[ Index ]

PHP Cross Reference of phpBB-3.2.8-deutsch

title

Body

[close]

/includes/acp/ -> acp_permission_roles.php (source)

   1  <?php
   2  /**
   3  *
   4  * This file is part of the phpBB Forum Software package.
   5  *
   6  * @copyright (c) phpBB Limited <https://www.phpbb.com>
   7  * @license GNU General Public License, version 2 (GPL-2.0)
   8  *
   9  * For full copyright and license information, please see
  10  * the docs/CREDITS.txt file.
  11  *
  12  */
  13  
  14  /**
  15  * @ignore
  16  */
  17  if (!defined('IN_PHPBB'))
  18  {
  19      exit;
  20  }
  21  
  22  class acp_permission_roles
  23  {
  24      var $u_action;
  25      protected $auth_admin;
  26  
  27  	function main($id, $mode)
  28      {
  29          global $db, $user, $template, $phpbb_container;
  30          global $phpbb_root_path, $phpEx;
  31          global $request, $phpbb_log;
  32  
  33          if (!function_exists('user_get_id_name'))
  34          {
  35              include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
  36          }
  37  
  38          if (!class_exists('auth_admin'))
  39          {
  40              include($phpbb_root_path . 'includes/acp/auth.' . $phpEx);
  41          }
  42  
  43          $this->auth_admin = new auth_admin();
  44  
  45          $user->add_lang('acp/permissions');
  46          add_permission_language();
  47  
  48          $this->tpl_name = 'acp_permission_roles';
  49  
  50          $submit = (isset($_POST['submit'])) ? true : false;
  51          $role_id = $request->variable('role_id', 0);
  52          $action = $request->variable('action', '');
  53          $action = (isset($_POST['add'])) ? 'add' : $action;
  54  
  55          $form_name = 'acp_permissions';
  56          add_form_key($form_name);
  57  
  58          if (!$role_id && in_array($action, array('remove', 'edit', 'move_up', 'move_down')))
  59          {
  60              trigger_error($user->lang['NO_ROLE_SELECTED'] . adm_back_link($this->u_action), E_USER_WARNING);
  61          }
  62  
  63          switch ($mode)
  64          {
  65              case 'admin_roles':
  66                  $permission_type = 'a_';
  67                  $this->page_title = 'ACP_ADMIN_ROLES';
  68              break;
  69  
  70              case 'user_roles':
  71                  $permission_type = 'u_';
  72                  $this->page_title = 'ACP_USER_ROLES';
  73              break;
  74  
  75              case 'mod_roles':
  76                  $permission_type = 'm_';
  77                  $this->page_title = 'ACP_MOD_ROLES';
  78              break;
  79  
  80              case 'forum_roles':
  81                  $permission_type = 'f_';
  82                  $this->page_title = 'ACP_FORUM_ROLES';
  83              break;
  84  
  85              default:
  86                  trigger_error('NO_MODE', E_USER_ERROR);
  87              break;
  88          }
  89  
  90          $template->assign_vars(array(
  91              'L_TITLE'        => $user->lang[$this->page_title],
  92              'L_EXPLAIN'        => $user->lang[$this->page_title . '_EXPLAIN'])
  93          );
  94  
  95          // Take action... admin submitted something
  96          if ($submit || $action == 'remove')
  97          {
  98              switch ($action)
  99              {
 100                  case 'remove':
 101  
 102                      $sql = 'SELECT *
 103                          FROM ' . ACL_ROLES_TABLE . '
 104                          WHERE role_id = ' . $role_id;
 105                      $result = $db->sql_query($sql);
 106                      $role_row = $db->sql_fetchrow($result);
 107                      $db->sql_freeresult($result);
 108  
 109                      if (!$role_row)
 110                      {
 111                          trigger_error($user->lang['NO_ROLE_SELECTED'] . adm_back_link($this->u_action), E_USER_WARNING);
 112                      }
 113  
 114                      if (confirm_box(true))
 115                      {
 116                          $this->remove_role($role_id, $permission_type);
 117  
 118                          $role_name = (!empty($user->lang[$role_row['role_name']])) ? $user->lang[$role_row['role_name']] : $role_row['role_name'];
 119                          $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_' . strtoupper($permission_type) . 'ROLE_REMOVED', false, array($role_name));
 120                          trigger_error($user->lang['ROLE_DELETED'] . adm_back_link($this->u_action));
 121                      }
 122                      else
 123                      {
 124                          confirm_box(false, 'DELETE_ROLE', build_hidden_fields(array(
 125                              'i'            => $id,
 126                              'mode'        => $mode,
 127                              'role_id'    => $role_id,
 128                              'action'    => $action,
 129                          )));
 130                      }
 131  
 132                  break;
 133  
 134                  case 'edit':
 135  
 136                      // Get role we edit
 137                      $sql = 'SELECT *
 138                          FROM ' . ACL_ROLES_TABLE . '
 139                          WHERE role_id = ' . $role_id;
 140                      $result = $db->sql_query($sql);
 141                      $role_row = $db->sql_fetchrow($result);
 142                      $db->sql_freeresult($result);
 143  
 144                      if (!$role_row)
 145                      {
 146                          trigger_error($user->lang['NO_ROLE_SELECTED'] . adm_back_link($this->u_action), E_USER_WARNING);
 147                      }
 148  
 149                  // no break;
 150  
 151                  case 'add':
 152  
 153                      if (!check_form_key($form_name))
 154                      {
 155                          trigger_error($user->lang['FORM_INVALID']. adm_back_link($this->u_action), E_USER_WARNING);
 156                      }
 157  
 158                      $role_name = $request->variable('role_name', '', true);
 159                      $role_description = $request->variable('role_description', '', true);
 160                      $auth_settings = $request->variable('setting', array('' => 0));
 161  
 162                      if (!$role_name)
 163                      {
 164                          trigger_error($user->lang['NO_ROLE_NAME_SPECIFIED'] . adm_back_link($this->u_action), E_USER_WARNING);
 165                      }
 166  
 167                      if (utf8_strlen($role_description) > 4000)
 168                      {
 169                          trigger_error($user->lang['ROLE_DESCRIPTION_LONG'] . adm_back_link($this->u_action), E_USER_WARNING);
 170                      }
 171  
 172                      // if we add/edit a role we check the name to be unique among the settings...
 173                      $sql = 'SELECT role_id
 174                          FROM ' . ACL_ROLES_TABLE . "
 175                          WHERE role_type = '" . $db->sql_escape($permission_type) . "'
 176                              AND role_name = '" . $db->sql_escape($role_name) . "'";
 177                      $result = $db->sql_query($sql);
 178                      $row = $db->sql_fetchrow($result);
 179                      $db->sql_freeresult($result);
 180  
 181                      // Make sure we only print out the error if we add the role or change it's name
 182                      if ($row && ($mode == 'add' || ($mode == 'edit' && $role_row['role_name'] != $role_name)))
 183                      {
 184                          trigger_error(sprintf($user->lang['ROLE_NAME_ALREADY_EXIST'], $role_name) . adm_back_link($this->u_action), E_USER_WARNING);
 185                      }
 186  
 187                      $sql_ary = array(
 188                          'role_name'            => (string) $role_name,
 189                          'role_description'    => (string) $role_description,
 190                          'role_type'            => (string) $permission_type,
 191                      );
 192  
 193                      if ($action == 'edit')
 194                      {
 195                          $sql = 'UPDATE ' . ACL_ROLES_TABLE . '
 196                              SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
 197                              WHERE role_id = ' . $role_id;
 198                          $db->sql_query($sql);
 199                      }
 200                      else
 201                      {
 202                          // Get maximum role order for inserting a new role...
 203                          $sql = 'SELECT MAX(role_order) as max_order
 204                              FROM ' . ACL_ROLES_TABLE . "
 205                              WHERE role_type = '" . $db->sql_escape($permission_type) . "'";
 206                          $result = $db->sql_query($sql);
 207                          $max_order = (int) $db->sql_fetchfield('max_order');
 208                          $db->sql_freeresult($result);
 209  
 210                          $sql_ary['role_order'] = $max_order + 1;
 211  
 212                          $sql = 'INSERT INTO ' . ACL_ROLES_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary);
 213                          $db->sql_query($sql);
 214  
 215                          $role_id = $db->sql_nextid();
 216                      }
 217  
 218                      // Now add the auth settings
 219                      $this->auth_admin->acl_set_role($role_id, $auth_settings);
 220  
 221                      $role_name = (!empty($user->lang[$role_name])) ? $user->lang[$role_name] : $role_name;
 222                      $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_' . strtoupper($permission_type) . 'ROLE_' . strtoupper($action), false, array($role_name));
 223  
 224                      trigger_error($user->lang['ROLE_' . strtoupper($action) . '_SUCCESS'] . adm_back_link($this->u_action));
 225  
 226                  break;
 227              }
 228          }
 229  
 230          // Display screens
 231          switch ($action)
 232          {
 233              case 'add':
 234  
 235                  $options_from = $request->variable('options_from', 0);
 236  
 237                  $role_row = array(
 238                      'role_name'            => $request->variable('role_name', '', true),
 239                      'role_description'    => $request->variable('role_description', '', true),
 240                      'role_type'            => $permission_type,
 241                  );
 242  
 243                  if ($options_from)
 244                  {
 245                      $sql = 'SELECT p.auth_option_id, p.auth_setting, o.auth_option
 246                          FROM ' . ACL_ROLES_DATA_TABLE . ' p, ' . ACL_OPTIONS_TABLE . ' o
 247                          WHERE o.auth_option_id = p.auth_option_id
 248                              AND p.role_id = ' . $options_from . '
 249                          ORDER BY p.auth_option_id';
 250                      $result = $db->sql_query($sql);
 251  
 252                      $auth_options = array();
 253                      while ($row = $db->sql_fetchrow($result))
 254                      {
 255                          $auth_options[$row['auth_option']] = $row['auth_setting'];
 256                      }
 257                      $db->sql_freeresult($result);
 258                  }
 259                  else
 260                  {
 261                      $sql = 'SELECT auth_option_id, auth_option
 262                          FROM ' . ACL_OPTIONS_TABLE . "
 263                          WHERE auth_option " . $db->sql_like_expression($permission_type . $db->get_any_char()) . "
 264                              AND auth_option <> '{$permission_type}'
 265                          ORDER BY auth_option_id";
 266                      $result = $db->sql_query($sql);
 267  
 268                      $auth_options = array();
 269                      while ($row = $db->sql_fetchrow($result))
 270                      {
 271                          $auth_options[$row['auth_option']] = ACL_NO;
 272                      }
 273                      $db->sql_freeresult($result);
 274                  }
 275  
 276              // no break;
 277  
 278              case 'edit':
 279  
 280                  if ($action == 'edit')
 281                  {
 282                      $sql = 'SELECT *
 283                          FROM ' . ACL_ROLES_TABLE . '
 284                          WHERE role_id = ' . $role_id;
 285                      $result = $db->sql_query($sql);
 286                      $role_row = $db->sql_fetchrow($result);
 287                      $db->sql_freeresult($result);
 288  
 289                      $sql = 'SELECT p.auth_option_id, p.auth_setting, o.auth_option
 290                          FROM ' . ACL_ROLES_DATA_TABLE . ' p, ' . ACL_OPTIONS_TABLE . ' o
 291                          WHERE o.auth_option_id = p.auth_option_id
 292                              AND p.role_id = ' . $role_id . '
 293                          ORDER BY p.auth_option_id';
 294                      $result = $db->sql_query($sql);
 295  
 296                      $auth_options = array();
 297                      while ($row = $db->sql_fetchrow($result))
 298                      {
 299                          $auth_options[$row['auth_option']] = $row['auth_setting'];
 300                      }
 301                      $db->sql_freeresult($result);
 302                  }
 303  
 304                  if (!$role_row)
 305                  {
 306                      trigger_error($user->lang['NO_ROLE_SELECTED'] . adm_back_link($this->u_action), E_USER_WARNING);
 307                  }
 308  
 309                  /* @var $phpbb_permissions \phpbb\permissions */
 310                  $phpbb_permissions = $phpbb_container->get('acl.permissions');
 311  
 312                  $template->assign_vars(array(
 313                      'S_EDIT'            => true,
 314  
 315                      'U_ACTION'            => $this->u_action . "&amp;action={$action}&amp;role_id={$role_id}",
 316                      'U_BACK'            => $this->u_action,
 317  
 318                      'ROLE_NAME'            => $role_row['role_name'],
 319                      'ROLE_DESCRIPTION'    => $role_row['role_description'],
 320                      'L_ACL_TYPE'        => $phpbb_permissions->get_type_lang($permission_type),
 321                  ));
 322  
 323                  // We need to fill the auth options array with ACL_NO options ;)
 324                  $sql = 'SELECT auth_option_id, auth_option
 325                      FROM ' . ACL_OPTIONS_TABLE . "
 326                      WHERE auth_option " . $db->sql_like_expression($permission_type . $db->get_any_char()) . "
 327                          AND auth_option <> '{$permission_type}'
 328                      ORDER BY auth_option_id";
 329                  $result = $db->sql_query($sql);
 330  
 331                  while ($row = $db->sql_fetchrow($result))
 332                  {
 333                      if (!isset($auth_options[$row['auth_option']]))
 334                      {
 335                          $auth_options[$row['auth_option']] = ACL_NO;
 336                      }
 337                  }
 338                  $db->sql_freeresult($result);
 339  
 340                  // Unset global permission option
 341                  unset($auth_options[$permission_type]);
 342  
 343                  // Display auth options
 344                  $this->display_auth_options($auth_options);
 345  
 346                  // Get users/groups/forums using this preset...
 347                  if ($action == 'edit')
 348                  {
 349                      $hold_ary = $this->auth_admin->get_role_mask($role_id);
 350  
 351                      if (count($hold_ary))
 352                      {
 353                          $role_name = (!empty($user->lang[$role_row['role_name']])) ? $user->lang[$role_row['role_name']] : $role_row['role_name'];
 354  
 355                          $template->assign_vars(array(
 356                              'S_DISPLAY_ROLE_MASK'    => true,
 357                              'L_ROLE_ASSIGNED_TO'    => sprintf($user->lang['ROLE_ASSIGNED_TO'], $role_name))
 358                          );
 359  
 360                          $this->auth_admin->display_role_mask($hold_ary);
 361                      }
 362                  }
 363  
 364                  return;
 365              break;
 366  
 367              case 'move_up':
 368              case 'move_down':
 369  
 370                  if (!check_link_hash($request->variable('hash', ''), 'acp_permission_roles'))
 371                  {
 372                      trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
 373                  }
 374  
 375                  $sql = 'SELECT role_order
 376                      FROM ' . ACL_ROLES_TABLE . "
 377                      WHERE role_id = $role_id";
 378                  $result = $db->sql_query($sql);
 379                  $order = $db->sql_fetchfield('role_order');
 380                  $db->sql_freeresult($result);
 381  
 382                  if ($order === false || ($order == 0 && $action == 'move_up'))
 383                  {
 384                      break;
 385                  }
 386                  $order = (int) $order;
 387                  $order_total = $order * 2 + (($action == 'move_up') ? -1 : 1);
 388  
 389                  $sql = 'UPDATE ' . ACL_ROLES_TABLE . '
 390                      SET role_order = ' . $order_total . " - role_order
 391                      WHERE role_type = '" . $db->sql_escape($permission_type) . "'
 392                          AND role_order IN ($order, " . (($action == 'move_up') ? $order - 1 : $order + 1) . ')';
 393                  $db->sql_query($sql);
 394  
 395                  if ($request->is_ajax())
 396                  {
 397                      $json_response = new \phpbb\json_response;
 398                      $json_response->send(array(
 399                          'success'    => (bool) $db->sql_affectedrows(),
 400                      ));
 401                  }
 402  
 403              break;
 404          }
 405  
 406          // By default, check that role_order is valid and fix it if necessary
 407          $sql = 'SELECT role_id, role_order
 408              FROM ' . ACL_ROLES_TABLE . "
 409              WHERE role_type = '" . $db->sql_escape($permission_type) . "'
 410              ORDER BY role_order ASC";
 411          $result = $db->sql_query($sql);
 412  
 413          if ($row = $db->sql_fetchrow($result))
 414          {
 415              $order = 0;
 416              do
 417              {
 418                  $order++;
 419                  if ($row['role_order'] != $order)
 420                  {
 421                      $db->sql_query('UPDATE ' . ACL_ROLES_TABLE . " SET role_order = $order WHERE role_id = {$row['role_id']}");
 422                  }
 423              }
 424              while ($row = $db->sql_fetchrow($result));
 425          }
 426          $db->sql_freeresult($result);
 427  
 428          // Display assigned items?
 429          $display_item = $request->variable('display_item', 0);
 430  
 431          // Select existing roles
 432          $sql = 'SELECT *
 433              FROM ' . ACL_ROLES_TABLE . "
 434              WHERE role_type = '" . $db->sql_escape($permission_type) . "'
 435              ORDER BY role_order ASC";
 436          $result = $db->sql_query($sql);
 437  
 438          $s_role_options = '';
 439          while ($row = $db->sql_fetchrow($result))
 440          {
 441              $role_name = (!empty($user->lang[$row['role_name']])) ? $user->lang[$row['role_name']] : $row['role_name'];
 442  
 443              $template->assign_block_vars('roles', array(
 444                  'ROLE_NAME'                => $role_name,
 445                  'ROLE_DESCRIPTION'        => (!empty($user->lang[$row['role_description']])) ? $user->lang[$row['role_description']] : nl2br($row['role_description']),
 446  
 447                  'U_EDIT'            => $this->u_action . '&amp;action=edit&amp;role_id=' . $row['role_id'],
 448                  'U_REMOVE'            => $this->u_action . '&amp;action=remove&amp;role_id=' . $row['role_id'],
 449                  'U_MOVE_UP'            => $this->u_action . '&amp;action=move_up&amp;role_id=' . $row['role_id'] . '&amp;hash=' . generate_link_hash('acp_permission_roles'),
 450                  'U_MOVE_DOWN'        => $this->u_action . '&amp;action=move_down&amp;role_id=' . $row['role_id'] . '&amp;hash=' . generate_link_hash('acp_permission_roles'),
 451                  'U_DISPLAY_ITEMS'    => ($row['role_id'] == $display_item) ? '' : $this->u_action . '&amp;display_item=' . $row['role_id'] . '#assigned_to')
 452              );
 453  
 454              $s_role_options .= '<option value="' . $row['role_id'] . '">' . $role_name . '</option>';
 455  
 456              if ($display_item == $row['role_id'])
 457              {
 458                  $template->assign_vars(array(
 459                      'L_ROLE_ASSIGNED_TO'    => sprintf($user->lang['ROLE_ASSIGNED_TO'], $role_name))
 460                  );
 461              }
 462          }
 463          $db->sql_freeresult($result);
 464  
 465          $template->assign_vars(array(
 466              'S_ROLE_OPTIONS'        => $s_role_options)
 467          );
 468  
 469          if ($display_item)
 470          {
 471              $template->assign_vars(array(
 472                  'S_DISPLAY_ROLE_MASK'    => true)
 473              );
 474  
 475              $hold_ary = $this->auth_admin->get_role_mask($display_item);
 476              $this->auth_admin->display_role_mask($hold_ary);
 477          }
 478      }
 479  
 480      /**
 481      * Display permission settings able to be set
 482      */
 483  	function display_auth_options($auth_options)
 484      {
 485          global $template, $phpbb_container;
 486  
 487          /* @var $phpbb_permissions \phpbb\permissions */
 488          $phpbb_permissions = $phpbb_container->get('acl.permissions');
 489  
 490          $content_array = $categories = array();
 491          $key_sort_array = array(0);
 492          $auth_options = array(0 => $auth_options);
 493  
 494          // Making use of auth_admin method here (we do not really want to change two similar code fragments)
 495          $this->auth_admin->build_permission_array($auth_options, $content_array, $categories, $key_sort_array);
 496  
 497          $content_array = $content_array[0];
 498  
 499          $template->assign_var('S_NUM_PERM_COLS', count($categories));
 500  
 501          // Assign to template
 502          foreach ($content_array as $cat => $cat_array)
 503          {
 504              $template->assign_block_vars('auth', array(
 505                  'CAT_NAME'    => $phpbb_permissions->get_category_lang($cat),
 506  
 507                  'S_YES'        => ($cat_array['S_YES'] && !$cat_array['S_NEVER'] && !$cat_array['S_NO']) ? true : false,
 508                  'S_NEVER'    => ($cat_array['S_NEVER'] && !$cat_array['S_YES'] && !$cat_array['S_NO']) ? true : false,
 509                  'S_NO'        => ($cat_array['S_NO'] && !$cat_array['S_NEVER'] && !$cat_array['S_YES']) ? true : false)
 510              );
 511  
 512              foreach ($cat_array['permissions'] as $permission => $allowed)
 513              {
 514                  $template->assign_block_vars('auth.mask', array(
 515                      'S_YES'        => ($allowed == ACL_YES) ? true : false,
 516                      'S_NEVER'    => ($allowed == ACL_NEVER) ? true : false,
 517                      'S_NO'        => ($allowed == ACL_NO) ? true : false,
 518  
 519                      'FIELD_NAME'    => $permission,
 520                      'PERMISSION'    => $phpbb_permissions->get_permission_lang($permission),
 521                  ));
 522              }
 523          }
 524      }
 525  
 526      /**
 527      * Remove role
 528      */
 529  	function remove_role($role_id, $permission_type)
 530      {
 531          global $db;
 532  
 533          // Get complete auth array
 534          $sql = 'SELECT auth_option, auth_option_id
 535              FROM ' . ACL_OPTIONS_TABLE . "
 536              WHERE auth_option " . $db->sql_like_expression($permission_type . $db->get_any_char());
 537          $result = $db->sql_query($sql);
 538  
 539          $auth_settings = array();
 540          while ($row = $db->sql_fetchrow($result))
 541          {
 542              $auth_settings[$row['auth_option']] = ACL_NO;
 543          }
 544          $db->sql_freeresult($result);
 545  
 546          // Get the role auth settings we need to re-set...
 547          $sql = 'SELECT o.auth_option, r.auth_setting
 548              FROM ' . ACL_ROLES_DATA_TABLE . ' r, ' . ACL_OPTIONS_TABLE . ' o
 549              WHERE o.auth_option_id = r.auth_option_id
 550                  AND r.role_id = ' . $role_id;
 551          $result = $db->sql_query($sql);
 552  
 553          while ($row = $db->sql_fetchrow($result))
 554          {
 555              $auth_settings[$row['auth_option']] = $row['auth_setting'];
 556          }
 557          $db->sql_freeresult($result);
 558  
 559          // Get role assignments
 560          $hold_ary = $this->auth_admin->get_role_mask($role_id);
 561  
 562          // Re-assign permissions
 563          foreach ($hold_ary as $forum_id => $forum_ary)
 564          {
 565              if (isset($forum_ary['users']))
 566              {
 567                  $this->auth_admin->acl_set('user', $forum_id, $forum_ary['users'], $auth_settings, 0, false);
 568              }
 569  
 570              if (isset($forum_ary['groups']))
 571              {
 572                  $this->auth_admin->acl_set('group', $forum_id, $forum_ary['groups'], $auth_settings, 0, false);
 573              }
 574          }
 575  
 576          // Remove role from users and groups just to be sure (happens through acl_set)
 577          $sql = 'DELETE FROM ' . ACL_USERS_TABLE . '
 578              WHERE auth_role_id = ' . $role_id;
 579          $db->sql_query($sql);
 580  
 581          $sql = 'DELETE FROM ' . ACL_GROUPS_TABLE . '
 582              WHERE auth_role_id = ' . $role_id;
 583          $db->sql_query($sql);
 584  
 585          // Remove role data and role
 586          $sql = 'DELETE FROM ' . ACL_ROLES_DATA_TABLE . '
 587              WHERE role_id = ' . $role_id;
 588          $db->sql_query($sql);
 589  
 590          $sql = 'DELETE FROM ' . ACL_ROLES_TABLE . '
 591              WHERE role_id = ' . $role_id;
 592          $db->sql_query($sql);
 593  
 594          $this->auth_admin->acl_clear_prefetch();
 595      }
 596  }


Generated: Sat Oct 26 11:28:42 2019 Cross-referenced by PHPXref 0.7.1