From 6800802ad8dc73fb09352768a0ff91387d9aa8cf Mon Sep 17 00:00:00 2001 From: stephane laborie Date: Wed, 27 Jul 2016 13:30:34 +0200 Subject: [PATCH 1/2] fix upload permission check --- add_photos.php | 10 +++++-- include/functions_community.inc.php | 45 ++++++++++++++++++++++++++--- 2 files changed, 48 insertions(+), 7 deletions(-) diff --git a/add_photos.php b/add_photos.php index 2f5654b..a569f58 100644 --- a/add_photos.php +++ b/add_photos.php @@ -77,7 +77,7 @@ // +-----------------------------------------------------------------------+ // has the user reached its limits? -$user['community_usage'] = community_get_user_limits($user['id']); +//$user['community_usage'] = community_get_user_limits($user['id']); // echo '
'; print_r($user['community_usage']); echo '
'; // +-----------------------------------------------------------------------+ @@ -98,6 +98,10 @@ $images = array_from_query($query); $nb_images_deleted = 0; + $upload_limit = community_get_upload_limit($user['id'], $_POST['category']); + $user_permissions['storage'] = $upload_limit['storage']; + $user_permissions['nb_photos'] = $upload_limit['nb_photos']; + $user['community_usage'] = community_get_user_limits($user['id'], $_POST['category']); // upload has just happened, maybe the user is over quota if ($user_permissions['storage'] > 0 and $user['community_usage']['storage'] > $user_permissions['storage']) @@ -119,7 +123,7 @@ } } - $user['community_usage'] = community_get_user_limits($user['id']); + $user['community_usage'] = community_get_user_limits($user['id'], $_POST['category']); if ($user['community_usage']['storage'] <= $user_permissions['storage']) { @@ -148,7 +152,7 @@ } } - $user['community_usage'] = community_get_user_limits($user['id']); + $user['community_usage'] = community_get_user_limits($user['id'], $_POST['category']); if ($user['community_usage']['nb_photos'] <= $user_permissions['nb_photos']) { diff --git a/include/functions_community.inc.php b/include/functions_community.inc.php index 56bba03..8d53faf 100644 --- a/include/functions_community.inc.php +++ b/include/functions_community.inc.php @@ -383,19 +383,56 @@ function community_get_cache_key() } } -function community_get_user_limits($user_id) +function community_get_user_limits($user_id, $category_id) { // how many photos and storage for this user? $query = ' SELECT - COUNT(id) AS nb_photos, - IFNULL(FLOOR(SUM(filesize)/1024), 0) AS storage - FROM '.IMAGES_TABLE.' + COUNT(it.id) AS nb_photos, + IFNULL(FLOOR(SUM(it.filesize)/1024), 0) AS storage + FROM '.IMAGES_TABLE.' AS it + INNER JOIN ' . IMAGE_CATEGORY_TABLE . ' AS ic ON ic.image_id = it.id WHERE added_by = '.$user_id.' + AND ic.category_id = '. $category_id .' ;'; return pwg_db_fetch_assoc(pwg_query($query)); } +function community_get_upload_limit($user_id, $category_id) +{ + global $conf; + + $query = ' + SELECT + group_id + FROM '.USER_GROUP_TABLE.' + WHERE user_id = '.$user_id.' + ;'; + $user_group_ids = array_from_query($query, 'group_id'); + $query = ' + SELECT + nb_photos, + storage + FROM '.COMMUNITY_PERMISSIONS_TABLE.' + WHERE ((type = \'any_visitor\')'; + if ($user_id != $conf['guest_id']) + { + $query.= ' + OR (type = \'any_registered_user\') + OR (type = \'user\' AND user_id = '.$user_id.')'; + if (count($user_group_ids) > 0) + { + $query.= ' + OR (type = \'group\' AND group_id IN ('.implode(',', $user_group_ids).'))'; + } + } + $query.= ') + AND (category_id = ' . $category_id . ') + ;'; + $recursive_categories = array(); + return pwg_db_fetch_assoc(pwg_query($query)); +} + // will be included in Piwigo 2.6 if (!function_exists('safe_version_compare')) { From 57d1ed8a179f6a3da7f78d18d52c18c25e1a1eb6 Mon Sep 17 00:00:00 2001 From: stephane laborie Date: Wed, 27 Jul 2016 14:34:04 +0200 Subject: [PATCH 2/2] ignore quota if user is admin --- add_photos.php | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/add_photos.php b/add_photos.php index a569f58..c709e7f 100644 --- a/add_photos.php +++ b/add_photos.php @@ -98,10 +98,16 @@ $images = array_from_query($query); $nb_images_deleted = 0; + if (is_admin()) + { + $user_permissions['storage'] = -1; + $user_permissions['nb_photos'] = -1; + } else { $upload_limit = community_get_upload_limit($user['id'], $_POST['category']); $user_permissions['storage'] = $upload_limit['storage']; $user_permissions['nb_photos'] = $upload_limit['nb_photos']; $user['community_usage'] = community_get_user_limits($user['id'], $_POST['category']); + } // upload has just happened, maybe the user is over quota if ($user_permissions['storage'] > 0 and $user['community_usage']['storage'] > $user_permissions['storage'])