| [ Index ] |
PHP Cross Reference of phpBB-3.2.11-deutsch |
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * 4 * This file is part of the phpBB Forum Software package. 5 * 6 * @copyright (c) phpBB Limited <https://www.phpbb.com> 7 * @license GNU General Public License, version 2 (GPL-2.0) 8 * 9 * For full copyright and license information, please see 10 * the docs/CREDITS.txt file. 11 * 12 */ 13 14 /** 15 * @ignore 16 */ 17 if (!defined('IN_PHPBB')) 18 { 19 exit; 20 } 21 22 /** 23 * ACP Permission/Auth class 24 */ 25 class auth_admin extends \phpbb\auth\auth 26 { 27 /** 28 * Init auth settings 29 */ 30 function __construct() 31 { 32 global $db, $cache; 33 34 if (($this->acl_options = $cache->get('_acl_options')) === false) 35 { 36 $sql = 'SELECT auth_option_id, auth_option, is_global, is_local 37 FROM ' . ACL_OPTIONS_TABLE . ' 38 ORDER BY auth_option_id'; 39 $result = $db->sql_query($sql); 40 41 $global = $local = 0; 42 $this->acl_options = array(); 43 while ($row = $db->sql_fetchrow($result)) 44 { 45 if ($row['is_global']) 46 { 47 $this->acl_options['global'][$row['auth_option']] = $global++; 48 } 49 50 if ($row['is_local']) 51 { 52 $this->acl_options['local'][$row['auth_option']] = $local++; 53 } 54 55 $this->acl_options['id'][$row['auth_option']] = (int) $row['auth_option_id']; 56 $this->acl_options['option'][(int) $row['auth_option_id']] = $row['auth_option']; 57 } 58 $db->sql_freeresult($result); 59 60 $cache->put('_acl_options', $this->acl_options); 61 } 62 } 63 64 /** 65 * Get permission mask 66 * This function only supports getting permissions of one type (for example a_) 67 * 68 * @param set|view $mode defines the permissions we get, view gets effective permissions (checking user AND group permissions), set only gets the user or group permission set alone 69 * @param mixed $user_id user ids to search for (a user_id or a group_id has to be specified at least) 70 * @param mixed $group_id group ids to search for, return group related settings (a user_id or a group_id has to be specified at least) 71 * @param mixed $forum_id forum_ids to search for. Defining a forum id also means getting local settings 72 * @param string $auth_option the auth_option defines the permission setting to look for (a_ for example) 73 * @param local|global $scope the scope defines the permission scope. If local, a forum_id is additionally required 74 * @param ACL_NEVER|ACL_NO|ACL_YES $acl_fill defines the mode those permissions not set are getting filled with 75 */ 76 function get_mask($mode, $user_id = false, $group_id = false, $forum_id = false, $auth_option = false, $scope = false, $acl_fill = ACL_NEVER) 77 { 78 global $db, $user; 79 80 $hold_ary = array(); 81 $view_user_mask = ($mode == 'view' && $group_id === false) ? true : false; 82 83 if ($auth_option === false || $scope === false) 84 { 85 return array(); 86 } 87 88 $acl_user_function = ($mode == 'set') ? 'acl_user_raw_data' : 'acl_raw_data'; 89 90 if (!$view_user_mask) 91 { 92 if ($forum_id !== false) 93 { 94 $hold_ary = ($group_id !== false) ? $this->acl_group_raw_data($group_id, $auth_option . '%', $forum_id) : $this->$acl_user_function($user_id, $auth_option . '%', $forum_id); 95 } 96 else 97 { 98 $hold_ary = ($group_id !== false) ? $this->acl_group_raw_data($group_id, $auth_option . '%', ($scope == 'global') ? 0 : false) : $this->$acl_user_function($user_id, $auth_option . '%', ($scope == 'global') ? 0 : false); 99 } 100 } 101 102 // Make sure hold_ary is filled with every setting (prevents missing forums/users/groups) 103 $ug_id = ($group_id !== false) ? ((!is_array($group_id)) ? array($group_id) : $group_id) : ((!is_array($user_id)) ? array($user_id) : $user_id); 104 $forum_ids = ($forum_id !== false) ? ((!is_array($forum_id)) ? array($forum_id) : $forum_id) : (($scope == 'global') ? array(0) : array()); 105 106 // Only those options we need 107 $compare_options = array_diff(preg_replace('/^((?!' . $auth_option . ').+)|(' . $auth_option . ')$/', '', array_keys($this->acl_options[$scope])), array('')); 108 109 // If forum_ids is false and the scope is local we actually want to have all forums within the array 110 if ($scope == 'local' && !count($forum_ids)) 111 { 112 $sql = 'SELECT forum_id 113 FROM ' . FORUMS_TABLE; 114 $result = $db->sql_query($sql, 120); 115 116 while ($row = $db->sql_fetchrow($result)) 117 { 118 $forum_ids[] = (int) $row['forum_id']; 119 } 120 $db->sql_freeresult($result); 121 } 122 123 if ($view_user_mask) 124 { 125 $auth2 = null; 126 127 $sql = 'SELECT user_id, user_permissions, user_type 128 FROM ' . USERS_TABLE . ' 129 WHERE ' . $db->sql_in_set('user_id', $ug_id); 130 $result = $db->sql_query($sql); 131 132 while ($userdata = $db->sql_fetchrow($result)) 133 { 134 if ($user->data['user_id'] != $userdata['user_id']) 135 { 136 $auth2 = new \phpbb\auth\auth(); 137 $auth2->acl($userdata); 138 } 139 else 140 { 141 global $auth; 142 $auth2 = &$auth; 143 } 144 145 $hold_ary[$userdata['user_id']] = array(); 146 foreach ($forum_ids as $f_id) 147 { 148 $hold_ary[$userdata['user_id']][$f_id] = array(); 149 foreach ($compare_options as $option) 150 { 151 $hold_ary[$userdata['user_id']][$f_id][$option] = $auth2->acl_get($option, $f_id); 152 } 153 } 154 } 155 $db->sql_freeresult($result); 156 157 unset($userdata); 158 unset($auth2); 159 } 160 161 foreach ($ug_id as $_id) 162 { 163 if (!isset($hold_ary[$_id])) 164 { 165 $hold_ary[$_id] = array(); 166 } 167 168 foreach ($forum_ids as $f_id) 169 { 170 if (!isset($hold_ary[$_id][$f_id])) 171 { 172 $hold_ary[$_id][$f_id] = array(); 173 } 174 } 175 } 176 177 // Now, we need to fill the gaps with $acl_fill. ;) 178 179 // Now switch back to keys 180 if (count($compare_options)) 181 { 182 $compare_options = array_combine($compare_options, array_fill(1, count($compare_options), $acl_fill)); 183 } 184 185 // Defining the user-function here to save some memory 186 $return_acl_fill = function () use ($acl_fill) 187 { 188 return $acl_fill; 189 }; 190 191 // Actually fill the gaps 192 if (count($hold_ary)) 193 { 194 foreach ($hold_ary as $ug_id => $row) 195 { 196 foreach ($row as $id => $options) 197 { 198 // Do not include the global auth_option 199 unset($options[$auth_option]); 200 201 // Not a "fine" solution, but at all it's a 1-dimensional 202 // array_diff_key function filling the resulting array values with zeros 203 // The differences get merged into $hold_ary (all permissions having $acl_fill set) 204 $hold_ary[$ug_id][$id] = array_merge($options, 205 206 array_map($return_acl_fill, 207 array_flip( 208 array_diff( 209 array_keys($compare_options), array_keys($options) 210 ) 211 ) 212 ) 213 ); 214 } 215 } 216 } 217 else 218 { 219 $hold_ary[($group_id !== false) ? $group_id : $user_id][(int) $forum_id] = $compare_options; 220 } 221 222 return $hold_ary; 223 } 224 225 /** 226 * Get permission mask for roles 227 * This function only supports getting masks for one role 228 */ 229 function get_role_mask($role_id) 230 { 231 global $db; 232 233 $hold_ary = array(); 234 235 // Get users having this role set... 236 $sql = 'SELECT user_id, forum_id 237 FROM ' . ACL_USERS_TABLE . ' 238 WHERE auth_role_id = ' . $role_id . ' 239 ORDER BY forum_id'; 240 $result = $db->sql_query($sql); 241 242 while ($row = $db->sql_fetchrow($result)) 243 { 244 $hold_ary[$row['forum_id']]['users'][] = $row['user_id']; 245 } 246 $db->sql_freeresult($result); 247 248 // Now grab groups... 249 $sql = 'SELECT group_id, forum_id 250 FROM ' . ACL_GROUPS_TABLE . ' 251 WHERE auth_role_id = ' . $role_id . ' 252 ORDER BY forum_id'; 253 $result = $db->sql_query($sql); 254 255 while ($row = $db->sql_fetchrow($result)) 256 { 257 $hold_ary[$row['forum_id']]['groups'][] = $row['group_id']; 258 } 259 $db->sql_freeresult($result); 260 261 return $hold_ary; 262 } 263 264 /** 265 * Display permission mask (assign to template) 266 */ 267 function display_mask($mode, $permission_type, &$hold_ary, $user_mode = 'user', $local = false, $group_display = true) 268 { 269 global $template, $user, $db, $phpbb_container; 270 271 /* @var $phpbb_permissions \phpbb\permissions */ 272 $phpbb_permissions = $phpbb_container->get('acl.permissions'); 273 274 /** @var \phpbb\group\helper $group_helper */ 275 $group_helper = $phpbb_container->get('group_helper'); 276 277 // Define names for template loops, might be able to be set 278 $tpl_pmask = 'p_mask'; 279 $tpl_fmask = 'f_mask'; 280 $tpl_category = 'category'; 281 $tpl_mask = 'mask'; 282 283 $l_acl_type = $phpbb_permissions->get_type_lang($permission_type, (($local) ? 'local' : 'global')); 284 285 // Allow trace for viewing permissions and in user mode 286 $show_trace = ($mode == 'view' && $user_mode == 'user') ? true : false; 287 288 // Get names 289 if ($user_mode == 'user') 290 { 291 $sql = 'SELECT user_id as ug_id, username as ug_name 292 FROM ' . USERS_TABLE . ' 293 WHERE ' . $db->sql_in_set('user_id', array_keys($hold_ary)) . ' 294 ORDER BY username_clean ASC'; 295 } 296 else 297 { 298 $sql = 'SELECT group_id as ug_id, group_name as ug_name, group_type 299 FROM ' . GROUPS_TABLE . ' 300 WHERE ' . $db->sql_in_set('group_id', array_keys($hold_ary)) . ' 301 ORDER BY group_type DESC, group_name ASC'; 302 } 303 $result = $db->sql_query($sql); 304 305 $ug_names_ary = array(); 306 while ($row = $db->sql_fetchrow($result)) 307 { 308 $ug_names_ary[$row['ug_id']] = ($user_mode == 'user') ? $row['ug_name'] : $group_helper->get_name($row['ug_name']); 309 } 310 $db->sql_freeresult($result); 311 312 // Get used forums 313 $forum_ids = array(); 314 foreach ($hold_ary as $ug_id => $row) 315 { 316 $forum_ids = array_merge($forum_ids, array_keys($row)); 317 } 318 $forum_ids = array_unique($forum_ids); 319 320 $forum_names_ary = array(); 321 if ($local) 322 { 323 $forum_names_ary = make_forum_select(false, false, true, false, false, false, true); 324 325 // Remove the disabled ones, since we do not create an option field here... 326 foreach ($forum_names_ary as $key => $value) 327 { 328 if (!$value['disabled']) 329 { 330 continue; 331 } 332 unset($forum_names_ary[$key]); 333 } 334 } 335 else 336 { 337 $forum_names_ary[0] = $l_acl_type; 338 } 339 340 // Get available roles 341 $sql = 'SELECT * 342 FROM ' . ACL_ROLES_TABLE . " 343 WHERE role_type = '" . $db->sql_escape($permission_type) . "' 344 ORDER BY role_order ASC"; 345 $result = $db->sql_query($sql); 346 347 $roles = array(); 348 while ($row = $db->sql_fetchrow($result)) 349 { 350 $roles[$row['role_id']] = $row; 351 } 352 $db->sql_freeresult($result); 353 354 $cur_roles = $this->acl_role_data($user_mode, $permission_type, array_keys($hold_ary)); 355 356 // Build js roles array (role data assignments) 357 $s_role_js_array = ''; 358 359 if (count($roles)) 360 { 361 $s_role_js_array = array(); 362 363 // Make sure every role (even if empty) has its array defined 364 foreach ($roles as $_role_id => $null) 365 { 366 $s_role_js_array[$_role_id] = "\n" . 'role_options[' . $_role_id . '] = new Array();' . "\n"; 367 } 368 369 $sql = 'SELECT r.role_id, o.auth_option, r.auth_setting 370 FROM ' . ACL_ROLES_DATA_TABLE . ' r, ' . ACL_OPTIONS_TABLE . ' o 371 WHERE o.auth_option_id = r.auth_option_id 372 AND ' . $db->sql_in_set('r.role_id', array_keys($roles)); 373 $result = $db->sql_query($sql); 374 375 while ($row = $db->sql_fetchrow($result)) 376 { 377 $flag = substr($row['auth_option'], 0, strpos($row['auth_option'], '_') + 1); 378 if ($flag == $row['auth_option']) 379 { 380 continue; 381 } 382 383 $s_role_js_array[$row['role_id']] .= 'role_options[' . $row['role_id'] . '][\'' . addslashes($row['auth_option']) . '\'] = ' . $row['auth_setting'] . '; '; 384 } 385 $db->sql_freeresult($result); 386 387 $s_role_js_array = implode('', $s_role_js_array); 388 } 389 390 $template->assign_var('S_ROLE_JS_ARRAY', $s_role_js_array); 391 unset($s_role_js_array); 392 393 // Now obtain memberships 394 $user_groups_default = $user_groups_custom = array(); 395 if ($user_mode == 'user' && $group_display) 396 { 397 $sql = 'SELECT group_id, group_name, group_type 398 FROM ' . GROUPS_TABLE . ' 399 ORDER BY group_type DESC, group_name ASC'; 400 $result = $db->sql_query($sql); 401 402 $groups = array(); 403 while ($row = $db->sql_fetchrow($result)) 404 { 405 $groups[$row['group_id']] = $row; 406 } 407 $db->sql_freeresult($result); 408 409 $memberships = group_memberships(false, array_keys($hold_ary), false); 410 411 // User is not a member of any group? Bad admin, bad bad admin... 412 if ($memberships) 413 { 414 foreach ($memberships as $row) 415 { 416 $user_groups_default[$row['user_id']][] = $group_helper->get_name($groups[$row['group_id']]['group_name']); 417 } 418 } 419 unset($memberships, $groups); 420 } 421 422 // If we only have one forum id to display or being in local mode and more than one user/group to display, 423 // we switch the complete interface to group by user/usergroup instead of grouping by forum 424 // To achieve this, we need to switch the array a bit 425 if (count($forum_ids) == 1 || ($local && count($ug_names_ary) > 1)) 426 { 427 $hold_ary_temp = $hold_ary; 428 $hold_ary = array(); 429 foreach ($hold_ary_temp as $ug_id => $row) 430 { 431 foreach ($forum_names_ary as $forum_id => $forum_row) 432 { 433 if (isset($row[$forum_id])) 434 { 435 $hold_ary[$forum_id][$ug_id] = $row[$forum_id]; 436 } 437 } 438 } 439 unset($hold_ary_temp); 440 441 foreach ($hold_ary as $forum_id => $forum_array) 442 { 443 $content_array = $categories = array(); 444 $this->build_permission_array($hold_ary[$forum_id], $content_array, $categories, array_keys($ug_names_ary)); 445 446 $template->assign_block_vars($tpl_pmask, array( 447 'NAME' => ($forum_id == 0) ? $forum_names_ary[0] : $forum_names_ary[$forum_id]['forum_name'], 448 'PADDING' => ($forum_id == 0) ? '' : $forum_names_ary[$forum_id]['padding'], 449 450 'CATEGORIES' => implode('</th><th>', $categories), 451 452 'L_ACL_TYPE' => $l_acl_type, 453 454 'S_LOCAL' => ($local) ? true : false, 455 'S_GLOBAL' => (!$local) ? true : false, 456 'S_NUM_CATS' => count($categories), 457 'S_VIEW' => ($mode == 'view') ? true : false, 458 'S_NUM_OBJECTS' => count($content_array), 459 'S_USER_MODE' => ($user_mode == 'user') ? true : false, 460 'S_GROUP_MODE' => ($user_mode == 'group') ? true : false) 461 ); 462 463 @reset($content_array); 464 while (list($ug_id, $ug_array) = each($content_array)) 465 { 466 // Build role dropdown options 467 $current_role_id = (isset($cur_roles[$ug_id][$forum_id])) ? $cur_roles[$ug_id][$forum_id] : 0; 468 469 $role_options = array(); 470 471 $s_role_options = ''; 472 $current_role_id = (isset($cur_roles[$ug_id][$forum_id])) ? $cur_roles[$ug_id][$forum_id] : 0; 473 474 @reset($roles); 475 while (list($role_id, $role_row) = each($roles)) 476 { 477 $role_description = (!empty($user->lang[$role_row['role_description']])) ? $user->lang[$role_row['role_description']] : nl2br($role_row['role_description']); 478 $role_name = (!empty($user->lang[$role_row['role_name']])) ? $user->lang[$role_row['role_name']] : $role_row['role_name']; 479 480 $title = ($role_description) ? ' title="' . $role_description . '"' : ''; 481 $s_role_options .= '<option value="' . $role_id . '"' . (($role_id == $current_role_id) ? ' selected="selected"' : '') . $title . '>' . $role_name . '</option>'; 482 483 $role_options[] = array( 484 'ID' => $role_id, 485 'ROLE_NAME' => $role_name, 486 'TITLE' => $role_description, 487 'SELECTED' => $role_id == $current_role_id, 488 ); 489 } 490 491 if ($s_role_options) 492 { 493 $s_role_options = '<option value="0"' . ((!$current_role_id) ? ' selected="selected"' : '') . ' title="' . htmlspecialchars($user->lang['NO_ROLE_ASSIGNED_EXPLAIN']) . '">' . $user->lang['NO_ROLE_ASSIGNED'] . '</option>' . $s_role_options; 494 } 495 496 if (!$current_role_id && $mode != 'view') 497 { 498 $s_custom_permissions = false; 499 500 foreach ($ug_array as $key => $value) 501 { 502 if ($value['S_NEVER'] || $value['S_YES']) 503 { 504 $s_custom_permissions = true; 505 break; 506 } 507 } 508 } 509 else 510 { 511 $s_custom_permissions = false; 512 } 513 514 $template->assign_block_vars($tpl_pmask . '.' . $tpl_fmask, array( 515 'NAME' => $ug_names_ary[$ug_id], 516 'UG_ID' => $ug_id, 517 'S_ROLE_OPTIONS' => $s_role_options, 518 'S_CUSTOM' => $s_custom_permissions, 519 'FORUM_ID' => $forum_id, 520 'S_ROLE_ID' => $current_role_id, 521 )); 522 523 $template->assign_block_vars_array($tpl_pmask . '.' . $tpl_fmask . '.role_options', $role_options); 524 525 $this->assign_cat_array($ug_array, $tpl_pmask . '.' . $tpl_fmask . '.' . $tpl_category, $tpl_mask, $ug_id, $forum_id, ($mode == 'view'), $show_trace); 526 527 unset($content_array[$ug_id]); 528 } 529 530 unset($hold_ary[$forum_id]); 531 } 532 } 533 else 534 { 535 foreach ($ug_names_ary as $ug_id => $ug_name) 536 { 537 if (!isset($hold_ary[$ug_id])) 538 { 539 continue; 540 } 541 542 $content_array = $categories = array(); 543 $this->build_permission_array($hold_ary[$ug_id], $content_array, $categories, array_keys($forum_names_ary)); 544 545 $template->assign_block_vars($tpl_pmask, array( 546 'NAME' => $ug_name, 547 'CATEGORIES' => implode('</th><th>', $categories), 548 549 'USER_GROUPS_DEFAULT' => ($user_mode == 'user' && isset($user_groups_default[$ug_id]) && count($user_groups_default[$ug_id])) ? implode($user->lang['COMMA_SEPARATOR'], $user_groups_default[$ug_id]) : '', 550 'USER_GROUPS_CUSTOM' => ($user_mode == 'user' && isset($user_groups_custom[$ug_id]) && count($user_groups_custom[$ug_id])) ? implode($user->lang['COMMA_SEPARATOR'], $user_groups_custom[$ug_id]) : '', 551 'L_ACL_TYPE' => $l_acl_type, 552 553 'S_LOCAL' => ($local) ? true : false, 554 'S_GLOBAL' => (!$local) ? true : false, 555 'S_NUM_CATS' => count($categories), 556 'S_VIEW' => ($mode == 'view') ? true : false, 557 'S_NUM_OBJECTS' => count($content_array), 558 'S_USER_MODE' => ($user_mode == 'user') ? true : false, 559 'S_GROUP_MODE' => ($user_mode == 'group') ? true : false) 560 ); 561 562 @reset($content_array); 563 while (list($forum_id, $forum_array) = each($content_array)) 564 { 565 // Build role dropdown options 566 $current_role_id = (isset($cur_roles[$ug_id][$forum_id])) ? $cur_roles[$ug_id][$forum_id] : 0; 567 568 $role_options = array(); 569 570 $current_role_id = (isset($cur_roles[$ug_id][$forum_id])) ? $cur_roles[$ug_id][$forum_id] : 0; 571 $s_role_options = ''; 572 573 @reset($roles); 574 while (list($role_id, $role_row) = each($roles)) 575 { 576 $role_description = (!empty($user->lang[$role_row['role_description']])) ? $user->lang[$role_row['role_description']] : nl2br($role_row['role_description']); 577 $role_name = (!empty($user->lang[$role_row['role_name']])) ? $user->lang[$role_row['role_name']] : $role_row['role_name']; 578 579 $title = ($role_description) ? ' title="' . $role_description . '"' : ''; 580 $s_role_options .= '<option value="' . $role_id . '"' . (($role_id == $current_role_id) ? ' selected="selected"' : '') . $title . '>' . $role_name . '</option>'; 581 582 $role_options[] = array( 583 'ID' => $role_id, 584 'ROLE_NAME' => $role_name, 585 'TITLE' => $role_description, 586 'SELECTED' => $role_id == $current_role_id, 587 ); 588 } 589 590 if ($s_role_options) 591 { 592 $s_role_options = '<option value="0"' . ((!$current_role_id) ? ' selected="selected"' : '') . ' title="' . htmlspecialchars($user->lang['NO_ROLE_ASSIGNED_EXPLAIN']) . '">' . $user->lang['NO_ROLE_ASSIGNED'] . '</option>' . $s_role_options; 593 } 594 595 if (!$current_role_id && $mode != 'view') 596 { 597 $s_custom_permissions = false; 598 599 foreach ($forum_array as $key => $value) 600 { 601 if ($value['S_NEVER'] || $value['S_YES']) 602 { 603 $s_custom_permissions = true; 604 break; 605 } 606 } 607 } 608 else 609 { 610 $s_custom_permissions = false; 611 } 612 613 $template->assign_block_vars($tpl_pmask . '.' . $tpl_fmask, array( 614 'NAME' => ($forum_id == 0) ? $forum_names_ary[0] : $forum_names_ary[$forum_id]['forum_name'], 615 'PADDING' => ($forum_id == 0) ? '' : $forum_names_ary[$forum_id]['padding'], 616 'S_CUSTOM' => $s_custom_permissions, 617 'UG_ID' => $ug_id, 618 'S_ROLE_OPTIONS' => $s_role_options, 619 'FORUM_ID' => $forum_id) 620 ); 621 622 $template->assign_block_vars_array($tpl_pmask . '.' . $tpl_fmask . '.role_options', $role_options); 623 624 $this->assign_cat_array($forum_array, $tpl_pmask . '.' . $tpl_fmask . '.' . $tpl_category, $tpl_mask, $ug_id, $forum_id, ($mode == 'view'), $show_trace); 625 } 626 627 unset($hold_ary[$ug_id], $ug_names_ary[$ug_id]); 628 } 629 } 630 } 631 632 /** 633 * Display permission mask for roles 634 */ 635 function display_role_mask(&$hold_ary) 636 { 637 global $db, $template, $user, $phpbb_root_path, $phpEx; 638 global $phpbb_container; 639 640 if (!count($hold_ary)) 641 { 642 return; 643 } 644 645 /** @var \phpbb\group\helper $group_helper */ 646 $group_helper = $phpbb_container->get('group_helper'); 647 648 // Get forum names 649 $sql = 'SELECT forum_id, forum_name 650 FROM ' . FORUMS_TABLE . ' 651 WHERE ' . $db->sql_in_set('forum_id', array_keys($hold_ary)) . ' 652 ORDER BY left_id'; 653 $result = $db->sql_query($sql); 654 655 // If the role is used globally, then reflect that 656 $forum_names = (isset($hold_ary[0])) ? array(0 => '') : array(); 657 while ($row = $db->sql_fetchrow($result)) 658 { 659 $forum_names[$row['forum_id']] = $row['forum_name']; 660 } 661 $db->sql_freeresult($result); 662 663 foreach ($forum_names as $forum_id => $forum_name) 664 { 665 $auth_ary = $hold_ary[$forum_id]; 666 667 $template->assign_block_vars('role_mask', array( 668 'NAME' => ($forum_id == 0) ? $user->lang['GLOBAL_MASK'] : $forum_name, 669 'FORUM_ID' => $forum_id) 670 ); 671 672 if (isset($auth_ary['users']) && count($auth_ary['users'])) 673 { 674 $sql = 'SELECT user_id, username 675 FROM ' . USERS_TABLE . ' 676 WHERE ' . $db->sql_in_set('user_id', $auth_ary['users']) . ' 677 ORDER BY username_clean ASC'; 678 $result = $db->sql_query($sql); 679 680 while ($row = $db->sql_fetchrow($result)) 681 { 682 $template->assign_block_vars('role_mask.users', array( 683 'USER_ID' => $row['user_id'], 684 'USERNAME' => get_username_string('username', $row['user_id'], $row['username']), 685 'U_PROFILE' => get_username_string('profile', $row['user_id'], $row['username']), 686 )); 687 } 688 $db->sql_freeresult($result); 689 } 690 691 if (isset($auth_ary['groups']) && count($auth_ary['groups'])) 692 { 693 $sql = 'SELECT group_id, group_name, group_type 694 FROM ' . GROUPS_TABLE . ' 695 WHERE ' . $db->sql_in_set('group_id', $auth_ary['groups']) . ' 696 ORDER BY group_type ASC, group_name'; 697 $result = $db->sql_query($sql); 698 699 while ($row = $db->sql_fetchrow($result)) 700 { 701 $template->assign_block_vars('role_mask.groups', array( 702 'GROUP_ID' => $row['group_id'], 703 'GROUP_NAME' => $group_helper->get_name($row['group_name']), 704 'U_PROFILE' => append_sid("{$phpbb_root_path}memberlist.$phpEx", "mode=group&g={$row['group_id']}")) 705 ); 706 } 707 $db->sql_freeresult($result); 708 } 709 } 710 } 711 712 /** 713 * NOTE: this function is not in use atm 714 * Add a new option to the list ... $options is a hash of form -> 715 * $options = array( 716 * 'local' => array('option1', 'option2', ...), 717 * 'global' => array('optionA', 'optionB', ...) 718 * ); 719 */ 720 function acl_add_option($options) 721 { 722 global $db, $cache; 723 724 if (!is_array($options)) 725 { 726 return false; 727 } 728 729 $cur_options = array(); 730 731 // Determine current options 732 $sql = 'SELECT auth_option, is_global, is_local 733 FROM ' . ACL_OPTIONS_TABLE . ' 734 ORDER BY auth_option_id'; 735 $result = $db->sql_query($sql); 736 737 while ($row = $db->sql_fetchrow($result)) 738 { 739 $cur_options[$row['auth_option']] = ($row['is_global'] && $row['is_local']) ? 'both' : (($row['is_global']) ? 'global' : 'local'); 740 } 741 $db->sql_freeresult($result); 742 743 // Here we need to insert new options ... this requires discovering whether 744 // an options is global, local or both and whether we need to add an permission 745 // set flag (x_) 746 $new_options = array('local' => array(), 'global' => array()); 747 748 foreach ($options as $type => $option_ary) 749 { 750 $option_ary = array_unique($option_ary); 751 752 foreach ($option_ary as $option_value) 753 { 754 $new_options[$type][] = $option_value; 755 756 $flag = substr($option_value, 0, strpos($option_value, '_') + 1); 757 758 if (!in_array($flag, $new_options[$type])) 759 { 760 $new_options[$type][] = $flag; 761 } 762 } 763 } 764 unset($options); 765 766 $options = array(); 767 $options['local'] = array_diff($new_options['local'], $new_options['global']); 768 $options['global'] = array_diff($new_options['global'], $new_options['local']); 769 $options['both'] = array_intersect($new_options['local'], $new_options['global']); 770 771 // Now check which options to add/update 772 $add_options = $update_options = array(); 773 774 // First local ones... 775 foreach ($options as $type => $option_ary) 776 { 777 foreach ($option_ary as $option) 778 { 779 if (!isset($cur_options[$option])) 780 { 781 $add_options[] = array( 782 'auth_option' => (string) $option, 783 'is_global' => ($type == 'global' || $type == 'both') ? 1 : 0, 784 'is_local' => ($type == 'local' || $type == 'both') ? 1 : 0 785 ); 786 787 continue; 788 } 789 790 // Else, update existing entry if it is changed... 791 if ($type === $cur_options[$option]) 792 { 793 continue; 794 } 795 796 // New type is always both: 797 // If is now both, we set both. 798 // If it was global the new one is local and we need to set it to both 799 // If it was local the new one is global and we need to set it to both 800 $update_options[] = $option; 801 } 802 } 803 804 if (!empty($add_options)) 805 { 806 $db->sql_multi_insert(ACL_OPTIONS_TABLE, $add_options); 807 } 808 809 if (!empty($update_options)) 810 { 811 $sql = 'UPDATE ' . ACL_OPTIONS_TABLE . ' 812 SET is_global = 1, is_local = 1 813 WHERE ' . $db->sql_in_set('auth_option', $update_options); 814 $db->sql_query($sql); 815 } 816 817 $cache->destroy('_acl_options'); 818 $this->acl_clear_prefetch(); 819 820 // Because we just changed the options and also purged the options cache, we instantly update/regenerate it for later calls to succeed. 821 $this->acl_options = array(); 822 $this->__construct(); 823 824 return true; 825 } 826 827 /** 828 * Set a user or group ACL record 829 */ 830 function acl_set($ug_type, $forum_id, $ug_id, $auth, $role_id = 0, $clear_prefetch = true) 831 { 832 global $db; 833 834 // One or more forums 835 if (!is_array($forum_id)) 836 { 837 $forum_id = array($forum_id); 838 } 839 840 // One or more users 841 if (!is_array($ug_id)) 842 { 843 $ug_id = array($ug_id); 844 } 845 846 $ug_id_sql = $db->sql_in_set($ug_type . '_id', array_map('intval', $ug_id)); 847 $forum_sql = $db->sql_in_set('forum_id', array_map('intval', $forum_id)); 848 849 // Instead of updating, inserting, removing we just remove all current settings and re-set everything... 850 $table = ($ug_type == 'user') ? ACL_USERS_TABLE : ACL_GROUPS_TABLE; 851 $id_field = $ug_type . '_id'; 852 853 // Get any flags as required 854 reset($auth); 855 $flag = key($auth); 856 $flag = substr($flag, 0, strpos($flag, '_') + 1); 857 858 // This ID (the any-flag) is set if one or more permissions are true... 859 $any_option_id = (int) $this->acl_options['id'][$flag]; 860 861 // Remove any-flag from auth ary 862 if (isset($auth[$flag])) 863 { 864 unset($auth[$flag]); 865 } 866 867 // Remove current auth options... 868 $auth_option_ids = array((int) $any_option_id); 869 foreach ($auth as $auth_option => $auth_setting) 870 { 871 $auth_option_ids[] = (int) $this->acl_options['id'][$auth_option]; 872 } 873 874 $sql = "DELETE FROM $table 875 WHERE $forum_sql 876 AND $ug_id_sql 877 AND " . $db->sql_in_set('auth_option_id', $auth_option_ids); 878 $db->sql_query($sql); 879 880 // Remove those having a role assigned... the correct type of course... 881 $sql = 'SELECT role_id 882 FROM ' . ACL_ROLES_TABLE . " 883 WHERE role_type = '" . $db->sql_escape($flag) . "'"; 884 $result = $db->sql_query($sql); 885 886 $role_ids = array(); 887 while ($row = $db->sql_fetchrow($result)) 888 { 889 $role_ids[] = $row['role_id']; 890 } 891 $db->sql_freeresult($result); 892 893 if (count($role_ids)) 894 { 895 $sql = "DELETE FROM $table 896 WHERE $forum_sql 897 AND $ug_id_sql 898 AND auth_option_id = 0 899 AND " . $db->sql_in_set('auth_role_id', $role_ids); 900 $db->sql_query($sql); 901 } 902 903 // Ok, include the any-flag if one or more auth options are set to yes... 904 foreach ($auth as $auth_option => $setting) 905 { 906 if ($setting == ACL_YES && (!isset($auth[$flag]) || $auth[$flag] == ACL_NEVER)) 907 { 908 $auth[$flag] = ACL_YES; 909 } 910 } 911 912 $sql_ary = array(); 913 foreach ($forum_id as $forum) 914 { 915 $forum = (int) $forum; 916 917 if ($role_id) 918 { 919 foreach ($ug_id as $id) 920 { 921 $sql_ary[] = array( 922 $id_field => (int) $id, 923 'forum_id' => (int) $forum, 924 'auth_option_id' => 0, 925 'auth_setting' => 0, 926 'auth_role_id' => (int) $role_id, 927 ); 928 } 929 } 930 else 931 { 932 foreach ($auth as $auth_option => $setting) 933 { 934 $auth_option_id = (int) $this->acl_options['id'][$auth_option]; 935 936 if ($setting != ACL_NO) 937 { 938 foreach ($ug_id as $id) 939 { 940 $sql_ary[] = array( 941 $id_field => (int) $id, 942 'forum_id' => (int) $forum, 943 'auth_option_id' => (int) $auth_option_id, 944 'auth_setting' => (int) $setting 945 ); 946 } 947 } 948 } 949 } 950 } 951 952 $db->sql_multi_insert($table, $sql_ary); 953 954 if ($clear_prefetch) 955 { 956 $this->acl_clear_prefetch(); 957 } 958 } 959 960 /** 961 * Set a role-specific ACL record 962 */ 963 function acl_set_role($role_id, $auth) 964 { 965 global $db; 966 967 // Get any-flag as required 968 reset($auth); 969 $flag = key($auth); 970 $flag = substr($flag, 0, strpos($flag, '_') + 1); 971 972 // Remove any-flag from auth ary 973 if (isset($auth[$flag])) 974 { 975 unset($auth[$flag]); 976 } 977 978 // Re-set any flag... 979 foreach ($auth as $auth_option => $setting) 980 { 981 if ($setting == ACL_YES && (!isset($auth[$flag]) || $auth[$flag] == ACL_NEVER)) 982 { 983 $auth[$flag] = ACL_YES; 984 } 985 } 986 987 $sql_ary = array(); 988 foreach ($auth as $auth_option => $setting) 989 { 990 $auth_option_id = (int) $this->acl_options['id'][$auth_option]; 991 992 if ($setting != ACL_NO) 993 { 994 $sql_ary[] = array( 995 'role_id' => (int) $role_id, 996 'auth_option_id' => (int) $auth_option_id, 997 'auth_setting' => (int) $setting 998 ); 999 } 1000 } 1001 1002 // If no data is there, we set the any-flag to ACL_NEVER... 1003 if (!count($sql_ary)) 1004 { 1005 $sql_ary[] = array( 1006 'role_id' => (int) $role_id, 1007 'auth_option_id' => (int) $this->acl_options['id'][$flag], 1008 'auth_setting' => ACL_NEVER 1009 ); 1010 } 1011 1012 // Remove current auth options... 1013 $sql = 'DELETE FROM ' . ACL_ROLES_DATA_TABLE . ' 1014 WHERE role_id = ' . $role_id; 1015 $db->sql_query($sql); 1016 1017 // Now insert the new values 1018 $db->sql_multi_insert(ACL_ROLES_DATA_TABLE, $sql_ary); 1019 1020 $this->acl_clear_prefetch(); 1021 } 1022 1023 /** 1024 * Remove local permission 1025 */ 1026 function acl_delete($mode, $ug_id = false, $forum_id = false, $permission_type = false) 1027 { 1028 global $db; 1029 1030 if ($ug_id === false && $forum_id === false) 1031 { 1032 return; 1033 } 1034 1035 $option_id_ary = array(); 1036 $table = ($mode == 'user') ? ACL_USERS_TABLE : ACL_GROUPS_TABLE; 1037 $id_field = $mode . '_id'; 1038 1039 $where_sql = array(); 1040 1041 if ($forum_id !== false) 1042 { 1043 $where_sql[] = (!is_array($forum_id)) ? 'forum_id = ' . (int) $forum_id : $db->sql_in_set('forum_id', array_map('intval', $forum_id)); 1044 } 1045 1046 if ($ug_id !== false) 1047 { 1048 $where_sql[] = (!is_array($ug_id)) ? $id_field . ' = ' . (int) $ug_id : $db->sql_in_set($id_field, array_map('intval', $ug_id)); 1049 } 1050 1051 // There seem to be auth options involved, therefore we need to go through the list and make sure we capture roles correctly 1052 if ($permission_type !== false) 1053 { 1054 // Get permission type 1055 $sql = 'SELECT auth_option, auth_option_id 1056 FROM ' . ACL_OPTIONS_TABLE . " 1057 WHERE auth_option " . $db->sql_like_expression($permission_type . $db->get_any_char()); 1058 $result = $db->sql_query($sql); 1059 1060 $auth_id_ary = array(); 1061 while ($row = $db->sql_fetchrow($result)) 1062 { 1063 $option_id_ary[] = $row['auth_option_id']; 1064 $auth_id_ary[$row['auth_option']] = ACL_NO; 1065 } 1066 $db->sql_freeresult($result); 1067 1068 // First of all, lets grab the items having roles with the specified auth options assigned 1069 $sql = "SELECT auth_role_id, $id_field, forum_id 1070 FROM $table, " . ACL_ROLES_TABLE . " r 1071 WHERE auth_role_id <> 0 1072 AND auth_role_id = r.role_id 1073 AND r.role_type = '{$permission_type}' 1074 AND " . implode(' AND ', $where_sql) . ' 1075 ORDER BY auth_role_id'; 1076 $result = $db->sql_query($sql); 1077 1078 $cur_role_auth = array(); 1079 while ($row = $db->sql_fetchrow($result)) 1080 { 1081 $cur_role_auth[$row['auth_role_id']][$row['forum_id']][] = $row[$id_field]; 1082 } 1083 $db->sql_freeresult($result); 1084 1085 // Get role data for resetting data 1086 if (count($cur_role_auth)) 1087 { 1088 $sql = 'SELECT ao.auth_option, rd.role_id, rd.auth_setting 1089 FROM ' . ACL_OPTIONS_TABLE . ' ao, ' . ACL_ROLES_DATA_TABLE . ' rd 1090 WHERE ao.auth_option_id = rd.auth_option_id 1091 AND ' . $db->sql_in_set('rd.role_id', array_keys($cur_role_auth)); 1092 $result = $db->sql_query($sql); 1093 1094 $auth_settings = array(); 1095 while ($row = $db->sql_fetchrow($result)) 1096 { 1097 // We need to fill all auth_options, else setting it will fail... 1098 if (!isset($auth_settings[$row['role_id']])) 1099 { 1100 $auth_settings[$row['role_id']] = $auth_id_ary; 1101 } 1102 $auth_settings[$row['role_id']][$row['auth_option']] = $row['auth_setting']; 1103 } 1104 $db->sql_freeresult($result); 1105 1106 // Set the options 1107 foreach ($cur_role_auth as $role_id => $auth_row) 1108 { 1109 foreach ($auth_row as $f_id => $ug_row) 1110 { 1111 $this->acl_set($mode, $f_id, $ug_row, $auth_settings[$role_id], 0, false); 1112 } 1113 } 1114 } 1115 } 1116 1117 // Now, normally remove permissions... 1118 if ($permission_type !== false) 1119 { 1120 $where_sql[] = $db->sql_in_set('auth_option_id', array_map('intval', $option_id_ary)); 1121 } 1122 1123 $sql = "DELETE FROM $table 1124 WHERE " . implode(' AND ', $where_sql); 1125 $db->sql_query($sql); 1126 1127 $this->acl_clear_prefetch(); 1128 } 1129 1130 /** 1131 * Assign category to template 1132 * used by display_mask() 1133 */ 1134 function assign_cat_array(&$category_array, $tpl_cat, $tpl_mask, $ug_id, $forum_id, $s_view, $show_trace = false) 1135 { 1136 global $template, $phpbb_admin_path, $phpEx, $phpbb_container; 1137 1138 /* @var $phpbb_permissions \phpbb\permissions */ 1139 $phpbb_permissions = $phpbb_container->get('acl.permissions'); 1140 1141 @reset($category_array); 1142 while (list($cat, $cat_array) = each($category_array)) 1143 { 1144 if (!$phpbb_permissions->category_defined($cat)) 1145 { 1146 continue; 1147 } 1148 1149 $template->assign_block_vars($tpl_cat, array( 1150 'S_YES' => ($cat_array['S_YES'] && !$cat_array['S_NEVER'] && !$cat_array['S_NO']) ? true : false, 1151 'S_NEVER' => ($cat_array['S_NEVER'] && !$cat_array['S_YES'] && !$cat_array['S_NO']) ? true : false, 1152 'S_NO' => ($cat_array['S_NO'] && !$cat_array['S_NEVER'] && !$cat_array['S_YES']) ? true : false, 1153 1154 'CAT_NAME' => $phpbb_permissions->get_category_lang($cat), 1155 )); 1156 1157 /* Sort permissions by name (more naturaly and user friendly than sorting by a primary key) 1158 * Commented out due to it's memory consumption and time needed 1159 * 1160 $key_array = array_intersect(array_keys($user->lang), array_map(create_function('$a', 'return "acl_" . $a;'), array_keys($cat_array['permissions']))); 1161 $values_array = $cat_array['permissions']; 1162 1163 $cat_array['permissions'] = array(); 1164 1165 foreach ($key_array as $key) 1166 { 1167 $key = str_replace('acl_', '', $key); 1168 $cat_array['permissions'][$key] = $values_array[$key]; 1169 } 1170 unset($key_array, $values_array); 1171 */ 1172 @reset($cat_array['permissions']); 1173 while (list($permission, $allowed) = each($cat_array['permissions'])) 1174 { 1175 if (!$phpbb_permissions->permission_defined($permission)) 1176 { 1177 continue; 1178 } 1179 1180 if ($s_view) 1181 { 1182 $template->assign_block_vars($tpl_cat . '.' . $tpl_mask, array( 1183 'S_YES' => ($allowed == ACL_YES) ? true : false, 1184 'S_NEVER' => ($allowed == ACL_NEVER) ? true : false, 1185 1186 'UG_ID' => $ug_id, 1187 'FORUM_ID' => $forum_id, 1188 'FIELD_NAME' => $permission, 1189 'S_FIELD_NAME' => 'setting[' . $ug_id . '][' . $forum_id . '][' . $permission . ']', 1190 1191 'U_TRACE' => ($show_trace) ? append_sid("{$phpbb_admin_path}index.$phpEx", "i=permissions&mode=trace&u=$ug_id&f=$forum_id&auth=$permission") : '', 1192 'UA_TRACE' => ($show_trace) ? append_sid("{$phpbb_admin_path}index.$phpEx", "i=permissions&mode=trace&u=$ug_id&f=$forum_id&auth=$permission", false) : '', 1193 1194 'PERMISSION' => $phpbb_permissions->get_permission_lang($permission), 1195 )); 1196 } 1197 else 1198 { 1199 $template->assign_block_vars($tpl_cat . '.' . $tpl_mask, array( 1200 'S_YES' => ($allowed == ACL_YES) ? true : false, 1201 'S_NEVER' => ($allowed == ACL_NEVER) ? true : false, 1202 'S_NO' => ($allowed == ACL_NO) ? true : false, 1203 1204 'UG_ID' => $ug_id, 1205 'FORUM_ID' => $forum_id, 1206 'FIELD_NAME' => $permission, 1207 'S_FIELD_NAME' => 'setting[' . $ug_id . '][' . $forum_id . '][' . $permission . ']', 1208 1209 'U_TRACE' => ($show_trace) ? append_sid("{$phpbb_admin_path}index.$phpEx", "i=permissions&mode=trace&u=$ug_id&f=$forum_id&auth=$permission") : '', 1210 'UA_TRACE' => ($show_trace) ? append_sid("{$phpbb_admin_path}index.$phpEx", "i=permissions&mode=trace&u=$ug_id&f=$forum_id&auth=$permission", false) : '', 1211 1212 'PERMISSION' => $phpbb_permissions->get_permission_lang($permission), 1213 )); 1214 } 1215 } 1216 } 1217 } 1218 1219 /** 1220 * Building content array from permission rows with explicit key ordering 1221 * used by display_mask() 1222 */ 1223 function build_permission_array(&$permission_row, &$content_array, &$categories, $key_sort_array) 1224 { 1225 global $phpbb_container; 1226 1227 /* @var $phpbb_permissions \phpbb\permissions */ 1228 $phpbb_permissions = $phpbb_container->get('acl.permissions'); 1229 1230 foreach ($key_sort_array as $forum_id) 1231 { 1232 if (!isset($permission_row[$forum_id])) 1233 { 1234 continue; 1235 } 1236 1237 $permissions = $permission_row[$forum_id]; 1238 ksort($permissions); 1239 1240 @reset($permissions); 1241 while (list($permission, $auth_setting) = each($permissions)) 1242 { 1243 $cat = $phpbb_permissions->get_permission_category($permission); 1244 1245 // Build our categories array 1246 if (!isset($categories[$cat])) 1247 { 1248 $categories[$cat] = $phpbb_permissions->get_category_lang($cat); 1249 } 1250 1251 // Build our content array 1252 if (!isset($content_array[$forum_id])) 1253 { 1254 $content_array[$forum_id] = array(); 1255 } 1256 1257 if (!isset($content_array[$forum_id][$cat])) 1258 { 1259 $content_array[$forum_id][$cat] = array( 1260 'S_YES' => false, 1261 'S_NEVER' => false, 1262 'S_NO' => false, 1263 'permissions' => array(), 1264 ); 1265 } 1266 1267 $content_array[$forum_id][$cat]['S_YES'] |= ($auth_setting == ACL_YES) ? true : false; 1268 $content_array[$forum_id][$cat]['S_NEVER'] |= ($auth_setting == ACL_NEVER) ? true : false; 1269 $content_array[$forum_id][$cat]['S_NO'] |= ($auth_setting == ACL_NO) ? true : false; 1270 1271 $content_array[$forum_id][$cat]['permissions'][$permission] = $auth_setting; 1272 } 1273 } 1274 } 1275 1276 /** 1277 * Use permissions from another user. This transferes a permission set from one user to another. 1278 * The other user is always able to revert back to his permission set. 1279 * This function does not check for lower/higher permissions, it is possible for the user to gain 1280 * "more" permissions by this. 1281 * Admin permissions will not be copied. 1282 */ 1283 function ghost_permissions($from_user_id, $to_user_id) 1284 { 1285 global $db; 1286 1287 if ($to_user_id == ANONYMOUS) 1288 { 1289 return false; 1290 } 1291 1292 $hold_ary = $this->acl_raw_data_single_user($from_user_id); 1293 1294 // Key 0 in $hold_ary are global options, all others are forum_ids 1295 1296 // We disallow copying admin permissions 1297 foreach ($this->acl_options['global'] as $opt => $id) 1298 { 1299 if (strpos($opt, 'a_') === 0) 1300 { 1301 $hold_ary[0][$this->acl_options['id'][$opt]] = ACL_NEVER; 1302 } 1303 } 1304 1305 // Force a_switchperm to be allowed 1306 $hold_ary[0][$this->acl_options['id']['a_switchperm']] = ACL_YES; 1307 1308 $user_permissions = $this->build_bitstring($hold_ary); 1309 1310 if (!$user_permissions) 1311 { 1312 return false; 1313 } 1314 1315 $sql = 'UPDATE ' . USERS_TABLE . " 1316 SET user_permissions = '" . $db->sql_escape($user_permissions) . "', 1317 user_perm_from = $from_user_id 1318 WHERE user_id = " . $to_user_id; 1319 $db->sql_query($sql); 1320 1321 return true; 1322 } 1323 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Wed Nov 11 20:33:01 2020 | Cross-referenced by PHPXref 0.7.1 |