issue #1852 ability to disable core/extensions updates

admin.php

@@ -228,7 +228,6 @@ $template->assign(
     'U_PLUGINS'=> $link_start.'plugins',
     'U_ADD_PHOTOS' => $link_start.'photos_add',
     'U_CHANGE_THEME' => $change_theme_url,
-    'U_UPDATES' => $link_start.'updates',
     'ADMIN_PAGE_TITLE' => 'Piwigo Administration Page',
     'ADMIN_PAGE_OBJECT_ID' => '',
     'U_SHOW_TEMPLATE_TAB' => $conf['show_template_in_side_menu'],
@@ -236,6 +235,11 @@ $template->assign(
     )
   );
 
+if ($conf['enable_core_update'])
+{
+  $template->assign('U_UPDATES', $link_start.'updates');
+}
+
 if ($conf['activate_comments'])
 {
   $template->assign('U_COMMENTS', $link_start.'comments');

admin/include/add_core_tabs.inc.php

@@ -10,6 +10,8 @@ add_event_handler('tabsheet_before_select', 'add_core_tabs', 0);
 
 function add_core_tabs($sheets, $tab_id)
 {
+  global $conf;
+
   switch($tab_id)
   {
     case 'admin_home':
@@ -49,7 +51,7 @@ function add_core_tabs($sheets, $tab_id)
       break;
 
     case 'cat_options':
-      global $link_start, $conf;
+      global $link_start;
       $sheets['status'] = array('caption' => '<span class="icon-lock"></span>'.l10n('Public / Private'), 'url' => $link_start.'cat_options&amp;section=status');
       $sheets['visible'] = array('caption' => '<span class="icon-block"></span>'.l10n('Lock'), 'url' => $link_start.'cat_options&amp;section=visible');
       if ($conf['activate_comments'])
@@ -101,8 +103,11 @@ function add_core_tabs($sheets, $tab_id)
     case 'languages':
       global $my_base_url;
       $sheets['installed'] = array('caption' => '<span class="icon-menu"></span>'.l10n('List'), 'url' => $my_base_url.'&amp;tab=installed');
+      if ($conf['enable_extensions_install'])
+      {
         $sheets['update'] = array('caption' => '<span class="icon-arrows-cw"></span>'.l10n('Check for updates'), 'url' => $my_base_url.'&amp;tab=update');
         $sheets['new'] = array('caption' => '<span class="icon-plus-circled"></span>'.l10n('Add New Language'), 'url' => $my_base_url.'&amp;tab=new');
+      }
       break;
 
     case 'menus':
@@ -128,7 +133,6 @@ function add_core_tabs($sheets, $tab_id)
       break;
 
     case 'photos_add':
-      global $conf;
       $sheets['direct'] = array('caption' => '<span class="icon-upload"></span>'.l10n('Web Form'), 'url' => PHOTOS_ADD_BASE_URL.'&amp;section=direct');
       $sheets['applications'] = array('caption' => '<span class="icon-network"></span>'.l10n('Applications'), 'url' => PHOTOS_ADD_BASE_URL.'&amp;section=applications');
       if ($conf['enable_synchronization'])
@@ -138,8 +142,11 @@ function add_core_tabs($sheets, $tab_id)
     case 'plugins':
       global $my_base_url;
       $sheets['installed'] = array('caption' => '<span class="icon-menu"></span>'.l10n('List'), 'url' => $my_base_url.'&amp;tab=installed');
+      if ($conf['enable_extensions_install'])
+      {
         $sheets['update'] = array('caption' => '<span class="icon-arrows-cw"></span>'.l10n('Check for updates'), 'url' => $my_base_url.'&amp;tab=update');
         $sheets['new'] = array('caption' => '<span class="icon-plus-circled"></span>'.l10n('Add New Plugin'), 'url' => $my_base_url.'&amp;tab=new');
+      }
       break;
 
     case 'rating':
@@ -150,14 +157,25 @@ function add_core_tabs($sheets, $tab_id)
     case 'themes':
       global $my_base_url;
       $sheets['installed'] = array('caption' => '<span class="icon-menu"></span>'.l10n('List'), 'url' => $my_base_url.'&amp;tab=installed');
+      if ($conf['enable_extensions_install'])
+      {
         $sheets['update'] = array('caption' => '<span class="icon-arrows-cw"></span>'.l10n('Check for updates'), 'url' => $my_base_url.'&amp;tab=update');
         $sheets['new'] = array('caption' => '<span class="icon-plus-circled"></span>'.l10n('Add New Theme'), 'url' => $my_base_url.'&amp;tab=new');
+      }
       break;
 
     case 'updates':
       global $my_base_url;
+
+      if ($conf['enable_core_update'])
+      {
         $sheets['pwg'] = array('caption' => l10n('Piwigo core'), 'url' => $my_base_url);
+      }
+
+      if ($conf['enable_extensions_install'])
+      {
         $sheets['ext'] = array('caption' => l10n('Extensions'), 'url' => $my_base_url.'&amp;tab=ext');
+      }
       break;
     case 'site_update':
       global $my_base_url;

admin/languages_new.php

@@ -11,6 +11,11 @@ if( !defined("PHPWG_ROOT_PATH") )
   die ("Hacking attempt!");
 }
 
+if (!$conf['enable_extensions_install'])
+{
+  die('Piwigo extensions install/update system is disabled');
+}
+
 include_once(PHPWG_ROOT_PATH.'admin/include/languages.class.php');
 
 $template->set_filenames(array('languages' => 'languages_new.tpl'));

admin/plugins_new.php

@@ -11,6 +11,11 @@ if( !defined("PHPWG_ROOT_PATH") )
   die ("Hacking attempt!");
 }
 
+if (!$conf['enable_extensions_install'])
+{
+  die('Piwigo extensions install/update system is disabled');
+}
+
 include_once(PHPWG_ROOT_PATH.'admin/include/plugins.class.php');
 
 $template->set_filenames(array('plugins' => 'plugins_new.tpl'));

admin/themes/default/template/admin.tpl

@@ -105,7 +105,9 @@ jQuery(document).ready(function() {
           <span class="adminMenubarCounter" title="{'%d waiting for validation'|translate:$NB_PENDING_COMMENTS}">{$NB_PENDING_COMMENTS}</span>
         {/if}</a></li>
 {/if}
+{if isset($U_UPDATES)}
         <li><a href="{$U_UPDATES}"><i class="icon-arrows-cw"></i>{'Updates'|@translate}</a></li>
+{/if}
       </ul>
 		</dd>
   </dl>

admin/themes_new.php

@@ -11,6 +11,11 @@ if( !defined("PHPWG_ROOT_PATH") )
   die ("Hacking attempt!");
 }
 
+if (!$conf['enable_extensions_install'])
+{
+  die('Piwigo extensions install/update system is disabled');
+}
+
 include_once(PHPWG_ROOT_PATH.'admin/include/themes.class.php');
 
 $base_url = get_root_url().'admin.php?page='.$page['page'].'&tab='.$page['tab'];

admin/updates.php

@@ -11,6 +11,11 @@ if( !defined("PHPWG_ROOT_PATH") )
   die ("Hacking attempt!");
 }
 
+if (!$conf['enable_extensions_install'] and !$conf['enable_core_update'])
+{
+  die('update system is disabled');
+}
+
 include_once(PHPWG_ROOT_PATH.'admin/include/tabsheet.class.php');
 
 $my_base_url = get_root_url().'admin.php?page=updates';

admin/updates_ext.php

@@ -11,6 +11,11 @@ if( !defined("PHPWG_ROOT_PATH") )
   die ("Hacking attempt!");
 }
 
+if (!$conf['enable_extensions_install'])
+{
+  die('Piwigo extensions install/update system is disabled');
+}
+
 if (!is_webmaster())
 {
   $page['warnings'][] = str_replace('%s', l10n('user_status_webmaster'), l10n('%s status is required to edit parameters.'));

admin/updates_pwg.php

@@ -11,6 +11,11 @@ if( !defined("PHPWG_ROOT_PATH") )
   die ("Hacking attempt!");
 }
 
+if (!$conf['enable_core_update'])
+{
+  die('Piwigo core update system is disabled');
+}
+
 include_once(PHPWG_ROOT_PATH.'admin/include/updates.class.php');
 include_once(PHPWG_ROOT_PATH.'admin/include/pclzip.lib.php');
 

include/config_default.inc.php

@@ -853,6 +853,12 @@ $conf['themes_dir'] = PHPWG_ROOT_PATH.'themes';
 // enable the synchronization method for adding photos
 $conf['enable_synchronization'] = true;
 
+// enable the update of Piwigo core from administration pages
+$conf['enable_core_update'] = true;
+
+// enable install/update of plugins/themes/languages from administration pages
+$conf['enable_extensions_install'] = true;
+
 // Permitted characters for files/directories during synchronization.
 // Do not add the ' U+0027 single quote apostrophe character, it WILL make some
 // SQL queries fail. URI reserved characters (see

include/ws_functions/pwg.extensions.php

@@ -133,6 +133,13 @@ function ws_themes_performAction($params, $service)
  */
 function ws_extensions_update($params, $service)
 {
+  global $conf;
+
+  if (!$conf['enable_extensions_install'])
+  {
+    return new PwgError(401, 'Piwigo extensions install/update system is disabled');
+  }
+
   if (!is_webmaster())
   {
     return new PwgError(401, l10n('Webmaster status is required.'));