1<?php
2
3if (IN_serendipity !== true) {
4    die ('Don\'t hack!');
5}
6
7if (!serendipity_checkPermission('adminUsersGroups')) {
8    return;
9}
10
11$data = array();
12/* Delete a group */
13if (isset($_POST['DELETE_YES']) && serendipity_checkFormToken()) {
14    $group = serendipity_fetchGroup($serendipity['POST']['group']);
15    serendipity_deleteGroup($serendipity['POST']['group']);
16    $data['delete_yes'] = true;
17    $data['group_id'] = $serendipity['POST']['group'];
18    $data['group'] = $group;
19}
20
21/* Save new group */
22if (isset($_POST['SAVE_NEW']) && serendipity_checkFormToken()) {
23    $serendipity['POST']['group'] = serendipity_addGroup($serendipity['POST']['name']);
24    $perms = serendipity_getAllPermissionNames();
25    serendipity_updateGroupConfig($serendipity['POST']['group'], $perms, $serendipity['POST'], false, $serendipity['POST']['forbidden_plugins'], $serendipity['POST']['forbidden_hooks']);
26    $data['save_new'] = true;
27    $data['group_id'] = $serendipity['POST']['group'];
28    $data['group'] = $group;
29}
30
31/* Edit a group */
32if (isset($_POST['SAVE_EDIT']) && serendipity_checkFormToken()) {
33    $perms = serendipity_getAllPermissionNames();
34    serendipity_updateGroupConfig($serendipity['POST']['group'], $perms, $serendipity['POST'], false, $serendipity['POST']['forbidden_plugins'], $serendipity['POST']['forbidden_hooks']);
35    $data['save_edit'] = true;
36    $data['name'] = $serendipity['POST']['name'];
37}
38
39if ( $serendipity['GET']['adminAction'] != 'delete' ) {
40    $data['delete'] = false;
41
42    if (serendipity_checkPermission('adminUsersMaintainOthers')) {
43        $groups = serendipity_getAllGroups();
44    } elseif (serendipity_checkPermission('adminUsersMaintainSame')) {
45        $groups = serendipity_getAllGroups($serendipity['authorid']);
46    } else {
47        $groups = array();
48    }
49    $data['groups'] = $groups;
50    if ( ! (isset($_POST['NEW']) || $serendipity['GET']['adminAction'] == 'new') ) {
51        $data['start'] = true;
52    }
53    $data['deleteFormToken'] = serendipity_setFormToken('url');
54}
55
56if ($serendipity['GET']['adminAction'] == 'edit' || isset($_POST['NEW']) || $serendipity['GET']['adminAction'] == 'new') {
57    if (isset($_POST['NEW']) || $serendipity['GET']['adminAction'] == 'new') {
58        $data['new'] = true;
59    } else {
60        $data['edit'] = true;
61    }
62    $data['formToken'] = serendipity_setFormToken();
63
64    if ($serendipity['GET']['adminAction'] == 'edit') {
65        $group = serendipity_fetchGroup($serendipity['GET']['group']);
66        $from = &$group;
67    } else {
68        $from = array();
69    }
70    $data['from'] = $from;
71
72    $allusers = serendipity_fetchUsers();
73    $users    = serendipity_getGroupUsers($from['id']);
74
75    $selected = array();
76    foreach((array)$users AS $user) {
77        $selected[$user['id']] = true;
78    }
79    $data['selected'] = $selected;
80    $data['allusers'] = $allusers;
81
82    $perms = serendipity_getAllPermissionNames();
83    ksort($perms);
84    $data['perms'] = $perms;
85    foreach($perms AS $perm => $userlevels) {
86        if (defined('PERMISSION_' . strtoupper($perm))) {
87            list($name, $note) = explode(":", constant('PERMISSION_' . strtoupper($perm)));
88            $data['perms'][$perm]['permission_name'] = $name;
89            $data['perms'][$perm]['permission_note'] = $note;
90        } else {
91            $data['perms'][$perm]['permission_name'] = $perm;
92        }
93        if (!serendipity_checkPermission($perm) && $perm != 'hiddenGroup') {
94            $data['perms'][$perm]['permission'] = false;
95        } else {
96            $data['perms'][$perm]['permission'] = true;
97        }
98    }
99
100    if ($serendipity['enablePluginACL']) {
101        $data['enablePluginACL'] = true;
102        $allplugins =& serendipity_plugin_api::get_event_plugins();
103        $allhooks   = array();
104        $data['allplugins'] = $allplugins;
105        foreach($allplugins AS $plugid => $currentplugin) {
106            foreach($currentplugin['b']->properties['event_hooks'] AS $hook => $set) {
107                $allhooks[$hook] = array();
108            }
109            $data['allplugins'][$plugid]['has_permission'] = serendipity_hasPluginPermissions($plugid, $from['id']);
110        }
111        ksort($allhooks);
112
113        $data['allhooks'] = $allhooks;
114        foreach($allhooks AS $hook => $set) {
115            $data['allhooks'][$hook]['has_permission'] = serendipity_hasPluginPermissions($hook, $from['id']);
116        }
117    }
118
119} elseif ($serendipity['GET']['adminAction'] == 'delete') {
120    $data['delete'] = true;
121    $group = serendipity_fetchGroup($serendipity['GET']['group']);
122    $data['group_id'] = $serendipity['GET']['group'];
123    $data['group'] = $group;
124    $data['formToken'] = serendipity_setFormToken();
125}
126
127echo serendipity_smarty_show('admin/groups.inc.tpl', $data);
128
129/* vim: set sts=4 ts=4 expandtab : */
130?>
131