ManagePermissions.php 74 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299130013011302130313041305130613071308130913101311131213131314131513161317131813191320132113221323132413251326132713281329133013311332133313341335133613371338133913401341134213431344134513461347134813491350135113521353135413551356135713581359136013611362136313641365136613671368136913701371137213731374137513761377137813791380138113821383138413851386138713881389139013911392139313941395139613971398139914001401140214031404140514061407140814091410141114121413141414151416141714181419142014211422142314241425142614271428142914301431143214331434143514361437143814391440144114421443144414451446144714481449145014511452145314541455145614571458145914601461146214631464146514661467146814691470147114721473147414751476147714781479148014811482148314841485148614871488148914901491149214931494149514961497149814991500150115021503150415051506150715081509151015111512151315141515151615171518151915201521152215231524152515261527152815291530153115321533153415351536153715381539154015411542154315441545154615471548154915501551155215531554155515561557155815591560156115621563156415651566156715681569157015711572157315741575157615771578157915801581158215831584158515861587158815891590159115921593159415951596159715981599160016011602160316041605160616071608160916101611161216131614161516161617161816191620162116221623162416251626162716281629163016311632163316341635163616371638163916401641164216431644164516461647164816491650165116521653165416551656165716581659166016611662166316641665166616671668166916701671167216731674167516761677167816791680168116821683168416851686168716881689169016911692169316941695169616971698169917001701170217031704170517061707170817091710171117121713171417151716171717181719172017211722172317241725172617271728172917301731173217331734173517361737173817391740174117421743174417451746174717481749175017511752175317541755175617571758175917601761176217631764176517661767176817691770177117721773177417751776177717781779178017811782178317841785178617871788178917901791179217931794179517961797179817991800180118021803180418051806180718081809181018111812181318141815181618171818181918201821182218231824182518261827182818291830183118321833183418351836183718381839184018411842184318441845184618471848184918501851185218531854185518561857185818591860186118621863186418651866186718681869187018711872187318741875187618771878187918801881188218831884188518861887188818891890189118921893189418951896189718981899190019011902190319041905190619071908190919101911191219131914191519161917191819191920192119221923192419251926192719281929193019311932193319341935193619371938193919401941194219431944194519461947194819491950195119521953195419551956195719581959196019611962196319641965196619671968196919701971197219731974197519761977197819791980198119821983198419851986198719881989199019911992199319941995199619971998199920002001200220032004200520062007200820092010201120122013201420152016201720182019202020212022202320242025202620272028202920302031203220332034203520362037203820392040204120422043204420452046204720482049205020512052205320542055205620572058205920602061206220632064206520662067206820692070207120722073207420752076207720782079208020812082208320842085208620872088208920902091209220932094209520962097209820992100210121022103210421052106210721082109211021112112211321142115211621172118211921202121212221232124212521262127212821292130213121322133213421352136213721382139214021412142214321442145214621472148214921502151215221532154215521562157215821592160216121622163216421652166216721682169217021712172217321742175217621772178217921802181218221832184218521862187218821892190219121922193219421952196219721982199220022012202220322042205220622072208220922102211221222132214221522162217221822192220222122222223222422252226222722282229223022312232223322342235223622372238223922402241224222432244224522462247224822492250225122522253225422552256225722582259226022612262226322642265226622672268226922702271227222732274227522762277227822792280228122822283228422852286228722882289229022912292229322942295229622972298229923002301230223032304230523062307230823092310231123122313231423152316231723182319232023212322232323242325232623272328232923302331233223332334233523362337233823392340234123422343234423452346234723482349235023512352235323542355235623572358235923602361236223632364236523662367236823692370237123722373237423752376237723782379238023812382238323842385238623872388
  1. <?php
  2. /**
  3. * ManagePermissions handles all possible permission stuff.
  4. *
  5. * Simple Machines Forum (SMF)
  6. *
  7. * @package SMF
  8. * @author Simple Machines http://www.simplemachines.org
  9. * @copyright 2011 Simple Machines
  10. * @license http://www.simplemachines.org/about/smf/license.php BSD
  11. *
  12. * @version 2.0
  13. */
  14. if (!defined('SMF'))
  15. die('Hacking attempt...');
  16. /**
  17. * Dispaches to the right function based on the given subaction.
  18. * Checks the permissions, based on the sub-action.
  19. * Called by ?action=managepermissions.
  20. *
  21. * @uses ManagePermissions language file.
  22. */
  23. function ModifyPermissions()
  24. {
  25. global $txt, $scripturl, $context;
  26. loadLanguage('ManagePermissions+ManageMembers');
  27. loadTemplate('ManagePermissions');
  28. // Format: 'sub-action' => array('function_to_call', 'permission_needed'),
  29. $subActions = array(
  30. 'board' => array('PermissionByBoard', 'manage_permissions'),
  31. 'index' => array('PermissionIndex', 'manage_permissions'),
  32. 'modify' => array('ModifyMembergroup', 'manage_permissions'),
  33. 'modify2' => array('ModifyMembergroup2', 'manage_permissions'),
  34. 'quick' => array('SetQuickGroups', 'manage_permissions'),
  35. 'quickboard' => array('SetQuickBoards', 'manage_permissions'),
  36. 'postmod' => array('ModifyPostModeration', 'manage_permissions'),
  37. 'profiles' => array('EditPermissionProfiles', 'manage_permissions'),
  38. 'settings' => array('GeneralPermissionSettings', 'admin_forum'),
  39. );
  40. $_REQUEST['sa'] = isset($_REQUEST['sa']) && isset($subActions[$_REQUEST['sa']]) ? $_REQUEST['sa'] : (allowedTo('manage_permissions') ? 'index' : 'settings');
  41. isAllowedTo($subActions[$_REQUEST['sa']][1]);
  42. // Create the tabs for the template.
  43. $context[$context['admin_menu_name']]['tab_data'] = array(
  44. 'title' => $txt['permissions_title'],
  45. 'help' => 'permissions',
  46. 'description' => '',
  47. 'tabs' => array(
  48. 'index' => array(
  49. 'description' => $txt['permissions_groups'],
  50. ),
  51. 'board' => array(
  52. 'description' => $txt['permission_by_board_desc'],
  53. ),
  54. 'profiles' => array(
  55. 'description' => $txt['permissions_profiles_desc'],
  56. ),
  57. 'postmod' => array(
  58. 'description' => $txt['permissions_post_moderation_desc'],
  59. ),
  60. 'settings' => array(
  61. 'description' => $txt['permission_settings_desc'],
  62. ),
  63. ),
  64. );
  65. $subActions[$_REQUEST['sa']][0]();
  66. }
  67. /**
  68. * Sets up the permissions by membergroup index page.
  69. * Called by ?action=managepermissions
  70. * Creates an array of all the groups with the number of members and permissions.
  71. *
  72. * @uses ManagePermissions language file.
  73. * @uses ManagePermissions template file.
  74. * @uses ManageBoards template, permission_index sub-template.
  75. */
  76. function PermissionIndex()
  77. {
  78. global $txt, $scripturl, $context, $settings, $modSettings, $smcFunc;
  79. $context['page_title'] = $txt['permissions_title'];
  80. // Load all the permissions. We'll need them in the template.
  81. loadAllPermissions();
  82. // Also load profiles, we may want to reset.
  83. loadPermissionProfiles();
  84. // Are we going to show the advanced options?
  85. $context['show_advanced_options'] = empty($context['admin_preferences']['app']);
  86. // Determine the number of ungrouped members.
  87. $request = $smcFunc['db_query']('', '
  88. SELECT COUNT(*)
  89. FROM {db_prefix}members
  90. WHERE id_group = {int:regular_group}',
  91. array(
  92. 'regular_group' => 0,
  93. )
  94. );
  95. list ($num_members) = $smcFunc['db_fetch_row']($request);
  96. $smcFunc['db_free_result']($request);
  97. // Fill the context variable with 'Guests' and 'Regular Members'.
  98. $context['groups'] = array(
  99. -1 => array(
  100. 'id' => -1,
  101. 'name' => $txt['membergroups_guests'],
  102. 'num_members' => $txt['membergroups_guests_na'],
  103. 'allow_delete' => false,
  104. 'allow_modify' => true,
  105. 'can_search' => false,
  106. 'href' => '',
  107. 'link' => '',
  108. 'is_post_group' => false,
  109. 'color' => '',
  110. 'stars' => '',
  111. 'children' => array(),
  112. 'num_permissions' => array(
  113. 'allowed' => 0,
  114. // Can't deny guest permissions!
  115. 'denied' => '(' . $txt['permissions_none'] . ')'
  116. ),
  117. 'access' => false
  118. ),
  119. 0 => array(
  120. 'id' => 0,
  121. 'name' => $txt['membergroups_members'],
  122. 'num_members' => $num_members,
  123. 'allow_delete' => false,
  124. 'allow_modify' => true,
  125. 'can_search' => false,
  126. 'href' => $scripturl . '?action=moderate;area=viewgroups;sa=members;group=0',
  127. 'is_post_group' => false,
  128. 'color' => '',
  129. 'stars' => '',
  130. 'children' => array(),
  131. 'num_permissions' => array(
  132. 'allowed' => 0,
  133. 'denied' => 0
  134. ),
  135. 'access' => false
  136. ),
  137. );
  138. $postGroups = array();
  139. $normalGroups = array();
  140. // Query the database defined membergroups.
  141. $query = $smcFunc['db_query']('', '
  142. SELECT id_group, id_parent, group_name, min_posts, online_color, stars
  143. FROM {db_prefix}membergroups' . (empty($modSettings['permission_enable_postgroups']) ? '
  144. WHERE min_posts = {int:min_posts}' : '') . '
  145. ORDER BY id_parent = {int:not_inherited} DESC, min_posts, CASE WHEN id_group < {int:newbie_group} THEN id_group ELSE 4 END, group_name',
  146. array(
  147. 'min_posts' => -1,
  148. 'not_inherited' => -2,
  149. 'newbie_group' => 4,
  150. )
  151. );
  152. while ($row = $smcFunc['db_fetch_assoc']($query))
  153. {
  154. // If it's inherited, just add it as a child.
  155. if ($row['id_parent'] != -2)
  156. {
  157. if (isset($context['groups'][$row['id_parent']]))
  158. $context['groups'][$row['id_parent']]['children'][$row['id_group']] = $row['group_name'];
  159. continue;
  160. }
  161. $row['stars'] = explode('#', $row['stars']);
  162. $context['groups'][$row['id_group']] = array(
  163. 'id' => $row['id_group'],
  164. 'name' => $row['group_name'],
  165. 'num_members' => $row['id_group'] != 3 ? 0 : $txt['membergroups_guests_na'],
  166. 'allow_delete' => $row['id_group'] > 4,
  167. 'allow_modify' => $row['id_group'] > 1,
  168. 'can_search' => $row['id_group'] != 3,
  169. 'href' => $scripturl . '?action=moderate;area=viewgroups;sa=members;group=' . $row['id_group'],
  170. 'is_post_group' => $row['min_posts'] != -1,
  171. 'color' => empty($row['online_color']) ? '' : $row['online_color'],
  172. 'stars' => !empty($row['stars'][0]) && !empty($row['stars'][1]) ? str_repeat('<img src="' . $settings['images_url'] . '/' . $row['stars'][1] . '" alt="*" />', $row['stars'][0]) : '',
  173. 'children' => array(),
  174. 'num_permissions' => array(
  175. 'allowed' => $row['id_group'] == 1 ? '(' . $txt['permissions_all'] . ')' : 0,
  176. 'denied' => $row['id_group'] == 1 ? '(' . $txt['permissions_none'] . ')' : 0
  177. ),
  178. 'access' => false,
  179. );
  180. if ($row['min_posts'] == -1)
  181. $normalGroups[$row['id_group']] = $row['id_group'];
  182. else
  183. $postGroups[$row['id_group']] = $row['id_group'];
  184. }
  185. $smcFunc['db_free_result']($query);
  186. // Get the number of members in this post group.
  187. if (!empty($postGroups))
  188. {
  189. $query = $smcFunc['db_query']('', '
  190. SELECT id_post_group AS id_group, COUNT(*) AS num_members
  191. FROM {db_prefix}members
  192. WHERE id_post_group IN ({array_int:post_group_list})
  193. GROUP BY id_post_group',
  194. array(
  195. 'post_group_list' => $postGroups,
  196. )
  197. );
  198. while ($row = $smcFunc['db_fetch_assoc']($query))
  199. $context['groups'][$row['id_group']]['num_members'] += $row['num_members'];
  200. $smcFunc['db_free_result']($query);
  201. }
  202. if (!empty($normalGroups))
  203. {
  204. // First, the easy one!
  205. $query = $smcFunc['db_query']('', '
  206. SELECT id_group, COUNT(*) AS num_members
  207. FROM {db_prefix}members
  208. WHERE id_group IN ({array_int:normal_group_list})
  209. GROUP BY id_group',
  210. array(
  211. 'normal_group_list' => $normalGroups,
  212. )
  213. );
  214. while ($row = $smcFunc['db_fetch_assoc']($query))
  215. $context['groups'][$row['id_group']]['num_members'] += $row['num_members'];
  216. $smcFunc['db_free_result']($query);
  217. // This one is slower, but it's okay... careful not to count twice!
  218. $query = $smcFunc['db_query']('', '
  219. SELECT mg.id_group, COUNT(*) AS num_members
  220. FROM {db_prefix}membergroups AS mg
  221. INNER JOIN {db_prefix}members AS mem ON (mem.additional_groups != {string:blank_string}
  222. AND mem.id_group != mg.id_group
  223. AND FIND_IN_SET(mg.id_group, mem.additional_groups) != 0)
  224. WHERE mg.id_group IN ({array_int:normal_group_list})
  225. GROUP BY mg.id_group',
  226. array(
  227. 'normal_group_list' => $normalGroups,
  228. 'blank_string' => '',
  229. )
  230. );
  231. while ($row = $smcFunc['db_fetch_assoc']($query))
  232. $context['groups'][$row['id_group']]['num_members'] += $row['num_members'];
  233. $smcFunc['db_free_result']($query);
  234. }
  235. foreach ($context['groups'] as $id => $data)
  236. {
  237. if ($data['href'] != '')
  238. $context['groups'][$id]['link'] = '<a href="' . $data['href'] . '">' . $data['num_members'] . '</a>';
  239. }
  240. if (empty($_REQUEST['pid']))
  241. {
  242. $request = $smcFunc['db_query']('', '
  243. SELECT id_group, COUNT(*) AS num_permissions, add_deny
  244. FROM {db_prefix}permissions
  245. ' . (empty($context['hidden_permissions']) ? '' : ' WHERE permission NOT IN ({array_string:hidden_permissions})') . '
  246. GROUP BY id_group, add_deny',
  247. array(
  248. 'hidden_permissions' => !empty($context['hidden_permissions']) ? $context['hidden_permissions'] : array(),
  249. )
  250. );
  251. while ($row = $smcFunc['db_fetch_assoc']($request))
  252. if (isset($context['groups'][(int) $row['id_group']]) && (!empty($row['add_deny']) || $row['id_group'] != -1))
  253. $context['groups'][(int) $row['id_group']]['num_permissions'][empty($row['add_deny']) ? 'denied' : 'allowed'] = $row['num_permissions'];
  254. $smcFunc['db_free_result']($request);
  255. // Get the "default" profile permissions too.
  256. $request = $smcFunc['db_query']('', '
  257. SELECT id_profile, id_group, COUNT(*) AS num_permissions, add_deny
  258. FROM {db_prefix}board_permissions
  259. WHERE id_profile = {int:default_profile}
  260. ' . (empty($context['hidden_permissions']) ? '' : ' AND permission NOT IN ({array_string:hidden_permissions})') . '
  261. GROUP BY id_profile, id_group, add_deny',
  262. array(
  263. 'default_profile' => 1,
  264. 'hidden_permissions' => !empty($context['hidden_permissions']) ? $context['hidden_permissions'] : array(),
  265. )
  266. );
  267. while ($row = $smcFunc['db_fetch_assoc']($request))
  268. {
  269. if (isset($context['groups'][(int) $row['id_group']]) && (!empty($row['add_deny']) || $row['id_group'] != -1))
  270. $context['groups'][(int) $row['id_group']]['num_permissions'][empty($row['add_deny']) ? 'denied' : 'allowed'] += $row['num_permissions'];
  271. }
  272. $smcFunc['db_free_result']($request);
  273. }
  274. else
  275. {
  276. $_REQUEST['pid'] = (int) $_REQUEST['pid'];
  277. if (!isset($context['profiles'][$_REQUEST['pid']]))
  278. fatal_lang_error('no_access', false);
  279. // Change the selected tab to better reflect that this really is a board profile.
  280. $context[$context['admin_menu_name']]['current_subsection'] = 'profiles';
  281. $request = $smcFunc['db_query']('', '
  282. SELECT id_profile, id_group, COUNT(*) AS num_permissions, add_deny
  283. FROM {db_prefix}board_permissions
  284. WHERE id_profile = {int:current_profile}
  285. GROUP BY id_profile, id_group, add_deny',
  286. array(
  287. 'current_profile' => $_REQUEST['pid'],
  288. )
  289. );
  290. while ($row = $smcFunc['db_fetch_assoc']($request))
  291. {
  292. if (isset($context['groups'][(int) $row['id_group']]) && (!empty($row['add_deny']) || $row['id_group'] != -1))
  293. $context['groups'][(int) $row['id_group']]['num_permissions'][empty($row['add_deny']) ? 'denied' : 'allowed'] += $row['num_permissions'];
  294. }
  295. $smcFunc['db_free_result']($request);
  296. $context['profile'] = array(
  297. 'id' => $_REQUEST['pid'],
  298. 'name' => $context['profiles'][$_REQUEST['pid']]['name'],
  299. );
  300. }
  301. // We can modify any permission set apart from the read only, reply only and no polls ones as they are redefined.
  302. $context['can_modify'] = empty($_REQUEST['pid']) || $_REQUEST['pid'] == 1 || $_REQUEST['pid'] > 4;
  303. // Load the proper template.
  304. $context['sub_template'] = 'permission_index';
  305. }
  306. /**
  307. * Handle permissions by board... more or less. :P
  308. */
  309. function PermissionByBoard()
  310. {
  311. global $context, $modSettings, $txt, $smcFunc, $sourcedir, $cat_tree, $boardList, $boards;
  312. $context['page_title'] = $txt['permissions_boards'];
  313. $context['edit_all'] = isset($_GET['edit']);
  314. // Saving?
  315. if (!empty($_POST['save_changes']) && !empty($_POST['boardprofile']))
  316. {
  317. checkSession('request');
  318. $changes = array();
  319. foreach ($_POST['boardprofile'] as $board => $profile)
  320. {
  321. $changes[(int) $profile][] = (int) $board;
  322. }
  323. if (!empty($changes))
  324. {
  325. foreach ($changes as $profile => $boards)
  326. $smcFunc['db_query']('', '
  327. UPDATE {db_prefix}boards
  328. SET id_profile = {int:current_profile}
  329. WHERE id_board IN ({array_int:board_list})',
  330. array(
  331. 'board_list' => $boards,
  332. 'current_profile' => $profile,
  333. )
  334. );
  335. }
  336. $context['edit_all'] = false;
  337. }
  338. // Load all permission profiles.
  339. loadPermissionProfiles();
  340. // Get the board tree.
  341. require_once($sourcedir . '/Subs-Boards.php');
  342. getBoardTree();
  343. // Build the list of the boards.
  344. $context['categories'] = array();
  345. foreach ($cat_tree as $catid => $tree)
  346. {
  347. $context['categories'][$catid] = array(
  348. 'name' => &$tree['node']['name'],
  349. 'id' => &$tree['node']['id'],
  350. 'boards' => array()
  351. );
  352. foreach ($boardList[$catid] as $boardid)
  353. {
  354. if (!isset($context['profiles'][$boards[$boardid]['profile']]))
  355. $boards[$boardid]['profile'] = 1;
  356. $context['categories'][$catid]['boards'][$boardid] = array(
  357. 'id' => &$boards[$boardid]['id'],
  358. 'name' => &$boards[$boardid]['name'],
  359. 'description' => &$boards[$boardid]['description'],
  360. 'child_level' => &$boards[$boardid]['level'],
  361. 'profile' => &$boards[$boardid]['profile'],
  362. 'profile_name' => $context['profiles'][$boards[$boardid]['profile']]['name'],
  363. );
  364. }
  365. }
  366. $context['sub_template'] = 'by_board';
  367. }
  368. /**
  369. * Handles permission modification actions from the upper part of the
  370. * permission manager index.
  371. */
  372. function SetQuickGroups()
  373. {
  374. global $context, $smcFunc;
  375. checkSession();
  376. loadIllegalPermissions();
  377. loadIllegalGuestPermissions();
  378. // Make sure only one of the quick options was selected.
  379. if ((!empty($_POST['predefined']) && ((isset($_POST['copy_from']) && $_POST['copy_from'] != 'empty') || !empty($_POST['permissions']))) || (!empty($_POST['copy_from']) && $_POST['copy_from'] != 'empty' && !empty($_POST['permissions'])))
  380. fatal_lang_error('permissions_only_one_option', false);
  381. if (empty($_POST['group']) || !is_array($_POST['group']))
  382. $_POST['group'] = array();
  383. // Only accept numeric values for selected membergroups.
  384. foreach ($_POST['group'] as $id => $group_id)
  385. $_POST['group'][$id] = (int) $group_id;
  386. $_POST['group'] = array_unique($_POST['group']);
  387. if (empty($_REQUEST['pid']))
  388. $_REQUEST['pid'] = 0;
  389. else
  390. $_REQUEST['pid'] = (int) $_REQUEST['pid'];
  391. // Fix up the old global to the new default!
  392. $bid = max(1, $_REQUEST['pid']);
  393. // No modifying the predefined profiles.
  394. if ($_REQUEST['pid'] > 1 && $_REQUEST['pid'] < 5)
  395. fatal_lang_error('no_access', false);
  396. // Clear out any cached authority.
  397. updateSettings(array('settings_updated' => time()));
  398. // No groups where selected.
  399. if (empty($_POST['group']))
  400. redirectexit('action=admin;area=permissions;pid=' . $_REQUEST['pid']);
  401. // Set a predefined permission profile.
  402. if (!empty($_POST['predefined']))
  403. {
  404. // Make sure it's a predefined permission set we expect.
  405. if (!in_array($_POST['predefined'], array('restrict', 'standard', 'moderator', 'maintenance')))
  406. redirectexit('action=admin;area=permissions;pid=' . $_REQUEST['pid']);
  407. foreach ($_POST['group'] as $group_id)
  408. {
  409. if (!empty($_REQUEST['pid']))
  410. setPermissionLevel($_POST['predefined'], $group_id, $_REQUEST['pid']);
  411. else
  412. setPermissionLevel($_POST['predefined'], $group_id);
  413. }
  414. }
  415. // Set a permission profile based on the permissions of a selected group.
  416. elseif ($_POST['copy_from'] != 'empty')
  417. {
  418. // Just checking the input.
  419. if (!is_numeric($_POST['copy_from']))
  420. redirectexit('action=admin;area=permissions;pid=' . $_REQUEST['pid']);
  421. // Make sure the group we're copying to is never included.
  422. $_POST['group'] = array_diff($_POST['group'], array($_POST['copy_from']));
  423. // No groups left? Too bad.
  424. if (empty($_POST['group']))
  425. redirectexit('action=admin;area=permissions;pid=' . $_REQUEST['pid']);
  426. if (empty($_REQUEST['pid']))
  427. {
  428. // Retrieve current permissions of group.
  429. $request = $smcFunc['db_query']('', '
  430. SELECT permission, add_deny
  431. FROM {db_prefix}permissions
  432. WHERE id_group = {int:copy_from}',
  433. array(
  434. 'copy_from' => $_POST['copy_from'],
  435. )
  436. );
  437. $target_perm = array();
  438. while ($row = $smcFunc['db_fetch_assoc']($request))
  439. $target_perm[$row['permission']] = $row['add_deny'];
  440. $smcFunc['db_free_result']($request);
  441. $inserts = array();
  442. foreach ($_POST['group'] as $group_id)
  443. foreach ($target_perm as $perm => $add_deny)
  444. {
  445. // No dodgy permissions please!
  446. if (!empty($context['illegal_permissions']) && in_array($perm, $context['illegal_permissions']))
  447. continue;
  448. if ($group_id == -1 && in_array($perm, $context['non_guest_permissions']))
  449. continue;
  450. if ($group_id != 1 && $group_id != 3)
  451. $inserts[] = array($perm, $group_id, $add_deny);
  452. }
  453. // Delete the previous permissions...
  454. $smcFunc['db_query']('', '
  455. DELETE FROM {db_prefix}permissions
  456. WHERE id_group IN ({array_int:group_list})
  457. ' . (empty($context['illegal_permissions']) ? '' : ' AND permission NOT IN ({array_string:illegal_permissions})'),
  458. array(
  459. 'group_list' => $_POST['group'],
  460. 'illegal_permissions' => !empty($context['illegal_permissions']) ? $context['illegal_permissions'] : array(),
  461. )
  462. );
  463. if (!empty($inserts))
  464. {
  465. // ..and insert the new ones.
  466. $smcFunc['db_insert']('',
  467. '{db_prefix}permissions',
  468. array(
  469. 'permission' => 'string', 'id_group' => 'int', 'add_deny' => 'int',
  470. ),
  471. $inserts,
  472. array('permission', 'id_group')
  473. );
  474. }
  475. }
  476. // Now do the same for the board permissions.
  477. $request = $smcFunc['db_query']('', '
  478. SELECT permission, add_deny
  479. FROM {db_prefix}board_permissions
  480. WHERE id_group = {int:copy_from}
  481. AND id_profile = {int:current_profile}',
  482. array(
  483. 'copy_from' => $_POST['copy_from'],
  484. 'current_profile' => $bid,
  485. )
  486. );
  487. $target_perm = array();
  488. while ($row = $smcFunc['db_fetch_assoc']($request))
  489. $target_perm[$row['permission']] = $row['add_deny'];
  490. $smcFunc['db_free_result']($request);
  491. $inserts = array();
  492. foreach ($_POST['group'] as $group_id)
  493. foreach ($target_perm as $perm => $add_deny)
  494. {
  495. // Are these for guests?
  496. if ($group_id == -1 && in_array($perm, $context['non_guest_permissions']))
  497. continue;
  498. $inserts[] = array($perm, $group_id, $bid, $add_deny);
  499. }
  500. // Delete the previous global board permissions...
  501. $smcFunc['db_query']('', '
  502. DELETE FROM {db_prefix}board_permissions
  503. WHERE id_group IN ({array_int:current_group_list})
  504. AND id_profile = {int:current_profile}',
  505. array(
  506. 'current_group_list' => $_POST['group'],
  507. 'current_profile' => $bid,
  508. )
  509. );
  510. // And insert the copied permissions.
  511. if (!empty($inserts))
  512. {
  513. // ..and insert the new ones.
  514. $smcFunc['db_insert']('',
  515. '{db_prefix}board_permissions',
  516. array('permission' => 'string', 'id_group' => 'int', 'id_profile' => 'int', 'add_deny' => 'int'),
  517. $inserts,
  518. array('permission', 'id_group', 'id_profile')
  519. );
  520. }
  521. // Update any children out there!
  522. updateChildPermissions($_POST['group'], $_REQUEST['pid']);
  523. }
  524. // Set or unset a certain permission for the selected groups.
  525. elseif (!empty($_POST['permissions']))
  526. {
  527. // Unpack two variables that were transported.
  528. list ($permissionType, $permission) = explode('/', $_POST['permissions']);
  529. // Check whether our input is within expected range.
  530. if (!in_array($_POST['add_remove'], array('add', 'clear', 'deny')) || !in_array($permissionType, array('membergroup', 'board')))
  531. redirectexit('action=admin;area=permissions;pid=' . $_REQUEST['pid']);
  532. if ($_POST['add_remove'] == 'clear')
  533. {
  534. if ($permissionType == 'membergroup')
  535. $smcFunc['db_query']('', '
  536. DELETE FROM {db_prefix}permissions
  537. WHERE id_group IN ({array_int:current_group_list})
  538. AND permission = {string:current_permission}
  539. ' . (empty($context['illegal_permissions']) ? '' : ' AND permission NOT IN ({array_string:illegal_permissions})'),
  540. array(
  541. 'current_group_list' => $_POST['group'],
  542. 'current_permission' => $permission,
  543. 'illegal_permissions' => !empty($context['illegal_permissions']) ? $context['illegal_permissions'] : array(),
  544. )
  545. );
  546. else
  547. $smcFunc['db_query']('', '
  548. DELETE FROM {db_prefix}board_permissions
  549. WHERE id_group IN ({array_int:current_group_list})
  550. AND id_profile = {int:current_profile}
  551. AND permission = {string:current_permission}',
  552. array(
  553. 'current_group_list' => $_POST['group'],
  554. 'current_profile' => $bid,
  555. 'current_permission' => $permission,
  556. )
  557. );
  558. }
  559. // Add a permission (either 'set' or 'deny').
  560. else
  561. {
  562. $add_deny = $_POST['add_remove'] == 'add' ? '1' : '0';
  563. $permChange = array();
  564. foreach ($_POST['group'] as $groupID)
  565. {
  566. if ($groupID == -1 && in_array($permission, $context['non_guest_permissions']))
  567. continue;
  568. if ($permissionType == 'membergroup' && $groupID != 1 && $groupID != 3 && (empty($context['illegal_permissions']) || !in_array($permission, $context['illegal_permissions'])))
  569. $permChange[] = array($permission, $groupID, $add_deny);
  570. elseif ($permissionType != 'membergroup')
  571. $permChange[] = array($permission, $groupID, $bid, $add_deny);
  572. }
  573. if (!empty($permChange))
  574. {
  575. if ($permissionType == 'membergroup')
  576. $smcFunc['db_insert']('replace',
  577. '{db_prefix}permissions',
  578. array('permission' => 'string', 'id_group' => 'int', 'add_deny' => 'int'),
  579. $permChange,
  580. array('permission', 'id_group')
  581. );
  582. // Board permissions go into the other table.
  583. else
  584. $smcFunc['db_insert']('replace',
  585. '{db_prefix}board_permissions',
  586. array('permission' => 'string', 'id_group' => 'int', 'id_profile' => 'int', 'add_deny' => 'int'),
  587. $permChange,
  588. array('permission', 'id_group', 'id_profile')
  589. );
  590. }
  591. }
  592. // Another child update!
  593. updateChildPermissions($_POST['group'], $_REQUEST['pid']);
  594. }
  595. redirectexit('action=admin;area=permissions;pid=' . $_REQUEST['pid']);
  596. }
  597. /**
  598. * Initializes the necessary to modify a membergroup's permissions.
  599. */
  600. function ModifyMembergroup()
  601. {
  602. global $context, $txt, $modSettings, $smcFunc, $sourcedir;
  603. if (!isset($_GET['group']))
  604. fatal_lang_error('no_access', false);
  605. $context['group']['id'] = (int) $_GET['group'];
  606. // Are they toggling the view?
  607. if (isset($_GET['view']))
  608. {
  609. $context['admin_preferences']['pv'] = $_GET['view'] == 'classic' ? 'classic' : 'simple';
  610. // Update the users preferences.
  611. require_once($sourcedir . '/Subs-Admin.php');
  612. updateAdminPreferences();
  613. }
  614. $context['view_type'] = !empty($context['admin_preferences']['pv']) && $context['admin_preferences']['pv'] == 'classic' ? 'classic' : 'simple';
  615. // It's not likely you'd end up here with this setting disabled.
  616. if ($_GET['group'] == 1)
  617. redirectexit('action=admin;area=permissions');
  618. loadAllPermissions($context['view_type']);
  619. loadPermissionProfiles();
  620. if ($context['group']['id'] > 0)
  621. {
  622. $result = $smcFunc['db_query']('', '
  623. SELECT group_name, id_parent
  624. FROM {db_prefix}membergroups
  625. WHERE id_group = {int:current_group}
  626. LIMIT 1',
  627. array(
  628. 'current_group' => $context['group']['id'],
  629. )
  630. );
  631. list ($context['group']['name'], $parent) = $smcFunc['db_fetch_row']($result);
  632. $smcFunc['db_free_result']($result);
  633. // Cannot edit an inherited group!
  634. if ($parent != -2)
  635. fatal_lang_error('cannot_edit_permissions_inherited');
  636. }
  637. elseif ($context['group']['id'] == -1)
  638. $context['group']['name'] = $txt['membergroups_guests'];
  639. else
  640. $context['group']['name'] = $txt['membergroups_members'];
  641. $context['profile']['id'] = empty($_GET['pid']) ? 0 : (int) $_GET['pid'];
  642. // If this is a moderator and they are editing "no profile" then we only do boards.
  643. if ($context['group']['id'] == 3 && empty($context['profile']['id']))
  644. {
  645. // For sanity just check they have no general permissions.
  646. $smcFunc['db_query']('', '
  647. DELETE FROM {db_prefix}permissions
  648. WHERE id_group = {int:moderator_group}',
  649. array(
  650. 'moderator_group' => 3,
  651. )
  652. );
  653. $context['profile']['id'] = 1;
  654. }
  655. $context['permission_type'] = empty($context['profile']['id']) ? 'membergroup' : 'board';
  656. $context['profile']['can_modify'] = !$context['profile']['id'] || $context['profiles'][$context['profile']['id']]['can_modify'];
  657. // Set up things a little nicer for board related stuff...
  658. if ($context['permission_type'] == 'board')
  659. {
  660. $context['profile']['name'] = $context['profiles'][$context['profile']['id']]['name'];
  661. $context[$context['admin_menu_name']]['current_subsection'] = 'profiles';
  662. }
  663. // Fetch the current permissions.
  664. $permissions = array(
  665. 'membergroup' => array('allowed' => array(), 'denied' => array()),
  666. 'board' => array('allowed' => array(), 'denied' => array())
  667. );
  668. // General permissions?
  669. if ($context['permission_type'] == 'membergroup')
  670. {
  671. $result = $smcFunc['db_query']('', '
  672. SELECT permission, add_deny
  673. FROM {db_prefix}permissions
  674. WHERE id_group = {int:current_group}',
  675. array(
  676. 'current_group' => $_GET['group'],
  677. )
  678. );
  679. while ($row = $smcFunc['db_fetch_assoc']($result))
  680. $permissions['membergroup'][empty($row['add_deny']) ? 'denied' : 'allowed'][] = $row['permission'];
  681. $smcFunc['db_free_result']($result);
  682. }
  683. // Fetch current board permissions...
  684. $result = $smcFunc['db_query']('', '
  685. SELECT permission, add_deny
  686. FROM {db_prefix}board_permissions
  687. WHERE id_group = {int:current_group}
  688. AND id_profile = {int:current_profile}',
  689. array(
  690. 'current_group' => $context['group']['id'],
  691. 'current_profile' => $context['permission_type'] == 'membergroup' ? 1 : $context['profile']['id'],
  692. )
  693. );
  694. while ($row = $smcFunc['db_fetch_assoc']($result))
  695. $permissions['board'][empty($row['add_deny']) ? 'denied' : 'allowed'][] = $row['permission'];
  696. $smcFunc['db_free_result']($result);
  697. // Loop through each permission and set whether it's checked.
  698. foreach ($context['permissions'] as $permissionType => $tmp)
  699. {
  700. foreach ($tmp['columns'] as $position => $permissionGroups)
  701. {
  702. foreach ($permissionGroups as $permissionGroup => $permissionArray)
  703. {
  704. foreach ($permissionArray['permissions'] as $perm)
  705. {
  706. // Create a shortcut for the current permission.
  707. $curPerm = &$context['permissions'][$permissionType]['columns'][$position][$permissionGroup]['permissions'][$perm['id']];
  708. if ($tmp['view'] == 'classic')
  709. {
  710. if ($perm['has_own_any'])
  711. {
  712. $curPerm['any']['select'] = in_array($perm['id'] . '_any', $permissions[$permissionType]['allowed']) ? 'on' : (in_array($perm['id'] . '_any', $permissions[$permissionType]['denied']) ? 'denied' : 'off');
  713. $curPerm['own']['select'] = in_array($perm['id'] . '_own', $permissions[$permissionType]['allowed']) ? 'on' : (in_array($perm['id'] . '_own', $permissions[$permissionType]['denied']) ? 'denied' : 'off');
  714. }
  715. else
  716. $curPerm['select'] = in_array($perm['id'], $permissions[$permissionType]['denied']) ? 'denied' : (in_array($perm['id'], $permissions[$permissionType]['allowed']) ? 'on' : 'off');
  717. }
  718. else
  719. {
  720. $curPerm['select'] = in_array($perm['id'], $permissions[$permissionType]['denied']) ? 'denied' : (in_array($perm['id'], $permissions[$permissionType]['allowed']) ? 'on' : 'off');
  721. }
  722. }
  723. }
  724. }
  725. }
  726. $context['sub_template'] = 'modify_group';
  727. $context['page_title'] = $txt['permissions_modify_group'];
  728. }
  729. /**
  730. * This function actually saves modifications to a membergroup's board permissions.
  731. */
  732. function ModifyMembergroup2()
  733. {
  734. global $modSettings, $smcFunc, $context;
  735. checkSession();
  736. loadIllegalPermissions();
  737. $_GET['group'] = (int) $_GET['group'];
  738. $_GET['pid'] = (int) $_GET['pid'];
  739. // Cannot modify predefined profiles.
  740. if ($_GET['pid'] > 1 && $_GET['pid'] < 5)
  741. fatal_lang_error('no_access', false);
  742. // Verify this isn't inherited.
  743. if ($_GET['group'] == -1 || $_GET['group'] == 0)
  744. $parent = -2;
  745. else
  746. {
  747. $result = $smcFunc['db_query']('', '
  748. SELECT id_parent
  749. FROM {db_prefix}membergroups
  750. WHERE id_group = {int:current_group}
  751. LIMIT 1',
  752. array(
  753. 'current_group' => $_GET['group'],
  754. )
  755. );
  756. list ($parent) = $smcFunc['db_fetch_row']($result);
  757. $smcFunc['db_free_result']($result);
  758. }
  759. if ($parent != -2)
  760. fatal_lang_error('cannot_edit_permissions_inherited');
  761. $givePerms = array('membergroup' => array(), 'board' => array());
  762. // Guest group, we need illegal, guest permissions.
  763. if ($_GET['group'] == -1)
  764. {
  765. loadIllegalGuestPermissions();
  766. $context['illegal_permissions'] = array_merge($context['illegal_permissions'], $context['non_guest_permissions']);
  767. }
  768. // Prepare all permissions that were set or denied for addition to the DB.
  769. if (isset($_POST['perm']) && is_array($_POST['perm']))
  770. {
  771. foreach ($_POST['perm'] as $perm_type => $perm_array)
  772. {
  773. if (is_array($perm_array))
  774. {
  775. foreach ($perm_array as $permission => $value)
  776. if ($value == 'on' || $value == 'deny')
  777. {
  778. // Don't allow people to escalate themselves!
  779. if (!empty($context['illegal_permissions']) && in_array($permission, $context['illegal_permissions']))
  780. continue;
  781. $givePerms[$perm_type][] = array($_GET['group'], $permission, $value == 'deny' ? 0 : 1);
  782. }
  783. }
  784. }
  785. }
  786. // Insert the general permissions.
  787. if ($_GET['group'] != 3 && empty($_GET['pid']))
  788. {
  789. $smcFunc['db_query']('', '
  790. DELETE FROM {db_prefix}permissions
  791. WHERE id_group = {int:current_group}
  792. ' . (empty($context['illegal_permissions']) ? '' : ' AND permission NOT IN ({array_string:illegal_permissions})'),
  793. array(
  794. 'current_group' => $_GET['group'],
  795. 'illegal_permissions' => !empty($context['illegal_permissions']) ? $context['illegal_permissions'] : array(),
  796. )
  797. );
  798. if (!empty($givePerms['membergroup']))
  799. {
  800. $smcFunc['db_insert']('replace',
  801. '{db_prefix}permissions',
  802. array('id_group' => 'int', 'permission' => 'string', 'add_deny' => 'int'),
  803. $givePerms['membergroup'],
  804. array('id_group', 'permission')
  805. );
  806. }
  807. }
  808. // Insert the boardpermissions.
  809. $profileid = max(1, $_GET['pid']);
  810. $smcFunc['db_query']('', '
  811. DELETE FROM {db_prefix}board_permissions
  812. WHERE id_group = {int:current_group}
  813. AND id_profile = {int:current_profile}',
  814. array(
  815. 'current_group' => $_GET['group'],
  816. 'current_profile' => $profileid,
  817. )
  818. );
  819. if (!empty($givePerms['board']))
  820. {
  821. foreach ($givePerms['board'] as $k => $v)
  822. $givePerms['board'][$k][] = $profileid;
  823. $smcFunc['db_insert']('replace',
  824. '{db_prefix}board_permissions',
  825. array('id_group' => 'int', 'permission' => 'string', 'add_deny' => 'int', 'id_profile' => 'int'),
  826. $givePerms['board'],
  827. array('id_group', 'permission', 'id_profile')
  828. );
  829. }
  830. // Update any inherited permissions as required.
  831. updateChildPermissions($_GET['group'], $_GET['pid']);
  832. // Clear cached privs.
  833. updateSettings(array('settings_updated' => time()));
  834. redirectexit('action=admin;area=permissions;pid=' . $_GET['pid']);
  835. }
  836. /**
  837. * A screen to set some general settings for permissions.
  838. *
  839. * @param bool $return_config = false
  840. */
  841. function GeneralPermissionSettings($return_config = false)
  842. {
  843. global $context, $modSettings, $sourcedir, $txt, $scripturl, $smcFunc;
  844. // All the setting variables
  845. $config_vars = array(
  846. array('title', 'settings'),
  847. // Inline permissions.
  848. array('permissions', 'manage_permissions'),
  849. '',
  850. // A few useful settings
  851. array('check', 'permission_enable_deny', 0, $txt['permission_settings_enable_deny'], 'help' => 'permissions_deny'),
  852. array('check', 'permission_enable_postgroups', 0, $txt['permission_settings_enable_postgroups'], 'help' => 'permissions_postgroups'),
  853. );
  854. if ($return_config)
  855. return $config_vars;
  856. $context['page_title'] = $txt['permission_settings_title'];
  857. $context['sub_template'] = 'show_settings';
  858. // Needed for the inline permission functions, and the settings template.
  859. require_once($sourcedir . '/ManageServer.php');
  860. // Don't let guests have these permissions.
  861. $context['post_url'] = $scripturl . '?action=admin;area=permissions;save;sa=settings';
  862. $context['permissions_excluded'] = array(-1);
  863. // Saving the settings?
  864. if (isset($_GET['save']))
  865. {
  866. checkSession('post');
  867. saveDBSettings($config_vars);
  868. // Clear all deny permissions...if we want that.
  869. if (empty($modSettings['permission_enable_deny']))
  870. {
  871. $smcFunc['db_query']('', '
  872. DELETE FROM {db_prefix}permissions
  873. WHERE add_deny = {int:denied}',
  874. array(
  875. 'denied' => 0,
  876. )
  877. );
  878. $smcFunc['db_query']('', '
  879. DELETE FROM {db_prefix}board_permissions
  880. WHERE add_deny = {int:denied}',
  881. array(
  882. 'denied' => 0,
  883. )
  884. );
  885. }
  886. // Make sure there are no postgroup based permissions left.
  887. if (empty($modSettings['permission_enable_postgroups']))
  888. {
  889. // Get a list of postgroups.
  890. $post_groups = array();
  891. $request = $smcFunc['db_query']('', '
  892. SELECT id_group
  893. FROM {db_prefix}membergroups
  894. WHERE min_posts != {int:min_posts}',
  895. array(
  896. 'min_posts' => -1,
  897. )
  898. );
  899. while ($row = $smcFunc['db_fetch_assoc']($request))
  900. $post_groups[] = $row['id_group'];
  901. $smcFunc['db_free_result']($request);
  902. // Remove'em.
  903. $smcFunc['db_query']('', '
  904. DELETE FROM {db_prefix}permissions
  905. WHERE id_group IN ({array_int:post_group_list})',
  906. array(
  907. 'post_group_list' => $post_groups,
  908. )
  909. );
  910. $smcFunc['db_query']('', '
  911. DELETE FROM {db_prefix}board_permissions
  912. WHERE id_group IN ({array_int:post_group_list})',
  913. array(
  914. 'post_group_list' => $post_groups,
  915. )
  916. );
  917. $smcFunc['db_query']('', '
  918. UPDATE {db_prefix}membergroups
  919. SET id_parent = {int:not_inherited}
  920. WHERE id_parent IN ({array_int:post_group_list})',
  921. array(
  922. 'post_group_list' => $post_groups,
  923. 'not_inherited' => -2,
  924. )
  925. );
  926. }
  927. redirectexit('action=admin;area=permissions;sa=settings');
  928. }
  929. prepareDBSettingContext($config_vars);
  930. }
  931. /**
  932. * Set the permission level for a specific profile, group, or group for a profile.
  933. * @internal
  934. *
  935. * @param string $level
  936. * @param int $group
  937. * @param mixed $profile = null, int expected
  938. */
  939. function setPermissionLevel($level, $group, $profile = 'null')
  940. {
  941. global $smcFunc, $context;
  942. loadIllegalPermissions();
  943. loadIllegalGuestPermissions();
  944. // Levels by group... restrict, standard, moderator, maintenance.
  945. $groupLevels = array(
  946. 'board' => array('inherit' => array()),
  947. 'group' => array('inherit' => array())
  948. );
  949. // Levels by board... standard, publish, free.
  950. $boardLevels = array('inherit' => array());
  951. // Restrictive - ie. guests.
  952. $groupLevels['global']['restrict'] = array(
  953. 'search_posts',
  954. 'calendar_view',
  955. 'view_stats',
  956. 'who_view',
  957. 'profile_view_own',
  958. 'profile_identity_own',
  959. );
  960. $groupLevels['board']['restrict'] = array(
  961. 'poll_view',
  962. 'post_new',
  963. 'post_reply_own',
  964. 'post_reply_any',
  965. 'delete_own',
  966. 'modify_own',
  967. 'mark_any_notify',
  968. 'mark_notify',
  969. 'report_any',
  970. 'send_topic',
  971. );
  972. // Standard - ie. members. They can do anything Restrictive can.
  973. $groupLevels['global']['standard'] = array_merge($groupLevels['global']['restrict'], array(
  974. 'view_mlist',
  975. 'karma_edit',
  976. 'pm_read',
  977. 'pm_send',
  978. 'profile_view_any',
  979. 'profile_extra_own',
  980. 'profile_server_avatar',
  981. 'profile_upload_avatar',
  982. 'profile_remote_avatar',
  983. 'profile_remove_own',
  984. ));
  985. $groupLevels['board']['standard'] = array_merge($groupLevels['board']['restrict'], array(
  986. 'poll_vote',
  987. 'poll_edit_own',
  988. 'poll_post',
  989. 'poll_add_own',
  990. 'post_attachment',
  991. 'lock_own',
  992. 'remove_own',
  993. 'view_attachments',
  994. ));
  995. // Moderator - ie. moderators :P. They can do what standard can, and more.
  996. $groupLevels['global']['moderator'] = array_merge($groupLevels['global']['standard'], array(
  997. 'calendar_post',
  998. 'calendar_edit_own',
  999. 'access_mod_center',
  1000. 'issue_warning',
  1001. ));
  1002. $groupLevels['board']['moderator'] = array_merge($groupLevels['board']['standard'], array(
  1003. 'make_sticky',
  1004. 'poll_edit_any',
  1005. 'delete_any',
  1006. 'modify_any',
  1007. 'lock_any',
  1008. 'remove_any',
  1009. 'move_any',
  1010. 'merge_any',
  1011. 'split_any',
  1012. 'poll_lock_any',
  1013. 'poll_remove_any',
  1014. 'poll_add_any',
  1015. 'approve_posts',
  1016. ));
  1017. // Maintenance - wannabe admins. They can do almost everything.
  1018. $groupLevels['global']['maintenance'] = array_merge($groupLevels['global']['moderator'], array(
  1019. 'manage_attachments',
  1020. 'manage_smileys',
  1021. 'manage_boards',
  1022. 'moderate_forum',
  1023. 'manage_membergroups',
  1024. 'manage_bans',
  1025. 'admin_forum',
  1026. 'manage_permissions',
  1027. 'edit_news',
  1028. 'calendar_edit_any',
  1029. 'profile_identity_any',
  1030. 'profile_extra_any',
  1031. 'profile_title_any',
  1032. ));
  1033. $groupLevels['board']['maintenance'] = array_merge($groupLevels['board']['moderator'], array(
  1034. ));
  1035. // Standard - nothing above the group permissions. (this SHOULD be empty.)
  1036. $boardLevels['standard'] = array(
  1037. );
  1038. // Locked - just that, you can't post here.
  1039. $boardLevels['locked'] = array(
  1040. 'poll_view',
  1041. 'mark_notify',
  1042. 'report_any',
  1043. 'send_topic',
  1044. 'view_attachments',
  1045. );
  1046. // Publisher - just a little more...
  1047. $boardLevels['publish'] = array_merge($boardLevels['locked'], array(
  1048. 'post_new',
  1049. 'post_reply_own',
  1050. 'post_reply_any',
  1051. 'delete_own',
  1052. 'modify_own',
  1053. 'mark_any_notify',
  1054. 'delete_replies',
  1055. 'modify_replies',
  1056. 'poll_vote',
  1057. 'poll_edit_own',
  1058. 'poll_post',
  1059. 'poll_add_own',
  1060. 'poll_remove_own',
  1061. 'post_attachment',
  1062. 'lock_own',
  1063. 'remove_own',
  1064. ));
  1065. // Free for All - Scary. Just scary.
  1066. $boardLevels['free'] = array_merge($boardLevels['publish'], array(
  1067. 'poll_lock_any',
  1068. 'poll_edit_any',
  1069. 'poll_add_any',
  1070. 'poll_remove_any',
  1071. 'make_sticky',
  1072. 'lock_any',
  1073. 'remove_any',
  1074. 'delete_any',
  1075. 'split_any',
  1076. 'merge_any',
  1077. 'modify_any',
  1078. 'approve_posts',
  1079. ));
  1080. // Make sure we're not granting someone too many permissions!
  1081. foreach ($groupLevels['global'][$level] as $k => $permission)
  1082. {
  1083. if (!empty($context['illegal_permissions']) && in_array($permission, $context['illegal_permissions']))
  1084. unset($groupLevels['global'][$level][$k]);
  1085. if ($group == -1 && in_array($permission, $context['non_guest_permissions']))
  1086. unset($groupLevels['global'][$level][$k]);
  1087. }
  1088. if ($group == -1)
  1089. foreach ($groupLevels['board'][$level] as $k => $permission)
  1090. if (in_array($permission, $context['non_guest_permissions']))
  1091. unset($groupLevels['board'][$level][$k]);
  1092. // Reset all cached permissions.
  1093. updateSettings(array('settings_updated' => time()));
  1094. // Setting group permissions.
  1095. if ($profile === 'null' && $group !== 'null')
  1096. {
  1097. $group = (int) $group;
  1098. if (empty($groupLevels['global'][$level]))
  1099. return;
  1100. $smcFunc['db_query']('', '
  1101. DELETE FROM {db_prefix}permissions
  1102. WHERE id_group = {int:current_group}
  1103. ' . (empty($context['illegal_permissions']) ? '' : ' AND permission NOT IN ({array_string:illegal_permissions})'),
  1104. array(
  1105. 'current_group' => $group,
  1106. 'illegal_permissions' => !empty($context['illegal_permissions']) ? $context['illegal_permissions'] : array(),
  1107. )
  1108. );
  1109. $smcFunc['db_query']('', '
  1110. DELETE FROM {db_prefix}board_permissions
  1111. WHERE id_group = {int:current_group}
  1112. AND id_profile = {int:default_profile}',
  1113. array(
  1114. 'current_group' => $group,
  1115. 'default_profile' => 1,
  1116. )
  1117. );
  1118. $groupInserts = array();
  1119. foreach ($groupLevels['global'][$level] as $permission)
  1120. $groupInserts[] = array($group, $permission);
  1121. $smcFunc['db_insert']('insert',
  1122. '{db_prefix}permissions',
  1123. array('id_group' => 'int', 'permission' => 'string'),
  1124. $groupInserts,
  1125. array('id_group')
  1126. );
  1127. $boardInserts = array();
  1128. foreach ($groupLevels['board'][$level] as $permission)
  1129. $boardInserts[] = array(1, $group, $permission);
  1130. $smcFunc['db_insert']('insert',
  1131. '{db_prefix}board_permissions',
  1132. array('id_profile' => 'int', 'id_group' => 'int', 'permission' => 'string'),
  1133. $boardInserts,
  1134. array('id_profile', 'id_group')
  1135. );
  1136. }
  1137. // Setting profile permissions for a specific group.
  1138. elseif ($profile !== 'null' && $group !== 'null' && ($profile == 1 || $profile > 4))
  1139. {
  1140. $group = (int) $group;
  1141. $profile = (int) $profile;
  1142. if (!empty($groupLevels['global'][$level]))
  1143. {
  1144. $smcFunc['db_query']('', '
  1145. DELETE FROM {db_prefix}board_permissions
  1146. WHERE id_group = {int:current_group}
  1147. AND id_profile = {int:current_profile}',
  1148. array(
  1149. 'current_group' => $group,
  1150. 'current_profile' => $profile,
  1151. )
  1152. );
  1153. }
  1154. if (!empty($groupLevels['board'][$level]))
  1155. {
  1156. $boardInserts = array();
  1157. foreach ($groupLevels['board'][$level] as $permission)
  1158. $boardInserts[] = array($profile, $group, $permission);
  1159. $smcFunc['db_insert']('insert',
  1160. '{db_prefix}board_permissions',
  1161. array('id_profile' => 'int', 'id_group' => 'int', 'permission' => 'string'),
  1162. $boardInserts,
  1163. array('id_profile', 'id_group')
  1164. );
  1165. }
  1166. }
  1167. // Setting profile permissions for all groups.
  1168. elseif ($profile !== 'null' && $group === 'null' && ($profile == 1 || $profile > 4))
  1169. {
  1170. $profile = (int) $profile;
  1171. $smcFunc['db_query']('', '
  1172. DELETE FROM {db_prefix}board_permissions
  1173. WHERE id_profile = {int:current_profile}',
  1174. array(
  1175. 'current_profile' => $profile,
  1176. )
  1177. );
  1178. if (empty($boardLevels[$level]))
  1179. return;
  1180. // Get all the groups...
  1181. $query = $smcFunc['db_query']('', '
  1182. SELECT id_group
  1183. FROM {db_prefix}membergroups
  1184. WHERE id_group > {int:moderator_group}
  1185. ORDER BY min_posts, CASE WHEN id_group < {int:newbie_group} THEN id_group ELSE 4 END, group_name',
  1186. array(
  1187. 'moderator_group' => 3,
  1188. 'newbie_group' => 4,
  1189. )
  1190. );
  1191. while ($row = $smcFunc['db_fetch_row']($query))
  1192. {
  1193. $group = $row[0];
  1194. $boardInserts = array();
  1195. foreach ($boardLevels[$level] as $permission)
  1196. $boardInserts[] = array($profile, $group, $permission);
  1197. $smcFunc['db_insert']('insert',
  1198. '{db_prefix}board_permissions',
  1199. array('id_profile' => 'int', 'id_group' => 'int', 'permission' => 'string'),
  1200. $boardInserts,
  1201. array('id_profile', 'id_group')
  1202. );
  1203. }
  1204. $smcFunc['db_free_result']($query);
  1205. // Add permissions for ungrouped members.
  1206. $boardInserts = array();
  1207. foreach ($boardLevels[$level] as $permission)
  1208. $boardInserts[] = array($profile, 0, $permission);
  1209. $smcFunc['db_insert']('insert',
  1210. '{db_prefix}board_permissions',
  1211. array('id_profile' => 'int', 'id_group' => 'int', 'permission' => 'string'),
  1212. $boardInserts,
  1213. array('id_profile', 'id_group')
  1214. );
  1215. }
  1216. // $profile and $group are both null!
  1217. else
  1218. fatal_lang_error('no_access', false);
  1219. }
  1220. /**
  1221. * Load permissions into $context['permissions'].
  1222. * @internal
  1223. *
  1224. * @param string $loadType, options: 'classic' or 'simple'
  1225. */
  1226. function loadAllPermissions($loadType = 'classic')
  1227. {
  1228. global $context, $txt, $modSettings;
  1229. // List of all the groups dependant on the currently selected view - for the order so it looks pretty, yea?
  1230. // Note to Mod authors - you don't need to stick your permission group here if you don't mind SMF sticking it the last group of the page.
  1231. $permissionGroups = array(
  1232. 'membergroup' => array(
  1233. 'simple' => array(
  1234. 'view_basic_info',
  1235. 'use_pm_system',
  1236. 'post_calendar',
  1237. 'edit_profile',
  1238. 'delete_account',
  1239. 'use_avatar',
  1240. 'moderate_general',
  1241. 'administrate',
  1242. ),
  1243. 'classic' => array(
  1244. 'general',
  1245. 'pm',
  1246. 'calendar',
  1247. 'maintenance',
  1248. 'member_admin',
  1249. 'profile',
  1250. ),
  1251. ),
  1252. 'board' => array(
  1253. 'simple' => array(
  1254. 'make_posts',
  1255. 'make_unapproved_posts',
  1256. 'post_polls',
  1257. 'participate',
  1258. 'modify',
  1259. 'notification',
  1260. 'attach',
  1261. 'moderate',
  1262. ),
  1263. 'classic' => array(
  1264. 'general_board',
  1265. 'topic',
  1266. 'post',
  1267. 'poll',
  1268. 'notification',
  1269. 'attachment',
  1270. ),
  1271. ),
  1272. );
  1273. /* The format of this list is as follows:
  1274. 'membergroup' => array(
  1275. 'permissions_inside' => array(has_multiple_options, classic_view_group, simple_view_group(_own)*, simple_view_group_any*),
  1276. ),
  1277. 'board' => array(
  1278. 'permissions_inside' => array(has_multiple_options, classic_view_group, simple_view_group(_own)*, simple_view_group_any*),
  1279. );
  1280. */
  1281. $permissionList = array(
  1282. 'membergroup' => array(
  1283. 'view_stats' => array(false, 'general', 'view_basic_info'),
  1284. 'view_mlist' => array(false, 'general', 'view_basic_info'),
  1285. 'who_view' => array(false, 'general', 'view_basic_info'),
  1286. 'search_posts' => array(false, 'general', 'view_basic_info'),
  1287. 'karma_edit' => array(false, 'general', 'moderate_general'),
  1288. 'pm_read' => array(false, 'pm', 'use_pm_system'),
  1289. 'pm_send' => array(false, 'pm', 'use_pm_system'),
  1290. 'calendar_view' => array(false, 'calendar', 'view_basic_info'),
  1291. 'calendar_post' => array(false, 'calendar', 'post_calendar'),
  1292. 'calendar_edit' => array(true, 'calendar', 'post_calendar', 'moderate_general'),
  1293. 'admin_forum' => array(false, 'maintenance', 'administrate'),
  1294. 'manage_boards' => array(false, 'maintenance', 'administrate'),
  1295. 'manage_attachments' => array(false, 'maintenance', 'administrate'),
  1296. 'manage_smileys' => array(false, 'maintenance', 'administrate'),
  1297. 'edit_news' => array(false, 'maintenance', 'administrate'),
  1298. 'access_mod_center' => array(false, 'maintenance', 'moderate_general'),
  1299. 'moderate_forum' => array(false, 'member_admin', 'moderate_general'),
  1300. 'manage_membergroups' => array(false, 'member_admin', 'administrate'),
  1301. 'manage_permissions' => array(false, 'member_admin', 'administrate'),
  1302. 'manage_bans' => array(false, 'member_admin', 'administrate'),
  1303. 'send_mail' => array(false, 'member_admin', 'administrate'),
  1304. 'issue_warning' => array(false, 'member_admin', 'moderate_general'),
  1305. 'profile_view' => array(true, 'profile', 'view_basic_info', 'view_basic_info'),
  1306. 'profile_identity' => array(true, 'profile', 'edit_profile', 'moderate_general'),
  1307. 'profile_extra' => array(true, 'profile', 'edit_profile', 'moderate_general'),
  1308. 'profile_title' => array(true, 'profile', 'edit_profile', 'moderate_general'),
  1309. 'profile_remove' => array(true, 'profile', 'delete_account', 'moderate_general'),
  1310. 'profile_server_avatar' => array(false, 'profile', 'use_avatar'),
  1311. 'profile_upload_avatar' => array(false, 'profile', 'use_avatar'),
  1312. 'profile_remote_avatar' => array(false, 'profile', 'use_avatar'),
  1313. ),
  1314. 'board' => array(
  1315. 'moderate_board' => array(false, 'general_board', 'moderate'),
  1316. 'approve_posts' => array(false, 'general_board', 'moderate'),
  1317. 'post_new' => array(false, 'topic', 'make_posts'),
  1318. 'post_unapproved_topics' => array(false, 'topic', 'make_unapproved_posts'),
  1319. 'post_unapproved_replies' => array(true, 'topic', 'make_unapproved_posts', 'make_unapproved_posts'),
  1320. 'post_reply' => array(true, 'topic', 'make_posts', 'make_posts'),
  1321. 'merge_any' => array(false, 'topic', 'moderate'),
  1322. 'split_any' => array(false, 'topic', 'moderate'),
  1323. 'send_topic' => array(false, 'topic', 'moderate'),
  1324. 'make_sticky' => array(false, 'topic', 'moderate'),
  1325. 'move' => array(true, 'topic', 'moderate', 'moderate'),
  1326. 'lock' => array(true, 'topic', 'moderate', 'moderate'),
  1327. 'remove' => array(true, 'topic', 'modify', 'moderate'),
  1328. 'modify_replies' => array(false, 'topic', 'moderate'),
  1329. 'delete_replies' => array(false, 'topic', 'moderate'),
  1330. 'announce_topic' => array(false, 'topic', 'moderate'),
  1331. 'delete' => array(true, 'post', 'modify', 'moderate'),
  1332. 'modify' => array(true, 'post', 'modify', 'moderate'),
  1333. 'report_any' => array(false, 'post', 'participate'),
  1334. 'poll_view' => array(false, 'poll', 'participate'),
  1335. 'poll_vote' => array(false, 'poll', 'participate'),
  1336. 'poll_post' => array(false, 'poll', 'post_polls'),
  1337. 'poll_add' => array(true, 'poll', 'post_polls', 'moderate'),
  1338. 'poll_edit' => array(true, 'poll', 'modify', 'moderate'),
  1339. 'poll_lock' => array(true, 'poll', 'moderate', 'moderate'),
  1340. 'poll_remove' => array(true, 'poll', 'modify', 'moderate'),
  1341. 'mark_any_notify' => array(false, 'notification', 'notification'),
  1342. 'mark_notify' => array(false, 'notification', 'notification'),
  1343. 'view_attachments' => array(false, 'attachment', 'participate'),
  1344. 'post_unapproved_attachments' => array(false, 'attachment', 'make_unapproved_posts'),
  1345. 'post_attachment' => array(false, 'attachment', 'attach'),
  1346. ),
  1347. );
  1348. // All permission groups that will be shown in the left column on classic view.
  1349. $leftPermissionGroups = array(
  1350. 'general',
  1351. 'calendar',
  1352. 'maintenance',
  1353. 'member_admin',
  1354. 'topic',
  1355. 'post',
  1356. );
  1357. // We need to know what permissions we can't give to guests.
  1358. loadIllegalGuestPermissions();
  1359. // Some permissions are hidden if features are off.
  1360. $hiddenPermissions = array();
  1361. $relabelPermissions = array(); // Permissions to apply a different label to.
  1362. $relabelGroups = array(); // As above but for groups.
  1363. if (!in_array('cd', $context['admin_features']))
  1364. {
  1365. $hiddenPermissions[] = 'calendar_view';
  1366. $hiddenPermissions[] = 'calendar_post';
  1367. $hiddenPermissions[] = 'calendar_edit';
  1368. }
  1369. if (!in_array('w', $context['admin_features']))
  1370. $hiddenPermissions[] = 'issue_warning';
  1371. // Post moderation?
  1372. if (!$modSettings['postmod_active'])
  1373. {
  1374. $hiddenPermissions[] = 'approve_posts';
  1375. $hiddenPermissions[] = 'post_unapproved_topics';
  1376. $hiddenPermissions[] = 'post_unapproved_replies';
  1377. $hiddenPermissions[] = 'post_unapproved_attachments';
  1378. }
  1379. // If we show them on classic view we change the name.
  1380. else
  1381. {
  1382. // Relabel the topics permissions
  1383. $relabelPermissions['post_new'] = 'auto_approve_topics';
  1384. // Relabel the reply permissions
  1385. $relabelPermissions['post_reply'] = 'auto_approve_replies';
  1386. // Relabel the attachment permissions
  1387. $relabelPermissions['post_attachment'] = 'auto_approve_attachments';
  1388. }
  1389. // Provide a practical way to modify permissions.
  1390. call_integration_hook('integrate_load_permissions', array(&$permissionGroups, &$permissionList, &$leftPermissionGroups, &$hiddenPermissions, &$relabelPermissions));
  1391. $context['permissions'] = array();
  1392. $context['hidden_permissions'] = array();
  1393. foreach ($permissionList as $permissionType => $permissionList)
  1394. {
  1395. $context['permissions'][$permissionType] = array(
  1396. 'id' => $permissionType,
  1397. 'view' => $loadType,
  1398. 'columns' => array()
  1399. );
  1400. foreach ($permissionList as $permission => $permissionArray)
  1401. {
  1402. // If this is a guest permission we don't do it if it's the guest group.
  1403. if (isset($context['group']['id']) && $context['group']['id'] == -1 && in_array($permission, $context['non_guest_permissions']))
  1404. continue;
  1405. // What groups will this permission be in?
  1406. $own_group = $permissionArray[($loadType == 'classic' ? 1 : 2)];
  1407. $any_group = $loadType == 'simple' && !empty($permissionArray[3]) ? $permissionArray[3] : ($loadType == 'simple' && $permissionArray[0] ? $permissionArray[2] : '');
  1408. // First, Do these groups actually exist - if not add them.
  1409. if (!isset($permissionGroups[$permissionType][$loadType][$own_group]))
  1410. $permissionGroups[$permissionType][$loadType][$own_group] = true;
  1411. if (!empty($any_group) && !isset($permissionGroups[$permissionType][$loadType][$any_group]))
  1412. $permissionGroups[$permissionType][$loadType][$any_group] = true;
  1413. // What column should this be located into?
  1414. $position = $loadType == 'classic' && !in_array($own_group, $leftPermissionGroups) ? 1 : 0;
  1415. // If the groups have not yet been created be sure to create them.
  1416. $bothGroups = array('own' => $own_group);
  1417. $bothGroups = array();
  1418. // For guests, just reset the array.
  1419. if (!isset($context['group']['id']) || !($context['group']['id'] == -1 && $any_group))
  1420. $bothGroups['own'] = $own_group;
  1421. if ($any_group)
  1422. {
  1423. $bothGroups['any'] = $any_group;
  1424. }
  1425. foreach ($bothGroups as $group)
  1426. if (!isset($context['permissions'][$permissionType]['columns'][$position][$group]))
  1427. $context['permissions'][$permissionType]['columns'][$position][$group] = array(
  1428. 'type' => $permissionType,
  1429. 'id' => $group,
  1430. 'name' => $loadType == 'simple' ? (isset($txt['permissiongroup_simple_' . $group]) ? $txt['permissiongroup_simple_' . $group] : '') : $txt['permissiongroup_' . $group],
  1431. 'icon' => isset($txt['permissionicon_' . $group]) ? $txt['permissionicon_' . $group] : $txt['permissionicon'],
  1432. 'help' => isset($txt['permissionhelp_' . $group]) ? $txt['permissionhelp_' . $group] : '',
  1433. 'hidden' => false,
  1434. 'permissions' => array()
  1435. );
  1436. // This is where we set up the permission dependant on the view.
  1437. if ($loadType == 'classic')
  1438. {
  1439. $context['permissions'][$permissionType]['columns'][$position][$own_group]['permissions'][$permission] = array(
  1440. 'id' => $permission,
  1441. 'name' => !isset($relabelPermissions[$permission]) ? $txt['permissionname_' . $permission] : $txt[$relabelPermissions[$permission]],
  1442. 'show_help' => isset($txt['permissionhelp_' . $permission]),
  1443. 'note' => isset($txt['permissionnote_' . $permission]) ? $txt['permissionnote_' . $permission] : '',
  1444. 'has_own_any' => $permissionArray[0],
  1445. 'own' => array(
  1446. 'id' => $permission . '_own',
  1447. 'name' => $permissionArray[0] ? $txt['permissionname_' . $permission . '_own'] : ''
  1448. ),
  1449. 'any' => array(
  1450. 'id' => $permission . '_any',
  1451. 'name' => $permissionArray[0] ? $txt['permissionname_' . $permission . '_any'] : ''
  1452. ),
  1453. 'hidden' => in_array($permission, $hiddenPermissions),
  1454. );
  1455. }
  1456. else
  1457. {
  1458. foreach ($bothGroups as $group_type => $group)
  1459. {
  1460. $context['permissions'][$permissionType]['columns'][$position][$group]['permissions'][$permission . ($permissionArray[0] ? '_' . $group_type : '')] = array(
  1461. 'id' => $permission . ($permissionArray[0] ? '_' . $group_type : ''),
  1462. 'name' => isset($txt['permissionname_simple_' . $permission . ($permissionArray[0] ? '_' . $group_type : '')]) ? $txt['permissionname_simple_' . $permission . ($permissionArray[0] ? '_' . $group_type : '')] : $txt['permissionname_' . $permission],
  1463. 'help_index' => isset($txt['permissionhelp_' . $permission]) ? 'permissionhelp_' . $permission : '',
  1464. 'hidden' => in_array($permission, $hiddenPermissions),
  1465. );
  1466. }
  1467. }
  1468. if (in_array($permission, $hiddenPermissions))
  1469. {
  1470. if ($permissionArray[0])
  1471. {
  1472. $context['hidden_permissions'][] = $permission . '_own';
  1473. $context['hidden_permissions'][] = $permission . '_any';
  1474. }
  1475. else
  1476. $context['hidden_permissions'][] = $permission;
  1477. }
  1478. }
  1479. ksort($context['permissions'][$permissionType]['columns']);
  1480. }
  1481. // Check we don't leave any empty groups - and mark hidden ones as such.
  1482. foreach ($context['permissions'][$permissionType]['columns'] as $column => $groups)
  1483. foreach ($groups as $id => $group)
  1484. {
  1485. if (empty($group['permissions']))
  1486. unset($context['permissions'][$permissionType]['columns'][$column][$id]);
  1487. else
  1488. {
  1489. $foundNonHidden = false;
  1490. foreach ($group['permissions'] as $permission)
  1491. if (empty($permission['hidden']))
  1492. $foundNonHidden = true;
  1493. if (!$foundNonHidden)
  1494. $context['permissions'][$permissionType]['columns'][$column][$id]['hidden'] = true;
  1495. }
  1496. }
  1497. }
  1498. //
  1499. /**
  1500. * Initialize a form with inline permissions settings.
  1501. * It loads a context variables for each permission.
  1502. * This function is used by several settings screens to set specific permissions.
  1503. * @internal
  1504. *
  1505. * @param array $permissions
  1506. * @param array $excluded_groups = array()
  1507. *
  1508. * @uses ManagePermissions language
  1509. * @uses ManagePermissions template.
  1510. */
  1511. function init_inline_permissions($permissions, $excluded_groups = array())
  1512. {
  1513. global $context, $txt, $modSettings, $smcFunc;
  1514. loadLanguage('ManagePermissions');
  1515. loadTemplate('ManagePermissions');
  1516. $context['can_change_permissions'] = allowedTo('manage_permissions');
  1517. // Nothing to initialize here.
  1518. if (!$context['can_change_permissions'])
  1519. return;
  1520. // Load the permission settings for guests
  1521. foreach ($permissions as $permission)
  1522. $context[$permission] = array(
  1523. -1 => array(
  1524. 'id' => -1,
  1525. 'name' => $txt['membergroups_guests'],
  1526. 'is_postgroup' => false,
  1527. 'status' => 'off',
  1528. ),
  1529. 0 => array(
  1530. 'id' => 0,
  1531. 'name' => $txt['membergroups_members'],
  1532. 'is_postgroup' => false,
  1533. 'status' => 'off',
  1534. ),
  1535. );
  1536. $request = $smcFunc['db_query']('', '
  1537. SELECT id_group, CASE WHEN add_deny = {int:denied} THEN {string:deny} ELSE {string:on} END AS status, permission
  1538. FROM {db_prefix}permissions
  1539. WHERE id_group IN (-1, 0)
  1540. AND permission IN ({array_string:permissions})',
  1541. array(
  1542. 'denied' => 0,
  1543. 'permissions' => $permissions,
  1544. 'deny' => 'deny',
  1545. 'on' => 'on',
  1546. )
  1547. );
  1548. while ($row = $smcFunc['db_fetch_assoc']($request))
  1549. $context[$row['permission']][$row['id_group']]['status'] = $row['status'];
  1550. $smcFunc['db_free_result']($request);
  1551. $request = $smcFunc['db_query']('', '
  1552. SELECT mg.id_group, mg.group_name, mg.min_posts, IFNULL(p.add_deny, -1) AS status, p.permission
  1553. FROM {db_prefix}membergroups AS mg
  1554. LEFT JOIN {db_prefix}permissions AS p ON (p.id_group = mg.id_group AND p.permission IN ({array_string:permissions}))
  1555. WHERE mg.id_group NOT IN (1, 3)
  1556. AND mg.id_parent = {int:not_inherited}' . (empty($modSettings['permission_enable_postgroups']) ? '
  1557. AND mg.min_posts = {int:min_posts}' : '') . '
  1558. ORDER BY mg.min_posts, CASE WHEN mg.id_group < {int:newbie_group} THEN mg.id_group ELSE 4 END, mg.group_name',
  1559. array(
  1560. 'not_inherited' => -2,
  1561. 'min_posts' => -1,
  1562. 'newbie_group' => 4,
  1563. 'permissions' => $permissions,
  1564. )
  1565. );
  1566. while ($row = $smcFunc['db_fetch_assoc']($request))
  1567. {
  1568. // Initialize each permission as being 'off' until proven otherwise.
  1569. foreach ($permissions as $permission)
  1570. if (!isset($context[$permission][$row['id_group']]))
  1571. $context[$permission][$row['id_group']] = array(
  1572. 'id' => $row['id_group'],
  1573. 'name' => $row['group_name'],
  1574. 'is_postgroup' => $row['min_posts'] != -1,
  1575. 'status' => 'off',
  1576. );
  1577. $context[$row['permission']][$row['id_group']]['status'] = empty($row['status']) ? 'deny' : ($row['status'] == 1 ? 'on' : 'off');
  1578. }
  1579. $smcFunc['db_free_result']($request);
  1580. // Some permissions cannot be given to certain groups. Remove the groups.
  1581. foreach ($excluded_groups as $group)
  1582. {
  1583. foreach ($permissions as $permission)
  1584. {
  1585. if (isset($context[$permission][$group]))
  1586. unset($context[$permission][$group]);
  1587. }
  1588. }
  1589. }
  1590. /**
  1591. * Show a collapsible box to set a specific permission.
  1592. * The function is called by templates to show a list of permissions settings.
  1593. * Calls the template function template_inline_permissions().
  1594. *
  1595. * @param string $permission
  1596. */
  1597. function theme_inline_permissions($permission)
  1598. {
  1599. global $context;
  1600. $context['current_permission'] = $permission;
  1601. $context['member_groups'] = $context[$permission];
  1602. template_inline_permissions();
  1603. }
  1604. /**
  1605. * Save the permissions of a form containing inline permissions.
  1606. * @internal
  1607. *
  1608. * @param array $permissions
  1609. */
  1610. function save_inline_permissions($permissions)
  1611. {
  1612. global $context, $smcFunc;
  1613. // No permissions? Not a great deal to do here.
  1614. if (!allowedTo('manage_permissions'))
  1615. return;
  1616. // Almighty session check, verify our ways.
  1617. checkSession();
  1618. // Check they can't do certain things.
  1619. loadIllegalPermissions();
  1620. $insertRows = array();
  1621. foreach ($permissions as $permission)
  1622. {
  1623. if (!isset($_POST[$permission]))
  1624. continue;
  1625. foreach ($_POST[$permission] as $id_group => $value)
  1626. {
  1627. if (in_array($value, array('on', 'deny')) && (empty($context['illegal_permissions']) || !in_array($permission, $context['illegal_permissions'])))
  1628. $insertRows[] = array((int) $id_group, $permission, $value == 'on' ? 1 : 0);
  1629. }
  1630. }
  1631. // Remove the old permissions...
  1632. $smcFunc['db_query']('', '
  1633. DELETE FROM {db_prefix}permissions
  1634. WHERE permission IN ({array_string:permissions})
  1635. ' . (empty($context['illegal_permissions']) ? '' : ' AND permission NOT IN ({array_string:illegal_permissions})'),
  1636. array(
  1637. 'illegal_permissions' => !empty($context['illegal_permissions']) ? $context['illegal_permissions'] : array(),
  1638. 'permissions' => $permissions,
  1639. )
  1640. );
  1641. // ...and replace them with new ones.
  1642. if (!empty($insertRows))
  1643. $smcFunc['db_insert']('insert',
  1644. '{db_prefix}permissions',
  1645. array('id_group' => 'int', 'permission' => 'string', 'add_deny' => 'int'),
  1646. $insertRows,
  1647. array('id_group', 'permission')
  1648. );
  1649. // Do a full child update.
  1650. updateChildPermissions(array(), -1);
  1651. // Just in case we cached this.
  1652. updateSettings(array('settings_updated' => time()));
  1653. }
  1654. /**
  1655. * Load permissions profiles.
  1656. */
  1657. function loadPermissionProfiles()
  1658. {
  1659. global $context, $txt, $smcFunc;
  1660. $request = $smcFunc['db_query']('', '
  1661. SELECT id_profile, profile_name
  1662. FROM {db_prefix}permission_profiles
  1663. ORDER BY id_profile',
  1664. array(
  1665. )
  1666. );
  1667. $context['profiles'] = array();
  1668. while ($row = $smcFunc['db_fetch_assoc']($request))
  1669. {
  1670. // Format the label nicely.
  1671. if (isset($txt['permissions_profile_' . $row['profile_name']]))
  1672. $name = $txt['permissions_profile_' . $row['profile_name']];
  1673. else
  1674. $name = $row['profile_name'];
  1675. $context['profiles'][$row['id_profile']] = array(
  1676. 'id' => $row['id_profile'],
  1677. 'name' => $name,
  1678. 'can_modify' => $row['id_profile'] == 1 || $row['id_profile'] > 4,
  1679. 'unformatted_name' => $row['profile_name'],
  1680. );
  1681. }
  1682. $smcFunc['db_free_result']($request);
  1683. }
  1684. /**
  1685. * Add/Edit/Delete profiles.
  1686. */
  1687. function EditPermissionProfiles()
  1688. {
  1689. global $context, $txt, $smcFunc;
  1690. // Setup the template, first for fun.
  1691. $context['page_title'] = $txt['permissions_profile_edit'];
  1692. $context['sub_template'] = 'edit_profiles';
  1693. // If we're creating a new one do it first.
  1694. if (isset($_POST['create']) && trim($_POST['profile_name']) != '')
  1695. {
  1696. checkSession();
  1697. $_POST['copy_from'] = (int) $_POST['copy_from'];
  1698. $_POST['profile_name'] = $smcFunc['htmlspecialchars']($_POST['profile_name']);
  1699. // Insert the profile itself.
  1700. $smcFunc['db_insert']('',
  1701. '{db_prefix}permission_profiles',
  1702. array(
  1703. 'profile_name' => 'string',
  1704. ),
  1705. array(
  1706. $_POST['profile_name'],
  1707. ),
  1708. array('id_profile')
  1709. );
  1710. $profile_id = $smcFunc['db_insert_id']('{db_prefix}permission_profiles', 'id_profile');
  1711. // Load the permissions from the one it's being copied from.
  1712. $request = $smcFunc['db_query']('', '
  1713. SELECT id_group, permission, add_deny
  1714. FROM {db_prefix}board_permissions
  1715. WHERE id_profile = {int:copy_from}',
  1716. array(
  1717. 'copy_from' => $_POST['copy_from'],
  1718. )
  1719. );
  1720. $inserts = array();
  1721. while ($row = $smcFunc['db_fetch_assoc']($request))
  1722. $inserts[] = array($profile_id, $row['id_group'], $row['permission'], $row['add_deny']);
  1723. $smcFunc['db_free_result']($request);
  1724. if (!empty($inserts))
  1725. $smcFunc['db_insert']('insert',
  1726. '{db_prefix}board_permissions',
  1727. array('id_profile' => 'int', 'id_group' => 'int', 'permission' => 'string', 'add_deny' => 'int'),
  1728. $inserts,
  1729. array('id_profile', 'id_group', 'permission')
  1730. );
  1731. }
  1732. // Renaming?
  1733. elseif (isset($_POST['rename']))
  1734. {
  1735. checkSession();
  1736. // Just showing the boxes?
  1737. if (!isset($_POST['rename_profile']))
  1738. $context['show_rename_boxes'] = true;
  1739. else
  1740. {
  1741. foreach ($_POST['rename_profile'] as $id => $value)
  1742. {
  1743. $value = $smcFunc['htmlspecialchars']($value);
  1744. if (trim($value) != '' && $id > 4)
  1745. $smcFunc['db_query']('', '
  1746. UPDATE {db_prefix}permission_profiles
  1747. SET profile_name = {string:profile_name}
  1748. WHERE id_profile = {int:current_profile}',
  1749. array(
  1750. 'current_profile' => (int) $id,
  1751. 'profile_name' => $value,
  1752. )
  1753. );
  1754. }
  1755. }
  1756. }
  1757. // Deleting?
  1758. elseif (isset($_POST['delete']) && !empty($_POST['delete_profile']))
  1759. {
  1760. checkSession('post');
  1761. $profiles = array();
  1762. foreach ($_POST['delete_profile'] as $profile)
  1763. if ($profile > 4)
  1764. $profiles[] = (int) $profile;
  1765. // Verify it's not in use...
  1766. $request = $smcFunc['db_query']('', '
  1767. SELECT id_board
  1768. FROM {db_prefix}boards
  1769. WHERE id_profile IN ({array_int:profile_list})
  1770. LIMIT 1',
  1771. array(
  1772. 'profile_list' => $profiles,
  1773. )
  1774. );
  1775. if ($smcFunc['db_num_rows']($request) != 0)
  1776. fatal_lang_error('no_access', false);
  1777. $smcFunc['db_free_result']($request);
  1778. // Oh well, delete.
  1779. $smcFunc['db_query']('', '
  1780. DELETE FROM {db_prefix}permission_profiles
  1781. WHERE id_profile IN ({array_int:profile_list})',
  1782. array(
  1783. 'profile_list' => $profiles,
  1784. )
  1785. );
  1786. }
  1787. // Clearly, we'll need this!
  1788. loadPermissionProfiles();
  1789. // Work out what ones are in use.
  1790. $request = $smcFunc['db_query']('', '
  1791. SELECT id_profile, COUNT(id_board) AS board_count
  1792. FROM {db_prefix}boards
  1793. GROUP BY id_profile',
  1794. array(
  1795. )
  1796. );
  1797. while ($row = $smcFunc['db_fetch_assoc']($request))
  1798. if (isset($context['profiles'][$row['id_profile']]))
  1799. {
  1800. $context['profiles'][$row['id_profile']]['in_use'] = true;
  1801. $context['profiles'][$row['id_profile']]['boards'] = $row['board_count'];
  1802. $context['profiles'][$row['id_profile']]['boards_text'] = $row['board_count'] > 1 ? sprintf($txt['permissions_profile_used_by_many'], $row['board_count']) : $txt['permissions_profile_used_by_' . ($row['board_count'] ? 'one' : 'none')];
  1803. }
  1804. $smcFunc['db_free_result']($request);
  1805. // What can we do with these?
  1806. $context['can_edit_something'] = false;
  1807. foreach ($context['profiles'] as $id => $profile)
  1808. {
  1809. // Can't delete special ones.
  1810. $context['profiles'][$id]['can_edit'] = isset($txt['permissions_profile_' . $profile['unformatted_name']]) ? false : true;
  1811. if ($context['profiles'][$id]['can_edit'])
  1812. $context['can_edit_something'] = true;
  1813. // You can only delete it if you can edit it AND it's not in use.
  1814. $context['profiles'][$id]['can_delete'] = $context['profiles'][$id]['can_edit'] && empty($profile['in_use']) ? true : false;
  1815. }
  1816. }
  1817. /**
  1818. * This function updates the permissions of any groups based off this group.
  1819. *
  1820. * @param mixed $parents (array or int)
  1821. * @param mixed $profile = null, int expected
  1822. */
  1823. function updateChildPermissions($parents, $profile = null)
  1824. {
  1825. global $smcFunc;
  1826. // All the parent groups to sort out.
  1827. if (!is_array($parents))
  1828. $parents = array($parents);
  1829. // Find all the children of this group.
  1830. $request = $smcFunc['db_query']('', '
  1831. SELECT id_parent, id_group
  1832. FROM {db_prefix}membergroups
  1833. WHERE id_parent != {int:not_inherited}
  1834. ' . (empty($parents) ? '' : 'AND id_parent IN ({array_int:parent_list})'),
  1835. array(
  1836. 'parent_list' => $parents,
  1837. 'not_inherited' => -2,
  1838. )
  1839. );
  1840. $children = array();
  1841. $parents = array();
  1842. $child_groups = array();
  1843. while ($row = $smcFunc['db_fetch_assoc']($request))
  1844. {
  1845. $children[$row['id_parent']][] = $row['id_group'];
  1846. $child_groups[] = $row['id_group'];
  1847. $parents[] = $row['id_parent'];
  1848. }
  1849. $smcFunc['db_free_result']($request);
  1850. $parents = array_unique($parents);
  1851. // Not a sausage, or a child?
  1852. if (empty($children))
  1853. return false;
  1854. // First off, are we doing general permissions?
  1855. if ($profile < 1 || $profile === null)
  1856. {
  1857. // Fetch all the parent permissions.
  1858. $request = $smcFunc['db_query']('', '
  1859. SELECT id_group, permission, add_deny
  1860. FROM {db_prefix}permissions
  1861. WHERE id_group IN ({array_int:parent_list})',
  1862. array(
  1863. 'parent_list' => $parents,
  1864. )
  1865. );
  1866. $permissions = array();
  1867. while ($row = $smcFunc['db_fetch_assoc']($request))
  1868. foreach ($children[$row['id_group']] as $child)
  1869. $permissions[] = array($child, $row['permission'], $row['add_deny']);
  1870. $smcFunc['db_free_result']($request);
  1871. $smcFunc['db_query']('', '
  1872. DELETE FROM {db_prefix}permissions
  1873. WHERE id_group IN ({array_int:child_groups})',
  1874. array(
  1875. 'child_groups' => $child_groups,
  1876. )
  1877. );
  1878. // Finally insert.
  1879. if (!empty($permissions))
  1880. {
  1881. $smcFunc['db_insert']('insert',
  1882. '{db_prefix}permissions',
  1883. array('id_group' => 'int', 'permission' => 'string', 'add_deny' => 'int'),
  1884. $permissions,
  1885. array('id_group', 'permission')
  1886. );
  1887. }
  1888. }
  1889. // Then, what about board profiles?
  1890. if ($profile != -1)
  1891. {
  1892. $profileQuery = $profile === null ? '' : ' AND id_profile = {int:current_profile}';
  1893. // Again, get all the parent permissions.
  1894. $request = $smcFunc['db_query']('', '
  1895. SELECT id_profile, id_group, permission, add_deny
  1896. FROM {db_prefix}board_permissions
  1897. WHERE id_group IN ({array_int:parent_groups})
  1898. ' . $profileQuery,
  1899. array(
  1900. 'parent_groups' => $parents,
  1901. 'current_profile' => $profile !== null && $profile ? $profile : 1,
  1902. )
  1903. );
  1904. $permissions = array();
  1905. while ($row = $smcFunc['db_fetch_assoc']($request))
  1906. foreach ($children[$row['id_group']] as $child)
  1907. $permissions[] = array($child, $row['id_profile'], $row['permission'], $row['add_deny']);
  1908. $smcFunc['db_free_result']($request);
  1909. $smcFunc['db_query']('', '
  1910. DELETE FROM {db_prefix}board_permissions
  1911. WHERE id_group IN ({array_int:child_groups})
  1912. ' . $profileQuery,
  1913. array(
  1914. 'child_groups' => $child_groups,
  1915. 'current_profile' => $profile !== null && $profile ? $profile : 1,
  1916. )
  1917. );
  1918. // Do the insert.
  1919. if (!empty($permissions))
  1920. {
  1921. $smcFunc['db_insert']('insert',
  1922. '{db_prefix}board_permissions',
  1923. array('id_group' => 'int', 'id_profile' => 'int', 'permission' => 'string', 'add_deny' => 'int'),
  1924. $permissions,
  1925. array('id_group', 'id_profile', 'permission')
  1926. );
  1927. }
  1928. }
  1929. }
  1930. /**
  1931. * Load permissions someone cannot grant.
  1932. */
  1933. function loadIllegalPermissions()
  1934. {
  1935. global $context;
  1936. $context['illegal_permissions'] = array();
  1937. if (!allowedTo('admin_forum'))
  1938. $context['illegal_permissions'][] = 'admin_forum';
  1939. if (!allowedTo('manage_membergroups'))
  1940. $context['illegal_permissions'][] = 'manage_membergroups';
  1941. if (!allowedTo('manage_permissions'))
  1942. $context['illegal_permissions'][] = 'manage_permissions';
  1943. }
  1944. /**
  1945. * Loads the permissions that can not be given to guests.
  1946. * Stores the permissions in $context['non_guest_permissions'].
  1947. */
  1948. function loadIllegalGuestPermissions()
  1949. {
  1950. global $context;
  1951. $context['non_guest_permissions'] = array(
  1952. 'delete_replies',
  1953. 'karma_edit',
  1954. 'poll_add_own',
  1955. 'pm_read',
  1956. 'pm_send',
  1957. 'profile_identity',
  1958. 'profile_extra',
  1959. 'profile_title',
  1960. 'profile_remove',
  1961. 'profile_server_avatar',
  1962. 'profile_upload_avatar',
  1963. 'profile_remote_avatar',
  1964. 'profile_view_own',
  1965. 'mark_any_notify',
  1966. 'mark_notify',
  1967. 'admin_forum',
  1968. 'manage_boards',
  1969. 'manage_attachments',
  1970. 'manage_smileys',
  1971. 'edit_news',
  1972. 'access_mod_center',
  1973. 'moderate_forum',
  1974. 'issue_warning',
  1975. 'manage_membergroups',
  1976. 'manage_permissions',
  1977. 'manage_bans',
  1978. 'move_own',
  1979. 'modify_replies',
  1980. 'send_mail',
  1981. 'approve_posts',
  1982. );
  1983. }
  1984. /**
  1985. * Present a nice way of applying post moderation.
  1986. */
  1987. function ModifyPostModeration()
  1988. {
  1989. global $context, $txt, $smcFunc, $modSettings;
  1990. // Just in case.
  1991. checkSession('get');
  1992. $context['page_title'] = $txt['permissions_post_moderation'];
  1993. $context['sub_template'] = 'postmod_permissions';
  1994. $context['current_profile'] = isset($_REQUEST['pid']) ? (int) $_REQUEST['pid'] : 1;
  1995. // Load all the permission profiles.
  1996. loadPermissionProfiles();
  1997. // Mappings, our key => array(can_do_moderated, can_do_all)
  1998. $mappings = array(
  1999. 'new_topic' => array('post_new', 'post_unapproved_topics'),
  2000. 'replies_own' => array('post_reply_own', 'post_unapproved_replies_own'),
  2001. 'replies_any' => array('post_reply_any', 'post_unapproved_replies_any'),
  2002. 'attachment' => array('post_attachment', 'post_unapproved_attachments'),
  2003. );
  2004. // Start this with the guests/members.
  2005. $context['profile_groups'] = array(
  2006. -1 => array(
  2007. 'id' => -1,
  2008. 'name' => $txt['membergroups_guests'],
  2009. 'color' => '',
  2010. 'new_topic' => 'disallow',
  2011. 'replies_own' => 'disallow',
  2012. 'replies_any' => 'disallow',
  2013. 'attachment' => 'disallow',
  2014. 'children' => array(),
  2015. ),
  2016. 0 => array(
  2017. 'id' => 0,
  2018. 'name' => $txt['membergroups_members'],
  2019. 'color' => '',
  2020. 'new_topic' => 'disallow',
  2021. 'replies_own' => 'disallow',
  2022. 'replies_any' => 'disallow',
  2023. 'attachment' => 'disallow',
  2024. 'children' => array(),
  2025. ),
  2026. );
  2027. // Load the groups.
  2028. $request = $smcFunc['db_query']('', '
  2029. SELECT id_group, group_name, online_color, id_parent
  2030. FROM {db_prefix}membergroups
  2031. WHERE id_group != {int:admin_group}
  2032. ' . (empty($modSettings['permission_enable_postgroups']) ? ' AND min_posts = {int:min_posts}' : '') . '
  2033. ORDER BY id_parent ASC',
  2034. array(
  2035. 'admin_group' => 1,
  2036. 'min_posts' => -1,
  2037. )
  2038. );
  2039. while ($row = $smcFunc['db_fetch_assoc']($request))
  2040. {
  2041. if ($row['id_parent'] == -2)
  2042. {
  2043. $context['profile_groups'][$row['id_group']] = array(
  2044. 'id' => $row['id_group'],
  2045. 'name' => $row['group_name'],
  2046. 'color' => $row['online_color'],
  2047. 'new_topic' => 'disallow',
  2048. 'replies_own' => 'disallow',
  2049. 'replies_any' => 'disallow',
  2050. 'attachment' => 'disallow',
  2051. 'children' => array(),
  2052. );
  2053. }
  2054. elseif (isset($context['profile_groups'][$row['id_parent']]))
  2055. $context['profile_groups'][$row['id_parent']]['children'][] = $row['group_name'];
  2056. }
  2057. $smcFunc['db_free_result']($request);
  2058. // What are the permissions we are querying?
  2059. $all_permissions = array();
  2060. foreach ($mappings as $perm_set)
  2061. $all_permissions = array_merge($all_permissions, $perm_set);
  2062. // If we're saving the changes then do just that - save them.
  2063. if (!empty($_POST['save_changes']) && ($context['current_profile'] == 1 || $context['current_profile'] > 4))
  2064. {
  2065. // Start by deleting all the permissions relevant.
  2066. $smcFunc['db_query']('', '
  2067. DELETE FROM {db_prefix}board_permissions
  2068. WHERE id_profile = {int:current_profile}
  2069. AND permission IN ({array_string:permissions})
  2070. AND id_group IN ({array_int:profile_group_list})',
  2071. array(
  2072. 'profile_group_list' => array_keys($context['profile_groups']),
  2073. 'current_profile' => $context['current_profile'],
  2074. 'permissions' => $all_permissions,
  2075. )
  2076. );
  2077. // Do it group by group.
  2078. $new_permissions = array();
  2079. foreach ($context['profile_groups'] as $id => $group)
  2080. {
  2081. foreach ($mappings as $index => $data)
  2082. {
  2083. if (isset($_POST[$index][$group['id']]))
  2084. {
  2085. if ($_POST[$index][$group['id']] == 'allow')
  2086. {
  2087. // Give them both sets for fun.
  2088. $new_permissions[] = array($context['current_profile'], $group['id'], $data[0], 1);
  2089. $new_permissions[] = array($context['current_profile'], $group['id'], $data[1], 1);
  2090. }
  2091. elseif ($_POST[$index][$group['id']] == 'moderate')
  2092. $new_permissions[] = array($context['current_profile'], $group['id'], $data[1], 1);
  2093. }
  2094. }
  2095. }
  2096. // Insert new permissions.
  2097. if (!empty($new_permissions))
  2098. $smcFunc['db_insert']('',
  2099. '{db_prefix}board_permissions',
  2100. array('id_profile' => 'int', 'id_group' => 'int', 'permission' => 'string', 'add_deny' => 'int'),
  2101. $new_permissions,
  2102. array('id_profile', 'id_group', 'permission')
  2103. );
  2104. }
  2105. // Now get all the permissions!
  2106. $request = $smcFunc['db_query']('', '
  2107. SELECT id_group, permission, add_deny
  2108. FROM {db_prefix}board_permissions
  2109. WHERE id_profile = {int:current_profile}
  2110. AND permission IN ({array_string:permissions})
  2111. AND id_group IN ({array_int:profile_group_list})',
  2112. array(
  2113. 'profile_group_list' => array_keys($context['profile_groups']),
  2114. 'current_profile' => $context['current_profile'],
  2115. 'permissions' => $all_permissions,
  2116. )
  2117. );
  2118. while ($row = $smcFunc['db_fetch_assoc']($request))
  2119. {
  2120. foreach ($mappings as $key => $data)
  2121. {
  2122. foreach ($data as $index => $perm)
  2123. {
  2124. if ($perm == $row['permission'])
  2125. {
  2126. // Only bother if it's not denied.
  2127. if ($row['add_deny'])
  2128. {
  2129. // Full allowance?
  2130. if ($index == 0)
  2131. $context['profile_groups'][$row['id_group']][$key] = 'allow';
  2132. // Otherwise only bother with moderate if not on allow.
  2133. elseif ($context['profile_groups'][$row['id_group']][$key] != 'allow')
  2134. $context['profile_groups'][$row['id_group']][$key] = 'moderate';
  2135. }
  2136. }
  2137. }
  2138. }
  2139. }
  2140. $smcFunc['db_free_result']($request);
  2141. }
  2142. ?>