From 2bd3e8747784b6f482264ea04912ce0732cfb5fe Mon Sep 17 00:00:00 2001 From: Nicolas Date: Wed, 10 Oct 2018 17:40:39 +0200 Subject: [PATCH] Move groups queries to GroupRepository and GroupAccessRepository classes. Cope with #20 --- admin/album_notification.php | 21 ++- admin/album_permissions.php | 26 +-- admin/groups_list.php | 221 +++++++++-------------- admin/groups_perm.php | 16 +- admin/intro.php | 5 +- admin/site_update.php | 17 +- admin/theme/template/groups_list.tpl | 5 +- admin/theme/template/groups_perm.tpl | 3 +- admin/users_list.php | 5 +- src/Controller/BaseController.php | 2 +- src/LegacyPages/user_list_backend.php | 55 +++--- src/Phyxo/Functions/Category.php | 13 +- src/Phyxo/Functions/Utils.php | 12 +- src/Phyxo/Functions/Ws/Group.php | 97 +++------- src/Phyxo/Functions/Ws/Main.php | 5 +- src/Phyxo/Functions/Ws/Permission.php | 28 +-- src/Phyxo/Functions/Ws/User.php | 8 +- src/Phyxo/Model/Repository/Users.php | 6 +- src/Repository/BaseRepository.php | 81 +++++++++ src/Repository/GroupAccessRepository.php | 68 ++++++- src/Repository/GroupRepository.php | 137 ++++++++++++++ src/Repository/ImageRepository.php | 13 +- src/Repository/UserAccessRepository.php | 46 ++++- src/Repository/UserGroupRepository.php | 60 ++++++ src/Repository/UserRepository.php | 2 +- 25 files changed, 600 insertions(+), 352 deletions(-) create mode 100644 src/Repository/UserGroupRepository.php diff --git a/admin/album_notification.php b/admin/album_notification.php index 69ec976d2..a08722425 100644 --- a/admin/album_notification.php +++ b/admin/album_notification.php @@ -14,6 +14,8 @@ } use App\Repository\ImageRepository; +use App\Repository\GroupRepository; +use App\Repository\GroupAccessRepository; // +-----------------------------------------------------------------------+ // | variable initialization | @@ -79,10 +81,10 @@ \Phyxo\Functions\URL::unset_make_full_url(); - $query = 'SELECT name FROM ' . GROUPS_TABLE . ' WHERE id = ' . $conn->db_real_escape_string($_POST['group']); - list($group_name) = $conn->db_fetch_row($conn->db_query($query)); + $result = (new GroupRepository($conn))->findById($_POST['group']); + $row = $conn->db_fetch_assoc($result); - $page['infos'][] = \Phyxo\Functions\Language::l10n('An information email was sent to group "%s"', $group_name); + $page['infos'][] = \Phyxo\Functions\Language::l10n('An information email was sent to group "%s"', $row['name']); } // +-----------------------------------------------------------------------+ @@ -104,15 +106,15 @@ // | form construction | // +-----------------------------------------------------------------------+ -$query = 'SELECT id AS group_id FROM ' . GROUPS_TABLE; -$all_group_ids = $conn->query2array($query, null, 'group_id'); +$result = (new GroupRepository($conn))->findAll(); +$all_group_ids = $conn->result2array($result, null, 'group_id'); if (count($all_group_ids) == 0) { $template->assign('no_group_in_gallery', true); } else { if ('private' == $category['status']) { - $query = 'SELECT group_id FROM ' . GROUP_ACCESS_TABLE . ' WHERE cat_id = ' . $category['id']; - $group_ids = $conn->query2array($query, null, 'group_id'); + $result = (new GroupAccessRepository($conn))->findByCatId($category['id']); + $group_ids = $conn->result2array($result, null, 'group_id'); if (count($group_ids) == 0) { $template->assign('permission_url', ALBUM_BASE_URL . '&section=permissions'); @@ -122,11 +124,10 @@ } if (count($group_ids) > 0) { - $query = 'SELECT id,name FROM ' . GROUPS_TABLE; - $query .= ' WHERE id ' . $conn->in($group_ids) . ' ORDER BY name ASC'; + $result = (new GroupRepository($conn))->findByIds($group_ids, 'ORDER BY name ASC'); $template->assign( 'group_mail_options', - $conn->query2array($query, 'id', 'name') + $conn->result2array($result, 'id', 'name') ); } } diff --git a/admin/album_permissions.php b/admin/album_permissions.php index bff3e5b78..681b74b63 100644 --- a/admin/album_permissions.php +++ b/admin/album_permissions.php @@ -10,6 +10,8 @@ */ use App\Repository\CategoryRepository; +use App\Repository\GroupAccessRepository; +use App\Repository\GroupRepository; if (!defined('ALBUM_BASE_URL')) { die("Hacking attempt!"); @@ -37,8 +39,8 @@ // // manage groups // - $query = 'SELECT group_id FROM ' . GROUP_ACCESS_TABLE . ' WHERE cat_id = ' . $conn->db_real_escape_string($page['cat']); - $groups_granted = $conn->query2array($query, null, 'group_id'); + $result = (new GroupAccessRepository($conn))->findByCatId($page['cat']); + $groups_granted = $conn->result2array($result, null, 'group_id'); if (!isset($_POST['groups'])) { $_POST['groups'] = []; @@ -51,10 +53,7 @@ if (count($deny_groups) > 0) { // if you forbid access to an album, all sub-albums become // automatically forbidden - $query = 'DELETE FROM ' . GROUP_ACCESS_TABLE; - $query .= ' WHERE group_id ' . $conn->in($deny_groups); - $query .= ' AND cat_id ' . $conn->in((new CategoryRepository($conn))->getSubcatIds([$page['cat']])); - $conn->db_query($query); + (new GroupAccessRepository($conn))->deleteByGroupIdsAndCatIds($deny_groups, (new CategoryRepository($conn))->getSubcatIds([$page['cat']])); } // @@ -80,12 +79,7 @@ } } - $conn->mass_inserts( - GROUP_ACCESS_TABLE, - ['group_id', 'cat_id'], - $inserts, - ['ignore' => true] - ); + (new GroupAccessRepository($conn))->massInserts(['group_id', 'cat_id'], $inserts, ['ignore' => true]); } // @@ -149,13 +143,13 @@ $groups = []; -$query = 'SELECT id, name FROM ' . GROUPS_TABLE . ' ORDER BY name ASC;'; -$groups = $conn->query2array($query, 'id', 'name'); +$result = (new GroupRepository($conn))->findAll('ORDER BY name ASC'); +$groups = $conn->result2array($result, 'id', 'name'); $template->assign('groups', $groups); // groups granted to access the category -$query = 'SELECT group_id FROM ' . GROUP_ACCESS_TABLE . ' WHERE cat_id = ' . $conn->db_real_escape_string($page['cat']); -$group_granted_ids = $conn->query2array($query, null, 'group_id'); +$result = (new GroupAccessRepository($conn))->findByCatId($page['cat']); +$group_granted_ids = $conn->result2array($result, null, 'group_id'); $template->assign('groups_selected', $group_granted_ids); // users... diff --git a/admin/groups_list.php b/admin/groups_list.php index d0e98122c..ff2fc2f54 100644 --- a/admin/groups_list.php +++ b/admin/groups_list.php @@ -9,6 +9,10 @@ * file that was distributed with this source code. */ +use App\Repository\GroupRepository; +use App\Repository\GroupAccessRepository; +use App\Repository\UserGroupRepository; + if (!defined("GROUPS_BASE_URL")) { die("Hacking attempt!"); } @@ -22,18 +26,12 @@ $page['errors'][] = \Phyxo\Functions\Language::l10n('The name of a group must not contain " or \' or be empty.'); } if (count($page['errors']) == 0) { - // is the group not already existing ? - $query = 'SELECT COUNT(1) FROM ' . GROUPS_TABLE; - $query .= ' WHERE name = \'' . $conn->db_real_escape_string($_POST['groupname']) . '\''; - list($count) = $conn->db_fetch_row($conn->db_query($query)); - if ($count != 0) { + if ((new GroupRepository($conn))->isGroupNameExists($_POST['groupname'])) { $page['errors'][] = \Phyxo\Functions\Language::l10n('This name is already used by another group.'); } } if (count($page['errors']) == 0) { - // creating the group - $query = 'INSERT INTO ' . GROUPS_TABLE . ' (name) VALUES(\'' . $conn->db_real_escape_string($_POST['groupname']) . '\');'; - $conn->db_query($query); + (new GroupRepository($conn))->addGroup($_POST['groupname']); $page['infos'][] = \Phyxo\Functions\Language::l10n('group "%s" added', $_POST['groupname']); } @@ -43,8 +41,7 @@ // | action send | // +-----------------------------------------------------------------------+ if (isset($_POST['submit']) and isset($_POST['selectAction']) and isset($_POST['group_selection'])) { - // if the user tries to apply an action, it means that there is at least 1 - // photo in the selection + // if the user tries to apply an action, it means that there is at least 1 photo in the selection $groups = $_POST['group_selection']; if (count($groups) == 0) { $page['errors'][] = \Phyxo\Functions\Language::l10n('Select at least one group'); @@ -57,16 +54,13 @@ // + if ($action == "rename") { // is the group not already existing ? - $query = 'SELECT name FROM ' . GROUPS_TABLE; - $group_names = $conn->query2array($query, null, 'name'); + $result = (new GroupRepository($conn))->findAll(); + $group_names = $conn->result2array($result, null, 'name'); foreach ($groups as $group) { if (in_array($_POST['rename_' . $group . ''], $group_names)) { $page['errors'][] = $_POST['rename_' . $group . ''] . ' | ' . \Phyxo\Functions\Language::l10n('This name is already used by another group.'); - } elseif (!empty($_POST['rename_' . $group . ''])) { - $query = 'UPDATE ' . GROUPS_TABLE; - $query .= ' SET name = \'' . $conn->db_real_escape_string($_POST['rename_' . $group . '']) . '\''; - $query .= ' WHERE id = ' . $group; - $conn->db_query($query); + } elseif (!empty($_POST['rename_' . $group])) { + (new GroupRepository($conn))->updateGroup(['name' => $_POST['rename_' . $group]], $group); } } } @@ -75,72 +69,59 @@ // |delete a group // + if ($action == "delete" and isset($_POST['confirm_deletion']) and $_POST['confirm_deletion']) { - foreach ($groups as $group) { - // destruction of the access linked to the group - $query = 'DELETE FROM ' . GROUP_ACCESS_TABLE . ' WHERE group_id = ' . $group; - $conn->db_query($query); + // destruction of the access linked to the group + (new GroupAccessRepository($conn))->deleteByGroupIds($groups); - // destruction of the users links for this group - $query = 'DELETE FROM ' . USER_GROUP_TABLE . ' WHERE group_id = ' . $group; - $conn->db_query($query); + // destruction of the users links for this group + (new UserGroupRepository($conn))->deleteGroupByIds($groups); - $query = 'SELECT name FROM ' . GROUPS_TABLE . ' WHERE id = ' . $group; - list($groupname) = $conn->db_fetch_row($conn->db_query($query)); + $result = (new GroupRepository($conn))->findByIds($params['group_id']); + $groupnames = $conn->result2array($result, null, 'name'); - // destruction of the group - $query = 'DELETE FROM ' . GROUPS_TABLE . ' WHERE id = ' . $group; - $conn->db_query($query); + // destruction of the group + (new GroupRepository($conn))->deleteByIds($params['group_id']); - $page['infos'][] = \Phyxo\Functions\Language::l10n('group "%s" deleted', $groupname); - } + $page['infos'][] = \Phyxo\Functions\Language::l10n('groups "%s" deleted', implode(', ', $groupnames)); } // + // |merge groups into a new one // + if ($action == "merge" and count($groups) > 1) { - // is the group not already existing ? - $query = 'SELECT COUNT(1) FROM ' . GROUPS_TABLE; - $query .= ' WHERE name = \'' . $conn->db_real_escape_string($_POST['merge']) . '\''; - list($count) = $conn->db_fetch_row($conn->db_query($query)); - if ($count != 0) { + if ((new GroupRepository($conn))->isGroupNameExists($_POST['merge'])) { $page['errors'][] = \Phyxo\Functions\Language::l10n('This name is already used by another group.'); } else { - // creating the group - $query = 'INSERT INTO ' . GROUPS_TABLE . ' (name) VALUES(\'' . $conn->db_real_escape_string($_POST['merge']) . '\')'; - $conn->db_query($query); - $query = 'SELECT id FROM ' . GROUPS_TABLE . ' WHERE name = \'' . $conn->db_real_escape_string($_POST['merge']) . '\''; - list($groupid) = $conn->db_fetch_row($conn->db_query($query)); + $group_id = (new GroupRepository($conn))->addGroup(['name' => $_POST['merge']]); } - $grp_access = array(); - $usr_grp = array(); - foreach ($groups as $group) { - $query = 'SELECT * FROM ' . GROUP_ACCESS_TABLE . ' WHERE group_id = ' . $group; - $res = $conn->db_query($query); - while ($row = $conn->db_fetch_assoc($res)) { - $new_grp_access = array( - 'cat_id' => $row['cat_id'], - 'group_id' => $groupid - ); - if (!in_array($new_grp_access, $grp_access)) { - $grp_access[] = $new_grp_access; - } + + $grp_access = []; + $usr_grp = []; + $result = (new GroupAccessRepository($conn))->findByGroupIds($groups); + $groups_infos = $conn->result2array($result); + foreach ($groups_infos as $group) { + $new_grp_access = [ + 'cat_id' => $group['cat_id'], + 'group_id' => $group_id + ]; + if (!in_array($new_grp_access, $grp_access)) { + $grp_access[] = $new_grp_access; } + } - $query = 'SELECT * FROM ' . USER_GROUP_TABLE . ' WHERE group_id = ' . $group; - $result = $conn->db_query($query); - while ($row = $conn->db_fetch_assoc($result)) { - $new_usr_grp = array( - 'user_id' => $row['user_id'], - 'group_id' => $groupid - ); - if (!in_array($new_usr_grp, $usr_grp)) { - $usr_grp[] = $new_usr_grp; - } + $result = (new GroupAccessRepository($conn))->findByGroupIds($groups); + $groups_infos = $conn->result2array($result); + foreach ($groups_infos as $group) { + $new_grp_access = [ + 'cat_id' => $group['cat_id'], + 'group_id' => $group_id + ]; + if (!in_array($new_grp_access, $grp_access)) { + $grp_access[] = $new_grp_access; } } - $conn->mass_inserts(USER_GROUP_TABLE, array('user_id', 'group_id'), $usr_grp); - $conn->mass_inserts(GROUP_ACCESS_TABLE, array('group_id', 'cat_id'), $grp_access); + + (new UserGroupRepository($conn))->massInserts(['user_id', 'group_id'], $usr_grp); + (new GroupAccessRepository($conn))->massInserts(['group_id', 'cat_id'], $grp_access); $page['infos'][] = \Phyxo\Functions\Language::l10n('group "%s" added', $_POST['merge']); } @@ -149,50 +130,40 @@ // |duplicate a group // + if ($action == "duplicate") { + // @TODO: avoid query in loop foreach ($groups as $group) { - if (empty($_POST['duplicate_' . $group . ''])) { + if (empty($_POST['duplicate_' . $group])) { break; } - // is the group not already existing ? - $query = 'SELECT COUNT(1) FROM ' . GROUPS_TABLE; - $query .= ' WHERE name = \'' . $conn->db_real_escape_string($_POST['duplicate_' . $group . '']); - list($count) = $conn->db_fetch_row($conn->db_query($query)); - if ($count != 0) { + + if ((new GroupRepository($conn))->isGroupNameExists($_POST['duplicate_' . $group])) { $page['errors'][] = \Phyxo\Functions\Language::l10n('This name is already used by another group.'); break; } - // creating the group - $query = 'INSERT INTO ' . GROUPS_TABLE; - $query .= ' (name) VALUES (\'' . $conn->db_real_escape_string($_POST['duplicate_' . $group . '']) . '\')'; - $conn->db_query($query); - - // @TODO: use last insert id - $query = 'SELECT id FROM ' . GROUPS_TABLE; - $query .= ' WHERE name = \'' . $conn->db_real_escape_string($_POST['duplicate_' . $group . '']) . '\''; - list($groupid) = $conn->db_fetch_row($conn->db_query($query)); - $query = 'SELECT * FROM ' . GROUP_ACCESS_TABLE . ' WHERE group_id = ' . $group; - $grp_access = array(); - $res = $conn->db_query($query); - while ($row = $conn->db_fetch_assoc($res)) { - $grp_access[] = array( + + $group_id = (new GroupRepository($conn))->addGroup(['name' => $_POST['duplicate_' . $group]]); + + $grp_access = []; + $result = (new GroupAccessRepository($conn))->findByGroupId($group); + while ($row = $conn->db_fetch_assoc($result)) { + $grp_access[] = [ 'cat_id' => $row['cat_id'], 'group_id' => $groupid - ); + ]; } - $conn->mass_inserts(GROUP_ACCESS_TABLE, array('group_id', 'cat_id'), $grp_access); + (new GroupAccessRepository($conn))->massInserts(['group_id', 'cat_id'], $grp_access); - $query = 'SELECT * FROM ' . USER_GROUP_TABLE . ' WHERE group_id = ' . $group; - $usr_grp = array(); - $result = $conn->db_query($query); + $usr_grp = []; + $result = (new UserGroupRepository($conn))->findByGroupId($group); while ($row = $conn->db_fetch_assoc($result)) { - $usr_grp[] = array( + $usr_grp[] = [ 'user_id' => $row['user_id'], 'group_id' => $groupid - ); + ]; } - $conn->mass_inserts(USER_GROUP_TABLE, array('user_id', 'group_id'), $usr_grp); + (new UserGroupRepository($conn))->massInserts(['user_id', 'group_id'], $usr_grp); - $page['infos'][] = \Phyxo\Functions\Language::l10n('group "%s" added', $_POST['duplicate_' . $group . '']); + $page['infos'][] = \Phyxo\Functions\Language::l10n('group "%s" added', $_POST['duplicate_' . $group]); } } @@ -201,20 +172,10 @@ // | toggle_default // + if ($action == "toggle_default") { - foreach ($groups as $group) { - $query = 'SELECT name, is_default FROM ' . GROUPS_TABLE . ' WHERE id = ' . $group; - $row = $conn->db_fetch_assoc($conn->db_query($query)); - $groupname = $row['name']; - $is_default = $conn->get_boolean($row['is_default']); - - // update of the group - $query = 'UPDATE ' . GROUPS_TABLE; - $query .= ' SET is_default = \'' . $conn->boolean_to_db($is_default) . '\''; - $query .= ' WHERE id = ' . $group; - $conn->db_query($query); - - $page['infos'][] = \Phyxo\Functions\Language::l10n('group "%s" updated', $groupname); - } + // @TODO: strange idea to have multiple default groups + (new GroupRepository($conn))->toggleIsDefault($groups); + + $page['infos'][] = \Phyxo\Functions\Language::l10n('groups "%s" updated', implode(', ', $groups)); } \Phyxo\Functions\Utils::invalidate_user_cache(); } @@ -223,45 +184,43 @@ // +-----------------------------------------------------------------------+ $template->assign( - array( + [ 'F_ADD_ACTION' => GROUPS_BASE_URL . '&section=list', //'U_HELP' => \Phyxo\Functions\URL::get_root_url().'admin/popuphelp.php?page=group_list', 'PWG_TOKEN' => \Phyxo\Functions\Utils::get_token(), - ) + ] ); // +-----------------------------------------------------------------------+ // | group list | // +-----------------------------------------------------------------------+ -$query = 'SELECT id, name, is_default FROM ' . GROUPS_TABLE . ' ORDER BY name ASC'; -$result = $conn->db_query($query); - $perm_url = GROUPS_BASE_URL . '&section=perm&group_id='; $del_url = GROUPS_BASE_URL . '&section=list&delete='; $toggle_is_default_url = GROUPS_BASE_URL . '&section=list&toggle_is_default='; +$groups = []; +$result = (new GroupRepository($conn))->findUsersInGroups(); while ($row = $conn->db_fetch_assoc($result)) { - $query = 'SELECT u.' . $conf['user_fields']['username'] . ' AS username FROM ' . USERS_TABLE . ' AS u'; - $query .= ' LEFT JOIN ' . USER_GROUP_TABLE . ' AS ug ON u.' . $conf['user_fields']['id'] . ' = ug.user_id'; - $query .= ' WHERE ug.group_id = ' . $row['id']; - $members = array(); - $user_result = $conn->db_query($query); - while ($user = $conn->db_fetch_assoc($user_result)) { - $members[] = $user['username']; - } - $template->append( - 'groups', - array( - 'NAME' => $row['name'], + if (isset($groups[$row['id']])) { + if (!empty($row['username'])) { + $groups[$row['id']]['MEMBERS'][] = $row['username']; + } + } else { + $group = [ + 'MEMBERS' => [], 'ID' => $row['id'], + 'NAME' => $row['name'], 'IS_DEFAULT' => ($conn->get_boolean($row['is_default']) ? ' [' . \Phyxo\Functions\Language::l10n('default') . ']' : ''), - 'NB_MEMBERS' => count($members), - 'L_MEMBERS' => implode(' · ', $members), - 'MEMBERS' => \Phyxo\Functions\Language::l10n_dec('%d member', '%d members', count($members)), 'U_DELETE' => $del_url . $row['id'] . '&pwg_token=' . \Phyxo\Functions\Utils::get_token(), 'U_PERM' => $perm_url . $row['id'], 'U_ISDEFAULT' => $toggle_is_default_url . $row['id'] . '&pwg_token=' . \Phyxo\Functions\Utils::get_token(), - ) - ); + ]; + if (!empty($row['username'])) { + $group['MEMBERS'][] = $row['username']; + } + $groups[$row['id']] = $group; + } } + +$template->assign('groups', $groups); diff --git a/admin/groups_perm.php b/admin/groups_perm.php index 8e13e1efb..b5043a729 100644 --- a/admin/groups_perm.php +++ b/admin/groups_perm.php @@ -10,6 +10,8 @@ */ use App\Repository\CategoryRepository; +use App\Repository\GroupRepository; +use App\Repository\GroupAccessRepository; if (!defined("GROUPS_BASE_URL")) { die("Hacking attempt!"); @@ -30,9 +32,7 @@ // if you forbid access to a category, all sub-categories become // automatically forbidden $subcats = (new CategoryRepository($conn))->getSubcatIds($_POST['cat_true']); - $query = 'DELETE FROM ' . GROUP_ACCESS_TABLE; - $query .= ' WHERE group_id = ' . $page['group'] . ' AND cat_id ' . $conn->in($subcats); - $conn->db_query($query); + (new GroupAccessRepository($conn))->deleteByGroupIdsAndCatIds($page['group'], $subcats); } elseif (isset($_POST['trueify'], $_POST['cat_false']) && count($_POST['cat_false']) > 0) { $uppercats = \Phyxo\Functions\Category::get_uppercat_ids($_POST['cat_false']); $private_uppercats = []; @@ -47,9 +47,7 @@ // accesible $authorized_ids = []; - $query = 'SELECT cat_id FROM ' . GROUP_ACCESS_TABLE . ' WHERE group_id = ' . $conn->db_real_escape_string($page['group']); - $result = $conn->db_query($query); - + $result = (new GroupAccessRepository($conn))->findByGroupId($page['group']); while ($row = $conn->db_fetch_assoc($result)) { $authorized_ids[] = $row['cat_id']; } @@ -63,7 +61,7 @@ ]; } - $conn->mass_inserts(GROUP_ACCESS_TABLE, ['group_id', 'cat_id'], $inserts); + (new GroupAccessRepository($conn))->massInserts(['group_id', 'cat_id'], $inserts); \Phyxo\Functions\Utils::invalidate_user_cache(); } @@ -106,11 +104,9 @@ $template->assign_var_from_handle('DOUBLE_SELECT', 'double_select'); } else { - $query = 'SELECT id, name, is_default FROM ' . GROUPS_TABLE . ' ORDER BY name ASC'; - $result = $conn->db_query($query); - $perm_url = GROUPS_BASE_URL . '&section=perm&group_id='; + $result = (new GroupRepository($conn))->findAll('ORDER BY name ASC'); while ($row = $conn->db_fetch_assoc($result)) { $template->append( 'groups', diff --git a/admin/intro.php b/admin/intro.php index 41a6aa63a..7112b6677 100644 --- a/admin/intro.php +++ b/admin/intro.php @@ -21,6 +21,7 @@ use App\Repository\ImageRepository; use App\Repository\ImageTagRepository; use App\Repository\ImageCategoryRepository; +use App\Repository\GroupRepository; include_once PHPWG_ROOT_PATH . 'include/dblayers.inc.php'; @@ -80,9 +81,7 @@ $query = 'SELECT COUNT(1) FROM ' . USERS_TABLE; list($nb_users) = $conn->db_fetch_row($conn->db_query($query)); -$query = 'SELECT COUNT(1) FROM ' . GROUPS_TABLE; -list($nb_groups) = $conn->db_fetch_row($conn->db_query($query)); - +$nb_groups = (new GroupRepository($conn))->count(); $nb_rates = (new RateRepository($conn))->count(); $template->assign( diff --git a/admin/site_update.php b/admin/site_update.php index ffa18c400..7728ceaa6 100644 --- a/admin/site_update.php +++ b/admin/site_update.php @@ -18,6 +18,8 @@ use App\Repository\CategoryRepository; use App\Repository\ImageRepository; use App\Repository\ImageCategoryRepository; +use App\Repository\GroupAccessRepository; +use App\Repository\UserAccessRepository; // +-----------------------------------------------------------------------+ // | Check Access and exit when user status is not ok | @@ -229,10 +231,7 @@ } $category_up = implode(',', array_unique($category_up)); if ($conf['inheritance_by_default']) { - // TODO remove SELECT * - $query = 'SELECT * FROM ' . GROUP_ACCESS_TABLE; - $query .= ' WHERE cat_id ' . $conn->in($category_up); - $result = $conn->db_query($query); + $result = (new GroupAccessRepository($conn))->findByCatIds($category_up); if (!empty($result)) { $granted_grps = []; while ($row = $conn->db_fetch_assoc($result)) { @@ -248,10 +247,7 @@ ); } } - // TODO remove SELECT * - $query = 'SELECT * FROM ' . USER_ACCESS_TABLE; - $query .= ' WHERE cat_id ' . $conn->in($category_up); - $result = $conn->db_query($query); + $result = (new UserAccessRepository($conn))->findByCatIds($category_up); if (!empty($result)) { $granted_users = []; while ($row = $conn->db_fetch_assoc($result)) { @@ -299,9 +295,10 @@ } } } - $conn->mass_inserts(GROUP_ACCESS_TABLE, ['group_id', 'cat_id'], $insert_granted_grps); + + (new GroupAccessRepository($conn))->massInserts(['group_id', 'cat_id'], $insert_granted_grps); $insert_granted_users = array_unique($insert_granted_users, SORT_REGULAR); - $conn->mass_inserts(USER_ACCESS_TABLE, ['user_id', 'cat_id'], $insert_granted_users); + (new UserAccessRepository($conn))->massInserts(['user_id', 'cat_id'], $insert_granted_users); } else { \Phyxo\Functions\Category::add_permission_on_category($category_ids, \Phyxo\Functions\Utils::get_admins()); } diff --git a/admin/theme/template/groups_list.tpl b/admin/theme/template/groups_list.tpl index 71ca7ac8d..f3ba4127d 100644 --- a/admin/theme/template/groups_list.tpl +++ b/admin/theme/template/groups_list.tpl @@ -44,7 +44,10 @@ {$group.NAME}{$group.IS_DEFAULT} - {if $group.MEMBERS>0}{$group.MEMBERS}
{$group.L_MEMBERS}{else}{$group.MEMBERS}{/if}

+ {$group.MEMBERS|@count}
+ {foreach $group.MEMBERS as $member} + {$member}
+ {/foreach} {'Permissions'|translate} {/foreach} diff --git a/admin/theme/template/groups_perm.tpl b/admin/theme/template/groups_perm.tpl index 455ed102b..3d2015eca 100644 --- a/admin/theme/template/groups_perm.tpl +++ b/admin/theme/template/groups_perm.tpl @@ -8,7 +8,7 @@ {block name="content"} {if not empty($groups)} {else} +

{$TITLE}

{$DOUBLE_SELECT} diff --git a/admin/users_list.php b/admin/users_list.php index 7c99c5c27..dae8a85fe 100644 --- a/admin/users_list.php +++ b/admin/users_list.php @@ -15,6 +15,7 @@ use App\Repository\LanguageRepository; use App\Repository\ThemeRepository; +use App\Repository\GroupRepository; // +-----------------------------------------------------------------------+ // | groups list | @@ -22,9 +23,7 @@ $groups = []; -$query = 'SELECT id, name FROM ' . GROUPS_TABLE . ' ORDER BY name ASC;'; -$result = $conn->db_query($query); - +$result = (new GroupRepository($conn))->findAll('ORDER BY name ASC'); while ($row = $conn->db_fetch_assoc($result)) { $groups[$row['id']] = $row['name']; } diff --git a/src/Controller/BaseController.php b/src/Controller/BaseController.php index 7d4558f6f..e24691237 100644 --- a/src/Controller/BaseController.php +++ b/src/Controller/BaseController.php @@ -66,7 +66,7 @@ protected function doResponse($legacy_file, $template_name) [ 'TIME' => $time, 'NB_QUERIES' => $conn->getQueriesCount(), - 'SQL_TIME' => number_format($conn->getQueriesTime(), 3, '.', ' ') . ' s' + 'SQL_TIME' => number_format($conn->getQueriesTime() * 1000, 2, '.', ' ') . ' ms' ] ); } diff --git a/src/LegacyPages/user_list_backend.php b/src/LegacyPages/user_list_backend.php index 14b981b45..f6d72b607 100644 --- a/src/LegacyPages/user_list_backend.php +++ b/src/LegacyPages/user_list_backend.php @@ -9,21 +9,22 @@ * file that was distributed with this source code. */ +use App\Repository\UserGroupRepository; + define('PHPWG_ROOT_PATH', '../../'); define('IN_ADMIN', true); + include_once(PHPWG_ROOT_PATH . 'include/common.inc.php'); $services['users']->checkStatus(ACCESS_ADMINISTRATOR); -/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * - * Easy set variables - */ +// Easy set variables /* Array of database columns which should be read and sent back to DataTables. Use a space where * you want to insert a non-database field (for example a counter or static image) */ -$aColumns = array( +$aColumns = [ $conf['user_fields']['id'], $conf['user_fields']['username'], 'status', @@ -31,14 +32,14 @@ 'recent_period', 'level', 'registration_date' -); +]; $aColumns = \Phyxo\Functions\Plugin::trigger_change('user_list_columns', $aColumns); -/* Indexed column (used for fast and accurate table cardinality) */ +// Indexed column (used for fast and accurate table cardinality) $sIndexColumn = 'user_id'; -/* DB table to use */ +// DB table to use $sTable = USERS_TABLE . ' LEFT JOIN ' . USER_INFOS_TABLE . ' AS ui ON ' . $conf['user_fields']['id'] . ' = ui.user_id'; /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * @@ -46,9 +47,7 @@ * no need to edit below this line */ -/* - * Paging - */ +// Paging $sLimit = ''; if (isset($_REQUEST['iDisplayStart']) && $_REQUEST['iDisplayLength'] != '-1') { $sLimit = sprintf( @@ -58,9 +57,7 @@ ); } -/* - * Ordering - */ +// Ordering if (isset($_REQUEST['iSortCol_0'])) { $sOrder = 'ORDER BY '; for ($i = 0; $i < intval($_REQUEST['iSortingCols']); $i++) { @@ -93,9 +90,9 @@ $sWhere .= ')'; } -/* Individual column filtering */ +// Individual column filtering for ($i = 0; $i < count($aColumns); $i++) { - if (isset($_REQUEST['bSearchable_' . $i]) && isset($_REQUEST['sSearch_' . $i]) && $_REQUEST['bSearchable_' . $i] == "true" && $_REQUEST['sSearch_' . $i] != '') { + if (isset($_REQUEST['bSearchable_' . $i], $_REQUEST['sSearch_'.$i]) && $_REQUEST['bSearchable_' . $i] == "true" && $_REQUEST['sSearch_' . $i] != '') { if ($sWhere == '') { $sWhere = 'WHERE '; } else { @@ -114,39 +111,37 @@ $sQuery .= $sWhere . ' ' . $sOrder . ' ' . $sLimit; $rResult = $conn->db_query($sQuery); -/* Data set length after filtering */ +// Data set length after filtering $iFilteredTotal = 0; -/* Total data set length */ +// Total data set length $sQuery = "SELECT COUNT(" . $sIndexColumn . ") FROM $sTable"; $rResultTotal = $conn->db_query($sQuery); $aResultTotal = $conn->db_fetch_row($rResultTotal); $iTotal = $aResultTotal[0]; -/* - * Output - */ -$output = array( +// Output +$output = [ 'sEcho' => intval($_REQUEST['sEcho']), 'iTotalRecords' => $iTotal, 'iTotalDisplayRecords' => $iFilteredTotal, - 'aaData' => array() -); + 'aaData' => [] +]; -$user_ids = array(); +$user_ids = []; while ($aRow = $conn->db_fetch_assoc($rResult)) { $user_ids[] = $aRow[$conf['user_fields']['id']]; - $row = array(); + $row = []; for ($i = 0; $i < count($aColumns); $i++) { if ($aColumns[$i] == 'status') { $row[] = \Phyxo\Functions\Language::l10n('user_status_' . $aRow[$aColumns[$i]]); } elseif ($aColumns[$i] == 'level') { $row[] = $aRow[$aColumns[$i]] == 0 ? '' : \Phyxo\Functions\Language::l10n(sprintf('Level %d', $aRow[$aColumns[$i]])); } elseif ($aColumns[$i] != ' ') { - /* General output */ + // General output $colname = $aColumns[$i]; foreach ($conf['user_fields'] as $real_name => $alias) { if ($aColumns[$i] == $real_name) { @@ -161,13 +156,9 @@ // replace "recent_period" by the list of groups if (count($user_ids) > 0) { - $groups_of_user = array(); - - $query = 'SELECT user_id, name FROM ' . USER_GROUP_TABLE; - $query .= ' LEFT JOIN ' . GROUPS_TABLE . ' ON id = group_id'; - $query .= ' WHERE user_id ' . $conn->in($user_ids); + $groups_of_user = []; - $result = $conn->db_query($query); + $result = (new UserGroupRepository($conn))->findByUserIds($user_ids); while ($row = $conn->db_fetch_assoc($result)) { if (empty($groups_of_user[$row['user_id']])) { $groups_of_user[$row['user_id']] = $row['name']; diff --git a/src/Phyxo/Functions/Category.php b/src/Phyxo/Functions/Category.php index 3fb3e3edd..c1d4804fe 100644 --- a/src/Phyxo/Functions/Category.php +++ b/src/Phyxo/Functions/Category.php @@ -782,7 +782,7 @@ public static function set_cat_status($categories, $value) foreach ($repositories as $repository => $field) { // what are the permissions user/group of the reference album - $ref_access = $conn->result2array((new $repository($conn))->findByCatId($ref_cat_id, $field), null, $field); + $ref_access = $conn->result2array((new $repository($conn))->findFieldByCatId($ref_cat_id, $field), null, $field); if (count($ref_access) == 0) { $ref_access[] = -1; @@ -971,16 +971,17 @@ public static function create_virtual_category($category_name, $parent_id = null \Phyxo\Functions\Utils::update_global_rank(); - if ('private' == $insert['status'] && !empty($insert['id_uppercat']) - && ((isset($options['inherit']) && $options['inherit']) || $conf['inheritance_by_default'])) { - $granted_grps = $conn->result2array((new GroupAccessRepository($conn))->findByCatId($insert['id_uppercat'], 'group_id'), null, 'group_id'); + if ('private' == $insert['status'] && !empty($insert['id_uppercat']) && ((isset($options['inherit']) && $options['inherit']) || $conf['inheritance_by_default'])) { + $result = (new GroupAccessRepository($conn))->findFieldByCatId($insert['id_uppercat'], 'group_id'); + $granted_grps = $conn->result2array($result, null, 'group_id'); $inserts = []; foreach ($granted_grps as $granted_grp) { $inserts[] = ['group_id' => $granted_grp, 'cat_id' => $inserted_id]; } - (new GroupAccessRepository($conn))->insertGroupAccess(['group_id', 'cat_id'], $inserts); + (new GroupAccessRepository($conn))->massInserts(['group_id', 'cat_id'], $inserts); - $granted_users = $conn->result2array((new UserAccessRepository($conn))->findByCatId($insert['id_uppercat']), null, 'user_id'); + $result = (new UserAccessRepository($conn))->findByCatId($insert['id_uppercat']); + $granted_users = $conn->result2array($result, null, 'user_id'); self::add_permission_on_category( $inserted_id, array_unique(array_merge(\Phyxo\Functions\Utils::get_admins(), [$user['id']], $granted_users)) diff --git a/src/Phyxo/Functions/Utils.php b/src/Phyxo/Functions/Utils.php index abd4e03ff..0a706617e 100644 --- a/src/Phyxo/Functions/Utils.php +++ b/src/Phyxo/Functions/Utils.php @@ -28,6 +28,7 @@ use App\Repository\HistoryRepository; use App\Repository\ImageRepository; use App\Repository\UserMailNotificationRepository; +use App\Repository\GroupRepository; class Utils { @@ -124,7 +125,7 @@ public static function get_moment() */ public static function get_elapsed_time($start, $end) { - return number_format($end - $start, 3, '.', ' ') . ' s'; + return number_format(($end - $start) * 1000, 2, '.', ' ') . ' ms'; } /** @@ -1752,15 +1753,14 @@ public static function get_groupname($group_id) { global $conn; - $query = 'SELECT name FROM ' . GROUPS_TABLE . ' WHERE id = ' . intval($group_id) . ';'; - $result = $conn->db_query($query); + $result = (new GroupRepository($conn))->findById($group_id); if ($conn->db_num_rows($result) > 0) { - list($groupname) = $conn->db_fetch_row($result); + $row = $conn->db_fetch_assoc($result); + + return $row['name']; } else { return false; } - - return $groupname; } /** diff --git a/src/Phyxo/Functions/Ws/Group.php b/src/Phyxo/Functions/Ws/Group.php index af189444d..c755fb9f3 100644 --- a/src/Phyxo/Functions/Ws/Group.php +++ b/src/Phyxo/Functions/Ws/Group.php @@ -15,6 +15,9 @@ use Phyxo\Ws\Error; use Phyxo\Ws\NamedStruct; use Phyxo\Ws\NamedArray; +use App\Repository\GroupRepository; +use App\Repository\GroupAccessRepository; +use App\Repository\UserGroupRepository; class Group { @@ -29,24 +32,14 @@ public static function getList($params, &$service) { global $conn; - $where_clauses = ['1=1']; - - if (!empty($params['name'])) { - $where_clauses[] = 'LOWER(name) LIKE \'' . $conn->db_real_escape_string($params['name']) . '\''; - } - - if (!empty($params['group_id'])) { - $where_clauses[] = 'id ' . $conn->in($params['group_id']); - } - - $query = 'SELECT g.*, COUNT(user_id) AS nb_users FROM ' . GROUPS_TABLE . ' AS g'; - $query .= ' LEFT JOIN ' . USER_GROUP_TABLE . ' AS ug ON ug.group_id = g.id'; - $query .= ' WHERE ' . implode(' AND ', $where_clauses); - $query .= ' GROUP BY id'; - $query .= ' ORDER BY ' . $params['order']; - $query .= ' LIMIT ' . (int)$params['per_page'] . ' OFFSET ' . (int)($params['per_page'] * $params['page']) . ';'; - - $groups = $conn->query2array($query); + $result = (new GroupRepository( + $params['name'], + $params['group_id'] ?? [], + $params['order'], + $params['per_page'], + $params['per_page'] * $params['page'] + )); + $groups = $conn->result2array($result); return [ 'paging' => new NamedStruct([ @@ -69,24 +62,19 @@ public static function add($params, &$service) { global $conn; - // is the name not already used ? - $query = 'SELECT COUNT(1) FROM ' . GROUPS_TABLE; - $query .= ' WHERE name = \'' . $conn->db_real_escape_string($params['name']) . '\''; - list($count) = $conn->db_fetch_row($conn->db_query($query)); - if ($count != 0) { + if ((new GroupRepository($conn))->isGroupNameExists($params['name'])) { return new Error(Server::WS_ERR_INVALID_PARAM, 'This name is already used by another group.'); } // creating the group - $conn->single_insert( - GROUPS_TABLE, + $group_id = (new GroupRepository($conn))->addGroup( [ 'name' => $params['name'], 'is_default' => $conn->boolean_to_string($params['is_default']), ] ); - return $service->invoke('pwg.groups.getList', ['group_id' => $conn->db_insert_id()]); + return $service->invoke('pwg.groups.getList', ['group_id' => $group_id]); } /** @@ -105,19 +93,16 @@ public static function delete($params, &$service) } // destruction of the access linked to the group - $query = 'DELETE FROM ' . GROUP_ACCESS_TABLE . ' WHERE group_id ' . $conn->in($params['group_id']); - $conn->db_query($query); + (new GroupAccessRepository($conn))->deleteByGroupIds($params['group_id']); // destruction of the users links for this group - $query = 'DELETE FROM ' . USER_GROUP_TABLE . ' WHERE group_id ' . $conn->in($params['group_id']); - $conn->db_query($query); + (new UserGroupRepository($conn))->deleteByGroupIds($params['group_id']); - $query = 'SELECT name FROM ' . GROUPS_TABLE . ' WHERE id ' . $conn->in($params['group_id']); - $groupnames = $conn->query2array($query, null, 'name'); + $result = (new GroupRepository($conn))->findByIds($params['group_id']); + $groupnames = $conn->result2array($result, null, 'name'); // destruction of the group - $query = 'DELETE FROM ' . GROUPS_TABLE . ' WHERE id ' . $conn->in($params['group_id']); - $conn->db_query($query); + (new GroupRepository($conn))->deleteByIds($params['group_id']); \Phyxo\Functions\Utils::invalidate_user_cache(); @@ -142,34 +127,23 @@ public static function setInfo($params, &$service) $updates = []; - // does the group exist ? - $query = 'SELECT COUNT(1) ' . GROUPS_TABLE . ' WHERE id = ' . $conn->db_real_escape_string($params['group_id']); - list($count) = $conn->db_fetch_row($conn->db_query($query)); - if ($count == 0) { + if (!(new GroupRepository($conn))->isGroupIdExists($params['group_id'])) { return new Error(Server::WS_ERR_INVALID_PARAM, 'This group does not exist.'); } if (!empty($params['name'])) { - // is the name not already used ? - $query = 'SELECT COUNT(1) FROM ' . GROUPS_TABLE; - $query .= ' WHERE name = \'' . $conn->db_real_escape_string($params['name']) . '\''; - list($count) = $conn->db_fetch_row($conn->db_query($query)); - if ($count != 0) { + if ((new GroupRepository($conn))->isGroupNameExists($params['name'])) { return new Error(Server::WS_ERR_INVALID_PARAM, 'This name is already used by another group.'); } $updates['name'] = $params['name']; } - if (!empty($params['is_default']) or @$params['is_default'] === false) { - $updates['is_default'] = $conn->boolean_to_string($params['is_default']); + if (!empty($params['is_default'])) { + $updates['is_default'] = $params['is_default']; } - $conn->single_update( - GROUPS_TABLE, - $updates, - ['id' => $params['group_id']] - ); + (new GroupRepository($conn))->updateGroup($updates, $params['group_id']); return $service->invoke('pwg.groups.getList', ['group_id' => $params['group_id']]); } @@ -189,11 +163,7 @@ public static function addUser($params, &$service) return new Error(403, 'Invalid security token'); } - // does the group exist ? - $query = 'SELECT COUNT(1) FROM ' . GROUPS_TABLE; - $query .= ' WHERE id = ' . $conn->db_real_escape_string($params['group_id']); - list($count) = $conn->db_fetch_row($conn->db_query($query)); - if ($count == 0) { + if (!(new GroupRepository($conn))->isGroupIdExists($params['group_id'])) { return new Error(Server::WS_ERR_INVALID_PARAM, 'This group does not exist.'); } @@ -205,11 +175,7 @@ public static function addUser($params, &$service) ]; } - $conn->mass_inserts( - USER_GROUP_TABLE, - ['group_id', 'user_id'], - $inserts - ); + (new UserGroupRepository($conn))->massInserts(['group_id', 'user_id'], $inserts); \Phyxo\Functions\Utils::invalidate_user_cache(); @@ -231,18 +197,11 @@ public static function deleteUser($params, &$service) return new Error(403, 'Invalid security token'); } - // does the group exist ? - $query = 'SELECT COUNT(1) FROM ' . GROUPS_TABLE; - $query .= ' WHERE id = ' . $conn->db_real_escape_string($params['group_id']); - list($count) = $conn->db_fetch_row($conn->db_query($query)); - if ($count == 0) { + if (!(new GroupRepository($conn))->isGroupIdExists($params['group_id'])) { return new Error(Server::WS_ERR_INVALID_PARAM, 'This group does not exist.'); } - $query = 'DELETE FROM ' . USER_GROUP_TABLE; - $query .= ' WHERE group_id = ' . $conn->db_real_escape_string($params['group_id']); - $query .= ' AND user_id ' . $conn->in($params['user_id']); - $conn->db_query($query); + (new UserGroupRepository($conn))->delete($params['group_id'], $params['user_id']); \Phyxo\Functions\Utils::invalidate_user_cache(); diff --git a/src/Phyxo/Functions/Ws/Main.php b/src/Phyxo/Functions/Ws/Main.php index dc3a63fc6..0b0c449a8 100644 --- a/src/Phyxo/Functions/Ws/Main.php +++ b/src/Phyxo/Functions/Ws/Main.php @@ -20,6 +20,7 @@ use App\Repository\ImageTagRepository; use App\Repository\ImageCategoryRepository; use App\Repository\ImageRepository; +use App\Repository\GroupRepository; class Main { @@ -140,9 +141,7 @@ public static function getInfos($params, &$service) $query = 'SELECT COUNT(1) FROM ' . USERS_TABLE . ';'; list($infos['nb_users']) = $conn->db_fetch_row($conn->db_query($query)); - $query = 'SELECT COUNT(1) FROM ' . GROUPS_TABLE . ';'; - list($infos['nb_groups']) = $conn->db_fetch_row($conn->db_query($query)); - + $infos['nb_groups'] = (new GroupRepository($conn))->count(); $infos['nb_comments'] = (new CommentRepository($conn))->count(); // first element diff --git a/src/Phyxo/Functions/Ws/Permission.php b/src/Phyxo/Functions/Ws/Permission.php index 36207f730..c9ce3175d 100644 --- a/src/Phyxo/Functions/Ws/Permission.php +++ b/src/Phyxo/Functions/Ws/Permission.php @@ -15,6 +15,8 @@ use Phyxo\Ws\Error; use Phyxo\Ws\NamedArray; use App\Repository\CategoryRepository; +use App\Repository\GroupAccessRepository; +use App\Repository\UserAccessRepository; class Permission { @@ -51,10 +53,7 @@ public static function getList($params, &$service) $perms = []; // direct users - $query = 'SELECT user_id, cat_id FROM ' . USER_ACCESS_TABLE; - $query .= ' ' . $cat_filter; - $result = $conn->db_query($query); - + $result = (new UserAccessRepository($conn))->findByCatId($params['cat_id'] ?? null); while ($row = $conn->db_fetch_assoc($result)) { if (!isset($perms[$row['cat_id']])) { $perms[$row['cat_id']]['id'] = intval($row['cat_id']); @@ -77,9 +76,7 @@ public static function getList($params, &$service) } // groups - $query = 'SELECT group_id, cat_id FROM ' . GROUP_ACCESS_TABLE . ' ' . $cat_filter . ';'; - $result = $conn->db_query($query); - + $result = (new GroupAccessRepository($conn))->findByCatId($params['cat_id'] ?? null); while ($row = $conn->db_fetch_assoc($result)) { if (!isset($perms[$row['cat_id']])) { $perms[$row['cat_id']]['id'] = intval($row['cat_id']); @@ -155,12 +152,7 @@ public static function add($params, &$service) } } - $conn->mass_inserts( - GROUP_ACCESS_TABLE, - ['group_id', 'cat_id'], - $inserts, - ['ignore' => true] - ); + (new GroupAccessRepository($conn))->massInserts(['group_id', 'cat_id'], $inserts, ['ignore' => true]); } if (!empty($params['user_id'])) { @@ -190,17 +182,11 @@ public static function remove($params, &$service) $cat_ids = (new CategoryRepository($conn))->getSubcatIds($params['cat_id']); if (!empty($params['group_id'])) { - $query = 'DELETE FROM ' . GROUP_ACCESS_TABLE; - $query .= ' WHERE group_id ' . $conn->in($params['group_id']); - $query .= ' AND cat_id ' . $conn->in($cat_ids); - $conn->db_query($query); + (new GroupAccessRepository($conn))->deleteByGroupIdsAndCatIds($params['group_id'], $cat_ids); } if (!empty($params['user_id'])) { - $query = 'DELETE FROM ' . USER_ACCESS_TABLE; - $query .= ' WHERE user_id ' . $conn->in($params['user_id']); - $query .= ' AND cat_id ' . $conn->in($cat_ids); - $conn->db_query($query); + (new UserAccessRepository($conn))->deleteByUserIdsAndCatIds($params['user_id'], $cat_ids); } return $service->invoke('pwg.permissions.getList', ['cat_id' => $params['cat_id']]); diff --git a/src/Phyxo/Functions/Ws/User.php b/src/Phyxo/Functions/Ws/User.php index 1f9c047d6..9bc4ec268 100644 --- a/src/Phyxo/Functions/Ws/User.php +++ b/src/Phyxo/Functions/Ws/User.php @@ -17,6 +17,8 @@ use Phyxo\Ws\NamedStruct; use App\Repository\LanguageRepository; use App\Repository\HistoryRepository; +use App\Repository\GroupRepository; +use App\Repository\ThemeRepository; class User { @@ -461,12 +463,10 @@ public static function setInfo($params, &$service) $conn->db_query($query); // we remove all provided groups that do not really exist - $query = 'SELECT id FROM ' . GROUPS_TABLE; - $query .= ' WHERE id ' . $conn->in($params['group_id']); - $group_ids = $conn->query2array($query, null, 'id'); + $result = (new GroupRepository($conn))->findByIds($params['group_id']); + $group_ids = $conn->result2array($result, null, 'id'); // if only -1 (a group id that can't exist) is in the list, then no group is associated - if (count($group_ids) > 0) { $inserts = []; diff --git a/src/Phyxo/Model/Repository/Users.php b/src/Phyxo/Model/Repository/Users.php index 3300ba576..7285d9180 100644 --- a/src/Phyxo/Model/Repository/Users.php +++ b/src/Phyxo/Model/Repository/Users.php @@ -20,6 +20,7 @@ use App\Repository\CategoryRepository; use App\Repository\ImageRepository; use App\Repository\ImageCategoryRepository; +use App\Repository\GroupRepository; class Users { @@ -177,10 +178,7 @@ public function registerUser($login, $password, $mail_address, $notify_admin = t $user_id = $this->conn->db_insert_id(USERS_TABLE); // Assign by default groups - $query = 'SELECT id FROM ' . GROUPS_TABLE; - $query .= ' WHERE is_default = \'' . $this->conn->boolean_to_db(true) . '\' ORDER BY id ASC;'; - $result = $this->conn->db_query($query); - + $result = (new GroupRepository($this->conn))->findByField('is_default', true, 'ORDER BY id ASC'); $inserts = []; while ($row = $this->conn->db_fetch_assoc($result)) { $inserts[] = [ diff --git a/src/Repository/BaseRepository.php b/src/Repository/BaseRepository.php index ffba10532..4db09644d 100644 --- a/src/Repository/BaseRepository.php +++ b/src/Repository/BaseRepository.php @@ -52,4 +52,85 @@ public function __construct(DBLayer $conn) { $this->conn = $conn; } + + public function addOrderByFields(string $order_by_string) + { + return str_ireplace(['order by', ' asc', ' desc'], ['', '', ''], $order_by_string); + } + + /** + * Compute sql WHERE condition with restrict and filter data. + * "FandF" means Forbidden and Filters. + * + * @param array $condition_fields one witch fields apply each filter + * - forbidden_categories + * - visible_categories + * - forbidden_images + * - visible_images + * @param string $prefix_condition prefixes query if condition is not empty + * @param boolean $force_one_condition use at least "1 = 1" + * @return string + */ + public function getSQLConditionFandF(array $condition_fields, ? string $prefix_condition = null, bool $force_one_condition = false) + { + global $user, $filter; + + $sql_list = []; + + foreach ($condition_fields as $condition => $field_name) { + switch ($condition) { + case 'forbidden_categories': + { + if (!empty($user['forbidden_categories'])) { + $sql_list[] = $field_name . ' NOT IN (' . $user['forbidden_categories'] . ')'; + } + break; + } + case 'visible_categories': + { + if (!empty($filter['visible_categories'])) { + $sql_list[] = $field_name . ' IN (' . $filter['visible_categories'] . ')'; + } + break; + } + case 'visible_images': + if (!empty($filter['visible_images'])) { + $sql_list[] = $field_name . ' IN (' . $filter['visible_images'] . ')'; + } + // note there is no break - visible include forbidden + case 'forbidden_images': + if (!empty($user['image_access_list']) or $user['image_access_type'] != 'NOT IN') { + $table_prefix = null; + if ($field_name == 'id') { + $table_prefix = ''; + } elseif ($field_name == 'i.id') { + $table_prefix = 'i.'; + } + if (isset($table_prefix)) { + $sql_list[] = $table_prefix . 'level<=' . $user['level']; + } elseif (!empty($user['image_access_list']) and !empty($user['image_access_type'])) { + $sql_list[] = $field_name . ' ' . $user['image_access_type'] . ' (' . $user['image_access_list'] . ')'; + } + } + break; + default: + { + die('Unknown condition: ' . $condition); + break; + } + } + } + + if (count($sql_list) > 0) { + $sql = '(' . implode(' AND ', $sql_list) . ')'; + } else { + $sql = $force_one_condition ? '1 = 1' : ''; + } + + if (isset($prefix_condition) and !empty($sql)) { + $sql = $prefix_condition . ' ' . $sql; + } + + return $sql; + } } diff --git a/src/Repository/GroupAccessRepository.php b/src/Repository/GroupAccessRepository.php index 15cf58b6b..83e7f2f8a 100644 --- a/src/Repository/GroupAccessRepository.php +++ b/src/Repository/GroupAccessRepository.php @@ -13,22 +13,45 @@ class GroupAccessRepository extends BaseRepository { - public function deleteByCatIds(array $ids, ? string $condition = null) + public function findByGroupId(int $group_id) { - $query = 'DELETE FROM ' . self::GROUP_ACCESS_TABLE; - $query .= ' WHERE cat_id ' . $this->conn->in($ids); + $query = 'SELECT group_id, cat_id FROM ' . self::GROUP_ACCESS_TABLE; + $query .= ' WHERE group_id = ' . $group_id; - if (!is_null($condition)) { - $query .= ' AND ' . $condtion; + return $this->conn->db_query($query); + } + + public function findByGroupIds(array $group_ids) + { + $query = 'SELECT group_id, cat_id FROM ' . self::GROUP_ACCESS_TABLE; + $query .= ' WHERE group_id ' . $this->conn->in($group_ids); + + return $this->conn->db_query($query); + } + + public function findByCatId(? int $cat_id = null) + { + $query = 'SELECT group_id, cat_id FROM ' . self::GROUP_ACCESS_TABLE; + + if (!is_null($cat_id)) { + $query .= ' WHERE cat_id = ' . $cat_id; } - $this->conn->db_query($query); + return $this->conn->db_query($query); } - public function findByCatId(int $cat_id, string $field) + public function findFieldByCatId(int $cat_id, string $field) { $query = 'SELECT ' . $field . ' FROM ' . self::GROUP_ACCESS_TABLE; - $query .= ' WHERE cat_id = ' . $this->conn->db_real_escape_string($cat_id); + $query .= ' WHERE cat_id = ' . $cat_id; + + return $this->conn->db_query($query); + } + + public function findByCatIds(array $cat_ids) + { + $query = 'SELECT group_id, cat_id FROM ' . self::GROUP_ACCESS_TABLE; + $query .= ' WHERE cat_id ' . $this->conn->in($cat_ids); return $this->conn->db_query($query); } @@ -43,8 +66,35 @@ public function findCategoriesAuthorizedToUser(int $user_id) return $this->conn->db_query($query); } - public function insertGroupAccess(array $fields, array $datas) + public function massInserts(array $fields, array $datas) { $this->conn->mass_insert(self::GROUP_ACCESS_TABLE, $fields, $datas); } + + public function deleteByGroupIds(array $ids) + { + $query = 'DELETE FROM ' . self::GROUP_ACCESS_TABLE; + $query .= ' WHERE group_id ' . $this->conn->in($ids); + $this->conn->db_query($query); + } + + public function deleteByCatIds(array $ids, ? string $condition = null) + { + $query = 'DELETE FROM ' . self::GROUP_ACCESS_TABLE; + $query .= ' WHERE cat_id ' . $this->conn->in($ids); + + if (!is_null($condition)) { + $query .= ' AND ' . $condition; + } + + $this->conn->db_query($query); + } + + public function deleteByGroupIdsAndCatIds(array $group_ids, array $cat_ids) + { + $query = 'DELETE FROM ' . self::GROUP_ACCESS_TABLE; + $query .= ' WHERE group_id ' . $this->conn->in($group_ids); + $query .= ' AND cat_id ' . $this->conn->in($cat_ids); + $this->conn->db_query($query); + } } diff --git a/src/Repository/GroupRepository.php b/src/Repository/GroupRepository.php index 56705b213..0ab4a8f46 100644 --- a/src/Repository/GroupRepository.php +++ b/src/Repository/GroupRepository.php @@ -13,5 +13,142 @@ class GroupRepository extends BaseRepository { + public function count() : int + { + $query = 'SELECT count(1) FROM ' . self::GROUPS_TABLE; + $result = $this->conn->db_query($query); + list($nb_groups) = $this->conn->db_fetch_row($result); + return $nb_groups; + } + + public function isGroupNameExists(string $name) : bool + { + $query = 'SELECT count(1) as group_exists FROM ' . self::GROUPS_TABLE; + $query .= ' WHERE name = \'' . $this->conn->db_real_escape_string($name) . '\''; + + $result = $this->conn->db_query($query); + $row = $this->conn->db_fetch_assoc($result); + + return $row['group_exists'] == 1; + } + + public function isGroupIdExists(int $id) : bool + { + $query = 'SELECT count(1) as group_exists FROM ' . self::GROUPS_TABLE; + $query .= ' WHERE id = ' . $id; + + $result = $this->conn->db_query($query); + $row = $this->conn->db_fetch_assoc($result); + + return $row['group_exists'] == 1; + } + + public function findAll(? string $order_by = null) + { + $query = 'SELECT id, name, is_default, lastmodified FROM ' . self::GROUPS_TABLE; + + if (!is_null($order_by)) { + $query .= ' ' . $order_by; + } + + return $this->conn->db_query($query); + } + + public function findById(int $id) + { + $query = 'SELECT id, name, is_default, lastmodified FROM ' . self::GROUPS_TABLE; + $query .= ' WHERE id = ' . $id; + + return $this->conn->db_query($query); + } + + public function findByIds(array $ids, ? string $order_by = null) + { + $query = 'SELECT id, name, is_default, lastmodified FROM ' . self::GROUPS_TABLE; + $query .= ' WHERE id ' . $this->conn->in($ids); + + if (!is_null($order_by)) { + $query .= ' ' . $order_by; + } + + return $this->conn->db_query($query); + } + + public function findByField(string $field, $value, ? string $order_by = null) + { + $query = 'SELECT id, name, is_default, lastmodified FROM ' . self::GROUPS_TABLE; + + if (is_bool($value)) { + $query .= ' WHERE ' . $field . ' = \'' . $this->conn->boolean_to_db($value) . '\''; + } elseif (!isset($value) or $value === '') { + $query .= ' WHERE ' . $field . ' IS null '; + } else { + $query .= ' WHERE ' . $field . ' = \'' . $this->conn->db_real_escape_string($value) . '\''; + } + + if (!is_null($order_by)) { + $query .= ' ' . $order_by; + } + + return $this->conn->db_query($query); + } + + public function findUsersInGroups() + { + $query = 'SELECT g.id, g.name, g.is_default, username FROM ' . self::GROUPS_TABLE . ' AS g'; + $query .= ' LEFT JOIN ' . self::USER_GROUP_TABLE . ' AS ug ON g.id = ug.group_id'; + $query .= ' LEFT JOIN ' . self::USERS_TABLE . ' AS u ON ug.user_id = u.id'; + + return $this->conn->db_query($query); + } + + public function searchByName(string $name, ? array $group_ids = [], string $order, int $limit, int $offset = 0) + { + $query = 'SELECT g.id, g.name, g.is_defaut, g.lastmodified, COUNT(user_id) AS nb_users FROM ' . self::GROUPS_TABLE . ' AS g'; + $query .= ' LEFT JOIN ' . self::USER_GROUP_TABLE . ' AS ug ON ug.group_id = g.id'; + $query .= ' WHERE LOWER(name) LIKE \'' . $this->conn->db_real_escape_string($name) . '\''; + + if (count($group_ids) > 0) { + $query .= ' AND id ' . $this->conn->in($group_ids); + } + + $query .= ' GROUP BY id'; + $query .= ' ORDER BY ' . $order; + $query .= ' LIMIT ' . $limit; + $query .= ' OFFSET ' . $offset; + + return $this->conn->db_query($query); + } + + public function addGroup(array $datas) : int + { + return $this->conn->single_insert(self::GROUPS_TABLE, $datas); + } + + public function updateGroup(array $datas, int $id) + { + $this->conn->single_update(self::GROUPS_TABLE, $datas, ['id' => $id]); + } + + public function toggleIsDefault(array $ids) + { + $query = 'UPDATE ' . self::GROUPS_TABLE; + $query .= ' SET is_default = NOT(is_default)'; + $query .= ' WHERE id ' . $this->conn->in($ids); + + return $this->conn->db_query($query); + } + + public function massInserts(array $fields, array $datas) + { + $this->conn->mass_inserts(self::GROUPS_TABLE, $fields, $datas); + } + + public function deleteByIds(array $ids) + { + $query = 'DELETE FROM ' . self::GROUPS_TABLE; + $query .= ' WHERE id ' . $this->conn->in($ids); + $this->conn->db_query($query); + } } diff --git a/src/Repository/ImageRepository.php b/src/Repository/ImageRepository.php index 9c5bdbd1f..d979da43e 100644 --- a/src/Repository/ImageRepository.php +++ b/src/Repository/ImageRepository.php @@ -186,7 +186,7 @@ public function searchDistinctId(string $field, array $where, bool $permissions, return !empty($w); }); - $query = 'SELECT DISTINCT(' . $field . '),' . \Phyxo\Functions\SQL::addOrderByFields($order_by) . ' FROM ' . self::IMAGES_TABLE . ' i'; + $query = 'SELECT DISTINCT(' . $field . '),' . $this->addOrderByFields($order_by) . ' FROM ' . self::IMAGES_TABLE . ' AS i'; if ($permissions) { $query .= ' LEFT JOIN ' . self::IMAGE_CATEGORY_TABLE . ' AS ic ON id = ic.image_id'; } @@ -221,7 +221,7 @@ public function findByImageIdsAndCategoryId(array $image_ids, ? int $category_id public function findList(array $ids, string $forbidden, string $order_by) { - $query = 'SELECT DISTINCT(id),' . \Phyxo\Functions\SQL::addOrderByFields($order_by) . ' FROM ' . self::IMAGES_TABLE; + $query = 'SELECT DISTINCT(id),' . $this->addOrderByFields($order_by) . ' FROM ' . self::IMAGES_TABLE; $query .= ' LEFT JOIN ' . self::IMAGE_CATEGORY_TABLE . ' AS ic ON id = ic.image_id'; $query .= ' WHERE image_id ' . $this->conn->in($ids); $query .= ' ' . $forbidden; @@ -272,7 +272,7 @@ public function isImageExists(int $image_id) : bool $query .= ' WHERE id=' . $image_id; $result = $this->conn->db_query($query); - return ($this->conn->db_num_rows($result) === 1); + return $this->conn->db_num_rows($result) === 1; } public function updateImage(array $fields, int $id) @@ -422,7 +422,12 @@ public function findBestRated(int $limit) public function findWithNoStorageOrStorageCategoryId(array $categories) { $query = 'SELECT id FROM ' . self::IMAGES_TABLE; - $query .= ' WHERE (storage_category_id IS NULL OR storage_category_id NOT ' . $this->conn->in($categories) . ')'; + $query .= ' WHERE ('; + $query .= 'storage_category_id IS NULL'; + if (count($categories) > 0) { + $query .= ' OR storage_category_id NOT ' . $this->conn->in($categories); + } + $query .= ')'; return $this->conn->db_query($query); } diff --git a/src/Repository/UserAccessRepository.php b/src/Repository/UserAccessRepository.php index b47876a02..9a927de84 100644 --- a/src/Repository/UserAccessRepository.php +++ b/src/Repository/UserAccessRepository.php @@ -13,19 +13,18 @@ class UserAccessRepository extends BaseRepository { - public function deleteByCatIds(array $ids, string $condtion = '') + public function findByCatId(? int $cat_id = null) { - $query = 'DELETE FROM ' . self::USER_ACCESS_TABLE; - $query .= ' WHERE cat_id ' . $this->conn->in($ids); + $query = 'SELECT user_id, cat_id FROM ' . self::USER_ACCESS_TABLE; - if (!empty($condtion)) { - $query .= ' AND ' . $condtion; + if (!is_null($cat_id)) { + $query .= ' WHERE cat_id = ' . $this->conn->db_real_escape_string($cat_id); } - $this->conn->db_query($query); + return $this->conn->db_query($query); } - public function findByCatId(int $cat_id, string $field) + public function findFieldByCatId(int $cat_id, string $field) { $query = 'SELECT ' . $field . ' FROM ' . self::USER_ACCESS_TABLE; $query .= ' WHERE cat_id = ' . $this->conn->db_real_escape_string($cat_id); @@ -33,8 +32,41 @@ public function findByCatId(int $cat_id, string $field) return $this->conn->db_query($query); } + public function findByCatIds(array $cat_ids) + { + $query = 'SELECT user_id, cat_id FROM ' . self::USER_ACCESS_TABLE; + $query .= ' WHERE cat_id ' . $this->conn->in($cat_ids); + + return $this->conn->db_query($query); + } + public function insertUserAccess(array $fields, array $datas) { $this->conn->mass_insert(self::USER_ACCESS_TABLE, $fields, $datas); } + + public function massInserts(array $fields, array $datas) + { + $this->conn->mass_insert(self::USER_ACCESS_TABLE, $fields, $datas); + } + + public function deleteByCatIds(array $ids, string $condtion = '') + { + $query = 'DELETE FROM ' . self::USER_ACCESS_TABLE; + $query .= ' WHERE cat_id ' . $this->conn->in($ids); + + if (!empty($condtion)) { + $query .= ' AND ' . $condtion; + } + + $this->conn->db_query($query); + } + + public function deleteByUserIdsAndCatIds(array $user_ids, array $cat_ids) + { + $query = 'DELETE FROM ' . self::USER_ACCESS_TABLE; + $query .= ' WHERE user_id ' . $this->conn->in($user_ids); + $query .= ' AND cat_id ' . $this->conn->in($cat_ids); + $this->conn->db_query($query); + } } diff --git a/src/Repository/UserGroupRepository.php b/src/Repository/UserGroupRepository.php new file mode 100644 index 000000000..a6be9e988 --- /dev/null +++ b/src/Repository/UserGroupRepository.php @@ -0,0 +1,60 @@ +conn->in($user_ids); + + return $this->conn->db_query($query); + } + + public function findByGroupId(int $group_id) + { + $query = 'SELECT user_id, group_id FROM ' . self::USER_GROUP_TABLE; + $query .= ' WHERE group_id = ' . $group_id; + + return $this->conn->db_query($query); + } + + public function findByGroupIds(array $group_ids) + { + $query = 'SELECT user_id, group_id FROM ' . self::USER_GROUP_TABLE; + $query .= ' WHERE group_id ' . $this->conn->in($group_ids); + + return $this->conn->db_query($query); + } + + public function delete(int $group_id, array $user_ids) + { + $query = 'DELETE FROM ' . self::USER_GROUP_TABLE; + $query .= ' WHERE group_id = ' . $group_id; + $query .= ' AND user_id ' . $conn->in($user_ids); + $this->conn->db_query($query); + } + + public function deleteByGroupIds(array $ids) + { + $query = 'DELETE FROM ' . self::USER_GROUP_TABLE; + $query .= ' WHERE group_id ' . $this->conn->in($ids); + $this->conn->db_query($query); + } + + public function massInserts(array $fields, array $datas) + { + $this->conn->mass_inserts(self::USER_GROUP_TABLE, $fields, $datas); + } +} diff --git a/src/Repository/UserRepository.php b/src/Repository/UserRepository.php index 3da373433..d763ba826 100644 --- a/src/Repository/UserRepository.php +++ b/src/Repository/UserRepository.php @@ -42,6 +42,6 @@ public function isUserExists(string $username) : bool $result = $this->conn->db_query($query); $row = $this->conn->db_fetch_assoc(); - return $row['user_exists'] === 1; + return $row['user_exists'] == 1; } }