From 3ed50ce0b7665fcd6a2a80d1f5bc6630089382d5 Mon Sep 17 00:00:00 2001 From: "Paul S. Owen" <psotfx@users.sourceforge.net> Date: Thu, 31 May 2001 15:39:59 +0000 Subject: [PATCH] Changes to allow all auth types to be returned git-svn-id: file:///svn/phpbb/trunk@388 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/auth.php | 244 +++++++++++++-------- phpBB/templates/Default/viewforum_body.tpl | 3 + phpBB/templates/Default/viewtopic_body.tpl | 3 + phpBB/templates/PSO/viewforum_body.tpl | 2 +- phpBB/templates/PSO/viewtopic_body.tpl | 14 +- phpBB/viewforum.php | 19 +- phpBB/viewtopic.php | 17 +- 7 files changed, 193 insertions(+), 109 deletions(-) diff --git a/phpBB/includes/auth.php b/phpBB/includes/auth.php index 68df6f53eb..146711ee11 100644 --- a/phpBB/includes/auth.php +++ b/phpBB/includes/auth.php @@ -22,40 +22,75 @@ * ***************************************************************************/ -/* Notes: - * auth() returns: - * TRUE if the user authorized - * FALSE if the user is not - */ +/* + Possible options to send to auth (not all are functional yet!): + + * If you include a type then a specific lookup will + be done and the single result returned + + * If you set type to ALL an array of all auth types + will be returned + + * If you provide a forum_id a specific lookup on that + forum will be done + + * If you set forum_id to LIST_ALL an array of all + forums to which the user has access of type will be returned + <- used for index and search? (type VIEW and READ respectively) + + * If you set forum_id to LIST_ALL and type to ALL a + multidimensional array containing the auth permissions + for all types and all forums for that user is returned + + * If you set $userdata to ALL, then the permissions of all + users listed in the auth_access table will be returned for + the given type and forum_id <- use to check for moderators? + + All results are returned as associative arrays, even + when a single auth type is specified + +*/ function auth($type, $forum_id, $userdata, $f_access = -1) { global $db; switch($type) { + case ALL: + $a_sql = "auth_view, auth_read, auth_post, auth_reply, auth_edit, auth_delete, auth_votecreate, auth_vote"; + $auth_fields = array("auth_view", "auth_read", "auth_post", "auth_reply", "auth_edit", "auth_delete", "auth_votecreate", "auth_vote"); + break; case VIEW: $a_sql = "auth_view"; + $auth_fields = array("auth_view"); break; case READ: $a_sql = "auth_read"; + $auth_fields = array("auth_read"); break; case POST: $a_sql = "auth_post"; + $auth_fields = array("auth_post"); break; case REPLY: $a_sql = "auth_reply"; + $auth_fields = array("auth_reply"); break; case EDIT: $a_sql = "auth_edit"; + $auth_fields = array("auth_edit"); break; case DELETE: $a_sql = "auth_delete"; + $auth_fields = array("auth_delete"); break; case VOTECREATE: $a_sql = "auth_votecreate"; + $auth_fields = array("auth_votecreate"); break; case VOTE: $a_sql = "auth_vote"; + $auth_fields = array("auth_vote"); break; default: break; @@ -70,14 +105,14 @@ function auth($type, $forum_id, $userdata, $f_access = -1) if($f_access == -1 || $forum_id == LIST_ALL) { $forum_match_sql = ($forum_id != LIST_ALL) ? "WHERE forum_id = $forum_id" : ""; - $sql = "SELECT $a_sql AS forum_auth + $sql = "SELECT $a_sql FROM ".AUTH_FORUMS_TABLE." $forum_match_sql"; $af_result = $db->sql_query($sql); if($forum_id != LIST_ALL) { - $f_access = $db->sql_fetchfield("forum_auth", -1, $af_result); + $f_access = $db->sql_fetchrow($af_result); } else { @@ -97,118 +132,139 @@ function auth($type, $forum_id, $userdata, $f_access = -1) { if($forum_id != LIST_ALL) { - $auth_user = ($f_access == ALL) ? true : false; + for($i = 0; $i < count($f_access); $i++) + { + $auth_user[$auth_fields[$i]] = ($f_access[$auth_fields[$i]] == ALL) ? true : false; + } } else { $auth_user_list = array(); for($i = 0; $i < count($auth_forum_rows); $i++) { - $auth_user_list[] = ($f_access_rows['0']['forum_auth'] == ALL) ? true : false; + for($j = 0; $j < count($f_access); $j++) + { + $auth_user_list[][$auth_fields[$j]] = ($f_access_rows[$i][$auth_fields[$j]] == ALL) ? true : false; + } } } } else { - // - // If the user is logged on and the forum - // type is either ALL or REG then the user - // has access - // - if($f_access == ALL || $f_access == REG) - { - $auth_user = true; - } - else - { - // - // If the type if ACL, MOD or ADMIN - // then we need to see if the user has - // specific permissions to do whatever it - // is they want to do ... to do this - // we pull relevant information for the user - // (and any groups they belong to) - // - $forum_match_sql = ($forum_id != LIST_ALL) ? "AND ( aa.forum_id = $forum_id OR aa.forum_id = " . ALL . ")" : ""; - $sql = "SELECT aa.$a_sql AS user_auth, aa.auth_mod, aa.auth_admin, g.single_user - FROM ".AUTH_ACCESS_TABLE." aa, " . USER_GROUP_TABLE. " ug, " . GROUPS_TABLE. " g - WHERE ug.user_id = ".$userdata['user_id']. " - AND g.group_id = ug.group_id - AND aa.group_id = ug.group_id - $forum_match_sql"; - $au_result = $db->sql_query($sql); - if(!$db->sql_numrows($au_result)) + $forum_match_sql = ($forum_id != LIST_ALL) ? "AND ( aa.forum_id = $forum_id OR aa.forum_id = " . ALL . ")" : ""; + $sql = "SELECT $a_sql, auth_mod, auth_admin, g.single_user + FROM ".AUTH_ACCESS_TABLE." aa, " . USER_GROUP_TABLE. " ug, " . GROUPS_TABLE. " g + WHERE ug.user_id = ".$userdata['user_id']. " + AND g.group_id = ug.group_id + AND aa.group_id = ug.group_id + $forum_match_sql"; + $au_result = $db->sql_query($sql); + + $u_access = $db->sql_fetchrowset($au_result); + + for($i = 0; $i < count($auth_fields); $i++) + { + $key = $auth_fields[$i]; + $value = $f_access[$key]; + + // + // If the user is logged on and the forum + // type is either ALL or REG then the user + // has access + // + if($value == ALL || $value == REG) { - // - // No entry was found for this user - // thus they don't have access, - // You are the Weakest Link, Goodbye! - // - $auth_user = false; + $auth_user[$key] = true; } else { - $u_access = $db->sql_fetchrowset($au_result); - } + // + // If the type if ACL, MOD or ADMIN + // then we need to see if the user has + // specific permissions to do whatever it + // is they want to do ... to do this + // we pull relevant information for the user + // (and any groups they belong to) + // - $single_user = false; + $single_user = false; - // - // Now we compare the users access level - // against the forums We assume here that - // a moderator and admin automatically have - // access to an ACL forum, similarly we assume - // admins meet an auth requirement of MOD - // - // The access level assigned to a single user - // automatically takes precedence over any - // levels granted by that user being a member - // of a multi-user usergroup, eg. a user - // who is banned from a forum won't gain - // access to it even if they belong to a group - // which has access (and vice versa). This - // check is done via the single_user check - // - switch($f_access) - { - case ACL: - for($i = 0; $i < count($u_access); $i++) - { - if(!$single_user) + // + // Now we compare the users access level + // against the forums We assume here that + // a moderator and admin automatically have + // access to an ACL forum, similarly we assume + // admins meet an auth requirement of MOD + // + // The access level assigned to a single user + // automatically takes precedence over any + // levels granted by that user being a member + // of a multi-user usergroup, eg. a user + // who is banned from a forum won't gain + // access to it even if they belong to a group + // which has access (and vice versa). This + // check is done via the single_user check + // + switch($value) + { + case ACL: + for($j = 0; $j < count($u_access); $j++) { - $auth_user = $auth_user || $u_access[$i]['user_auth'] || $u_access[$i]['auth_mod'] || $u_access[$i]['auth_admin']; - $single_user = $u_access[$i]['single_user']; + if(!$single_user) + { + $auth_user[$key] = $auth_user[$key] || $u_access[$j]['user_auth'] || $u_access[$i]['auth_mod'] || $u_access[$j]['auth_admin']; + $single_user = $u_access[$j]['single_user']; + } } - } - break; + break; + + case MOD: + for($j = 0; $j < count($u_access); $j++) + { + if(!$single_user) + { + $auth_user[$key] = $auth_user[$key] || $u_access[$j]['auth_mod'] || $u_access[$j]['auth_admin']; + $single_user = $u_access[$j]['single_user']; + } + } + break; - case MOD: - for($i = 0; $i < count($u_access); $i++) - { - if(!$single_user) + case ADMIN: + for($j = 0; $j < count($u_access); $j++) { - $auth_user = $auth_user || $u_access[$i]['auth_mod'] || $u_access[$i]['auth_admin']; - $single_user = $u_access[$i]['single_user']; + if(!$single_user) + { + $auth_user[$key] = $auth_user[$key] || $u_access[$j]['auth_admin']; + $single_user = $u_access[$j]['single_user']; + } } - } - break; - - case ADMIN: - for($i = 0; $i < count($u_access); $i++) - { - if(!$single_user) - { - $auth_user = $auth_user || $u_access[$i]['auth_admin']; - $single_user = $u_access[$i]['single_user']; - } - } - break; + break; - default: - $auth_user = false; - break; + default: + $auth_user[$auth_fields[$i]] = false; + break; + } + } + } + + $single_user = false; + for($j = 0; $j < count($u_access); $j++) + { + if(!$single_user) + { + $auth_user['auth_mod'] = $auth_user['auth_mod'] || $u_access[$j]['auth_mod']; + $single_user = $u_access[$j]['single_user']; + } + } + $single_user = false; + for($j = 0; $j < count($u_access); $j++) + { + if(!$single_user) + { + $auth_user['auth_admin'] = $auth_user['auth_admin'] || $u_access[$j]['auth_admin']; + $single_user = $u_access[$j]['single_user']; } } } diff --git a/phpBB/templates/Default/viewforum_body.tpl b/phpBB/templates/Default/viewforum_body.tpl index 74e8f632cb..f96cf44cd6 100644 --- a/phpBB/templates/Default/viewforum_body.tpl +++ b/phpBB/templates/Default/viewforum_body.tpl @@ -99,6 +99,9 @@ </td> </tr> + <tr> + <td align="left" style="{font-size: 8pt; height: 55px;}">{S_AUTH_LIST}</td> + </tr> </table> </td> </tr> \ No newline at end of file diff --git a/phpBB/templates/Default/viewtopic_body.tpl b/phpBB/templates/Default/viewtopic_body.tpl index 001269675b..1e6b7a5eeb 100644 --- a/phpBB/templates/Default/viewtopic_body.tpl +++ b/phpBB/templates/Default/viewtopic_body.tpl @@ -145,6 +145,9 @@ </td> </tr> + <tr> + <td align="left" style="{font-size: 8pt; height: 55px;}">{S_AUTH_LIST}</td> + </tr> </table> </td> </tr> \ No newline at end of file diff --git a/phpBB/templates/PSO/viewforum_body.tpl b/phpBB/templates/PSO/viewforum_body.tpl index 781e809593..e5c77151e4 100644 --- a/phpBB/templates/PSO/viewforum_body.tpl +++ b/phpBB/templates/PSO/viewforum_body.tpl @@ -51,7 +51,7 @@ <tr> <td width="20"></td> <td width="40%"><font face="{T_FONTFACE1}" size="{T_FONTSIZE1}"><b>{S_TIMEZONE}</b></font></td> - <td rowspan="6" align="right" valign="top" nowrap>{JUMPBOX}</td> + <td rowspan="6" align="right" valign="top" nowrap>{JUMPBOX}<br><font face="{T_FONTFACE1}" size="{T_FONTSIZE1}">{S_AUTH_LIST}</font></td> </tr> <tr> <td><img src="images/red_folder.gif"></td> diff --git a/phpBB/templates/PSO/viewtopic_body.tpl b/phpBB/templates/PSO/viewtopic_body.tpl index 240a9db5fa..9a703866c2 100644 --- a/phpBB/templates/PSO/viewtopic_body.tpl +++ b/phpBB/templates/PSO/viewtopic_body.tpl @@ -9,12 +9,12 @@ <tr> <td bgcolor="{T_TH_COLOR1}"><table border="0" cellpadding="4" cellspacing="1" width="100%"> <tr> - <td colspan="2" bgcolor="{T_TH_COLOR2}"><table width="100%" cellspacing="0" cellpadding="0" border="0"> - <tr> - <td><font face="{T_FONTFACE1}" size="{T_FONTSIZE3}"><b>{TOPIC_TITLE}</b></font></td> - <td align="right" valign="middle"><a href="{U_POST_REPLY_TOPIC}"><img src="templates/PSO/images/reply.gif" border="1" /></a> <a href="{U_POST_NEW_TOPIC}"><img src="templates/PSO/images/post.gif" border="1" /></a> </td> - </tr> - </table></td> + <td colspan="2" bgcolor="{T_TH_COLOR2}"><table width="100%" cellspacing="0" cellpadding="0" border="0"> + <tr> + <td><font face="{T_FONTFACE1}" size="{T_FONTSIZE3}"><b>{TOPIC_TITLE}</b></font></td> + <td align="right" valign="middle"><a href="{U_POST_REPLY_TOPIC}"><img src="templates/PSO/images/reply.gif" border="1" /></a> <a href="{U_POST_NEW_TOPIC}"><img src="templates/PSO/images/post.gif" border="1" /></a> </td> + </tr> + </table></td> </tr> <tr> <td width="20%" bgcolor="{T_TH_COLOR3}"><font face="{T_FONTFACE1}" size="{T_FONTSIZE2}"><b>{L_AUTHOR}</b></font></td> @@ -59,6 +59,6 @@ <div align="center"><table cellspacing="2" border="0" width="98%"> <tr> <td width="40%" valign="top"><font face="{T_FONTFACE1}" size="{T_FONTSIZE1}"><b>{S_TIMEZONE}</b></font></td> - <td align="right" valign="top" nowrap>{JUMPBOX}</td> + <td align="right" valign="top" nowrap>{JUMPBOX}<br><font face="{T_FONTFACE1}" size="{T_FONTSIZE1}">{S_AUTH_LIST}</font></td> </tr> </table></div> \ No newline at end of file diff --git a/phpBB/viewforum.php b/phpBB/viewforum.php index 76bf681f32..885c12cd55 100644 --- a/phpBB/viewforum.php +++ b/phpBB/viewforum.php @@ -56,7 +56,7 @@ init_userprefs($userdata); // if(isset($forum_id)) { - $sql = "SELECT f.forum_type, f.forum_name, f.forum_topics, u.username, u.user_id, fa.* + $sql = "SELECT f.forum_name, f.forum_topics, u.username, u.user_id, fa.* FROM ".FORUMS_TABLE." f, ".FORUM_MODS_TABLE." fm, ".USERS_TABLE." u, ".AUTH_FORUMS_TABLE." fa WHERE f.forum_id = $forum_id AND fa.forum_id = f.forum_id @@ -88,9 +88,9 @@ if(!$forum_row) // // Start auth check // -$is_auth = auth(READ, $forum_id, $userdata, $forum_row['0']['auth_read']); +$is_auth = auth(ALL, $forum_id, $userdata, $forum_row[0]); -if(!$is_auth) +if(!$is_auth['auth_read']) { // // Ooopss, user is not authed @@ -304,10 +304,21 @@ if($total_topics) ); } + $s_auth_can = ""; + $s_auth_can .= "You " . (($is_auth['auth_read']) ? "<b>can</b>" : "<b>cannot</b>" ) . " read posts in this forum<br>"; + $s_auth_can .= "You " . (($is_auth['auth_post']) ? "<b>can</b>" : "<b>cannot</b>") . " add new topics to this forum<br>"; + $s_auth_can .= "You " . (($is_auth['auth_reply']) ? "<b>can</b>" : "<b>cannot</b>") . " reply to posts in this forum<br>"; + $s_auth_can .= "You " . (($is_auth['auth_edit']) ? "<b>can</b>" : "<b>cannot</b>") . " edit your posts in this forum<br>"; + $s_auth_can .= "You " . (($is_auth['auth_delete']) ? "<b>can</b>" : "<b>cannot</b>") . " delete your posts in this forum<br>"; + $s_auth_can .= ($is_auth['auth_mod']) ? "You are a moderator of this forum<br>" : ""; + $s_auth_can .= ($is_auth['auth_admin']) ? "You are a board admin<br>" : ""; + $template->assign_vars(array( "PAGINATION" => generate_pagination("viewforum.$phpEx?".POST_FORUM_URL."=$forum_id&postdays=$post_days", $topics_count, $board_config['topics_per_page'], $start), "ON_PAGE" => (floor($start/$board_config['topics_per_page'])+1), - "TOTAL_PAGES" => ceil($topics_count/$board_config['topics_per_page']), + "TOTAL_PAGES" => ceil($topics_count/$board_config['topics_per_page']), + + "S_AUTH_LIST" => $s_auth_can, "L_OF" => $lang['of'], "L_PAGE" => $lang['Page'], diff --git a/phpBB/viewtopic.php b/phpBB/viewtopic.php index d275f5f5fb..56edebdacb 100644 --- a/phpBB/viewtopic.php +++ b/phpBB/viewtopic.php @@ -136,9 +136,9 @@ else $join_sql_table = (!isset($post_id)) ? "" : "".POSTS_TABLE." p, ".POSTS_TABLE." p2,"; $join_sql = (!isset($post_id)) ? "t.topic_id = $topic_id" : "p.post_id = $post_id AND t.topic_id = p.topic_id AND p2.topic_id = p.topic_id AND p2.post_id <= $post_id"; $count_sql = (!isset($post_id)) ? "" : ", COUNT(p2.post_id) AS prev_posts"; - $order_sql = (!isset($post_id)) ? "" : "GROUP BY fm.user_id, p.post_id, t.topic_id, t.topic_title, t.topic_status, t.topic_replies, t.topic_time, f.forum_type, f.forum_name, f.forum_id, u.username, u.user_id ORDER BY p.post_id ASC"; + $order_sql = (!isset($post_id)) ? "" : "GROUP BY fm.user_id, p.post_id, t.topic_id, t.topic_title, t.topic_status, t.topic_replies, t.topic_time, f.forum_name, f.forum_id, u.username, u.user_id, fa.auth_read ORDER BY p.post_id ASC"; - $sql = "SELECT t.topic_id, t.topic_title, t.topic_status, t.topic_replies, t.topic_time, f.forum_type, f.forum_name, f.forum_id, u.username, u.user_id, fa.auth_read".$count_sql." + $sql = "SELECT t.topic_id, t.topic_title, t.topic_status, t.topic_replies, t.topic_time, f.forum_name, f.forum_id, u.username, u.user_id, fa.*".$count_sql." FROM $join_sql_table ".TOPICS_TABLE." t, ".FORUMS_TABLE." f, ".FORUM_MODS_TABLE." fm, ".USERS_TABLE." u, ".AUTH_FORUMS_TABLE." fa WHERE $join_sql AND f.forum_id = t.forum_id @@ -213,7 +213,7 @@ init_userprefs($userdata); // // Start auth check // -$is_auth = auth(READ, $forum_id, $userdata, $forum_row[0]['auth_read']); +$is_auth = auth(ALL, $forum_id, $userdata, $forum_row[0]); if(!$is_auth) { @@ -515,11 +515,22 @@ else $pages = "1 $l_page"; } +$s_auth_can = ""; +$s_auth_can .= "You " . (($is_auth['auth_read']) ? "<b>can</b>" : "<b>cannot</b>" ) . " read posts in this forum<br>"; +$s_auth_can .= "You " . (($is_auth['auth_post']) ? "<b>can</b>" : "<b>cannot</b>") . " add new topics to this forum<br>"; +$s_auth_can .= "You " . (($is_auth['auth_reply']) ? "<b>can</b>" : "<b>cannot</b>") . " reply to posts in this forum<br>"; +$s_auth_can .= "You " . (($is_auth['auth_edit']) ? "<b>can</b>" : "<b>cannot</b>") . " edit your posts in this forum<br>"; +$s_auth_can .= "You " . (($is_auth['auth_delete']) ? "<b>can</b>" : "<b>cannot</b>") . " delete your posts in this forum<br>"; +$s_auth_can .= ($is_auth['auth_mod']) ? "You are a moderator of this forum<br>" : ""; +$s_auth_can .= ($is_auth['auth_admin']) ? "You are a board admin<br>" : ""; + $template->assign_vars(array( "PAGINATION" => generate_pagination("viewtopic.$phpEx?".POST_TOPIC_URL."=$topic_id", $total_replies, $board_config['posts_per_page'], $start), "ON_PAGE" => (floor($start/$board_config['posts_per_page'])+1), "TOTAL_PAGES" => ceil(($total_replies)/$board_config['posts_per_page']), + "S_AUTH_LIST" => $s_auth_can, + "L_OF" => $lang['of'], "L_PAGE" => $lang['Page'], "L_GOTO_PAGE" => $lang['Goto_page'])