// if you forbid access to an album, all sub-albums become // automatically forbidden $query = ' DELETE FROM ' . GROUP_ACCESS_TABLE . ' WHERE group_id IN (' . implode(',', $deny_groups) . ') AND cat_id IN (' . implode(',', get_subcat_ids(array($page['cat']))) . ') ;'; pwg_query($query); } // // add permissions to groups // $grant_groups = $_POST['groups']; if (count($grant_groups) > 0) { $cat_ids = get_uppercat_ids(array($page['cat'])); if (isset($_POST['apply_on_sub'])) { $cat_ids = array_merge($cat_ids, get_subcat_ids(array($page['cat']))); } $query = ' SELECT id FROM ' . CATEGORIES_TABLE . ' WHERE id IN (' . implode(',', $cat_ids) . ') AND status = \'private\' ;'; $private_cats = array_from_query($query, 'id'); $inserts = array(); foreach ($private_cats as $cat_id) { foreach ($grant_groups as $group_id) { $inserts[] = array('group_id' => $group_id, 'cat_id' => $cat_id); }
// | updates | // +-----------------------------------------------------------------------+ if (isset($_POST['falsify']) and isset($_POST['cat_true']) and count($_POST['cat_true']) > 0) { // if you forbid access to a category, all sub-categories become // automatically forbidden $subcats = get_subcat_ids($_POST['cat_true']); $query = ' DELETE FROM ' . GROUP_ACCESS_TABLE . ' WHERE group_id = ' . $page['group'] . ' AND cat_id IN (' . implode(',', $subcats) . ') ;'; pwg_query($query); } else { if (isset($_POST['trueify']) and isset($_POST['cat_false']) and count($_POST['cat_false']) > 0) { $uppercats = get_uppercat_ids($_POST['cat_false']); $private_uppercats = array(); $query = ' SELECT id FROM ' . CATEGORIES_TABLE . ' WHERE id IN (' . implode(',', $uppercats) . ') AND status = \'private\' ;'; $result = pwg_query($query); while ($row = pwg_db_fetch_assoc($result)) { $private_uppercats[] = $row['id']; } // retrying to authorize a category which is already authorized may cause // an error (in SQL statement), so we need to know which categories are // accesible $authorized_ids = array();
/** * API method * Add permissions * @param mixed[] $params * @option int[] cat_id * @option int[] group_id (optional) * @option int[] user_id (optional) * @option bool recursive */ function ws_permissions_add($params, &$service) { if (get_pwg_token() != $params['pwg_token']) { return new PwgError(403, 'Invalid security token'); } include_once PHPWG_ROOT_PATH . 'admin/include/functions.php'; if (!empty($params['group_id'])) { $cat_ids = get_uppercat_ids($params['cat_id']); if ($params['recursive']) { $cat_ids = array_merge($cat_ids, get_subcat_ids($params['cat_id'])); } $query = ' SELECT id FROM ' . CATEGORIES_TABLE . ' WHERE id IN (' . implode(',', $cat_ids) . ') AND status = \'private\' ;'; $private_cats = array_from_query($query, 'id'); $inserts = array(); foreach ($private_cats as $cat_id) { foreach ($params['group_id'] as $group_id) { $inserts[] = array('group_id' => $group_id, 'cat_id' => $cat_id); } } mass_inserts(GROUP_ACCESS_TABLE, array('group_id', 'cat_id'), $inserts, array('ignore' => true)); } if (!empty($params['user_id'])) { if ($params['recursive']) { $_POST['apply_on_sub'] = true; } add_permission_on_category($params['cat_id'], $params['user_id']); } return $service->invoke('pwg.permissions.getList', array('cat_id' => $params['cat_id'])); }
/** * Grant access to a list of categories for a list of users. * * @param int[] $category_ids * @param int[] $user_ids */ function add_permission_on_category($category_ids, $user_ids) { if (!is_array($category_ids)) { $category_ids = array($category_ids); } if (!is_array($user_ids)) { $user_ids = array($user_ids); } // check for emptiness if (count($category_ids) == 0 or count($user_ids) == 0) { return; } // make sure categories are private and select uppercats or subcats $cat_ids = get_uppercat_ids($category_ids); if (isset($_POST['apply_on_sub'])) { $cat_ids = array_merge($cat_ids, get_subcat_ids($category_ids)); } $query = ' SELECT id FROM ' . CATEGORIES_TABLE . ' WHERE id IN (' . implode(',', $cat_ids) . ') AND status = \'private\' ;'; $private_cats = query2array($query, null, 'id'); if (count($private_cats) == 0) { return; } $inserts = array(); foreach ($private_cats as $cat_id) { foreach ($user_ids as $user_id) { $inserts[] = array('user_id' => $user_id, 'cat_id' => $cat_id); } } mass_inserts(USER_ACCESS_TABLE, array('user_id', 'cat_id'), $inserts, array('ignore' => true)); }