mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-05-10 17:45:18 +02:00
Code Issues Releases Wiki Activity

Merge pull request #6549 from marc1706/ticket/15325

Browse Source 
[ticket/15325] Do not show non-local permissions for local data
This commit is contained in:
Marc Alexander 2024-05-08 17:22:15 +02:00
commit eb12d385a0
No known key found for this signature in database
GPG Key ID: 50E0D2423696F995
4 changed files with 36 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
phpBB/includes/acp/auth.php
View File

@ -95,7 +95,7 @@ class auth_admin extends \phpbb\auth\auth
} }
else else
{ {
$hold_ary = ($group_id !== false) ? $this->acl_group_raw_data($group_id, $auth_option . '%', ($scope == 'global') ? 0 : false) : $this->$acl_user_function($user_id, $auth_option . '%', ($scope == 'global') ? 0 : false); $hold_ary = ($group_id !== false) ? $this->acl_group_raw_data($group_id, $auth_option . '%') : $this->$acl_user_function($user_id, $auth_option . '%', ($scope == 'global') ? 0 : false);
} }
} }

6
phpBB/language/en/acp/permissions_phpbb.php
View File

@ -159,9 +159,9 @@ $lang = array_merge($lang, array(
'ACL_M_MERGE' => 'Can merge topics', 'ACL_M_MERGE' => 'Can merge topics',
'ACL_M_INFO' => 'Can view post details', 'ACL_M_INFO' => 'Can view post details',
'ACL_M_WARN' => 'Can issue warnings<br /><em>This setting is only assigned globally. It is not forum based.</em>', // This moderator setting is only global (and not local) 'ACL_M_WARN' => 'Can issue warnings',
'ACL_M_PM_REPORT' => 'Can close and delete reports of private messages<br /><em>This setting is only assigned globally. It is not forum based.</em>', // This moderator setting is only global (and not local) 'ACL_M_PM_REPORT' => 'Can close and delete reports of private messages',
'ACL_M_BAN' => 'Can manage bans<br /><em>This setting is only assigned globally. It is not forum based.</em>', // This moderator setting is only global (and not local) 'ACL_M_BAN' => 'Can manage bans',
)); ));
// Admin Permissions // Admin Permissions

11
phpBB/phpbb/auth/auth.php
View File

@ -776,6 +776,7 @@ class auth
$sql_group = ($group_id !== false) ? ((!is_array($group_id)) ? 'group_id = ' . (int) $group_id : $db->sql_in_set('group_id', array_map('intval', $group_id))) : ''; $sql_group = ($group_id !== false) ? ((!is_array($group_id)) ? 'group_id = ' . (int) $group_id : $db->sql_in_set('group_id', array_map('intval', $group_id))) : '';
$sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? 'AND a.forum_id = ' . (int) $forum_id : 'AND ' . $db->sql_in_set('a.forum_id', array_map('intval', $forum_id))) : ''; $sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? 'AND a.forum_id = ' . (int) $forum_id : 'AND ' . $db->sql_in_set('a.forum_id', array_map('intval', $forum_id))) : '';
$sql_is_local = $forum_id !== false ? 'AND ao.is_local <> 0' : '';
$sql_opts = ''; $sql_opts = '';
$hold_ary = $sql_ary = array(); $hold_ary = $sql_ary = array();
@ -787,9 +788,10 @@ class auth
// Grab group settings - non-role specific... // Grab group settings - non-role specific...
$sql_ary[] = 'SELECT a.group_id, a.forum_id, a.auth_setting, a.auth_option_id, ao.auth_option $sql_ary[] = 'SELECT a.group_id, a.forum_id, a.auth_setting, a.auth_option_id, ao.auth_option
FROM ' . ACL_GROUPS_TABLE . ' a, ' . ACL_OPTIONS_TABLE . ' ao FROM ' . ACL_GROUPS_TABLE . ' a, ' . ACL_OPTIONS_TABLE . " ao
WHERE a.auth_role_id = 0 WHERE a.auth_role_id = 0
AND a.auth_option_id = ao.auth_option_id ' . AND a.auth_option_id = ao.auth_option_id
$sql_is_local " .
(($sql_group) ? 'AND a.' . $sql_group : '') . " (($sql_group) ? 'AND a.' . $sql_group : '') . "
$sql_forum $sql_forum
$sql_opts $sql_opts
@ -797,9 +799,10 @@ class auth
// Now grab group settings - role specific... // Now grab group settings - role specific...
$sql_ary[] = 'SELECT a.group_id, a.forum_id, r.auth_setting, r.auth_option_id, ao.auth_option $sql_ary[] = 'SELECT a.group_id, a.forum_id, r.auth_setting, r.auth_option_id, ao.auth_option
FROM ' . ACL_GROUPS_TABLE . ' a, ' . ACL_ROLES_DATA_TABLE . ' r, ' . ACL_OPTIONS_TABLE . ' ao FROM ' . ACL_GROUPS_TABLE . ' a, ' . ACL_ROLES_DATA_TABLE . ' r, ' . ACL_OPTIONS_TABLE . " ao
WHERE a.auth_role_id = r.role_id WHERE a.auth_role_id = r.role_id
AND r.auth_option_id = ao.auth_option_id ' . $sql_is_local
AND r.auth_option_id = ao.auth_option_id " .
(($sql_group) ? 'AND a.' . $sql_group : '') . " (($sql_group) ? 'AND a.' . $sql_group : '') . "
$sql_forum $sql_forum
$sql_opts $sql_opts

25
tests/functional/acp_permissions_test.php
View File

@ -124,4 +124,29 @@ class phpbb_functional_acp_permissions_test extends phpbb_functional_test_case
$auth->acl($user_data); $auth->acl($user_data);
$this->assertEquals(0, $auth->acl_get($permission)); $this->assertEquals(0, $auth->acl_get($permission));
} }
public function test_forum_permissions_misc()
{
// Open forum moderators permissions page
$crawler = self::request('GET', "adm/index.php?i=acp_permissions&icat=16&mode=setting_mod_local&sid=" . $this->sid);
// Select "Your first forum"
$form = $crawler->filter('#select_victim')->form(['forum_id' => [2]]);
$crawler = self::submit($form);
// Select "Global moderators"
$form = $crawler->filter('#add_groups')->form(['group_id' => [4]]);
$crawler = self::submit($form);
// Check that global permissions are not displayed
$this->add_lang('acp/permissions_phpbb');
$page_text = $crawler->text();
$this->assertNotContainsLang('ACL_M_BAN', $page_text);
$this->assertNotContainsLang('ACL_M_PM_REPORT', $page_text);
$this->assertNotContainsLang('ACL_M_WARN', $page_text);
// Check that other permissions exist
$this->assertContainsLang('ACL_M_EDIT', $page_text);
$this->assertContainsLang('ACL_M_MOVE', $page_text);
}
} }