ManagePermissions.php 78 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270127112721273127412751276127712781279128012811282128312841285128612871288128912901291129212931294129512961297129812991300130113021303130413051306130713081309131013111312131313141315131613171318131913201321132213231324132513261327132813291330133113321333133413351336133713381339134013411342134313441345134613471348134913501351135213531354135513561357135813591360136113621363136413651366136713681369137013711372137313741375137613771378137913801381138213831384138513861387138813891390139113921393139413951396139713981399140014011402140314041405140614071408140914101411141214131414141514161417141814191420142114221423142414251426142714281429143014311432143314341435143614371438143914401441144214431444144514461447144814491450145114521453145414551456145714581459146014611462146314641465146614671468146914701471147214731474147514761477147814791480148114821483148414851486148714881489149014911492149314941495149614971498149915001501150215031504150515061507150815091510151115121513151415151516151715181519152015211522152315241525152615271528152915301531153215331534153515361537153815391540154115421543154415451546154715481549155015511552155315541555155615571558155915601561156215631564156515661567156815691570157115721573157415751576157715781579158015811582158315841585158615871588158915901591159215931594159515961597159815991600160116021603160416051606160716081609161016111612161316141615161616171618161916201621162216231624162516261627162816291630163116321633163416351636163716381639164016411642164316441645164616471648164916501651165216531654165516561657165816591660166116621663166416651666166716681669167016711672167316741675167616771678167916801681168216831684168516861687168816891690169116921693169416951696169716981699170017011702170317041705170617071708170917101711171217131714171517161717171817191720172117221723172417251726172717281729173017311732173317341735173617371738173917401741174217431744174517461747174817491750175117521753175417551756175717581759176017611762176317641765176617671768176917701771177217731774177517761777177817791780178117821783178417851786178717881789179017911792179317941795179617971798179918001801180218031804180518061807180818091810181118121813181418151816181718181819182018211822182318241825182618271828182918301831183218331834183518361837183818391840184118421843184418451846184718481849185018511852185318541855185618571858185918601861186218631864186518661867186818691870187118721873187418751876187718781879188018811882188318841885188618871888188918901891189218931894189518961897189818991900190119021903190419051906190719081909191019111912191319141915191619171918191919201921192219231924192519261927192819291930193119321933193419351936193719381939194019411942194319441945194619471948194919501951195219531954195519561957195819591960196119621963196419651966196719681969197019711972197319741975197619771978197919801981198219831984198519861987198819891990199119921993199419951996199719981999200020012002200320042005200620072008200920102011201220132014201520162017201820192020202120222023202420252026202720282029203020312032203320342035203620372038203920402041204220432044204520462047204820492050205120522053205420552056205720582059206020612062206320642065206620672068206920702071207220732074207520762077207820792080208120822083208420852086208720882089209020912092209320942095209620972098209921002101210221032104210521062107210821092110211121122113211421152116211721182119212021212122212321242125212621272128212921302131213221332134213521362137213821392140214121422143214421452146214721482149215021512152215321542155215621572158215921602161216221632164216521662167216821692170217121722173217421752176217721782179218021812182218321842185218621872188218921902191219221932194219521962197219821992200220122022203220422052206220722082209221022112212221322142215221622172218221922202221222222232224222522262227222822292230223122322233223422352236223722382239224022412242224322442245224622472248224922502251225222532254225522562257225822592260226122622263226422652266226722682269227022712272227322742275227622772278227922802281228222832284228522862287228822892290229122922293229422952296229722982299230023012302230323042305230623072308230923102311231223132314231523162317231823192320232123222323232423252326232723282329233023312332233323342335233623372338233923402341234223432344234523462347234823492350235123522353235423552356235723582359236023612362236323642365236623672368236923702371237223732374237523762377237823792380238123822383238423852386238723882389239023912392239323942395239623972398239924002401240224032404240524062407240824092410241124122413241424152416241724182419242024212422242324242425242624272428242924302431243224332434243524362437243824392440244124422443244424452446244724482449245024512452245324542455245624572458245924602461246224632464246524662467246824692470247124722473247424752476247724782479248024812482248324842485248624872488248924902491249224932494249524962497249824992500250125022503
  1. <?php
  2. /**
  3. * ManagePermissions handles all possible permission stuff.
  4. *
  5. * Simple Machines Forum (SMF)
  6. *
  7. * @package SMF
  8. * @author Simple Machines http://www.simplemachines.org
  9. * @copyright 2013 Simple Machines and individual contributors
  10. * @license http://www.simplemachines.org/about/smf/license.php BSD
  11. *
  12. * @version 2.1 Alpha 1
  13. */
  14. if (!defined('SMF'))
  15. die('No direct access...');
  16. /**
  17. * Dispaches to the right function based on the given subaction.
  18. * Checks the permissions, based on the sub-action.
  19. * Called by ?action=managepermissions.
  20. *
  21. * @uses ManagePermissions language file.
  22. */
  23. function ModifyPermissions()
  24. {
  25. global $txt, $scripturl, $context;
  26. loadLanguage('ManagePermissions+ManageMembers');
  27. loadTemplate('ManagePermissions');
  28. // Format: 'sub-action' => array('function_to_call', 'permission_needed'),
  29. $subActions = array(
  30. 'board' => array('PermissionByBoard', 'manage_permissions'),
  31. 'index' => array('PermissionIndex', 'manage_permissions'),
  32. 'modify' => array('ModifyMembergroup', 'manage_permissions'),
  33. 'modify2' => array('ModifyMembergroup2', 'manage_permissions'),
  34. 'quick' => array('SetQuickGroups', 'manage_permissions'),
  35. 'quickboard' => array('SetQuickBoards', 'manage_permissions'),
  36. 'postmod' => array('ModifyPostModeration', 'manage_permissions'),
  37. 'profiles' => array('EditPermissionProfiles', 'manage_permissions'),
  38. 'settings' => array('GeneralPermissionSettings', 'admin_forum'),
  39. );
  40. call_integration_hook('integrate_manage_permissions', array(&$subActions));
  41. $_REQUEST['sa'] = isset($_REQUEST['sa']) && isset($subActions[$_REQUEST['sa']]) && empty($subActions[$_REQUEST['sa']]['disabled']) ? $_REQUEST['sa'] : (allowedTo('manage_permissions') ? 'index' : 'settings');
  42. isAllowedTo($subActions[$_REQUEST['sa']][1]);
  43. // Create the tabs for the template.
  44. $context[$context['admin_menu_name']]['tab_data'] = array(
  45. 'title' => $txt['permissions_title'],
  46. 'help' => 'permissions',
  47. 'description' => '',
  48. 'tabs' => array(
  49. 'index' => array(
  50. 'description' => $txt['permissions_groups'],
  51. ),
  52. 'board' => array(
  53. 'description' => $txt['permission_by_board_desc'],
  54. ),
  55. 'profiles' => array(
  56. 'description' => $txt['permissions_profiles_desc'],
  57. ),
  58. 'postmod' => array(
  59. 'description' => $txt['permissions_post_moderation_desc'],
  60. ),
  61. 'settings' => array(
  62. 'description' => $txt['permission_settings_desc'],
  63. ),
  64. ),
  65. );
  66. $subActions[$_REQUEST['sa']][0]();
  67. }
  68. /**
  69. * Sets up the permissions by membergroup index page.
  70. * Called by ?action=managepermissions
  71. * Creates an array of all the groups with the number of members and permissions.
  72. *
  73. * @uses ManagePermissions language file.
  74. * @uses ManagePermissions template file.
  75. * @uses ManageBoards template, permission_index sub-template.
  76. */
  77. function PermissionIndex()
  78. {
  79. global $txt, $scripturl, $context, $settings, $modSettings, $smcFunc;
  80. $context['page_title'] = $txt['permissions_title'];
  81. // Load all the permissions. We'll need them in the template.
  82. loadAllPermissions();
  83. // Also load profiles, we may want to reset.
  84. loadPermissionProfiles();
  85. // Are we going to show the advanced options?
  86. $context['show_advanced_options'] = empty($context['admin_preferences']['app']);
  87. // Determine the number of ungrouped members.
  88. $request = $smcFunc['db_query']('', '
  89. SELECT COUNT(*)
  90. FROM {db_prefix}members
  91. WHERE id_group = {int:regular_group}',
  92. array(
  93. 'regular_group' => 0,
  94. )
  95. );
  96. list ($num_members) = $smcFunc['db_fetch_row']($request);
  97. $smcFunc['db_free_result']($request);
  98. // Fill the context variable with 'Guests' and 'Regular Members'.
  99. $context['groups'] = array(
  100. -1 => array(
  101. 'id' => -1,
  102. 'name' => $txt['membergroups_guests'],
  103. 'num_members' => $txt['membergroups_guests_na'],
  104. 'allow_delete' => false,
  105. 'allow_modify' => true,
  106. 'can_search' => false,
  107. 'href' => '',
  108. 'link' => '',
  109. 'help' => 'membergroup_guests',
  110. 'is_post_group' => false,
  111. 'color' => '',
  112. 'icons' => '',
  113. 'children' => array(),
  114. 'num_permissions' => array(
  115. 'allowed' => 0,
  116. // Can't deny guest permissions!
  117. 'denied' => '(' . $txt['permissions_none'] . ')'
  118. ),
  119. 'access' => false
  120. ),
  121. 0 => array(
  122. 'id' => 0,
  123. 'name' => $txt['membergroups_members'],
  124. 'num_members' => $num_members,
  125. 'allow_delete' => false,
  126. 'allow_modify' => true,
  127. 'can_search' => false,
  128. 'href' => $scripturl . '?action=moderate;area=viewgroups;sa=members;group=0',
  129. 'help' => 'membergroup_regular_members',
  130. 'is_post_group' => false,
  131. 'color' => '',
  132. 'icons' => '',
  133. 'children' => array(),
  134. 'num_permissions' => array(
  135. 'allowed' => 0,
  136. 'denied' => 0
  137. ),
  138. 'access' => false
  139. ),
  140. );
  141. $postGroups = array();
  142. $normalGroups = array();
  143. // Query the database defined membergroups.
  144. $query = $smcFunc['db_query']('', '
  145. SELECT id_group, id_parent, group_name, min_posts, online_color, icons
  146. FROM {db_prefix}membergroups' . (empty($modSettings['permission_enable_postgroups']) ? '
  147. WHERE min_posts = {int:min_posts}' : '') . '
  148. ORDER BY id_parent = {int:not_inherited} DESC, min_posts, CASE WHEN id_group < {int:newbie_group} THEN id_group ELSE 4 END, group_name',
  149. array(
  150. 'min_posts' => -1,
  151. 'not_inherited' => -2,
  152. 'newbie_group' => 4,
  153. )
  154. );
  155. while ($row = $smcFunc['db_fetch_assoc']($query))
  156. {
  157. // If it's inherited, just add it as a child.
  158. if ($row['id_parent'] != -2)
  159. {
  160. if (isset($context['groups'][$row['id_parent']]))
  161. $context['groups'][$row['id_parent']]['children'][$row['id_group']] = $row['group_name'];
  162. continue;
  163. }
  164. $row['icons'] = explode('#', $row['icons']);
  165. $context['groups'][$row['id_group']] = array(
  166. 'id' => $row['id_group'],
  167. 'name' => $row['group_name'],
  168. 'num_members' => $row['id_group'] != 3 ? 0 : $txt['membergroups_guests_na'],
  169. 'allow_delete' => $row['id_group'] > 4,
  170. 'allow_modify' => $row['id_group'] > 1,
  171. 'can_search' => $row['id_group'] != 3,
  172. 'href' => $scripturl . '?action=moderate;area=viewgroups;sa=members;group=' . $row['id_group'],
  173. 'help' => $row['id_group'] == 1 ? 'membergroup_administrator' : ($row['id_group'] == 3 ? 'membergroup_moderator' : ''),
  174. 'is_post_group' => $row['min_posts'] != -1,
  175. 'color' => empty($row['online_color']) ? '' : $row['online_color'],
  176. 'icons' => !empty($row['icons'][0]) && !empty($row['icons'][1]) ? str_repeat('<img src="' . $settings['images_url'] . '/' . $row['icons'][1] . '" alt="*" />', $row['icons'][0]) : '',
  177. 'children' => array(),
  178. 'num_permissions' => array(
  179. 'allowed' => $row['id_group'] == 1 ? '(' . $txt['permissions_all'] . ')' : 0,
  180. 'denied' => $row['id_group'] == 1 ? '(' . $txt['permissions_none'] . ')' : 0
  181. ),
  182. 'access' => false,
  183. );
  184. if ($row['min_posts'] == -1)
  185. $normalGroups[$row['id_group']] = $row['id_group'];
  186. else
  187. $postGroups[$row['id_group']] = $row['id_group'];
  188. }
  189. $smcFunc['db_free_result']($query);
  190. // Get the number of members in this post group.
  191. if (!empty($postGroups))
  192. {
  193. $query = $smcFunc['db_query']('', '
  194. SELECT id_post_group AS id_group, COUNT(*) AS num_members
  195. FROM {db_prefix}members
  196. WHERE id_post_group IN ({array_int:post_group_list})
  197. GROUP BY id_post_group',
  198. array(
  199. 'post_group_list' => $postGroups,
  200. )
  201. );
  202. while ($row = $smcFunc['db_fetch_assoc']($query))
  203. $context['groups'][$row['id_group']]['num_members'] += $row['num_members'];
  204. $smcFunc['db_free_result']($query);
  205. }
  206. if (!empty($normalGroups))
  207. {
  208. // First, the easy one!
  209. $query = $smcFunc['db_query']('', '
  210. SELECT id_group, COUNT(*) AS num_members
  211. FROM {db_prefix}members
  212. WHERE id_group IN ({array_int:normal_group_list})
  213. GROUP BY id_group',
  214. array(
  215. 'normal_group_list' => $normalGroups,
  216. )
  217. );
  218. while ($row = $smcFunc['db_fetch_assoc']($query))
  219. $context['groups'][$row['id_group']]['num_members'] += $row['num_members'];
  220. $smcFunc['db_free_result']($query);
  221. // This one is slower, but it's okay... careful not to count twice!
  222. $query = $smcFunc['db_query']('', '
  223. SELECT mg.id_group, COUNT(*) AS num_members
  224. FROM {db_prefix}membergroups AS mg
  225. INNER JOIN {db_prefix}members AS mem ON (mem.additional_groups != {string:blank_string}
  226. AND mem.id_group != mg.id_group
  227. AND FIND_IN_SET(mg.id_group, mem.additional_groups) != 0)
  228. WHERE mg.id_group IN ({array_int:normal_group_list})
  229. GROUP BY mg.id_group',
  230. array(
  231. 'normal_group_list' => $normalGroups,
  232. 'blank_string' => '',
  233. )
  234. );
  235. while ($row = $smcFunc['db_fetch_assoc']($query))
  236. $context['groups'][$row['id_group']]['num_members'] += $row['num_members'];
  237. $smcFunc['db_free_result']($query);
  238. }
  239. foreach ($context['groups'] as $id => $data)
  240. {
  241. if ($data['href'] != '')
  242. $context['groups'][$id]['link'] = '<a href="' . $data['href'] . '">' . $data['num_members'] . '</a>';
  243. }
  244. if (empty($_REQUEST['pid']))
  245. {
  246. $request = $smcFunc['db_query']('', '
  247. SELECT id_group, COUNT(*) AS num_permissions, add_deny
  248. FROM {db_prefix}permissions
  249. ' . (empty($context['hidden_permissions']) ? '' : ' WHERE permission NOT IN ({array_string:hidden_permissions})') . '
  250. GROUP BY id_group, add_deny',
  251. array(
  252. 'hidden_permissions' => !empty($context['hidden_permissions']) ? $context['hidden_permissions'] : array(),
  253. )
  254. );
  255. while ($row = $smcFunc['db_fetch_assoc']($request))
  256. if (isset($context['groups'][(int) $row['id_group']]) && (!empty($row['add_deny']) || $row['id_group'] != -1))
  257. $context['groups'][(int) $row['id_group']]['num_permissions'][empty($row['add_deny']) ? 'denied' : 'allowed'] = $row['num_permissions'];
  258. $smcFunc['db_free_result']($request);
  259. // Get the "default" profile permissions too.
  260. $request = $smcFunc['db_query']('', '
  261. SELECT id_profile, id_group, COUNT(*) AS num_permissions, add_deny
  262. FROM {db_prefix}board_permissions
  263. WHERE id_profile = {int:default_profile}
  264. ' . (empty($context['hidden_permissions']) ? '' : ' AND permission NOT IN ({array_string:hidden_permissions})') . '
  265. GROUP BY id_profile, id_group, add_deny',
  266. array(
  267. 'default_profile' => 1,
  268. 'hidden_permissions' => !empty($context['hidden_permissions']) ? $context['hidden_permissions'] : array(),
  269. )
  270. );
  271. while ($row = $smcFunc['db_fetch_assoc']($request))
  272. {
  273. if (isset($context['groups'][(int) $row['id_group']]) && (!empty($row['add_deny']) || $row['id_group'] != -1))
  274. $context['groups'][(int) $row['id_group']]['num_permissions'][empty($row['add_deny']) ? 'denied' : 'allowed'] += $row['num_permissions'];
  275. }
  276. $smcFunc['db_free_result']($request);
  277. }
  278. else
  279. {
  280. $_REQUEST['pid'] = (int) $_REQUEST['pid'];
  281. if (!isset($context['profiles'][$_REQUEST['pid']]))
  282. fatal_lang_error('no_access', false);
  283. // Change the selected tab to better reflect that this really is a board profile.
  284. $context[$context['admin_menu_name']]['current_subsection'] = 'profiles';
  285. $request = $smcFunc['db_query']('', '
  286. SELECT id_profile, id_group, COUNT(*) AS num_permissions, add_deny
  287. FROM {db_prefix}board_permissions
  288. WHERE id_profile = {int:current_profile}
  289. GROUP BY id_profile, id_group, add_deny',
  290. array(
  291. 'current_profile' => $_REQUEST['pid'],
  292. )
  293. );
  294. while ($row = $smcFunc['db_fetch_assoc']($request))
  295. {
  296. if (isset($context['groups'][(int) $row['id_group']]) && (!empty($row['add_deny']) || $row['id_group'] != -1))
  297. $context['groups'][(int) $row['id_group']]['num_permissions'][empty($row['add_deny']) ? 'denied' : 'allowed'] += $row['num_permissions'];
  298. }
  299. $smcFunc['db_free_result']($request);
  300. $context['profile'] = array(
  301. 'id' => $_REQUEST['pid'],
  302. 'name' => $context['profiles'][$_REQUEST['pid']]['name'],
  303. );
  304. }
  305. // We can modify any permission set apart from the read only, reply only and no polls ones as they are redefined.
  306. $context['can_modify'] = empty($_REQUEST['pid']) || $_REQUEST['pid'] == 1 || $_REQUEST['pid'] > 4;
  307. // Load the proper template.
  308. $context['sub_template'] = 'permission_index';
  309. createToken('admin-mpq');
  310. }
  311. /**
  312. * Handle permissions by board... more or less. :P
  313. */
  314. function PermissionByBoard()
  315. {
  316. global $context, $modSettings, $txt, $smcFunc, $sourcedir, $cat_tree, $boardList, $boards;
  317. $context['page_title'] = $txt['permissions_boards'];
  318. $context['edit_all'] = isset($_GET['edit']);
  319. // Saving?
  320. if (!empty($_POST['save_changes']) && !empty($_POST['boardprofile']))
  321. {
  322. checkSession('request');
  323. validateToken('admin-mpb');
  324. $changes = array();
  325. foreach ($_POST['boardprofile'] as $board => $profile)
  326. {
  327. $changes[(int) $profile][] = (int) $board;
  328. }
  329. if (!empty($changes))
  330. {
  331. foreach ($changes as $profile => $boards)
  332. $smcFunc['db_query']('', '
  333. UPDATE {db_prefix}boards
  334. SET id_profile = {int:current_profile}
  335. WHERE id_board IN ({array_int:board_list})',
  336. array(
  337. 'board_list' => $boards,
  338. 'current_profile' => $profile,
  339. )
  340. );
  341. }
  342. $context['edit_all'] = false;
  343. }
  344. // Load all permission profiles.
  345. loadPermissionProfiles();
  346. // Get the board tree.
  347. require_once($sourcedir . '/Subs-Boards.php');
  348. getBoardTree();
  349. // Build the list of the boards.
  350. $context['categories'] = array();
  351. foreach ($cat_tree as $catid => $tree)
  352. {
  353. $context['categories'][$catid] = array(
  354. 'name' => &$tree['node']['name'],
  355. 'id' => &$tree['node']['id'],
  356. 'boards' => array()
  357. );
  358. foreach ($boardList[$catid] as $boardid)
  359. {
  360. if (!isset($context['profiles'][$boards[$boardid]['profile']]))
  361. $boards[$boardid]['profile'] = 1;
  362. $context['categories'][$catid]['boards'][$boardid] = array(
  363. 'id' => &$boards[$boardid]['id'],
  364. 'name' => &$boards[$boardid]['name'],
  365. 'description' => &$boards[$boardid]['description'],
  366. 'child_level' => &$boards[$boardid]['level'],
  367. 'profile' => &$boards[$boardid]['profile'],
  368. 'profile_name' => $context['profiles'][$boards[$boardid]['profile']]['name'],
  369. );
  370. }
  371. }
  372. $context['sub_template'] = 'by_board';
  373. createToken('admin-mpb');
  374. }
  375. /**
  376. * Handles permission modification actions from the upper part of the
  377. * permission manager index.
  378. */
  379. function SetQuickGroups()
  380. {
  381. global $context, $smcFunc;
  382. checkSession();
  383. validateToken('admin-mpq', 'quick');
  384. loadIllegalPermissions();
  385. loadIllegalGuestPermissions();
  386. // Make sure only one of the quick options was selected.
  387. if ((!empty($_POST['predefined']) && ((isset($_POST['copy_from']) && $_POST['copy_from'] != 'empty') || !empty($_POST['permissions']))) || (!empty($_POST['copy_from']) && $_POST['copy_from'] != 'empty' && !empty($_POST['permissions'])))
  388. fatal_lang_error('permissions_only_one_option', false);
  389. if (empty($_POST['group']) || !is_array($_POST['group']))
  390. $_POST['group'] = array();
  391. // Only accept numeric values for selected membergroups.
  392. foreach ($_POST['group'] as $id => $group_id)
  393. $_POST['group'][$id] = (int) $group_id;
  394. $_POST['group'] = array_unique($_POST['group']);
  395. if (empty($_REQUEST['pid']))
  396. $_REQUEST['pid'] = 0;
  397. else
  398. $_REQUEST['pid'] = (int) $_REQUEST['pid'];
  399. // Fix up the old global to the new default!
  400. $bid = max(1, $_REQUEST['pid']);
  401. // No modifying the predefined profiles.
  402. if ($_REQUEST['pid'] > 1 && $_REQUEST['pid'] < 5)
  403. fatal_lang_error('no_access', false);
  404. // Clear out any cached authority.
  405. updateSettings(array('settings_updated' => time()));
  406. // No groups where selected.
  407. if (empty($_POST['group']))
  408. redirectexit('action=admin;area=permissions;pid=' . $_REQUEST['pid']);
  409. // Set a predefined permission profile.
  410. if (!empty($_POST['predefined']))
  411. {
  412. // Make sure it's a predefined permission set we expect.
  413. if (!in_array($_POST['predefined'], array('restrict', 'standard', 'moderator', 'maintenance')))
  414. redirectexit('action=admin;area=permissions;pid=' . $_REQUEST['pid']);
  415. foreach ($_POST['group'] as $group_id)
  416. {
  417. if (!empty($_REQUEST['pid']))
  418. setPermissionLevel($_POST['predefined'], $group_id, $_REQUEST['pid']);
  419. else
  420. setPermissionLevel($_POST['predefined'], $group_id);
  421. }
  422. }
  423. // Set a permission profile based on the permissions of a selected group.
  424. elseif ($_POST['copy_from'] != 'empty')
  425. {
  426. // Just checking the input.
  427. if (!is_numeric($_POST['copy_from']))
  428. redirectexit('action=admin;area=permissions;pid=' . $_REQUEST['pid']);
  429. // Make sure the group we're copying to is never included.
  430. $_POST['group'] = array_diff($_POST['group'], array($_POST['copy_from']));
  431. // No groups left? Too bad.
  432. if (empty($_POST['group']))
  433. redirectexit('action=admin;area=permissions;pid=' . $_REQUEST['pid']);
  434. if (empty($_REQUEST['pid']))
  435. {
  436. // Retrieve current permissions of group.
  437. $request = $smcFunc['db_query']('', '
  438. SELECT permission, add_deny
  439. FROM {db_prefix}permissions
  440. WHERE id_group = {int:copy_from}',
  441. array(
  442. 'copy_from' => $_POST['copy_from'],
  443. )
  444. );
  445. $target_perm = array();
  446. while ($row = $smcFunc['db_fetch_assoc']($request))
  447. $target_perm[$row['permission']] = $row['add_deny'];
  448. $smcFunc['db_free_result']($request);
  449. $inserts = array();
  450. foreach ($_POST['group'] as $group_id)
  451. foreach ($target_perm as $perm => $add_deny)
  452. {
  453. // No dodgy permissions please!
  454. if (!empty($context['illegal_permissions']) && in_array($perm, $context['illegal_permissions']))
  455. continue;
  456. if ($group_id == -1 && in_array($perm, $context['non_guest_permissions']))
  457. continue;
  458. if ($group_id != 1 && $group_id != 3)
  459. $inserts[] = array($perm, $group_id, $add_deny);
  460. }
  461. // Delete the previous permissions...
  462. $smcFunc['db_query']('', '
  463. DELETE FROM {db_prefix}permissions
  464. WHERE id_group IN ({array_int:group_list})
  465. ' . (empty($context['illegal_permissions']) ? '' : ' AND permission NOT IN ({array_string:illegal_permissions})'),
  466. array(
  467. 'group_list' => $_POST['group'],
  468. 'illegal_permissions' => !empty($context['illegal_permissions']) ? $context['illegal_permissions'] : array(),
  469. )
  470. );
  471. if (!empty($inserts))
  472. {
  473. // ..and insert the new ones.
  474. $smcFunc['db_insert']('',
  475. '{db_prefix}permissions',
  476. array(
  477. 'permission' => 'string', 'id_group' => 'int', 'add_deny' => 'int',
  478. ),
  479. $inserts,
  480. array('permission', 'id_group')
  481. );
  482. }
  483. }
  484. // Now do the same for the board permissions.
  485. $request = $smcFunc['db_query']('', '
  486. SELECT permission, add_deny
  487. FROM {db_prefix}board_permissions
  488. WHERE id_group = {int:copy_from}
  489. AND id_profile = {int:current_profile}',
  490. array(
  491. 'copy_from' => $_POST['copy_from'],
  492. 'current_profile' => $bid,
  493. )
  494. );
  495. $target_perm = array();
  496. while ($row = $smcFunc['db_fetch_assoc']($request))
  497. $target_perm[$row['permission']] = $row['add_deny'];
  498. $smcFunc['db_free_result']($request);
  499. $inserts = array();
  500. foreach ($_POST['group'] as $group_id)
  501. foreach ($target_perm as $perm => $add_deny)
  502. {
  503. // Are these for guests?
  504. if ($group_id == -1 && in_array($perm, $context['non_guest_permissions']))
  505. continue;
  506. $inserts[] = array($perm, $group_id, $bid, $add_deny);
  507. }
  508. // Delete the previous global board permissions...
  509. $smcFunc['db_query']('', '
  510. DELETE FROM {db_prefix}board_permissions
  511. WHERE id_group IN ({array_int:current_group_list})
  512. AND id_profile = {int:current_profile}',
  513. array(
  514. 'current_group_list' => $_POST['group'],
  515. 'current_profile' => $bid,
  516. )
  517. );
  518. // And insert the copied permissions.
  519. if (!empty($inserts))
  520. {
  521. // ..and insert the new ones.
  522. $smcFunc['db_insert']('',
  523. '{db_prefix}board_permissions',
  524. array('permission' => 'string', 'id_group' => 'int', 'id_profile' => 'int', 'add_deny' => 'int'),
  525. $inserts,
  526. array('permission', 'id_group', 'id_profile')
  527. );
  528. }
  529. // Update any children out there!
  530. updateChildPermissions($_POST['group'], $_REQUEST['pid']);
  531. }
  532. // Set or unset a certain permission for the selected groups.
  533. elseif (!empty($_POST['permissions']))
  534. {
  535. // Unpack two variables that were transported.
  536. list ($permissionType, $permission) = explode('/', $_POST['permissions']);
  537. // Check whether our input is within expected range.
  538. if (!in_array($_POST['add_remove'], array('add', 'clear', 'deny')) || !in_array($permissionType, array('membergroup', 'board')))
  539. redirectexit('action=admin;area=permissions;pid=' . $_REQUEST['pid']);
  540. if ($_POST['add_remove'] == 'clear')
  541. {
  542. if ($permissionType == 'membergroup')
  543. $smcFunc['db_query']('', '
  544. DELETE FROM {db_prefix}permissions
  545. WHERE id_group IN ({array_int:current_group_list})
  546. AND permission = {string:current_permission}
  547. ' . (empty($context['illegal_permissions']) ? '' : ' AND permission NOT IN ({array_string:illegal_permissions})'),
  548. array(
  549. 'current_group_list' => $_POST['group'],
  550. 'current_permission' => $permission,
  551. 'illegal_permissions' => !empty($context['illegal_permissions']) ? $context['illegal_permissions'] : array(),
  552. )
  553. );
  554. else
  555. $smcFunc['db_query']('', '
  556. DELETE FROM {db_prefix}board_permissions
  557. WHERE id_group IN ({array_int:current_group_list})
  558. AND id_profile = {int:current_profile}
  559. AND permission = {string:current_permission}',
  560. array(
  561. 'current_group_list' => $_POST['group'],
  562. 'current_profile' => $bid,
  563. 'current_permission' => $permission,
  564. )
  565. );
  566. }
  567. // Add a permission (either 'set' or 'deny').
  568. else
  569. {
  570. $add_deny = $_POST['add_remove'] == 'add' ? '1' : '0';
  571. $permChange = array();
  572. foreach ($_POST['group'] as $groupID)
  573. {
  574. if ($groupID == -1 && in_array($permission, $context['non_guest_permissions']))
  575. continue;
  576. if ($permissionType == 'membergroup' && $groupID != 1 && $groupID != 3 && (empty($context['illegal_permissions']) || !in_array($permission, $context['illegal_permissions'])))
  577. $permChange[] = array($permission, $groupID, $add_deny);
  578. elseif ($permissionType != 'membergroup')
  579. $permChange[] = array($permission, $groupID, $bid, $add_deny);
  580. }
  581. if (!empty($permChange))
  582. {
  583. if ($permissionType == 'membergroup')
  584. $smcFunc['db_insert']('replace',
  585. '{db_prefix}permissions',
  586. array('permission' => 'string', 'id_group' => 'int', 'add_deny' => 'int'),
  587. $permChange,
  588. array('permission', 'id_group')
  589. );
  590. // Board permissions go into the other table.
  591. else
  592. $smcFunc['db_insert']('replace',
  593. '{db_prefix}board_permissions',
  594. array('permission' => 'string', 'id_group' => 'int', 'id_profile' => 'int', 'add_deny' => 'int'),
  595. $permChange,
  596. array('permission', 'id_group', 'id_profile')
  597. );
  598. }
  599. }
  600. // Another child update!
  601. updateChildPermissions($_POST['group'], $_REQUEST['pid']);
  602. }
  603. redirectexit('action=admin;area=permissions;pid=' . $_REQUEST['pid']);
  604. }
  605. /**
  606. * Initializes the necessary to modify a membergroup's permissions.
  607. */
  608. function ModifyMembergroup()
  609. {
  610. global $context, $txt, $modSettings, $smcFunc, $sourcedir;
  611. if (!isset($_GET['group']))
  612. fatal_lang_error('no_access', false);
  613. $context['group']['id'] = (int) $_GET['group'];
  614. // Are they toggling the view?
  615. if (isset($_GET['view']))
  616. {
  617. $context['admin_preferences']['pv'] = $_GET['view'] == 'classic' ? 'classic' : 'simple';
  618. // Update the users preferences.
  619. require_once($sourcedir . '/Subs-Admin.php');
  620. updateAdminPreferences();
  621. }
  622. $context['view_type'] = !empty($context['admin_preferences']['pv']) && $context['admin_preferences']['pv'] == 'classic' ? 'classic' : 'simple';
  623. // It's not likely you'd end up here with this setting disabled.
  624. if ($_GET['group'] == 1)
  625. redirectexit('action=admin;area=permissions');
  626. loadAllPermissions($context['view_type']);
  627. loadPermissionProfiles();
  628. if ($context['group']['id'] > 0)
  629. {
  630. $result = $smcFunc['db_query']('', '
  631. SELECT group_name, id_parent
  632. FROM {db_prefix}membergroups
  633. WHERE id_group = {int:current_group}
  634. LIMIT 1',
  635. array(
  636. 'current_group' => $context['group']['id'],
  637. )
  638. );
  639. list ($context['group']['name'], $parent) = $smcFunc['db_fetch_row']($result);
  640. $smcFunc['db_free_result']($result);
  641. // Cannot edit an inherited group!
  642. if ($parent != -2)
  643. fatal_lang_error('cannot_edit_permissions_inherited');
  644. }
  645. elseif ($context['group']['id'] == -1)
  646. $context['group']['name'] = $txt['membergroups_guests'];
  647. else
  648. $context['group']['name'] = $txt['membergroups_members'];
  649. $context['profile']['id'] = empty($_GET['pid']) ? 0 : (int) $_GET['pid'];
  650. // If this is a moderator and they are editing "no profile" then we only do boards.
  651. if ($context['group']['id'] == 3 && empty($context['profile']['id']))
  652. {
  653. // For sanity just check they have no general permissions.
  654. $smcFunc['db_query']('', '
  655. DELETE FROM {db_prefix}permissions
  656. WHERE id_group = {int:moderator_group}',
  657. array(
  658. 'moderator_group' => 3,
  659. )
  660. );
  661. $context['profile']['id'] = 1;
  662. }
  663. $context['permission_type'] = empty($context['profile']['id']) ? 'membergroup' : 'board';
  664. $context['profile']['can_modify'] = !$context['profile']['id'] || $context['profiles'][$context['profile']['id']]['can_modify'];
  665. // Set up things a little nicer for board related stuff...
  666. if ($context['permission_type'] == 'board')
  667. {
  668. $context['profile']['name'] = $context['profiles'][$context['profile']['id']]['name'];
  669. $context[$context['admin_menu_name']]['current_subsection'] = 'profiles';
  670. }
  671. // Fetch the current permissions.
  672. $permissions = array(
  673. 'membergroup' => array('allowed' => array(), 'denied' => array()),
  674. 'board' => array('allowed' => array(), 'denied' => array())
  675. );
  676. // General permissions?
  677. if ($context['permission_type'] == 'membergroup')
  678. {
  679. $result = $smcFunc['db_query']('', '
  680. SELECT permission, add_deny
  681. FROM {db_prefix}permissions
  682. WHERE id_group = {int:current_group}',
  683. array(
  684. 'current_group' => $_GET['group'],
  685. )
  686. );
  687. while ($row = $smcFunc['db_fetch_assoc']($result))
  688. $permissions['membergroup'][empty($row['add_deny']) ? 'denied' : 'allowed'][] = $row['permission'];
  689. $smcFunc['db_free_result']($result);
  690. }
  691. // Fetch current board permissions...
  692. $result = $smcFunc['db_query']('', '
  693. SELECT permission, add_deny
  694. FROM {db_prefix}board_permissions
  695. WHERE id_group = {int:current_group}
  696. AND id_profile = {int:current_profile}',
  697. array(
  698. 'current_group' => $context['group']['id'],
  699. 'current_profile' => $context['permission_type'] == 'membergroup' ? 1 : $context['profile']['id'],
  700. )
  701. );
  702. while ($row = $smcFunc['db_fetch_assoc']($result))
  703. $permissions['board'][empty($row['add_deny']) ? 'denied' : 'allowed'][] = $row['permission'];
  704. $smcFunc['db_free_result']($result);
  705. // Loop through each permission and set whether it's checked.
  706. foreach ($context['permissions'] as $permissionType => $tmp)
  707. {
  708. foreach ($tmp['columns'] as $position => $permissionGroups)
  709. {
  710. foreach ($permissionGroups as $permissionGroup => $permissionArray)
  711. {
  712. foreach ($permissionArray['permissions'] as $perm)
  713. {
  714. // Create a shortcut for the current permission.
  715. $curPerm = &$context['permissions'][$permissionType]['columns'][$position][$permissionGroup]['permissions'][$perm['id']];
  716. if ($tmp['view'] == 'classic')
  717. {
  718. if ($perm['has_own_any'])
  719. {
  720. $curPerm['any']['select'] = in_array($perm['id'] . '_any', $permissions[$permissionType]['allowed']) ? 'on' : (in_array($perm['id'] . '_any', $permissions[$permissionType]['denied']) ? 'denied' : 'off');
  721. $curPerm['own']['select'] = in_array($perm['id'] . '_own', $permissions[$permissionType]['allowed']) ? 'on' : (in_array($perm['id'] . '_own', $permissions[$permissionType]['denied']) ? 'denied' : 'off');
  722. }
  723. else
  724. $curPerm['select'] = in_array($perm['id'], $permissions[$permissionType]['denied']) ? 'denied' : (in_array($perm['id'], $permissions[$permissionType]['allowed']) ? 'on' : 'off');
  725. }
  726. else
  727. {
  728. $curPerm['select'] = in_array($perm['id'], $permissions[$permissionType]['denied']) ? 'denied' : (in_array($perm['id'], $permissions[$permissionType]['allowed']) ? 'on' : 'off');
  729. }
  730. }
  731. }
  732. }
  733. }
  734. $context['sub_template'] = 'modify_group';
  735. $context['page_title'] = $txt['permissions_modify_group'];
  736. createToken('admin-mp');
  737. }
  738. /**
  739. * This function actually saves modifications to a membergroup's board permissions.
  740. */
  741. function ModifyMembergroup2()
  742. {
  743. global $modSettings, $smcFunc, $context;
  744. checkSession();
  745. validateToken('admin-mp');
  746. loadIllegalPermissions();
  747. $_GET['group'] = (int) $_GET['group'];
  748. $_GET['pid'] = (int) $_GET['pid'];
  749. // Cannot modify predefined profiles.
  750. if ($_GET['pid'] > 1 && $_GET['pid'] < 5)
  751. fatal_lang_error('no_access', false);
  752. // Verify this isn't inherited.
  753. if ($_GET['group'] == -1 || $_GET['group'] == 0)
  754. $parent = -2;
  755. else
  756. {
  757. $result = $smcFunc['db_query']('', '
  758. SELECT id_parent
  759. FROM {db_prefix}membergroups
  760. WHERE id_group = {int:current_group}
  761. LIMIT 1',
  762. array(
  763. 'current_group' => $_GET['group'],
  764. )
  765. );
  766. list ($parent) = $smcFunc['db_fetch_row']($result);
  767. $smcFunc['db_free_result']($result);
  768. }
  769. if ($parent != -2)
  770. fatal_lang_error('cannot_edit_permissions_inherited');
  771. $givePerms = array('membergroup' => array(), 'board' => array());
  772. // Guest group, we need illegal, guest permissions.
  773. if ($_GET['group'] == -1)
  774. {
  775. loadIllegalGuestPermissions();
  776. $context['illegal_permissions'] = array_merge($context['illegal_permissions'], $context['non_guest_permissions']);
  777. }
  778. // Prepare all permissions that were set or denied for addition to the DB.
  779. if (isset($_POST['perm']) && is_array($_POST['perm']))
  780. {
  781. foreach ($_POST['perm'] as $perm_type => $perm_array)
  782. {
  783. if (is_array($perm_array))
  784. {
  785. foreach ($perm_array as $permission => $value)
  786. if ($value == 'on' || $value == 'deny')
  787. {
  788. // Don't allow people to escalate themselves!
  789. if (!empty($context['illegal_permissions']) && in_array($permission, $context['illegal_permissions']))
  790. continue;
  791. $givePerms[$perm_type][] = array($_GET['group'], $permission, $value == 'deny' ? 0 : 1);
  792. }
  793. }
  794. }
  795. }
  796. // Insert the general permissions.
  797. if ($_GET['group'] != 3 && empty($_GET['pid']))
  798. {
  799. $smcFunc['db_query']('', '
  800. DELETE FROM {db_prefix}permissions
  801. WHERE id_group = {int:current_group}
  802. ' . (empty($context['illegal_permissions']) ? '' : ' AND permission NOT IN ({array_string:illegal_permissions})'),
  803. array(
  804. 'current_group' => $_GET['group'],
  805. 'illegal_permissions' => !empty($context['illegal_permissions']) ? $context['illegal_permissions'] : array(),
  806. )
  807. );
  808. if (!empty($givePerms['membergroup']))
  809. {
  810. $smcFunc['db_insert']('replace',
  811. '{db_prefix}permissions',
  812. array('id_group' => 'int', 'permission' => 'string', 'add_deny' => 'int'),
  813. $givePerms['membergroup'],
  814. array('id_group', 'permission')
  815. );
  816. }
  817. }
  818. // Insert the boardpermissions.
  819. $profileid = max(1, $_GET['pid']);
  820. $smcFunc['db_query']('', '
  821. DELETE FROM {db_prefix}board_permissions
  822. WHERE id_group = {int:current_group}
  823. AND id_profile = {int:current_profile}',
  824. array(
  825. 'current_group' => $_GET['group'],
  826. 'current_profile' => $profileid,
  827. )
  828. );
  829. if (!empty($givePerms['board']))
  830. {
  831. foreach ($givePerms['board'] as $k => $v)
  832. $givePerms['board'][$k][] = $profileid;
  833. $smcFunc['db_insert']('replace',
  834. '{db_prefix}board_permissions',
  835. array('id_group' => 'int', 'permission' => 'string', 'add_deny' => 'int', 'id_profile' => 'int'),
  836. $givePerms['board'],
  837. array('id_group', 'permission', 'id_profile')
  838. );
  839. }
  840. // Update any inherited permissions as required.
  841. updateChildPermissions($_GET['group'], $_GET['pid']);
  842. // Clear cached privs.
  843. updateSettings(array('settings_updated' => time()));
  844. redirectexit('action=admin;area=permissions;pid=' . $_GET['pid']);
  845. }
  846. /**
  847. * A screen to set some general settings for permissions.
  848. *
  849. * @param bool $return_config = false
  850. */
  851. function GeneralPermissionSettings($return_config = false)
  852. {
  853. global $context, $modSettings, $sourcedir, $txt, $scripturl, $smcFunc;
  854. // All the setting variables
  855. $config_vars = array(
  856. array('title', 'settings'),
  857. // Inline permissions.
  858. array('permissions', 'manage_permissions'),
  859. '',
  860. // A few useful settings
  861. array('check', 'permission_enable_deny', 0, $txt['permission_settings_enable_deny'], 'help' => 'permissions_deny'),
  862. array('check', 'permission_enable_postgroups', 0, $txt['permission_settings_enable_postgroups'], 'help' => 'permissions_postgroups'),
  863. );
  864. call_integration_hook('integrate_modify_permission_settings', array(&$config_vars));
  865. if ($return_config)
  866. return $config_vars;
  867. $context['page_title'] = $txt['permission_settings_title'];
  868. $context['sub_template'] = 'show_settings';
  869. // Needed for the inline permission functions, and the settings template.
  870. require_once($sourcedir . '/ManageServer.php');
  871. // Don't let guests have these permissions.
  872. $context['post_url'] = $scripturl . '?action=admin;area=permissions;save;sa=settings';
  873. $context['permissions_excluded'] = array(-1);
  874. // Saving the settings?
  875. if (isset($_GET['save']))
  876. {
  877. checkSession('post');
  878. call_integration_hook('integrate_save_permission_settings');
  879. saveDBSettings($config_vars);
  880. // Clear all deny permissions...if we want that.
  881. if (empty($modSettings['permission_enable_deny']))
  882. {
  883. $smcFunc['db_query']('', '
  884. DELETE FROM {db_prefix}permissions
  885. WHERE add_deny = {int:denied}',
  886. array(
  887. 'denied' => 0,
  888. )
  889. );
  890. $smcFunc['db_query']('', '
  891. DELETE FROM {db_prefix}board_permissions
  892. WHERE add_deny = {int:denied}',
  893. array(
  894. 'denied' => 0,
  895. )
  896. );
  897. }
  898. // Make sure there are no postgroup based permissions left.
  899. if (empty($modSettings['permission_enable_postgroups']))
  900. {
  901. // Get a list of postgroups.
  902. $post_groups = array();
  903. $request = $smcFunc['db_query']('', '
  904. SELECT id_group
  905. FROM {db_prefix}membergroups
  906. WHERE min_posts != {int:min_posts}',
  907. array(
  908. 'min_posts' => -1,
  909. )
  910. );
  911. while ($row = $smcFunc['db_fetch_assoc']($request))
  912. $post_groups[] = $row['id_group'];
  913. $smcFunc['db_free_result']($request);
  914. // Remove'em.
  915. $smcFunc['db_query']('', '
  916. DELETE FROM {db_prefix}permissions
  917. WHERE id_group IN ({array_int:post_group_list})',
  918. array(
  919. 'post_group_list' => $post_groups,
  920. )
  921. );
  922. $smcFunc['db_query']('', '
  923. DELETE FROM {db_prefix}board_permissions
  924. WHERE id_group IN ({array_int:post_group_list})',
  925. array(
  926. 'post_group_list' => $post_groups,
  927. )
  928. );
  929. $smcFunc['db_query']('', '
  930. UPDATE {db_prefix}membergroups
  931. SET id_parent = {int:not_inherited}
  932. WHERE id_parent IN ({array_int:post_group_list})',
  933. array(
  934. 'post_group_list' => $post_groups,
  935. 'not_inherited' => -2,
  936. )
  937. );
  938. }
  939. $_SESSION['adm-save'] = true;
  940. redirectexit('action=admin;area=permissions;sa=settings');
  941. }
  942. // We need this for the in-line permissions
  943. createToken('admin-mp');
  944. prepareDBSettingContext($config_vars);
  945. }
  946. /**
  947. * Set the permission level for a specific profile, group, or group for a profile.
  948. * @internal
  949. *
  950. * @param string $level
  951. * @param int $group
  952. * @param mixed $profile = null, int expected
  953. */
  954. function setPermissionLevel($level, $group, $profile = 'null')
  955. {
  956. global $smcFunc, $context;
  957. loadIllegalPermissions();
  958. loadIllegalGuestPermissions();
  959. // Levels by group... restrict, standard, moderator, maintenance.
  960. $groupLevels = array(
  961. 'board' => array('inherit' => array()),
  962. 'group' => array('inherit' => array())
  963. );
  964. // Levels by board... standard, publish, free.
  965. $boardLevels = array('inherit' => array());
  966. // Restrictive - ie. guests.
  967. $groupLevels['global']['restrict'] = array(
  968. 'search_posts',
  969. 'calendar_view',
  970. 'view_stats',
  971. 'who_view',
  972. 'profile_identity_own',
  973. );
  974. $groupLevels['board']['restrict'] = array(
  975. 'poll_view',
  976. 'post_new',
  977. 'post_reply_own',
  978. 'post_reply_any',
  979. 'delete_own',
  980. 'modify_own',
  981. 'mark_any_notify',
  982. 'mark_notify',
  983. 'report_any',
  984. 'send_topic',
  985. );
  986. // Standard - ie. members. They can do anything Restrictive can.
  987. $groupLevels['global']['standard'] = array_merge($groupLevels['global']['restrict'], array(
  988. 'view_mlist',
  989. 'karma_edit',
  990. 'pm_read',
  991. 'pm_send',
  992. 'send_email_to_members',
  993. 'profile_view',
  994. 'profile_extra_own',
  995. 'profile_signature_own',
  996. 'profile_forum_own',
  997. 'profile_other_own',
  998. 'profile_password_own',
  999. 'profile_server_avatar',
  1000. 'profile_displayed_name',
  1001. 'profile_upload_avatar',
  1002. 'profile_remote_avatar',
  1003. 'profile_remove_own',
  1004. ));
  1005. $groupLevels['board']['standard'] = array_merge($groupLevels['board']['restrict'], array(
  1006. 'poll_vote',
  1007. 'poll_edit_own',
  1008. 'poll_post',
  1009. 'poll_add_own',
  1010. 'post_attachment',
  1011. 'lock_own',
  1012. 'remove_own',
  1013. 'view_attachments',
  1014. ));
  1015. // Moderator - ie. moderators :P. They can do what standard can, and more.
  1016. $groupLevels['global']['moderator'] = array_merge($groupLevels['global']['standard'], array(
  1017. 'calendar_post',
  1018. 'calendar_edit_own',
  1019. 'access_mod_center',
  1020. 'issue_warning',
  1021. ));
  1022. $groupLevels['board']['moderator'] = array_merge($groupLevels['board']['standard'], array(
  1023. 'make_sticky',
  1024. 'poll_edit_any',
  1025. 'delete_any',
  1026. 'modify_any',
  1027. 'lock_any',
  1028. 'remove_any',
  1029. 'move_any',
  1030. 'merge_any',
  1031. 'split_any',
  1032. 'poll_lock_any',
  1033. 'poll_remove_any',
  1034. 'poll_add_any',
  1035. 'approve_posts',
  1036. ));
  1037. // Maintenance - wannabe admins. They can do almost everything.
  1038. $groupLevels['global']['maintenance'] = array_merge($groupLevels['global']['moderator'], array(
  1039. 'manage_attachments',
  1040. 'manage_smileys',
  1041. 'manage_boards',
  1042. 'moderate_forum',
  1043. 'manage_membergroups',
  1044. 'manage_bans',
  1045. 'admin_forum',
  1046. 'manage_permissions',
  1047. 'edit_news',
  1048. 'calendar_edit_any',
  1049. 'profile_identity_any',
  1050. 'profile_extra_any',
  1051. 'profile_signature_any',
  1052. 'profile_forum_own',
  1053. 'profile_other_any',
  1054. 'profile_displayed_name_any',
  1055. 'profile_password_any',
  1056. 'profile_title_any',
  1057. ));
  1058. $groupLevels['board']['maintenance'] = array_merge($groupLevels['board']['moderator'], array(
  1059. ));
  1060. // Standard - nothing above the group permissions. (this SHOULD be empty.)
  1061. $boardLevels['standard'] = array(
  1062. );
  1063. // Locked - just that, you can't post here.
  1064. $boardLevels['locked'] = array(
  1065. 'poll_view',
  1066. 'mark_notify',
  1067. 'report_any',
  1068. 'send_topic',
  1069. 'view_attachments',
  1070. );
  1071. // Publisher - just a little more...
  1072. $boardLevels['publish'] = array_merge($boardLevels['locked'], array(
  1073. 'post_new',
  1074. 'post_reply_own',
  1075. 'post_reply_any',
  1076. 'delete_own',
  1077. 'modify_own',
  1078. 'mark_any_notify',
  1079. 'delete_replies',
  1080. 'modify_replies',
  1081. 'poll_vote',
  1082. 'poll_edit_own',
  1083. 'poll_post',
  1084. 'poll_add_own',
  1085. 'poll_remove_own',
  1086. 'post_attachment',
  1087. 'lock_own',
  1088. 'remove_own',
  1089. ));
  1090. // Free for All - Scary. Just scary.
  1091. $boardLevels['free'] = array_merge($boardLevels['publish'], array(
  1092. 'poll_lock_any',
  1093. 'poll_edit_any',
  1094. 'poll_add_any',
  1095. 'poll_remove_any',
  1096. 'make_sticky',
  1097. 'lock_any',
  1098. 'remove_any',
  1099. 'delete_any',
  1100. 'split_any',
  1101. 'merge_any',
  1102. 'modify_any',
  1103. 'approve_posts',
  1104. ));
  1105. // Make sure we're not granting someone too many permissions!
  1106. foreach ($groupLevels['global'][$level] as $k => $permission)
  1107. {
  1108. if (!empty($context['illegal_permissions']) && in_array($permission, $context['illegal_permissions']))
  1109. unset($groupLevels['global'][$level][$k]);
  1110. if ($group == -1 && in_array($permission, $context['non_guest_permissions']))
  1111. unset($groupLevels['global'][$level][$k]);
  1112. }
  1113. if ($group == -1)
  1114. foreach ($groupLevels['board'][$level] as $k => $permission)
  1115. if (in_array($permission, $context['non_guest_permissions']))
  1116. unset($groupLevels['board'][$level][$k]);
  1117. // Reset all cached permissions.
  1118. updateSettings(array('settings_updated' => time()));
  1119. // Setting group permissions.
  1120. if ($profile === 'null' && $group !== 'null')
  1121. {
  1122. $group = (int) $group;
  1123. if (empty($groupLevels['global'][$level]))
  1124. return;
  1125. $smcFunc['db_query']('', '
  1126. DELETE FROM {db_prefix}permissions
  1127. WHERE id_group = {int:current_group}
  1128. ' . (empty($context['illegal_permissions']) ? '' : ' AND permission NOT IN ({array_string:illegal_permissions})'),
  1129. array(
  1130. 'current_group' => $group,
  1131. 'illegal_permissions' => !empty($context['illegal_permissions']) ? $context['illegal_permissions'] : array(),
  1132. )
  1133. );
  1134. $smcFunc['db_query']('', '
  1135. DELETE FROM {db_prefix}board_permissions
  1136. WHERE id_group = {int:current_group}
  1137. AND id_profile = {int:default_profile}',
  1138. array(
  1139. 'current_group' => $group,
  1140. 'default_profile' => 1,
  1141. )
  1142. );
  1143. $groupInserts = array();
  1144. foreach ($groupLevels['global'][$level] as $permission)
  1145. $groupInserts[] = array($group, $permission);
  1146. $smcFunc['db_insert']('insert',
  1147. '{db_prefix}permissions',
  1148. array('id_group' => 'int', 'permission' => 'string'),
  1149. $groupInserts,
  1150. array('id_group')
  1151. );
  1152. $boardInserts = array();
  1153. foreach ($groupLevels['board'][$level] as $permission)
  1154. $boardInserts[] = array(1, $group, $permission);
  1155. $smcFunc['db_insert']('insert',
  1156. '{db_prefix}board_permissions',
  1157. array('id_profile' => 'int', 'id_group' => 'int', 'permission' => 'string'),
  1158. $boardInserts,
  1159. array('id_profile', 'id_group')
  1160. );
  1161. }
  1162. // Setting profile permissions for a specific group.
  1163. elseif ($profile !== 'null' && $group !== 'null' && ($profile == 1 || $profile > 4))
  1164. {
  1165. $group = (int) $group;
  1166. $profile = (int) $profile;
  1167. if (!empty($groupLevels['global'][$level]))
  1168. {
  1169. $smcFunc['db_query']('', '
  1170. DELETE FROM {db_prefix}board_permissions
  1171. WHERE id_group = {int:current_group}
  1172. AND id_profile = {int:current_profile}',
  1173. array(
  1174. 'current_group' => $group,
  1175. 'current_profile' => $profile,
  1176. )
  1177. );
  1178. }
  1179. if (!empty($groupLevels['board'][$level]))
  1180. {
  1181. $boardInserts = array();
  1182. foreach ($groupLevels['board'][$level] as $permission)
  1183. $boardInserts[] = array($profile, $group, $permission);
  1184. $smcFunc['db_insert']('insert',
  1185. '{db_prefix}board_permissions',
  1186. array('id_profile' => 'int', 'id_group' => 'int', 'permission' => 'string'),
  1187. $boardInserts,
  1188. array('id_profile', 'id_group')
  1189. );
  1190. }
  1191. }
  1192. // Setting profile permissions for all groups.
  1193. elseif ($profile !== 'null' && $group === 'null' && ($profile == 1 || $profile > 4))
  1194. {
  1195. $profile = (int) $profile;
  1196. $smcFunc['db_query']('', '
  1197. DELETE FROM {db_prefix}board_permissions
  1198. WHERE id_profile = {int:current_profile}',
  1199. array(
  1200. 'current_profile' => $profile,
  1201. )
  1202. );
  1203. if (empty($boardLevels[$level]))
  1204. return;
  1205. // Get all the groups...
  1206. $query = $smcFunc['db_query']('', '
  1207. SELECT id_group
  1208. FROM {db_prefix}membergroups
  1209. WHERE id_group > {int:moderator_group}
  1210. ORDER BY min_posts, CASE WHEN id_group < {int:newbie_group} THEN id_group ELSE 4 END, group_name',
  1211. array(
  1212. 'moderator_group' => 3,
  1213. 'newbie_group' => 4,
  1214. )
  1215. );
  1216. while ($row = $smcFunc['db_fetch_row']($query))
  1217. {
  1218. $group = $row[0];
  1219. $boardInserts = array();
  1220. foreach ($boardLevels[$level] as $permission)
  1221. $boardInserts[] = array($profile, $group, $permission);
  1222. $smcFunc['db_insert']('insert',
  1223. '{db_prefix}board_permissions',
  1224. array('id_profile' => 'int', 'id_group' => 'int', 'permission' => 'string'),
  1225. $boardInserts,
  1226. array('id_profile', 'id_group')
  1227. );
  1228. }
  1229. $smcFunc['db_free_result']($query);
  1230. // Add permissions for ungrouped members.
  1231. $boardInserts = array();
  1232. foreach ($boardLevels[$level] as $permission)
  1233. $boardInserts[] = array($profile, 0, $permission);
  1234. $smcFunc['db_insert']('insert',
  1235. '{db_prefix}board_permissions',
  1236. array('id_profile' => 'int', 'id_group' => 'int', 'permission' => 'string'),
  1237. $boardInserts,
  1238. array('id_profile', 'id_group')
  1239. );
  1240. }
  1241. // $profile and $group are both null!
  1242. else
  1243. fatal_lang_error('no_access', false);
  1244. }
  1245. /**
  1246. * Load permissions into $context['permissions'].
  1247. * @internal
  1248. *
  1249. * @param string $loadType options: 'classic' or 'simple'
  1250. */
  1251. function loadAllPermissions($loadType = 'classic')
  1252. {
  1253. global $context, $txt, $modSettings;
  1254. // List of all the groups dependant on the currently selected view - for the order so it looks pretty, yea?
  1255. // Note to Mod authors - you don't need to stick your permission group here if you don't mind SMF sticking it the last group of the page.
  1256. $permissionGroups = array(
  1257. 'membergroup' => array(
  1258. 'simple' => array(
  1259. 'view_basic_info',
  1260. 'use_pm_system',
  1261. 'post_calendar',
  1262. 'edit_profile',
  1263. 'delete_account',
  1264. 'use_avatar',
  1265. 'moderate_general',
  1266. 'administrate',
  1267. ),
  1268. 'classic' => array(
  1269. 'general',
  1270. 'pm',
  1271. 'calendar',
  1272. 'maintenance',
  1273. 'member_admin',
  1274. 'profile',
  1275. ),
  1276. ),
  1277. 'board' => array(
  1278. 'simple' => array(
  1279. 'make_posts',
  1280. 'make_unapproved_posts',
  1281. 'post_polls',
  1282. 'participate',
  1283. 'modify',
  1284. 'notification',
  1285. 'attach',
  1286. 'moderate',
  1287. ),
  1288. 'classic' => array(
  1289. 'general_board',
  1290. 'topic',
  1291. 'post',
  1292. 'poll',
  1293. 'notification',
  1294. 'attachment',
  1295. ),
  1296. ),
  1297. );
  1298. /* The format of this list is as follows:
  1299. 'membergroup' => array(
  1300. 'permissions_inside' => array(has_multiple_options, classic_view_group, simple_view_group(_own)*, simple_view_group_any*),
  1301. ),
  1302. 'board' => array(
  1303. 'permissions_inside' => array(has_multiple_options, classic_view_group, simple_view_group(_own)*, simple_view_group_any*),
  1304. );
  1305. */
  1306. $permissionList = array(
  1307. 'membergroup' => array(
  1308. 'view_stats' => array(false, 'general', 'view_basic_info'),
  1309. 'view_mlist' => array(false, 'general', 'view_basic_info'),
  1310. 'who_view' => array(false, 'general', 'view_basic_info'),
  1311. 'search_posts' => array(false, 'general', 'view_basic_info'),
  1312. 'karma_edit' => array(false, 'general', 'moderate_general'),
  1313. 'pm_read' => array(false, 'pm', 'use_pm_system'),
  1314. 'pm_send' => array(false, 'pm', 'use_pm_system'),
  1315. 'pm_draft' => array(false, 'pm', 'use_pm_system'),
  1316. 'pm_autosave_draft' => array(false, 'pm', 'use_pm_system'),
  1317. 'send_email_to_members' => array(false, 'pm', 'use_pm_system'),
  1318. 'calendar_view' => array(false, 'calendar', 'view_basic_info'),
  1319. 'calendar_post' => array(false, 'calendar', 'post_calendar'),
  1320. 'calendar_edit' => array(true, 'calendar', 'post_calendar', 'moderate_general'),
  1321. 'admin_forum' => array(false, 'maintenance', 'administrate'),
  1322. 'manage_boards' => array(false, 'maintenance', 'administrate'),
  1323. 'manage_attachments' => array(false, 'maintenance', 'administrate'),
  1324. 'manage_smileys' => array(false, 'maintenance', 'administrate'),
  1325. 'edit_news' => array(false, 'maintenance', 'administrate'),
  1326. 'access_mod_center' => array(false, 'maintenance', 'moderate_general'),
  1327. 'moderate_forum' => array(false, 'member_admin', 'moderate_general'),
  1328. 'manage_membergroups' => array(false, 'member_admin', 'administrate'),
  1329. 'manage_permissions' => array(false, 'member_admin', 'administrate'),
  1330. 'manage_bans' => array(false, 'member_admin', 'administrate'),
  1331. 'send_mail' => array(false, 'member_admin', 'administrate'),
  1332. 'issue_warning' => array(false, 'member_admin', 'moderate_general'),
  1333. 'profile_view' => array(false, 'profile', 'view_basic_info'),
  1334. 'profile_identity' => array(true, 'profile', 'edit_profile', 'moderate_general'),
  1335. 'profile_forum' => array(true, 'profile', 'edit_profile', 'moderate_general'),
  1336. 'profile_password' => array(true, 'profile', 'edit_profile', 'moderate_general'),
  1337. 'profile_extra' => array(true, 'profile', 'edit_profile', 'moderate_general'),
  1338. 'profile_signature' => array(true, 'profile', 'edit_profile', 'moderate_general'),
  1339. 'profile_other' => array(true, 'profile', 'edit_profile', 'moderate_general'),
  1340. 'profile_title' => array(true, 'profile', 'edit_profile', 'moderate_general'),
  1341. 'profile_displayed_name' => array(true, 'profile', 'edit_profile', 'moderate_general'),
  1342. 'profile_blurb' => array(true, 'profile', 'edit_profile', 'moderate_general'),
  1343. 'profile_remove' => array(true, 'profile', 'delete_account', 'moderate_general'),
  1344. 'profile_server_avatar' => array(false, 'profile', 'use_avatar'),
  1345. 'profile_upload_avatar' => array(false, 'profile', 'use_avatar'),
  1346. 'profile_remote_avatar' => array(false, 'profile', 'use_avatar'),
  1347. ),
  1348. 'board' => array(
  1349. 'moderate_board' => array(false, 'general_board', 'moderate'),
  1350. 'approve_posts' => array(false, 'general_board', 'moderate'),
  1351. 'post_new' => array(false, 'topic', 'make_posts'),
  1352. 'post_draft' => array(false, 'topic', 'make_posts'),
  1353. 'post_autosave_draft' => array(false, 'topic', 'make_posts'),
  1354. 'post_unapproved_topics' => array(false, 'topic', 'make_unapproved_posts'),
  1355. 'post_unapproved_replies' => array(true, 'topic', 'make_unapproved_posts', 'make_unapproved_posts'),
  1356. 'post_reply' => array(true, 'topic', 'make_posts', 'make_posts'),
  1357. 'merge_any' => array(false, 'topic', 'moderate'),
  1358. 'split_any' => array(false, 'topic', 'moderate'),
  1359. 'send_topic' => array(false, 'topic', 'moderate'),
  1360. 'make_sticky' => array(false, 'topic', 'moderate'),
  1361. 'move' => array(true, 'topic', 'moderate', 'moderate'),
  1362. 'lock' => array(true, 'topic', 'moderate', 'moderate'),
  1363. 'remove' => array(true, 'topic', 'modify', 'moderate'),
  1364. 'modify_replies' => array(false, 'topic', 'moderate'),
  1365. 'delete_replies' => array(false, 'topic', 'moderate'),
  1366. 'announce_topic' => array(false, 'topic', 'moderate'),
  1367. 'delete' => array(true, 'post', 'modify', 'moderate'),
  1368. 'modify' => array(true, 'post', 'modify', 'moderate'),
  1369. 'report_any' => array(false, 'post', 'participate'),
  1370. 'poll_view' => array(false, 'poll', 'participate'),
  1371. 'poll_vote' => array(false, 'poll', 'participate'),
  1372. 'poll_post' => array(false, 'poll', 'post_polls'),
  1373. 'poll_add' => array(true, 'poll', 'post_polls', 'moderate'),
  1374. 'poll_edit' => array(true, 'poll', 'modify', 'moderate'),
  1375. 'poll_lock' => array(true, 'poll', 'moderate', 'moderate'),
  1376. 'poll_remove' => array(true, 'poll', 'modify', 'moderate'),
  1377. 'mark_any_notify' => array(false, 'notification', 'notification'),
  1378. 'mark_notify' => array(false, 'notification', 'notification'),
  1379. 'view_attachments' => array(false, 'attachment', 'participate'),
  1380. 'post_unapproved_attachments' => array(false, 'attachment', 'make_unapproved_posts'),
  1381. 'post_attachment' => array(false, 'attachment', 'attach'),
  1382. ),
  1383. );
  1384. // All permission groups that will be shown in the left column on classic view.
  1385. $leftPermissionGroups = array(
  1386. 'general',
  1387. 'calendar',
  1388. 'maintenance',
  1389. 'member_admin',
  1390. 'topic',
  1391. 'post',
  1392. );
  1393. // We need to know what permissions we can't give to guests.
  1394. loadIllegalGuestPermissions();
  1395. // Some permissions are hidden if features are off.
  1396. $hiddenPermissions = array();
  1397. $relabelPermissions = array(); // Permissions to apply a different label to.
  1398. $relabelGroups = array(); // As above but for groups.
  1399. if (empty($modSettings['cal_enabled']))
  1400. {
  1401. $hiddenPermissions[] = 'calendar_view';
  1402. $hiddenPermissions[] = 'calendar_post';
  1403. $hiddenPermissions[] = 'calendar_edit';
  1404. }
  1405. if ($modSettings['warning_settings'][0] == 0)
  1406. $hiddenPermissions[] = 'issue_warning';
  1407. if (empty($modSettings['karmaMode']))
  1408. $hiddenPermissions[] = 'karma_edit';
  1409. // Post moderation?
  1410. if (!$modSettings['postmod_active'])
  1411. {
  1412. $hiddenPermissions[] = 'approve_posts';
  1413. $hiddenPermissions[] = 'post_unapproved_topics';
  1414. $hiddenPermissions[] = 'post_unapproved_replies';
  1415. $hiddenPermissions[] = 'post_unapproved_attachments';
  1416. }
  1417. // If we show them on classic view we change the name.
  1418. else
  1419. {
  1420. // Relabel the topics permissions
  1421. $relabelPermissions['post_new'] = 'auto_approve_topics';
  1422. // Relabel the reply permissions
  1423. $relabelPermissions['post_reply'] = 'auto_approve_replies';
  1424. // Relabel the attachment permissions
  1425. $relabelPermissions['post_attachment'] = 'auto_approve_attachments';
  1426. }
  1427. // Are attachments enabled?
  1428. if (empty($modSettings['attachmentEnable']))
  1429. {
  1430. $hiddenPermissions[] = 'manage_attachments';
  1431. $hiddenPermissions[] = 'view_attachments';
  1432. $hiddenPermissions[] = 'post_unapproved_attachments';
  1433. $hiddenPermissions[] = 'post_attachment';
  1434. }
  1435. // Provide a practical way to modify permissions.
  1436. call_integration_hook('integrate_load_permissions', array(&$permissionGroups, &$permissionList, &$leftPermissionGroups, &$hiddenPermissions, &$relabelPermissions));
  1437. $context['permissions'] = array();
  1438. $context['hidden_permissions'] = array();
  1439. foreach ($permissionList as $permissionType => $permissionList)
  1440. {
  1441. $context['permissions'][$permissionType] = array(
  1442. 'id' => $permissionType,
  1443. 'view' => $loadType,
  1444. 'columns' => array()
  1445. );
  1446. foreach ($permissionList as $permission => $permissionArray)
  1447. {
  1448. // If this is a guest permission we don't do it if it's the guest group.
  1449. if (isset($context['group']['id']) && $context['group']['id'] == -1 && in_array($permission, $context['non_guest_permissions']))
  1450. continue;
  1451. // What groups will this permission be in?
  1452. $own_group = $permissionArray[($loadType == 'classic' ? 1 : 2)];
  1453. $any_group = $loadType == 'simple' && !empty($permissionArray[3]) ? $permissionArray[3] : ($loadType == 'simple' && $permissionArray[0] ? $permissionArray[2] : '');
  1454. // First, Do these groups actually exist - if not add them.
  1455. if (!isset($permissionGroups[$permissionType][$loadType][$own_group]))
  1456. $permissionGroups[$permissionType][$loadType][$own_group] = true;
  1457. if (!empty($any_group) && !isset($permissionGroups[$permissionType][$loadType][$any_group]))
  1458. $permissionGroups[$permissionType][$loadType][$any_group] = true;
  1459. // What column should this be located into?
  1460. $position = $loadType == 'classic' && !in_array($own_group, $leftPermissionGroups) ? 1 : 0;
  1461. // If the groups have not yet been created be sure to create them.
  1462. $bothGroups = array('own' => $own_group);
  1463. $bothGroups = array();
  1464. // For guests, just reset the array.
  1465. if (!isset($context['group']['id']) || !($context['group']['id'] == -1 && $any_group))
  1466. $bothGroups['own'] = $own_group;
  1467. if ($any_group)
  1468. {
  1469. $bothGroups['any'] = $any_group;
  1470. }
  1471. foreach ($bothGroups as $group)
  1472. if (!isset($context['permissions'][$permissionType]['columns'][$position][$group]))
  1473. $context['permissions'][$permissionType]['columns'][$position][$group] = array(
  1474. 'type' => $permissionType,
  1475. 'id' => $group,
  1476. 'name' => $loadType == 'simple' ? (isset($txt['permissiongroup_simple_' . $group]) ? $txt['permissiongroup_simple_' . $group] : '') : $txt['permissiongroup_' . $group],
  1477. 'icon' => isset($txt['permissionicon_' . $group]) ? $txt['permissionicon_' . $group] : $txt['permissionicon'],
  1478. 'help' => isset($txt['permissionhelp_' . $group]) ? $txt['permissionhelp_' . $group] : '',
  1479. 'hidden' => false,
  1480. 'permissions' => array()
  1481. );
  1482. // This is where we set up the permission dependant on the view.
  1483. if ($loadType == 'classic')
  1484. {
  1485. $context['permissions'][$permissionType]['columns'][$position][$own_group]['permissions'][$permission] = array(
  1486. 'id' => $permission,
  1487. 'name' => !isset($relabelPermissions[$permission]) ? $txt['permissionname_' . $permission] : $txt[$relabelPermissions[$permission]],
  1488. 'show_help' => isset($txt['permissionhelp_' . $permission]),
  1489. 'note' => isset($txt['permissionnote_' . $permission]) ? $txt['permissionnote_' . $permission] : '',
  1490. 'has_own_any' => $permissionArray[0],
  1491. 'own' => array(
  1492. 'id' => $permission . '_own',
  1493. 'name' => $permissionArray[0] ? $txt['permissionname_' . $permission . '_own'] : ''
  1494. ),
  1495. 'any' => array(
  1496. 'id' => $permission . '_any',
  1497. 'name' => $permissionArray[0] ? $txt['permissionname_' . $permission . '_any'] : ''
  1498. ),
  1499. 'hidden' => in_array($permission, $hiddenPermissions),
  1500. );
  1501. }
  1502. else
  1503. {
  1504. foreach ($bothGroups as $group_type => $group)
  1505. {
  1506. $context['permissions'][$permissionType]['columns'][$position][$group]['permissions'][$permission . ($permissionArray[0] ? '_' . $group_type : '')] = array(
  1507. 'id' => $permission . ($permissionArray[0] ? '_' . $group_type : ''),
  1508. 'name' => isset($txt['permissionname_simple_' . $permission . ($permissionArray[0] ? '_' . $group_type : '')]) ? $txt['permissionname_simple_' . $permission . ($permissionArray[0] ? '_' . $group_type : '')] : $txt['permissionname_' . $permission],
  1509. 'help_index' => isset($txt['permissionhelp_' . $permission]) ? 'permissionhelp_' . $permission : '',
  1510. 'hidden' => in_array($permission, $hiddenPermissions),
  1511. );
  1512. }
  1513. }
  1514. if (in_array($permission, $hiddenPermissions))
  1515. {
  1516. if ($permissionArray[0])
  1517. {
  1518. $context['hidden_permissions'][] = $permission . '_own';
  1519. $context['hidden_permissions'][] = $permission . '_any';
  1520. }
  1521. else
  1522. $context['hidden_permissions'][] = $permission;
  1523. }
  1524. }
  1525. ksort($context['permissions'][$permissionType]['columns']);
  1526. // Check we don't leave any empty groups - and mark hidden ones as such.
  1527. foreach ($context['permissions'][$permissionType]['columns'] as $column => $groups)
  1528. foreach ($groups as $id => $group)
  1529. {
  1530. if (empty($group['permissions']))
  1531. unset($context['permissions'][$permissionType]['columns'][$column][$id]);
  1532. else
  1533. {
  1534. $foundNonHidden = false;
  1535. foreach ($group['permissions'] as $permission)
  1536. if (empty($permission['hidden']))
  1537. $foundNonHidden = true;
  1538. if (!$foundNonHidden)
  1539. $context['permissions'][$permissionType]['columns'][$column][$id]['hidden'] = true;
  1540. }
  1541. }
  1542. }
  1543. }
  1544. /**
  1545. * Initialize a form with inline permissions settings.
  1546. * It loads a context variables for each permission.
  1547. * This function is used by several settings screens to set specific permissions.
  1548. * @internal
  1549. *
  1550. * @param array $permissions
  1551. * @param array $excluded_groups = array()
  1552. *
  1553. * @uses ManagePermissions language
  1554. * @uses ManagePermissions template.
  1555. */
  1556. function init_inline_permissions($permissions, $excluded_groups = array())
  1557. {
  1558. global $context, $txt, $modSettings, $smcFunc;
  1559. loadLanguage('ManagePermissions');
  1560. loadTemplate('ManagePermissions');
  1561. $context['can_change_permissions'] = allowedTo('manage_permissions');
  1562. // Nothing to initialize here.
  1563. if (!$context['can_change_permissions'])
  1564. return;
  1565. // Load the permission settings for guests
  1566. foreach ($permissions as $permission)
  1567. $context[$permission] = array(
  1568. -1 => array(
  1569. 'id' => -1,
  1570. 'name' => $txt['membergroups_guests'],
  1571. 'is_postgroup' => false,
  1572. 'status' => 'off',
  1573. ),
  1574. 0 => array(
  1575. 'id' => 0,
  1576. 'name' => $txt['membergroups_members'],
  1577. 'is_postgroup' => false,
  1578. 'status' => 'off',
  1579. ),
  1580. );
  1581. $request = $smcFunc['db_query']('', '
  1582. SELECT id_group, CASE WHEN add_deny = {int:denied} THEN {string:deny} ELSE {string:on} END AS status, permission
  1583. FROM {db_prefix}permissions
  1584. WHERE id_group IN (-1, 0)
  1585. AND permission IN ({array_string:permissions})',
  1586. array(
  1587. 'denied' => 0,
  1588. 'permissions' => $permissions,
  1589. 'deny' => 'deny',
  1590. 'on' => 'on',
  1591. )
  1592. );
  1593. while ($row = $smcFunc['db_fetch_assoc']($request))
  1594. $context[$row['permission']][$row['id_group']]['status'] = $row['status'];
  1595. $smcFunc['db_free_result']($request);
  1596. $request = $smcFunc['db_query']('', '
  1597. SELECT mg.id_group, mg.group_name, mg.min_posts, IFNULL(p.add_deny, -1) AS status, p.permission
  1598. FROM {db_prefix}membergroups AS mg
  1599. LEFT JOIN {db_prefix}permissions AS p ON (p.id_group = mg.id_group AND p.permission IN ({array_string:permissions}))
  1600. WHERE mg.id_group NOT IN (1, 3)
  1601. AND mg.id_parent = {int:not_inherited}' . (empty($modSettings['permission_enable_postgroups']) ? '
  1602. AND mg.min_posts = {int:min_posts}' : '') . '
  1603. ORDER BY mg.min_posts, CASE WHEN mg.id_group < {int:newbie_group} THEN mg.id_group ELSE 4 END, mg.group_name',
  1604. array(
  1605. 'not_inherited' => -2,
  1606. 'min_posts' => -1,
  1607. 'newbie_group' => 4,
  1608. 'permissions' => $permissions,
  1609. )
  1610. );
  1611. while ($row = $smcFunc['db_fetch_assoc']($request))
  1612. {
  1613. // Initialize each permission as being 'off' until proven otherwise.
  1614. foreach ($permissions as $permission)
  1615. if (!isset($context[$permission][$row['id_group']]))
  1616. $context[$permission][$row['id_group']] = array(
  1617. 'id' => $row['id_group'],
  1618. 'name' => $row['group_name'],
  1619. 'is_postgroup' => $row['min_posts'] != -1,
  1620. 'status' => 'off',
  1621. );
  1622. $context[$row['permission']][$row['id_group']]['status'] = empty($row['status']) ? 'deny' : ($row['status'] == 1 ? 'on' : 'off');
  1623. }
  1624. $smcFunc['db_free_result']($request);
  1625. // Some permissions cannot be given to certain groups. Remove the groups.
  1626. foreach ($excluded_groups as $group)
  1627. {
  1628. foreach ($permissions as $permission)
  1629. {
  1630. if (isset($context[$permission][$group]))
  1631. unset($context[$permission][$group]);
  1632. }
  1633. }
  1634. }
  1635. /**
  1636. * Show a collapsible box to set a specific permission.
  1637. * The function is called by templates to show a list of permissions settings.
  1638. * Calls the template function template_inline_permissions().
  1639. *
  1640. * @param string $permission
  1641. */
  1642. function theme_inline_permissions($permission)
  1643. {
  1644. global $context;
  1645. $context['current_permission'] = $permission;
  1646. $context['member_groups'] = $context[$permission];
  1647. template_inline_permissions();
  1648. }
  1649. /**
  1650. * Save the permissions of a form containing inline permissions.
  1651. * @internal
  1652. *
  1653. * @param array $permissions
  1654. */
  1655. function save_inline_permissions($permissions)
  1656. {
  1657. global $context, $smcFunc;
  1658. // No permissions? Not a great deal to do here.
  1659. if (!allowedTo('manage_permissions'))
  1660. return;
  1661. // Almighty session check, verify our ways.
  1662. checkSession();
  1663. validateToken('admin-mp');
  1664. // Check they can't do certain things.
  1665. loadIllegalPermissions();
  1666. $insertRows = array();
  1667. foreach ($permissions as $permission)
  1668. {
  1669. if (!isset($_POST[$permission]))
  1670. continue;
  1671. foreach ($_POST[$permission] as $id_group => $value)
  1672. {
  1673. if (in_array($value, array('on', 'deny')) && (empty($context['illegal_permissions']) || !in_array($permission, $context['illegal_permissions'])))
  1674. $insertRows[] = array((int) $id_group, $permission, $value == 'on' ? 1 : 0);
  1675. }
  1676. }
  1677. // Remove the old permissions...
  1678. $smcFunc['db_query']('', '
  1679. DELETE FROM {db_prefix}permissions
  1680. WHERE permission IN ({array_string:permissions})
  1681. ' . (empty($context['illegal_permissions']) ? '' : ' AND permission NOT IN ({array_string:illegal_permissions})'),
  1682. array(
  1683. 'illegal_permissions' => !empty($context['illegal_permissions']) ? $context['illegal_permissions'] : array(),
  1684. 'permissions' => $permissions,
  1685. )
  1686. );
  1687. // ...and replace them with new ones.
  1688. if (!empty($insertRows))
  1689. $smcFunc['db_insert']('insert',
  1690. '{db_prefix}permissions',
  1691. array('id_group' => 'int', 'permission' => 'string', 'add_deny' => 'int'),
  1692. $insertRows,
  1693. array('id_group', 'permission')
  1694. );
  1695. // Do a full child update.
  1696. updateChildPermissions(array(), -1);
  1697. // Just in case we cached this.
  1698. updateSettings(array('settings_updated' => time()));
  1699. }
  1700. /**
  1701. * Load permissions profiles.
  1702. */
  1703. function loadPermissionProfiles()
  1704. {
  1705. global $context, $txt, $smcFunc;
  1706. $request = $smcFunc['db_query']('', '
  1707. SELECT id_profile, profile_name
  1708. FROM {db_prefix}permission_profiles
  1709. ORDER BY id_profile',
  1710. array(
  1711. )
  1712. );
  1713. $context['profiles'] = array();
  1714. while ($row = $smcFunc['db_fetch_assoc']($request))
  1715. {
  1716. // Format the label nicely.
  1717. if (isset($txt['permissions_profile_' . $row['profile_name']]))
  1718. $name = $txt['permissions_profile_' . $row['profile_name']];
  1719. else
  1720. $name = $row['profile_name'];
  1721. $context['profiles'][$row['id_profile']] = array(
  1722. 'id' => $row['id_profile'],
  1723. 'name' => $name,
  1724. 'can_modify' => $row['id_profile'] == 1 || $row['id_profile'] > 4,
  1725. 'unformatted_name' => $row['profile_name'],
  1726. );
  1727. }
  1728. $smcFunc['db_free_result']($request);
  1729. }
  1730. /**
  1731. * Add/Edit/Delete profiles.
  1732. */
  1733. function EditPermissionProfiles()
  1734. {
  1735. global $context, $txt, $smcFunc;
  1736. // Setup the template, first for fun.
  1737. $context['page_title'] = $txt['permissions_profile_edit'];
  1738. $context['sub_template'] = 'edit_profiles';
  1739. // If we're creating a new one do it first.
  1740. if (isset($_POST['create']) && trim($_POST['profile_name']) != '')
  1741. {
  1742. checkSession();
  1743. validateToken('admin-mpp');
  1744. $_POST['copy_from'] = (int) $_POST['copy_from'];
  1745. $_POST['profile_name'] = $smcFunc['htmlspecialchars']($_POST['profile_name']);
  1746. // Insert the profile itself.
  1747. $smcFunc['db_insert']('',
  1748. '{db_prefix}permission_profiles',
  1749. array(
  1750. 'profile_name' => 'string',
  1751. ),
  1752. array(
  1753. $_POST['profile_name'],
  1754. ),
  1755. array('id_profile')
  1756. );
  1757. $profile_id = $smcFunc['db_insert_id']('{db_prefix}permission_profiles', 'id_profile');
  1758. // Load the permissions from the one it's being copied from.
  1759. $request = $smcFunc['db_query']('', '
  1760. SELECT id_group, permission, add_deny
  1761. FROM {db_prefix}board_permissions
  1762. WHERE id_profile = {int:copy_from}',
  1763. array(
  1764. 'copy_from' => $_POST['copy_from'],
  1765. )
  1766. );
  1767. $inserts = array();
  1768. while ($row = $smcFunc['db_fetch_assoc']($request))
  1769. $inserts[] = array($profile_id, $row['id_group'], $row['permission'], $row['add_deny']);
  1770. $smcFunc['db_free_result']($request);
  1771. if (!empty($inserts))
  1772. $smcFunc['db_insert']('insert',
  1773. '{db_prefix}board_permissions',
  1774. array('id_profile' => 'int', 'id_group' => 'int', 'permission' => 'string', 'add_deny' => 'int'),
  1775. $inserts,
  1776. array('id_profile', 'id_group', 'permission')
  1777. );
  1778. }
  1779. // Renaming?
  1780. elseif (isset($_POST['rename']))
  1781. {
  1782. checkSession();
  1783. validateToken('admin-mpp');
  1784. // Just showing the boxes?
  1785. if (!isset($_POST['rename_profile']))
  1786. $context['show_rename_boxes'] = true;
  1787. else
  1788. {
  1789. foreach ($_POST['rename_profile'] as $id => $value)
  1790. {
  1791. $value = $smcFunc['htmlspecialchars']($value);
  1792. if (trim($value) != '' && $id > 4)
  1793. $smcFunc['db_query']('', '
  1794. UPDATE {db_prefix}permission_profiles
  1795. SET profile_name = {string:profile_name}
  1796. WHERE id_profile = {int:current_profile}',
  1797. array(
  1798. 'current_profile' => (int) $id,
  1799. 'profile_name' => $value,
  1800. )
  1801. );
  1802. }
  1803. }
  1804. }
  1805. // Deleting?
  1806. elseif (isset($_POST['delete']) && !empty($_POST['delete_profile']))
  1807. {
  1808. checkSession('post');
  1809. validateToken('admin-mpp');
  1810. $profiles = array();
  1811. foreach ($_POST['delete_profile'] as $profile)
  1812. if ($profile > 4)
  1813. $profiles[] = (int) $profile;
  1814. // Verify it's not in use...
  1815. $request = $smcFunc['db_query']('', '
  1816. SELECT id_board
  1817. FROM {db_prefix}boards
  1818. WHERE id_profile IN ({array_int:profile_list})
  1819. LIMIT 1',
  1820. array(
  1821. 'profile_list' => $profiles,
  1822. )
  1823. );
  1824. if ($smcFunc['db_num_rows']($request) != 0)
  1825. fatal_lang_error('no_access', false);
  1826. $smcFunc['db_free_result']($request);
  1827. // Oh well, delete.
  1828. $smcFunc['db_query']('', '
  1829. DELETE FROM {db_prefix}permission_profiles
  1830. WHERE id_profile IN ({array_int:profile_list})',
  1831. array(
  1832. 'profile_list' => $profiles,
  1833. )
  1834. );
  1835. }
  1836. // Clearly, we'll need this!
  1837. loadPermissionProfiles();
  1838. // Work out what ones are in use.
  1839. $request = $smcFunc['db_query']('', '
  1840. SELECT id_profile, COUNT(id_board) AS board_count
  1841. FROM {db_prefix}boards
  1842. GROUP BY id_profile',
  1843. array(
  1844. )
  1845. );
  1846. while ($row = $smcFunc['db_fetch_assoc']($request))
  1847. if (isset($context['profiles'][$row['id_profile']]))
  1848. {
  1849. $context['profiles'][$row['id_profile']]['in_use'] = true;
  1850. $context['profiles'][$row['id_profile']]['boards'] = $row['board_count'];
  1851. $context['profiles'][$row['id_profile']]['boards_text'] = $row['board_count'] > 1 ? sprintf($txt['permissions_profile_used_by_many'], $row['board_count']) : $txt['permissions_profile_used_by_' . ($row['board_count'] ? 'one' : 'none')];
  1852. }
  1853. $smcFunc['db_free_result']($request);
  1854. // What can we do with these?
  1855. $context['can_edit_something'] = false;
  1856. foreach ($context['profiles'] as $id => $profile)
  1857. {
  1858. // Can't delete special ones.
  1859. $context['profiles'][$id]['can_edit'] = isset($txt['permissions_profile_' . $profile['unformatted_name']]) ? false : true;
  1860. if ($context['profiles'][$id]['can_edit'])
  1861. $context['can_edit_something'] = true;
  1862. // You can only delete it if you can edit it AND it's not in use.
  1863. $context['profiles'][$id]['can_delete'] = $context['profiles'][$id]['can_edit'] && empty($profile['in_use']) ? true : false;
  1864. }
  1865. createToken('admin-mpp');
  1866. }
  1867. /**
  1868. * This function updates the permissions of any groups based off this group.
  1869. *
  1870. * @param mixed $parents (array or int)
  1871. * @param mixed $profile = null, int expected
  1872. */
  1873. function updateChildPermissions($parents, $profile = null)
  1874. {
  1875. global $smcFunc;
  1876. // All the parent groups to sort out.
  1877. if (!is_array($parents))
  1878. $parents = array($parents);
  1879. // Find all the children of this group.
  1880. $request = $smcFunc['db_query']('', '
  1881. SELECT id_parent, id_group
  1882. FROM {db_prefix}membergroups
  1883. WHERE id_parent != {int:not_inherited}
  1884. ' . (empty($parents) ? '' : 'AND id_parent IN ({array_int:parent_list})'),
  1885. array(
  1886. 'parent_list' => $parents,
  1887. 'not_inherited' => -2,
  1888. )
  1889. );
  1890. $children = array();
  1891. $parents = array();
  1892. $child_groups = array();
  1893. while ($row = $smcFunc['db_fetch_assoc']($request))
  1894. {
  1895. $children[$row['id_parent']][] = $row['id_group'];
  1896. $child_groups[] = $row['id_group'];
  1897. $parents[] = $row['id_parent'];
  1898. }
  1899. $smcFunc['db_free_result']($request);
  1900. $parents = array_unique($parents);
  1901. // Not a sausage, or a child?
  1902. if (empty($children))
  1903. return false;
  1904. // First off, are we doing general permissions?
  1905. if ($profile < 1 || $profile === null)
  1906. {
  1907. // Fetch all the parent permissions.
  1908. $request = $smcFunc['db_query']('', '
  1909. SELECT id_group, permission, add_deny
  1910. FROM {db_prefix}permissions
  1911. WHERE id_group IN ({array_int:parent_list})',
  1912. array(
  1913. 'parent_list' => $parents,
  1914. )
  1915. );
  1916. $permissions = array();
  1917. while ($row = $smcFunc['db_fetch_assoc']($request))
  1918. foreach ($children[$row['id_group']] as $child)
  1919. $permissions[] = array($child, $row['permission'], $row['add_deny']);
  1920. $smcFunc['db_free_result']($request);
  1921. $smcFunc['db_query']('', '
  1922. DELETE FROM {db_prefix}permissions
  1923. WHERE id_group IN ({array_int:child_groups})',
  1924. array(
  1925. 'child_groups' => $child_groups,
  1926. )
  1927. );
  1928. // Finally insert.
  1929. if (!empty($permissions))
  1930. {
  1931. $smcFunc['db_insert']('insert',
  1932. '{db_prefix}permissions',
  1933. array('id_group' => 'int', 'permission' => 'string', 'add_deny' => 'int'),
  1934. $permissions,
  1935. array('id_group', 'permission')
  1936. );
  1937. }
  1938. }
  1939. // Then, what about board profiles?
  1940. if ($profile != -1)
  1941. {
  1942. $profileQuery = $profile === null ? '' : ' AND id_profile = {int:current_profile}';
  1943. // Again, get all the parent permissions.
  1944. $request = $smcFunc['db_query']('', '
  1945. SELECT id_profile, id_group, permission, add_deny
  1946. FROM {db_prefix}board_permissions
  1947. WHERE id_group IN ({array_int:parent_groups})
  1948. ' . $profileQuery,
  1949. array(
  1950. 'parent_groups' => $parents,
  1951. 'current_profile' => $profile !== null && $profile ? $profile : 1,
  1952. )
  1953. );
  1954. $permissions = array();
  1955. while ($row = $smcFunc['db_fetch_assoc']($request))
  1956. foreach ($children[$row['id_group']] as $child)
  1957. $permissions[] = array($child, $row['id_profile'], $row['permission'], $row['add_deny']);
  1958. $smcFunc['db_free_result']($request);
  1959. $smcFunc['db_query']('', '
  1960. DELETE FROM {db_prefix}board_permissions
  1961. WHERE id_group IN ({array_int:child_groups})
  1962. ' . $profileQuery,
  1963. array(
  1964. 'child_groups' => $child_groups,
  1965. 'current_profile' => $profile !== null && $profile ? $profile : 1,
  1966. )
  1967. );
  1968. // Do the insert.
  1969. if (!empty($permissions))
  1970. {
  1971. $smcFunc['db_insert']('insert',
  1972. '{db_prefix}board_permissions',
  1973. array('id_group' => 'int', 'id_profile' => 'int', 'permission' => 'string', 'add_deny' => 'int'),
  1974. $permissions,
  1975. array('id_group', 'id_profile', 'permission')
  1976. );
  1977. }
  1978. }
  1979. }
  1980. /**
  1981. * Load permissions someone cannot grant.
  1982. */
  1983. function loadIllegalPermissions()
  1984. {
  1985. global $context;
  1986. $context['illegal_permissions'] = array();
  1987. if (!allowedTo('admin_forum'))
  1988. $context['illegal_permissions'][] = 'admin_forum';
  1989. if (!allowedTo('manage_membergroups'))
  1990. $context['illegal_permissions'][] = 'manage_membergroups';
  1991. if (!allowedTo('manage_permissions'))
  1992. $context['illegal_permissions'][] = 'manage_permissions';
  1993. call_integration_hook('integrate_load_illegal_permissions');
  1994. }
  1995. /**
  1996. * Loads the permissions that can not be given to guests.
  1997. * Stores the permissions in $context['non_guest_permissions'].
  1998. */
  1999. function loadIllegalGuestPermissions()
  2000. {
  2001. global $context;
  2002. $context['non_guest_permissions'] = array(
  2003. 'delete_replies',
  2004. 'karma_edit',
  2005. 'poll_add_own',
  2006. 'pm_read',
  2007. 'pm_send',
  2008. 'profile_identity',
  2009. 'profile_extra',
  2010. 'profile_signature',
  2011. 'profile_forum',
  2012. 'profile_other',
  2013. 'profile_password',
  2014. 'profile_title',
  2015. 'profile_blurb',
  2016. 'profile_displayed_name',
  2017. 'profile_remove',
  2018. 'profile_server_avatar',
  2019. 'profile_upload_avatar',
  2020. 'profile_remote_avatar',
  2021. 'mark_any_notify',
  2022. 'mark_notify',
  2023. 'admin_forum',
  2024. 'manage_boards',
  2025. 'manage_attachments',
  2026. 'manage_smileys',
  2027. 'edit_news',
  2028. 'access_mod_center',
  2029. 'moderate_forum',
  2030. 'issue_warning',
  2031. 'manage_membergroups',
  2032. 'manage_permissions',
  2033. 'manage_bans',
  2034. 'move_own',
  2035. 'modify_replies',
  2036. 'send_mail',
  2037. 'approve_posts',
  2038. 'post_draft',
  2039. 'post_autosave_draft',
  2040. 'pm_draft',
  2041. 'pm_autosave_draft',
  2042. 'report_any',
  2043. 'make_sticky',
  2044. 'merge_any',
  2045. 'split_any',
  2046. 'lock_any',
  2047. 'move_any',
  2048. 'modify_any',
  2049. 'remove_any',
  2050. 'moderate_board',
  2051. 'poll_add_any',
  2052. 'poll_edit_any',
  2053. 'poll_lock_any',
  2054. 'poll_remove_any',
  2055. 'announce_topic'
  2056. );
  2057. call_integration_hook('integrate_load_illegal_guest_permissions');
  2058. }
  2059. /**
  2060. * Present a nice way of applying post moderation.
  2061. */
  2062. function ModifyPostModeration()
  2063. {
  2064. global $context, $txt, $smcFunc, $modSettings, $sourcedir;
  2065. // Just in case.
  2066. checkSession('get');
  2067. $context['page_title'] = $txt['permissions_post_moderation'];
  2068. $context['sub_template'] = 'postmod_permissions';
  2069. $context['current_profile'] = isset($_REQUEST['pid']) ? (int) $_REQUEST['pid'] : 1;
  2070. // Load all the permission profiles.
  2071. loadPermissionProfiles();
  2072. // Mappings, our key => array(can_do_moderated, can_do_all)
  2073. $mappings = array(
  2074. 'new_topic' => array('post_new', 'post_unapproved_topics'),
  2075. 'replies_own' => array('post_reply_own', 'post_unapproved_replies_own'),
  2076. 'replies_any' => array('post_reply_any', 'post_unapproved_replies_any'),
  2077. 'attachment' => array('post_attachment', 'post_unapproved_attachments'),
  2078. );
  2079. call_integration_hook('integrate_post_moderation_mapping', array(&$mappings));
  2080. // Start this with the guests/members.
  2081. $context['profile_groups'] = array(
  2082. -1 => array(
  2083. 'id' => -1,
  2084. 'name' => $txt['membergroups_guests'],
  2085. 'color' => '',
  2086. 'new_topic' => 'disallow',
  2087. 'replies_own' => 'disallow',
  2088. 'replies_any' => 'disallow',
  2089. 'attachment' => 'disallow',
  2090. 'children' => array(),
  2091. ),
  2092. 0 => array(
  2093. 'id' => 0,
  2094. 'name' => $txt['membergroups_members'],
  2095. 'color' => '',
  2096. 'new_topic' => 'disallow',
  2097. 'replies_own' => 'disallow',
  2098. 'replies_any' => 'disallow',
  2099. 'attachment' => 'disallow',
  2100. 'children' => array(),
  2101. ),
  2102. );
  2103. // Load the groups.
  2104. $request = $smcFunc['db_query']('', '
  2105. SELECT id_group, group_name, online_color, id_parent
  2106. FROM {db_prefix}membergroups
  2107. WHERE id_group != {int:admin_group}
  2108. ' . (empty($modSettings['permission_enable_postgroups']) ? ' AND min_posts = {int:min_posts}' : '') . '
  2109. ORDER BY id_parent ASC',
  2110. array(
  2111. 'admin_group' => 1,
  2112. 'min_posts' => -1,
  2113. )
  2114. );
  2115. while ($row = $smcFunc['db_fetch_assoc']($request))
  2116. {
  2117. if ($row['id_parent'] == -2)
  2118. {
  2119. $context['profile_groups'][$row['id_group']] = array(
  2120. 'id' => $row['id_group'],
  2121. 'name' => $row['group_name'],
  2122. 'color' => $row['online_color'],
  2123. 'new_topic' => 'disallow',
  2124. 'replies_own' => 'disallow',
  2125. 'replies_any' => 'disallow',
  2126. 'attachment' => 'disallow',
  2127. 'children' => array(),
  2128. );
  2129. }
  2130. elseif (isset($context['profile_groups'][$row['id_parent']]))
  2131. $context['profile_groups'][$row['id_parent']]['children'][] = $row['group_name'];
  2132. }
  2133. $smcFunc['db_free_result']($request);
  2134. // What are the permissions we are querying?
  2135. $all_permissions = array();
  2136. foreach ($mappings as $perm_set)
  2137. $all_permissions = array_merge($all_permissions, $perm_set);
  2138. // If we're saving the changes then do just that - save them.
  2139. if (!empty($_POST['save_changes']) && ($context['current_profile'] == 1 || $context['current_profile'] > 4))
  2140. {
  2141. validateToken('admin-mppm');
  2142. // First, are we saving a new value for enabled post moderation?
  2143. $new_setting = !empty($_POST['postmod_active']);
  2144. if ($new_setting != $modSettings['postmod_active'])
  2145. {
  2146. if ($new_setting)
  2147. {
  2148. // Turning it on. This seems easy enough.
  2149. updateSettings(array('postmod_active' => 1));
  2150. }
  2151. else
  2152. {
  2153. // Turning it off. Not so straightforward. We have to turn off warnings to moderation level, and make everything approved.
  2154. updateSettings(array(
  2155. 'postmod_active' => 0,
  2156. 'warning_moderate' => 0,
  2157. ));
  2158. require_once($sourcedir . '/PostModeration.php');
  2159. approveAllData();
  2160. }
  2161. }
  2162. elseif ($modSettings['postmod_active'])
  2163. {
  2164. // We're not saving a new setting - and if it's still enabled we have more work to do.
  2165. // Start by deleting all the permissions relevant.
  2166. $smcFunc['db_query']('', '
  2167. DELETE FROM {db_prefix}board_permissions
  2168. WHERE id_profile = {int:current_profile}
  2169. AND permission IN ({array_string:permissions})
  2170. AND id_group IN ({array_int:profile_group_list})',
  2171. array(
  2172. 'profile_group_list' => array_keys($context['profile_groups']),
  2173. 'current_profile' => $context['current_profile'],
  2174. 'permissions' => $all_permissions,
  2175. )
  2176. );
  2177. // Do it group by group.
  2178. $new_permissions = array();
  2179. foreach ($context['profile_groups'] as $id => $group)
  2180. {
  2181. foreach ($mappings as $index => $data)
  2182. {
  2183. if (isset($_POST[$index][$group['id']]))
  2184. {
  2185. if ($_POST[$index][$group['id']] == 'allow')
  2186. {
  2187. // Give them both sets for fun.
  2188. $new_permissions[] = array($context['current_profile'], $group['id'], $data[0], 1);
  2189. $new_permissions[] = array($context['current_profile'], $group['id'], $data[1], 1);
  2190. }
  2191. elseif ($_POST[$index][$group['id']] == 'moderate')
  2192. $new_permissions[] = array($context['current_profile'], $group['id'], $data[1], 1);
  2193. }
  2194. }
  2195. }
  2196. // Insert new permissions.
  2197. if (!empty($new_permissions))
  2198. $smcFunc['db_insert']('',
  2199. '{db_prefix}board_permissions',
  2200. array('id_profile' => 'int', 'id_group' => 'int', 'permission' => 'string', 'add_deny' => 'int'),
  2201. $new_permissions,
  2202. array('id_profile', 'id_group', 'permission')
  2203. );
  2204. }
  2205. }
  2206. // Now get all the permissions!
  2207. $request = $smcFunc['db_query']('', '
  2208. SELECT id_group, permission, add_deny
  2209. FROM {db_prefix}board_permissions
  2210. WHERE id_profile = {int:current_profile}
  2211. AND permission IN ({array_string:permissions})
  2212. AND id_group IN ({array_int:profile_group_list})',
  2213. array(
  2214. 'profile_group_list' => array_keys($context['profile_groups']),
  2215. 'current_profile' => $context['current_profile'],
  2216. 'permissions' => $all_permissions,
  2217. )
  2218. );
  2219. while ($row = $smcFunc['db_fetch_assoc']($request))
  2220. {
  2221. foreach ($mappings as $key => $data)
  2222. {
  2223. foreach ($data as $index => $perm)
  2224. {
  2225. if ($perm == $row['permission'])
  2226. {
  2227. // Only bother if it's not denied.
  2228. if ($row['add_deny'])
  2229. {
  2230. // Full allowance?
  2231. if ($index == 0)
  2232. $context['profile_groups'][$row['id_group']][$key] = 'allow';
  2233. // Otherwise only bother with moderate if not on allow.
  2234. elseif ($context['profile_groups'][$row['id_group']][$key] != 'allow')
  2235. $context['profile_groups'][$row['id_group']][$key] = 'moderate';
  2236. }
  2237. }
  2238. }
  2239. }
  2240. }
  2241. $smcFunc['db_free_result']($request);
  2242. createToken('admin-mppm');
  2243. }
  2244. ?>