source: trunk/forum/includes/acp/auth.php

Last change on this file was 702, checked in by george, 15 years ago
  • Upraveno: Aktualizace fóra.
File size: 37.4 KB
Line 
1<?php
2/**
3*
4* @package phpBB3
5* @version $Id$
6* @copyright (c) 2005 phpBB Group
7* @license http://opensource.org/licenses/gpl-license.php GNU Public License
8*
9*/
10
11/**
12* @ignore
13*/
14if (!defined('IN_PHPBB'))
15{
16 exit;
17}
18
19/**
20* ACP Permission/Auth class
21* @package phpBB3
22*/
23class auth_admin extends auth
24{
25 /**
26 * Init auth settings
27 */
28 function auth_admin()
29 {
30 global $db, $cache;
31
32 if (($this->acl_options = $cache->get('_acl_options')) === false)
33 {
34 $sql = 'SELECT auth_option_id, auth_option, is_global, is_local
35 FROM ' . ACL_OPTIONS_TABLE . '
36 ORDER BY auth_option_id';
37 $result = $db->sql_query($sql);
38
39 $global = $local = 0;
40 $this->acl_options = array();
41 while ($row = $db->sql_fetchrow($result))
42 {
43 if ($row['is_global'])
44 {
45 $this->acl_options['global'][$row['auth_option']] = $global++;
46 }
47
48 if ($row['is_local'])
49 {
50 $this->acl_options['local'][$row['auth_option']] = $local++;
51 }
52
53 $this->acl_options['id'][$row['auth_option']] = (int) $row['auth_option_id'];
54 $this->acl_options['option'][(int) $row['auth_option_id']] = $row['auth_option'];
55 }
56 $db->sql_freeresult($result);
57
58 $cache->put('_acl_options', $this->acl_options);
59 }
60 }
61
62 /**
63 * Get permission mask
64 * This function only supports getting permissions of one type (for example a_)
65 *
66 * @param set|view $mode defines the permissions we get, view gets effective permissions (checking user AND group permissions), set only gets the user or group permission set alone
67 * @param mixed $user_id user ids to search for (a user_id or a group_id has to be specified at least)
68 * @param mixed $group_id group ids to search for, return group related settings (a user_id or a group_id has to be specified at least)
69 * @param mixed $forum_id forum_ids to search for. Defining a forum id also means getting local settings
70 * @param string $auth_option the auth_option defines the permission setting to look for (a_ for example)
71 * @param local|global $scope the scope defines the permission scope. If local, a forum_id is additionally required
72 * @param ACL_NEVER|ACL_NO|ACL_YES $acl_fill defines the mode those permissions not set are getting filled with
73 */
74 function get_mask($mode, $user_id = false, $group_id = false, $forum_id = false, $auth_option = false, $scope = false, $acl_fill = ACL_NEVER)
75 {
76 global $db, $user;
77
78 $hold_ary = array();
79 $view_user_mask = ($mode == 'view' && $group_id === false) ? true : false;
80
81 if ($auth_option === false || $scope === false)
82 {
83 return array();
84 }
85
86 $acl_user_function = ($mode == 'set') ? 'acl_user_raw_data' : 'acl_raw_data';
87
88 if (!$view_user_mask)
89 {
90 if ($forum_id !== false)
91 {
92 $hold_ary = ($group_id !== false) ? $this->acl_group_raw_data($group_id, $auth_option . '%', $forum_id) : $this->$acl_user_function($user_id, $auth_option . '%', $forum_id);
93 }
94 else
95 {
96 $hold_ary = ($group_id !== false) ? $this->acl_group_raw_data($group_id, $auth_option . '%', ($scope == 'global') ? 0 : false) : $this->$acl_user_function($user_id, $auth_option . '%', ($scope == 'global') ? 0 : false);
97 }
98 }
99
100 // Make sure hold_ary is filled with every setting (prevents missing forums/users/groups)
101 $ug_id = ($group_id !== false) ? ((!is_array($group_id)) ? array($group_id) : $group_id) : ((!is_array($user_id)) ? array($user_id) : $user_id);
102 $forum_ids = ($forum_id !== false) ? ((!is_array($forum_id)) ? array($forum_id) : $forum_id) : (($scope == 'global') ? array(0) : array());
103
104 // Only those options we need
105 $compare_options = array_diff(preg_replace('/^((?!' . $auth_option . ').+)|(' . $auth_option . ')$/', '', array_keys($this->acl_options[$scope])), array(''));
106
107 // If forum_ids is false and the scope is local we actually want to have all forums within the array
108 if ($scope == 'local' && !sizeof($forum_ids))
109 {
110 $sql = 'SELECT forum_id
111 FROM ' . FORUMS_TABLE;
112 $result = $db->sql_query($sql, 120);
113
114 while ($row = $db->sql_fetchrow($result))
115 {
116 $forum_ids[] = (int) $row['forum_id'];
117 }
118 $db->sql_freeresult($result);
119 }
120
121 if ($view_user_mask)
122 {
123 $auth2 = null;
124
125 $sql = 'SELECT user_id, user_permissions, user_type
126 FROM ' . USERS_TABLE . '
127 WHERE ' . $db->sql_in_set('user_id', $ug_id);
128 $result = $db->sql_query($sql);
129
130 while ($userdata = $db->sql_fetchrow($result))
131 {
132 if ($user->data['user_id'] != $userdata['user_id'])
133 {
134 $auth2 = new auth();
135 $auth2->acl($userdata);
136 }
137 else
138 {
139 global $auth;
140 $auth2 = &$auth;
141 }
142
143
144 $hold_ary[$userdata['user_id']] = array();
145 foreach ($forum_ids as $f_id)
146 {
147 $hold_ary[$userdata['user_id']][$f_id] = array();
148 foreach ($compare_options as $option)
149 {
150 $hold_ary[$userdata['user_id']][$f_id][$option] = $auth2->acl_get($option, $f_id);
151 }
152 }
153 }
154 $db->sql_freeresult($result);
155
156 unset($userdata);
157 unset($auth2);
158 }
159
160 foreach ($ug_id as $_id)
161 {
162 if (!isset($hold_ary[$_id]))
163 {
164 $hold_ary[$_id] = array();
165 }
166
167 foreach ($forum_ids as $f_id)
168 {
169 if (!isset($hold_ary[$_id][$f_id]))
170 {
171 $hold_ary[$_id][$f_id] = array();
172 }
173 }
174 }
175
176 // Now, we need to fill the gaps with $acl_fill. ;)
177
178 // Now switch back to keys
179 if (sizeof($compare_options))
180 {
181 $compare_options = array_combine($compare_options, array_fill(1, sizeof($compare_options), $acl_fill));
182 }
183
184 // Defining the user-function here to save some memory
185 $return_acl_fill = create_function('$value', 'return ' . $acl_fill . ';');
186
187 // Actually fill the gaps
188 if (sizeof($hold_ary))
189 {
190 foreach ($hold_ary as $ug_id => $row)
191 {
192 foreach ($row as $id => $options)
193 {
194 // Do not include the global auth_option
195 unset($options[$auth_option]);
196
197 // Not a "fine" solution, but at all it's a 1-dimensional
198 // array_diff_key function filling the resulting array values with zeros
199 // The differences get merged into $hold_ary (all permissions having $acl_fill set)
200 $hold_ary[$ug_id][$id] = array_merge($options,
201
202 array_map($return_acl_fill,
203 array_flip(
204 array_diff(
205 array_keys($compare_options), array_keys($options)
206 )
207 )
208 )
209 );
210 }
211 }
212 }
213 else
214 {
215 $hold_ary[($group_id !== false) ? $group_id : $user_id][(int) $forum_id] = $compare_options;
216 }
217
218 return $hold_ary;
219 }
220
221 /**
222 * Get permission mask for roles
223 * This function only supports getting masks for one role
224 */
225 function get_role_mask($role_id)
226 {
227 global $db;
228
229 $hold_ary = array();
230
231 // Get users having this role set...
232 $sql = 'SELECT user_id, forum_id
233 FROM ' . ACL_USERS_TABLE . '
234 WHERE auth_role_id = ' . $role_id . '
235 ORDER BY forum_id';
236 $result = $db->sql_query($sql);
237
238 while ($row = $db->sql_fetchrow($result))
239 {
240 $hold_ary[$row['forum_id']]['users'][] = $row['user_id'];
241 }
242 $db->sql_freeresult($result);
243
244 // Now grab groups...
245 $sql = 'SELECT group_id, forum_id
246 FROM ' . ACL_GROUPS_TABLE . '
247 WHERE auth_role_id = ' . $role_id . '
248 ORDER BY forum_id';
249 $result = $db->sql_query($sql);
250
251 while ($row = $db->sql_fetchrow($result))
252 {
253 $hold_ary[$row['forum_id']]['groups'][] = $row['group_id'];
254 }
255 $db->sql_freeresult($result);
256
257 return $hold_ary;
258 }
259
260 /**
261 * Display permission mask (assign to template)
262 */
263 function display_mask($mode, $permission_type, &$hold_ary, $user_mode = 'user', $local = false, $group_display = true)
264 {
265 global $template, $user, $db, $phpbb_root_path, $phpEx;
266
267 // Define names for template loops, might be able to be set
268 $tpl_pmask = 'p_mask';
269 $tpl_fmask = 'f_mask';
270 $tpl_category = 'category';
271 $tpl_mask = 'mask';
272
273 $l_acl_type = (isset($user->lang['ACL_TYPE_' . (($local) ? 'LOCAL' : 'GLOBAL') . '_' . strtoupper($permission_type)])) ? $user->lang['ACL_TYPE_' . (($local) ? 'LOCAL' : 'GLOBAL') . '_' . strtoupper($permission_type)] : 'ACL_TYPE_' . (($local) ? 'LOCAL' : 'GLOBAL') . '_' . strtoupper($permission_type);
274
275 // Allow trace for viewing permissions and in user mode
276 $show_trace = ($mode == 'view' && $user_mode == 'user') ? true : false;
277
278 // Get names
279 if ($user_mode == 'user')
280 {
281 $sql = 'SELECT user_id as ug_id, username as ug_name
282 FROM ' . USERS_TABLE . '
283 WHERE ' . $db->sql_in_set('user_id', array_keys($hold_ary)) . '
284 ORDER BY username_clean ASC';
285 }
286 else
287 {
288 $sql = 'SELECT group_id as ug_id, group_name as ug_name, group_type
289 FROM ' . GROUPS_TABLE . '
290 WHERE ' . $db->sql_in_set('group_id', array_keys($hold_ary)) . '
291 ORDER BY group_type DESC, group_name ASC';
292 }
293 $result = $db->sql_query($sql);
294
295 $ug_names_ary = array();
296 while ($row = $db->sql_fetchrow($result))
297 {
298 $ug_names_ary[$row['ug_id']] = ($user_mode == 'user') ? $row['ug_name'] : (($row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $row['ug_name']] : $row['ug_name']);
299 }
300 $db->sql_freeresult($result);
301
302 // Get used forums
303 $forum_ids = array();
304 foreach ($hold_ary as $ug_id => $row)
305 {
306 $forum_ids = array_merge($forum_ids, array_keys($row));
307 }
308 $forum_ids = array_unique($forum_ids);
309
310 $forum_names_ary = array();
311 if ($local)
312 {
313 $forum_names_ary = make_forum_select(false, false, true, false, false, false, true);
314
315 // Remove the disabled ones, since we do not create an option field here...
316 foreach ($forum_names_ary as $key => $value)
317 {
318 if (!$value['disabled'])
319 {
320 continue;
321 }
322 unset($forum_names_ary[$key]);
323 }
324 }
325 else
326 {
327 $forum_names_ary[0] = $l_acl_type;
328 }
329
330 // Get available roles
331 $sql = 'SELECT *
332 FROM ' . ACL_ROLES_TABLE . "
333 WHERE role_type = '" . $db->sql_escape($permission_type) . "'
334 ORDER BY role_order ASC";
335 $result = $db->sql_query($sql);
336
337 $roles = array();
338 while ($row = $db->sql_fetchrow($result))
339 {
340 $roles[$row['role_id']] = $row;
341 }
342 $db->sql_freeresult($result);
343
344 $cur_roles = $this->acl_role_data($user_mode, $permission_type, array_keys($hold_ary));
345
346 // Build js roles array (role data assignments)
347 $s_role_js_array = '';
348
349 if (sizeof($roles))
350 {
351 $s_role_js_array = array();
352
353 // Make sure every role (even if empty) has its array defined
354 foreach ($roles as $_role_id => $null)
355 {
356 $s_role_js_array[$_role_id] = "\n" . 'role_options[' . $_role_id . '] = new Array();' . "\n";
357 }
358
359 $sql = 'SELECT r.role_id, o.auth_option, r.auth_setting
360 FROM ' . ACL_ROLES_DATA_TABLE . ' r, ' . ACL_OPTIONS_TABLE . ' o
361 WHERE o.auth_option_id = r.auth_option_id
362 AND ' . $db->sql_in_set('r.role_id', array_keys($roles));
363 $result = $db->sql_query($sql);
364
365 while ($row = $db->sql_fetchrow($result))
366 {
367 $flag = substr($row['auth_option'], 0, strpos($row['auth_option'], '_') + 1);
368 if ($flag == $row['auth_option'])
369 {
370 continue;
371 }
372
373 $s_role_js_array[$row['role_id']] .= 'role_options[' . $row['role_id'] . '][\'' . addslashes($row['auth_option']) . '\'] = ' . $row['auth_setting'] . '; ';
374 }
375 $db->sql_freeresult($result);
376
377 $s_role_js_array = implode('', $s_role_js_array);
378 }
379
380 $template->assign_var('S_ROLE_JS_ARRAY', $s_role_js_array);
381 unset($s_role_js_array);
382
383 // Now obtain memberships
384 $user_groups_default = $user_groups_custom = array();
385 if ($user_mode == 'user' && $group_display)
386 {
387 $sql = 'SELECT group_id, group_name, group_type
388 FROM ' . GROUPS_TABLE . '
389 ORDER BY group_type DESC, group_name ASC';
390 $result = $db->sql_query($sql);
391
392 $groups = array();
393 while ($row = $db->sql_fetchrow($result))
394 {
395 $groups[$row['group_id']] = $row;
396 }
397 $db->sql_freeresult($result);
398
399 $memberships = group_memberships(false, array_keys($hold_ary), false);
400
401 // User is not a member of any group? Bad admin, bad bad admin...
402 if ($memberships)
403 {
404 foreach ($memberships as $row)
405 {
406 if ($groups[$row['group_id']]['group_type'] == GROUP_SPECIAL)
407 {
408 $user_groups_default[$row['user_id']][] = $user->lang['G_' . $groups[$row['group_id']]['group_name']];
409 }
410 else
411 {
412 $user_groups_custom[$row['user_id']][] = $groups[$row['group_id']]['group_name'];
413 }
414 }
415 }
416 unset($memberships, $groups);
417 }
418
419 // If we only have one forum id to display or being in local mode and more than one user/group to display,
420 // we switch the complete interface to group by user/usergroup instead of grouping by forum
421 // To achieve this, we need to switch the array a bit
422 if (sizeof($forum_ids) == 1 || ($local && sizeof($ug_names_ary) > 1))
423 {
424 $hold_ary_temp = $hold_ary;
425 $hold_ary = array();
426 foreach ($hold_ary_temp as $ug_id => $row)
427 {
428 foreach ($forum_names_ary as $forum_id => $forum_row)
429 {
430 if (isset($row[$forum_id]))
431 {
432 $hold_ary[$forum_id][$ug_id] = $row[$forum_id];
433 }
434 }
435 }
436 unset($hold_ary_temp);
437
438 foreach ($hold_ary as $forum_id => $forum_array)
439 {
440 $content_array = $categories = array();
441 $this->build_permission_array($hold_ary[$forum_id], $content_array, $categories, array_keys($ug_names_ary));
442
443 $template->assign_block_vars($tpl_pmask, array(
444 'NAME' => ($forum_id == 0) ? $forum_names_ary[0] : $forum_names_ary[$forum_id]['forum_name'],
445 'PADDING' => ($forum_id == 0) ? '' : $forum_names_ary[$forum_id]['padding'],
446
447 'CATEGORIES' => implode('</th><th>', $categories),
448
449 'L_ACL_TYPE' => $l_acl_type,
450
451 'S_LOCAL' => ($local) ? true : false,
452 'S_GLOBAL' => (!$local) ? true : false,
453 'S_NUM_CATS' => sizeof($categories),
454 'S_VIEW' => ($mode == 'view') ? true : false,
455 'S_NUM_OBJECTS' => sizeof($content_array),
456 'S_USER_MODE' => ($user_mode == 'user') ? true : false,
457 'S_GROUP_MODE' => ($user_mode == 'group') ? true : false)
458 );
459
460 @reset($content_array);
461 while (list($ug_id, $ug_array) = each($content_array))
462 {
463 // Build role dropdown options
464 $current_role_id = (isset($cur_roles[$ug_id][$forum_id])) ? $cur_roles[$ug_id][$forum_id] : 0;
465
466 $s_role_options = '';
467
468 @reset($roles);
469 while (list($role_id, $role_row) = each($roles))
470 {
471 $role_description = (!empty($user->lang[$role_row['role_description']])) ? $user->lang[$role_row['role_description']] : nl2br($role_row['role_description']);
472 $role_name = (!empty($user->lang[$role_row['role_name']])) ? $user->lang[$role_row['role_name']] : $role_row['role_name'];
473
474 $title = ($role_description) ? ' title="' . $role_description . '"' : '';
475 $s_role_options .= '<option value="' . $role_id . '"' . (($role_id == $current_role_id) ? ' selected="selected"' : '') . $title . '>' . $role_name . '</option>';
476 }
477
478 if ($s_role_options)
479 {
480 $s_role_options = '<option value="0"' . ((!$current_role_id) ? ' selected="selected"' : '') . ' title="' . htmlspecialchars($user->lang['NO_ROLE_ASSIGNED_EXPLAIN']) . '">' . $user->lang['NO_ROLE_ASSIGNED'] . '</option>' . $s_role_options;
481 }
482
483 if (!$current_role_id && $mode != 'view')
484 {
485 $s_custom_permissions = false;
486
487 foreach ($ug_array as $key => $value)
488 {
489 if ($value['S_NEVER'] || $value['S_YES'])
490 {
491 $s_custom_permissions = true;
492 break;
493 }
494 }
495 }
496 else
497 {
498 $s_custom_permissions = false;
499 }
500
501 $template->assign_block_vars($tpl_pmask . '.' . $tpl_fmask, array(
502 'NAME' => $ug_names_ary[$ug_id],
503 'S_ROLE_OPTIONS' => $s_role_options,
504 'UG_ID' => $ug_id,
505 'S_CUSTOM' => $s_custom_permissions,
506 'FORUM_ID' => $forum_id)
507 );
508
509 $this->assign_cat_array($ug_array, $tpl_pmask . '.' . $tpl_fmask . '.' . $tpl_category, $tpl_mask, $ug_id, $forum_id, $show_trace, ($mode == 'view'));
510
511 unset($content_array[$ug_id]);
512 }
513
514 unset($hold_ary[$forum_id]);
515 }
516 }
517 else
518 {
519 foreach ($ug_names_ary as $ug_id => $ug_name)
520 {
521 if (!isset($hold_ary[$ug_id]))
522 {
523 continue;
524 }
525
526 $content_array = $categories = array();
527 $this->build_permission_array($hold_ary[$ug_id], $content_array, $categories, array_keys($forum_names_ary));
528
529 $template->assign_block_vars($tpl_pmask, array(
530 'NAME' => $ug_name,
531 'CATEGORIES' => implode('</th><th>', $categories),
532
533 'USER_GROUPS_DEFAULT' => ($user_mode == 'user' && isset($user_groups_default[$ug_id]) && sizeof($user_groups_default[$ug_id])) ? implode(', ', $user_groups_default[$ug_id]) : '',
534 'USER_GROUPS_CUSTOM' => ($user_mode == 'user' && isset($user_groups_custom[$ug_id]) && sizeof($user_groups_custom[$ug_id])) ? implode(', ', $user_groups_custom[$ug_id]) : '',
535 'L_ACL_TYPE' => $l_acl_type,
536
537 'S_LOCAL' => ($local) ? true : false,
538 'S_GLOBAL' => (!$local) ? true : false,
539 'S_NUM_CATS' => sizeof($categories),
540 'S_VIEW' => ($mode == 'view') ? true : false,
541 'S_NUM_OBJECTS' => sizeof($content_array),
542 'S_USER_MODE' => ($user_mode == 'user') ? true : false,
543 'S_GROUP_MODE' => ($user_mode == 'group') ? true : false)
544 );
545
546 @reset($content_array);
547 while (list($forum_id, $forum_array) = each($content_array))
548 {
549 // Build role dropdown options
550 $current_role_id = (isset($cur_roles[$ug_id][$forum_id])) ? $cur_roles[$ug_id][$forum_id] : 0;
551
552 $s_role_options = '';
553
554 @reset($roles);
555 while (list($role_id, $role_row) = each($roles))
556 {
557 $role_description = (!empty($user->lang[$role_row['role_description']])) ? $user->lang[$role_row['role_description']] : nl2br($role_row['role_description']);
558 $role_name = (!empty($user->lang[$role_row['role_name']])) ? $user->lang[$role_row['role_name']] : $role_row['role_name'];
559
560 $title = ($role_description) ? ' title="' . $role_description . '"' : '';
561 $s_role_options .= '<option value="' . $role_id . '"' . (($role_id == $current_role_id) ? ' selected="selected"' : '') . $title . '>' . $role_name . '</option>';
562 }
563
564 if ($s_role_options)
565 {
566 $s_role_options = '<option value="0"' . ((!$current_role_id) ? ' selected="selected"' : '') . ' title="' . htmlspecialchars($user->lang['NO_ROLE_ASSIGNED_EXPLAIN']) . '">' . $user->lang['NO_ROLE_ASSIGNED'] . '</option>' . $s_role_options;
567 }
568
569 if (!$current_role_id && $mode != 'view')
570 {
571 $s_custom_permissions = false;
572
573 foreach ($forum_array as $key => $value)
574 {
575 if ($value['S_NEVER'] || $value['S_YES'])
576 {
577 $s_custom_permissions = true;
578 break;
579 }
580 }
581 }
582 else
583 {
584 $s_custom_permissions = false;
585 }
586
587 $template->assign_block_vars($tpl_pmask . '.' . $tpl_fmask, array(
588 'NAME' => ($forum_id == 0) ? $forum_names_ary[0] : $forum_names_ary[$forum_id]['forum_name'],
589 'PADDING' => ($forum_id == 0) ? '' : $forum_names_ary[$forum_id]['padding'],
590 'S_ROLE_OPTIONS' => $s_role_options,
591 'S_CUSTOM' => $s_custom_permissions,
592 'UG_ID' => $ug_id,
593 'FORUM_ID' => $forum_id)
594 );
595
596 $this->assign_cat_array($forum_array, $tpl_pmask . '.' . $tpl_fmask . '.' . $tpl_category, $tpl_mask, $ug_id, $forum_id, $show_trace, ($mode == 'view'));
597 }
598
599 unset($hold_ary[$ug_id], $ug_names_ary[$ug_id]);
600 }
601 }
602 }
603
604 /**
605 * Display permission mask for roles
606 */
607 function display_role_mask(&$hold_ary)
608 {
609 global $db, $template, $user, $phpbb_root_path, $phpbb_admin_path, $phpEx;
610
611 if (!sizeof($hold_ary))
612 {
613 return;
614 }
615
616 // Get forum names
617 $sql = 'SELECT forum_id, forum_name
618 FROM ' . FORUMS_TABLE . '
619 WHERE ' . $db->sql_in_set('forum_id', array_keys($hold_ary)) . '
620 ORDER BY left_id';
621 $result = $db->sql_query($sql);
622
623 // If the role is used globally, then reflect that
624 $forum_names = (isset($hold_ary[0])) ? array(0 => '') : array();
625 while ($row = $db->sql_fetchrow($result))
626 {
627 $forum_names[$row['forum_id']] = $row['forum_name'];
628 }
629 $db->sql_freeresult($result);
630
631 foreach ($forum_names as $forum_id => $forum_name)
632 {
633 $auth_ary = $hold_ary[$forum_id];
634
635 $template->assign_block_vars('role_mask', array(
636 'NAME' => ($forum_id == 0) ? $user->lang['GLOBAL_MASK'] : $forum_name,
637 'FORUM_ID' => $forum_id)
638 );
639
640 if (isset($auth_ary['users']) && sizeof($auth_ary['users']))
641 {
642 $sql = 'SELECT user_id, username
643 FROM ' . USERS_TABLE . '
644 WHERE ' . $db->sql_in_set('user_id', $auth_ary['users']) . '
645 ORDER BY username_clean ASC';
646 $result = $db->sql_query($sql);
647
648 while ($row = $db->sql_fetchrow($result))
649 {
650 $template->assign_block_vars('role_mask.users', array(
651 'USER_ID' => $row['user_id'],
652 'USERNAME' => $row['username'],
653 'U_PROFILE' => append_sid("{$phpbb_root_path}memberlist.$phpEx", "mode=viewprofile&amp;u={$row['user_id']}"))
654 );
655 }
656 $db->sql_freeresult($result);
657 }
658
659 if (isset($auth_ary['groups']) && sizeof($auth_ary['groups']))
660 {
661 $sql = 'SELECT group_id, group_name, group_type
662 FROM ' . GROUPS_TABLE . '
663 WHERE ' . $db->sql_in_set('group_id', $auth_ary['groups']) . '
664 ORDER BY group_type ASC, group_name';
665 $result = $db->sql_query($sql);
666
667 while ($row = $db->sql_fetchrow($result))
668 {
669 $template->assign_block_vars('role_mask.groups', array(
670 'GROUP_ID' => $row['group_id'],
671 'GROUP_NAME' => ($row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $row['group_name']] : $row['group_name'],
672 'U_PROFILE' => append_sid("{$phpbb_root_path}memberlist.$phpEx", "mode=group&amp;g={$row['group_id']}"))
673 );
674 }
675 $db->sql_freeresult($result);
676 }
677 }
678 }
679
680 /**
681 * NOTE: this function is not in use atm
682 * Add a new option to the list ... $options is a hash of form ->
683 * $options = array(
684 * 'local' => array('option1', 'option2', ...),
685 * 'global' => array('optionA', 'optionB', ...)
686 * );
687 */
688 function acl_add_option($options)
689 {
690 global $db, $cache;
691
692 if (!is_array($options))
693 {
694 return false;
695 }
696
697 $cur_options = array();
698
699 // Determine current options
700 $sql = 'SELECT auth_option, is_global, is_local
701 FROM ' . ACL_OPTIONS_TABLE . '
702 ORDER BY auth_option_id';
703 $result = $db->sql_query($sql);
704
705 while ($row = $db->sql_fetchrow($result))
706 {
707 $cur_options[$row['auth_option']] = ($row['is_global'] && $row['is_local']) ? 'both' : (($row['is_global']) ? 'global' : 'local');
708 }
709 $db->sql_freeresult($result);
710
711 // Here we need to insert new options ... this requires discovering whether
712 // an options is global, local or both and whether we need to add an permission
713 // set flag (x_)
714 $new_options = array('local' => array(), 'global' => array());
715
716 foreach ($options as $type => $option_ary)
717 {
718 $option_ary = array_unique($option_ary);
719
720 foreach ($option_ary as $option_value)
721 {
722 $new_options[$type][] = $option_value;
723
724 $flag = substr($option_value, 0, strpos($option_value, '_') + 1);
725
726 if (!in_array($flag, $new_options[$type]))
727 {
728 $new_options[$type][] = $flag;
729 }
730 }
731 }
732 unset($options);
733
734 $options = array();
735 $options['local'] = array_diff($new_options['local'], $new_options['global']);
736 $options['global'] = array_diff($new_options['global'], $new_options['local']);
737 $options['both'] = array_intersect($new_options['local'], $new_options['global']);
738
739 // Now check which options to add/update
740 $add_options = $update_options = array();
741
742 // First local ones...
743 foreach ($options as $type => $option_ary)
744 {
745 foreach ($option_ary as $option)
746 {
747 if (!isset($cur_options[$option]))
748 {
749 $add_options[] = array(
750 'auth_option' => (string) $option,
751 'is_global' => ($type == 'global' || $type == 'both') ? 1 : 0,
752 'is_local' => ($type == 'local' || $type == 'both') ? 1 : 0
753 );
754
755 continue;
756 }
757
758 // Else, update existing entry if it is changed...
759 if ($type === $cur_options[$option])
760 {
761 continue;
762 }
763
764 // New type is always both:
765 // If is now both, we set both.
766 // If it was global the new one is local and we need to set it to both
767 // If it was local the new one is global and we need to set it to both
768 $update_options[] = $option;
769 }
770 }
771
772 if (!empty($add_options))
773 {
774 $db->sql_multi_insert(ACL_OPTIONS_TABLE, $add_options);
775 }
776
777 if (!empty($update_options))
778 {
779 $sql = 'UPDATE ' . ACL_OPTIONS_TABLE . '
780 SET is_global = 1, is_local = 1
781 WHERE ' . $db->sql_in_set('auth_option', $update_options);
782 $db->sql_query($sql);
783 }
784
785 $cache->destroy('_acl_options');
786 $this->acl_clear_prefetch();
787
788 // Because we just changed the options and also purged the options cache, we instantly update/regenerate it for later calls to succeed.
789 $this->acl_options = array();
790 $this->auth_admin();
791
792 return true;
793 }
794
795 /**
796 * Set a user or group ACL record
797 */
798 function acl_set($ug_type, $forum_id, $ug_id, $auth, $role_id = 0, $clear_prefetch = true)
799 {
800 global $db;
801
802 // One or more forums
803 if (!is_array($forum_id))
804 {
805 $forum_id = array($forum_id);
806 }
807
808 // One or more users
809 if (!is_array($ug_id))
810 {
811 $ug_id = array($ug_id);
812 }
813
814 $ug_id_sql = $db->sql_in_set($ug_type . '_id', array_map('intval', $ug_id));
815 $forum_sql = $db->sql_in_set('forum_id', array_map('intval', $forum_id));
816
817 // Instead of updating, inserting, removing we just remove all current settings and re-set everything...
818 $table = ($ug_type == 'user') ? ACL_USERS_TABLE : ACL_GROUPS_TABLE;
819 $id_field = $ug_type . '_id';
820
821 // Get any flags as required
822 reset($auth);
823 $flag = key($auth);
824 $flag = substr($flag, 0, strpos($flag, '_') + 1);
825
826 // This ID (the any-flag) is set if one or more permissions are true...
827 $any_option_id = (int) $this->acl_options['id'][$flag];
828
829 // Remove any-flag from auth ary
830 if (isset($auth[$flag]))
831 {
832 unset($auth[$flag]);
833 }
834
835 // Remove current auth options...
836 $auth_option_ids = array((int)$any_option_id);
837 foreach ($auth as $auth_option => $auth_setting)
838 {
839 $auth_option_ids[] = (int) $this->acl_options['id'][$auth_option];
840 }
841
842 $sql = "DELETE FROM $table
843 WHERE $forum_sql
844 AND $ug_id_sql
845 AND " . $db->sql_in_set('auth_option_id', $auth_option_ids);
846 $db->sql_query($sql);
847
848 // Remove those having a role assigned... the correct type of course...
849 $sql = 'SELECT role_id
850 FROM ' . ACL_ROLES_TABLE . "
851 WHERE role_type = '" . $db->sql_escape($flag) . "'";
852 $result = $db->sql_query($sql);
853
854 $role_ids = array();
855 while ($row = $db->sql_fetchrow($result))
856 {
857 $role_ids[] = $row['role_id'];
858 }
859 $db->sql_freeresult($result);
860
861 if (sizeof($role_ids))
862 {
863 $sql = "DELETE FROM $table
864 WHERE $forum_sql
865 AND $ug_id_sql
866 AND auth_option_id = 0
867 AND " . $db->sql_in_set('auth_role_id', $role_ids);
868 $db->sql_query($sql);
869 }
870
871 // Ok, include the any-flag if one or more auth options are set to yes...
872 foreach ($auth as $auth_option => $setting)
873 {
874 if ($setting == ACL_YES && (!isset($auth[$flag]) || $auth[$flag] == ACL_NEVER))
875 {
876 $auth[$flag] = ACL_YES;
877 }
878 }
879
880 $sql_ary = array();
881 foreach ($forum_id as $forum)
882 {
883 $forum = (int) $forum;
884
885 if ($role_id)
886 {
887 foreach ($ug_id as $id)
888 {
889 $sql_ary[] = array(
890 $id_field => (int) $id,
891 'forum_id' => (int) $forum,
892 'auth_option_id' => 0,
893 'auth_setting' => 0,
894 'auth_role_id' => (int) $role_id,
895 );
896 }
897 }
898 else
899 {
900 foreach ($auth as $auth_option => $setting)
901 {
902 $auth_option_id = (int) $this->acl_options['id'][$auth_option];
903
904 if ($setting != ACL_NO)
905 {
906 foreach ($ug_id as $id)
907 {
908 $sql_ary[] = array(
909 $id_field => (int) $id,
910 'forum_id' => (int) $forum,
911 'auth_option_id' => (int) $auth_option_id,
912 'auth_setting' => (int) $setting
913 );
914 }
915 }
916 }
917 }
918 }
919
920 $db->sql_multi_insert($table, $sql_ary);
921
922 if ($clear_prefetch)
923 {
924 $this->acl_clear_prefetch();
925 }
926 }
927
928 /**
929 * Set a role-specific ACL record
930 */
931 function acl_set_role($role_id, $auth)
932 {
933 global $db;
934
935 // Get any-flag as required
936 reset($auth);
937 $flag = key($auth);
938 $flag = substr($flag, 0, strpos($flag, '_') + 1);
939
940 // Remove any-flag from auth ary
941 if (isset($auth[$flag]))
942 {
943 unset($auth[$flag]);
944 }
945
946 // Re-set any flag...
947 foreach ($auth as $auth_option => $setting)
948 {
949 if ($setting == ACL_YES && (!isset($auth[$flag]) || $auth[$flag] == ACL_NEVER))
950 {
951 $auth[$flag] = ACL_YES;
952 }
953 }
954
955 $sql_ary = array();
956 foreach ($auth as $auth_option => $setting)
957 {
958 $auth_option_id = (int) $this->acl_options['id'][$auth_option];
959
960 if ($setting != ACL_NO)
961 {
962 $sql_ary[] = array(
963 'role_id' => (int) $role_id,
964 'auth_option_id' => (int) $auth_option_id,
965 'auth_setting' => (int) $setting
966 );
967 }
968 }
969
970 // If no data is there, we set the any-flag to ACL_NEVER...
971 if (!sizeof($sql_ary))
972 {
973 $sql_ary[] = array(
974 'role_id' => (int) $role_id,
975 'auth_option_id' => (int) $this->acl_options['id'][$flag],
976 'auth_setting' => ACL_NEVER
977 );
978 }
979
980 // Remove current auth options...
981 $sql = 'DELETE FROM ' . ACL_ROLES_DATA_TABLE . '
982 WHERE role_id = ' . $role_id;
983 $db->sql_query($sql);
984
985 // Now insert the new values
986 $db->sql_multi_insert(ACL_ROLES_DATA_TABLE, $sql_ary);
987
988 $this->acl_clear_prefetch();
989 }
990
991 /**
992 * Remove local permission
993 */
994 function acl_delete($mode, $ug_id = false, $forum_id = false, $permission_type = false)
995 {
996 global $db;
997
998 if ($ug_id === false && $forum_id === false)
999 {
1000 return;
1001 }
1002
1003 $option_id_ary = array();
1004 $table = ($mode == 'user') ? ACL_USERS_TABLE : ACL_GROUPS_TABLE;
1005 $id_field = $mode . '_id';
1006
1007 $where_sql = array();
1008
1009 if ($forum_id !== false)
1010 {
1011 $where_sql[] = (!is_array($forum_id)) ? 'forum_id = ' . (int) $forum_id : $db->sql_in_set('forum_id', array_map('intval', $forum_id));
1012 }
1013
1014 if ($ug_id !== false)
1015 {
1016 $where_sql[] = (!is_array($ug_id)) ? $id_field . ' = ' . (int) $ug_id : $db->sql_in_set($id_field, array_map('intval', $ug_id));
1017 }
1018
1019 // There seem to be auth options involved, therefore we need to go through the list and make sure we capture roles correctly
1020 if ($permission_type !== false)
1021 {
1022 // Get permission type
1023 $sql = 'SELECT auth_option, auth_option_id
1024 FROM ' . ACL_OPTIONS_TABLE . "
1025 WHERE auth_option " . $db->sql_like_expression($permission_type . $db->any_char);
1026 $result = $db->sql_query($sql);
1027
1028 $auth_id_ary = array();
1029 while ($row = $db->sql_fetchrow($result))
1030 {
1031 $option_id_ary[] = $row['auth_option_id'];
1032 $auth_id_ary[$row['auth_option']] = ACL_NO;
1033 }
1034 $db->sql_freeresult($result);
1035
1036 // First of all, lets grab the items having roles with the specified auth options assigned
1037 $sql = "SELECT auth_role_id, $id_field, forum_id
1038 FROM $table, " . ACL_ROLES_TABLE . " r
1039 WHERE auth_role_id <> 0
1040 AND auth_role_id = r.role_id
1041 AND r.role_type = '{$permission_type}'
1042 AND " . implode(' AND ', $where_sql) . '
1043 ORDER BY auth_role_id';
1044 $result = $db->sql_query($sql);
1045
1046 $cur_role_auth = array();
1047 while ($row = $db->sql_fetchrow($result))
1048 {
1049 $cur_role_auth[$row['auth_role_id']][$row['forum_id']][] = $row[$id_field];
1050 }
1051 $db->sql_freeresult($result);
1052
1053 // Get role data for resetting data
1054 if (sizeof($cur_role_auth))
1055 {
1056 $sql = 'SELECT ao.auth_option, rd.role_id, rd.auth_setting
1057 FROM ' . ACL_OPTIONS_TABLE . ' ao, ' . ACL_ROLES_DATA_TABLE . ' rd
1058 WHERE ao.auth_option_id = rd.auth_option_id
1059 AND ' . $db->sql_in_set('rd.role_id', array_keys($cur_role_auth));
1060 $result = $db->sql_query($sql);
1061
1062 $auth_settings = array();
1063 while ($row = $db->sql_fetchrow($result))
1064 {
1065 // We need to fill all auth_options, else setting it will fail...
1066 if (!isset($auth_settings[$row['role_id']]))
1067 {
1068 $auth_settings[$row['role_id']] = $auth_id_ary;
1069 }
1070 $auth_settings[$row['role_id']][$row['auth_option']] = $row['auth_setting'];
1071 }
1072 $db->sql_freeresult($result);
1073
1074 // Set the options
1075 foreach ($cur_role_auth as $role_id => $auth_row)
1076 {
1077 foreach ($auth_row as $f_id => $ug_row)
1078 {
1079 $this->acl_set($mode, $f_id, $ug_row, $auth_settings[$role_id], 0, false);
1080 }
1081 }
1082 }
1083 }
1084
1085 // Now, normally remove permissions...
1086 if ($permission_type !== false)
1087 {
1088 $where_sql[] = $db->sql_in_set('auth_option_id', array_map('intval', $option_id_ary));
1089 }
1090
1091 $sql = "DELETE FROM $table
1092 WHERE " . implode(' AND ', $where_sql);
1093 $db->sql_query($sql);
1094
1095 $this->acl_clear_prefetch();
1096 }
1097
1098 /**
1099 * Assign category to template
1100 * used by display_mask()
1101 */
1102 function assign_cat_array(&$category_array, $tpl_cat, $tpl_mask, $ug_id, $forum_id, $show_trace = false, $s_view)
1103 {
1104 global $template, $user, $phpbb_admin_path, $phpEx;
1105
1106 @reset($category_array);
1107 while (list($cat, $cat_array) = each($category_array))
1108 {
1109 $template->assign_block_vars($tpl_cat, array(
1110 'S_YES' => ($cat_array['S_YES'] && !$cat_array['S_NEVER'] && !$cat_array['S_NO']) ? true : false,
1111 'S_NEVER' => ($cat_array['S_NEVER'] && !$cat_array['S_YES'] && !$cat_array['S_NO']) ? true : false,
1112 'S_NO' => ($cat_array['S_NO'] && !$cat_array['S_NEVER'] && !$cat_array['S_YES']) ? true : false,
1113
1114 'CAT_NAME' => $user->lang['permission_cat'][$cat])
1115 );
1116
1117 /* Sort permissions by name (more naturaly and user friendly than sorting by a primary key)
1118 * Commented out due to it's memory consumption and time needed
1119 *
1120 $key_array = array_intersect(array_keys($user->lang), array_map(create_function('$a', 'return "acl_" . $a;'), array_keys($cat_array['permissions'])));
1121 $values_array = $cat_array['permissions'];
1122
1123 $cat_array['permissions'] = array();
1124
1125 foreach ($key_array as $key)
1126 {
1127 $key = str_replace('acl_', '', $key);
1128 $cat_array['permissions'][$key] = $values_array[$key];
1129 }
1130 unset($key_array, $values_array);
1131*/
1132 @reset($cat_array['permissions']);
1133 while (list($permission, $allowed) = each($cat_array['permissions']))
1134 {
1135 if ($s_view)
1136 {
1137 $template->assign_block_vars($tpl_cat . '.' . $tpl_mask, array(
1138 'S_YES' => ($allowed == ACL_YES) ? true : false,
1139 'S_NEVER' => ($allowed == ACL_NEVER) ? true : false,
1140
1141 'UG_ID' => $ug_id,
1142 'FORUM_ID' => $forum_id,
1143 'FIELD_NAME' => $permission,
1144 'S_FIELD_NAME' => 'setting[' . $ug_id . '][' . $forum_id . '][' . $permission . ']',
1145
1146 'U_TRACE' => ($show_trace) ? append_sid("{$phpbb_admin_path}index.$phpEx", "i=permissions&amp;mode=trace&amp;u=$ug_id&amp;f=$forum_id&amp;auth=$permission") : '',
1147 'UA_TRACE' => ($show_trace) ? append_sid("{$phpbb_admin_path}index.$phpEx", "i=permissions&mode=trace&u=$ug_id&f=$forum_id&auth=$permission", false) : '',
1148
1149 'PERMISSION' => $user->lang['acl_' . $permission]['lang'])
1150 );
1151 }
1152 else
1153 {
1154 $template->assign_block_vars($tpl_cat . '.' . $tpl_mask, array(
1155 'S_YES' => ($allowed == ACL_YES) ? true : false,
1156 'S_NEVER' => ($allowed == ACL_NEVER) ? true : false,
1157 'S_NO' => ($allowed == ACL_NO) ? true : false,
1158
1159 'UG_ID' => $ug_id,
1160 'FORUM_ID' => $forum_id,
1161 'FIELD_NAME' => $permission,
1162 'S_FIELD_NAME' => 'setting[' . $ug_id . '][' . $forum_id . '][' . $permission . ']',
1163
1164 'U_TRACE' => ($show_trace) ? append_sid("{$phpbb_admin_path}index.$phpEx", "i=permissions&amp;mode=trace&amp;u=$ug_id&amp;f=$forum_id&amp;auth=$permission") : '',
1165 'UA_TRACE' => ($show_trace) ? append_sid("{$phpbb_admin_path}index.$phpEx", "i=permissions&mode=trace&u=$ug_id&f=$forum_id&auth=$permission", false) : '',
1166
1167 'PERMISSION' => $user->lang['acl_' . $permission]['lang'])
1168 );
1169 }
1170 }
1171 }
1172 }
1173
1174 /**
1175 * Building content array from permission rows with explicit key ordering
1176 * used by display_mask()
1177 */
1178 function build_permission_array(&$permission_row, &$content_array, &$categories, $key_sort_array)
1179 {
1180 global $user;
1181
1182 foreach ($key_sort_array as $forum_id)
1183 {
1184 if (!isset($permission_row[$forum_id]))
1185 {
1186 continue;
1187 }
1188
1189 $permissions = $permission_row[$forum_id];
1190 ksort($permissions);
1191
1192 @reset($permissions);
1193 while (list($permission, $auth_setting) = each($permissions))
1194 {
1195 if (!isset($user->lang['acl_' . $permission]))
1196 {
1197 $user->lang['acl_' . $permission] = array(
1198 'cat' => 'misc',
1199 'lang' => '{ acl_' . $permission . ' }'
1200 );
1201 }
1202
1203 $cat = $user->lang['acl_' . $permission]['cat'];
1204
1205 // Build our categories array
1206 if (!isset($categories[$cat]))
1207 {
1208 $categories[$cat] = $user->lang['permission_cat'][$cat];
1209 }
1210
1211 // Build our content array
1212 if (!isset($content_array[$forum_id]))
1213 {
1214 $content_array[$forum_id] = array();
1215 }
1216
1217 if (!isset($content_array[$forum_id][$cat]))
1218 {
1219 $content_array[$forum_id][$cat] = array(
1220 'S_YES' => false,
1221 'S_NEVER' => false,
1222 'S_NO' => false,
1223 'permissions' => array(),
1224 );
1225 }
1226
1227 $content_array[$forum_id][$cat]['S_YES'] |= ($auth_setting == ACL_YES) ? true : false;
1228 $content_array[$forum_id][$cat]['S_NEVER'] |= ($auth_setting == ACL_NEVER) ? true : false;
1229 $content_array[$forum_id][$cat]['S_NO'] |= ($auth_setting == ACL_NO) ? true : false;
1230
1231 $content_array[$forum_id][$cat]['permissions'][$permission] = $auth_setting;
1232 }
1233 }
1234 }
1235
1236 /**
1237 * Use permissions from another user. This transferes a permission set from one user to another.
1238 * The other user is always able to revert back to his permission set.
1239 * This function does not check for lower/higher permissions, it is possible for the user to gain
1240 * "more" permissions by this.
1241 * Admin permissions will not be copied.
1242 */
1243 function ghost_permissions($from_user_id, $to_user_id)
1244 {
1245 global $db;
1246
1247 if ($to_user_id == ANONYMOUS)
1248 {
1249 return false;
1250 }
1251
1252 $hold_ary = $this->acl_raw_data_single_user($from_user_id);
1253
1254 // Key 0 in $hold_ary are global options, all others are forum_ids
1255
1256 // We disallow copying admin permissions
1257 foreach ($this->acl_options['global'] as $opt => $id)
1258 {
1259 if (strpos($opt, 'a_') === 0)
1260 {
1261 $hold_ary[0][$this->acl_options['id'][$opt]] = ACL_NEVER;
1262 }
1263 }
1264
1265 // Force a_switchperm to be allowed
1266 $hold_ary[0][$this->acl_options['id']['a_switchperm']] = ACL_YES;
1267
1268 $user_permissions = $this->build_bitstring($hold_ary);
1269
1270 if (!$user_permissions)
1271 {
1272 return false;
1273 }
1274
1275 $sql = 'UPDATE ' . USERS_TABLE . "
1276 SET user_permissions = '" . $db->sql_escape($user_permissions) . "',
1277 user_perm_from = $from_user_id
1278 WHERE user_id = " . $to_user_id;
1279 $db->sql_query($sql);
1280
1281 return true;
1282 }
1283}
1284
1285?>
Note: See TracBrowser for help on using the repository browser.