| [ Index ] |
PHP Cross Reference of Unnamed Project |
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * 4 * @package phpBB3 5 * @version $Id$ 6 * @copyright (c) 2005 phpBB Group 7 * @license http://opensource.org/licenses/gpl-license.php GNU Public License 8 * 9 */ 10 11 /** 12 * @ignore 13 */ 14 if (!defined('IN_PHPBB')) 15 { 16 exit; 17 } 18 19 /** 20 * ACP Permission/Auth class 21 * @package phpBB3 22 */ 23 class auth_admin extends auth 24 { 25 /** 26 * Init auth settings 27 */ 28 function auth_admin() 29 { 30 global $db, $cache; 31 32 if (($this->acl_options = $cache->get('_acl_options')) === false) 33 { 34 $sql = 'SELECT auth_option_id, auth_option, is_global, is_local 35 FROM ' . ACL_OPTIONS_TABLE . ' 36 ORDER BY auth_option_id'; 37 $result = $db->sql_query($sql); 38 39 $global = $local = 0; 40 $this->acl_options = array(); 41 while ($row = $db->sql_fetchrow($result)) 42 { 43 if ($row['is_global']) 44 { 45 $this->acl_options['global'][$row['auth_option']] = $global++; 46 } 47 48 if ($row['is_local']) 49 { 50 $this->acl_options['local'][$row['auth_option']] = $local++; 51 } 52 53 $this->acl_options['id'][$row['auth_option']] = (int) $row['auth_option_id']; 54 $this->acl_options['option'][(int) $row['auth_option_id']] = $row['auth_option']; 55 } 56 $db->sql_freeresult($result); 57 58 $cache->put('_acl_options', $this->acl_options); 59 } 60 } 61 62 /** 63 * Get permission mask 64 * This function only supports getting permissions of one type (for example a_) 65 * 66 * @param set|view $mode defines the permissions we get, view gets effective permissions (checking user AND group permissions), set only gets the user or group permission set alone 67 * @param mixed $user_id user ids to search for (a user_id or a group_id has to be specified at least) 68 * @param mixed $group_id group ids to search for, return group related settings (a user_id or a group_id has to be specified at least) 69 * @param mixed $forum_id forum_ids to search for. Defining a forum id also means getting local settings 70 * @param string $auth_option the auth_option defines the permission setting to look for (a_ for example) 71 * @param local|global $scope the scope defines the permission scope. If local, a forum_id is additionally required 72 * @param ACL_NEVER|ACL_NO|ACL_YES $acl_fill defines the mode those permissions not set are getting filled with 73 */ 74 function get_mask($mode, $user_id = false, $group_id = false, $forum_id = false, $auth_option = false, $scope = false, $acl_fill = ACL_NEVER) 75 { 76 global $db, $user; 77 78 $hold_ary = array(); 79 $view_user_mask = ($mode == 'view' && $group_id === false) ? true : false; 80 81 if ($auth_option === false || $scope === false) 82 { 83 return array(); 84 } 85 86 $acl_user_function = ($mode == 'set') ? 'acl_user_raw_data' : 'acl_raw_data'; 87 88 if (!$view_user_mask) 89 { 90 if ($forum_id !== false) 91 { 92 $hold_ary = ($group_id !== false) ? $this->acl_group_raw_data($group_id, $auth_option . '%', $forum_id) : $this->$acl_user_function($user_id, $auth_option . '%', $forum_id); 93 } 94 else 95 { 96 $hold_ary = ($group_id !== false) ? $this->acl_group_raw_data($group_id, $auth_option . '%', ($scope == 'global') ? 0 : false) : $this->$acl_user_function($user_id, $auth_option . '%', ($scope == 'global') ? 0 : false); 97 } 98 } 99 100 // Make sure hold_ary is filled with every setting (prevents missing forums/users/groups) 101 $ug_id = ($group_id !== false) ? ((!is_array($group_id)) ? array($group_id) : $group_id) : ((!is_array($user_id)) ? array($user_id) : $user_id); 102 $forum_ids = ($forum_id !== false) ? ((!is_array($forum_id)) ? array($forum_id) : $forum_id) : (($scope == 'global') ? array(0) : array()); 103 104 // Only those options we need 105 $compare_options = array_diff(preg_replace('/^((?!' . $auth_option . ').+)|(' . $auth_option . ')$/', '', array_keys($this->acl_options[$scope])), array('')); 106 107 // If forum_ids is false and the scope is local we actually want to have all forums within the array 108 if ($scope == 'local' && !sizeof($forum_ids)) 109 { 110 $sql = 'SELECT forum_id 111 FROM ' . FORUMS_TABLE; 112 $result = $db->sql_query($sql, 120); 113 114 while ($row = $db->sql_fetchrow($result)) 115 { 116 $forum_ids[] = (int) $row['forum_id']; 117 } 118 $db->sql_freeresult($result); 119 } 120 121 if ($view_user_mask) 122 { 123 $auth2 = null; 124 125 $sql = 'SELECT user_id, user_permissions, user_type 126 FROM ' . USERS_TABLE . ' 127 WHERE ' . $db->sql_in_set('user_id', $ug_id); 128 $result = $db->sql_query($sql); 129 130 while ($userdata = $db->sql_fetchrow($result)) 131 { 132 if ($user->data['user_id'] != $userdata['user_id']) 133 { 134 $auth2 = new auth(); 135 $auth2->acl($userdata); 136 } 137 else 138 { 139 global $auth; 140 $auth2 = &$auth; 141 } 142 143 144 $hold_ary[$userdata['user_id']] = array(); 145 foreach ($forum_ids as $f_id) 146 { 147 $hold_ary[$userdata['user_id']][$f_id] = array(); 148 foreach ($compare_options as $option) 149 { 150 $hold_ary[$userdata['user_id']][$f_id][$option] = $auth2->acl_get($option, $f_id); 151 } 152 } 153 } 154 $db->sql_freeresult($result); 155 156 unset($userdata); 157 unset($auth2); 158 } 159 160 foreach ($ug_id as $_id) 161 { 162 if (!isset($hold_ary[$_id])) 163 { 164 $hold_ary[$_id] = array(); 165 } 166 167 foreach ($forum_ids as $f_id) 168 { 169 if (!isset($hold_ary[$_id][$f_id])) 170 { 171 $hold_ary[$_id][$f_id] = array(); 172 } 173 } 174 } 175 176 // Now, we need to fill the gaps with $acl_fill. ;) 177 178 // Now switch back to keys 179 if (sizeof($compare_options)) 180 { 181 $compare_options = array_combine($compare_options, array_fill(1, sizeof($compare_options), $acl_fill)); 182 } 183 184 // Defining the user-function here to save some memory 185 $return_acl_fill = create_function('$value', 'return ' . $acl_fill . ';'); 186 187 // Actually fill the gaps 188 if (sizeof($hold_ary)) 189 { 190 foreach ($hold_ary as $ug_id => $row) 191 { 192 foreach ($row as $id => $options) 193 { 194 // Do not include the global auth_option 195 unset($options[$auth_option]); 196 197 // Not a "fine" solution, but at all it's a 1-dimensional 198 // array_diff_key function filling the resulting array values with zeros 199 // The differences get merged into $hold_ary (all permissions having $acl_fill set) 200 $hold_ary[$ug_id][$id] = array_merge($options, 201 202 array_map($return_acl_fill, 203 array_flip( 204 array_diff( 205 array_keys($compare_options), array_keys($options) 206 ) 207 ) 208 ) 209 ); 210 } 211 } 212 } 213 else 214 { 215 $hold_ary[($group_id !== false) ? $group_id : $user_id][(int) $forum_id] = $compare_options; 216 } 217 218 return $hold_ary; 219 } 220 221 /** 222 * Get permission mask for roles 223 * This function only supports getting masks for one role 224 */ 225 function get_role_mask($role_id) 226 { 227 global $db; 228 229 $hold_ary = array(); 230 231 // Get users having this role set... 232 $sql = 'SELECT user_id, forum_id 233 FROM ' . ACL_USERS_TABLE . ' 234 WHERE auth_role_id = ' . $role_id . ' 235 ORDER BY forum_id'; 236 $result = $db->sql_query($sql); 237 238 while ($row = $db->sql_fetchrow($result)) 239 { 240 $hold_ary[$row['forum_id']]['users'][] = $row['user_id']; 241 } 242 $db->sql_freeresult($result); 243 244 // Now grab groups... 245 $sql = 'SELECT group_id, forum_id 246 FROM ' . ACL_GROUPS_TABLE . ' 247 WHERE auth_role_id = ' . $role_id . ' 248 ORDER BY forum_id'; 249 $result = $db->sql_query($sql); 250 251 while ($row = $db->sql_fetchrow($result)) 252 { 253 $hold_ary[$row['forum_id']]['groups'][] = $row['group_id']; 254 } 255 $db->sql_freeresult($result); 256 257 return $hold_ary; 258 } 259 260 /** 261 * Display permission mask (assign to template) 262 */ 263 function display_mask($mode, $permission_type, &$hold_ary, $user_mode = 'user', $local = false, $group_display = true) 264 { 265 global $template, $user, $db, $phpbb_root_path, $phpEx; 266 267 // Define names for template loops, might be able to be set 268 $tpl_pmask = 'p_mask'; 269 $tpl_fmask = 'f_mask'; 270 $tpl_category = 'category'; 271 $tpl_mask = 'mask'; 272 273 $l_acl_type = (isset($user->lang['ACL_TYPE_' . (($local) ? 'LOCAL' : 'GLOBAL') . '_' . strtoupper($permission_type)])) ? $user->lang['ACL_TYPE_' . (($local) ? 'LOCAL' : 'GLOBAL') . '_' . strtoupper($permission_type)] : 'ACL_TYPE_' . (($local) ? 'LOCAL' : 'GLOBAL') . '_' . strtoupper($permission_type); 274 275 // Allow trace for viewing permissions and in user mode 276 $show_trace = ($mode == 'view' && $user_mode == 'user') ? true : false; 277 278 // Get names 279 if ($user_mode == 'user') 280 { 281 $sql = 'SELECT user_id as ug_id, username as ug_name 282 FROM ' . USERS_TABLE . ' 283 WHERE ' . $db->sql_in_set('user_id', array_keys($hold_ary)) . ' 284 ORDER BY username_clean ASC'; 285 } 286 else 287 { 288 $sql = 'SELECT group_id as ug_id, group_name as ug_name, group_type 289 FROM ' . GROUPS_TABLE . ' 290 WHERE ' . $db->sql_in_set('group_id', array_keys($hold_ary)) . ' 291 ORDER BY group_type DESC, group_name ASC'; 292 } 293 $result = $db->sql_query($sql); 294 295 $ug_names_ary = array(); 296 while ($row = $db->sql_fetchrow($result)) 297 { 298 $ug_names_ary[$row['ug_id']] = ($user_mode == 'user') ? $row['ug_name'] : (($row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $row['ug_name']] : $row['ug_name']); 299 } 300 $db->sql_freeresult($result); 301 302 // Get used forums 303 $forum_ids = array(); 304 foreach ($hold_ary as $ug_id => $row) 305 { 306 $forum_ids = array_merge($forum_ids, array_keys($row)); 307 } 308 $forum_ids = array_unique($forum_ids); 309 310 $forum_names_ary = array(); 311 if ($local) 312 { 313 $forum_names_ary = make_forum_select(false, false, true, false, false, false, true); 314 315 // Remove the disabled ones, since we do not create an option field here... 316 foreach ($forum_names_ary as $key => $value) 317 { 318 if (!$value['disabled']) 319 { 320 continue; 321 } 322 unset($forum_names_ary[$key]); 323 } 324 } 325 else 326 { 327 $forum_names_ary[0] = $l_acl_type; 328 } 329 330 // Get available roles 331 $sql = 'SELECT * 332 FROM ' . ACL_ROLES_TABLE . " 333 WHERE role_type = '" . $db->sql_escape($permission_type) . "' 334 ORDER BY role_order ASC"; 335 $result = $db->sql_query($sql); 336 337 $roles = array(); 338 while ($row = $db->sql_fetchrow($result)) 339 { 340 $roles[$row['role_id']] = $row; 341 } 342 $db->sql_freeresult($result); 343 344 $cur_roles = $this->acl_role_data($user_mode, $permission_type, array_keys($hold_ary)); 345 346 // Build js roles array (role data assignments) 347 $s_role_js_array = ''; 348 349 if (sizeof($roles)) 350 { 351 $s_role_js_array = array(); 352 353 // Make sure every role (even if empty) has its array defined 354 foreach ($roles as $_role_id => $null) 355 { 356 $s_role_js_array[$_role_id] = "\n" . 'role_options[' . $_role_id . '] = new Array();' . "\n"; 357 } 358 359 $sql = 'SELECT r.role_id, o.auth_option, r.auth_setting 360 FROM ' . ACL_ROLES_DATA_TABLE . ' r, ' . ACL_OPTIONS_TABLE . ' o 361 WHERE o.auth_option_id = r.auth_option_id 362 AND ' . $db->sql_in_set('r.role_id', array_keys($roles)); 363 $result = $db->sql_query($sql); 364 365 while ($row = $db->sql_fetchrow($result)) 366 { 367 $flag = substr($row['auth_option'], 0, strpos($row['auth_option'], '_') + 1); 368 if ($flag == $row['auth_option']) 369 { 370 continue; 371 } 372 373 $s_role_js_array[$row['role_id']] .= 'role_options[' . $row['role_id'] . '][\'' . addslashes($row['auth_option']) . '\'] = ' . $row['auth_setting'] . '; '; 374 } 375 $db->sql_freeresult($result); 376 377 $s_role_js_array = implode('', $s_role_js_array); 378 } 379 380 $template->assign_var('S_ROLE_JS_ARRAY', $s_role_js_array); 381 unset($s_role_js_array); 382 383 // Now obtain memberships 384 $user_groups_default = $user_groups_custom = array(); 385 if ($user_mode == 'user' && $group_display) 386 { 387 $sql = 'SELECT group_id, group_name, group_type 388 FROM ' . GROUPS_TABLE . ' 389 ORDER BY group_type DESC, group_name ASC'; 390 $result = $db->sql_query($sql); 391 392 $groups = array(); 393 while ($row = $db->sql_fetchrow($result)) 394 { 395 $groups[$row['group_id']] = $row; 396 } 397 $db->sql_freeresult($result); 398 399 $memberships = group_memberships(false, array_keys($hold_ary), false); 400 401 // User is not a member of any group? Bad admin, bad bad admin... 402 if ($memberships) 403 { 404 foreach ($memberships as $row) 405 { 406 if ($groups[$row['group_id']]['group_type'] == GROUP_SPECIAL) 407 { 408 $user_groups_default[$row['user_id']][] = $user->lang['G_' . $groups[$row['group_id']]['group_name']]; 409 } 410 else 411 { 412 $user_groups_custom[$row['user_id']][] = $groups[$row['group_id']]['group_name']; 413 } 414 } 415 } 416 unset($memberships, $groups); 417 } 418 419 // If we only have one forum id to display or being in local mode and more than one user/group to display, 420 // we switch the complete interface to group by user/usergroup instead of grouping by forum 421 // To achieve this, we need to switch the array a bit 422 if (sizeof($forum_ids) == 1 || ($local && sizeof($ug_names_ary) > 1)) 423 { 424 $hold_ary_temp = $hold_ary; 425 $hold_ary = array(); 426 foreach ($hold_ary_temp as $ug_id => $row) 427 { 428 foreach ($forum_names_ary as $forum_id => $forum_row) 429 { 430 if (isset($row[$forum_id])) 431 { 432 $hold_ary[$forum_id][$ug_id] = $row[$forum_id]; 433 } 434 } 435 } 436 unset($hold_ary_temp); 437 438 foreach ($hold_ary as $forum_id => $forum_array) 439 { 440 $content_array = $categories = array(); 441 $this->build_permission_array($hold_ary[$forum_id], $content_array, $categories, array_keys($ug_names_ary)); 442 443 $template->assign_block_vars($tpl_pmask, array( 444 'NAME' => ($forum_id == 0) ? $forum_names_ary[0] : $forum_names_ary[$forum_id]['forum_name'], 445 'PADDING' => ($forum_id == 0) ? '' : $forum_names_ary[$forum_id]['padding'], 446 447 'CATEGORIES' => implode('</th><th>', $categories), 448 449 'L_ACL_TYPE' => $l_acl_type, 450 451 'S_LOCAL' => ($local) ? true : false, 452 'S_GLOBAL' => (!$local) ? true : false, 453 'S_NUM_CATS' => sizeof($categories), 454 'S_VIEW' => ($mode == 'view') ? true : false, 455 'S_NUM_OBJECTS' => sizeof($content_array), 456 'S_USER_MODE' => ($user_mode == 'user') ? true : false, 457 'S_GROUP_MODE' => ($user_mode == 'group') ? true : false) 458 ); 459 460 @reset($content_array); 461 while (list($ug_id, $ug_array) = each($content_array)) 462 { 463 // Build role dropdown options 464 $current_role_id = (isset($cur_roles[$ug_id][$forum_id])) ? $cur_roles[$ug_id][$forum_id] : 0; 465 466 $s_role_options = ''; 467 468 @reset($roles); 469 while (list($role_id, $role_row) = each($roles)) 470 { 471 $role_description = (!empty($user->lang[$role_row['role_description']])) ? $user->lang[$role_row['role_description']] : nl2br($role_row['role_description']); 472 $role_name = (!empty($user->lang[$role_row['role_name']])) ? $user->lang[$role_row['role_name']] : $role_row['role_name']; 473 474 $title = ($role_description) ? ' title="' . $role_description . '"' : ''; 475 $s_role_options .= '<option value="' . $role_id . '"' . (($role_id == $current_role_id) ? ' selected="selected"' : '') . $title . '>' . $role_name . '</option>'; 476 } 477 478 if ($s_role_options) 479 { 480 $s_role_options = '<option value="0"' . ((!$current_role_id) ? ' selected="selected"' : '') . ' title="' . htmlspecialchars($user->lang['NO_ROLE_ASSIGNED_EXPLAIN']) . '">' . $user->lang['NO_ROLE_ASSIGNED'] . '</option>' . $s_role_options; 481 } 482 483 if (!$current_role_id && $mode != 'view') 484 { 485 $s_custom_permissions = false; 486 487 foreach ($ug_array as $key => $value) 488 { 489 if ($value['S_NEVER'] || $value['S_YES']) 490 { 491 $s_custom_permissions = true; 492 break; 493 } 494 } 495 } 496 else 497 { 498 $s_custom_permissions = false; 499 } 500 501 $template->assign_block_vars($tpl_pmask . '.' . $tpl_fmask, array( 502 'NAME' => $ug_names_ary[$ug_id], 503 'S_ROLE_OPTIONS' => $s_role_options, 504 'UG_ID' => $ug_id, 505 'S_CUSTOM' => $s_custom_permissions, 506 'FORUM_ID' => $forum_id) 507 ); 508 509 $this->assign_cat_array($ug_array, $tpl_pmask . '.' . $tpl_fmask . '.' . $tpl_category, $tpl_mask, $ug_id, $forum_id, $show_trace, ($mode == 'view')); 510 511 unset($content_array[$ug_id]); 512 } 513 514 unset($hold_ary[$forum_id]); 515 } 516 } 517 else 518 { 519 foreach ($ug_names_ary as $ug_id => $ug_name) 520 { 521 if (!isset($hold_ary[$ug_id])) 522 { 523 continue; 524 } 525 526 $content_array = $categories = array(); 527 $this->build_permission_array($hold_ary[$ug_id], $content_array, $categories, array_keys($forum_names_ary)); 528 529 $template->assign_block_vars($tpl_pmask, array( 530 'NAME' => $ug_name, 531 'CATEGORIES' => implode('</th><th>', $categories), 532 533 'USER_GROUPS_DEFAULT' => ($user_mode == 'user' && isset($user_groups_default[$ug_id]) && sizeof($user_groups_default[$ug_id])) ? implode(', ', $user_groups_default[$ug_id]) : '', 534 'USER_GROUPS_CUSTOM' => ($user_mode == 'user' && isset($user_groups_custom[$ug_id]) && sizeof($user_groups_custom[$ug_id])) ? implode(', ', $user_groups_custom[$ug_id]) : '', 535 'L_ACL_TYPE' => $l_acl_type, 536 537 'S_LOCAL' => ($local) ? true : false, 538 'S_GLOBAL' => (!$local) ? true : false, 539 'S_NUM_CATS' => sizeof($categories), 540 'S_VIEW' => ($mode == 'view') ? true : false, 541 'S_NUM_OBJECTS' => sizeof($content_array), 542 'S_USER_MODE' => ($user_mode == 'user') ? true : false, 543 'S_GROUP_MODE' => ($user_mode == 'group') ? true : false) 544 ); 545 546 @reset($content_array); 547 while (list($forum_id, $forum_array) = each($content_array)) 548 { 549 // Build role dropdown options 550 $current_role_id = (isset($cur_roles[$ug_id][$forum_id])) ? $cur_roles[$ug_id][$forum_id] : 0; 551 552 $s_role_options = ''; 553 554 @reset($roles); 555 while (list($role_id, $role_row) = each($roles)) 556 { 557 $role_description = (!empty($user->lang[$role_row['role_description']])) ? $user->lang[$role_row['role_description']] : nl2br($role_row['role_description']); 558 $role_name = (!empty($user->lang[$role_row['role_name']])) ? $user->lang[$role_row['role_name']] : $role_row['role_name']; 559 560 $title = ($role_description) ? ' title="' . $role_description . '"' : ''; 561 $s_role_options .= '<option value="' . $role_id . '"' . (($role_id == $current_role_id) ? ' selected="selected"' : '') . $title . '>' . $role_name . '</option>'; 562 } 563 564 if ($s_role_options) 565 { 566 $s_role_options = '<option value="0"' . ((!$current_role_id) ? ' selected="selected"' : '') . ' title="' . htmlspecialchars($user->lang['NO_ROLE_ASSIGNED_EXPLAIN']) . '">' . $user->lang['NO_ROLE_ASSIGNED'] . '</option>' . $s_role_options; 567 } 568 569 if (!$current_role_id && $mode != 'view') 570 { 571 $s_custom_permissions = false; 572 573 foreach ($forum_array as $key => $value) 574 { 575 if ($value['S_NEVER'] || $value['S_YES']) 576 { 577 $s_custom_permissions = true; 578 break; 579 } 580 } 581 } 582 else 583 { 584 $s_custom_permissions = false; 585 } 586 587 $template->assign_block_vars($tpl_pmask . '.' . $tpl_fmask, array( 588 'NAME' => ($forum_id == 0) ? $forum_names_ary[0] : $forum_names_ary[$forum_id]['forum_name'], 589 'PADDING' => ($forum_id == 0) ? '' : $forum_names_ary[$forum_id]['padding'], 590 'S_ROLE_OPTIONS' => $s_role_options, 591 'S_CUSTOM' => $s_custom_permissions, 592 'UG_ID' => $ug_id, 593 'FORUM_ID' => $forum_id) 594 ); 595 596 $this->assign_cat_array($forum_array, $tpl_pmask . '.' . $tpl_fmask . '.' . $tpl_category, $tpl_mask, $ug_id, $forum_id, $show_trace, ($mode == 'view')); 597 } 598 599 unset($hold_ary[$ug_id], $ug_names_ary[$ug_id]); 600 } 601 } 602 } 603 604 /** 605 * Display permission mask for roles 606 */ 607 function display_role_mask(&$hold_ary) 608 { 609 global $db, $template, $user, $phpbb_root_path, $phpbb_admin_path, $phpEx; 610 611 if (!sizeof($hold_ary)) 612 { 613 return; 614 } 615 616 // Get forum names 617 $sql = 'SELECT forum_id, forum_name 618 FROM ' . FORUMS_TABLE . ' 619 WHERE ' . $db->sql_in_set('forum_id', array_keys($hold_ary)) . ' 620 ORDER BY left_id'; 621 $result = $db->sql_query($sql); 622 623 // If the role is used globally, then reflect that 624 $forum_names = (isset($hold_ary[0])) ? array(0 => '') : array(); 625 while ($row = $db->sql_fetchrow($result)) 626 { 627 $forum_names[$row['forum_id']] = $row['forum_name']; 628 } 629 $db->sql_freeresult($result); 630 631 foreach ($forum_names as $forum_id => $forum_name) 632 { 633 $auth_ary = $hold_ary[$forum_id]; 634 635 $template->assign_block_vars('role_mask', array( 636 'NAME' => ($forum_id == 0) ? $user->lang['GLOBAL_MASK'] : $forum_name, 637 'FORUM_ID' => $forum_id) 638 ); 639 640 if (isset($auth_ary['users']) && sizeof($auth_ary['users'])) 641 { 642 $sql = 'SELECT user_id, username 643 FROM ' . USERS_TABLE . ' 644 WHERE ' . $db->sql_in_set('user_id', $auth_ary['users']) . ' 645 ORDER BY username_clean ASC'; 646 $result = $db->sql_query($sql); 647 648 while ($row = $db->sql_fetchrow($result)) 649 { 650 $template->assign_block_vars('role_mask.users', array( 651 'USER_ID' => $row['user_id'], 652 'USERNAME' => $row['username'], 653 'U_PROFILE' => append_sid("{$phpbb_root_path}memberlist.$phpEx", "mode=viewprofile&u={$row['user_id']}")) 654 ); 655 } 656 $db->sql_freeresult($result); 657 } 658 659 if (isset($auth_ary['groups']) && sizeof($auth_ary['groups'])) 660 { 661 $sql = 'SELECT group_id, group_name, group_type 662 FROM ' . GROUPS_TABLE . ' 663 WHERE ' . $db->sql_in_set('group_id', $auth_ary['groups']) . ' 664 ORDER BY group_type ASC, group_name'; 665 $result = $db->sql_query($sql); 666 667 while ($row = $db->sql_fetchrow($result)) 668 { 669 $template->assign_block_vars('role_mask.groups', array( 670 'GROUP_ID' => $row['group_id'], 671 'GROUP_NAME' => ($row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $row['group_name']] : $row['group_name'], 672 'U_PROFILE' => append_sid("{$phpbb_root_path}memberlist.$phpEx", "mode=group&g={$row['group_id']}")) 673 ); 674 } 675 $db->sql_freeresult($result); 676 } 677 } 678 } 679 680 /** 681 * NOTE: this function is not in use atm 682 * Add a new option to the list ... $options is a hash of form -> 683 * $options = array( 684 * 'local' => array('option1', 'option2', ...), 685 * 'global' => array('optionA', 'optionB', ...) 686 * ); 687 */ 688 function acl_add_option($options) 689 { 690 global $db, $cache; 691 692 if (!is_array($options)) 693 { 694 return false; 695 } 696 697 $cur_options = array(); 698 699 // Determine current options 700 $sql = 'SELECT auth_option, is_global, is_local 701 FROM ' . ACL_OPTIONS_TABLE . ' 702 ORDER BY auth_option_id'; 703 $result = $db->sql_query($sql); 704 705 while ($row = $db->sql_fetchrow($result)) 706 { 707 $cur_options[$row['auth_option']] = ($row['is_global'] && $row['is_local']) ? 'both' : (($row['is_global']) ? 'global' : 'local'); 708 } 709 $db->sql_freeresult($result); 710 711 // Here we need to insert new options ... this requires discovering whether 712 // an options is global, local or both and whether we need to add an permission 713 // set flag (x_) 714 $new_options = array('local' => array(), 'global' => array()); 715 716 foreach ($options as $type => $option_ary) 717 { 718 $option_ary = array_unique($option_ary); 719 720 foreach ($option_ary as $option_value) 721 { 722 $new_options[$type][] = $option_value; 723 724 $flag = substr($option_value, 0, strpos($option_value, '_') + 1); 725 726 if (!in_array($flag, $new_options[$type])) 727 { 728 $new_options[$type][] = $flag; 729 } 730 } 731 } 732 unset($options); 733 734 $options = array(); 735 $options['local'] = array_diff($new_options['local'], $new_options['global']); 736 $options['global'] = array_diff($new_options['global'], $new_options['local']); 737 $options['both'] = array_intersect($new_options['local'], $new_options['global']); 738 739 // Now check which options to add/update 740 $add_options = $update_options = array(); 741 742 // First local ones... 743 foreach ($options as $type => $option_ary) 744 { 745 foreach ($option_ary as $option) 746 { 747 if (!isset($cur_options[$option])) 748 { 749 $add_options[] = array( 750 'auth_option' => (string) $option, 751 'is_global' => ($type == 'global' || $type == 'both') ? 1 : 0, 752 'is_local' => ($type == 'local' || $type == 'both') ? 1 : 0 753 ); 754 755 continue; 756 } 757 758 // Else, update existing entry if it is changed... 759 if ($type === $cur_options[$option]) 760 { 761 continue; 762 } 763 764 // New type is always both: 765 // If is now both, we set both. 766 // If it was global the new one is local and we need to set it to both 767 // If it was local the new one is global and we need to set it to both 768 $update_options[] = $option; 769 } 770 } 771 772 if (!empty($add_options)) 773 { 774 $db->sql_multi_insert(ACL_OPTIONS_TABLE, $add_options); 775 } 776 777 if (!empty($update_options)) 778 { 779 $sql = 'UPDATE ' . ACL_OPTIONS_TABLE . ' 780 SET is_global = 1, is_local = 1 781 WHERE ' . $db->sql_in_set('auth_option', $update_options); 782 $db->sql_query($sql); 783 } 784 785 $cache->destroy('_acl_options'); 786 $this->acl_clear_prefetch(); 787 788 // Because we just changed the options and also purged the options cache, we instantly update/regenerate it for later calls to succeed. 789 $this->acl_options = array(); 790 $this->auth_admin(); 791 792 return true; 793 } 794 795 /** 796 * Set a user or group ACL record 797 */ 798 function acl_set($ug_type, $forum_id, $ug_id, $auth, $role_id = 0, $clear_prefetch = true) 799 { 800 global $db; 801 802 // One or more forums 803 if (!is_array($forum_id)) 804 { 805 $forum_id = array($forum_id); 806 } 807 808 // One or more users 809 if (!is_array($ug_id)) 810 { 811 $ug_id = array($ug_id); 812 } 813 814 $ug_id_sql = $db->sql_in_set($ug_type . '_id', array_map('intval', $ug_id)); 815 $forum_sql = $db->sql_in_set('forum_id', array_map('intval', $forum_id)); 816 817 // Instead of updating, inserting, removing we just remove all current settings and re-set everything... 818 $table = ($ug_type == 'user') ? ACL_USERS_TABLE : ACL_GROUPS_TABLE; 819 $id_field = $ug_type . '_id'; 820 821 // Get any flags as required 822 reset($auth); 823 $flag = key($auth); 824 $flag = substr($flag, 0, strpos($flag, '_') + 1); 825 826 // This ID (the any-flag) is set if one or more permissions are true... 827 $any_option_id = (int) $this->acl_options['id'][$flag]; 828 829 // Remove any-flag from auth ary 830 if (isset($auth[$flag])) 831 { 832 unset($auth[$flag]); 833 } 834 835 // Remove current auth options... 836 $auth_option_ids = array((int)$any_option_id); 837 foreach ($auth as $auth_option => $auth_setting) 838 { 839 $auth_option_ids[] = (int) $this->acl_options['id'][$auth_option]; 840 } 841 842 $sql = "DELETE FROM $table 843 WHERE $forum_sql 844 AND $ug_id_sql 845 AND " . $db->sql_in_set('auth_option_id', $auth_option_ids); 846 $db->sql_query($sql); 847 848 // Remove those having a role assigned... the correct type of course... 849 $sql = 'SELECT role_id 850 FROM ' . ACL_ROLES_TABLE . " 851 WHERE role_type = '" . $db->sql_escape($flag) . "'"; 852 $result = $db->sql_query($sql); 853 854 $role_ids = array(); 855 while ($row = $db->sql_fetchrow($result)) 856 { 857 $role_ids[] = $row['role_id']; 858 } 859 $db->sql_freeresult($result); 860 861 if (sizeof($role_ids)) 862 { 863 $sql = "DELETE FROM $table 864 WHERE $forum_sql 865 AND $ug_id_sql 866 AND auth_option_id = 0 867 AND " . $db->sql_in_set('auth_role_id', $role_ids); 868 $db->sql_query($sql); 869 } 870 871 // Ok, include the any-flag if one or more auth options are set to yes... 872 foreach ($auth as $auth_option => $setting) 873 { 874 if ($setting == ACL_YES && (!isset($auth[$flag]) || $auth[$flag] == ACL_NEVER)) 875 { 876 $auth[$flag] = ACL_YES; 877 } 878 } 879 880 $sql_ary = array(); 881 foreach ($forum_id as $forum) 882 { 883 $forum = (int) $forum; 884 885 if ($role_id) 886 { 887 foreach ($ug_id as $id) 888 { 889 $sql_ary[] = array( 890 $id_field => (int) $id, 891 'forum_id' => (int) $forum, 892 'auth_option_id' => 0, 893 'auth_setting' => 0, 894 'auth_role_id' => (int) $role_id, 895 ); 896 } 897 } 898 else 899 { 900 foreach ($auth as $auth_option => $setting) 901 { 902 $auth_option_id = (int) $this->acl_options['id'][$auth_option]; 903 904 if ($setting != ACL_NO) 905 { 906 foreach ($ug_id as $id) 907 { 908 $sql_ary[] = array( 909 $id_field => (int) $id, 910 'forum_id' => (int) $forum, 911 'auth_option_id' => (int) $auth_option_id, 912 'auth_setting' => (int) $setting 913 ); 914 } 915 } 916 } 917 } 918 } 919 920 $db->sql_multi_insert($table, $sql_ary); 921 922 if ($clear_prefetch) 923 { 924 $this->acl_clear_prefetch(); 925 } 926 } 927 928 /** 929 * Set a role-specific ACL record 930 */ 931 function acl_set_role($role_id, $auth) 932 { 933 global $db; 934 935 // Get any-flag as required 936 reset($auth); 937 $flag = key($auth); 938 $flag = substr($flag, 0, strpos($flag, '_') + 1); 939 940 // Remove any-flag from auth ary 941 if (isset($auth[$flag])) 942 { 943 unset($auth[$flag]); 944 } 945 946 // Re-set any flag... 947 foreach ($auth as $auth_option => $setting) 948 { 949 if ($setting == ACL_YES && (!isset($auth[$flag]) || $auth[$flag] == ACL_NEVER)) 950 { 951 $auth[$flag] = ACL_YES; 952 } 953 } 954 955 $sql_ary = array(); 956 foreach ($auth as $auth_option => $setting) 957 { 958 $auth_option_id = (int) $this->acl_options['id'][$auth_option]; 959 960 if ($setting != ACL_NO) 961 { 962 $sql_ary[] = array( 963 'role_id' => (int) $role_id, 964 'auth_option_id' => (int) $auth_option_id, 965 'auth_setting' => (int) $setting 966 ); 967 } 968 } 969 970 // If no data is there, we set the any-flag to ACL_NEVER... 971 if (!sizeof($sql_ary)) 972 { 973 $sql_ary[] = array( 974 'role_id' => (int) $role_id, 975 'auth_option_id' => (int) $this->acl_options['id'][$flag], 976 'auth_setting' => ACL_NEVER 977 ); 978 } 979 980 // Remove current auth options... 981 $sql = 'DELETE FROM ' . ACL_ROLES_DATA_TABLE . ' 982 WHERE role_id = ' . $role_id; 983 $db->sql_query($sql); 984 985 // Now insert the new values 986 $db->sql_multi_insert(ACL_ROLES_DATA_TABLE, $sql_ary); 987 988 $this->acl_clear_prefetch(); 989 } 990 991 /** 992 * Remove local permission 993 */ 994 function acl_delete($mode, $ug_id = false, $forum_id = false, $permission_type = false) 995 { 996 global $db; 997 998 if ($ug_id === false && $forum_id === false) 999 { 1000 return; 1001 } 1002 1003 $option_id_ary = array(); 1004 $table = ($mode == 'user') ? ACL_USERS_TABLE : ACL_GROUPS_TABLE; 1005 $id_field = $mode . '_id'; 1006 1007 $where_sql = array(); 1008 1009 if ($forum_id !== false) 1010 { 1011 $where_sql[] = (!is_array($forum_id)) ? 'forum_id = ' . (int) $forum_id : $db->sql_in_set('forum_id', array_map('intval', $forum_id)); 1012 } 1013 1014 if ($ug_id !== false) 1015 { 1016 $where_sql[] = (!is_array($ug_id)) ? $id_field . ' = ' . (int) $ug_id : $db->sql_in_set($id_field, array_map('intval', $ug_id)); 1017 } 1018 1019 // There seem to be auth options involved, therefore we need to go through the list and make sure we capture roles correctly 1020 if ($permission_type !== false) 1021 { 1022 // Get permission type 1023 $sql = 'SELECT auth_option, auth_option_id 1024 FROM ' . ACL_OPTIONS_TABLE . " 1025 WHERE auth_option " . $db->sql_like_expression($permission_type . $db->any_char); 1026 $result = $db->sql_query($sql); 1027 1028 $auth_id_ary = array(); 1029 while ($row = $db->sql_fetchrow($result)) 1030 { 1031 $option_id_ary[] = $row['auth_option_id']; 1032 $auth_id_ary[$row['auth_option']] = ACL_NO; 1033 } 1034 $db->sql_freeresult($result); 1035 1036 // First of all, lets grab the items having roles with the specified auth options assigned 1037 $sql = "SELECT auth_role_id, $id_field, forum_id 1038 FROM $table, " . ACL_ROLES_TABLE . " r 1039 WHERE auth_role_id <> 0 1040 AND auth_role_id = r.role_id 1041 AND r.role_type = '{$permission_type}' 1042 AND " . implode(' AND ', $where_sql) . ' 1043 ORDER BY auth_role_id'; 1044 $result = $db->sql_query($sql); 1045 1046 $cur_role_auth = array(); 1047 while ($row = $db->sql_fetchrow($result)) 1048 { 1049 $cur_role_auth[$row['auth_role_id']][$row['forum_id']][] = $row[$id_field]; 1050 } 1051 $db->sql_freeresult($result); 1052 1053 // Get role data for resetting data 1054 if (sizeof($cur_role_auth)) 1055 { 1056 $sql = 'SELECT ao.auth_option, rd.role_id, rd.auth_setting 1057 FROM ' . ACL_OPTIONS_TABLE . ' ao, ' . ACL_ROLES_DATA_TABLE . ' rd 1058 WHERE ao.auth_option_id = rd.auth_option_id 1059 AND ' . $db->sql_in_set('rd.role_id', array_keys($cur_role_auth)); 1060 $result = $db->sql_query($sql); 1061 1062 $auth_settings = array(); 1063 while ($row = $db->sql_fetchrow($result)) 1064 { 1065 // We need to fill all auth_options, else setting it will fail... 1066 if (!isset($auth_settings[$row['role_id']])) 1067 { 1068 $auth_settings[$row['role_id']] = $auth_id_ary; 1069 } 1070 $auth_settings[$row['role_id']][$row['auth_option']] = $row['auth_setting']; 1071 } 1072 $db->sql_freeresult($result); 1073 1074 // Set the options 1075 foreach ($cur_role_auth as $role_id => $auth_row) 1076 { 1077 foreach ($auth_row as $f_id => $ug_row) 1078 { 1079 $this->acl_set($mode, $f_id, $ug_row, $auth_settings[$role_id], 0, false); 1080 } 1081 } 1082 } 1083 } 1084 1085 // Now, normally remove permissions... 1086 if ($permission_type !== false) 1087 { 1088 $where_sql[] = $db->sql_in_set('auth_option_id', array_map('intval', $option_id_ary)); 1089 } 1090 1091 $sql = "DELETE FROM $table 1092 WHERE " . implode(' AND ', $where_sql); 1093 $db->sql_query($sql); 1094 1095 $this->acl_clear_prefetch(); 1096 } 1097 1098 /** 1099 * Assign category to template 1100 * used by display_mask() 1101 */ 1102 function assign_cat_array(&$category_array, $tpl_cat, $tpl_mask, $ug_id, $forum_id, $show_trace = false, $s_view) 1103 { 1104 global $template, $user, $phpbb_admin_path, $phpEx; 1105 1106 @reset($category_array); 1107 while (list($cat, $cat_array) = each($category_array)) 1108 { 1109 $template->assign_block_vars($tpl_cat, array( 1110 'S_YES' => ($cat_array['S_YES'] && !$cat_array['S_NEVER'] && !$cat_array['S_NO']) ? true : false, 1111 'S_NEVER' => ($cat_array['S_NEVER'] && !$cat_array['S_YES'] && !$cat_array['S_NO']) ? true : false, 1112 'S_NO' => ($cat_array['S_NO'] && !$cat_array['S_NEVER'] && !$cat_array['S_YES']) ? true : false, 1113 1114 'CAT_NAME' => $user->lang['permission_cat'][$cat]) 1115 ); 1116 1117 /* Sort permissions by name (more naturaly and user friendly than sorting by a primary key) 1118 * Commented out due to it's memory consumption and time needed 1119 * 1120 $key_array = array_intersect(array_keys($user->lang), array_map(create_function('$a', 'return "acl_" . $a;'), array_keys($cat_array['permissions']))); 1121 $values_array = $cat_array['permissions']; 1122 1123 $cat_array['permissions'] = array(); 1124 1125 foreach ($key_array as $key) 1126 { 1127 $key = str_replace('acl_', '', $key); 1128 $cat_array['permissions'][$key] = $values_array[$key]; 1129 } 1130 unset($key_array, $values_array); 1131 */ 1132 @reset($cat_array['permissions']); 1133 while (list($permission, $allowed) = each($cat_array['permissions'])) 1134 { 1135 if ($s_view) 1136 { 1137 $template->assign_block_vars($tpl_cat . '.' . $tpl_mask, array( 1138 'S_YES' => ($allowed == ACL_YES) ? true : false, 1139 'S_NEVER' => ($allowed == ACL_NEVER) ? true : false, 1140 1141 'UG_ID' => $ug_id, 1142 'FORUM_ID' => $forum_id, 1143 'FIELD_NAME' => $permission, 1144 'S_FIELD_NAME' => 'setting[' . $ug_id . '][' . $forum_id . '][' . $permission . ']', 1145 1146 'U_TRACE' => ($show_trace) ? append_sid("{$phpbb_admin_path}index.$phpEx", "i=permissions&mode=trace&u=$ug_id&f=$forum_id&auth=$permission") : '', 1147 'UA_TRACE' => ($show_trace) ? append_sid("{$phpbb_admin_path}index.$phpEx", "i=permissions&mode=trace&u=$ug_id&f=$forum_id&auth=$permission", false) : '', 1148 1149 'PERMISSION' => $user->lang['acl_' . $permission]['lang']) 1150 ); 1151 } 1152 else 1153 { 1154 $template->assign_block_vars($tpl_cat . '.' . $tpl_mask, array( 1155 'S_YES' => ($allowed == ACL_YES) ? true : false, 1156 'S_NEVER' => ($allowed == ACL_NEVER) ? true : false, 1157 'S_NO' => ($allowed == ACL_NO) ? true : false, 1158 1159 'UG_ID' => $ug_id, 1160 'FORUM_ID' => $forum_id, 1161 'FIELD_NAME' => $permission, 1162 'S_FIELD_NAME' => 'setting[' . $ug_id . '][' . $forum_id . '][' . $permission . ']', 1163 1164 'U_TRACE' => ($show_trace) ? append_sid("{$phpbb_admin_path}index.$phpEx", "i=permissions&mode=trace&u=$ug_id&f=$forum_id&auth=$permission") : '', 1165 'UA_TRACE' => ($show_trace) ? append_sid("{$phpbb_admin_path}index.$phpEx", "i=permissions&mode=trace&u=$ug_id&f=$forum_id&auth=$permission", false) : '', 1166 1167 'PERMISSION' => $user->lang['acl_' . $permission]['lang']) 1168 ); 1169 } 1170 } 1171 } 1172 } 1173 1174 /** 1175 * Building content array from permission rows with explicit key ordering 1176 * used by display_mask() 1177 */ 1178 function build_permission_array(&$permission_row, &$content_array, &$categories, $key_sort_array) 1179 { 1180 global $user; 1181 1182 foreach ($key_sort_array as $forum_id) 1183 { 1184 if (!isset($permission_row[$forum_id])) 1185 { 1186 continue; 1187 } 1188 1189 $permissions = $permission_row[$forum_id]; 1190 ksort($permissions); 1191 1192 @reset($permissions); 1193 while (list($permission, $auth_setting) = each($permissions)) 1194 { 1195 if (!isset($user->lang['acl_' . $permission])) 1196 { 1197 $user->lang['acl_' . $permission] = array( 1198 'cat' => 'misc', 1199 'lang' => '{ acl_' . $permission . ' }' 1200 ); 1201 } 1202 1203 $cat = $user->lang['acl_' . $permission]['cat']; 1204 1205 // Build our categories array 1206 if (!isset($categories[$cat])) 1207 { 1208 $categories[$cat] = $user->lang['permission_cat'][$cat]; 1209 } 1210 1211 // Build our content array 1212 if (!isset($content_array[$forum_id])) 1213 { 1214 $content_array[$forum_id] = array(); 1215 } 1216 1217 if (!isset($content_array[$forum_id][$cat])) 1218 { 1219 $content_array[$forum_id][$cat] = array( 1220 'S_YES' => false, 1221 'S_NEVER' => false, 1222 'S_NO' => false, 1223 'permissions' => array(), 1224 ); 1225 } 1226 1227 $content_array[$forum_id][$cat]['S_YES'] |= ($auth_setting == ACL_YES) ? true : false; 1228 $content_array[$forum_id][$cat]['S_NEVER'] |= ($auth_setting == ACL_NEVER) ? true : false; 1229 $content_array[$forum_id][$cat]['S_NO'] |= ($auth_setting == ACL_NO) ? true : false; 1230 1231 $content_array[$forum_id][$cat]['permissions'][$permission] = $auth_setting; 1232 } 1233 } 1234 } 1235 1236 /** 1237 * Use permissions from another user. This transferes a permission set from one user to another. 1238 * The other user is always able to revert back to his permission set. 1239 * This function does not check for lower/higher permissions, it is possible for the user to gain 1240 * "more" permissions by this. 1241 * Admin permissions will not be copied. 1242 */ 1243 function ghost_permissions($from_user_id, $to_user_id) 1244 { 1245 global $db; 1246 1247 if ($to_user_id == ANONYMOUS) 1248 { 1249 return false; 1250 } 1251 1252 $hold_ary = $this->acl_raw_data_single_user($from_user_id); 1253 1254 // Key 0 in $hold_ary are global options, all others are forum_ids 1255 1256 // We disallow copying admin permissions 1257 foreach ($this->acl_options['global'] as $opt => $id) 1258 { 1259 if (strpos($opt, 'a_') === 0) 1260 { 1261 $hold_ary[0][$this->acl_options['id'][$opt]] = ACL_NEVER; 1262 } 1263 } 1264 1265 // Force a_switchperm to be allowed 1266 $hold_ary[0][$this->acl_options['id']['a_switchperm']] = ACL_YES; 1267 1268 $user_permissions = $this->build_bitstring($hold_ary); 1269 1270 if (!$user_permissions) 1271 { 1272 return false; 1273 } 1274 1275 $sql = 'UPDATE ' . USERS_TABLE . " 1276 SET user_permissions = '" . $db->sql_escape($user_permissions) . "', 1277 user_perm_from = $from_user_id 1278 WHERE user_id = " . $to_user_id; 1279 $db->sql_query($sql); 1280 1281 return true; 1282 } 1283 } 1284 1285 ?>
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Wed Oct 2 15:03:47 2013 | Cross-referenced by PHPXref 0.7.1 |