group_denied.NAME}</label></li>
<!-- END group_denied -->
</ul>
<input type="submit" name="grant_groups_submit" value="{lang:Grant selected groups}" />
</fieldset>
<h2>{lang:Users}</h2>
<fieldset>
<legend>{lang:Permission granted}</legend>
<ul>
<!-- BEGIN user_granted -->
<li><label><input type="checkbox" name="deny_users[]" value="{user_granted.ID}" /> {user_granted.NAME}</label></li>
<!-- END user_granted -->
</ul>
<input type="submit" name="deny_users_submit" value="{lang:Deny selected users}" />
</fieldset>
<fieldset>
<legend>{lang:Permission granted thanks to a group}</legend>
<ul>
<!-- BEGIN user_granted_indirect -->
<li>{user_granted_indirect.NAME} ({user_granted_indirect.GROUP})</li>
<!-- END user_granted_indirect -->
</ul>
</fieldset>
<fieldset>
<legend>{lang:Permission denied}</legend>
<ul>
<!-- BEGIN user_denied -->
<li><label><input type="checkbox" name="grant_users[]" value="{user_denied.ID}"> {user_denied.NAME}</label></li>
<!-- END user_denied -->
</ul>
<input type="submit" name="grant_users_submit" value="{lang:Grant selected users}" />
</fieldset>
</form>

48
template/default/admin/cat_perm.vtp
View file

@ -1,48 +0,0 @@
<form action="{#action}" method="post">
<!--VTP_groups-->
<table style="width:100%;">
<tr>
<th colspan="2">{#menu_groups}</th>
</tr>
<!--VTP_group-->
<tr>
<td><img src="./template/{#user_template}/admin/images/puce.gif" alt="&gt;" /><a href="{#group_perm_link}"><span style="color:{#color}">{#groupname}</span></a></td>
<td style="text-align:right;">
<input type="radio" name="groupaccess-{#id}" value="0"{#authorized_checked}/>{#permuser_authorized}
<input type="radio" name="groupaccess-{#id}" value="1"{#forbidden_checked}/>{#permuser_forbidden}
</td>
</tr>
<!--/VTP_group-->
</table>
<!--/VTP_groups-->
<table style="width:100%;">
<tr>
<th colspan="2">{#menu_users}</th>
</tr>
<!--VTP_user-->
<tr>
<td>
<img src="./template/{#user_template}/admin/images/puce.gif" alt="&gt;" />
<a href="{#user_perm_link}"><span style="color:{#color}">{#username}</span></a>
<!--VTP_usergroups-->
[
<!--VTP_usergroup-->
<span style="color:{#color};">{#name}</span>{#separation}
<!--/VTP_usergroup-->
]
<!--/VTP_usergroups-->
</td>
<td style="text-align:right;">
<!--VTP_parent_forbidden-->
<a href="{#url}">{#permuser_parent_forbidden}</a>
<!--/VTP_parent_forbidden-->
<input type="radio" name="useraccess-{#id}" value="0"{#authorized_checked}/>{#permuser_authorized}
<input type="radio" name="useraccess-{#id}" value="1"{#forbidden_checked}/>{#permuser_forbidden}
</td>
</tr>
<!--/VTP_user-->
<tr>
<td colspan="2" align="center"><input type="submit" name="submit" value="{#submit}"/></td>
</tr>
</table>
</form>

5
template/default/default.css
View file

@ -475,3 +475,8 @@ form.filter FIELDSET {
form.filter FIELDSET + INPUT { form.filter FIELDSET + INPUT {
margin-top: 10px; margin-top: 10px;
} }
FORM#categoryPermissions LI {
display:inline;
white-space: nowrap;
}

BIN
template/default/theme/category_permissions.png Normal file
View file

Binary file not shown.