// if you forbid access to an album, all sub-albums become
// automatically forbidden
$query = '
DELETE
FROM ' . GROUP_ACCESS_TABLE . '
WHERE group_id IN (' . implode(',', $deny_groups) . ')
AND cat_id IN (' . implode(',', get_subcat_ids(array($page['cat']))) . ')
;';
pwg_query($query);
}
//
// add permissions to groups
//
$grant_groups = $_POST['groups'];
if (count($grant_groups) > 0) {
$cat_ids = get_uppercat_ids(array($page['cat']));
if (isset($_POST['apply_on_sub'])) {
$cat_ids = array_merge($cat_ids, get_subcat_ids(array($page['cat'])));
}
$query = '
SELECT id
FROM ' . CATEGORIES_TABLE . '
WHERE id IN (' . implode(',', $cat_ids) . ')
AND status = \'private\'
;';
$private_cats = array_from_query($query, 'id');
$inserts = array();
foreach ($private_cats as $cat_id) {
foreach ($grant_groups as $group_id) {
$inserts[] = array('group_id' => $group_id, 'cat_id' => $cat_id);
}
// | updates |
// +-----------------------------------------------------------------------+
if (isset($_POST['falsify']) and isset($_POST['cat_true']) and count($_POST['cat_true']) > 0) {
// if you forbid access to a category, all sub-categories become
// automatically forbidden
$subcats = get_subcat_ids($_POST['cat_true']);
$query = '
DELETE
FROM ' . GROUP_ACCESS_TABLE . '
WHERE group_id = ' . $page['group'] . '
AND cat_id IN (' . implode(',', $subcats) . ')
;';
pwg_query($query);
} else {
if (isset($_POST['trueify']) and isset($_POST['cat_false']) and count($_POST['cat_false']) > 0) {
$uppercats = get_uppercat_ids($_POST['cat_false']);
$private_uppercats = array();
$query = '
SELECT id
FROM ' . CATEGORIES_TABLE . '
WHERE id IN (' . implode(',', $uppercats) . ')
AND status = \'private\'
;';
$result = pwg_query($query);
while ($row = pwg_db_fetch_assoc($result)) {
$private_uppercats[] = $row['id'];
}
// retrying to authorize a category which is already authorized may cause
// an error (in SQL statement), so we need to know which categories are
// accesible
$authorized_ids = array();
/**
* API method
* Add permissions
* @param mixed[] $params
* @option int[] cat_id
* @option int[] group_id (optional)
* @option int[] user_id (optional)
* @option bool recursive
*/
function ws_permissions_add($params, &$service)
{
if (get_pwg_token() != $params['pwg_token']) {
return new PwgError(403, 'Invalid security token');
}
include_once PHPWG_ROOT_PATH . 'admin/include/functions.php';
if (!empty($params['group_id'])) {
$cat_ids = get_uppercat_ids($params['cat_id']);
if ($params['recursive']) {
$cat_ids = array_merge($cat_ids, get_subcat_ids($params['cat_id']));
}
$query = '
SELECT id
FROM ' . CATEGORIES_TABLE . '
WHERE id IN (' . implode(',', $cat_ids) . ')
AND status = \'private\'
;';
$private_cats = array_from_query($query, 'id');
$inserts = array();
foreach ($private_cats as $cat_id) {
foreach ($params['group_id'] as $group_id) {
$inserts[] = array('group_id' => $group_id, 'cat_id' => $cat_id);
}
}
mass_inserts(GROUP_ACCESS_TABLE, array('group_id', 'cat_id'), $inserts, array('ignore' => true));
}
if (!empty($params['user_id'])) {
if ($params['recursive']) {
$_POST['apply_on_sub'] = true;
}
add_permission_on_category($params['cat_id'], $params['user_id']);
}
return $service->invoke('pwg.permissions.getList', array('cat_id' => $params['cat_id']));
}
/**
* Grant access to a list of categories for a list of users.
*
* @param int[] $category_ids
* @param int[] $user_ids
*/
function add_permission_on_category($category_ids, $user_ids)
{
if (!is_array($category_ids)) {
$category_ids = array($category_ids);
}
if (!is_array($user_ids)) {
$user_ids = array($user_ids);
}
// check for emptiness
if (count($category_ids) == 0 or count($user_ids) == 0) {
return;
}
// make sure categories are private and select uppercats or subcats
$cat_ids = get_uppercat_ids($category_ids);
if (isset($_POST['apply_on_sub'])) {
$cat_ids = array_merge($cat_ids, get_subcat_ids($category_ids));
}
$query = '
SELECT id
FROM ' . CATEGORIES_TABLE . '
WHERE id IN (' . implode(',', $cat_ids) . ')
AND status = \'private\'
;';
$private_cats = query2array($query, null, 'id');
if (count($private_cats) == 0) {
return;
}
$inserts = array();
foreach ($private_cats as $cat_id) {
foreach ($user_ids as $user_id) {
$inserts[] = array('user_id' => $user_id, 'cat_id' => $cat_id);
}
}
mass_inserts(USER_ACCESS_TABLE, array('user_id', 'cat_id'), $inserts, array('ignore' => true));
}
