function album_read_tree($user_id = ALBUM_PUBLIC_GALLERY, $options = ALBUM_AUTH_VIEW) { global $db, $user, $album_data; $can_view = (int) checkFlag($options, ALBUM_AUTH_VIEW); $can_upload = (int) checkFlag($options, ALBUM_AUTH_UPLOAD); $can_rate = (int) checkFlag($options, ALBUM_AUTH_RATE); $can_comment = (int) checkFlag($options, ALBUM_AUTH_COMMENT); $can_edit = (int) checkFlag($options, ALBUM_AUTH_EDIT); $can_delete = (int) checkFlag($options, ALBUM_AUTH_DELETE); // parent categories $parents = array(); // read categories and categories with right user access rights $cats = array(); if (sizeof($album_data['data']) > 0) { return ALBUM_DATA_ALREADY_READ; } $parent_root_id = ALBUM_ROOT_CATEGORY; if (checkFlag($options, ALBUM_READ_ALL_CATEGORIES)) { // All galleries, both public and personal $sql = "SELECT c.*, COUNT(p.pic_id) AS count, u.username AS username\n\t\t\t\tFROM " . ALBUM_CAT_TABLE . " AS c\n\t\t\t\t\tLEFT JOIN " . ALBUM_TABLE . " AS p ON c.cat_id = p.pic_cat_id\n\t\t\t\t\tLEFT JOIN " . USERS_TABLE . " AS u ON c.cat_user_id = u.user_id\n\t\t\t\tWHERE cat_id <> 0\n\t\t\t\tGROUP BY cat_id " . album_get_sql_category_sort(); } else { if ($user_id == ALBUM_PUBLIC_GALLERY) { // Public galleries $sql = "SELECT c.*, COUNT(p.pic_id) AS count, '' AS username\n\t\t\t\t\tFROM " . ALBUM_CAT_TABLE . " AS c\n\t\t\t\t\t\tLEFT JOIN " . ALBUM_TABLE . " AS p ON c.cat_id = p.pic_cat_id\n\t\t\t\t\tWHERE cat_id <> 0 AND c.cat_user_id = 0\n\t\t\t\t\tGROUP BY cat_id " . album_get_sql_category_sort(); } else { // Personal galleries $sql = "SELECT c.*, COUNT(p.pic_id) AS count, u.username\n\t\t\t\t\tFROM " . ALBUM_CAT_TABLE . " AS c\n\t\t\t\t\t\tLEFT JOIN " . ALBUM_TABLE . " AS p ON c.cat_id = p.pic_cat_id\n\t\t\t\t\t\tLEFT JOIN " . USERS_TABLE . " AS u ON c.cat_user_id = u.user_id\n\t\t\t\t\tWHERE u.user_id = " . $user_id . "\n\t\t\t\t\tGROUP BY c.cat_id " . album_get_sql_category_sort(); } } $result = $db->sql_query($sql); if ($db->sql_numrows($result) == 0) { if (album_is_debug_enabled() == true) { album_debugEx('album_read_tree : no rows was selected using this sql = %s', $sql); } return; } while ($row = $db->sql_fetchrow($result)) { // ------------------------------------------------------------------------ // if current category id is the same as the parent id, then replace parent id with 0 // ------------------------------------------------------------------------ if ($row['cat_parent'] == $row['cat_id']) { $row['cat_parent'] = 0; } // store the parent id for this category in the row array $row['parent'] = $row['cat_parent'] == 0 ? $parent_root_id : $row['cat_parent']; $idx = sizeof($cats); $cats[$idx] = $row; $parents[$row['parent']][] = $idx; } $db->sql_freeresult($result); // build the tree $album_data = array(); album_build_tree($cats, $parents); // populate the authentication data to the album tree album_create_user_auth($user_id); if (album_is_debug_enabled() == true) { album_debug('album_read_tree : user id = %d, $album_data[\'auth\'] = %s', $user_id, $album_data['auth']); } // ------------------------------------------------------------------------ // from the authenticated categories, build alist of allowed categories // where the authentication rights fits the one that was specified in the // function call (album_read_tree) // ------------------------------------------------------------------------ if (!empty($album_data['auth']) || sizeof($album_data['auth']) > 0) { $cats = array(); // re-create an array for ($idx = 0; $idx < sizeof($album_data['auth']); $idx++) { $cat_id = $album_data['id'][$idx]; if ($album_data['auth'][$cat_id]['view'] >= $can_view && $album_data['auth'][$cat_id]['upload'] >= $can_upload && $album_data['auth'][$cat_id]['rate'] >= $can_rate && $album_data['auth'][$cat_id]['comment'] >= $can_comment && $album_data['auth'][$cat_id]['edit'] >= $can_edit && $album_data['auth'][$cat_id]['delete'] >= $can_delete) { if (checkFlag($options, ALBUM_CREATE_CAT_ID_LIST)) { $cats[0] .= (empty($cats[0]) ? '' : ',') . $album_data['data'][$idx]['cat_id']; } else { $cats[] = $album_data['data'][$idx]; } } } } if (album_is_debug_enabled() == true) { album_debug('album_read_tree : $cats = %s', $cats); } if (checkFlag($options, ALBUM_CREATE_CAT_ID_LIST)) { return $cats[0]; } else { return $cats; } }
function album_check_permission($auth_data, $access_check, $or_check = false) { // NOTE : ALBUM_AUTH_CREATE_PERSONAL and ALBUM_AUTH_UPLOAD are synomous for each other // and thus only the ALBUM_AUTH_UPLOAD is present here $access_type = array(ALBUM_AUTH_VIEW => 'view', ALBUM_AUTH_UPLOAD => 'upload', ALBUM_AUTH_RATE => 'rate', ALBUM_AUTH_COMMENT => 'comment', ALBUM_AUTH_EDIT => 'edit', ALBUM_AUTH_DELETE => 'delete', ALBUM_AUTH_MODERATOR => 'moderator', ALBUM_AUTH_MANAGE_PERSONAL_CATEGORIES => 'manage'); $access_index = array('0' => ALBUM_AUTH_VIEW, '1' => ALBUM_AUTH_UPLOAD, '2' => ALBUM_AUTH_RATE, '3' => ALBUM_AUTH_COMMENT, '4' => ALBUM_AUTH_EDIT, '5' => ALBUM_AUTH_DELETE, '6' => ALBUM_AUTH_MODERATOR, '7' => ALBUM_AUTH_MANAGE_PERSONAL_CATEGORIES); $access_to_check = array(); // build up the array of checks to perform for ($idx = 0; $idx < sizeof($access_index); $idx++) { if (checkFlag($access_check, $access_index[$idx])) { $access_to_check[] = $access_index[$idx]; } } $result = 0; // now check every check in the acess_check array for ($idx = 0; $idx < sizeof($access_to_check); $idx++) { // $access_string should hold strings like 'view', 'upload' and so on $access_string = $access_type[$access_to_check[$idx]]; if ($auth_data[$access_string] == 1) { $result += $access_to_check[$idx]; // simulate that all check got verified successfully if ($or_check == true) { $result = $access_check; break; } } } // $result now holds to total sum of check // which should be qual to the value of // the $access_check parameter return $result == $access_check ? true : false; }
function album_get_full_tree_option() { global $album_data, $lang, $album_user_id; $all = checkFlag($options, ALBUM_SELECTBOX_INCLUDE_ALL); $include_root = checkFlag($options, ALBUM_SELECTBOX_INCLUDE_ROOT); $keys = array(); $keys = album_get_auth_keys(ALBUM_PUBLIC_GALLERY, ALBUM_AUTH_VIEW, $all, -1, -1); $delete_res = ''; $public_res = ''; $personal_res = ''; for ($i = $offset; $i < sizeof($keys['id']); $i++) { if ($keys['id'][$i] == ALBUM_ROOT_CATEGORY && !$include_root) { $cat_id = ALBUM_ROOT_CATEGORY; } else { $cat_id = $keys['id'][$i]; } $res = ''; if ($cat_id != ALBUM_ROOT_CATEGORY) { $selected = $selected_cat_id == $cat_id ? ' selected="selected"' : ''; $res .= '<option value="' . $cat_id . '"' . $selected . '>'; // get category name.. $name = album_get_object_lang($cat_id, 'name'); // increment $inc = ''; for ($k = 1; $k <= $keys['real_level'][$i] - $offset; $k++) { $inc .= '| '; } if ($keys['level'][$i] >= $offset) { $inc .= '|--'; } $name = $inc . $name; $res .= $name . '</option>'; // it's a personal gallery if (1 == $album_data['personal'][$cat_id]) { $personal_res .= $res; } else { $public_res .= $res; } } } return $delete_res . $public_res . $personal_res; }