ManagePermissions.php 75 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307130813091310131113121313131413151316131713181319132013211322132313241325132613271328132913301331133213331334133513361337133813391340134113421343134413451346134713481349135013511352135313541355135613571358135913601361136213631364136513661367136813691370137113721373137413751376137713781379138013811382138313841385138613871388138913901391139213931394139513961397139813991400140114021403140414051406140714081409141014111412141314141415141614171418141914201421142214231424142514261427142814291430143114321433143414351436143714381439144014411442144314441445144614471448144914501451145214531454145514561457145814591460146114621463146414651466146714681469147014711472147314741475147614771478147914801481148214831484148514861487148814891490149114921493149414951496149714981499150015011502150315041505150615071508150915101511151215131514151515161517151815191520152115221523152415251526152715281529153015311532153315341535153615371538153915401541154215431544154515461547154815491550155115521553155415551556155715581559156015611562156315641565156615671568156915701571157215731574157515761577157815791580158115821583158415851586158715881589159015911592159315941595159615971598159916001601160216031604160516061607160816091610161116121613161416151616161716181619162016211622162316241625162616271628162916301631163216331634163516361637163816391640164116421643164416451646164716481649165016511652165316541655165616571658165916601661166216631664166516661667166816691670167116721673167416751676167716781679168016811682168316841685168616871688168916901691169216931694169516961697169816991700170117021703170417051706170717081709171017111712171317141715171617171718171917201721172217231724172517261727172817291730173117321733173417351736173717381739174017411742174317441745174617471748174917501751175217531754175517561757175817591760176117621763176417651766176717681769177017711772177317741775177617771778177917801781178217831784178517861787178817891790179117921793179417951796179717981799180018011802180318041805180618071808180918101811181218131814181518161817181818191820182118221823182418251826182718281829183018311832183318341835183618371838183918401841184218431844184518461847184818491850185118521853185418551856185718581859186018611862186318641865186618671868186918701871187218731874187518761877187818791880188118821883188418851886188718881889189018911892189318941895189618971898189919001901190219031904190519061907190819091910191119121913191419151916191719181919192019211922192319241925192619271928192919301931193219331934193519361937193819391940194119421943194419451946194719481949195019511952195319541955195619571958195919601961196219631964196519661967196819691970197119721973197419751976197719781979198019811982198319841985198619871988198919901991199219931994199519961997199819992000200120022003200420052006200720082009201020112012201320142015201620172018201920202021202220232024202520262027202820292030203120322033203420352036203720382039204020412042204320442045204620472048204920502051205220532054205520562057205820592060206120622063206420652066206720682069207020712072207320742075207620772078207920802081208220832084208520862087208820892090209120922093209420952096209720982099210021012102210321042105210621072108210921102111211221132114211521162117211821192120212121222123212421252126212721282129213021312132213321342135213621372138213921402141214221432144214521462147214821492150215121522153215421552156215721582159216021612162216321642165216621672168216921702171217221732174217521762177217821792180218121822183218421852186218721882189219021912192219321942195219621972198219922002201220222032204220522062207220822092210221122122213221422152216221722182219222022212222222322242225222622272228222922302231223222332234223522362237223822392240224122422243224422452246224722482249225022512252225322542255225622572258225922602261226222632264226522662267226822692270227122722273227422752276227722782279228022812282228322842285228622872288228922902291229222932294229522962297229822992300230123022303230423052306230723082309231023112312231323142315231623172318231923202321232223232324232523262327232823292330233123322333233423352336233723382339234023412342234323442345234623472348234923502351235223532354235523562357235823592360236123622363236423652366236723682369237023712372237323742375237623772378237923802381238223832384238523862387238823892390239123922393239423952396239723982399240024012402240324042405240624072408240924102411241224132414241524162417241824192420242124222423
  1. <?php
  2. /**
  3. * ManagePermissions handles all possible permission stuff.
  4. *
  5. * Simple Machines Forum (SMF)
  6. *
  7. * @package SMF
  8. * @author Simple Machines http://www.simplemachines.org
  9. * @copyright 2011 Simple Machines
  10. * @license http://www.simplemachines.org/about/smf/license.php BSD
  11. *
  12. * @version 2.1 Alpha 1
  13. */
  14. if (!defined('SMF'))
  15. die('Hacking attempt...');
  16. /**
  17. * Dispaches to the right function based on the given subaction.
  18. * Checks the permissions, based on the sub-action.
  19. * Called by ?action=managepermissions.
  20. *
  21. * @uses ManagePermissions language file.
  22. */
  23. function ModifyPermissions()
  24. {
  25. global $txt, $scripturl, $context;
  26. loadLanguage('ManagePermissions+ManageMembers');
  27. loadTemplate('ManagePermissions');
  28. // Format: 'sub-action' => array('function_to_call', 'permission_needed'),
  29. $subActions = array(
  30. 'board' => array('PermissionByBoard', 'manage_permissions'),
  31. 'index' => array('PermissionIndex', 'manage_permissions'),
  32. 'modify' => array('ModifyMembergroup', 'manage_permissions'),
  33. 'modify2' => array('ModifyMembergroup2', 'manage_permissions'),
  34. 'quick' => array('SetQuickGroups', 'manage_permissions'),
  35. 'quickboard' => array('SetQuickBoards', 'manage_permissions'),
  36. 'postmod' => array('ModifyPostModeration', 'manage_permissions', 'disabled' => !in_array('pm', $context['admin_features'])),
  37. 'profiles' => array('EditPermissionProfiles', 'manage_permissions'),
  38. 'settings' => array('GeneralPermissionSettings', 'admin_forum'),
  39. );
  40. call_integration_hook('integrate_manage_permissions', array(&$subActions));
  41. $_REQUEST['sa'] = isset($_REQUEST['sa']) && isset($subActions[$_REQUEST['sa']]) && empty($subActions[$_REQUEST['sa']]['disabled']) ? $_REQUEST['sa'] : (allowedTo('manage_permissions') ? 'index' : 'settings');
  42. isAllowedTo($subActions[$_REQUEST['sa']][1]);
  43. // Create the tabs for the template.
  44. $context[$context['admin_menu_name']]['tab_data'] = array(
  45. 'title' => $txt['permissions_title'],
  46. 'help' => 'permissions',
  47. 'description' => '',
  48. 'tabs' => array(
  49. 'index' => array(
  50. 'description' => $txt['permissions_groups'],
  51. ),
  52. 'board' => array(
  53. 'description' => $txt['permission_by_board_desc'],
  54. ),
  55. 'profiles' => array(
  56. 'description' => $txt['permissions_profiles_desc'],
  57. ),
  58. 'postmod' => array(
  59. 'description' => $txt['permissions_post_moderation_desc'],
  60. ),
  61. 'settings' => array(
  62. 'description' => $txt['permission_settings_desc'],
  63. ),
  64. ),
  65. );
  66. $subActions[$_REQUEST['sa']][0]();
  67. }
  68. /**
  69. * Sets up the permissions by membergroup index page.
  70. * Called by ?action=managepermissions
  71. * Creates an array of all the groups with the number of members and permissions.
  72. *
  73. * @uses ManagePermissions language file.
  74. * @uses ManagePermissions template file.
  75. * @uses ManageBoards template, permission_index sub-template.
  76. */
  77. function PermissionIndex()
  78. {
  79. global $txt, $scripturl, $context, $settings, $modSettings, $smcFunc;
  80. $context['page_title'] = $txt['permissions_title'];
  81. // Load all the permissions. We'll need them in the template.
  82. loadAllPermissions();
  83. // Also load profiles, we may want to reset.
  84. loadPermissionProfiles();
  85. // Are we going to show the advanced options?
  86. $context['show_advanced_options'] = empty($context['admin_preferences']['app']);
  87. // Determine the number of ungrouped members.
  88. $request = $smcFunc['db_query']('', '
  89. SELECT COUNT(*)
  90. FROM {db_prefix}members
  91. WHERE id_group = {int:regular_group}',
  92. array(
  93. 'regular_group' => 0,
  94. )
  95. );
  96. list ($num_members) = $smcFunc['db_fetch_row']($request);
  97. $smcFunc['db_free_result']($request);
  98. // Fill the context variable with 'Guests' and 'Regular Members'.
  99. $context['groups'] = array(
  100. -1 => array(
  101. 'id' => -1,
  102. 'name' => $txt['membergroups_guests'],
  103. 'num_members' => $txt['membergroups_guests_na'],
  104. 'allow_delete' => false,
  105. 'allow_modify' => true,
  106. 'can_search' => false,
  107. 'href' => '',
  108. 'link' => '',
  109. 'is_post_group' => false,
  110. 'color' => '',
  111. 'icons' => '',
  112. 'children' => array(),
  113. 'num_permissions' => array(
  114. 'allowed' => 0,
  115. // Can't deny guest permissions!
  116. 'denied' => '(' . $txt['permissions_none'] . ')'
  117. ),
  118. 'access' => false
  119. ),
  120. 0 => array(
  121. 'id' => 0,
  122. 'name' => $txt['membergroups_members'],
  123. 'num_members' => $num_members,
  124. 'allow_delete' => false,
  125. 'allow_modify' => true,
  126. 'can_search' => false,
  127. 'href' => $scripturl . '?action=moderate;area=viewgroups;sa=members;group=0',
  128. 'is_post_group' => false,
  129. 'color' => '',
  130. 'icons' => '',
  131. 'children' => array(),
  132. 'num_permissions' => array(
  133. 'allowed' => 0,
  134. 'denied' => 0
  135. ),
  136. 'access' => false
  137. ),
  138. );
  139. $postGroups = array();
  140. $normalGroups = array();
  141. // Query the database defined membergroups.
  142. $query = $smcFunc['db_query']('', '
  143. SELECT id_group, id_parent, group_name, min_posts, online_color, icons
  144. FROM {db_prefix}membergroups' . (empty($modSettings['permission_enable_postgroups']) ? '
  145. WHERE min_posts = {int:min_posts}' : '') . '
  146. ORDER BY id_parent = {int:not_inherited} DESC, min_posts, CASE WHEN id_group < {int:newbie_group} THEN id_group ELSE 4 END, group_name',
  147. array(
  148. 'min_posts' => -1,
  149. 'not_inherited' => -2,
  150. 'newbie_group' => 4,
  151. )
  152. );
  153. while ($row = $smcFunc['db_fetch_assoc']($query))
  154. {
  155. // If it's inherited, just add it as a child.
  156. if ($row['id_parent'] != -2)
  157. {
  158. if (isset($context['groups'][$row['id_parent']]))
  159. $context['groups'][$row['id_parent']]['children'][$row['id_group']] = $row['group_name'];
  160. continue;
  161. }
  162. $row['icons'] = explode('#', $row['icons']);
  163. $context['groups'][$row['id_group']] = array(
  164. 'id' => $row['id_group'],
  165. 'name' => $row['group_name'],
  166. 'num_members' => $row['id_group'] != 3 ? 0 : $txt['membergroups_guests_na'],
  167. 'allow_delete' => $row['id_group'] > 4,
  168. 'allow_modify' => $row['id_group'] > 1,
  169. 'can_search' => $row['id_group'] != 3,
  170. 'href' => $scripturl . '?action=moderate;area=viewgroups;sa=members;group=' . $row['id_group'],
  171. 'is_post_group' => $row['min_posts'] != -1,
  172. 'color' => empty($row['online_color']) ? '' : $row['online_color'],
  173. 'icons' => !empty($row['icons'][0]) && !empty($row['icons'][1]) ? str_repeat('<img src="' . $settings['images_url'] . '/' . $row['icons'][1] . '" alt="*" />', $row['icons'][0]) : '',
  174. 'children' => array(),
  175. 'num_permissions' => array(
  176. 'allowed' => $row['id_group'] == 1 ? '(' . $txt['permissions_all'] . ')' : 0,
  177. 'denied' => $row['id_group'] == 1 ? '(' . $txt['permissions_none'] . ')' : 0
  178. ),
  179. 'access' => false,
  180. );
  181. if ($row['min_posts'] == -1)
  182. $normalGroups[$row['id_group']] = $row['id_group'];
  183. else
  184. $postGroups[$row['id_group']] = $row['id_group'];
  185. }
  186. $smcFunc['db_free_result']($query);
  187. // Get the number of members in this post group.
  188. if (!empty($postGroups))
  189. {
  190. $query = $smcFunc['db_query']('', '
  191. SELECT id_post_group AS id_group, COUNT(*) AS num_members
  192. FROM {db_prefix}members
  193. WHERE id_post_group IN ({array_int:post_group_list})
  194. GROUP BY id_post_group',
  195. array(
  196. 'post_group_list' => $postGroups,
  197. )
  198. );
  199. while ($row = $smcFunc['db_fetch_assoc']($query))
  200. $context['groups'][$row['id_group']]['num_members'] += $row['num_members'];
  201. $smcFunc['db_free_result']($query);
  202. }
  203. if (!empty($normalGroups))
  204. {
  205. // First, the easy one!
  206. $query = $smcFunc['db_query']('', '
  207. SELECT id_group, COUNT(*) AS num_members
  208. FROM {db_prefix}members
  209. WHERE id_group IN ({array_int:normal_group_list})
  210. GROUP BY id_group',
  211. array(
  212. 'normal_group_list' => $normalGroups,
  213. )
  214. );
  215. while ($row = $smcFunc['db_fetch_assoc']($query))
  216. $context['groups'][$row['id_group']]['num_members'] += $row['num_members'];
  217. $smcFunc['db_free_result']($query);
  218. // This one is slower, but it's okay... careful not to count twice!
  219. $query = $smcFunc['db_query']('', '
  220. SELECT mg.id_group, COUNT(*) AS num_members
  221. FROM {db_prefix}membergroups AS mg
  222. INNER JOIN {db_prefix}members AS mem ON (mem.additional_groups != {string:blank_string}
  223. AND mem.id_group != mg.id_group
  224. AND FIND_IN_SET(mg.id_group, mem.additional_groups) != 0)
  225. WHERE mg.id_group IN ({array_int:normal_group_list})
  226. GROUP BY mg.id_group',
  227. array(
  228. 'normal_group_list' => $normalGroups,
  229. 'blank_string' => '',
  230. )
  231. );
  232. while ($row = $smcFunc['db_fetch_assoc']($query))
  233. $context['groups'][$row['id_group']]['num_members'] += $row['num_members'];
  234. $smcFunc['db_free_result']($query);
  235. }
  236. foreach ($context['groups'] as $id => $data)
  237. {
  238. if ($data['href'] != '')
  239. $context['groups'][$id]['link'] = '<a href="' . $data['href'] . '">' . $data['num_members'] . '</a>';
  240. }
  241. if (empty($_REQUEST['pid']))
  242. {
  243. $request = $smcFunc['db_query']('', '
  244. SELECT id_group, COUNT(*) AS num_permissions, add_deny
  245. FROM {db_prefix}permissions
  246. ' . (empty($context['hidden_permissions']) ? '' : ' WHERE permission NOT IN ({array_string:hidden_permissions})') . '
  247. GROUP BY id_group, add_deny',
  248. array(
  249. 'hidden_permissions' => !empty($context['hidden_permissions']) ? $context['hidden_permissions'] : array(),
  250. )
  251. );
  252. while ($row = $smcFunc['db_fetch_assoc']($request))
  253. if (isset($context['groups'][(int) $row['id_group']]) && (!empty($row['add_deny']) || $row['id_group'] != -1))
  254. $context['groups'][(int) $row['id_group']]['num_permissions'][empty($row['add_deny']) ? 'denied' : 'allowed'] = $row['num_permissions'];
  255. $smcFunc['db_free_result']($request);
  256. // Get the "default" profile permissions too.
  257. $request = $smcFunc['db_query']('', '
  258. SELECT id_profile, id_group, COUNT(*) AS num_permissions, add_deny
  259. FROM {db_prefix}board_permissions
  260. WHERE id_profile = {int:default_profile}
  261. ' . (empty($context['hidden_permissions']) ? '' : ' AND permission NOT IN ({array_string:hidden_permissions})') . '
  262. GROUP BY id_profile, id_group, add_deny',
  263. array(
  264. 'default_profile' => 1,
  265. 'hidden_permissions' => !empty($context['hidden_permissions']) ? $context['hidden_permissions'] : array(),
  266. )
  267. );
  268. while ($row = $smcFunc['db_fetch_assoc']($request))
  269. {
  270. if (isset($context['groups'][(int) $row['id_group']]) && (!empty($row['add_deny']) || $row['id_group'] != -1))
  271. $context['groups'][(int) $row['id_group']]['num_permissions'][empty($row['add_deny']) ? 'denied' : 'allowed'] += $row['num_permissions'];
  272. }
  273. $smcFunc['db_free_result']($request);
  274. }
  275. else
  276. {
  277. $_REQUEST['pid'] = (int) $_REQUEST['pid'];
  278. if (!isset($context['profiles'][$_REQUEST['pid']]))
  279. fatal_lang_error('no_access', false);
  280. // Change the selected tab to better reflect that this really is a board profile.
  281. $context[$context['admin_menu_name']]['current_subsection'] = 'profiles';
  282. $request = $smcFunc['db_query']('', '
  283. SELECT id_profile, id_group, COUNT(*) AS num_permissions, add_deny
  284. FROM {db_prefix}board_permissions
  285. WHERE id_profile = {int:current_profile}
  286. GROUP BY id_profile, id_group, add_deny',
  287. array(
  288. 'current_profile' => $_REQUEST['pid'],
  289. )
  290. );
  291. while ($row = $smcFunc['db_fetch_assoc']($request))
  292. {
  293. if (isset($context['groups'][(int) $row['id_group']]) && (!empty($row['add_deny']) || $row['id_group'] != -1))
  294. $context['groups'][(int) $row['id_group']]['num_permissions'][empty($row['add_deny']) ? 'denied' : 'allowed'] += $row['num_permissions'];
  295. }
  296. $smcFunc['db_free_result']($request);
  297. $context['profile'] = array(
  298. 'id' => $_REQUEST['pid'],
  299. 'name' => $context['profiles'][$_REQUEST['pid']]['name'],
  300. );
  301. }
  302. // We can modify any permission set apart from the read only, reply only and no polls ones as they are redefined.
  303. $context['can_modify'] = empty($_REQUEST['pid']) || $_REQUEST['pid'] == 1 || $_REQUEST['pid'] > 4;
  304. // Load the proper template.
  305. $context['sub_template'] = 'permission_index';
  306. createToken('admin-mpq');
  307. }
  308. /**
  309. * Handle permissions by board... more or less. :P
  310. */
  311. function PermissionByBoard()
  312. {
  313. global $context, $modSettings, $txt, $smcFunc, $sourcedir, $cat_tree, $boardList, $boards;
  314. $context['page_title'] = $txt['permissions_boards'];
  315. $context['edit_all'] = isset($_GET['edit']);
  316. // Saving?
  317. if (!empty($_POST['save_changes']) && !empty($_POST['boardprofile']))
  318. {
  319. checkSession('request');
  320. validateToken('admin-mpb');
  321. $changes = array();
  322. foreach ($_POST['boardprofile'] as $board => $profile)
  323. {
  324. $changes[(int) $profile][] = (int) $board;
  325. }
  326. if (!empty($changes))
  327. {
  328. foreach ($changes as $profile => $boards)
  329. $smcFunc['db_query']('', '
  330. UPDATE {db_prefix}boards
  331. SET id_profile = {int:current_profile}
  332. WHERE id_board IN ({array_int:board_list})',
  333. array(
  334. 'board_list' => $boards,
  335. 'current_profile' => $profile,
  336. )
  337. );
  338. }
  339. $context['edit_all'] = false;
  340. }
  341. // Load all permission profiles.
  342. loadPermissionProfiles();
  343. // Get the board tree.
  344. require_once($sourcedir . '/Subs-Boards.php');
  345. getBoardTree();
  346. // Build the list of the boards.
  347. $context['categories'] = array();
  348. foreach ($cat_tree as $catid => $tree)
  349. {
  350. $context['categories'][$catid] = array(
  351. 'name' => &$tree['node']['name'],
  352. 'id' => &$tree['node']['id'],
  353. 'boards' => array()
  354. );
  355. foreach ($boardList[$catid] as $boardid)
  356. {
  357. if (!isset($context['profiles'][$boards[$boardid]['profile']]))
  358. $boards[$boardid]['profile'] = 1;
  359. $context['categories'][$catid]['boards'][$boardid] = array(
  360. 'id' => &$boards[$boardid]['id'],
  361. 'name' => &$boards[$boardid]['name'],
  362. 'description' => &$boards[$boardid]['description'],
  363. 'child_level' => &$boards[$boardid]['level'],
  364. 'profile' => &$boards[$boardid]['profile'],
  365. 'profile_name' => $context['profiles'][$boards[$boardid]['profile']]['name'],
  366. );
  367. }
  368. }
  369. $context['sub_template'] = 'by_board';
  370. createToken('admin-mpb');
  371. }
  372. /**
  373. * Handles permission modification actions from the upper part of the
  374. * permission manager index.
  375. */
  376. function SetQuickGroups()
  377. {
  378. global $context, $smcFunc;
  379. checkSession();
  380. validateToken('admin-mpq', 'quick');
  381. loadIllegalPermissions();
  382. loadIllegalGuestPermissions();
  383. // Make sure only one of the quick options was selected.
  384. if ((!empty($_POST['predefined']) && ((isset($_POST['copy_from']) && $_POST['copy_from'] != 'empty') || !empty($_POST['permissions']))) || (!empty($_POST['copy_from']) && $_POST['copy_from'] != 'empty' && !empty($_POST['permissions'])))
  385. fatal_lang_error('permissions_only_one_option', false);
  386. if (empty($_POST['group']) || !is_array($_POST['group']))
  387. $_POST['group'] = array();
  388. // Only accept numeric values for selected membergroups.
  389. foreach ($_POST['group'] as $id => $group_id)
  390. $_POST['group'][$id] = (int) $group_id;
  391. $_POST['group'] = array_unique($_POST['group']);
  392. if (empty($_REQUEST['pid']))
  393. $_REQUEST['pid'] = 0;
  394. else
  395. $_REQUEST['pid'] = (int) $_REQUEST['pid'];
  396. // Fix up the old global to the new default!
  397. $bid = max(1, $_REQUEST['pid']);
  398. // No modifying the predefined profiles.
  399. if ($_REQUEST['pid'] > 1 && $_REQUEST['pid'] < 5)
  400. fatal_lang_error('no_access', false);
  401. // Clear out any cached authority.
  402. updateSettings(array('settings_updated' => time()));
  403. // No groups where selected.
  404. if (empty($_POST['group']))
  405. redirectexit('action=admin;area=permissions;pid=' . $_REQUEST['pid']);
  406. // Set a predefined permission profile.
  407. if (!empty($_POST['predefined']))
  408. {
  409. // Make sure it's a predefined permission set we expect.
  410. if (!in_array($_POST['predefined'], array('restrict', 'standard', 'moderator', 'maintenance')))
  411. redirectexit('action=admin;area=permissions;pid=' . $_REQUEST['pid']);
  412. foreach ($_POST['group'] as $group_id)
  413. {
  414. if (!empty($_REQUEST['pid']))
  415. setPermissionLevel($_POST['predefined'], $group_id, $_REQUEST['pid']);
  416. else
  417. setPermissionLevel($_POST['predefined'], $group_id);
  418. }
  419. }
  420. // Set a permission profile based on the permissions of a selected group.
  421. elseif ($_POST['copy_from'] != 'empty')
  422. {
  423. // Just checking the input.
  424. if (!is_numeric($_POST['copy_from']))
  425. redirectexit('action=admin;area=permissions;pid=' . $_REQUEST['pid']);
  426. // Make sure the group we're copying to is never included.
  427. $_POST['group'] = array_diff($_POST['group'], array($_POST['copy_from']));
  428. // No groups left? Too bad.
  429. if (empty($_POST['group']))
  430. redirectexit('action=admin;area=permissions;pid=' . $_REQUEST['pid']);
  431. if (empty($_REQUEST['pid']))
  432. {
  433. // Retrieve current permissions of group.
  434. $request = $smcFunc['db_query']('', '
  435. SELECT permission, add_deny
  436. FROM {db_prefix}permissions
  437. WHERE id_group = {int:copy_from}',
  438. array(
  439. 'copy_from' => $_POST['copy_from'],
  440. )
  441. );
  442. $target_perm = array();
  443. while ($row = $smcFunc['db_fetch_assoc']($request))
  444. $target_perm[$row['permission']] = $row['add_deny'];
  445. $smcFunc['db_free_result']($request);
  446. $inserts = array();
  447. foreach ($_POST['group'] as $group_id)
  448. foreach ($target_perm as $perm => $add_deny)
  449. {
  450. // No dodgy permissions please!
  451. if (!empty($context['illegal_permissions']) && in_array($perm, $context['illegal_permissions']))
  452. continue;
  453. if ($group_id == -1 && in_array($perm, $context['non_guest_permissions']))
  454. continue;
  455. if ($group_id != 1 && $group_id != 3)
  456. $inserts[] = array($perm, $group_id, $add_deny);
  457. }
  458. // Delete the previous permissions...
  459. $smcFunc['db_query']('', '
  460. DELETE FROM {db_prefix}permissions
  461. WHERE id_group IN ({array_int:group_list})
  462. ' . (empty($context['illegal_permissions']) ? '' : ' AND permission NOT IN ({array_string:illegal_permissions})'),
  463. array(
  464. 'group_list' => $_POST['group'],
  465. 'illegal_permissions' => !empty($context['illegal_permissions']) ? $context['illegal_permissions'] : array(),
  466. )
  467. );
  468. if (!empty($inserts))
  469. {
  470. // ..and insert the new ones.
  471. $smcFunc['db_insert']('',
  472. '{db_prefix}permissions',
  473. array(
  474. 'permission' => 'string', 'id_group' => 'int', 'add_deny' => 'int',
  475. ),
  476. $inserts,
  477. array('permission', 'id_group')
  478. );
  479. }
  480. }
  481. // Now do the same for the board permissions.
  482. $request = $smcFunc['db_query']('', '
  483. SELECT permission, add_deny
  484. FROM {db_prefix}board_permissions
  485. WHERE id_group = {int:copy_from}
  486. AND id_profile = {int:current_profile}',
  487. array(
  488. 'copy_from' => $_POST['copy_from'],
  489. 'current_profile' => $bid,
  490. )
  491. );
  492. $target_perm = array();
  493. while ($row = $smcFunc['db_fetch_assoc']($request))
  494. $target_perm[$row['permission']] = $row['add_deny'];
  495. $smcFunc['db_free_result']($request);
  496. $inserts = array();
  497. foreach ($_POST['group'] as $group_id)
  498. foreach ($target_perm as $perm => $add_deny)
  499. {
  500. // Are these for guests?
  501. if ($group_id == -1 && in_array($perm, $context['non_guest_permissions']))
  502. continue;
  503. $inserts[] = array($perm, $group_id, $bid, $add_deny);
  504. }
  505. // Delete the previous global board permissions...
  506. $smcFunc['db_query']('', '
  507. DELETE FROM {db_prefix}board_permissions
  508. WHERE id_group IN ({array_int:current_group_list})
  509. AND id_profile = {int:current_profile}',
  510. array(
  511. 'current_group_list' => $_POST['group'],
  512. 'current_profile' => $bid,
  513. )
  514. );
  515. // And insert the copied permissions.
  516. if (!empty($inserts))
  517. {
  518. // ..and insert the new ones.
  519. $smcFunc['db_insert']('',
  520. '{db_prefix}board_permissions',
  521. array('permission' => 'string', 'id_group' => 'int', 'id_profile' => 'int', 'add_deny' => 'int'),
  522. $inserts,
  523. array('permission', 'id_group', 'id_profile')
  524. );
  525. }
  526. // Update any children out there!
  527. updateChildPermissions($_POST['group'], $_REQUEST['pid']);
  528. }
  529. // Set or unset a certain permission for the selected groups.
  530. elseif (!empty($_POST['permissions']))
  531. {
  532. // Unpack two variables that were transported.
  533. list ($permissionType, $permission) = explode('/', $_POST['permissions']);
  534. // Check whether our input is within expected range.
  535. if (!in_array($_POST['add_remove'], array('add', 'clear', 'deny')) || !in_array($permissionType, array('membergroup', 'board')))
  536. redirectexit('action=admin;area=permissions;pid=' . $_REQUEST['pid']);
  537. if ($_POST['add_remove'] == 'clear')
  538. {
  539. if ($permissionType == 'membergroup')
  540. $smcFunc['db_query']('', '
  541. DELETE FROM {db_prefix}permissions
  542. WHERE id_group IN ({array_int:current_group_list})
  543. AND permission = {string:current_permission}
  544. ' . (empty($context['illegal_permissions']) ? '' : ' AND permission NOT IN ({array_string:illegal_permissions})'),
  545. array(
  546. 'current_group_list' => $_POST['group'],
  547. 'current_permission' => $permission,
  548. 'illegal_permissions' => !empty($context['illegal_permissions']) ? $context['illegal_permissions'] : array(),
  549. )
  550. );
  551. else
  552. $smcFunc['db_query']('', '
  553. DELETE FROM {db_prefix}board_permissions
  554. WHERE id_group IN ({array_int:current_group_list})
  555. AND id_profile = {int:current_profile}
  556. AND permission = {string:current_permission}',
  557. array(
  558. 'current_group_list' => $_POST['group'],
  559. 'current_profile' => $bid,
  560. 'current_permission' => $permission,
  561. )
  562. );
  563. }
  564. // Add a permission (either 'set' or 'deny').
  565. else
  566. {
  567. $add_deny = $_POST['add_remove'] == 'add' ? '1' : '0';
  568. $permChange = array();
  569. foreach ($_POST['group'] as $groupID)
  570. {
  571. if ($groupID == -1 && in_array($permission, $context['non_guest_permissions']))
  572. continue;
  573. if ($permissionType == 'membergroup' && $groupID != 1 && $groupID != 3 && (empty($context['illegal_permissions']) || !in_array($permission, $context['illegal_permissions'])))
  574. $permChange[] = array($permission, $groupID, $add_deny);
  575. elseif ($permissionType != 'membergroup')
  576. $permChange[] = array($permission, $groupID, $bid, $add_deny);
  577. }
  578. if (!empty($permChange))
  579. {
  580. if ($permissionType == 'membergroup')
  581. $smcFunc['db_insert']('replace',
  582. '{db_prefix}permissions',
  583. array('permission' => 'string', 'id_group' => 'int', 'add_deny' => 'int'),
  584. $permChange,
  585. array('permission', 'id_group')
  586. );
  587. // Board permissions go into the other table.
  588. else
  589. $smcFunc['db_insert']('replace',
  590. '{db_prefix}board_permissions',
  591. array('permission' => 'string', 'id_group' => 'int', 'id_profile' => 'int', 'add_deny' => 'int'),
  592. $permChange,
  593. array('permission', 'id_group', 'id_profile')
  594. );
  595. }
  596. }
  597. // Another child update!
  598. updateChildPermissions($_POST['group'], $_REQUEST['pid']);
  599. }
  600. redirectexit('action=admin;area=permissions;pid=' . $_REQUEST['pid']);
  601. }
  602. /**
  603. * Initializes the necessary to modify a membergroup's permissions.
  604. */
  605. function ModifyMembergroup()
  606. {
  607. global $context, $txt, $modSettings, $smcFunc, $sourcedir;
  608. if (!isset($_GET['group']))
  609. fatal_lang_error('no_access', false);
  610. $context['group']['id'] = (int) $_GET['group'];
  611. // Are they toggling the view?
  612. if (isset($_GET['view']))
  613. {
  614. $context['admin_preferences']['pv'] = $_GET['view'] == 'classic' ? 'classic' : 'simple';
  615. // Update the users preferences.
  616. require_once($sourcedir . '/Subs-Admin.php');
  617. updateAdminPreferences();
  618. }
  619. $context['view_type'] = !empty($context['admin_preferences']['pv']) && $context['admin_preferences']['pv'] == 'classic' ? 'classic' : 'simple';
  620. // It's not likely you'd end up here with this setting disabled.
  621. if ($_GET['group'] == 1)
  622. redirectexit('action=admin;area=permissions');
  623. loadAllPermissions($context['view_type']);
  624. loadPermissionProfiles();
  625. if ($context['group']['id'] > 0)
  626. {
  627. $result = $smcFunc['db_query']('', '
  628. SELECT group_name, id_parent
  629. FROM {db_prefix}membergroups
  630. WHERE id_group = {int:current_group}
  631. LIMIT 1',
  632. array(
  633. 'current_group' => $context['group']['id'],
  634. )
  635. );
  636. list ($context['group']['name'], $parent) = $smcFunc['db_fetch_row']($result);
  637. $smcFunc['db_free_result']($result);
  638. // Cannot edit an inherited group!
  639. if ($parent != -2)
  640. fatal_lang_error('cannot_edit_permissions_inherited');
  641. }
  642. elseif ($context['group']['id'] == -1)
  643. $context['group']['name'] = $txt['membergroups_guests'];
  644. else
  645. $context['group']['name'] = $txt['membergroups_members'];
  646. $context['profile']['id'] = empty($_GET['pid']) ? 0 : (int) $_GET['pid'];
  647. // If this is a moderator and they are editing "no profile" then we only do boards.
  648. if ($context['group']['id'] == 3 && empty($context['profile']['id']))
  649. {
  650. // For sanity just check they have no general permissions.
  651. $smcFunc['db_query']('', '
  652. DELETE FROM {db_prefix}permissions
  653. WHERE id_group = {int:moderator_group}',
  654. array(
  655. 'moderator_group' => 3,
  656. )
  657. );
  658. $context['profile']['id'] = 1;
  659. }
  660. $context['permission_type'] = empty($context['profile']['id']) ? 'membergroup' : 'board';
  661. $context['profile']['can_modify'] = !$context['profile']['id'] || $context['profiles'][$context['profile']['id']]['can_modify'];
  662. // Set up things a little nicer for board related stuff...
  663. if ($context['permission_type'] == 'board')
  664. {
  665. $context['profile']['name'] = $context['profiles'][$context['profile']['id']]['name'];
  666. $context[$context['admin_menu_name']]['current_subsection'] = 'profiles';
  667. }
  668. // Fetch the current permissions.
  669. $permissions = array(
  670. 'membergroup' => array('allowed' => array(), 'denied' => array()),
  671. 'board' => array('allowed' => array(), 'denied' => array())
  672. );
  673. // General permissions?
  674. if ($context['permission_type'] == 'membergroup')
  675. {
  676. $result = $smcFunc['db_query']('', '
  677. SELECT permission, add_deny
  678. FROM {db_prefix}permissions
  679. WHERE id_group = {int:current_group}',
  680. array(
  681. 'current_group' => $_GET['group'],
  682. )
  683. );
  684. while ($row = $smcFunc['db_fetch_assoc']($result))
  685. $permissions['membergroup'][empty($row['add_deny']) ? 'denied' : 'allowed'][] = $row['permission'];
  686. $smcFunc['db_free_result']($result);
  687. }
  688. // Fetch current board permissions...
  689. $result = $smcFunc['db_query']('', '
  690. SELECT permission, add_deny
  691. FROM {db_prefix}board_permissions
  692. WHERE id_group = {int:current_group}
  693. AND id_profile = {int:current_profile}',
  694. array(
  695. 'current_group' => $context['group']['id'],
  696. 'current_profile' => $context['permission_type'] == 'membergroup' ? 1 : $context['profile']['id'],
  697. )
  698. );
  699. while ($row = $smcFunc['db_fetch_assoc']($result))
  700. $permissions['board'][empty($row['add_deny']) ? 'denied' : 'allowed'][] = $row['permission'];
  701. $smcFunc['db_free_result']($result);
  702. // Loop through each permission and set whether it's checked.
  703. foreach ($context['permissions'] as $permissionType => $tmp)
  704. {
  705. foreach ($tmp['columns'] as $position => $permissionGroups)
  706. {
  707. foreach ($permissionGroups as $permissionGroup => $permissionArray)
  708. {
  709. foreach ($permissionArray['permissions'] as $perm)
  710. {
  711. // Create a shortcut for the current permission.
  712. $curPerm = &$context['permissions'][$permissionType]['columns'][$position][$permissionGroup]['permissions'][$perm['id']];
  713. if ($tmp['view'] == 'classic')
  714. {
  715. if ($perm['has_own_any'])
  716. {
  717. $curPerm['any']['select'] = in_array($perm['id'] . '_any', $permissions[$permissionType]['allowed']) ? 'on' : (in_array($perm['id'] . '_any', $permissions[$permissionType]['denied']) ? 'denied' : 'off');
  718. $curPerm['own']['select'] = in_array($perm['id'] . '_own', $permissions[$permissionType]['allowed']) ? 'on' : (in_array($perm['id'] . '_own', $permissions[$permissionType]['denied']) ? 'denied' : 'off');
  719. }
  720. else
  721. $curPerm['select'] = in_array($perm['id'], $permissions[$permissionType]['denied']) ? 'denied' : (in_array($perm['id'], $permissions[$permissionType]['allowed']) ? 'on' : 'off');
  722. }
  723. else
  724. {
  725. $curPerm['select'] = in_array($perm['id'], $permissions[$permissionType]['denied']) ? 'denied' : (in_array($perm['id'], $permissions[$permissionType]['allowed']) ? 'on' : 'off');
  726. }
  727. }
  728. }
  729. }
  730. }
  731. $context['sub_template'] = 'modify_group';
  732. $context['page_title'] = $txt['permissions_modify_group'];
  733. createToken('admin-mp');
  734. }
  735. /**
  736. * This function actually saves modifications to a membergroup's board permissions.
  737. */
  738. function ModifyMembergroup2()
  739. {
  740. global $modSettings, $smcFunc, $context;
  741. checkSession();
  742. validateToken('admin-mp');
  743. loadIllegalPermissions();
  744. $_GET['group'] = (int) $_GET['group'];
  745. $_GET['pid'] = (int) $_GET['pid'];
  746. // Cannot modify predefined profiles.
  747. if ($_GET['pid'] > 1 && $_GET['pid'] < 5)
  748. fatal_lang_error('no_access', false);
  749. // Verify this isn't inherited.
  750. if ($_GET['group'] == -1 || $_GET['group'] == 0)
  751. $parent = -2;
  752. else
  753. {
  754. $result = $smcFunc['db_query']('', '
  755. SELECT id_parent
  756. FROM {db_prefix}membergroups
  757. WHERE id_group = {int:current_group}
  758. LIMIT 1',
  759. array(
  760. 'current_group' => $_GET['group'],
  761. )
  762. );
  763. list ($parent) = $smcFunc['db_fetch_row']($result);
  764. $smcFunc['db_free_result']($result);
  765. }
  766. if ($parent != -2)
  767. fatal_lang_error('cannot_edit_permissions_inherited');
  768. $givePerms = array('membergroup' => array(), 'board' => array());
  769. // Guest group, we need illegal, guest permissions.
  770. if ($_GET['group'] == -1)
  771. {
  772. loadIllegalGuestPermissions();
  773. $context['illegal_permissions'] = array_merge($context['illegal_permissions'], $context['non_guest_permissions']);
  774. }
  775. // Prepare all permissions that were set or denied for addition to the DB.
  776. if (isset($_POST['perm']) && is_array($_POST['perm']))
  777. {
  778. foreach ($_POST['perm'] as $perm_type => $perm_array)
  779. {
  780. if (is_array($perm_array))
  781. {
  782. foreach ($perm_array as $permission => $value)
  783. if ($value == 'on' || $value == 'deny')
  784. {
  785. // Don't allow people to escalate themselves!
  786. if (!empty($context['illegal_permissions']) && in_array($permission, $context['illegal_permissions']))
  787. continue;
  788. $givePerms[$perm_type][] = array($_GET['group'], $permission, $value == 'deny' ? 0 : 1);
  789. }
  790. }
  791. }
  792. }
  793. // Insert the general permissions.
  794. if ($_GET['group'] != 3 && empty($_GET['pid']))
  795. {
  796. $smcFunc['db_query']('', '
  797. DELETE FROM {db_prefix}permissions
  798. WHERE id_group = {int:current_group}
  799. ' . (empty($context['illegal_permissions']) ? '' : ' AND permission NOT IN ({array_string:illegal_permissions})'),
  800. array(
  801. 'current_group' => $_GET['group'],
  802. 'illegal_permissions' => !empty($context['illegal_permissions']) ? $context['illegal_permissions'] : array(),
  803. )
  804. );
  805. if (!empty($givePerms['membergroup']))
  806. {
  807. $smcFunc['db_insert']('replace',
  808. '{db_prefix}permissions',
  809. array('id_group' => 'int', 'permission' => 'string', 'add_deny' => 'int'),
  810. $givePerms['membergroup'],
  811. array('id_group', 'permission')
  812. );
  813. }
  814. }
  815. // Insert the boardpermissions.
  816. $profileid = max(1, $_GET['pid']);
  817. $smcFunc['db_query']('', '
  818. DELETE FROM {db_prefix}board_permissions
  819. WHERE id_group = {int:current_group}
  820. AND id_profile = {int:current_profile}',
  821. array(
  822. 'current_group' => $_GET['group'],
  823. 'current_profile' => $profileid,
  824. )
  825. );
  826. if (!empty($givePerms['board']))
  827. {
  828. foreach ($givePerms['board'] as $k => $v)
  829. $givePerms['board'][$k][] = $profileid;
  830. $smcFunc['db_insert']('replace',
  831. '{db_prefix}board_permissions',
  832. array('id_group' => 'int', 'permission' => 'string', 'add_deny' => 'int', 'id_profile' => 'int'),
  833. $givePerms['board'],
  834. array('id_group', 'permission', 'id_profile')
  835. );
  836. }
  837. // Update any inherited permissions as required.
  838. updateChildPermissions($_GET['group'], $_GET['pid']);
  839. // Clear cached privs.
  840. updateSettings(array('settings_updated' => time()));
  841. redirectexit('action=admin;area=permissions;pid=' . $_GET['pid']);
  842. }
  843. /**
  844. * A screen to set some general settings for permissions.
  845. *
  846. * @param bool $return_config = false
  847. */
  848. function GeneralPermissionSettings($return_config = false)
  849. {
  850. global $context, $modSettings, $sourcedir, $txt, $scripturl, $smcFunc;
  851. // All the setting variables
  852. $config_vars = array(
  853. array('title', 'settings'),
  854. // Inline permissions.
  855. array('permissions', 'manage_permissions'),
  856. '',
  857. // A few useful settings
  858. array('check', 'permission_enable_deny', 0, $txt['permission_settings_enable_deny'], 'help' => 'permissions_deny'),
  859. array('check', 'permission_enable_postgroups', 0, $txt['permission_settings_enable_postgroups'], 'help' => 'permissions_postgroups'),
  860. );
  861. call_integration_hook('integrate_modify_permission_settings', array(&$config_vars));
  862. if ($return_config)
  863. return $config_vars;
  864. $context['page_title'] = $txt['permission_settings_title'];
  865. $context['sub_template'] = 'show_settings';
  866. // Needed for the inline permission functions, and the settings template.
  867. require_once($sourcedir . '/ManageServer.php');
  868. // Don't let guests have these permissions.
  869. $context['post_url'] = $scripturl . '?action=admin;area=permissions;save;sa=settings';
  870. $context['permissions_excluded'] = array(-1);
  871. // Saving the settings?
  872. if (isset($_GET['save']))
  873. {
  874. checkSession('post');
  875. call_integration_hook('integrate_save_permission_settings');
  876. saveDBSettings($config_vars);
  877. // Clear all deny permissions...if we want that.
  878. if (empty($modSettings['permission_enable_deny']))
  879. {
  880. $smcFunc['db_query']('', '
  881. DELETE FROM {db_prefix}permissions
  882. WHERE add_deny = {int:denied}',
  883. array(
  884. 'denied' => 0,
  885. )
  886. );
  887. $smcFunc['db_query']('', '
  888. DELETE FROM {db_prefix}board_permissions
  889. WHERE add_deny = {int:denied}',
  890. array(
  891. 'denied' => 0,
  892. )
  893. );
  894. }
  895. // Make sure there are no postgroup based permissions left.
  896. if (empty($modSettings['permission_enable_postgroups']))
  897. {
  898. // Get a list of postgroups.
  899. $post_groups = array();
  900. $request = $smcFunc['db_query']('', '
  901. SELECT id_group
  902. FROM {db_prefix}membergroups
  903. WHERE min_posts != {int:min_posts}',
  904. array(
  905. 'min_posts' => -1,
  906. )
  907. );
  908. while ($row = $smcFunc['db_fetch_assoc']($request))
  909. $post_groups[] = $row['id_group'];
  910. $smcFunc['db_free_result']($request);
  911. // Remove'em.
  912. $smcFunc['db_query']('', '
  913. DELETE FROM {db_prefix}permissions
  914. WHERE id_group IN ({array_int:post_group_list})',
  915. array(
  916. 'post_group_list' => $post_groups,
  917. )
  918. );
  919. $smcFunc['db_query']('', '
  920. DELETE FROM {db_prefix}board_permissions
  921. WHERE id_group IN ({array_int:post_group_list})',
  922. array(
  923. 'post_group_list' => $post_groups,
  924. )
  925. );
  926. $smcFunc['db_query']('', '
  927. UPDATE {db_prefix}membergroups
  928. SET id_parent = {int:not_inherited}
  929. WHERE id_parent IN ({array_int:post_group_list})',
  930. array(
  931. 'post_group_list' => $post_groups,
  932. 'not_inherited' => -2,
  933. )
  934. );
  935. }
  936. redirectexit('action=admin;area=permissions;sa=settings');
  937. }
  938. // We need this for the in-line permissions
  939. createToken('admin-mp');
  940. prepareDBSettingContext($config_vars);
  941. }
  942. /**
  943. * Set the permission level for a specific profile, group, or group for a profile.
  944. * @internal
  945. *
  946. * @param string $level
  947. * @param int $group
  948. * @param mixed $profile = null, int expected
  949. */
  950. function setPermissionLevel($level, $group, $profile = 'null')
  951. {
  952. global $smcFunc, $context;
  953. loadIllegalPermissions();
  954. loadIllegalGuestPermissions();
  955. // Levels by group... restrict, standard, moderator, maintenance.
  956. $groupLevels = array(
  957. 'board' => array('inherit' => array()),
  958. 'group' => array('inherit' => array())
  959. );
  960. // Levels by board... standard, publish, free.
  961. $boardLevels = array('inherit' => array());
  962. // Restrictive - ie. guests.
  963. $groupLevels['global']['restrict'] = array(
  964. 'search_posts',
  965. 'calendar_view',
  966. 'view_stats',
  967. 'who_view',
  968. 'profile_view_own',
  969. 'profile_identity_own',
  970. );
  971. $groupLevels['board']['restrict'] = array(
  972. 'poll_view',
  973. 'post_new',
  974. 'post_reply_own',
  975. 'post_reply_any',
  976. 'delete_own',
  977. 'modify_own',
  978. 'mark_any_notify',
  979. 'mark_notify',
  980. 'report_any',
  981. 'send_topic',
  982. );
  983. // Standard - ie. members. They can do anything Restrictive can.
  984. $groupLevels['global']['standard'] = array_merge($groupLevels['global']['restrict'], array(
  985. 'view_mlist',
  986. 'karma_edit',
  987. 'pm_read',
  988. 'pm_send',
  989. 'profile_view_any',
  990. 'profile_extra_own',
  991. 'profile_server_avatar',
  992. 'profile_upload_avatar',
  993. 'profile_remote_avatar',
  994. 'profile_remove_own',
  995. ));
  996. $groupLevels['board']['standard'] = array_merge($groupLevels['board']['restrict'], array(
  997. 'poll_vote',
  998. 'poll_edit_own',
  999. 'poll_post',
  1000. 'poll_add_own',
  1001. 'post_attachment',
  1002. 'lock_own',
  1003. 'remove_own',
  1004. 'view_attachments',
  1005. ));
  1006. // Moderator - ie. moderators :P. They can do what standard can, and more.
  1007. $groupLevels['global']['moderator'] = array_merge($groupLevels['global']['standard'], array(
  1008. 'calendar_post',
  1009. 'calendar_edit_own',
  1010. 'access_mod_center',
  1011. 'issue_warning',
  1012. ));
  1013. $groupLevels['board']['moderator'] = array_merge($groupLevels['board']['standard'], array(
  1014. 'make_sticky',
  1015. 'poll_edit_any',
  1016. 'delete_any',
  1017. 'modify_any',
  1018. 'lock_any',
  1019. 'remove_any',
  1020. 'move_any',
  1021. 'merge_any',
  1022. 'split_any',
  1023. 'poll_lock_any',
  1024. 'poll_remove_any',
  1025. 'poll_add_any',
  1026. 'approve_posts',
  1027. ));
  1028. // Maintenance - wannabe admins. They can do almost everything.
  1029. $groupLevels['global']['maintenance'] = array_merge($groupLevels['global']['moderator'], array(
  1030. 'manage_attachments',
  1031. 'manage_smileys',
  1032. 'manage_boards',
  1033. 'moderate_forum',
  1034. 'manage_membergroups',
  1035. 'manage_bans',
  1036. 'admin_forum',
  1037. 'manage_permissions',
  1038. 'edit_news',
  1039. 'calendar_edit_any',
  1040. 'profile_identity_any',
  1041. 'profile_extra_any',
  1042. 'profile_title_any',
  1043. ));
  1044. $groupLevels['board']['maintenance'] = array_merge($groupLevels['board']['moderator'], array(
  1045. ));
  1046. // Standard - nothing above the group permissions. (this SHOULD be empty.)
  1047. $boardLevels['standard'] = array(
  1048. );
  1049. // Locked - just that, you can't post here.
  1050. $boardLevels['locked'] = array(
  1051. 'poll_view',
  1052. 'mark_notify',
  1053. 'report_any',
  1054. 'send_topic',
  1055. 'view_attachments',
  1056. );
  1057. // Publisher - just a little more...
  1058. $boardLevels['publish'] = array_merge($boardLevels['locked'], array(
  1059. 'post_new',
  1060. 'post_reply_own',
  1061. 'post_reply_any',
  1062. 'delete_own',
  1063. 'modify_own',
  1064. 'mark_any_notify',
  1065. 'delete_replies',
  1066. 'modify_replies',
  1067. 'poll_vote',
  1068. 'poll_edit_own',
  1069. 'poll_post',
  1070. 'poll_add_own',
  1071. 'poll_remove_own',
  1072. 'post_attachment',
  1073. 'lock_own',
  1074. 'remove_own',
  1075. ));
  1076. // Free for All - Scary. Just scary.
  1077. $boardLevels['free'] = array_merge($boardLevels['publish'], array(
  1078. 'poll_lock_any',
  1079. 'poll_edit_any',
  1080. 'poll_add_any',
  1081. 'poll_remove_any',
  1082. 'make_sticky',
  1083. 'lock_any',
  1084. 'remove_any',
  1085. 'delete_any',
  1086. 'split_any',
  1087. 'merge_any',
  1088. 'modify_any',
  1089. 'approve_posts',
  1090. ));
  1091. // Make sure we're not granting someone too many permissions!
  1092. foreach ($groupLevels['global'][$level] as $k => $permission)
  1093. {
  1094. if (!empty($context['illegal_permissions']) && in_array($permission, $context['illegal_permissions']))
  1095. unset($groupLevels['global'][$level][$k]);
  1096. if ($group == -1 && in_array($permission, $context['non_guest_permissions']))
  1097. unset($groupLevels['global'][$level][$k]);
  1098. }
  1099. if ($group == -1)
  1100. foreach ($groupLevels['board'][$level] as $k => $permission)
  1101. if (in_array($permission, $context['non_guest_permissions']))
  1102. unset($groupLevels['board'][$level][$k]);
  1103. // Reset all cached permissions.
  1104. updateSettings(array('settings_updated' => time()));
  1105. // Setting group permissions.
  1106. if ($profile === 'null' && $group !== 'null')
  1107. {
  1108. $group = (int) $group;
  1109. if (empty($groupLevels['global'][$level]))
  1110. return;
  1111. $smcFunc['db_query']('', '
  1112. DELETE FROM {db_prefix}permissions
  1113. WHERE id_group = {int:current_group}
  1114. ' . (empty($context['illegal_permissions']) ? '' : ' AND permission NOT IN ({array_string:illegal_permissions})'),
  1115. array(
  1116. 'current_group' => $group,
  1117. 'illegal_permissions' => !empty($context['illegal_permissions']) ? $context['illegal_permissions'] : array(),
  1118. )
  1119. );
  1120. $smcFunc['db_query']('', '
  1121. DELETE FROM {db_prefix}board_permissions
  1122. WHERE id_group = {int:current_group}
  1123. AND id_profile = {int:default_profile}',
  1124. array(
  1125. 'current_group' => $group,
  1126. 'default_profile' => 1,
  1127. )
  1128. );
  1129. $groupInserts = array();
  1130. foreach ($groupLevels['global'][$level] as $permission)
  1131. $groupInserts[] = array($group, $permission);
  1132. $smcFunc['db_insert']('insert',
  1133. '{db_prefix}permissions',
  1134. array('id_group' => 'int', 'permission' => 'string'),
  1135. $groupInserts,
  1136. array('id_group')
  1137. );
  1138. $boardInserts = array();
  1139. foreach ($groupLevels['board'][$level] as $permission)
  1140. $boardInserts[] = array(1, $group, $permission);
  1141. $smcFunc['db_insert']('insert',
  1142. '{db_prefix}board_permissions',
  1143. array('id_profile' => 'int', 'id_group' => 'int', 'permission' => 'string'),
  1144. $boardInserts,
  1145. array('id_profile', 'id_group')
  1146. );
  1147. }
  1148. // Setting profile permissions for a specific group.
  1149. elseif ($profile !== 'null' && $group !== 'null' && ($profile == 1 || $profile > 4))
  1150. {
  1151. $group = (int) $group;
  1152. $profile = (int) $profile;
  1153. if (!empty($groupLevels['global'][$level]))
  1154. {
  1155. $smcFunc['db_query']('', '
  1156. DELETE FROM {db_prefix}board_permissions
  1157. WHERE id_group = {int:current_group}
  1158. AND id_profile = {int:current_profile}',
  1159. array(
  1160. 'current_group' => $group,
  1161. 'current_profile' => $profile,
  1162. )
  1163. );
  1164. }
  1165. if (!empty($groupLevels['board'][$level]))
  1166. {
  1167. $boardInserts = array();
  1168. foreach ($groupLevels['board'][$level] as $permission)
  1169. $boardInserts[] = array($profile, $group, $permission);
  1170. $smcFunc['db_insert']('insert',
  1171. '{db_prefix}board_permissions',
  1172. array('id_profile' => 'int', 'id_group' => 'int', 'permission' => 'string'),
  1173. $boardInserts,
  1174. array('id_profile', 'id_group')
  1175. );
  1176. }
  1177. }
  1178. // Setting profile permissions for all groups.
  1179. elseif ($profile !== 'null' && $group === 'null' && ($profile == 1 || $profile > 4))
  1180. {
  1181. $profile = (int) $profile;
  1182. $smcFunc['db_query']('', '
  1183. DELETE FROM {db_prefix}board_permissions
  1184. WHERE id_profile = {int:current_profile}',
  1185. array(
  1186. 'current_profile' => $profile,
  1187. )
  1188. );
  1189. if (empty($boardLevels[$level]))
  1190. return;
  1191. // Get all the groups...
  1192. $query = $smcFunc['db_query']('', '
  1193. SELECT id_group
  1194. FROM {db_prefix}membergroups
  1195. WHERE id_group > {int:moderator_group}
  1196. ORDER BY min_posts, CASE WHEN id_group < {int:newbie_group} THEN id_group ELSE 4 END, group_name',
  1197. array(
  1198. 'moderator_group' => 3,
  1199. 'newbie_group' => 4,
  1200. )
  1201. );
  1202. while ($row = $smcFunc['db_fetch_row']($query))
  1203. {
  1204. $group = $row[0];
  1205. $boardInserts = array();
  1206. foreach ($boardLevels[$level] as $permission)
  1207. $boardInserts[] = array($profile, $group, $permission);
  1208. $smcFunc['db_insert']('insert',
  1209. '{db_prefix}board_permissions',
  1210. array('id_profile' => 'int', 'id_group' => 'int', 'permission' => 'string'),
  1211. $boardInserts,
  1212. array('id_profile', 'id_group')
  1213. );
  1214. }
  1215. $smcFunc['db_free_result']($query);
  1216. // Add permissions for ungrouped members.
  1217. $boardInserts = array();
  1218. foreach ($boardLevels[$level] as $permission)
  1219. $boardInserts[] = array($profile, 0, $permission);
  1220. $smcFunc['db_insert']('insert',
  1221. '{db_prefix}board_permissions',
  1222. array('id_profile' => 'int', 'id_group' => 'int', 'permission' => 'string'),
  1223. $boardInserts,
  1224. array('id_profile', 'id_group')
  1225. );
  1226. }
  1227. // $profile and $group are both null!
  1228. else
  1229. fatal_lang_error('no_access', false);
  1230. }
  1231. /**
  1232. * Load permissions into $context['permissions'].
  1233. * @internal
  1234. *
  1235. * @param string $loadType, options: 'classic' or 'simple'
  1236. */
  1237. function loadAllPermissions($loadType = 'classic')
  1238. {
  1239. global $context, $txt, $modSettings;
  1240. // List of all the groups dependant on the currently selected view - for the order so it looks pretty, yea?
  1241. // Note to Mod authors - you don't need to stick your permission group here if you don't mind SMF sticking it the last group of the page.
  1242. $permissionGroups = array(
  1243. 'membergroup' => array(
  1244. 'simple' => array(
  1245. 'view_basic_info',
  1246. 'disable_censor',
  1247. 'use_pm_system',
  1248. 'post_calendar',
  1249. 'edit_profile',
  1250. 'delete_account',
  1251. 'use_avatar',
  1252. 'moderate_general',
  1253. 'administrate',
  1254. ),
  1255. 'classic' => array(
  1256. 'general',
  1257. 'pm',
  1258. 'calendar',
  1259. 'maintenance',
  1260. 'member_admin',
  1261. 'profile',
  1262. ),
  1263. ),
  1264. 'board' => array(
  1265. 'simple' => array(
  1266. 'make_posts',
  1267. 'make_unapproved_posts',
  1268. 'post_polls',
  1269. 'participate',
  1270. 'modify',
  1271. 'notification',
  1272. 'attach',
  1273. 'moderate',
  1274. ),
  1275. 'classic' => array(
  1276. 'general_board',
  1277. 'topic',
  1278. 'post',
  1279. 'poll',
  1280. 'notification',
  1281. 'attachment',
  1282. ),
  1283. ),
  1284. );
  1285. /* The format of this list is as follows:
  1286. 'membergroup' => array(
  1287. 'permissions_inside' => array(has_multiple_options, classic_view_group, simple_view_group(_own)*, simple_view_group_any*),
  1288. ),
  1289. 'board' => array(
  1290. 'permissions_inside' => array(has_multiple_options, classic_view_group, simple_view_group(_own)*, simple_view_group_any*),
  1291. );
  1292. */
  1293. $permissionList = array(
  1294. 'membergroup' => array(
  1295. 'view_stats' => array(false, 'general', 'view_basic_info'),
  1296. 'view_mlist' => array(false, 'general', 'view_basic_info'),
  1297. 'who_view' => array(false, 'general', 'view_basic_info'),
  1298. 'search_posts' => array(false, 'general', 'view_basic_info'),
  1299. 'karma_edit' => array(false, 'general', 'moderate_general'),
  1300. 'disable_censor' => array(false, 'general', 'disable_censor'),
  1301. 'pm_read' => array(false, 'pm', 'use_pm_system'),
  1302. 'pm_send' => array(false, 'pm', 'use_pm_system'),
  1303. 'calendar_view' => array(false, 'calendar', 'view_basic_info'),
  1304. 'calendar_post' => array(false, 'calendar', 'post_calendar'),
  1305. 'calendar_edit' => array(true, 'calendar', 'post_calendar', 'moderate_general'),
  1306. 'admin_forum' => array(false, 'maintenance', 'administrate'),
  1307. 'manage_boards' => array(false, 'maintenance', 'administrate'),
  1308. 'manage_attachments' => array(false, 'maintenance', 'administrate'),
  1309. 'manage_smileys' => array(false, 'maintenance', 'administrate'),
  1310. 'edit_news' => array(false, 'maintenance', 'administrate'),
  1311. 'access_mod_center' => array(false, 'maintenance', 'moderate_general'),
  1312. 'moderate_forum' => array(false, 'member_admin', 'moderate_general'),
  1313. 'manage_membergroups' => array(false, 'member_admin', 'administrate'),
  1314. 'manage_permissions' => array(false, 'member_admin', 'administrate'),
  1315. 'manage_bans' => array(false, 'member_admin', 'administrate'),
  1316. 'send_mail' => array(false, 'member_admin', 'administrate'),
  1317. 'issue_warning' => array(false, 'member_admin', 'moderate_general'),
  1318. 'profile_view' => array(true, 'profile', 'view_basic_info', 'view_basic_info'),
  1319. 'profile_identity' => array(true, 'profile', 'edit_profile', 'moderate_general'),
  1320. 'profile_extra' => array(true, 'profile', 'edit_profile', 'moderate_general'),
  1321. 'profile_title' => array(true, 'profile', 'edit_profile', 'moderate_general'),
  1322. 'profile_remove' => array(true, 'profile', 'delete_account', 'moderate_general'),
  1323. 'profile_server_avatar' => array(false, 'profile', 'use_avatar'),
  1324. 'profile_upload_avatar' => array(false, 'profile', 'use_avatar'),
  1325. 'profile_remote_avatar' => array(false, 'profile', 'use_avatar'),
  1326. ),
  1327. 'board' => array(
  1328. 'moderate_board' => array(false, 'general_board', 'moderate'),
  1329. 'approve_posts' => array(false, 'general_board', 'moderate'),
  1330. 'post_new' => array(false, 'topic', 'make_posts'),
  1331. 'post_unapproved_topics' => array(false, 'topic', 'make_unapproved_posts'),
  1332. 'post_unapproved_replies' => array(true, 'topic', 'make_unapproved_posts', 'make_unapproved_posts'),
  1333. 'post_reply' => array(true, 'topic', 'make_posts', 'make_posts'),
  1334. 'merge_any' => array(false, 'topic', 'moderate'),
  1335. 'split_any' => array(false, 'topic', 'moderate'),
  1336. 'send_topic' => array(false, 'topic', 'moderate'),
  1337. 'make_sticky' => array(false, 'topic', 'moderate'),
  1338. 'move' => array(true, 'topic', 'moderate', 'moderate'),
  1339. 'lock' => array(true, 'topic', 'moderate', 'moderate'),
  1340. 'remove' => array(true, 'topic', 'modify', 'moderate'),
  1341. 'modify_replies' => array(false, 'topic', 'moderate'),
  1342. 'delete_replies' => array(false, 'topic', 'moderate'),
  1343. 'announce_topic' => array(false, 'topic', 'moderate'),
  1344. 'delete' => array(true, 'post', 'modify', 'moderate'),
  1345. 'modify' => array(true, 'post', 'modify', 'moderate'),
  1346. 'report_any' => array(false, 'post', 'participate'),
  1347. 'poll_view' => array(false, 'poll', 'participate'),
  1348. 'poll_vote' => array(false, 'poll', 'participate'),
  1349. 'poll_post' => array(false, 'poll', 'post_polls'),
  1350. 'poll_add' => array(true, 'poll', 'post_polls', 'moderate'),
  1351. 'poll_edit' => array(true, 'poll', 'modify', 'moderate'),
  1352. 'poll_lock' => array(true, 'poll', 'moderate', 'moderate'),
  1353. 'poll_remove' => array(true, 'poll', 'modify', 'moderate'),
  1354. 'mark_any_notify' => array(false, 'notification', 'notification'),
  1355. 'mark_notify' => array(false, 'notification', 'notification'),
  1356. 'view_attachments' => array(false, 'attachment', 'participate'),
  1357. 'post_unapproved_attachments' => array(false, 'attachment', 'make_unapproved_posts'),
  1358. 'post_attachment' => array(false, 'attachment', 'attach'),
  1359. ),
  1360. );
  1361. // All permission groups that will be shown in the left column on classic view.
  1362. $leftPermissionGroups = array(
  1363. 'general',
  1364. 'calendar',
  1365. 'maintenance',
  1366. 'member_admin',
  1367. 'topic',
  1368. 'post',
  1369. );
  1370. // We need to know what permissions we can't give to guests.
  1371. loadIllegalGuestPermissions();
  1372. // Some permissions are hidden if features are off.
  1373. $hiddenPermissions = array();
  1374. $relabelPermissions = array(); // Permissions to apply a different label to.
  1375. $relabelGroups = array(); // As above but for groups.
  1376. if (!in_array('cd', $context['admin_features']))
  1377. {
  1378. $hiddenPermissions[] = 'calendar_view';
  1379. $hiddenPermissions[] = 'calendar_post';
  1380. $hiddenPermissions[] = 'calendar_edit';
  1381. }
  1382. if (!in_array('w', $context['admin_features']))
  1383. $hiddenPermissions[] = 'issue_warning';
  1384. if (!in_array('k', $context['admin_features']))
  1385. $hiddenPermissions[] = 'karma_edit';
  1386. // Post moderation?
  1387. if (!$modSettings['postmod_active'])
  1388. {
  1389. $hiddenPermissions[] = 'approve_posts';
  1390. $hiddenPermissions[] = 'post_unapproved_topics';
  1391. $hiddenPermissions[] = 'post_unapproved_replies';
  1392. $hiddenPermissions[] = 'post_unapproved_attachments';
  1393. }
  1394. // If we show them on classic view we change the name.
  1395. else
  1396. {
  1397. // Relabel the topics permissions
  1398. $relabelPermissions['post_new'] = 'auto_approve_topics';
  1399. // Relabel the reply permissions
  1400. $relabelPermissions['post_reply'] = 'auto_approve_replies';
  1401. // Relabel the attachment permissions
  1402. $relabelPermissions['post_attachment'] = 'auto_approve_attachments';
  1403. }
  1404. // Provide a practical way to modify permissions.
  1405. call_integration_hook('integrate_load_permissions', array(&$permissionGroups, &$permissionList, &$leftPermissionGroups, &$hiddenPermissions, &$relabelPermissions));
  1406. $context['permissions'] = array();
  1407. $context['hidden_permissions'] = array();
  1408. foreach ($permissionList as $permissionType => $permissionList)
  1409. {
  1410. $context['permissions'][$permissionType] = array(
  1411. 'id' => $permissionType,
  1412. 'view' => $loadType,
  1413. 'columns' => array()
  1414. );
  1415. foreach ($permissionList as $permission => $permissionArray)
  1416. {
  1417. // If this is a guest permission we don't do it if it's the guest group.
  1418. if (isset($context['group']['id']) && $context['group']['id'] == -1 && in_array($permission, $context['non_guest_permissions']))
  1419. continue;
  1420. // What groups will this permission be in?
  1421. $own_group = $permissionArray[($loadType == 'classic' ? 1 : 2)];
  1422. $any_group = $loadType == 'simple' && !empty($permissionArray[3]) ? $permissionArray[3] : ($loadType == 'simple' && $permissionArray[0] ? $permissionArray[2] : '');
  1423. // First, Do these groups actually exist - if not add them.
  1424. if (!isset($permissionGroups[$permissionType][$loadType][$own_group]))
  1425. $permissionGroups[$permissionType][$loadType][$own_group] = true;
  1426. if (!empty($any_group) && !isset($permissionGroups[$permissionType][$loadType][$any_group]))
  1427. $permissionGroups[$permissionType][$loadType][$any_group] = true;
  1428. // What column should this be located into?
  1429. $position = $loadType == 'classic' && !in_array($own_group, $leftPermissionGroups) ? 1 : 0;
  1430. // If the groups have not yet been created be sure to create them.
  1431. $bothGroups = array('own' => $own_group);
  1432. $bothGroups = array();
  1433. // For guests, just reset the array.
  1434. if (!isset($context['group']['id']) || !($context['group']['id'] == -1 && $any_group))
  1435. $bothGroups['own'] = $own_group;
  1436. if ($any_group)
  1437. {
  1438. $bothGroups['any'] = $any_group;
  1439. }
  1440. foreach ($bothGroups as $group)
  1441. if (!isset($context['permissions'][$permissionType]['columns'][$position][$group]))
  1442. $context['permissions'][$permissionType]['columns'][$position][$group] = array(
  1443. 'type' => $permissionType,
  1444. 'id' => $group,
  1445. 'name' => $loadType == 'simple' ? (isset($txt['permissiongroup_simple_' . $group]) ? $txt['permissiongroup_simple_' . $group] : '') : $txt['permissiongroup_' . $group],
  1446. 'icon' => isset($txt['permissionicon_' . $group]) ? $txt['permissionicon_' . $group] : $txt['permissionicon'],
  1447. 'help' => isset($txt['permissionhelp_' . $group]) ? $txt['permissionhelp_' . $group] : '',
  1448. 'hidden' => false,
  1449. 'permissions' => array()
  1450. );
  1451. // This is where we set up the permission dependant on the view.
  1452. if ($loadType == 'classic')
  1453. {
  1454. $context['permissions'][$permissionType]['columns'][$position][$own_group]['permissions'][$permission] = array(
  1455. 'id' => $permission,
  1456. 'name' => !isset($relabelPermissions[$permission]) ? $txt['permissionname_' . $permission] : $txt[$relabelPermissions[$permission]],
  1457. 'show_help' => isset($txt['permissionhelp_' . $permission]),
  1458. 'note' => isset($txt['permissionnote_' . $permission]) ? $txt['permissionnote_' . $permission] : '',
  1459. 'has_own_any' => $permissionArray[0],
  1460. 'own' => array(
  1461. 'id' => $permission . '_own',
  1462. 'name' => $permissionArray[0] ? $txt['permissionname_' . $permission . '_own'] : ''
  1463. ),
  1464. 'any' => array(
  1465. 'id' => $permission . '_any',
  1466. 'name' => $permissionArray[0] ? $txt['permissionname_' . $permission . '_any'] : ''
  1467. ),
  1468. 'hidden' => in_array($permission, $hiddenPermissions),
  1469. );
  1470. }
  1471. else
  1472. {
  1473. foreach ($bothGroups as $group_type => $group)
  1474. {
  1475. $context['permissions'][$permissionType]['columns'][$position][$group]['permissions'][$permission . ($permissionArray[0] ? '_' . $group_type : '')] = array(
  1476. 'id' => $permission . ($permissionArray[0] ? '_' . $group_type : ''),
  1477. 'name' => isset($txt['permissionname_simple_' . $permission . ($permissionArray[0] ? '_' . $group_type : '')]) ? $txt['permissionname_simple_' . $permission . ($permissionArray[0] ? '_' . $group_type : '')] : $txt['permissionname_' . $permission],
  1478. 'help_index' => isset($txt['permissionhelp_' . $permission]) ? 'permissionhelp_' . $permission : '',
  1479. 'hidden' => in_array($permission, $hiddenPermissions),
  1480. );
  1481. }
  1482. }
  1483. if (in_array($permission, $hiddenPermissions))
  1484. {
  1485. if ($permissionArray[0])
  1486. {
  1487. $context['hidden_permissions'][] = $permission . '_own';
  1488. $context['hidden_permissions'][] = $permission . '_any';
  1489. }
  1490. else
  1491. $context['hidden_permissions'][] = $permission;
  1492. }
  1493. }
  1494. ksort($context['permissions'][$permissionType]['columns']);
  1495. // Check we don't leave any empty groups - and mark hidden ones as such.
  1496. foreach ($context['permissions'][$permissionType]['columns'] as $column => $groups)
  1497. foreach ($groups as $id => $group)
  1498. {
  1499. if (empty($group['permissions']))
  1500. unset($context['permissions'][$permissionType]['columns'][$column][$id]);
  1501. else
  1502. {
  1503. $foundNonHidden = false;
  1504. foreach ($group['permissions'] as $permission)
  1505. if (empty($permission['hidden']))
  1506. $foundNonHidden = true;
  1507. if (!$foundNonHidden)
  1508. $context['permissions'][$permissionType]['columns'][$column][$id]['hidden'] = true;
  1509. }
  1510. }
  1511. }
  1512. }
  1513. /**
  1514. * Initialize a form with inline permissions settings.
  1515. * It loads a context variables for each permission.
  1516. * This function is used by several settings screens to set specific permissions.
  1517. * @internal
  1518. *
  1519. * @param array $permissions
  1520. * @param array $excluded_groups = array()
  1521. *
  1522. * @uses ManagePermissions language
  1523. * @uses ManagePermissions template.
  1524. */
  1525. function init_inline_permissions($permissions, $excluded_groups = array())
  1526. {
  1527. global $context, $txt, $modSettings, $smcFunc;
  1528. loadLanguage('ManagePermissions');
  1529. loadTemplate('ManagePermissions');
  1530. $context['can_change_permissions'] = allowedTo('manage_permissions');
  1531. // Nothing to initialize here.
  1532. if (!$context['can_change_permissions'])
  1533. return;
  1534. // Load the permission settings for guests
  1535. foreach ($permissions as $permission)
  1536. $context[$permission] = array(
  1537. -1 => array(
  1538. 'id' => -1,
  1539. 'name' => $txt['membergroups_guests'],
  1540. 'is_postgroup' => false,
  1541. 'status' => 'off',
  1542. ),
  1543. 0 => array(
  1544. 'id' => 0,
  1545. 'name' => $txt['membergroups_members'],
  1546. 'is_postgroup' => false,
  1547. 'status' => 'off',
  1548. ),
  1549. );
  1550. $request = $smcFunc['db_query']('', '
  1551. SELECT id_group, CASE WHEN add_deny = {int:denied} THEN {string:deny} ELSE {string:on} END AS status, permission
  1552. FROM {db_prefix}permissions
  1553. WHERE id_group IN (-1, 0)
  1554. AND permission IN ({array_string:permissions})',
  1555. array(
  1556. 'denied' => 0,
  1557. 'permissions' => $permissions,
  1558. 'deny' => 'deny',
  1559. 'on' => 'on',
  1560. )
  1561. );
  1562. while ($row = $smcFunc['db_fetch_assoc']($request))
  1563. $context[$row['permission']][$row['id_group']]['status'] = $row['status'];
  1564. $smcFunc['db_free_result']($request);
  1565. $request = $smcFunc['db_query']('', '
  1566. SELECT mg.id_group, mg.group_name, mg.min_posts, IFNULL(p.add_deny, -1) AS status, p.permission
  1567. FROM {db_prefix}membergroups AS mg
  1568. LEFT JOIN {db_prefix}permissions AS p ON (p.id_group = mg.id_group AND p.permission IN ({array_string:permissions}))
  1569. WHERE mg.id_group NOT IN (1, 3)
  1570. AND mg.id_parent = {int:not_inherited}' . (empty($modSettings['permission_enable_postgroups']) ? '
  1571. AND mg.min_posts = {int:min_posts}' : '') . '
  1572. ORDER BY mg.min_posts, CASE WHEN mg.id_group < {int:newbie_group} THEN mg.id_group ELSE 4 END, mg.group_name',
  1573. array(
  1574. 'not_inherited' => -2,
  1575. 'min_posts' => -1,
  1576. 'newbie_group' => 4,
  1577. 'permissions' => $permissions,
  1578. )
  1579. );
  1580. while ($row = $smcFunc['db_fetch_assoc']($request))
  1581. {
  1582. // Initialize each permission as being 'off' until proven otherwise.
  1583. foreach ($permissions as $permission)
  1584. if (!isset($context[$permission][$row['id_group']]))
  1585. $context[$permission][$row['id_group']] = array(
  1586. 'id' => $row['id_group'],
  1587. 'name' => $row['group_name'],
  1588. 'is_postgroup' => $row['min_posts'] != -1,
  1589. 'status' => 'off',
  1590. );
  1591. $context[$row['permission']][$row['id_group']]['status'] = empty($row['status']) ? 'deny' : ($row['status'] == 1 ? 'on' : 'off');
  1592. }
  1593. $smcFunc['db_free_result']($request);
  1594. // Some permissions cannot be given to certain groups. Remove the groups.
  1595. foreach ($excluded_groups as $group)
  1596. {
  1597. foreach ($permissions as $permission)
  1598. {
  1599. if (isset($context[$permission][$group]))
  1600. unset($context[$permission][$group]);
  1601. }
  1602. }
  1603. }
  1604. /**
  1605. * Show a collapsible box to set a specific permission.
  1606. * The function is called by templates to show a list of permissions settings.
  1607. * Calls the template function template_inline_permissions().
  1608. *
  1609. * @param string $permission
  1610. */
  1611. function theme_inline_permissions($permission)
  1612. {
  1613. global $context;
  1614. $context['current_permission'] = $permission;
  1615. $context['member_groups'] = $context[$permission];
  1616. template_inline_permissions();
  1617. }
  1618. /**
  1619. * Save the permissions of a form containing inline permissions.
  1620. * @internal
  1621. *
  1622. * @param array $permissions
  1623. */
  1624. function save_inline_permissions($permissions)
  1625. {
  1626. global $context, $smcFunc;
  1627. // No permissions? Not a great deal to do here.
  1628. if (!allowedTo('manage_permissions'))
  1629. return;
  1630. // Almighty session check, verify our ways.
  1631. checkSession();
  1632. validateToken('admin-mp');
  1633. // Check they can't do certain things.
  1634. loadIllegalPermissions();
  1635. $insertRows = array();
  1636. foreach ($permissions as $permission)
  1637. {
  1638. if (!isset($_POST[$permission]))
  1639. continue;
  1640. foreach ($_POST[$permission] as $id_group => $value)
  1641. {
  1642. if (in_array($value, array('on', 'deny')) && (empty($context['illegal_permissions']) || !in_array($permission, $context['illegal_permissions'])))
  1643. $insertRows[] = array((int) $id_group, $permission, $value == 'on' ? 1 : 0);
  1644. }
  1645. }
  1646. // Remove the old permissions...
  1647. $smcFunc['db_query']('', '
  1648. DELETE FROM {db_prefix}permissions
  1649. WHERE permission IN ({array_string:permissions})
  1650. ' . (empty($context['illegal_permissions']) ? '' : ' AND permission NOT IN ({array_string:illegal_permissions})'),
  1651. array(
  1652. 'illegal_permissions' => !empty($context['illegal_permissions']) ? $context['illegal_permissions'] : array(),
  1653. 'permissions' => $permissions,
  1654. )
  1655. );
  1656. // ...and replace them with new ones.
  1657. if (!empty($insertRows))
  1658. $smcFunc['db_insert']('insert',
  1659. '{db_prefix}permissions',
  1660. array('id_group' => 'int', 'permission' => 'string', 'add_deny' => 'int'),
  1661. $insertRows,
  1662. array('id_group', 'permission')
  1663. );
  1664. // Do a full child update.
  1665. updateChildPermissions(array(), -1);
  1666. // Just in case we cached this.
  1667. updateSettings(array('settings_updated' => time()));
  1668. }
  1669. /**
  1670. * Load permissions profiles.
  1671. */
  1672. function loadPermissionProfiles()
  1673. {
  1674. global $context, $txt, $smcFunc;
  1675. $request = $smcFunc['db_query']('', '
  1676. SELECT id_profile, profile_name
  1677. FROM {db_prefix}permission_profiles
  1678. ORDER BY id_profile',
  1679. array(
  1680. )
  1681. );
  1682. $context['profiles'] = array();
  1683. while ($row = $smcFunc['db_fetch_assoc']($request))
  1684. {
  1685. // Format the label nicely.
  1686. if (isset($txt['permissions_profile_' . $row['profile_name']]))
  1687. $name = $txt['permissions_profile_' . $row['profile_name']];
  1688. else
  1689. $name = $row['profile_name'];
  1690. $context['profiles'][$row['id_profile']] = array(
  1691. 'id' => $row['id_profile'],
  1692. 'name' => $name,
  1693. 'can_modify' => $row['id_profile'] == 1 || $row['id_profile'] > 4,
  1694. 'unformatted_name' => $row['profile_name'],
  1695. );
  1696. }
  1697. $smcFunc['db_free_result']($request);
  1698. }
  1699. /**
  1700. * Add/Edit/Delete profiles.
  1701. */
  1702. function EditPermissionProfiles()
  1703. {
  1704. global $context, $txt, $smcFunc;
  1705. // Setup the template, first for fun.
  1706. $context['page_title'] = $txt['permissions_profile_edit'];
  1707. $context['sub_template'] = 'edit_profiles';
  1708. // If we're creating a new one do it first.
  1709. if (isset($_POST['create']) && trim($_POST['profile_name']) != '')
  1710. {
  1711. checkSession();
  1712. validateToken('admin-mpp');
  1713. $_POST['copy_from'] = (int) $_POST['copy_from'];
  1714. $_POST['profile_name'] = $smcFunc['htmlspecialchars']($_POST['profile_name']);
  1715. // Insert the profile itself.
  1716. $smcFunc['db_insert']('',
  1717. '{db_prefix}permission_profiles',
  1718. array(
  1719. 'profile_name' => 'string',
  1720. ),
  1721. array(
  1722. $_POST['profile_name'],
  1723. ),
  1724. array('id_profile')
  1725. );
  1726. $profile_id = $smcFunc['db_insert_id']('{db_prefix}permission_profiles', 'id_profile');
  1727. // Load the permissions from the one it's being copied from.
  1728. $request = $smcFunc['db_query']('', '
  1729. SELECT id_group, permission, add_deny
  1730. FROM {db_prefix}board_permissions
  1731. WHERE id_profile = {int:copy_from}',
  1732. array(
  1733. 'copy_from' => $_POST['copy_from'],
  1734. )
  1735. );
  1736. $inserts = array();
  1737. while ($row = $smcFunc['db_fetch_assoc']($request))
  1738. $inserts[] = array($profile_id, $row['id_group'], $row['permission'], $row['add_deny']);
  1739. $smcFunc['db_free_result']($request);
  1740. if (!empty($inserts))
  1741. $smcFunc['db_insert']('insert',
  1742. '{db_prefix}board_permissions',
  1743. array('id_profile' => 'int', 'id_group' => 'int', 'permission' => 'string', 'add_deny' => 'int'),
  1744. $inserts,
  1745. array('id_profile', 'id_group', 'permission')
  1746. );
  1747. }
  1748. // Renaming?
  1749. elseif (isset($_POST['rename']))
  1750. {
  1751. checkSession();
  1752. validateToken('admin-mpp');
  1753. // Just showing the boxes?
  1754. if (!isset($_POST['rename_profile']))
  1755. $context['show_rename_boxes'] = true;
  1756. else
  1757. {
  1758. foreach ($_POST['rename_profile'] as $id => $value)
  1759. {
  1760. $value = $smcFunc['htmlspecialchars']($value);
  1761. if (trim($value) != '' && $id > 4)
  1762. $smcFunc['db_query']('', '
  1763. UPDATE {db_prefix}permission_profiles
  1764. SET profile_name = {string:profile_name}
  1765. WHERE id_profile = {int:current_profile}',
  1766. array(
  1767. 'current_profile' => (int) $id,
  1768. 'profile_name' => $value,
  1769. )
  1770. );
  1771. }
  1772. }
  1773. }
  1774. // Deleting?
  1775. elseif (isset($_POST['delete']) && !empty($_POST['delete_profile']))
  1776. {
  1777. checkSession('post');
  1778. validateToken('admin-mpp');
  1779. $profiles = array();
  1780. foreach ($_POST['delete_profile'] as $profile)
  1781. if ($profile > 4)
  1782. $profiles[] = (int) $profile;
  1783. // Verify it's not in use...
  1784. $request = $smcFunc['db_query']('', '
  1785. SELECT id_board
  1786. FROM {db_prefix}boards
  1787. WHERE id_profile IN ({array_int:profile_list})
  1788. LIMIT 1',
  1789. array(
  1790. 'profile_list' => $profiles,
  1791. )
  1792. );
  1793. if ($smcFunc['db_num_rows']($request) != 0)
  1794. fatal_lang_error('no_access', false);
  1795. $smcFunc['db_free_result']($request);
  1796. // Oh well, delete.
  1797. $smcFunc['db_query']('', '
  1798. DELETE FROM {db_prefix}permission_profiles
  1799. WHERE id_profile IN ({array_int:profile_list})',
  1800. array(
  1801. 'profile_list' => $profiles,
  1802. )
  1803. );
  1804. }
  1805. // Clearly, we'll need this!
  1806. loadPermissionProfiles();
  1807. // Work out what ones are in use.
  1808. $request = $smcFunc['db_query']('', '
  1809. SELECT id_profile, COUNT(id_board) AS board_count
  1810. FROM {db_prefix}boards
  1811. GROUP BY id_profile',
  1812. array(
  1813. )
  1814. );
  1815. while ($row = $smcFunc['db_fetch_assoc']($request))
  1816. if (isset($context['profiles'][$row['id_profile']]))
  1817. {
  1818. $context['profiles'][$row['id_profile']]['in_use'] = true;
  1819. $context['profiles'][$row['id_profile']]['boards'] = $row['board_count'];
  1820. $context['profiles'][$row['id_profile']]['boards_text'] = $row['board_count'] > 1 ? sprintf($txt['permissions_profile_used_by_many'], $row['board_count']) : $txt['permissions_profile_used_by_' . ($row['board_count'] ? 'one' : 'none')];
  1821. }
  1822. $smcFunc['db_free_result']($request);
  1823. // What can we do with these?
  1824. $context['can_edit_something'] = false;
  1825. foreach ($context['profiles'] as $id => $profile)
  1826. {
  1827. // Can't delete special ones.
  1828. $context['profiles'][$id]['can_edit'] = isset($txt['permissions_profile_' . $profile['unformatted_name']]) ? false : true;
  1829. if ($context['profiles'][$id]['can_edit'])
  1830. $context['can_edit_something'] = true;
  1831. // You can only delete it if you can edit it AND it's not in use.
  1832. $context['profiles'][$id]['can_delete'] = $context['profiles'][$id]['can_edit'] && empty($profile['in_use']) ? true : false;
  1833. }
  1834. createToken('admin-mpp');
  1835. }
  1836. /**
  1837. * This function updates the permissions of any groups based off this group.
  1838. *
  1839. * @param mixed $parents (array or int)
  1840. * @param mixed $profile = null, int expected
  1841. */
  1842. function updateChildPermissions($parents, $profile = null)
  1843. {
  1844. global $smcFunc;
  1845. // All the parent groups to sort out.
  1846. if (!is_array($parents))
  1847. $parents = array($parents);
  1848. // Find all the children of this group.
  1849. $request = $smcFunc['db_query']('', '
  1850. SELECT id_parent, id_group
  1851. FROM {db_prefix}membergroups
  1852. WHERE id_parent != {int:not_inherited}
  1853. ' . (empty($parents) ? '' : 'AND id_parent IN ({array_int:parent_list})'),
  1854. array(
  1855. 'parent_list' => $parents,
  1856. 'not_inherited' => -2,
  1857. )
  1858. );
  1859. $children = array();
  1860. $parents = array();
  1861. $child_groups = array();
  1862. while ($row = $smcFunc['db_fetch_assoc']($request))
  1863. {
  1864. $children[$row['id_parent']][] = $row['id_group'];
  1865. $child_groups[] = $row['id_group'];
  1866. $parents[] = $row['id_parent'];
  1867. }
  1868. $smcFunc['db_free_result']($request);
  1869. $parents = array_unique($parents);
  1870. // Not a sausage, or a child?
  1871. if (empty($children))
  1872. return false;
  1873. // First off, are we doing general permissions?
  1874. if ($profile < 1 || $profile === null)
  1875. {
  1876. // Fetch all the parent permissions.
  1877. $request = $smcFunc['db_query']('', '
  1878. SELECT id_group, permission, add_deny
  1879. FROM {db_prefix}permissions
  1880. WHERE id_group IN ({array_int:parent_list})',
  1881. array(
  1882. 'parent_list' => $parents,
  1883. )
  1884. );
  1885. $permissions = array();
  1886. while ($row = $smcFunc['db_fetch_assoc']($request))
  1887. foreach ($children[$row['id_group']] as $child)
  1888. $permissions[] = array($child, $row['permission'], $row['add_deny']);
  1889. $smcFunc['db_free_result']($request);
  1890. $smcFunc['db_query']('', '
  1891. DELETE FROM {db_prefix}permissions
  1892. WHERE id_group IN ({array_int:child_groups})',
  1893. array(
  1894. 'child_groups' => $child_groups,
  1895. )
  1896. );
  1897. // Finally insert.
  1898. if (!empty($permissions))
  1899. {
  1900. $smcFunc['db_insert']('insert',
  1901. '{db_prefix}permissions',
  1902. array('id_group' => 'int', 'permission' => 'string', 'add_deny' => 'int'),
  1903. $permissions,
  1904. array('id_group', 'permission')
  1905. );
  1906. }
  1907. }
  1908. // Then, what about board profiles?
  1909. if ($profile != -1)
  1910. {
  1911. $profileQuery = $profile === null ? '' : ' AND id_profile = {int:current_profile}';
  1912. // Again, get all the parent permissions.
  1913. $request = $smcFunc['db_query']('', '
  1914. SELECT id_profile, id_group, permission, add_deny
  1915. FROM {db_prefix}board_permissions
  1916. WHERE id_group IN ({array_int:parent_groups})
  1917. ' . $profileQuery,
  1918. array(
  1919. 'parent_groups' => $parents,
  1920. 'current_profile' => $profile !== null && $profile ? $profile : 1,
  1921. )
  1922. );
  1923. $permissions = array();
  1924. while ($row = $smcFunc['db_fetch_assoc']($request))
  1925. foreach ($children[$row['id_group']] as $child)
  1926. $permissions[] = array($child, $row['id_profile'], $row['permission'], $row['add_deny']);
  1927. $smcFunc['db_free_result']($request);
  1928. $smcFunc['db_query']('', '
  1929. DELETE FROM {db_prefix}board_permissions
  1930. WHERE id_group IN ({array_int:child_groups})
  1931. ' . $profileQuery,
  1932. array(
  1933. 'child_groups' => $child_groups,
  1934. 'current_profile' => $profile !== null && $profile ? $profile : 1,
  1935. )
  1936. );
  1937. // Do the insert.
  1938. if (!empty($permissions))
  1939. {
  1940. $smcFunc['db_insert']('insert',
  1941. '{db_prefix}board_permissions',
  1942. array('id_group' => 'int', 'id_profile' => 'int', 'permission' => 'string', 'add_deny' => 'int'),
  1943. $permissions,
  1944. array('id_group', 'id_profile', 'permission')
  1945. );
  1946. }
  1947. }
  1948. }
  1949. /**
  1950. * Load permissions someone cannot grant.
  1951. */
  1952. function loadIllegalPermissions()
  1953. {
  1954. global $context;
  1955. $context['illegal_permissions'] = array();
  1956. if (!allowedTo('admin_forum'))
  1957. $context['illegal_permissions'][] = 'admin_forum';
  1958. if (!allowedTo('manage_membergroups'))
  1959. $context['illegal_permissions'][] = 'manage_membergroups';
  1960. if (!allowedTo('manage_permissions'))
  1961. $context['illegal_permissions'][] = 'manage_permissions';
  1962. call_integration_hook('integrate_load_illegal_permissions');
  1963. }
  1964. /**
  1965. * Loads the permissions that can not be given to guests.
  1966. * Stores the permissions in $context['non_guest_permissions'].
  1967. */
  1968. function loadIllegalGuestPermissions()
  1969. {
  1970. global $context;
  1971. $context['non_guest_permissions'] = array(
  1972. 'delete_replies',
  1973. 'karma_edit',
  1974. 'poll_add_own',
  1975. 'pm_read',
  1976. 'pm_send',
  1977. 'profile_identity',
  1978. 'profile_extra',
  1979. 'profile_title',
  1980. 'profile_remove',
  1981. 'profile_server_avatar',
  1982. 'profile_upload_avatar',
  1983. 'profile_remote_avatar',
  1984. 'profile_view_own',
  1985. 'mark_any_notify',
  1986. 'mark_notify',
  1987. 'admin_forum',
  1988. 'manage_boards',
  1989. 'manage_attachments',
  1990. 'manage_smileys',
  1991. 'edit_news',
  1992. 'access_mod_center',
  1993. 'moderate_forum',
  1994. 'issue_warning',
  1995. 'manage_membergroups',
  1996. 'manage_permissions',
  1997. 'manage_bans',
  1998. 'move_own',
  1999. 'modify_replies',
  2000. 'send_mail',
  2001. 'approve_posts',
  2002. );
  2003. call_integration_hook('integrate_load_illegal_guest_permissions');
  2004. }
  2005. /**
  2006. * Present a nice way of applying post moderation.
  2007. */
  2008. function ModifyPostModeration()
  2009. {
  2010. global $context, $txt, $smcFunc, $modSettings;
  2011. // Just in case.
  2012. checkSession('get');
  2013. $context['page_title'] = $txt['permissions_post_moderation'];
  2014. $context['sub_template'] = 'postmod_permissions';
  2015. $context['current_profile'] = isset($_REQUEST['pid']) ? (int) $_REQUEST['pid'] : 1;
  2016. // Load all the permission profiles.
  2017. loadPermissionProfiles();
  2018. // Mappings, our key => array(can_do_moderated, can_do_all)
  2019. $mappings = array(
  2020. 'new_topic' => array('post_new', 'post_unapproved_topics'),
  2021. 'replies_own' => array('post_reply_own', 'post_unapproved_replies_own'),
  2022. 'replies_any' => array('post_reply_any', 'post_unapproved_replies_any'),
  2023. 'attachment' => array('post_attachment', 'post_unapproved_attachments'),
  2024. );
  2025. call_integration_hook('integrate_post_moderation_mapping', array(&$mappings));
  2026. // Start this with the guests/members.
  2027. $context['profile_groups'] = array(
  2028. -1 => array(
  2029. 'id' => -1,
  2030. 'name' => $txt['membergroups_guests'],
  2031. 'color' => '',
  2032. 'new_topic' => 'disallow',
  2033. 'replies_own' => 'disallow',
  2034. 'replies_any' => 'disallow',
  2035. 'attachment' => 'disallow',
  2036. 'children' => array(),
  2037. ),
  2038. 0 => array(
  2039. 'id' => 0,
  2040. 'name' => $txt['membergroups_members'],
  2041. 'color' => '',
  2042. 'new_topic' => 'disallow',
  2043. 'replies_own' => 'disallow',
  2044. 'replies_any' => 'disallow',
  2045. 'attachment' => 'disallow',
  2046. 'children' => array(),
  2047. ),
  2048. );
  2049. // Load the groups.
  2050. $request = $smcFunc['db_query']('', '
  2051. SELECT id_group, group_name, online_color, id_parent
  2052. FROM {db_prefix}membergroups
  2053. WHERE id_group != {int:admin_group}
  2054. ' . (empty($modSettings['permission_enable_postgroups']) ? ' AND min_posts = {int:min_posts}' : '') . '
  2055. ORDER BY id_parent ASC',
  2056. array(
  2057. 'admin_group' => 1,
  2058. 'min_posts' => -1,
  2059. )
  2060. );
  2061. while ($row = $smcFunc['db_fetch_assoc']($request))
  2062. {
  2063. if ($row['id_parent'] == -2)
  2064. {
  2065. $context['profile_groups'][$row['id_group']] = array(
  2066. 'id' => $row['id_group'],
  2067. 'name' => $row['group_name'],
  2068. 'color' => $row['online_color'],
  2069. 'new_topic' => 'disallow',
  2070. 'replies_own' => 'disallow',
  2071. 'replies_any' => 'disallow',
  2072. 'attachment' => 'disallow',
  2073. 'children' => array(),
  2074. );
  2075. }
  2076. elseif (isset($context['profile_groups'][$row['id_parent']]))
  2077. $context['profile_groups'][$row['id_parent']]['children'][] = $row['group_name'];
  2078. }
  2079. $smcFunc['db_free_result']($request);
  2080. // What are the permissions we are querying?
  2081. $all_permissions = array();
  2082. foreach ($mappings as $perm_set)
  2083. $all_permissions = array_merge($all_permissions, $perm_set);
  2084. // If we're saving the changes then do just that - save them.
  2085. if (!empty($_POST['save_changes']) && ($context['current_profile'] == 1 || $context['current_profile'] > 4))
  2086. {
  2087. validateToken('admin-mppm');
  2088. // Start by deleting all the permissions relevant.
  2089. $smcFunc['db_query']('', '
  2090. DELETE FROM {db_prefix}board_permissions
  2091. WHERE id_profile = {int:current_profile}
  2092. AND permission IN ({array_string:permissions})
  2093. AND id_group IN ({array_int:profile_group_list})',
  2094. array(
  2095. 'profile_group_list' => array_keys($context['profile_groups']),
  2096. 'current_profile' => $context['current_profile'],
  2097. 'permissions' => $all_permissions,
  2098. )
  2099. );
  2100. // Do it group by group.
  2101. $new_permissions = array();
  2102. foreach ($context['profile_groups'] as $id => $group)
  2103. {
  2104. foreach ($mappings as $index => $data)
  2105. {
  2106. if (isset($_POST[$index][$group['id']]))
  2107. {
  2108. if ($_POST[$index][$group['id']] == 'allow')
  2109. {
  2110. // Give them both sets for fun.
  2111. $new_permissions[] = array($context['current_profile'], $group['id'], $data[0], 1);
  2112. $new_permissions[] = array($context['current_profile'], $group['id'], $data[1], 1);
  2113. }
  2114. elseif ($_POST[$index][$group['id']] == 'moderate')
  2115. $new_permissions[] = array($context['current_profile'], $group['id'], $data[1], 1);
  2116. }
  2117. }
  2118. }
  2119. // Insert new permissions.
  2120. if (!empty($new_permissions))
  2121. $smcFunc['db_insert']('',
  2122. '{db_prefix}board_permissions',
  2123. array('id_profile' => 'int', 'id_group' => 'int', 'permission' => 'string', 'add_deny' => 'int'),
  2124. $new_permissions,
  2125. array('id_profile', 'id_group', 'permission')
  2126. );
  2127. }
  2128. // Now get all the permissions!
  2129. $request = $smcFunc['db_query']('', '
  2130. SELECT id_group, permission, add_deny
  2131. FROM {db_prefix}board_permissions
  2132. WHERE id_profile = {int:current_profile}
  2133. AND permission IN ({array_string:permissions})
  2134. AND id_group IN ({array_int:profile_group_list})',
  2135. array(
  2136. 'profile_group_list' => array_keys($context['profile_groups']),
  2137. 'current_profile' => $context['current_profile'],
  2138. 'permissions' => $all_permissions,
  2139. )
  2140. );
  2141. while ($row = $smcFunc['db_fetch_assoc']($request))
  2142. {
  2143. foreach ($mappings as $key => $data)
  2144. {
  2145. foreach ($data as $index => $perm)
  2146. {
  2147. if ($perm == $row['permission'])
  2148. {
  2149. // Only bother if it's not denied.
  2150. if ($row['add_deny'])
  2151. {
  2152. // Full allowance?
  2153. if ($index == 0)
  2154. $context['profile_groups'][$row['id_group']][$key] = 'allow';
  2155. // Otherwise only bother with moderate if not on allow.
  2156. elseif ($context['profile_groups'][$row['id_group']][$key] != 'allow')
  2157. $context['profile_groups'][$row['id_group']][$key] = 'moderate';
  2158. }
  2159. }
  2160. }
  2161. }
  2162. }
  2163. $smcFunc['db_free_result']($request);
  2164. createToken('admin-mppm');
  2165. }
  2166. ?>