First shot: deny access to boards

Signed-off-by: emanuele <[email protected]>

Sources/Load.php

@@ -452,7 +452,7 @@ function loadUserSettings()
 		$user_info['query_see_board'] = '1=1';
 	// Otherwise just the groups in $user_info['groups'].
 	else
-		$user_info['query_see_board'] = '(FIND_IN_SET(' . implode(', b.member_groups) != 0 OR FIND_IN_SET(', $user_info['groups']) . ', b.member_groups) != 0' . (isset($user_info['mod_cache']) ? ' OR ' . $user_info['mod_cache']['mq'] : '') . ')';
+		$user_info['query_see_board'] = '((FIND_IN_SET(' . implode(', b.member_groups) != 0 OR FIND_IN_SET(', $user_info['groups']) . ', b.member_groups) != 0' . (!empty($modSettings['denyBoardsAccess']) ? ') AND (FIND_IN_SET(' . implode(', b.deny_member_groups) = 0 AND FIND_IN_SET(', $user_info['groups']) . ', b.deny_member_groups) = 0)' : '') . (isset($user_info['mod_cache']) ? ' OR ' . $user_info['mod_cache']['mq'] : '') . ')';
 
 	// Build the list of boards they WANT to see.
 	// This will take the place of query_see_boards in certain spots, so it better include the boards they can see also
@@ -556,7 +556,7 @@ function loadBoard()
 	{
 		$request = $smcFunc['db_query']('', '
 			SELECT
-				c.id_cat, b.name AS bname, b.description, b.num_topics, b.member_groups,
+				c.id_cat, b.name AS bname, b.description, b.num_topics, b.member_groups, b.deny_member_groups,
 				b.id_parent, c.name AS cname, IFNULL(mem.id_member, 0) AS id_moderator,
 				mem.real_name' . (!empty($topic) ? ', b.id_board' : '') . ', b.child_level,
 				b.id_theme, b.override_theme, b.count_posts, b.id_profile, b.redirect,
@@ -609,6 +609,7 @@ function loadBoard()
 
 			// Load the membergroups allowed, and check permissions.
 			$board_info['groups'] = $row['member_groups'] == '' ? array() : explode(',', $row['member_groups']);
+			$board_info['deny_groups'] = $row['deny_member_groups'] == '' ? array() : explode(',', $row['deny_member_groups']);
 
 			do
 			{
@@ -678,6 +679,8 @@ function loadBoard()
 
 		if (count(array_intersect($user_info['groups'], $board_info['groups'])) == 0 && !$user_info['is_admin'])
 			$board_info['error'] = 'access';
+		if (count(array_intersect($user_info['groups'], $board_info['deny_groups'])) != 0 && !$user_info['is_admin'])
+			$board_info['error'] = 'access';
 
 		// Build up the linktree.
 		$context['linktree'] = array_merge(

Sources/ManageBoards.php

@@ -402,6 +402,7 @@ function EditBoard()
 		// Some things that need to be setup for a new board.
 		$curBoard = array(
 			'member_groups' => array(0, -1),
+			'deny_group' => array(),
 			'category' => (int) $_REQUEST['cat']
 		);
 		$context['board_order'] = array();
@@ -443,13 +444,15 @@ function EditBoard()
 		-1 => array(
 			'id' => '-1',
 			'name' => $txt['parent_guests_only'],
-			'checked' => in_array('-1', $curBoard['member_groups']),
+			'allow' => in_array('-1', $curBoard['member_groups']),
+			'deny' => in_array('-1', $curBoard['deny_groups']),
 			'is_post_group' => false,
 		),
 		0 => array(
 			'id' => '0',
 			'name' => $txt['parent_members_only'],
-			'checked' => in_array('0', $curBoard['member_groups']),
+			'allow' => in_array('0', $curBoard['member_groups']),
+			'deny' => in_array('0', $curBoard['deny_groups']),
 			'is_post_group' => false,
 		)
 	);
@@ -473,7 +476,8 @@ function EditBoard()
 		$context['groups'][(int) $row['id_group']] = array(
 			'id' => $row['id_group'],
 			'name' => trim($row['group_name']),
-			'checked' => in_array($row['id_group'], $curBoard['member_groups']),
+			'allow' => in_array($row['id_group'], $curBoard['member_groups']),
+			'deny' => in_array($row['id_group'], $curBoard['deny_groups']),
 			'is_post_group' => $row['min_posts'] != -1,
 		);
 	}
@@ -594,7 +598,6 @@ function EditBoard2()
 
 	require_once($sourcedir . '/Subs-Boards.php');
 
-
 	// Mode: modify aka. don't delete.
 	if (isset($_POST['edit']) || isset($_POST['add']))
 	{
@@ -623,10 +626,15 @@ function EditBoard2()
 		$boardOptions['access_groups'] = array();
 
 		if (!empty($_POST['groups']))
-			foreach ($_POST['groups'] as $group)
-				$boardOptions['access_groups'][] = (int) $group;
+			foreach ($_POST['groups'] as $group => $action)
+			{
+				if ($action == 'allow')
+					$boardOptions['access_groups'][] = (int) $group;
+				elseif ($action == 'deny')
+					$boardOptions['deny_groups'][] = (int) $group;
+			}
 
-		if (strlen(implode(',', $boardOptions['access_groups'])) > 255)
+		if (strlen(implode(',', $boardOptions['access_groups'])) > 255 || strlen(implode(',', $boardOptions['deny_groups'])) > 255)
 			fatal_lang_error('too_many_groups', false);
 
 		// Change '1 & 2' to '1 & 2', but not '&' to '&'...
@@ -791,6 +799,7 @@ function EditBoardSettings($return_config = false)
 			array('check', 'recycle_enable', 'onclick' => 'document.getElementById(\'recycle_board\').disabled = !this.checked;'),
 			array('select', 'recycle_board', $recycle_boards),
 			array('check', 'allow_ignore_boards'),
+			array('check', 'denyBoardsAccess'),
 	);
 
 	call_integration_hook('integrate_modify_board_settings', array(&$config_vars));

Sources/Subs-Boards.php

@@ -625,6 +625,13 @@ function modifyBoard($board_id, &$boardOptions)
 		$boardUpdateParameters['member_groups'] = implode(',', $boardOptions['access_groups']);
 	}
 
+	// And who isn't.
+	if (isset($boardOptions['deny_groups']))
+	{
+		$boardUpdates[] = 'deny_member_groups = {string:deny_groups}';
+		$boardUpdateParameters['deny_groups'] = implode(',', $boardOptions['deny_groups']);
+	}
+
 	if (isset($boardOptions['board_name']))
 	{
 		$boardUpdates[] = 'name = {string:board_name}';
@@ -1067,7 +1074,7 @@ function getBoardTree()
 		SELECT
 			IFNULL(b.id_board, 0) AS id_board, b.id_parent, b.name AS board_name, b.description, b.child_level,
 			b.board_order, b.count_posts, b.member_groups, b.id_theme, b.override_theme, b.id_profile, b.redirect,
-			b.num_posts, b.num_topics, c.id_cat, c.name AS cat_name, c.cat_order, c.can_collapse
+			b.num_posts, b.num_topics, b.deny_member_groups, c.id_cat, c.name AS cat_name, c.cat_order, c.can_collapse
 		FROM {db_prefix}categories AS c
 			LEFT JOIN {db_prefix}boards AS b ON (b.id_cat = c.id_cat)
 		ORDER BY c.cat_order, b.child_level, b.board_order',
@@ -1109,6 +1116,7 @@ function getBoardTree()
 				'order' => $row['board_order'],
 				'name' => $row['board_name'],
 				'member_groups' => explode(',', $row['member_groups']),
+				'deny_groups' => explode(',', $row['deny_member_groups']),
 				'description' => $row['description'],
 				'count_posts' => empty($row['count_posts']),
 				'posts' => $row['num_posts'],

Themes/default/ManageBoards.template.php

@@ -257,6 +257,10 @@ function template_modify_board()
 {
 	global $context, $settings, $options, $scripturl, $txt, $modSettings;
 
+	if (!empty($modSettings['denyBoardsAccess']))
+		echo '
+		<div class="information">', $txt['boardsaccess_option_desc'], '</div>';
+
 	// The main table header.
 	echo '
 	<div id="manage_boards">
@@ -358,16 +362,53 @@ function template_modify_board()
 						</dt>
 						<dd>';
 
+	if (!empty($modSettings['denyBoardsAccess']))
+		echo '
+							<table>
+								<tr>
+									<td></td>
+									<th>', $txt['permissions_option_on'], '</th>
+									<th>', $txt['permissions_option_off'], '</th>
+									<th>', $txt['permissions_option_deny'], '</th>
+								</tr>';
+
 	// List all the membergroups so the user can choose who may access this board.
 	foreach ($context['groups'] as $group)
-		echo '
+		if (empty($modSettings['denyBoardsAccess']))
+			echo '
 							<label for="groups_', $group['id'], '">
-								<input type="checkbox" name="groups[]" value="', $group['id'], '" id="groups_', $group['id'], '"', $group['checked'] ? ' checked="checked"' : '', ' class="input_check" />
+								<input type="checkbox" name="groups[', $group['id'], ']" value="allow" id="groups_', $group['id'], '"', $group['checked'] ? ' checked="checked"' : '', ' class="input_check" />
 								<span', $group['is_post_group'] ? ' class="post_group" title="' . $txt['mboards_groups_post_group'] . '"' : '', $group['id'] == 0 ? ' class="regular_members" title="' . $txt['mboards_groups_regular_members'] . '"' : '', '>
 									', $group['name'], '
 								</span>
 							</label><br />';
-	echo '
+		else
+			echo '
+								<tr>
+									<td>
+										<label for="groups_', $group['id'], '_a">
+											<span', $group['is_post_group'] ? ' class="post_group" title="' . $txt['mboards_groups_post_group'] . '"' : '', $group['id'] == 0 ? ' class="regular_members" title="' . $txt['mboards_groups_regular_members'] . '"' : '', '>
+												', $group['name'], '
+											</span>
+										</label>
+									</td>
+									<td>
+										<input type="radio" name="groups[', $group['id'], ']" value="allow" id="groups_', $group['id'], '"', $group['allow'] ? ' checked="checked"' : '', ' class="input_radio" />
+									</td>
+									<td>
+										<input type="radio" name="groups[', $group['id'], ']" value="ignore" id="groups_', $group['id'], '"', !$group['allow'] && !$group['deny'] ? ' checked="checked"' : '', ' class="input_radio" />
+									</td>
+									<td>
+										<input type="radio" name="groups[', $group['id'], ']" value="deny" id="groups_', $group['id'], '"', $group['deny'] ? ' checked="checked"' : '', ' class="input_radio" />
+									</td>
+';
+
+	if (!empty($modSettings['denyBoardsAccess']))
+		echo '
+							</table>
+						</dd>';
+	else
+		echo '
 							<em>', $txt['check_all'], '</em> <input type="checkbox" class="input_check" onclick="invertAll(this, this.form, \'groups[]\');" /><br />
 							<br />
 						</dd>';

Themes/default/languages/ManageBoards.english.php

@@ -88,6 +88,8 @@ $txt['recycle_board'] = 'Board for recycled topics';
 $txt['recycle_board_unselected_notice'] = 'You have enabled the recycling of topics without specifying a board to place them in.  This feature will not be enabled until you specify a board to place recycled topics into.';
 $txt['countChildPosts'] = 'Count child\'s posts in parent\'s totals';
 $txt['allow_ignore_boards'] = 'Allow boards to be ignored';
+$txt['denyBoardsAccess'] = 'Enable the option to deny boards access to a group';
+$txt['boardsaccess_option_desc'] = 'For each permission you can pick either \'Allow\' (A), \'Ignore\' (X), or <span class="alert">\'Deny\' (D)</span>.<br /><br />Remember that if you deny access, any member - whether moderator or otherwise - that is in that group will be denied that as well.<br />For this reason, you should use deny carefully, only when <strong>necessary</strong>. Ignore, on the other hand, denies unless otherwise granted.';
 
 $txt['mboards_select_destination'] = 'Select destination for board \'<strong>%1$s</strong>\'';
 $txt['mboards_cancel_moving'] = 'Cancel moving';

other/install_2-1_mysql.sql

@@ -495,6 +495,7 @@ CREATE TABLE {$db_prefix}boards (
   unapproved_posts smallint(5) NOT NULL default '0',
   unapproved_topics smallint(5) NOT NULL default '0',
   redirect varchar(255) NOT NULL default '',
+  deny_member_groups varchar(255) NOT NULL default '',
   PRIMARY KEY (id_board),
   UNIQUE categories (id_cat, id_board),
   KEY id_parent (id_parent),

other/install_2-1_postgresql.sql

@@ -673,6 +673,7 @@ CREATE TABLE {$db_prefix}boards (
   unapproved_posts smallint NOT NULL default '0',
   unapproved_topics smallint NOT NULL default '0',
   redirect varchar(255) NOT NULL default '',
+  deny_member_groups varchar(255) NOT NULL default '',
   PRIMARY KEY (id_board)
 );
 

other/install_2-1_sqlite.sql

@@ -507,6 +507,7 @@ CREATE TABLE {$db_prefix}boards (
   unapproved_posts smallint NOT NULL default '0',
   unapproved_topics smallint NOT NULL default '0',
   redirect varchar(255) NOT NULL default ''
+  deny_member_groups varchar(255) NOT NULL default '',
 );
 
 #

other/upgrade_2-1_mysql.sql

@@ -153,3 +153,11 @@ INSERT INTO {$db_prefix}scheduled_tasks
 VALUES
 	(0, 120, 1, 'd', 0, 'remove_temp_attachments');
 ---#
+
+/******************************************************************************/
+--- Adding support for deny boards access
+/******************************************************************************/
+---# Adding new columns to boards...
+ALTER TABLE {$db_prefix}boards
+ADD COLUMN deny_member_groups varchar(255) NOT NULL DEFAULT '';
+---#

other/upgrade_2-1_postgresql.sql

@@ -196,3 +196,12 @@ INSERT INTO {$db_prefix}scheduled_tasks
 VALUES
 	(0, 120, 1, 'd', 0, 'remove_temp_attachments');
 ---#
+
+/******************************************************************************/
+--- Adding support for deny boards access
+/******************************************************************************/
+---# Adding new columns to boards...
+ALTER TABLE {$db_prefix}boards
+ADD COLUMN deny_member_groups varchar(255) NOT NULL DEFAULT '';
+---#
+

other/upgrade_2-1_sqlite.sql

@@ -153,3 +153,11 @@ INSERT INTO {$db_prefix}scheduled_tasks
 VALUES
 	(0, 120, 1, 'd', 0, 'remove_temp_attachments');
 ---#
+
+/******************************************************************************/
+--- Adding support for deny boards access
+/******************************************************************************/
+---# Adding new columns to boards...
+ALTER TABLE {$db_prefix}boards
+ADD COLUMN deny_member_groups varchar(255) NOT NULL DEFAULT '';
+---#