1 | <?php
|
---|
2 | /**
|
---|
3 | *
|
---|
4 | * @package phpBB3
|
---|
5 | * @version $Id$
|
---|
6 | * @copyright (c) 2005 phpBB Group
|
---|
7 | * @license http://opensource.org/licenses/gpl-license.php GNU Public License
|
---|
8 | *
|
---|
9 | */
|
---|
10 |
|
---|
11 | /**
|
---|
12 | * @ignore
|
---|
13 | */
|
---|
14 | if (!defined('IN_PHPBB'))
|
---|
15 | {
|
---|
16 | exit;
|
---|
17 | }
|
---|
18 |
|
---|
19 | /**
|
---|
20 | * ACP Permission/Auth class
|
---|
21 | * @package phpBB3
|
---|
22 | */
|
---|
23 | class auth_admin extends auth
|
---|
24 | {
|
---|
25 | /**
|
---|
26 | * Init auth settings
|
---|
27 | */
|
---|
28 | function auth_admin()
|
---|
29 | {
|
---|
30 | global $db, $cache;
|
---|
31 |
|
---|
32 | if (($this->acl_options = $cache->get('_acl_options')) === false)
|
---|
33 | {
|
---|
34 | $sql = 'SELECT auth_option_id, auth_option, is_global, is_local
|
---|
35 | FROM ' . ACL_OPTIONS_TABLE . '
|
---|
36 | ORDER BY auth_option_id';
|
---|
37 | $result = $db->sql_query($sql);
|
---|
38 |
|
---|
39 | $global = $local = 0;
|
---|
40 | $this->acl_options = array();
|
---|
41 | while ($row = $db->sql_fetchrow($result))
|
---|
42 | {
|
---|
43 | if ($row['is_global'])
|
---|
44 | {
|
---|
45 | $this->acl_options['global'][$row['auth_option']] = $global++;
|
---|
46 | }
|
---|
47 |
|
---|
48 | if ($row['is_local'])
|
---|
49 | {
|
---|
50 | $this->acl_options['local'][$row['auth_option']] = $local++;
|
---|
51 | }
|
---|
52 |
|
---|
53 | $this->acl_options['id'][$row['auth_option']] = (int) $row['auth_option_id'];
|
---|
54 | $this->acl_options['option'][(int) $row['auth_option_id']] = $row['auth_option'];
|
---|
55 | }
|
---|
56 | $db->sql_freeresult($result);
|
---|
57 |
|
---|
58 | $cache->put('_acl_options', $this->acl_options);
|
---|
59 | }
|
---|
60 | }
|
---|
61 |
|
---|
62 | /**
|
---|
63 | * Get permission mask
|
---|
64 | * This function only supports getting permissions of one type (for example a_)
|
---|
65 | *
|
---|
66 | * @param set|view $mode defines the permissions we get, view gets effective permissions (checking user AND group permissions), set only gets the user or group permission set alone
|
---|
67 | * @param mixed $user_id user ids to search for (a user_id or a group_id has to be specified at least)
|
---|
68 | * @param mixed $group_id group ids to search for, return group related settings (a user_id or a group_id has to be specified at least)
|
---|
69 | * @param mixed $forum_id forum_ids to search for. Defining a forum id also means getting local settings
|
---|
70 | * @param string $auth_option the auth_option defines the permission setting to look for (a_ for example)
|
---|
71 | * @param local|global $scope the scope defines the permission scope. If local, a forum_id is additionally required
|
---|
72 | * @param ACL_NEVER|ACL_NO|ACL_YES $acl_fill defines the mode those permissions not set are getting filled with
|
---|
73 | */
|
---|
74 | function get_mask($mode, $user_id = false, $group_id = false, $forum_id = false, $auth_option = false, $scope = false, $acl_fill = ACL_NEVER)
|
---|
75 | {
|
---|
76 | global $db, $user;
|
---|
77 |
|
---|
78 | $hold_ary = array();
|
---|
79 | $view_user_mask = ($mode == 'view' && $group_id === false) ? true : false;
|
---|
80 |
|
---|
81 | if ($auth_option === false || $scope === false)
|
---|
82 | {
|
---|
83 | return array();
|
---|
84 | }
|
---|
85 |
|
---|
86 | $acl_user_function = ($mode == 'set') ? 'acl_user_raw_data' : 'acl_raw_data';
|
---|
87 |
|
---|
88 | if (!$view_user_mask)
|
---|
89 | {
|
---|
90 | if ($forum_id !== false)
|
---|
91 | {
|
---|
92 | $hold_ary = ($group_id !== false) ? $this->acl_group_raw_data($group_id, $auth_option . '%', $forum_id) : $this->$acl_user_function($user_id, $auth_option . '%', $forum_id);
|
---|
93 | }
|
---|
94 | else
|
---|
95 | {
|
---|
96 | $hold_ary = ($group_id !== false) ? $this->acl_group_raw_data($group_id, $auth_option . '%', ($scope == 'global') ? 0 : false) : $this->$acl_user_function($user_id, $auth_option . '%', ($scope == 'global') ? 0 : false);
|
---|
97 | }
|
---|
98 | }
|
---|
99 |
|
---|
100 | // Make sure hold_ary is filled with every setting (prevents missing forums/users/groups)
|
---|
101 | $ug_id = ($group_id !== false) ? ((!is_array($group_id)) ? array($group_id) : $group_id) : ((!is_array($user_id)) ? array($user_id) : $user_id);
|
---|
102 | $forum_ids = ($forum_id !== false) ? ((!is_array($forum_id)) ? array($forum_id) : $forum_id) : (($scope == 'global') ? array(0) : array());
|
---|
103 |
|
---|
104 | // Only those options we need
|
---|
105 | $compare_options = array_diff(preg_replace('/^((?!' . $auth_option . ').+)|(' . $auth_option . ')$/', '', array_keys($this->acl_options[$scope])), array(''));
|
---|
106 |
|
---|
107 | // If forum_ids is false and the scope is local we actually want to have all forums within the array
|
---|
108 | if ($scope == 'local' && !sizeof($forum_ids))
|
---|
109 | {
|
---|
110 | $sql = 'SELECT forum_id
|
---|
111 | FROM ' . FORUMS_TABLE;
|
---|
112 | $result = $db->sql_query($sql, 120);
|
---|
113 |
|
---|
114 | while ($row = $db->sql_fetchrow($result))
|
---|
115 | {
|
---|
116 | $forum_ids[] = (int) $row['forum_id'];
|
---|
117 | }
|
---|
118 | $db->sql_freeresult($result);
|
---|
119 | }
|
---|
120 |
|
---|
121 | if ($view_user_mask)
|
---|
122 | {
|
---|
123 | $auth2 = null;
|
---|
124 |
|
---|
125 | $sql = 'SELECT user_id, user_permissions, user_type
|
---|
126 | FROM ' . USERS_TABLE . '
|
---|
127 | WHERE ' . $db->sql_in_set('user_id', $ug_id);
|
---|
128 | $result = $db->sql_query($sql);
|
---|
129 |
|
---|
130 | while ($userdata = $db->sql_fetchrow($result))
|
---|
131 | {
|
---|
132 | if ($user->data['user_id'] != $userdata['user_id'])
|
---|
133 | {
|
---|
134 | $auth2 = new auth();
|
---|
135 | $auth2->acl($userdata);
|
---|
136 | }
|
---|
137 | else
|
---|
138 | {
|
---|
139 | global $auth;
|
---|
140 | $auth2 = &$auth;
|
---|
141 | }
|
---|
142 |
|
---|
143 |
|
---|
144 | $hold_ary[$userdata['user_id']] = array();
|
---|
145 | foreach ($forum_ids as $f_id)
|
---|
146 | {
|
---|
147 | $hold_ary[$userdata['user_id']][$f_id] = array();
|
---|
148 | foreach ($compare_options as $option)
|
---|
149 | {
|
---|
150 | $hold_ary[$userdata['user_id']][$f_id][$option] = $auth2->acl_get($option, $f_id);
|
---|
151 | }
|
---|
152 | }
|
---|
153 | }
|
---|
154 | $db->sql_freeresult($result);
|
---|
155 |
|
---|
156 | unset($userdata);
|
---|
157 | unset($auth2);
|
---|
158 | }
|
---|
159 |
|
---|
160 | foreach ($ug_id as $_id)
|
---|
161 | {
|
---|
162 | if (!isset($hold_ary[$_id]))
|
---|
163 | {
|
---|
164 | $hold_ary[$_id] = array();
|
---|
165 | }
|
---|
166 |
|
---|
167 | foreach ($forum_ids as $f_id)
|
---|
168 | {
|
---|
169 | if (!isset($hold_ary[$_id][$f_id]))
|
---|
170 | {
|
---|
171 | $hold_ary[$_id][$f_id] = array();
|
---|
172 | }
|
---|
173 | }
|
---|
174 | }
|
---|
175 |
|
---|
176 | // Now, we need to fill the gaps with $acl_fill. ;)
|
---|
177 |
|
---|
178 | // Now switch back to keys
|
---|
179 | if (sizeof($compare_options))
|
---|
180 | {
|
---|
181 | $compare_options = array_combine($compare_options, array_fill(1, sizeof($compare_options), $acl_fill));
|
---|
182 | }
|
---|
183 |
|
---|
184 | // Defining the user-function here to save some memory
|
---|
185 | $return_acl_fill = create_function('$value', 'return ' . $acl_fill . ';');
|
---|
186 |
|
---|
187 | // Actually fill the gaps
|
---|
188 | if (sizeof($hold_ary))
|
---|
189 | {
|
---|
190 | foreach ($hold_ary as $ug_id => $row)
|
---|
191 | {
|
---|
192 | foreach ($row as $id => $options)
|
---|
193 | {
|
---|
194 | // Do not include the global auth_option
|
---|
195 | unset($options[$auth_option]);
|
---|
196 |
|
---|
197 | // Not a "fine" solution, but at all it's a 1-dimensional
|
---|
198 | // array_diff_key function filling the resulting array values with zeros
|
---|
199 | // The differences get merged into $hold_ary (all permissions having $acl_fill set)
|
---|
200 | $hold_ary[$ug_id][$id] = array_merge($options,
|
---|
201 |
|
---|
202 | array_map($return_acl_fill,
|
---|
203 | array_flip(
|
---|
204 | array_diff(
|
---|
205 | array_keys($compare_options), array_keys($options)
|
---|
206 | )
|
---|
207 | )
|
---|
208 | )
|
---|
209 | );
|
---|
210 | }
|
---|
211 | }
|
---|
212 | }
|
---|
213 | else
|
---|
214 | {
|
---|
215 | $hold_ary[($group_id !== false) ? $group_id : $user_id][(int) $forum_id] = $compare_options;
|
---|
216 | }
|
---|
217 |
|
---|
218 | return $hold_ary;
|
---|
219 | }
|
---|
220 |
|
---|
221 | /**
|
---|
222 | * Get permission mask for roles
|
---|
223 | * This function only supports getting masks for one role
|
---|
224 | */
|
---|
225 | function get_role_mask($role_id)
|
---|
226 | {
|
---|
227 | global $db;
|
---|
228 |
|
---|
229 | $hold_ary = array();
|
---|
230 |
|
---|
231 | // Get users having this role set...
|
---|
232 | $sql = 'SELECT user_id, forum_id
|
---|
233 | FROM ' . ACL_USERS_TABLE . '
|
---|
234 | WHERE auth_role_id = ' . $role_id . '
|
---|
235 | ORDER BY forum_id';
|
---|
236 | $result = $db->sql_query($sql);
|
---|
237 |
|
---|
238 | while ($row = $db->sql_fetchrow($result))
|
---|
239 | {
|
---|
240 | $hold_ary[$row['forum_id']]['users'][] = $row['user_id'];
|
---|
241 | }
|
---|
242 | $db->sql_freeresult($result);
|
---|
243 |
|
---|
244 | // Now grab groups...
|
---|
245 | $sql = 'SELECT group_id, forum_id
|
---|
246 | FROM ' . ACL_GROUPS_TABLE . '
|
---|
247 | WHERE auth_role_id = ' . $role_id . '
|
---|
248 | ORDER BY forum_id';
|
---|
249 | $result = $db->sql_query($sql);
|
---|
250 |
|
---|
251 | while ($row = $db->sql_fetchrow($result))
|
---|
252 | {
|
---|
253 | $hold_ary[$row['forum_id']]['groups'][] = $row['group_id'];
|
---|
254 | }
|
---|
255 | $db->sql_freeresult($result);
|
---|
256 |
|
---|
257 | return $hold_ary;
|
---|
258 | }
|
---|
259 |
|
---|
260 | /**
|
---|
261 | * Display permission mask (assign to template)
|
---|
262 | */
|
---|
263 | function display_mask($mode, $permission_type, &$hold_ary, $user_mode = 'user', $local = false, $group_display = true)
|
---|
264 | {
|
---|
265 | global $template, $user, $db, $phpbb_root_path, $phpEx;
|
---|
266 |
|
---|
267 | // Define names for template loops, might be able to be set
|
---|
268 | $tpl_pmask = 'p_mask';
|
---|
269 | $tpl_fmask = 'f_mask';
|
---|
270 | $tpl_category = 'category';
|
---|
271 | $tpl_mask = 'mask';
|
---|
272 |
|
---|
273 | $l_acl_type = (isset($user->lang['ACL_TYPE_' . (($local) ? 'LOCAL' : 'GLOBAL') . '_' . strtoupper($permission_type)])) ? $user->lang['ACL_TYPE_' . (($local) ? 'LOCAL' : 'GLOBAL') . '_' . strtoupper($permission_type)] : 'ACL_TYPE_' . (($local) ? 'LOCAL' : 'GLOBAL') . '_' . strtoupper($permission_type);
|
---|
274 |
|
---|
275 | // Allow trace for viewing permissions and in user mode
|
---|
276 | $show_trace = ($mode == 'view' && $user_mode == 'user') ? true : false;
|
---|
277 |
|
---|
278 | // Get names
|
---|
279 | if ($user_mode == 'user')
|
---|
280 | {
|
---|
281 | $sql = 'SELECT user_id as ug_id, username as ug_name
|
---|
282 | FROM ' . USERS_TABLE . '
|
---|
283 | WHERE ' . $db->sql_in_set('user_id', array_keys($hold_ary)) . '
|
---|
284 | ORDER BY username_clean ASC';
|
---|
285 | }
|
---|
286 | else
|
---|
287 | {
|
---|
288 | $sql = 'SELECT group_id as ug_id, group_name as ug_name, group_type
|
---|
289 | FROM ' . GROUPS_TABLE . '
|
---|
290 | WHERE ' . $db->sql_in_set('group_id', array_keys($hold_ary)) . '
|
---|
291 | ORDER BY group_type DESC, group_name ASC';
|
---|
292 | }
|
---|
293 | $result = $db->sql_query($sql);
|
---|
294 |
|
---|
295 | $ug_names_ary = array();
|
---|
296 | while ($row = $db->sql_fetchrow($result))
|
---|
297 | {
|
---|
298 | $ug_names_ary[$row['ug_id']] = ($user_mode == 'user') ? $row['ug_name'] : (($row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $row['ug_name']] : $row['ug_name']);
|
---|
299 | }
|
---|
300 | $db->sql_freeresult($result);
|
---|
301 |
|
---|
302 | // Get used forums
|
---|
303 | $forum_ids = array();
|
---|
304 | foreach ($hold_ary as $ug_id => $row)
|
---|
305 | {
|
---|
306 | $forum_ids = array_merge($forum_ids, array_keys($row));
|
---|
307 | }
|
---|
308 | $forum_ids = array_unique($forum_ids);
|
---|
309 |
|
---|
310 | $forum_names_ary = array();
|
---|
311 | if ($local)
|
---|
312 | {
|
---|
313 | $forum_names_ary = make_forum_select(false, false, true, false, false, false, true);
|
---|
314 |
|
---|
315 | // Remove the disabled ones, since we do not create an option field here...
|
---|
316 | foreach ($forum_names_ary as $key => $value)
|
---|
317 | {
|
---|
318 | if (!$value['disabled'])
|
---|
319 | {
|
---|
320 | continue;
|
---|
321 | }
|
---|
322 | unset($forum_names_ary[$key]);
|
---|
323 | }
|
---|
324 | }
|
---|
325 | else
|
---|
326 | {
|
---|
327 | $forum_names_ary[0] = $l_acl_type;
|
---|
328 | }
|
---|
329 |
|
---|
330 | // Get available roles
|
---|
331 | $sql = 'SELECT *
|
---|
332 | FROM ' . ACL_ROLES_TABLE . "
|
---|
333 | WHERE role_type = '" . $db->sql_escape($permission_type) . "'
|
---|
334 | ORDER BY role_order ASC";
|
---|
335 | $result = $db->sql_query($sql);
|
---|
336 |
|
---|
337 | $roles = array();
|
---|
338 | while ($row = $db->sql_fetchrow($result))
|
---|
339 | {
|
---|
340 | $roles[$row['role_id']] = $row;
|
---|
341 | }
|
---|
342 | $db->sql_freeresult($result);
|
---|
343 |
|
---|
344 | $cur_roles = $this->acl_role_data($user_mode, $permission_type, array_keys($hold_ary));
|
---|
345 |
|
---|
346 | // Build js roles array (role data assignments)
|
---|
347 | $s_role_js_array = '';
|
---|
348 |
|
---|
349 | if (sizeof($roles))
|
---|
350 | {
|
---|
351 | $s_role_js_array = array();
|
---|
352 |
|
---|
353 | // Make sure every role (even if empty) has its array defined
|
---|
354 | foreach ($roles as $_role_id => $null)
|
---|
355 | {
|
---|
356 | $s_role_js_array[$_role_id] = "\n" . 'role_options[' . $_role_id . '] = new Array();' . "\n";
|
---|
357 | }
|
---|
358 |
|
---|
359 | $sql = 'SELECT r.role_id, o.auth_option, r.auth_setting
|
---|
360 | FROM ' . ACL_ROLES_DATA_TABLE . ' r, ' . ACL_OPTIONS_TABLE . ' o
|
---|
361 | WHERE o.auth_option_id = r.auth_option_id
|
---|
362 | AND ' . $db->sql_in_set('r.role_id', array_keys($roles));
|
---|
363 | $result = $db->sql_query($sql);
|
---|
364 |
|
---|
365 | while ($row = $db->sql_fetchrow($result))
|
---|
366 | {
|
---|
367 | $flag = substr($row['auth_option'], 0, strpos($row['auth_option'], '_') + 1);
|
---|
368 | if ($flag == $row['auth_option'])
|
---|
369 | {
|
---|
370 | continue;
|
---|
371 | }
|
---|
372 |
|
---|
373 | $s_role_js_array[$row['role_id']] .= 'role_options[' . $row['role_id'] . '][\'' . addslashes($row['auth_option']) . '\'] = ' . $row['auth_setting'] . '; ';
|
---|
374 | }
|
---|
375 | $db->sql_freeresult($result);
|
---|
376 |
|
---|
377 | $s_role_js_array = implode('', $s_role_js_array);
|
---|
378 | }
|
---|
379 |
|
---|
380 | $template->assign_var('S_ROLE_JS_ARRAY', $s_role_js_array);
|
---|
381 | unset($s_role_js_array);
|
---|
382 |
|
---|
383 | // Now obtain memberships
|
---|
384 | $user_groups_default = $user_groups_custom = array();
|
---|
385 | if ($user_mode == 'user' && $group_display)
|
---|
386 | {
|
---|
387 | $sql = 'SELECT group_id, group_name, group_type
|
---|
388 | FROM ' . GROUPS_TABLE . '
|
---|
389 | ORDER BY group_type DESC, group_name ASC';
|
---|
390 | $result = $db->sql_query($sql);
|
---|
391 |
|
---|
392 | $groups = array();
|
---|
393 | while ($row = $db->sql_fetchrow($result))
|
---|
394 | {
|
---|
395 | $groups[$row['group_id']] = $row;
|
---|
396 | }
|
---|
397 | $db->sql_freeresult($result);
|
---|
398 |
|
---|
399 | $memberships = group_memberships(false, array_keys($hold_ary), false);
|
---|
400 |
|
---|
401 | // User is not a member of any group? Bad admin, bad bad admin...
|
---|
402 | if ($memberships)
|
---|
403 | {
|
---|
404 | foreach ($memberships as $row)
|
---|
405 | {
|
---|
406 | if ($groups[$row['group_id']]['group_type'] == GROUP_SPECIAL)
|
---|
407 | {
|
---|
408 | $user_groups_default[$row['user_id']][] = $user->lang['G_' . $groups[$row['group_id']]['group_name']];
|
---|
409 | }
|
---|
410 | else
|
---|
411 | {
|
---|
412 | $user_groups_custom[$row['user_id']][] = $groups[$row['group_id']]['group_name'];
|
---|
413 | }
|
---|
414 | }
|
---|
415 | }
|
---|
416 | unset($memberships, $groups);
|
---|
417 | }
|
---|
418 |
|
---|
419 | // If we only have one forum id to display or being in local mode and more than one user/group to display,
|
---|
420 | // we switch the complete interface to group by user/usergroup instead of grouping by forum
|
---|
421 | // To achieve this, we need to switch the array a bit
|
---|
422 | if (sizeof($forum_ids) == 1 || ($local && sizeof($ug_names_ary) > 1))
|
---|
423 | {
|
---|
424 | $hold_ary_temp = $hold_ary;
|
---|
425 | $hold_ary = array();
|
---|
426 | foreach ($hold_ary_temp as $ug_id => $row)
|
---|
427 | {
|
---|
428 | foreach ($forum_names_ary as $forum_id => $forum_row)
|
---|
429 | {
|
---|
430 | if (isset($row[$forum_id]))
|
---|
431 | {
|
---|
432 | $hold_ary[$forum_id][$ug_id] = $row[$forum_id];
|
---|
433 | }
|
---|
434 | }
|
---|
435 | }
|
---|
436 | unset($hold_ary_temp);
|
---|
437 |
|
---|
438 | foreach ($hold_ary as $forum_id => $forum_array)
|
---|
439 | {
|
---|
440 | $content_array = $categories = array();
|
---|
441 | $this->build_permission_array($hold_ary[$forum_id], $content_array, $categories, array_keys($ug_names_ary));
|
---|
442 |
|
---|
443 | $template->assign_block_vars($tpl_pmask, array(
|
---|
444 | 'NAME' => ($forum_id == 0) ? $forum_names_ary[0] : $forum_names_ary[$forum_id]['forum_name'],
|
---|
445 | 'PADDING' => ($forum_id == 0) ? '' : $forum_names_ary[$forum_id]['padding'],
|
---|
446 |
|
---|
447 | 'CATEGORIES' => implode('</th><th>', $categories),
|
---|
448 |
|
---|
449 | 'L_ACL_TYPE' => $l_acl_type,
|
---|
450 |
|
---|
451 | 'S_LOCAL' => ($local) ? true : false,
|
---|
452 | 'S_GLOBAL' => (!$local) ? true : false,
|
---|
453 | 'S_NUM_CATS' => sizeof($categories),
|
---|
454 | 'S_VIEW' => ($mode == 'view') ? true : false,
|
---|
455 | 'S_NUM_OBJECTS' => sizeof($content_array),
|
---|
456 | 'S_USER_MODE' => ($user_mode == 'user') ? true : false,
|
---|
457 | 'S_GROUP_MODE' => ($user_mode == 'group') ? true : false)
|
---|
458 | );
|
---|
459 |
|
---|
460 | @reset($content_array);
|
---|
461 | while (list($ug_id, $ug_array) = each($content_array))
|
---|
462 | {
|
---|
463 | // Build role dropdown options
|
---|
464 | $current_role_id = (isset($cur_roles[$ug_id][$forum_id])) ? $cur_roles[$ug_id][$forum_id] : 0;
|
---|
465 |
|
---|
466 | $s_role_options = '';
|
---|
467 |
|
---|
468 | @reset($roles);
|
---|
469 | while (list($role_id, $role_row) = each($roles))
|
---|
470 | {
|
---|
471 | $role_description = (!empty($user->lang[$role_row['role_description']])) ? $user->lang[$role_row['role_description']] : nl2br($role_row['role_description']);
|
---|
472 | $role_name = (!empty($user->lang[$role_row['role_name']])) ? $user->lang[$role_row['role_name']] : $role_row['role_name'];
|
---|
473 |
|
---|
474 | $title = ($role_description) ? ' title="' . $role_description . '"' : '';
|
---|
475 | $s_role_options .= '<option value="' . $role_id . '"' . (($role_id == $current_role_id) ? ' selected="selected"' : '') . $title . '>' . $role_name . '</option>';
|
---|
476 | }
|
---|
477 |
|
---|
478 | if ($s_role_options)
|
---|
479 | {
|
---|
480 | $s_role_options = '<option value="0"' . ((!$current_role_id) ? ' selected="selected"' : '') . ' title="' . htmlspecialchars($user->lang['NO_ROLE_ASSIGNED_EXPLAIN']) . '">' . $user->lang['NO_ROLE_ASSIGNED'] . '</option>' . $s_role_options;
|
---|
481 | }
|
---|
482 |
|
---|
483 | if (!$current_role_id && $mode != 'view')
|
---|
484 | {
|
---|
485 | $s_custom_permissions = false;
|
---|
486 |
|
---|
487 | foreach ($ug_array as $key => $value)
|
---|
488 | {
|
---|
489 | if ($value['S_NEVER'] || $value['S_YES'])
|
---|
490 | {
|
---|
491 | $s_custom_permissions = true;
|
---|
492 | break;
|
---|
493 | }
|
---|
494 | }
|
---|
495 | }
|
---|
496 | else
|
---|
497 | {
|
---|
498 | $s_custom_permissions = false;
|
---|
499 | }
|
---|
500 |
|
---|
501 | $template->assign_block_vars($tpl_pmask . '.' . $tpl_fmask, array(
|
---|
502 | 'NAME' => $ug_names_ary[$ug_id],
|
---|
503 | 'S_ROLE_OPTIONS' => $s_role_options,
|
---|
504 | 'UG_ID' => $ug_id,
|
---|
505 | 'S_CUSTOM' => $s_custom_permissions,
|
---|
506 | 'FORUM_ID' => $forum_id)
|
---|
507 | );
|
---|
508 |
|
---|
509 | $this->assign_cat_array($ug_array, $tpl_pmask . '.' . $tpl_fmask . '.' . $tpl_category, $tpl_mask, $ug_id, $forum_id, $show_trace, ($mode == 'view'));
|
---|
510 |
|
---|
511 | unset($content_array[$ug_id]);
|
---|
512 | }
|
---|
513 |
|
---|
514 | unset($hold_ary[$forum_id]);
|
---|
515 | }
|
---|
516 | }
|
---|
517 | else
|
---|
518 | {
|
---|
519 | foreach ($ug_names_ary as $ug_id => $ug_name)
|
---|
520 | {
|
---|
521 | if (!isset($hold_ary[$ug_id]))
|
---|
522 | {
|
---|
523 | continue;
|
---|
524 | }
|
---|
525 |
|
---|
526 | $content_array = $categories = array();
|
---|
527 | $this->build_permission_array($hold_ary[$ug_id], $content_array, $categories, array_keys($forum_names_ary));
|
---|
528 |
|
---|
529 | $template->assign_block_vars($tpl_pmask, array(
|
---|
530 | 'NAME' => $ug_name,
|
---|
531 | 'CATEGORIES' => implode('</th><th>', $categories),
|
---|
532 |
|
---|
533 | 'USER_GROUPS_DEFAULT' => ($user_mode == 'user' && isset($user_groups_default[$ug_id]) && sizeof($user_groups_default[$ug_id])) ? implode(', ', $user_groups_default[$ug_id]) : '',
|
---|
534 | 'USER_GROUPS_CUSTOM' => ($user_mode == 'user' && isset($user_groups_custom[$ug_id]) && sizeof($user_groups_custom[$ug_id])) ? implode(', ', $user_groups_custom[$ug_id]) : '',
|
---|
535 | 'L_ACL_TYPE' => $l_acl_type,
|
---|
536 |
|
---|
537 | 'S_LOCAL' => ($local) ? true : false,
|
---|
538 | 'S_GLOBAL' => (!$local) ? true : false,
|
---|
539 | 'S_NUM_CATS' => sizeof($categories),
|
---|
540 | 'S_VIEW' => ($mode == 'view') ? true : false,
|
---|
541 | 'S_NUM_OBJECTS' => sizeof($content_array),
|
---|
542 | 'S_USER_MODE' => ($user_mode == 'user') ? true : false,
|
---|
543 | 'S_GROUP_MODE' => ($user_mode == 'group') ? true : false)
|
---|
544 | );
|
---|
545 |
|
---|
546 | @reset($content_array);
|
---|
547 | while (list($forum_id, $forum_array) = each($content_array))
|
---|
548 | {
|
---|
549 | // Build role dropdown options
|
---|
550 | $current_role_id = (isset($cur_roles[$ug_id][$forum_id])) ? $cur_roles[$ug_id][$forum_id] : 0;
|
---|
551 |
|
---|
552 | $s_role_options = '';
|
---|
553 |
|
---|
554 | @reset($roles);
|
---|
555 | while (list($role_id, $role_row) = each($roles))
|
---|
556 | {
|
---|
557 | $role_description = (!empty($user->lang[$role_row['role_description']])) ? $user->lang[$role_row['role_description']] : nl2br($role_row['role_description']);
|
---|
558 | $role_name = (!empty($user->lang[$role_row['role_name']])) ? $user->lang[$role_row['role_name']] : $role_row['role_name'];
|
---|
559 |
|
---|
560 | $title = ($role_description) ? ' title="' . $role_description . '"' : '';
|
---|
561 | $s_role_options .= '<option value="' . $role_id . '"' . (($role_id == $current_role_id) ? ' selected="selected"' : '') . $title . '>' . $role_name . '</option>';
|
---|
562 | }
|
---|
563 |
|
---|
564 | if ($s_role_options)
|
---|
565 | {
|
---|
566 | $s_role_options = '<option value="0"' . ((!$current_role_id) ? ' selected="selected"' : '') . ' title="' . htmlspecialchars($user->lang['NO_ROLE_ASSIGNED_EXPLAIN']) . '">' . $user->lang['NO_ROLE_ASSIGNED'] . '</option>' . $s_role_options;
|
---|
567 | }
|
---|
568 |
|
---|
569 | if (!$current_role_id && $mode != 'view')
|
---|
570 | {
|
---|
571 | $s_custom_permissions = false;
|
---|
572 |
|
---|
573 | foreach ($forum_array as $key => $value)
|
---|
574 | {
|
---|
575 | if ($value['S_NEVER'] || $value['S_YES'])
|
---|
576 | {
|
---|
577 | $s_custom_permissions = true;
|
---|
578 | break;
|
---|
579 | }
|
---|
580 | }
|
---|
581 | }
|
---|
582 | else
|
---|
583 | {
|
---|
584 | $s_custom_permissions = false;
|
---|
585 | }
|
---|
586 |
|
---|
587 | $template->assign_block_vars($tpl_pmask . '.' . $tpl_fmask, array(
|
---|
588 | 'NAME' => ($forum_id == 0) ? $forum_names_ary[0] : $forum_names_ary[$forum_id]['forum_name'],
|
---|
589 | 'PADDING' => ($forum_id == 0) ? '' : $forum_names_ary[$forum_id]['padding'],
|
---|
590 | 'S_ROLE_OPTIONS' => $s_role_options,
|
---|
591 | 'S_CUSTOM' => $s_custom_permissions,
|
---|
592 | 'UG_ID' => $ug_id,
|
---|
593 | 'FORUM_ID' => $forum_id)
|
---|
594 | );
|
---|
595 |
|
---|
596 | $this->assign_cat_array($forum_array, $tpl_pmask . '.' . $tpl_fmask . '.' . $tpl_category, $tpl_mask, $ug_id, $forum_id, $show_trace, ($mode == 'view'));
|
---|
597 | }
|
---|
598 |
|
---|
599 | unset($hold_ary[$ug_id], $ug_names_ary[$ug_id]);
|
---|
600 | }
|
---|
601 | }
|
---|
602 | }
|
---|
603 |
|
---|
604 | /**
|
---|
605 | * Display permission mask for roles
|
---|
606 | */
|
---|
607 | function display_role_mask(&$hold_ary)
|
---|
608 | {
|
---|
609 | global $db, $template, $user, $phpbb_root_path, $phpbb_admin_path, $phpEx;
|
---|
610 |
|
---|
611 | if (!sizeof($hold_ary))
|
---|
612 | {
|
---|
613 | return;
|
---|
614 | }
|
---|
615 |
|
---|
616 | // Get forum names
|
---|
617 | $sql = 'SELECT forum_id, forum_name
|
---|
618 | FROM ' . FORUMS_TABLE . '
|
---|
619 | WHERE ' . $db->sql_in_set('forum_id', array_keys($hold_ary)) . '
|
---|
620 | ORDER BY left_id';
|
---|
621 | $result = $db->sql_query($sql);
|
---|
622 |
|
---|
623 | // If the role is used globally, then reflect that
|
---|
624 | $forum_names = (isset($hold_ary[0])) ? array(0 => '') : array();
|
---|
625 | while ($row = $db->sql_fetchrow($result))
|
---|
626 | {
|
---|
627 | $forum_names[$row['forum_id']] = $row['forum_name'];
|
---|
628 | }
|
---|
629 | $db->sql_freeresult($result);
|
---|
630 |
|
---|
631 | foreach ($forum_names as $forum_id => $forum_name)
|
---|
632 | {
|
---|
633 | $auth_ary = $hold_ary[$forum_id];
|
---|
634 |
|
---|
635 | $template->assign_block_vars('role_mask', array(
|
---|
636 | 'NAME' => ($forum_id == 0) ? $user->lang['GLOBAL_MASK'] : $forum_name,
|
---|
637 | 'FORUM_ID' => $forum_id)
|
---|
638 | );
|
---|
639 |
|
---|
640 | if (isset($auth_ary['users']) && sizeof($auth_ary['users']))
|
---|
641 | {
|
---|
642 | $sql = 'SELECT user_id, username
|
---|
643 | FROM ' . USERS_TABLE . '
|
---|
644 | WHERE ' . $db->sql_in_set('user_id', $auth_ary['users']) . '
|
---|
645 | ORDER BY username_clean ASC';
|
---|
646 | $result = $db->sql_query($sql);
|
---|
647 |
|
---|
648 | while ($row = $db->sql_fetchrow($result))
|
---|
649 | {
|
---|
650 | $template->assign_block_vars('role_mask.users', array(
|
---|
651 | 'USER_ID' => $row['user_id'],
|
---|
652 | 'USERNAME' => $row['username'],
|
---|
653 | 'U_PROFILE' => append_sid("{$phpbb_root_path}memberlist.$phpEx", "mode=viewprofile&u={$row['user_id']}"))
|
---|
654 | );
|
---|
655 | }
|
---|
656 | $db->sql_freeresult($result);
|
---|
657 | }
|
---|
658 |
|
---|
659 | if (isset($auth_ary['groups']) && sizeof($auth_ary['groups']))
|
---|
660 | {
|
---|
661 | $sql = 'SELECT group_id, group_name, group_type
|
---|
662 | FROM ' . GROUPS_TABLE . '
|
---|
663 | WHERE ' . $db->sql_in_set('group_id', $auth_ary['groups']) . '
|
---|
664 | ORDER BY group_type ASC, group_name';
|
---|
665 | $result = $db->sql_query($sql);
|
---|
666 |
|
---|
667 | while ($row = $db->sql_fetchrow($result))
|
---|
668 | {
|
---|
669 | $template->assign_block_vars('role_mask.groups', array(
|
---|
670 | 'GROUP_ID' => $row['group_id'],
|
---|
671 | 'GROUP_NAME' => ($row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $row['group_name']] : $row['group_name'],
|
---|
672 | 'U_PROFILE' => append_sid("{$phpbb_root_path}memberlist.$phpEx", "mode=group&g={$row['group_id']}"))
|
---|
673 | );
|
---|
674 | }
|
---|
675 | $db->sql_freeresult($result);
|
---|
676 | }
|
---|
677 | }
|
---|
678 | }
|
---|
679 |
|
---|
680 | /**
|
---|
681 | * NOTE: this function is not in use atm
|
---|
682 | * Add a new option to the list ... $options is a hash of form ->
|
---|
683 | * $options = array(
|
---|
684 | * 'local' => array('option1', 'option2', ...),
|
---|
685 | * 'global' => array('optionA', 'optionB', ...)
|
---|
686 | * );
|
---|
687 | */
|
---|
688 | function acl_add_option($options)
|
---|
689 | {
|
---|
690 | global $db, $cache;
|
---|
691 |
|
---|
692 | if (!is_array($options))
|
---|
693 | {
|
---|
694 | return false;
|
---|
695 | }
|
---|
696 |
|
---|
697 | $cur_options = array();
|
---|
698 |
|
---|
699 | // Determine current options
|
---|
700 | $sql = 'SELECT auth_option, is_global, is_local
|
---|
701 | FROM ' . ACL_OPTIONS_TABLE . '
|
---|
702 | ORDER BY auth_option_id';
|
---|
703 | $result = $db->sql_query($sql);
|
---|
704 |
|
---|
705 | while ($row = $db->sql_fetchrow($result))
|
---|
706 | {
|
---|
707 | $cur_options[$row['auth_option']] = ($row['is_global'] && $row['is_local']) ? 'both' : (($row['is_global']) ? 'global' : 'local');
|
---|
708 | }
|
---|
709 | $db->sql_freeresult($result);
|
---|
710 |
|
---|
711 | // Here we need to insert new options ... this requires discovering whether
|
---|
712 | // an options is global, local or both and whether we need to add an permission
|
---|
713 | // set flag (x_)
|
---|
714 | $new_options = array('local' => array(), 'global' => array());
|
---|
715 |
|
---|
716 | foreach ($options as $type => $option_ary)
|
---|
717 | {
|
---|
718 | $option_ary = array_unique($option_ary);
|
---|
719 |
|
---|
720 | foreach ($option_ary as $option_value)
|
---|
721 | {
|
---|
722 | $new_options[$type][] = $option_value;
|
---|
723 |
|
---|
724 | $flag = substr($option_value, 0, strpos($option_value, '_') + 1);
|
---|
725 |
|
---|
726 | if (!in_array($flag, $new_options[$type]))
|
---|
727 | {
|
---|
728 | $new_options[$type][] = $flag;
|
---|
729 | }
|
---|
730 | }
|
---|
731 | }
|
---|
732 | unset($options);
|
---|
733 |
|
---|
734 | $options = array();
|
---|
735 | $options['local'] = array_diff($new_options['local'], $new_options['global']);
|
---|
736 | $options['global'] = array_diff($new_options['global'], $new_options['local']);
|
---|
737 | $options['both'] = array_intersect($new_options['local'], $new_options['global']);
|
---|
738 |
|
---|
739 | // Now check which options to add/update
|
---|
740 | $add_options = $update_options = array();
|
---|
741 |
|
---|
742 | // First local ones...
|
---|
743 | foreach ($options as $type => $option_ary)
|
---|
744 | {
|
---|
745 | foreach ($option_ary as $option)
|
---|
746 | {
|
---|
747 | if (!isset($cur_options[$option]))
|
---|
748 | {
|
---|
749 | $add_options[] = array(
|
---|
750 | 'auth_option' => (string) $option,
|
---|
751 | 'is_global' => ($type == 'global' || $type == 'both') ? 1 : 0,
|
---|
752 | 'is_local' => ($type == 'local' || $type == 'both') ? 1 : 0
|
---|
753 | );
|
---|
754 |
|
---|
755 | continue;
|
---|
756 | }
|
---|
757 |
|
---|
758 | // Else, update existing entry if it is changed...
|
---|
759 | if ($type === $cur_options[$option])
|
---|
760 | {
|
---|
761 | continue;
|
---|
762 | }
|
---|
763 |
|
---|
764 | // New type is always both:
|
---|
765 | // If is now both, we set both.
|
---|
766 | // If it was global the new one is local and we need to set it to both
|
---|
767 | // If it was local the new one is global and we need to set it to both
|
---|
768 | $update_options[] = $option;
|
---|
769 | }
|
---|
770 | }
|
---|
771 |
|
---|
772 | if (!empty($add_options))
|
---|
773 | {
|
---|
774 | $db->sql_multi_insert(ACL_OPTIONS_TABLE, $add_options);
|
---|
775 | }
|
---|
776 |
|
---|
777 | if (!empty($update_options))
|
---|
778 | {
|
---|
779 | $sql = 'UPDATE ' . ACL_OPTIONS_TABLE . '
|
---|
780 | SET is_global = 1, is_local = 1
|
---|
781 | WHERE ' . $db->sql_in_set('auth_option', $update_options);
|
---|
782 | $db->sql_query($sql);
|
---|
783 | }
|
---|
784 |
|
---|
785 | $cache->destroy('_acl_options');
|
---|
786 | $this->acl_clear_prefetch();
|
---|
787 |
|
---|
788 | // Because we just changed the options and also purged the options cache, we instantly update/regenerate it for later calls to succeed.
|
---|
789 | $this->acl_options = array();
|
---|
790 | $this->auth_admin();
|
---|
791 |
|
---|
792 | return true;
|
---|
793 | }
|
---|
794 |
|
---|
795 | /**
|
---|
796 | * Set a user or group ACL record
|
---|
797 | */
|
---|
798 | function acl_set($ug_type, $forum_id, $ug_id, $auth, $role_id = 0, $clear_prefetch = true)
|
---|
799 | {
|
---|
800 | global $db;
|
---|
801 |
|
---|
802 | // One or more forums
|
---|
803 | if (!is_array($forum_id))
|
---|
804 | {
|
---|
805 | $forum_id = array($forum_id);
|
---|
806 | }
|
---|
807 |
|
---|
808 | // One or more users
|
---|
809 | if (!is_array($ug_id))
|
---|
810 | {
|
---|
811 | $ug_id = array($ug_id);
|
---|
812 | }
|
---|
813 |
|
---|
814 | $ug_id_sql = $db->sql_in_set($ug_type . '_id', array_map('intval', $ug_id));
|
---|
815 | $forum_sql = $db->sql_in_set('forum_id', array_map('intval', $forum_id));
|
---|
816 |
|
---|
817 | // Instead of updating, inserting, removing we just remove all current settings and re-set everything...
|
---|
818 | $table = ($ug_type == 'user') ? ACL_USERS_TABLE : ACL_GROUPS_TABLE;
|
---|
819 | $id_field = $ug_type . '_id';
|
---|
820 |
|
---|
821 | // Get any flags as required
|
---|
822 | reset($auth);
|
---|
823 | $flag = key($auth);
|
---|
824 | $flag = substr($flag, 0, strpos($flag, '_') + 1);
|
---|
825 |
|
---|
826 | // This ID (the any-flag) is set if one or more permissions are true...
|
---|
827 | $any_option_id = (int) $this->acl_options['id'][$flag];
|
---|
828 |
|
---|
829 | // Remove any-flag from auth ary
|
---|
830 | if (isset($auth[$flag]))
|
---|
831 | {
|
---|
832 | unset($auth[$flag]);
|
---|
833 | }
|
---|
834 |
|
---|
835 | // Remove current auth options...
|
---|
836 | $auth_option_ids = array((int)$any_option_id);
|
---|
837 | foreach ($auth as $auth_option => $auth_setting)
|
---|
838 | {
|
---|
839 | $auth_option_ids[] = (int) $this->acl_options['id'][$auth_option];
|
---|
840 | }
|
---|
841 |
|
---|
842 | $sql = "DELETE FROM $table
|
---|
843 | WHERE $forum_sql
|
---|
844 | AND $ug_id_sql
|
---|
845 | AND " . $db->sql_in_set('auth_option_id', $auth_option_ids);
|
---|
846 | $db->sql_query($sql);
|
---|
847 |
|
---|
848 | // Remove those having a role assigned... the correct type of course...
|
---|
849 | $sql = 'SELECT role_id
|
---|
850 | FROM ' . ACL_ROLES_TABLE . "
|
---|
851 | WHERE role_type = '" . $db->sql_escape($flag) . "'";
|
---|
852 | $result = $db->sql_query($sql);
|
---|
853 |
|
---|
854 | $role_ids = array();
|
---|
855 | while ($row = $db->sql_fetchrow($result))
|
---|
856 | {
|
---|
857 | $role_ids[] = $row['role_id'];
|
---|
858 | }
|
---|
859 | $db->sql_freeresult($result);
|
---|
860 |
|
---|
861 | if (sizeof($role_ids))
|
---|
862 | {
|
---|
863 | $sql = "DELETE FROM $table
|
---|
864 | WHERE $forum_sql
|
---|
865 | AND $ug_id_sql
|
---|
866 | AND auth_option_id = 0
|
---|
867 | AND " . $db->sql_in_set('auth_role_id', $role_ids);
|
---|
868 | $db->sql_query($sql);
|
---|
869 | }
|
---|
870 |
|
---|
871 | // Ok, include the any-flag if one or more auth options are set to yes...
|
---|
872 | foreach ($auth as $auth_option => $setting)
|
---|
873 | {
|
---|
874 | if ($setting == ACL_YES && (!isset($auth[$flag]) || $auth[$flag] == ACL_NEVER))
|
---|
875 | {
|
---|
876 | $auth[$flag] = ACL_YES;
|
---|
877 | }
|
---|
878 | }
|
---|
879 |
|
---|
880 | $sql_ary = array();
|
---|
881 | foreach ($forum_id as $forum)
|
---|
882 | {
|
---|
883 | $forum = (int) $forum;
|
---|
884 |
|
---|
885 | if ($role_id)
|
---|
886 | {
|
---|
887 | foreach ($ug_id as $id)
|
---|
888 | {
|
---|
889 | $sql_ary[] = array(
|
---|
890 | $id_field => (int) $id,
|
---|
891 | 'forum_id' => (int) $forum,
|
---|
892 | 'auth_option_id' => 0,
|
---|
893 | 'auth_setting' => 0,
|
---|
894 | 'auth_role_id' => (int) $role_id,
|
---|
895 | );
|
---|
896 | }
|
---|
897 | }
|
---|
898 | else
|
---|
899 | {
|
---|
900 | foreach ($auth as $auth_option => $setting)
|
---|
901 | {
|
---|
902 | $auth_option_id = (int) $this->acl_options['id'][$auth_option];
|
---|
903 |
|
---|
904 | if ($setting != ACL_NO)
|
---|
905 | {
|
---|
906 | foreach ($ug_id as $id)
|
---|
907 | {
|
---|
908 | $sql_ary[] = array(
|
---|
909 | $id_field => (int) $id,
|
---|
910 | 'forum_id' => (int) $forum,
|
---|
911 | 'auth_option_id' => (int) $auth_option_id,
|
---|
912 | 'auth_setting' => (int) $setting
|
---|
913 | );
|
---|
914 | }
|
---|
915 | }
|
---|
916 | }
|
---|
917 | }
|
---|
918 | }
|
---|
919 |
|
---|
920 | $db->sql_multi_insert($table, $sql_ary);
|
---|
921 |
|
---|
922 | if ($clear_prefetch)
|
---|
923 | {
|
---|
924 | $this->acl_clear_prefetch();
|
---|
925 | }
|
---|
926 | }
|
---|
927 |
|
---|
928 | /**
|
---|
929 | * Set a role-specific ACL record
|
---|
930 | */
|
---|
931 | function acl_set_role($role_id, $auth)
|
---|
932 | {
|
---|
933 | global $db;
|
---|
934 |
|
---|
935 | // Get any-flag as required
|
---|
936 | reset($auth);
|
---|
937 | $flag = key($auth);
|
---|
938 | $flag = substr($flag, 0, strpos($flag, '_') + 1);
|
---|
939 |
|
---|
940 | // Remove any-flag from auth ary
|
---|
941 | if (isset($auth[$flag]))
|
---|
942 | {
|
---|
943 | unset($auth[$flag]);
|
---|
944 | }
|
---|
945 |
|
---|
946 | // Re-set any flag...
|
---|
947 | foreach ($auth as $auth_option => $setting)
|
---|
948 | {
|
---|
949 | if ($setting == ACL_YES && (!isset($auth[$flag]) || $auth[$flag] == ACL_NEVER))
|
---|
950 | {
|
---|
951 | $auth[$flag] = ACL_YES;
|
---|
952 | }
|
---|
953 | }
|
---|
954 |
|
---|
955 | $sql_ary = array();
|
---|
956 | foreach ($auth as $auth_option => $setting)
|
---|
957 | {
|
---|
958 | $auth_option_id = (int) $this->acl_options['id'][$auth_option];
|
---|
959 |
|
---|
960 | if ($setting != ACL_NO)
|
---|
961 | {
|
---|
962 | $sql_ary[] = array(
|
---|
963 | 'role_id' => (int) $role_id,
|
---|
964 | 'auth_option_id' => (int) $auth_option_id,
|
---|
965 | 'auth_setting' => (int) $setting
|
---|
966 | );
|
---|
967 | }
|
---|
968 | }
|
---|
969 |
|
---|
970 | // If no data is there, we set the any-flag to ACL_NEVER...
|
---|
971 | if (!sizeof($sql_ary))
|
---|
972 | {
|
---|
973 | $sql_ary[] = array(
|
---|
974 | 'role_id' => (int) $role_id,
|
---|
975 | 'auth_option_id' => (int) $this->acl_options['id'][$flag],
|
---|
976 | 'auth_setting' => ACL_NEVER
|
---|
977 | );
|
---|
978 | }
|
---|
979 |
|
---|
980 | // Remove current auth options...
|
---|
981 | $sql = 'DELETE FROM ' . ACL_ROLES_DATA_TABLE . '
|
---|
982 | WHERE role_id = ' . $role_id;
|
---|
983 | $db->sql_query($sql);
|
---|
984 |
|
---|
985 | // Now insert the new values
|
---|
986 | $db->sql_multi_insert(ACL_ROLES_DATA_TABLE, $sql_ary);
|
---|
987 |
|
---|
988 | $this->acl_clear_prefetch();
|
---|
989 | }
|
---|
990 |
|
---|
991 | /**
|
---|
992 | * Remove local permission
|
---|
993 | */
|
---|
994 | function acl_delete($mode, $ug_id = false, $forum_id = false, $permission_type = false)
|
---|
995 | {
|
---|
996 | global $db;
|
---|
997 |
|
---|
998 | if ($ug_id === false && $forum_id === false)
|
---|
999 | {
|
---|
1000 | return;
|
---|
1001 | }
|
---|
1002 |
|
---|
1003 | $option_id_ary = array();
|
---|
1004 | $table = ($mode == 'user') ? ACL_USERS_TABLE : ACL_GROUPS_TABLE;
|
---|
1005 | $id_field = $mode . '_id';
|
---|
1006 |
|
---|
1007 | $where_sql = array();
|
---|
1008 |
|
---|
1009 | if ($forum_id !== false)
|
---|
1010 | {
|
---|
1011 | $where_sql[] = (!is_array($forum_id)) ? 'forum_id = ' . (int) $forum_id : $db->sql_in_set('forum_id', array_map('intval', $forum_id));
|
---|
1012 | }
|
---|
1013 |
|
---|
1014 | if ($ug_id !== false)
|
---|
1015 | {
|
---|
1016 | $where_sql[] = (!is_array($ug_id)) ? $id_field . ' = ' . (int) $ug_id : $db->sql_in_set($id_field, array_map('intval', $ug_id));
|
---|
1017 | }
|
---|
1018 |
|
---|
1019 | // There seem to be auth options involved, therefore we need to go through the list and make sure we capture roles correctly
|
---|
1020 | if ($permission_type !== false)
|
---|
1021 | {
|
---|
1022 | // Get permission type
|
---|
1023 | $sql = 'SELECT auth_option, auth_option_id
|
---|
1024 | FROM ' . ACL_OPTIONS_TABLE . "
|
---|
1025 | WHERE auth_option " . $db->sql_like_expression($permission_type . $db->any_char);
|
---|
1026 | $result = $db->sql_query($sql);
|
---|
1027 |
|
---|
1028 | $auth_id_ary = array();
|
---|
1029 | while ($row = $db->sql_fetchrow($result))
|
---|
1030 | {
|
---|
1031 | $option_id_ary[] = $row['auth_option_id'];
|
---|
1032 | $auth_id_ary[$row['auth_option']] = ACL_NO;
|
---|
1033 | }
|
---|
1034 | $db->sql_freeresult($result);
|
---|
1035 |
|
---|
1036 | // First of all, lets grab the items having roles with the specified auth options assigned
|
---|
1037 | $sql = "SELECT auth_role_id, $id_field, forum_id
|
---|
1038 | FROM $table, " . ACL_ROLES_TABLE . " r
|
---|
1039 | WHERE auth_role_id <> 0
|
---|
1040 | AND auth_role_id = r.role_id
|
---|
1041 | AND r.role_type = '{$permission_type}'
|
---|
1042 | AND " . implode(' AND ', $where_sql) . '
|
---|
1043 | ORDER BY auth_role_id';
|
---|
1044 | $result = $db->sql_query($sql);
|
---|
1045 |
|
---|
1046 | $cur_role_auth = array();
|
---|
1047 | while ($row = $db->sql_fetchrow($result))
|
---|
1048 | {
|
---|
1049 | $cur_role_auth[$row['auth_role_id']][$row['forum_id']][] = $row[$id_field];
|
---|
1050 | }
|
---|
1051 | $db->sql_freeresult($result);
|
---|
1052 |
|
---|
1053 | // Get role data for resetting data
|
---|
1054 | if (sizeof($cur_role_auth))
|
---|
1055 | {
|
---|
1056 | $sql = 'SELECT ao.auth_option, rd.role_id, rd.auth_setting
|
---|
1057 | FROM ' . ACL_OPTIONS_TABLE . ' ao, ' . ACL_ROLES_DATA_TABLE . ' rd
|
---|
1058 | WHERE ao.auth_option_id = rd.auth_option_id
|
---|
1059 | AND ' . $db->sql_in_set('rd.role_id', array_keys($cur_role_auth));
|
---|
1060 | $result = $db->sql_query($sql);
|
---|
1061 |
|
---|
1062 | $auth_settings = array();
|
---|
1063 | while ($row = $db->sql_fetchrow($result))
|
---|
1064 | {
|
---|
1065 | // We need to fill all auth_options, else setting it will fail...
|
---|
1066 | if (!isset($auth_settings[$row['role_id']]))
|
---|
1067 | {
|
---|
1068 | $auth_settings[$row['role_id']] = $auth_id_ary;
|
---|
1069 | }
|
---|
1070 | $auth_settings[$row['role_id']][$row['auth_option']] = $row['auth_setting'];
|
---|
1071 | }
|
---|
1072 | $db->sql_freeresult($result);
|
---|
1073 |
|
---|
1074 | // Set the options
|
---|
1075 | foreach ($cur_role_auth as $role_id => $auth_row)
|
---|
1076 | {
|
---|
1077 | foreach ($auth_row as $f_id => $ug_row)
|
---|
1078 | {
|
---|
1079 | $this->acl_set($mode, $f_id, $ug_row, $auth_settings[$role_id], 0, false);
|
---|
1080 | }
|
---|
1081 | }
|
---|
1082 | }
|
---|
1083 | }
|
---|
1084 |
|
---|
1085 | // Now, normally remove permissions...
|
---|
1086 | if ($permission_type !== false)
|
---|
1087 | {
|
---|
1088 | $where_sql[] = $db->sql_in_set('auth_option_id', array_map('intval', $option_id_ary));
|
---|
1089 | }
|
---|
1090 |
|
---|
1091 | $sql = "DELETE FROM $table
|
---|
1092 | WHERE " . implode(' AND ', $where_sql);
|
---|
1093 | $db->sql_query($sql);
|
---|
1094 |
|
---|
1095 | $this->acl_clear_prefetch();
|
---|
1096 | }
|
---|
1097 |
|
---|
1098 | /**
|
---|
1099 | * Assign category to template
|
---|
1100 | * used by display_mask()
|
---|
1101 | */
|
---|
1102 | function assign_cat_array(&$category_array, $tpl_cat, $tpl_mask, $ug_id, $forum_id, $show_trace = false, $s_view)
|
---|
1103 | {
|
---|
1104 | global $template, $user, $phpbb_admin_path, $phpEx;
|
---|
1105 |
|
---|
1106 | @reset($category_array);
|
---|
1107 | while (list($cat, $cat_array) = each($category_array))
|
---|
1108 | {
|
---|
1109 | $template->assign_block_vars($tpl_cat, array(
|
---|
1110 | 'S_YES' => ($cat_array['S_YES'] && !$cat_array['S_NEVER'] && !$cat_array['S_NO']) ? true : false,
|
---|
1111 | 'S_NEVER' => ($cat_array['S_NEVER'] && !$cat_array['S_YES'] && !$cat_array['S_NO']) ? true : false,
|
---|
1112 | 'S_NO' => ($cat_array['S_NO'] && !$cat_array['S_NEVER'] && !$cat_array['S_YES']) ? true : false,
|
---|
1113 |
|
---|
1114 | 'CAT_NAME' => $user->lang['permission_cat'][$cat])
|
---|
1115 | );
|
---|
1116 |
|
---|
1117 | /* Sort permissions by name (more naturaly and user friendly than sorting by a primary key)
|
---|
1118 | * Commented out due to it's memory consumption and time needed
|
---|
1119 | *
|
---|
1120 | $key_array = array_intersect(array_keys($user->lang), array_map(create_function('$a', 'return "acl_" . $a;'), array_keys($cat_array['permissions'])));
|
---|
1121 | $values_array = $cat_array['permissions'];
|
---|
1122 |
|
---|
1123 | $cat_array['permissions'] = array();
|
---|
1124 |
|
---|
1125 | foreach ($key_array as $key)
|
---|
1126 | {
|
---|
1127 | $key = str_replace('acl_', '', $key);
|
---|
1128 | $cat_array['permissions'][$key] = $values_array[$key];
|
---|
1129 | }
|
---|
1130 | unset($key_array, $values_array);
|
---|
1131 | */
|
---|
1132 | @reset($cat_array['permissions']);
|
---|
1133 | while (list($permission, $allowed) = each($cat_array['permissions']))
|
---|
1134 | {
|
---|
1135 | if ($s_view)
|
---|
1136 | {
|
---|
1137 | $template->assign_block_vars($tpl_cat . '.' . $tpl_mask, array(
|
---|
1138 | 'S_YES' => ($allowed == ACL_YES) ? true : false,
|
---|
1139 | 'S_NEVER' => ($allowed == ACL_NEVER) ? true : false,
|
---|
1140 |
|
---|
1141 | 'UG_ID' => $ug_id,
|
---|
1142 | 'FORUM_ID' => $forum_id,
|
---|
1143 | 'FIELD_NAME' => $permission,
|
---|
1144 | 'S_FIELD_NAME' => 'setting[' . $ug_id . '][' . $forum_id . '][' . $permission . ']',
|
---|
1145 |
|
---|
1146 | 'U_TRACE' => ($show_trace) ? append_sid("{$phpbb_admin_path}index.$phpEx", "i=permissions&mode=trace&u=$ug_id&f=$forum_id&auth=$permission") : '',
|
---|
1147 | 'UA_TRACE' => ($show_trace) ? append_sid("{$phpbb_admin_path}index.$phpEx", "i=permissions&mode=trace&u=$ug_id&f=$forum_id&auth=$permission", false) : '',
|
---|
1148 |
|
---|
1149 | 'PERMISSION' => $user->lang['acl_' . $permission]['lang'])
|
---|
1150 | );
|
---|
1151 | }
|
---|
1152 | else
|
---|
1153 | {
|
---|
1154 | $template->assign_block_vars($tpl_cat . '.' . $tpl_mask, array(
|
---|
1155 | 'S_YES' => ($allowed == ACL_YES) ? true : false,
|
---|
1156 | 'S_NEVER' => ($allowed == ACL_NEVER) ? true : false,
|
---|
1157 | 'S_NO' => ($allowed == ACL_NO) ? true : false,
|
---|
1158 |
|
---|
1159 | 'UG_ID' => $ug_id,
|
---|
1160 | 'FORUM_ID' => $forum_id,
|
---|
1161 | 'FIELD_NAME' => $permission,
|
---|
1162 | 'S_FIELD_NAME' => 'setting[' . $ug_id . '][' . $forum_id . '][' . $permission . ']',
|
---|
1163 |
|
---|
1164 | 'U_TRACE' => ($show_trace) ? append_sid("{$phpbb_admin_path}index.$phpEx", "i=permissions&mode=trace&u=$ug_id&f=$forum_id&auth=$permission") : '',
|
---|
1165 | 'UA_TRACE' => ($show_trace) ? append_sid("{$phpbb_admin_path}index.$phpEx", "i=permissions&mode=trace&u=$ug_id&f=$forum_id&auth=$permission", false) : '',
|
---|
1166 |
|
---|
1167 | 'PERMISSION' => $user->lang['acl_' . $permission]['lang'])
|
---|
1168 | );
|
---|
1169 | }
|
---|
1170 | }
|
---|
1171 | }
|
---|
1172 | }
|
---|
1173 |
|
---|
1174 | /**
|
---|
1175 | * Building content array from permission rows with explicit key ordering
|
---|
1176 | * used by display_mask()
|
---|
1177 | */
|
---|
1178 | function build_permission_array(&$permission_row, &$content_array, &$categories, $key_sort_array)
|
---|
1179 | {
|
---|
1180 | global $user;
|
---|
1181 |
|
---|
1182 | foreach ($key_sort_array as $forum_id)
|
---|
1183 | {
|
---|
1184 | if (!isset($permission_row[$forum_id]))
|
---|
1185 | {
|
---|
1186 | continue;
|
---|
1187 | }
|
---|
1188 |
|
---|
1189 | $permissions = $permission_row[$forum_id];
|
---|
1190 | ksort($permissions);
|
---|
1191 |
|
---|
1192 | @reset($permissions);
|
---|
1193 | while (list($permission, $auth_setting) = each($permissions))
|
---|
1194 | {
|
---|
1195 | if (!isset($user->lang['acl_' . $permission]))
|
---|
1196 | {
|
---|
1197 | $user->lang['acl_' . $permission] = array(
|
---|
1198 | 'cat' => 'misc',
|
---|
1199 | 'lang' => '{ acl_' . $permission . ' }'
|
---|
1200 | );
|
---|
1201 | }
|
---|
1202 |
|
---|
1203 | $cat = $user->lang['acl_' . $permission]['cat'];
|
---|
1204 |
|
---|
1205 | // Build our categories array
|
---|
1206 | if (!isset($categories[$cat]))
|
---|
1207 | {
|
---|
1208 | $categories[$cat] = $user->lang['permission_cat'][$cat];
|
---|
1209 | }
|
---|
1210 |
|
---|
1211 | // Build our content array
|
---|
1212 | if (!isset($content_array[$forum_id]))
|
---|
1213 | {
|
---|
1214 | $content_array[$forum_id] = array();
|
---|
1215 | }
|
---|
1216 |
|
---|
1217 | if (!isset($content_array[$forum_id][$cat]))
|
---|
1218 | {
|
---|
1219 | $content_array[$forum_id][$cat] = array(
|
---|
1220 | 'S_YES' => false,
|
---|
1221 | 'S_NEVER' => false,
|
---|
1222 | 'S_NO' => false,
|
---|
1223 | 'permissions' => array(),
|
---|
1224 | );
|
---|
1225 | }
|
---|
1226 |
|
---|
1227 | $content_array[$forum_id][$cat]['S_YES'] |= ($auth_setting == ACL_YES) ? true : false;
|
---|
1228 | $content_array[$forum_id][$cat]['S_NEVER'] |= ($auth_setting == ACL_NEVER) ? true : false;
|
---|
1229 | $content_array[$forum_id][$cat]['S_NO'] |= ($auth_setting == ACL_NO) ? true : false;
|
---|
1230 |
|
---|
1231 | $content_array[$forum_id][$cat]['permissions'][$permission] = $auth_setting;
|
---|
1232 | }
|
---|
1233 | }
|
---|
1234 | }
|
---|
1235 |
|
---|
1236 | /**
|
---|
1237 | * Use permissions from another user. This transferes a permission set from one user to another.
|
---|
1238 | * The other user is always able to revert back to his permission set.
|
---|
1239 | * This function does not check for lower/higher permissions, it is possible for the user to gain
|
---|
1240 | * "more" permissions by this.
|
---|
1241 | * Admin permissions will not be copied.
|
---|
1242 | */
|
---|
1243 | function ghost_permissions($from_user_id, $to_user_id)
|
---|
1244 | {
|
---|
1245 | global $db;
|
---|
1246 |
|
---|
1247 | if ($to_user_id == ANONYMOUS)
|
---|
1248 | {
|
---|
1249 | return false;
|
---|
1250 | }
|
---|
1251 |
|
---|
1252 | $hold_ary = $this->acl_raw_data_single_user($from_user_id);
|
---|
1253 |
|
---|
1254 | // Key 0 in $hold_ary are global options, all others are forum_ids
|
---|
1255 |
|
---|
1256 | // We disallow copying admin permissions
|
---|
1257 | foreach ($this->acl_options['global'] as $opt => $id)
|
---|
1258 | {
|
---|
1259 | if (strpos($opt, 'a_') === 0)
|
---|
1260 | {
|
---|
1261 | $hold_ary[0][$this->acl_options['id'][$opt]] = ACL_NEVER;
|
---|
1262 | }
|
---|
1263 | }
|
---|
1264 |
|
---|
1265 | // Force a_switchperm to be allowed
|
---|
1266 | $hold_ary[0][$this->acl_options['id']['a_switchperm']] = ACL_YES;
|
---|
1267 |
|
---|
1268 | $user_permissions = $this->build_bitstring($hold_ary);
|
---|
1269 |
|
---|
1270 | if (!$user_permissions)
|
---|
1271 | {
|
---|
1272 | return false;
|
---|
1273 | }
|
---|
1274 |
|
---|
1275 | $sql = 'UPDATE ' . USERS_TABLE . "
|
---|
1276 | SET user_permissions = '" . $db->sql_escape($user_permissions) . "',
|
---|
1277 | user_perm_from = $from_user_id
|
---|
1278 | WHERE user_id = " . $to_user_id;
|
---|
1279 | $db->sql_query($sql);
|
---|
1280 |
|
---|
1281 | return true;
|
---|
1282 | }
|
---|
1283 | }
|
---|
1284 |
|
---|
1285 | ?>
|
---|