source: trunk/forum/includes/acp/acp_permission_roles.php

Last change on this file was 400, checked in by george, 17 years ago
  • Přidáno: Nové forum phpBB 3.
File size: 16.3 KB
Line 
1<?php
2/**
3*
4* @package acp
5* @version $Id: acp_permission_roles.php 8479 2008-03-29 00:22:48Z naderman $
6* @copyright (c) 2005 phpBB Group
7* @license http://opensource.org/licenses/gpl-license.php GNU Public License
8*
9*/
10
11/**
12* @ignore
13*/
14if (!defined('IN_PHPBB'))
15{
16 exit;
17}
18
19/**
20* @package acp
21*/
22class acp_permission_roles
23{
24 var $u_action;
25
26 function main($id, $mode)
27 {
28 global $db, $user, $auth, $template, $cache;
29 global $config, $phpbb_root_path, $phpbb_admin_path, $phpEx;
30
31 include_once($phpbb_root_path . 'includes/functions_user.' . $phpEx);
32 include_once($phpbb_root_path . 'includes/acp/auth.' . $phpEx);
33
34 $auth_admin = new auth_admin();
35
36 $user->add_lang('acp/permissions');
37 add_permission_language();
38
39 $this->tpl_name = 'acp_permission_roles';
40
41 $submit = (isset($_POST['submit'])) ? true : false;
42 $role_id = request_var('role_id', 0);
43 $action = request_var('action', '');
44 $action = (isset($_POST['add'])) ? 'add' : $action;
45
46 $form_name = 'acp_permissions';
47 add_form_key($form_name);
48
49 switch ($mode)
50 {
51 case 'admin_roles':
52 $permission_type = 'a_';
53 $this->page_title = 'ACP_ADMIN_ROLES';
54 break;
55
56 case 'user_roles':
57 $permission_type = 'u_';
58 $this->page_title = 'ACP_USER_ROLES';
59 break;
60
61 case 'mod_roles':
62 $permission_type = 'm_';
63 $this->page_title = 'ACP_MOD_ROLES';
64 break;
65
66 case 'forum_roles':
67 $permission_type = 'f_';
68 $this->page_title = 'ACP_FORUM_ROLES';
69 break;
70
71 default:
72 trigger_error('NO_MODE', E_USER_ERROR);
73 break;
74 }
75
76 $template->assign_vars(array(
77 'L_TITLE' => $user->lang[$this->page_title],
78 'L_EXPLAIN' => $user->lang[$this->page_title . '_EXPLAIN'])
79 );
80
81 // Take action... admin submitted something
82 if ($submit || $action == 'remove')
83 {
84 switch ($action)
85 {
86 case 'remove':
87
88 if (!$role_id)
89 {
90 trigger_error($user->lang['NO_ROLE_SELECTED'] . adm_back_link($this->u_action), E_USER_WARNING);
91 }
92
93 $sql = 'SELECT *
94 FROM ' . ACL_ROLES_TABLE . '
95 WHERE role_id = ' . $role_id;
96 $result = $db->sql_query($sql);
97 $role_row = $db->sql_fetchrow($result);
98 $db->sql_freeresult($result);
99
100 if (!$role_row)
101 {
102 trigger_error($user->lang['NO_ROLE_SELECTED'] . adm_back_link($this->u_action), E_USER_WARNING);
103 }
104
105 if (confirm_box(true))
106 {
107 $this->remove_role($role_id, $permission_type);
108
109 $role_name = (!empty($user->lang[$role_row['role_name']])) ? $user->lang[$role_row['role_name']] : $role_row['role_name'];
110 add_log('admin', 'LOG_' . strtoupper($permission_type) . 'ROLE_REMOVED', $role_name);
111 trigger_error($user->lang['ROLE_DELETED'] . adm_back_link($this->u_action));
112 }
113 else
114 {
115 confirm_box(false, 'DELETE_ROLE', build_hidden_fields(array(
116 'i' => $id,
117 'mode' => $mode,
118 'role_id' => $role_id,
119 'action' => $action,
120 )));
121 }
122
123 break;
124
125 case 'edit':
126 if (!$role_id)
127 {
128 trigger_error($user->lang['NO_ROLE_SELECTED'] . adm_back_link($this->u_action), E_USER_WARNING);
129 }
130
131 // Get role we edit
132 $sql = 'SELECT *
133 FROM ' . ACL_ROLES_TABLE . '
134 WHERE role_id = ' . $role_id;
135 $result = $db->sql_query($sql);
136 $role_row = $db->sql_fetchrow($result);
137 $db->sql_freeresult($result);
138
139 if (!$role_row)
140 {
141 trigger_error($user->lang['NO_ROLE_SELECTED'] . adm_back_link($this->u_action), E_USER_WARNING);
142 }
143
144 // no break;
145
146 case 'add':
147
148 if (!check_form_key($form_name))
149 {
150 trigger_error($user->lang['FORM_INVALID']. adm_back_link($this->u_action), E_USER_WARNING);
151 }
152
153 $role_name = utf8_normalize_nfc(request_var('role_name', '', true));
154 $role_description = utf8_normalize_nfc(request_var('role_description', '', true));
155 $auth_settings = request_var('setting', array('' => 0));
156
157 if (!$role_name)
158 {
159 trigger_error($user->lang['NO_ROLE_NAME_SPECIFIED'] . adm_back_link($this->u_action), E_USER_WARNING);
160 }
161
162 if (utf8_strlen($role_description) > 4000)
163 {
164 trigger_error($user->lang['ROLE_DESCRIPTION_LONG'] . adm_back_link($this->u_action), E_USER_WARNING);
165 }
166
167 // if we add/edit a role we check the name to be unique among the settings...
168 $sql = 'SELECT role_id
169 FROM ' . ACL_ROLES_TABLE . "
170 WHERE role_type = '" . $db->sql_escape($permission_type) . "'
171 AND role_name = '" . $db->sql_escape($role_name) . "'";
172 $result = $db->sql_query($sql);
173 $row = $db->sql_fetchrow($result);
174 $db->sql_freeresult($result);
175
176 // Make sure we only print out the error if we add the role or change it's name
177 if ($row && ($mode == 'add' || ($mode == 'edit' && $role_row['role_name'] != $role_name)))
178 {
179 trigger_error(sprintf($user->lang['ROLE_NAME_ALREADY_EXIST'], $role_name) . adm_back_link($this->u_action), E_USER_WARNING);
180 }
181
182 $sql_ary = array(
183 'role_name' => (string) $role_name,
184 'role_description' => (string) $role_description,
185 'role_type' => (string) $permission_type,
186 );
187
188 if ($action == 'edit')
189 {
190 $sql = 'UPDATE ' . ACL_ROLES_TABLE . '
191 SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
192 WHERE role_id = ' . $role_id;
193 $db->sql_query($sql);
194 }
195 else
196 {
197 // Get maximum role order for inserting a new role...
198 $sql = 'SELECT MAX(role_order) as max_order
199 FROM ' . ACL_ROLES_TABLE . "
200 WHERE role_type = '" . $db->sql_escape($permission_type) . "'";
201 $result = $db->sql_query($sql);
202 $max_order = (int) $db->sql_fetchfield('max_order');
203 $db->sql_freeresult($result);
204
205 $sql_ary['role_order'] = $max_order + 1;
206
207 $sql = 'INSERT INTO ' . ACL_ROLES_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary);
208 $db->sql_query($sql);
209
210 $role_id = $db->sql_nextid();
211 }
212
213 // Now add the auth settings
214 $auth_admin->acl_set_role($role_id, $auth_settings);
215
216 $role_name = (!empty($user->lang[$role_name])) ? $user->lang[$role_name] : $role_name;
217 add_log('admin', 'LOG_' . strtoupper($permission_type) . 'ROLE_' . strtoupper($action), $role_name);
218
219 trigger_error($user->lang['ROLE_' . strtoupper($action) . '_SUCCESS'] . adm_back_link($this->u_action));
220
221 break;
222 }
223 }
224
225 // Display screens
226 switch ($action)
227 {
228 case 'add':
229
230 $options_from = request_var('options_from', 0);
231
232 $role_row = array(
233 'role_name' => utf8_normalize_nfc(request_var('role_name', '', true)),
234 'role_description' => utf8_normalize_nfc(request_var('role_description', '', true)),
235 'role_type' => $permission_type,
236 );
237
238 if ($options_from)
239 {
240 $sql = 'SELECT p.auth_option_id, p.auth_setting, o.auth_option
241 FROM ' . ACL_ROLES_DATA_TABLE . ' p, ' . ACL_OPTIONS_TABLE . ' o
242 WHERE o.auth_option_id = p.auth_option_id
243 AND p.role_id = ' . $options_from . '
244 ORDER BY p.auth_option_id';
245 $result = $db->sql_query($sql);
246
247 $auth_options = array();
248 while ($row = $db->sql_fetchrow($result))
249 {
250 $auth_options[$row['auth_option']] = $row['auth_setting'];
251 }
252 $db->sql_freeresult($result);
253 }
254 else
255 {
256 $sql = 'SELECT auth_option_id, auth_option
257 FROM ' . ACL_OPTIONS_TABLE . "
258 WHERE auth_option " . $db->sql_like_expression($permission_type . $db->any_char) . "
259 AND auth_option <> '{$permission_type}'
260 ORDER BY auth_option_id";
261 $result = $db->sql_query($sql);
262
263 $auth_options = array();
264 while ($row = $db->sql_fetchrow($result))
265 {
266 $auth_options[$row['auth_option']] = ACL_NO;
267 }
268 $db->sql_freeresult($result);
269 }
270
271 // no break;
272
273 case 'edit':
274
275 if ($action == 'edit')
276 {
277 if (!$role_id)
278 {
279 trigger_error($user->lang['NO_ROLE_SELECTED'] . adm_back_link($this->u_action), E_USER_WARNING);
280 }
281
282 $sql = 'SELECT *
283 FROM ' . ACL_ROLES_TABLE . '
284 WHERE role_id = ' . $role_id;
285 $result = $db->sql_query($sql);
286 $role_row = $db->sql_fetchrow($result);
287 $db->sql_freeresult($result);
288
289 $sql = 'SELECT p.auth_option_id, p.auth_setting, o.auth_option
290 FROM ' . ACL_ROLES_DATA_TABLE . ' p, ' . ACL_OPTIONS_TABLE . ' o
291 WHERE o.auth_option_id = p.auth_option_id
292 AND p.role_id = ' . $role_id . '
293 ORDER BY p.auth_option_id';
294 $result = $db->sql_query($sql);
295
296 $auth_options = array();
297 while ($row = $db->sql_fetchrow($result))
298 {
299 $auth_options[$row['auth_option']] = $row['auth_setting'];
300 }
301 $db->sql_freeresult($result);
302 }
303
304 if (!$role_row)
305 {
306 trigger_error($user->lang['NO_ROLE_SELECTED'] . adm_back_link($this->u_action), E_USER_WARNING);
307 }
308
309 $template->assign_vars(array(
310 'S_EDIT' => true,
311
312 'U_ACTION' => $this->u_action . "&amp;action={$action}&amp;role_id={$role_id}",
313 'U_BACK' => $this->u_action,
314
315 'ROLE_NAME' => $role_row['role_name'],
316 'ROLE_DESCRIPTION' => $role_row['role_description'],
317 'L_ACL_TYPE' => $user->lang['ACL_TYPE_' . strtoupper($permission_type)],
318 )
319 );
320
321 // We need to fill the auth options array with ACL_NO options ;)
322 $sql = 'SELECT auth_option_id, auth_option
323 FROM ' . ACL_OPTIONS_TABLE . "
324 WHERE auth_option " . $db->sql_like_expression($permission_type . $db->any_char) . "
325 AND auth_option <> '{$permission_type}'
326 ORDER BY auth_option_id";
327 $result = $db->sql_query($sql);
328
329 while ($row = $db->sql_fetchrow($result))
330 {
331 if (!isset($auth_options[$row['auth_option']]))
332 {
333 $auth_options[$row['auth_option']] = ACL_NO;
334 }
335 }
336 $db->sql_freeresult($result);
337
338 // Unset global permission option
339 unset($auth_options[$permission_type]);
340
341 // Display auth options
342 $this->display_auth_options($auth_options);
343
344 // Get users/groups/forums using this preset...
345 if ($action == 'edit')
346 {
347 $hold_ary = $auth_admin->get_role_mask($role_id);
348
349 if (sizeof($hold_ary))
350 {
351 $role_name = (!empty($user->lang[$role_row['role_name']])) ? $user->lang[$role_row['role_name']] : $role_row['role_name'];
352
353 $template->assign_vars(array(
354 'S_DISPLAY_ROLE_MASK' => true,
355 'L_ROLE_ASSIGNED_TO' => sprintf($user->lang['ROLE_ASSIGNED_TO'], $role_name))
356 );
357
358 $auth_admin->display_role_mask($hold_ary);
359 }
360 }
361
362 return;
363 break;
364
365 case 'move_up':
366 case 'move_down':
367
368 $order = request_var('order', 0);
369 $order_total = $order * 2 + (($action == 'move_up') ? -1 : 1);
370
371 $sql = 'UPDATE ' . ACL_ROLES_TABLE . '
372 SET role_order = ' . $order_total . " - role_order
373 WHERE role_type = '" . $db->sql_escape($permission_type) . "'
374 AND role_order IN ($order, " . (($action == 'move_up') ? $order - 1 : $order + 1) . ')';
375 $db->sql_query($sql);
376
377 break;
378 }
379
380 // By default, check that role_order is valid and fix it if necessary
381 $sql = 'SELECT role_id, role_order
382 FROM ' . ACL_ROLES_TABLE . "
383 WHERE role_type = '" . $db->sql_escape($permission_type) . "'
384 ORDER BY role_order ASC";
385 $result = $db->sql_query($sql);
386
387 if ($row = $db->sql_fetchrow($result))
388 {
389 $order = 0;
390 do
391 {
392 $order++;
393 if ($row['role_order'] != $order)
394 {
395 $db->sql_query('UPDATE ' . ACL_ROLES_TABLE . " SET role_order = $order WHERE role_id = {$row['role_id']}");
396 }
397 }
398 while ($row = $db->sql_fetchrow($result));
399 }
400 $db->sql_freeresult($result);
401
402 // Display assigned items?
403 $display_item = request_var('display_item', 0);
404
405 // Select existing roles
406 $sql = 'SELECT *
407 FROM ' . ACL_ROLES_TABLE . "
408 WHERE role_type = '" . $db->sql_escape($permission_type) . "'
409 ORDER BY role_order ASC";
410 $result = $db->sql_query($sql);
411
412 $s_role_options = '';
413 while ($row = $db->sql_fetchrow($result))
414 {
415 $role_name = (!empty($user->lang[$row['role_name']])) ? $user->lang[$row['role_name']] : $row['role_name'];
416
417 $template->assign_block_vars('roles', array(
418 'ROLE_NAME' => $role_name,
419 'ROLE_DESCRIPTION' => (!empty($user->lang[$row['role_description']])) ? $user->lang[$row['role_description']] : nl2br($row['role_description']),
420
421 'U_EDIT' => $this->u_action . '&amp;action=edit&amp;role_id=' . $row['role_id'],
422 'U_REMOVE' => $this->u_action . '&amp;action=remove&amp;role_id=' . $row['role_id'],
423 'U_MOVE_UP' => $this->u_action . '&amp;action=move_up&amp;order=' . $row['role_order'],
424 'U_MOVE_DOWN' => $this->u_action . '&amp;action=move_down&amp;order=' . $row['role_order'],
425 'U_DISPLAY_ITEMS' => ($row['role_id'] == $display_item) ? '' : $this->u_action . '&amp;display_item=' . $row['role_id'] . '#assigned_to')
426 );
427
428 $s_role_options .= '<option value="' . $row['role_id'] . '">' . $role_name . '</option>';
429
430 if ($display_item == $row['role_id'])
431 {
432 $template->assign_vars(array(
433 'L_ROLE_ASSIGNED_TO' => sprintf($user->lang['ROLE_ASSIGNED_TO'], $role_name))
434 );
435 }
436 }
437 $db->sql_freeresult($result);
438
439 $template->assign_vars(array(
440 'S_ROLE_OPTIONS' => $s_role_options)
441 );
442
443 if ($display_item)
444 {
445 $template->assign_vars(array(
446 'S_DISPLAY_ROLE_MASK' => true)
447 );
448
449 $hold_ary = $auth_admin->get_role_mask($display_item);
450 $auth_admin->display_role_mask($hold_ary);
451 }
452 }
453
454 /**
455 * Display permission settings able to be set
456 */
457 function display_auth_options($auth_options)
458 {
459 global $template, $user;
460
461 $content_array = $categories = array();
462 $key_sort_array = array(0);
463 $auth_options = array(0 => $auth_options);
464
465 // Making use of auth_admin method here (we do not really want to change two similar code fragments)
466 auth_admin::build_permission_array($auth_options, $content_array, $categories, $key_sort_array);
467
468 $content_array = $content_array[0];
469
470 $template->assign_var('S_NUM_PERM_COLS', sizeof($categories));
471
472 // Assign to template
473 foreach ($content_array as $cat => $cat_array)
474 {
475 $template->assign_block_vars('auth', array(
476 'CAT_NAME' => $user->lang['permission_cat'][$cat],
477
478 'S_YES' => ($cat_array['S_YES'] && !$cat_array['S_NEVER'] && !$cat_array['S_NO']) ? true : false,
479 'S_NEVER' => ($cat_array['S_NEVER'] && !$cat_array['S_YES'] && !$cat_array['S_NO']) ? true : false,
480 'S_NO' => ($cat_array['S_NO'] && !$cat_array['S_NEVER'] && !$cat_array['S_YES']) ? true : false)
481 );
482
483 foreach ($cat_array['permissions'] as $permission => $allowed)
484 {
485 $template->assign_block_vars('auth.mask', array(
486 'S_YES' => ($allowed == ACL_YES) ? true : false,
487 'S_NEVER' => ($allowed == ACL_NEVER) ? true : false,
488 'S_NO' => ($allowed == ACL_NO) ? true : false,
489
490 'FIELD_NAME' => $permission,
491 'PERMISSION' => $user->lang['acl_' . $permission]['lang'])
492 );
493 }
494 }
495 }
496
497 /**
498 * Remove role
499 */
500 function remove_role($role_id, $permission_type)
501 {
502 global $db;
503
504 $auth_admin = new auth_admin();
505
506 // Get complete auth array
507 $sql = 'SELECT auth_option, auth_option_id
508 FROM ' . ACL_OPTIONS_TABLE . "
509 WHERE auth_option " . $db->sql_like_expression($permission_type . $db->any_char);
510 $result = $db->sql_query($sql);
511
512 $auth_settings = array();
513 while ($row = $db->sql_fetchrow($result))
514 {
515 $auth_settings[$row['auth_option']] = ACL_NO;
516 }
517 $db->sql_freeresult($result);
518
519 // Get the role auth settings we need to re-set...
520 $sql = 'SELECT o.auth_option, r.auth_setting
521 FROM ' . ACL_ROLES_DATA_TABLE . ' r, ' . ACL_OPTIONS_TABLE . ' o
522 WHERE o.auth_option_id = r.auth_option_id
523 AND r.role_id = ' . $role_id;
524 $result = $db->sql_query($sql);
525
526 while ($row = $db->sql_fetchrow($result))
527 {
528 $auth_settings[$row['auth_option']] = $row['auth_setting'];
529 }
530 $db->sql_freeresult($result);
531
532 // Get role assignments
533 $hold_ary = $auth_admin->get_role_mask($role_id);
534
535 // Re-assign permissions
536 foreach ($hold_ary as $forum_id => $forum_ary)
537 {
538 if (isset($forum_ary['users']))
539 {
540 $auth_admin->acl_set('user', $forum_id, $forum_ary['users'], $auth_settings, 0, false);
541 }
542
543 if (isset($forum_ary['groups']))
544 {
545 $auth_admin->acl_set('group', $forum_id, $forum_ary['groups'], $auth_settings, 0, false);
546 }
547 }
548
549 // Remove role from users and groups just to be sure (happens through acl_set)
550 $sql = 'DELETE FROM ' . ACL_USERS_TABLE . '
551 WHERE auth_role_id = ' . $role_id;
552 $db->sql_query($sql);
553
554 $sql = 'DELETE FROM ' . ACL_GROUPS_TABLE . '
555 WHERE auth_role_id = ' . $role_id;
556 $db->sql_query($sql);
557
558 // Remove role data and role
559 $sql = 'DELETE FROM ' . ACL_ROLES_DATA_TABLE . '
560 WHERE role_id = ' . $role_id;
561 $db->sql_query($sql);
562
563 $sql = 'DELETE FROM ' . ACL_ROLES_TABLE . '
564 WHERE role_id = ' . $role_id;
565 $db->sql_query($sql);
566
567 $auth_admin->acl_clear_prefetch();
568 }
569}
570
571?>
Note: See TracBrowser for help on using the repository browser.