- Fix to restrict what categories users are able to post to. Kliqqi-C…

…MS#29

editlink.php

@@ -237,8 +237,10 @@
 
 			include_once(mnminclude.'dbtree.php');
 			$array = tree_to_array(0, table_categories, FALSE);
+			$array = array_values(array_filter($array, "allowToAuthorCat"));
+
 			$main_smarty->assign('lastspacer', 0);
-			$main_smarty->assign('cat_array', $array);
+			$main_smarty->assign('submit_cat_array', $array);
 
 			$canIhaveAccess = 0;
 			$canIhaveAccess = $canIhaveAccess + checklevel('admin');
@@ -290,7 +292,7 @@
 //copied directly from submit.php
 function link_errors($linkres)
 {
-	global $main_smarty, $the_template;
+	global $main_smarty, $the_template, $cached_categories;
 	$error = false;
 
 
@@ -330,6 +332,12 @@ function link_errors($linkres)
 		$main_smarty->assign('submit_error', 'nocategory');
 		$error = true;
 	}
+	foreach($cached_categories as $cat) {
+		if($cat->category__auto_id == $linkres->category && !allowToAuthorCat($cat)) { // category does not allow authors of this level
+			$main_smarty->assign('submit_error', 'nocategory');
+			$error = true;
+		}
+	}
 
 	if ($error)
 	{

libs/html1.php

@@ -1346,4 +1346,34 @@ function recursive_remove_directory($directory, $empty=TRUE)
 
 
 
+function allowToAuthorCat($cat) {
+	global $current_user, $db;
+
+	$user = new User($current_user->user_id);
+	if($user->level == "admin")
+		return true;
+	else if($user->level == "moderator" && ((is_array($cat) && $cat['authorlevel'] != "admin") || $cat->category_author_level != "admin"))
+		return true;
+	else if((is_array($cat) && $cat['authorlevel'] == "normal") || $cat->category_author_level == "normal")
+	// DB 11/12/08
+	{
+	    $group = is_array($cat) ? $cat['authorgroup'] : $cat->category_author_group;
+	    if (! $group)
+		return true;
+	    else
+	    {
+		$group = "'".preg_replace("/\s*(,\s*)+/","','",$group)."'";
+		$groups = $db->get_row($sql = "SELECT a.* FROM ".table_groups." a, ".table_group_member." b 
+							WHERE   a.group_id=b.member_group_id AND 
+							 	b.member_user_id=$user->id   AND 
+								a.group_status='Enable' AND 
+								b.member_status='active' AND
+								a.group_name IN ($group)");
+		if ($groups->group_id)
+		    return true;
+	    }
+	}
+	/////
+	return false;
+}
 ?>

submit.php

@@ -649,35 +649,4 @@ function link_catcha_errors($linkerror)
 	}
 	return $error;
 }
-
-function allowToAuthorCat($cat) {
-	global $current_user, $db;
-
-	$user = new User($current_user->user_id);
-	if($user->level == "admin")
-		return true;
-	else if($user->level == "moderator" && ((is_array($cat) && $cat['authorlevel'] != "admin") || $cat->category_author_level != "admin"))
-		return true;
-	else if((is_array($cat) && $cat['authorlevel'] == "normal") || $cat->category_author_level == "normal")
-	// DB 11/12/08
-	{
-	    $group = is_array($cat) ? $cat['authorgroup'] : $cat->category_author_group;
-	    if (! $group)
-		return true;
-	    else
-	    {
-		$group = "'".preg_replace("/\s*(,\s*)+/","','",$group)."'";
-		$groups = $db->get_row($sql = "SELECT a.* FROM ".table_groups." a, ".table_group_member." b 
-							WHERE   a.group_id=b.member_group_id AND 
-							 	b.member_user_id=$user->id   AND 
-								a.group_status='Enable' AND 
-								b.member_status='active' AND
-								a.group_name IN ($group)");
-		if ($groups->group_id)
-		    return true;
-	    }
-	}
-	/////
-	return false;
-}
 ?>

templates/bootstrap/edit_submission_center.tpl

@@ -95,20 +95,20 @@
 	<span class="field-description">{#PLIGG_Visual_Submit2_CatInstruct#}</span>
 	<br />
 	{if $Multiple_Categories}
-		{section name=thecat loop=$cat_array}
-			{$cat_array[thecat].spacercount|repeat_count:'&nbsp;&nbsp;&nbsp;&nbsp;'}
-				 <input type="checkbox" class="form-control" name="category[]" value="{$cat_array[thecat].auto_id}" {if $cat_array[thecat].auto_id == $submit_category  || in_array($cat_array[thecat].auto_id,$submit_additional_cats)}checked{/if}> {$cat_array[thecat].name}<br />							
+		{section name=thecat loop=$submit_cat_array}
+			{$submit_cat_array[thecat].spacercount|repeat_count:'&nbsp;&nbsp;&nbsp;&nbsp;'}
+				 <input type="checkbox" class="form-control" name="category[]" value="{$submit_cat_array[thecat].auto_id}" {if $submit_cat_array[thecat].auto_id == $submit_category  || in_array($submit_cat_array[thecat].auto_id,$submit_additional_cats)}checked{/if}> {$submit_cat_array[thecat].name}<br />							
 		{/section}
 	{else}
 		<select class="form-control" {if $Multiple_Categories}name="category[]" multiple size=10{else}name="category"{/if}>
-			{section name=thecat loop=$cat_array}
-				<option value = "{$cat_array[thecat].auto_id}"{if $cat_array[thecat].auto_id eq $submit_category || in_array($cat_array[thecat].auto_id,$submit_additional_cats)} selected="selected"{/if}>
-				{if $cat_array[thecat].spacercount lt $lastspacer}{$cat_array[thecat].spacerdiff|repeat_count:''}{/if}
-				{if $cat_array[thecat].spacercount gt $lastspacer}{/if}
-				{$cat_array[thecat].spacercount|repeat_count:'&nbsp;&nbsp;&nbsp;'}
-				{$cat_array[thecat].name} 
+			{section name=thecat loop=$submit_cat_array}
+				<option value = "{$submit_cat_array[thecat].auto_id}"{if $submit_cat_array[thecat].auto_id eq $submit_category || in_array($submit_cat_array[thecat].auto_id,$submit_additional_cats)} selected="selected"{/if}>
+				{if $submit_cat_array[thecat].spacercount lt $lastspacer}{$submit_cat_array[thecat].spacerdiff|repeat_count:''}{/if}
+				{if $submit_cat_array[thecat].spacercount gt $lastspacer}{/if}
+				{$submit_cat_array[thecat].spacercount|repeat_count:'&nbsp;&nbsp;&nbsp;'}
+				{$submit_cat_array[thecat].name} 
 				&nbsp;&nbsp;&nbsp;       
-				{assign var=lastspacer value=$cat_array[thecat].spacercount}					
+				{assign var=lastspacer value=$submit_cat_array[thecat].spacercount}					
 				</option>
 			{/section}
 		</select>