mirror of
https://github.com/phpbb/phpbb.git
synced 2025-08-13 20:24:08 +02:00
implementing permission roles
- copy permissions (adding groups) - copy permissions (adding forums) - checking proper groupadd/del settings - added intro page to permissions (to give an overview and quick links) - able to select forums + subforums, single forum, all groups, all users (permission screens) - able to reset permissions (only reset input field) - fix forum deletion bug git-svn-id: file:///svn/phpbb/trunk@5574 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
@@ -38,11 +38,14 @@ class acp_permissions
|
||||
$action = (isset($_POST['psubmit'])) ? 'apply_permissions' : $action;
|
||||
|
||||
$all_forums = request_var('all_forums', 0);
|
||||
$user_id = request_var('user_id', array(0));
|
||||
$group_id = request_var('group_id', array(0));
|
||||
$subforum_id = request_var('subforum_id', 0);
|
||||
$forum_id = request_var('forum_id', array(0));
|
||||
|
||||
$username = request_var('username', array(''));
|
||||
$usernames = request_var('usernames', '');
|
||||
$user_id = request_var('user_id', array(0));
|
||||
|
||||
$group_id = request_var('group_id', array(0));
|
||||
|
||||
// Map usernames to ids and vice versa
|
||||
if ($usernames)
|
||||
@@ -62,11 +65,45 @@ class acp_permissions
|
||||
}
|
||||
unset($username);
|
||||
|
||||
// Build forum ids (of all forums are checked or subforum listing used)
|
||||
if ($all_forums)
|
||||
{
|
||||
$sql = 'SELECT forum_id
|
||||
FROM ' . FORUMS_TABLE . '
|
||||
ORDER BY left_id';
|
||||
$result = $db->sql_query($sql);
|
||||
|
||||
$forum_id = array();
|
||||
while ($row = $db->sql_fetchrow($result))
|
||||
{
|
||||
$forum_id[] = $row['forum_id'];
|
||||
}
|
||||
$db->sql_freeresult($result);
|
||||
}
|
||||
else if ($subforum_id)
|
||||
{
|
||||
$forum_id = array();
|
||||
foreach (get_forum_branch($subforum_id, 'children') as $row)
|
||||
{
|
||||
$forum_id[] = $row['forum_id'];
|
||||
}
|
||||
}
|
||||
|
||||
// Define some common variables for every mode
|
||||
$error = array();
|
||||
|
||||
$permission_scope = (strpos($mode, '_global') !== false) ? 'global' : 'local';
|
||||
|
||||
// Showing introductionary page?
|
||||
if ($mode == 'intro')
|
||||
{
|
||||
$template->assign_vars(array(
|
||||
'S_INTRO' => true)
|
||||
);
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
switch ($mode)
|
||||
{
|
||||
case 'setting_user_global':
|
||||
@@ -168,11 +205,6 @@ class acp_permissions
|
||||
'type' => $permission_type)
|
||||
);
|
||||
|
||||
if ($all_forums)
|
||||
{
|
||||
$s_hidden_fields .= build_hidden_fields(array('all_forums' => $all_forums));
|
||||
}
|
||||
|
||||
// Go through the screens/options needed and present them in correct order
|
||||
foreach ($permission_victim as $victim)
|
||||
{
|
||||
@@ -195,19 +227,28 @@ class acp_permissions
|
||||
|
||||
case 'forums':
|
||||
|
||||
if (sizeof($forum_id) || $all_forums)
|
||||
if (sizeof($forum_id))
|
||||
{
|
||||
if (sizeof($forum_id))
|
||||
{
|
||||
$this->check_existence('forum', $forum_id);
|
||||
}
|
||||
|
||||
$this->check_existence('forum', $forum_id);
|
||||
continue 2;
|
||||
}
|
||||
|
||||
$forum_list = make_forum_select(false, false, false, false, true, true);
|
||||
|
||||
// Build forum options
|
||||
$s_forum_options = '';
|
||||
foreach ($forum_list as $f_id => $f_row)
|
||||
{
|
||||
$s_forum_options .= '<option value="' . $f_id . '"' . $f_row['selected'] . '>' . $f_row['padding'] . $f_row['forum_name'] . '</option>';
|
||||
}
|
||||
|
||||
// Build subforum options
|
||||
$s_subforum_options = $this->build_subforum_options($forum_list);
|
||||
|
||||
$template->assign_vars(array(
|
||||
'S_SELECT_FORUM' => true,
|
||||
'S_FORUM_OPTIONS' => make_forum_select(false, false, false),
|
||||
'S_FORUM_OPTIONS' => $s_forum_options,
|
||||
'S_SUBFORUM_OPTIONS' => $s_subforum_options,
|
||||
'S_FORUM_ALL' => true,
|
||||
'S_FORUM_MULTIPLE' => true)
|
||||
);
|
||||
@@ -263,29 +304,33 @@ class acp_permissions
|
||||
}
|
||||
|
||||
$sql_forum_id = ($permission_scope == 'global') ? 'AND a.forum_id = 0' : ((sizeof($forum_id)) ? 'AND a.forum_id IN (' . implode(', ', $forum_id) . ')' : 'AND a.forum_id <> 0');
|
||||
$sql_permission_option = "o.auth_option LIKE '" . $db->sql_escape($permission_type) . "%'";
|
||||
$sql_permission_option = "AND o.auth_option LIKE '" . $db->sql_escape($permission_type) . "%'";
|
||||
|
||||
$sql = 'SELECT DISTINCT u.user_id, u.username
|
||||
FROM ' . USERS_TABLE . ' u, ' . ACL_USERS_TABLE . ' a, ' . ACL_OPTIONS_TABLE . " o
|
||||
WHERE $sql_permission_option
|
||||
FROM (' . USERS_TABLE . ' u, ' . ACL_USERS_TABLE . ' a, ' . ACL_OPTIONS_TABLE . ' o)
|
||||
LEFT JOIN ' . ACL_ROLES_DATA_TABLE . " r ON (a.auth_role_id = r.role_id)
|
||||
WHERE (a.auth_option_id = o.auth_option_id OR r.auth_option_id = o.auth_option_id)
|
||||
$sql_permission_option
|
||||
$sql_forum_id
|
||||
AND a.auth_option_id = o.auth_option_id
|
||||
AND u.user_id = a.user_id
|
||||
ORDER BY u.username, u.user_regdate ASC";
|
||||
$result = $db->sql_query($sql);
|
||||
|
||||
$s_defined_user_options = '';
|
||||
$defined_user_ids = array();
|
||||
while ($row = $db->sql_fetchrow($result))
|
||||
{
|
||||
$s_defined_user_options .= '<option value="' . $row['user_id'] . '">' . $row['username'] . '</option>';
|
||||
$defined_user_ids[] = $row['user_id'];
|
||||
}
|
||||
$db->sql_freeresult($result);
|
||||
|
||||
$sql = 'SELECT DISTINCT g.group_id, g.group_name, g.group_type
|
||||
FROM ' . GROUPS_TABLE . ' g, ' . ACL_GROUPS_TABLE . ' a, ' . ACL_OPTIONS_TABLE . " o
|
||||
WHERE $sql_permission_option
|
||||
FROM (' . GROUPS_TABLE . ' g, ' . ACL_GROUPS_TABLE . ' a, ' . ACL_OPTIONS_TABLE . ' o)
|
||||
LEFT JOIN ' . ACL_ROLES_DATA_TABLE . " r ON (a.auth_role_id = r.role_id)
|
||||
WHERE (a.auth_option_id = o.auth_option_id OR r.auth_option_id = o.auth_option_id)
|
||||
$sql_permission_option
|
||||
$sql_forum_id
|
||||
AND a.auth_option_id = o.auth_option_id
|
||||
AND g.group_id = a.group_id
|
||||
ORDER BY g.group_type DESC, g.group_name ASC";
|
||||
$result = $db->sql_query($sql);
|
||||
@@ -299,6 +344,22 @@ class acp_permissions
|
||||
}
|
||||
$db->sql_freeresult($result);
|
||||
|
||||
// Now we check the users... because the "all"-selection is different here (all defined users/groups)
|
||||
$all_users = (isset($_POST['all_users'])) ? true : false;
|
||||
$all_groups = (isset($_POST['all_groups'])) ? true : false;
|
||||
|
||||
if ($all_users && sizeof($defined_user_ids))
|
||||
{
|
||||
$user_id = $defined_user_ids;
|
||||
continue 2;
|
||||
}
|
||||
|
||||
if ($all_groups && sizeof($defined_group_ids))
|
||||
{
|
||||
$group_id = $defined_group_ids;
|
||||
continue 2;
|
||||
}
|
||||
|
||||
$template->assign_vars(array(
|
||||
'S_SELECT_USERGROUP' => ($victim == 'usergroup') ? true : false,
|
||||
'S_SELECT_USERGROUP_VIEW' => ($victim == 'usergroup_view') ? true : false,
|
||||
@@ -346,12 +407,6 @@ class acp_permissions
|
||||
return;
|
||||
}
|
||||
|
||||
// Set to all forums if selected
|
||||
if ($permission_scope == 'local' && $all_forums)
|
||||
{
|
||||
$forum_id = array();
|
||||
}
|
||||
|
||||
// Do not allow forum_ids being set and no other setting defined (will bog down the server too much)
|
||||
if (sizeof($forum_id) && !sizeof($user_id) && !sizeof($group_id))
|
||||
{
|
||||
@@ -386,6 +441,45 @@ class acp_permissions
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Build +subforum options
|
||||
*/
|
||||
function build_subforum_options($forum_list)
|
||||
{
|
||||
global $user;
|
||||
|
||||
$s_options = '';
|
||||
|
||||
$forum_list = array_merge($forum_list);
|
||||
|
||||
foreach ($forum_list as $key => $row)
|
||||
{
|
||||
$s_options .= '<option value="' . $row['forum_id'] . '"' . $row['selected'] . '>' . $row['padding'] . $row['forum_name'];
|
||||
|
||||
// We check if a branch is there...
|
||||
$branch_there = false;
|
||||
|
||||
foreach (array_slice($forum_list, $key + 1) as $temp_row)
|
||||
{
|
||||
if ($temp_row['left_id'] > $row['left_id'] && $temp_row['left_id'] < $row['right_id'])
|
||||
{
|
||||
$branch_there = true;
|
||||
break;
|
||||
}
|
||||
continue;
|
||||
}
|
||||
|
||||
if ($branch_there)
|
||||
{
|
||||
$s_options .= ' [' . $user->lang['PLUS_SUBFORUMS'] . ']';
|
||||
}
|
||||
|
||||
$s_options .= '</option>';
|
||||
}
|
||||
|
||||
return $s_options;
|
||||
}
|
||||
|
||||
/**
|
||||
* Build dropdown field for changing permission types
|
||||
*/
|
||||
@@ -476,9 +570,12 @@ class acp_permissions
|
||||
|
||||
$auth_settings = array_map('intval', $_POST['setting'][$ug_id][$forum_id]);
|
||||
|
||||
// Do the admin want to set these permissions to other forums too?
|
||||
// Do we have a role we want to set?
|
||||
$assigned_role = (isset($_POST['role'][$ug_id][$forum_id])) ? (int) $_POST['role'][$ug_id][$forum_id] : 0;
|
||||
|
||||
// Do the admin want to set these permissions to other items too?
|
||||
$inherit = request_var('inherit', array(0));
|
||||
|
||||
|
||||
$ug_id = array($ug_id);
|
||||
$forum_id = array($forum_id);
|
||||
|
||||
@@ -499,8 +596,17 @@ class acp_permissions
|
||||
|
||||
$forum_id = array_unique($forum_id);
|
||||
|
||||
// If the auth settings differ from the assigned role, then do not set a role...
|
||||
if ($assigned_role)
|
||||
{
|
||||
if (!$this->check_assigned_role($assigned_role, $auth_settings))
|
||||
{
|
||||
$assigned_role = 0;
|
||||
}
|
||||
}
|
||||
|
||||
// Update the permission set...
|
||||
$auth_admin->acl_set($ug_type, $forum_id, $ug_id, $auth_settings);
|
||||
$auth_admin->acl_set($ug_type, $forum_id, $ug_id, $auth_settings, $assigned_role);
|
||||
|
||||
// Do we need to recache the moderator lists?
|
||||
if ($permission_type == 'm_')
|
||||
@@ -549,8 +655,20 @@ class acp_permissions
|
||||
$forum_id = (int) $forum_id;
|
||||
$forum_ids[] = $forum_id;
|
||||
|
||||
// Check role...
|
||||
$assigned_role = (isset($_POST['role'][$ug_id][$forum_id])) ? (int) $_POST['role'][$ug_id][$forum_id] : 0;
|
||||
|
||||
// If the auth settings differ from the assigned role, then do not set a role...
|
||||
if ($assigned_role)
|
||||
{
|
||||
if (!$this->check_assigned_role($assigned_role, $auth_options))
|
||||
{
|
||||
$assigned_role = 0;
|
||||
}
|
||||
}
|
||||
|
||||
// Update the permission set...
|
||||
$auth_admin->acl_set($ug_type, $forum_id, $ug_id, $auth_options);
|
||||
$auth_admin->acl_set($ug_type, $forum_id, $ug_id, $auth_options, $assigned_role);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -571,6 +689,44 @@ class acp_permissions
|
||||
trigger_error($user->lang['AUTH_UPDATED'] . adm_back_link($this->u_action));
|
||||
}
|
||||
|
||||
/**
|
||||
* Compare auth settings with auth settings from role
|
||||
* returns false if they differ, true if they are equal
|
||||
*/
|
||||
function check_assigned_role($role_id, &$auth_settings)
|
||||
{
|
||||
global $db;
|
||||
|
||||
$sql = 'SELECT o.auth_option, r.auth_setting
|
||||
FROM ' . ACL_OPTIONS_TABLE . ' o, ' . ACL_ROLES_DATA_TABLE . ' r
|
||||
WHERE o.auth_option_id = r.auth_option_id
|
||||
AND r.role_id = ' . $role_id;
|
||||
$result = $db->sql_query($sql);
|
||||
|
||||
$test_auth_settings = array();
|
||||
while ($row = $db->sql_fetchrow($result))
|
||||
{
|
||||
$test_auth_settings[$row['auth_option']] = $row['auth_setting'];
|
||||
}
|
||||
$db->sql_freeresult($result);
|
||||
|
||||
// We need to add any ACL_UNSET setting from auth_settings to compare correctly
|
||||
foreach ($auth_settings as $option => $setting)
|
||||
{
|
||||
if ($setting == ACL_UNSET)
|
||||
{
|
||||
$test_auth_settings[$option] = $setting;
|
||||
}
|
||||
}
|
||||
|
||||
if (sizeof(array_diff_assoc($auth_settings, $test_auth_settings)))
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
* Remove permissions
|
||||
*/
|
||||
@@ -708,6 +864,8 @@ class acp_permissions_info
|
||||
'title' => 'ACP_PERMISSIONS',
|
||||
'version' => '1.0.0',
|
||||
'modes' => array(
|
||||
'intro' => array('title' => 'ACP_PERMISSIONS', 'auth' => 'acl_a_authusers || acl_a_authgroups || acl_a_viewauth'),
|
||||
|
||||
'setting_user_global' => array('title' => 'ACP_USERS_PERMISSIONS', 'auth' => 'acl_a_authusers && (acl_a_aauth || acl_a_mauth || acl_a_uauth)'),
|
||||
'setting_user_local' => array('title' => 'ACP_USERS_FORUM_PERMISSIONS', 'auth' => 'acl_a_authusers && (acl_a_mauth || acl_a_fauth)'),
|
||||
'setting_group_global' => array('title' => 'ACP_GROUPS_PERMISSIONS', 'auth' => 'acl_a_authgroups && (acl_a_aauth || acl_a_mauth || acl_a_uauth)'),
|
||||
|
Reference in New Issue
Block a user