added ability to define required user level on a per permission basis

8 files changed, 130 insertions, 32 deletions

diff --git a/admin/preferences.php b/admin/preferences.php
index 94f940f3..4454faaa 100644
--- a/admin/preferences.php
+++ b/admin/preferences.php
@@ -5,9 +5,8 @@
  All rights reserved.
 
  This program is free software; you can redistribute it and/or
- modify it under the terms of the GNU General Public License
- as published by the Free Software Foundation; either version 2
- of the License, or (at your option) any later version.
+ modify it under the terms of the GNU General Public License v2
+ as published by the Free Software Foundation
 
  This program is distributed in the hope that it will be useful,
  but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -31,19 +30,20 @@
 
 require('../lib/init.php');
 
-
-if (!$user->has_access(100)) {
+if (!$GLOBALS['user']->has_access(100)) {
 	access_denied();
 }
 
 $user_id = scrub_in($_REQUEST['user_id']);
+$action  = scrub_in($_REQUEST['action']);
 if (!$user_id) { $user_id ='-1'; } 
 
 $temp_user = new User($user_id);
 $temp_user->username = $user_id;
 
-switch(scrub_in($_REQUEST['action'])) { 
+show_template('header');
 
+switch($action) { 
 	case 'user':
 		$fullname = "ADMIN - " . $temp_user->fullname;
 		$preferences = $temp_user->get_preferences();
@@ -66,6 +66,16 @@ switch(scrub_in($_REQUEST['action'])) {
 		$temp_user->fix_preferences($user_id);
 		$preferences = $temp_user->get_preferences($user_id);
 	break;
+	case 'set_preferences':
+		/* Update the preferences */
+		foreach ($_REQUEST['prefs'] as $name=>$leve) { 
+			update_preference_level($name,$level);
+		} // end foreach preferences
+	case 'show_set_preferences':
+		/* Get all preferences */
+		$preferences = get_preferences();
+		require_once(conf('prefix') . '/templates/show_preference_admin.inc.php');
+	break;
 	default:
 		$preferences = $temp_user->get_preferences();
 		$fullname = "Site";
@@ -74,16 +84,14 @@ switch(scrub_in($_REQUEST['action'])) {
 } // End Switch Action
 
 
-// HEADER
-show_template('header');
-// HEADER
-
-// Set Target
-$target = "/admin/preferences.php";
-
-// Show the default preferences page
-require (conf('prefix') . "/templates/show_preferences.inc");
+// OMG HORRIBLE HACK Beatings for the programmer 
+if ($action != 'show_set_preferences' AND $action != 'set_preferences') { 
+	// Set Target
+	$target = "/admin/preferences.php";
 
+	// Show the default preferences page
+	require (conf('prefix') . "/templates/show_preferences.inc");
+}
 
 // FOOTER
 show_footer();
diff --git a/docs/CHANGELOG b/docs/CHANGELOG
index 4852ffd6..d350b09a 100755
--- a/docs/CHANGELOG
+++ b/docs/CHANGELOG
@@ -4,7 +4,10 @@
 
 --------------------------------------------------------------------------
   v.3.3.3-Alpha2
-	- Foced a sane Post Size had some people with 32 byte post sizes
+	- Added ability for Admins to define the required permission level
+		for individual preferences
+	- Added WavPack support
+	- Forced a sane Post Size had some people with 32 byte post sizes
 		which will not work with Ampache. 
 	- Fixed a logic error with the MPD controller.
 	- Fixed a problem were invalid bitrates below the set downsample
@@ -41,7 +44,7 @@
 		tags were found
 	- Added new version of getid3() library which will hopefully 
 		resolve some PHP5 related issues
-	- Fixed security issue that allowed users to gain gues access to
+	- Fixed security issue that allowed users to gain guest access to
 		ampache if register globals is enabled. 
 	- Added xml based query for artists,genre,albums and search see
 		/server/xml.server.php
diff --git a/lib/class/song.class.php b/lib/class/song.class.php
index f72506f8..69a7b9a6 100644
--- a/lib/class/song.class.php
+++ b/lib/class/song.class.php
@@ -148,6 +148,9 @@ class Song {
 			case 'flac';
 				$this->mime = "audio/x-flac";
 			break;
+			case 'wv':
+				$this->mime = 'audio/x-wavpack';
+			break;
 			case 'aac':
 			case 'mp4':
 			case 'm4a':
diff --git a/lib/general.lib.php b/lib/general.lib.php
index fc60db3e..6cce88b8 100644
--- a/lib/general.lib.php
+++ b/lib/general.lib.php
@@ -988,5 +988,4 @@ function get_user_from_username($username) {
 
 } // get_user_from_username
 
-
 ?>
diff --git a/lib/init.php b/lib/init.php
index 3cd54d46..5458ce43 100644
--- a/lib/init.php
+++ b/lib/init.php
@@ -77,7 +77,7 @@ $results['version']		= '3.3.3-Alpha2 Build (002)';
 
 $results['raw_web_path']	= $results['web_path'];
 $results['web_path']		= $http_type . $_SERVER['HTTP_HOST'] . $results['web_path'];
-$results['catalog_file_pattern']= 'mp3|mpc|m4p|m4a|mp4|aac|ogg|rm|wma|asf|flac|spx|ra|ape|shn';
+$results['catalog_file_pattern']= 'mp3|mpc|m4p|m4a|mp4|aac|ogg|rm|wma|asf|flac|spx|ra|ape|shn|wv';
 $results['http_port']		= $_SERVER['SERVER_PORT'];
 if (!$results['prefix']) { 
 	$results['prefix'] = $prefix;
diff --git a/lib/preferences.php b/lib/preferences.php
index d3c8ce63..e46ad8e0 100644
--- a/lib/preferences.php
+++ b/lib/preferences.php
@@ -179,25 +179,21 @@ function update_preference($username,$name,$pref_id,$value) {
 */
 function has_preference_access($name) { 
 
+	/* If it's a demo they don't get jack */
         if (conf('demo_mode')) {
 	        return false;
         }
 
-	switch($name) {
+	$name = sql_escape($name);
 
-		case 'download':
-		case 'upload':
-		case 'quarantine':
-		case 'upload_dir':
-		case 'sample_rate':
-		case 'direct_link':
-			$level = 100;
-		break;
-		default:
-			$level = 25;
-		break;
-	} // end switch key
+	/* Check Against the Database Row */
+	$sql = "SELECT level FROM preferences " . 
+		"WHERE name='$name'";
+	$db_results = mysql_query($sql, dbh());
 
+	$data = mysql_fetch_assoc($db_results);
+
+	$level = $data['level'];
 
 	if ($GLOBALS['user']->has_access($level)) { 
 		return true;
@@ -454,4 +450,41 @@ function show_import_playlist() {
 
 } // show_import_playlist
 
+/**
+ * get_preferences
+ * This returns an array of all current preferences in the
+ * preferences table, this isn't a users preferences
+ */
+function get_preferences() {
+
+        $sql = "SELECT * FROM preferences";
+        $db_results = mysql_query($sql, dbh());
+
+        $results = array();
+
+        while ($r = mysql_fetch_assoc($db_results)) {
+                $results[] = $r;
+        }
+
+        return $results;
+
+} // get_preferences
+
+/**
+ * update_preference_level
+ * This function updates the level field in the preferences table
+ * this has nothing to do with a users actuall preferences
+ */
+function update_preference_level($name,$level) { 
+
+	$name 	= sql_escape($name);
+	$level 	= sql_escape($level);
+
+	$sql = "UPDATE preferences SET `level`='$level' WHERE `name`='$name'";
+	$db_results = mysql_query($sql,dbh());
+
+	return true;
+
+} // update_preference_level
+
 ?>
diff --git a/templates/show_admin_tools.inc.php b/templates/show_admin_tools.inc.php
index e2734f7f..6a5ed497 100644
--- a/templates/show_admin_tools.inc.php
+++ b/templates/show_admin_tools.inc.php
@@ -77,6 +77,7 @@ $users		= $GLOBALS['user']->get_recent(10);
 	<a href="<?php echo $web_path; ?>/admin/catalog.php?action=clear_now_playing"><?php echo _('Clear Now Playing'); ?></a>
 	<hr noshade="noshade" size="3" />
 	<a href="<?php echo $web_path; ?>/admin/system.php?action=generate_config"><?php echo _('Generate New Config'); ?></a>
+	<a href="<?php echo $web_path; ?>/admin/preferences.php?action=show_set_preferences"><?php echo _('Preferences Permissions'); ?></a>
 <!--	<a href="<?php echo $web_path; ?>/admin/system.php?action=check_version"><?php echo _('Check for New Version'); ?></a>
 -->
 </div>
diff --git a/templates/show_preference_admin.inc.php b/templates/show_preference_admin.inc.php
new file mode 100644
index 00000000..203ffe57
--- /dev/null
+++ b/templates/show_preference_admin.inc.php
@@ -0,0 +1,51 @@
+<?php
+/*
+
+ Copyright (c) 2001 - 2006 Ampache.org
+ All rights reserved.
+
+ This program is free software; you can redistribute it and/or
+ modify it under the terms of the GNU General Public License v2
+ as published by the Free Software Foundation
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+
+*/
+?>
+<?php show_box_top(_('Preference Administration')); ?>
+<form method="post" action="<?php echo conf('web_path'); ?>/admin/preferences.php" enctype="multipart/form-data">
+<table cellspacing="0">
+<tr class="table-header">
+	<td><?php echo _('Preference'); ?></td>
+	<td><?php echo _('Level'); ?></td>
+</tr>
+<?php foreach ($preferences as $preference) { 
+	unset($is_25,$is_5,$is_100);
+?>
+<tr class="<?php echo flip_class(); ?>">
+	<td><?php echo scrub_out($preference['description']); ?></td>
+	<td>
+		<?php $level_name = "is_" . $preference['level']; ${$level_name} = 'selected="selected"'; ?> 
+		<select name="prefs[<?php echo scrub_out($preference['name']); ?>]">
+			<option value="5" <?php echo $is_5; ?>><?php echo _('Guest'); ?></option>
+			<option value="25" <?php echo $is_25; ?>><?php echo _('User'); ?></option>
+			<option value="100" <?php echo $is_100; ?>><?php echo _('Admin'); ?></option>
+		</select>
+	</td>
+</tr>
+<?php } ?>
+<tr>
+	<td colspan="2">
+		<input type="hidden" name="action" value="set_preferences" />
+		<input type="submit" value="<?php echo _('Update'); ?>" />
+	</td>	
+</table>
+</form>
+<?php show_box_bottom(); ?>