From 6c45c1ff6bbdb4d000c804e7e2d4ba36c30c0fdc Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Mon, 25 Sep 2023 22:04:02 +0200 Subject: [PATCH 1/4] [ticket/15325] Do not show non-local permissions for local data PHPBB3-15325 --- phpBB/includes/acp/auth.php | 2 +- phpBB/phpbb/auth/auth.php | 11 +++++++---- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/phpBB/includes/acp/auth.php b/phpBB/includes/acp/auth.php index efe0f0e5d1..8506289655 100644 --- a/phpBB/includes/acp/auth.php +++ b/phpBB/includes/acp/auth.php @@ -95,7 +95,7 @@ class auth_admin extends \phpbb\auth\auth } else { - $hold_ary = ($group_id !== false) ? $this->acl_group_raw_data($group_id, $auth_option . '%', ($scope == 'global') ? 0 : false) : $this->$acl_user_function($user_id, $auth_option . '%', ($scope == 'global') ? 0 : false); + $hold_ary = ($group_id !== false) ? $this->acl_group_raw_data($group_id, $auth_option . '%') : $this->$acl_user_function($user_id, $auth_option . '%', ($scope == 'global') ? 0 : false); } } diff --git a/phpBB/phpbb/auth/auth.php b/phpBB/phpbb/auth/auth.php index 55917ea967..7e866bc20c 100644 --- a/phpBB/phpbb/auth/auth.php +++ b/phpBB/phpbb/auth/auth.php @@ -776,6 +776,7 @@ class auth $sql_group = ($group_id !== false) ? ((!is_array($group_id)) ? 'group_id = ' . (int) $group_id : $db->sql_in_set('group_id', array_map('intval', $group_id))) : ''; $sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? 'AND a.forum_id = ' . (int) $forum_id : 'AND ' . $db->sql_in_set('a.forum_id', array_map('intval', $forum_id))) : ''; + $is_local = $forum_id !== false ? 'AND ao.is_local <> 0' : ''; $sql_opts = ''; $hold_ary = $sql_ary = array(); @@ -787,9 +788,10 @@ class auth // Grab group settings - non-role specific... $sql_ary[] = 'SELECT a.group_id, a.forum_id, a.auth_setting, a.auth_option_id, ao.auth_option - FROM ' . ACL_GROUPS_TABLE . ' a, ' . ACL_OPTIONS_TABLE . ' ao + FROM ' . ACL_GROUPS_TABLE . ' a, ' . ACL_OPTIONS_TABLE . " ao WHERE a.auth_role_id = 0 - AND a.auth_option_id = ao.auth_option_id ' . + AND a.auth_option_id = ao.auth_option_id + $is_local " . (($sql_group) ? 'AND a.' . $sql_group : '') . " $sql_forum $sql_opts @@ -797,9 +799,10 @@ class auth // Now grab group settings - role specific... $sql_ary[] = 'SELECT a.group_id, a.forum_id, r.auth_setting, r.auth_option_id, ao.auth_option - FROM ' . ACL_GROUPS_TABLE . ' a, ' . ACL_ROLES_DATA_TABLE . ' r, ' . ACL_OPTIONS_TABLE . ' ao + FROM ' . ACL_GROUPS_TABLE . ' a, ' . ACL_ROLES_DATA_TABLE . ' r, ' . ACL_OPTIONS_TABLE . " ao WHERE a.auth_role_id = r.role_id - AND r.auth_option_id = ao.auth_option_id ' . + $is_local + AND r.auth_option_id = ao.auth_option_id " . (($sql_group) ? 'AND a.' . $sql_group : '') . " $sql_forum $sql_opts From 8dd6b5373dcde42c881a0c88821a04f3428b41af Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Tue, 23 Apr 2024 21:33:09 +0200 Subject: [PATCH 2/4] [ticket/15325] Add test for displayed permissions PHPBB3-15325 --- tests/functional/acp_permissions_test.php | 25 +++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/tests/functional/acp_permissions_test.php b/tests/functional/acp_permissions_test.php index ddd519506f..92980dbfd7 100644 --- a/tests/functional/acp_permissions_test.php +++ b/tests/functional/acp_permissions_test.php @@ -124,4 +124,29 @@ class phpbb_functional_acp_permissions_test extends phpbb_functional_test_case $auth->acl($user_data); $this->assertEquals(0, $auth->acl_get($permission)); } + + public function test_forum_permissions_misc() + { + // Open forum moderators permissions page + $crawler = self::request('GET', "adm/index.php?i=acp_permissions&icat=16&mode=setting_mod_local&sid=" . $this->sid); + + // Select "Your first forum" + $form = $crawler->filter('#select_victim')->form(['forum_id' => [2]]); + $crawler = self::submit($form); + + // Select "Global moderators" + $form = $crawler->filter('#add_groups')->form(['group_id' => [4]]); + $crawler = self::submit($form); + + // Check that global permissions are not displayed + $this->add_lang('acp/permissions_phpbb'); + $page_text = $crawler->text(); + $this->assertNotContainsLang('ACL_M_BAN', $page_text); + $this->assertNotContainsLang('ACL_M_PM_REPORT', $page_text); + $this->assertNotContainsLang('ACL_M_WARN', $page_text); + + // Check that other permissions exist + $this->assertContainsLang('ACL_M_EDIT', $page_text); + $this->assertContainsLang('ACL_M_MOVE', $page_text); + } } From 42108b5e119efb149294cde85181aeecf483dae9 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Sat, 4 May 2024 09:00:30 +0200 Subject: [PATCH 3/4] [ticket/15325] Remove no longer needed note about permissions being global PHPBB3-15325 --- phpBB/language/en/acp/permissions_phpbb.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/phpBB/language/en/acp/permissions_phpbb.php b/phpBB/language/en/acp/permissions_phpbb.php index ab8939932b..cd84dc1e96 100644 --- a/phpBB/language/en/acp/permissions_phpbb.php +++ b/phpBB/language/en/acp/permissions_phpbb.php @@ -159,9 +159,9 @@ $lang = array_merge($lang, array( 'ACL_M_MERGE' => 'Can merge topics', 'ACL_M_INFO' => 'Can view post details', - 'ACL_M_WARN' => 'Can issue warnings
This setting is only assigned globally. It is not forum based.', // This moderator setting is only global (and not local) - 'ACL_M_PM_REPORT' => 'Can close and delete reports of private messages
This setting is only assigned globally. It is not forum based.', // This moderator setting is only global (and not local) - 'ACL_M_BAN' => 'Can manage bans
This setting is only assigned globally. It is not forum based.', // This moderator setting is only global (and not local) + 'ACL_M_WARN' => 'Can issue warnings', + 'ACL_M_PM_REPORT' => 'Can close and delete reports of private messages', + 'ACL_M_BAN' => 'Can manage bans', )); // Admin Permissions From 76ab83893b0263aee236778a7bde49e1a4926214 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Mon, 6 May 2024 20:06:10 +0200 Subject: [PATCH 4/4] [ticket/15325] Rename variable for sql is local exclude PHPBB3-15325 --- phpBB/phpbb/auth/auth.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/phpBB/phpbb/auth/auth.php b/phpBB/phpbb/auth/auth.php index 7e866bc20c..208b2aff75 100644 --- a/phpBB/phpbb/auth/auth.php +++ b/phpBB/phpbb/auth/auth.php @@ -776,7 +776,7 @@ class auth $sql_group = ($group_id !== false) ? ((!is_array($group_id)) ? 'group_id = ' . (int) $group_id : $db->sql_in_set('group_id', array_map('intval', $group_id))) : ''; $sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? 'AND a.forum_id = ' . (int) $forum_id : 'AND ' . $db->sql_in_set('a.forum_id', array_map('intval', $forum_id))) : ''; - $is_local = $forum_id !== false ? 'AND ao.is_local <> 0' : ''; + $sql_is_local = $forum_id !== false ? 'AND ao.is_local <> 0' : ''; $sql_opts = ''; $hold_ary = $sql_ary = array(); @@ -791,7 +791,7 @@ class auth FROM ' . ACL_GROUPS_TABLE . ' a, ' . ACL_OPTIONS_TABLE . " ao WHERE a.auth_role_id = 0 AND a.auth_option_id = ao.auth_option_id - $is_local " . + $sql_is_local " . (($sql_group) ? 'AND a.' . $sql_group : '') . " $sql_forum $sql_opts @@ -801,7 +801,7 @@ class auth $sql_ary[] = 'SELECT a.group_id, a.forum_id, r.auth_setting, r.auth_option_id, ao.auth_option FROM ' . ACL_GROUPS_TABLE . ' a, ' . ACL_ROLES_DATA_TABLE . ' r, ' . ACL_OPTIONS_TABLE . " ao WHERE a.auth_role_id = r.role_id - $is_local + $sql_is_local AND r.auth_option_id = ao.auth_option_id " . (($sql_group) ? 'AND a.' . $sql_group : '') . " $sql_forum