123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299130013011302130313041305130613071308130913101311131213131314131513161317131813191320132113221323132413251326132713281329133013311332133313341335133613371338133913401341134213431344134513461347134813491350135113521353135413551356135713581359136013611362136313641365136613671368136913701371137213731374137513761377137813791380138113821383138413851386138713881389139013911392139313941395139613971398139914001401140214031404140514061407140814091410141114121413141414151416141714181419142014211422142314241425142614271428142914301431143214331434143514361437143814391440144114421443144414451446144714481449145014511452145314541455145614571458145914601461146214631464146514661467146814691470147114721473147414751476147714781479148014811482148314841485148614871488148914901491149214931494149514961497149814991500150115021503150415051506150715081509151015111512151315141515151615171518151915201521152215231524152515261527152815291530153115321533153415351536153715381539154015411542154315441545154615471548154915501551155215531554155515561557155815591560156115621563156415651566156715681569157015711572157315741575157615771578157915801581158215831584158515861587158815891590159115921593159415951596159715981599160016011602160316041605160616071608160916101611161216131614161516161617161816191620162116221623162416251626162716281629163016311632163316341635163616371638163916401641164216431644164516461647164816491650165116521653165416551656165716581659166016611662166316641665166616671668166916701671167216731674167516761677167816791680168116821683168416851686168716881689169016911692169316941695169616971698169917001701170217031704170517061707170817091710171117121713171417151716171717181719172017211722172317241725172617271728172917301731173217331734173517361737173817391740174117421743174417451746174717481749175017511752175317541755175617571758175917601761176217631764176517661767176817691770177117721773177417751776177717781779178017811782178317841785178617871788178917901791179217931794179517961797179817991800180118021803180418051806180718081809181018111812181318141815181618171818181918201821182218231824182518261827182818291830183118321833183418351836183718381839184018411842184318441845184618471848184918501851185218531854185518561857185818591860186118621863186418651866186718681869187018711872187318741875187618771878187918801881188218831884188518861887188818891890189118921893189418951896189718981899190019011902190319041905190619071908190919101911191219131914191519161917191819191920192119221923192419251926192719281929193019311932193319341935193619371938193919401941194219431944194519461947194819491950195119521953195419551956195719581959196019611962196319641965196619671968196919701971197219731974197519761977197819791980198119821983198419851986198719881989199019911992199319941995199619971998199920002001200220032004200520062007200820092010201120122013201420152016201720182019202020212022202320242025202620272028202920302031203220332034203520362037203820392040204120422043204420452046204720482049205020512052205320542055205620572058205920602061206220632064206520662067206820692070207120722073207420752076207720782079208020812082208320842085208620872088208920902091209220932094209520962097209820992100210121022103210421052106210721082109211021112112211321142115211621172118211921202121212221232124212521262127212821292130213121322133213421352136213721382139214021412142214321442145214621472148214921502151215221532154215521562157215821592160216121622163216421652166216721682169217021712172217321742175217621772178217921802181218221832184218521862187218821892190219121922193219421952196219721982199220022012202220322042205220622072208220922102211221222132214221522162217221822192220222122222223222422252226222722282229223022312232223322342235223622372238223922402241224222432244224522462247224822492250225122522253225422552256225722582259226022612262226322642265226622672268226922702271227222732274227522762277227822792280228122822283228422852286228722882289229022912292229322942295229622972298229923002301230223032304230523062307230823092310231123122313231423152316231723182319232023212322232323242325232623272328232923302331233223332334233523362337233823392340234123422343234423452346234723482349235023512352235323542355235623572358235923602361236223632364236523662367236823692370237123722373237423752376237723782379238023812382238323842385238623872388238923902391239223932394239523962397239823992400240124022403240424052406240724082409241024112412241324142415241624172418241924202421242224232424242524262427242824292430243124322433243424352436243724382439244024412442244324442445244624472448244924502451245224532454245524562457245824592460246124622463246424652466246724682469247024712472247324742475247624772478247924802481248224832484248524862487248824892490249124922493249424952496249724982499250025012502250325042505 |
- <?php
- /**
- * ManagePermissions handles all possible permission stuff.
- *
- * Simple Machines Forum (SMF)
- *
- * @package SMF
- * @author Simple Machines http://www.simplemachines.org
- * @copyright 2013 Simple Machines and individual contributors
- * @license http://www.simplemachines.org/about/smf/license.php BSD
- *
- * @version 2.1 Alpha 1
- */
- if (!defined('SMF'))
- die('No direct access...');
- /**
- * Dispaches to the right function based on the given subaction.
- * Checks the permissions, based on the sub-action.
- * Called by ?action=managepermissions.
- *
- * @uses ManagePermissions language file.
- */
- function ModifyPermissions()
- {
- global $txt, $scripturl, $context;
- loadLanguage('ManagePermissions+ManageMembers');
- loadTemplate('ManagePermissions');
- // Format: 'sub-action' => array('function_to_call', 'permission_needed'),
- $subActions = array(
- 'board' => array('PermissionByBoard', 'manage_permissions'),
- 'index' => array('PermissionIndex', 'manage_permissions'),
- 'modify' => array('ModifyMembergroup', 'manage_permissions'),
- 'modify2' => array('ModifyMembergroup2', 'manage_permissions'),
- 'quick' => array('SetQuickGroups', 'manage_permissions'),
- 'quickboard' => array('SetQuickBoards', 'manage_permissions'),
- 'postmod' => array('ModifyPostModeration', 'manage_permissions'),
- 'profiles' => array('EditPermissionProfiles', 'manage_permissions'),
- 'settings' => array('GeneralPermissionSettings', 'admin_forum'),
- );
- call_integration_hook('integrate_manage_permissions', array(&$subActions));
- $_REQUEST['sa'] = isset($_REQUEST['sa']) && isset($subActions[$_REQUEST['sa']]) && empty($subActions[$_REQUEST['sa']]['disabled']) ? $_REQUEST['sa'] : (allowedTo('manage_permissions') ? 'index' : 'settings');
- isAllowedTo($subActions[$_REQUEST['sa']][1]);
- // Create the tabs for the template.
- $context[$context['admin_menu_name']]['tab_data'] = array(
- 'title' => $txt['permissions_title'],
- 'help' => 'permissions',
- 'description' => '',
- 'tabs' => array(
- 'index' => array(
- 'description' => $txt['permissions_groups'],
- ),
- 'board' => array(
- 'description' => $txt['permission_by_board_desc'],
- ),
- 'profiles' => array(
- 'description' => $txt['permissions_profiles_desc'],
- ),
- 'postmod' => array(
- 'description' => $txt['permissions_post_moderation_desc'],
- ),
- 'settings' => array(
- 'description' => $txt['permission_settings_desc'],
- ),
- ),
- );
- $subActions[$_REQUEST['sa']][0]();
- }
- /**
- * Sets up the permissions by membergroup index page.
- * Called by ?action=managepermissions
- * Creates an array of all the groups with the number of members and permissions.
- *
- * @uses ManagePermissions language file.
- * @uses ManagePermissions template file.
- * @uses ManageBoards template, permission_index sub-template.
- */
- function PermissionIndex()
- {
- global $txt, $scripturl, $context, $settings, $modSettings, $smcFunc;
- $context['page_title'] = $txt['permissions_title'];
- // Load all the permissions. We'll need them in the template.
- loadAllPermissions();
- // Also load profiles, we may want to reset.
- loadPermissionProfiles();
- // Are we going to show the advanced options?
- $context['show_advanced_options'] = empty($context['admin_preferences']['app']);
- // Determine the number of ungrouped members.
- $request = $smcFunc['db_query']('', '
- SELECT COUNT(*)
- FROM {db_prefix}members
- WHERE id_group = {int:regular_group}',
- array(
- 'regular_group' => 0,
- )
- );
- list ($num_members) = $smcFunc['db_fetch_row']($request);
- $smcFunc['db_free_result']($request);
- // Fill the context variable with 'Guests' and 'Regular Members'.
- $context['groups'] = array(
- -1 => array(
- 'id' => -1,
- 'name' => $txt['membergroups_guests'],
- 'num_members' => $txt['membergroups_guests_na'],
- 'allow_delete' => false,
- 'allow_modify' => true,
- 'can_search' => false,
- 'href' => '',
- 'link' => '',
- 'help' => 'membergroup_guests',
- 'is_post_group' => false,
- 'color' => '',
- 'icons' => '',
- 'children' => array(),
- 'num_permissions' => array(
- 'allowed' => 0,
- // Can't deny guest permissions!
- 'denied' => '(' . $txt['permissions_none'] . ')'
- ),
- 'access' => false
- ),
- 0 => array(
- 'id' => 0,
- 'name' => $txt['membergroups_members'],
- 'num_members' => $num_members,
- 'allow_delete' => false,
- 'allow_modify' => true,
- 'can_search' => false,
- 'href' => $scripturl . '?action=moderate;area=viewgroups;sa=members;group=0',
- 'help' => 'membergroup_regular_members',
- 'is_post_group' => false,
- 'color' => '',
- 'icons' => '',
- 'children' => array(),
- 'num_permissions' => array(
- 'allowed' => 0,
- 'denied' => 0
- ),
- 'access' => false
- ),
- );
- $postGroups = array();
- $normalGroups = array();
- // Query the database defined membergroups.
- $query = $smcFunc['db_query']('', '
- SELECT id_group, id_parent, group_name, min_posts, online_color, icons
- FROM {db_prefix}membergroups' . (empty($modSettings['permission_enable_postgroups']) ? '
- WHERE min_posts = {int:min_posts}' : '') . '
- ORDER BY id_parent = {int:not_inherited} DESC, min_posts, CASE WHEN id_group < {int:newbie_group} THEN id_group ELSE 4 END, group_name',
- array(
- 'min_posts' => -1,
- 'not_inherited' => -2,
- 'newbie_group' => 4,
- )
- );
- while ($row = $smcFunc['db_fetch_assoc']($query))
- {
- // If it's inherited, just add it as a child.
- if ($row['id_parent'] != -2)
- {
- if (isset($context['groups'][$row['id_parent']]))
- $context['groups'][$row['id_parent']]['children'][$row['id_group']] = $row['group_name'];
- continue;
- }
- $row['icons'] = explode('#', $row['icons']);
- $context['groups'][$row['id_group']] = array(
- 'id' => $row['id_group'],
- 'name' => $row['group_name'],
- 'num_members' => $row['id_group'] != 3 ? 0 : $txt['membergroups_guests_na'],
- 'allow_delete' => $row['id_group'] > 4,
- 'allow_modify' => $row['id_group'] > 1,
- 'can_search' => $row['id_group'] != 3,
- 'href' => $scripturl . '?action=moderate;area=viewgroups;sa=members;group=' . $row['id_group'],
- 'help' => $row['id_group'] == 1 ? 'membergroup_administrator' : ($row['id_group'] == 3 ? 'membergroup_moderator' : ''),
- 'is_post_group' => $row['min_posts'] != -1,
- 'color' => empty($row['online_color']) ? '' : $row['online_color'],
- 'icons' => !empty($row['icons'][0]) && !empty($row['icons'][1]) ? str_repeat('<img src="' . $settings['images_url'] . '/' . $row['icons'][1] . '" alt="*" />', $row['icons'][0]) : '',
- 'children' => array(),
- 'num_permissions' => array(
- 'allowed' => $row['id_group'] == 1 ? '(' . $txt['permissions_all'] . ')' : 0,
- 'denied' => $row['id_group'] == 1 ? '(' . $txt['permissions_none'] . ')' : 0
- ),
- 'access' => false,
- );
- if ($row['min_posts'] == -1)
- $normalGroups[$row['id_group']] = $row['id_group'];
- else
- $postGroups[$row['id_group']] = $row['id_group'];
- }
- $smcFunc['db_free_result']($query);
- // Get the number of members in this post group.
- if (!empty($postGroups))
- {
- $query = $smcFunc['db_query']('', '
- SELECT id_post_group AS id_group, COUNT(*) AS num_members
- FROM {db_prefix}members
- WHERE id_post_group IN ({array_int:post_group_list})
- GROUP BY id_post_group',
- array(
- 'post_group_list' => $postGroups,
- )
- );
- while ($row = $smcFunc['db_fetch_assoc']($query))
- $context['groups'][$row['id_group']]['num_members'] += $row['num_members'];
- $smcFunc['db_free_result']($query);
- }
- if (!empty($normalGroups))
- {
- // First, the easy one!
- $query = $smcFunc['db_query']('', '
- SELECT id_group, COUNT(*) AS num_members
- FROM {db_prefix}members
- WHERE id_group IN ({array_int:normal_group_list})
- GROUP BY id_group',
- array(
- 'normal_group_list' => $normalGroups,
- )
- );
- while ($row = $smcFunc['db_fetch_assoc']($query))
- $context['groups'][$row['id_group']]['num_members'] += $row['num_members'];
- $smcFunc['db_free_result']($query);
- // This one is slower, but it's okay... careful not to count twice!
- $query = $smcFunc['db_query']('', '
- SELECT mg.id_group, COUNT(*) AS num_members
- FROM {db_prefix}membergroups AS mg
- INNER JOIN {db_prefix}members AS mem ON (mem.additional_groups != {string:blank_string}
- AND mem.id_group != mg.id_group
- AND FIND_IN_SET(mg.id_group, mem.additional_groups) != 0)
- WHERE mg.id_group IN ({array_int:normal_group_list})
- GROUP BY mg.id_group',
- array(
- 'normal_group_list' => $normalGroups,
- 'blank_string' => '',
- )
- );
- while ($row = $smcFunc['db_fetch_assoc']($query))
- $context['groups'][$row['id_group']]['num_members'] += $row['num_members'];
- $smcFunc['db_free_result']($query);
- }
- foreach ($context['groups'] as $id => $data)
- {
- if ($data['href'] != '')
- $context['groups'][$id]['link'] = '<a href="' . $data['href'] . '">' . $data['num_members'] . '</a>';
- }
- if (empty($_REQUEST['pid']))
- {
- $request = $smcFunc['db_query']('', '
- SELECT id_group, COUNT(*) AS num_permissions, add_deny
- FROM {db_prefix}permissions
- ' . (empty($context['hidden_permissions']) ? '' : ' WHERE permission NOT IN ({array_string:hidden_permissions})') . '
- GROUP BY id_group, add_deny',
- array(
- 'hidden_permissions' => !empty($context['hidden_permissions']) ? $context['hidden_permissions'] : array(),
- )
- );
- while ($row = $smcFunc['db_fetch_assoc']($request))
- if (isset($context['groups'][(int) $row['id_group']]) && (!empty($row['add_deny']) || $row['id_group'] != -1))
- $context['groups'][(int) $row['id_group']]['num_permissions'][empty($row['add_deny']) ? 'denied' : 'allowed'] = $row['num_permissions'];
- $smcFunc['db_free_result']($request);
- // Get the "default" profile permissions too.
- $request = $smcFunc['db_query']('', '
- SELECT id_profile, id_group, COUNT(*) AS num_permissions, add_deny
- FROM {db_prefix}board_permissions
- WHERE id_profile = {int:default_profile}
- ' . (empty($context['hidden_permissions']) ? '' : ' AND permission NOT IN ({array_string:hidden_permissions})') . '
- GROUP BY id_profile, id_group, add_deny',
- array(
- 'default_profile' => 1,
- 'hidden_permissions' => !empty($context['hidden_permissions']) ? $context['hidden_permissions'] : array(),
- )
- );
- while ($row = $smcFunc['db_fetch_assoc']($request))
- {
- if (isset($context['groups'][(int) $row['id_group']]) && (!empty($row['add_deny']) || $row['id_group'] != -1))
- $context['groups'][(int) $row['id_group']]['num_permissions'][empty($row['add_deny']) ? 'denied' : 'allowed'] += $row['num_permissions'];
- }
- $smcFunc['db_free_result']($request);
- }
- else
- {
- $_REQUEST['pid'] = (int) $_REQUEST['pid'];
- if (!isset($context['profiles'][$_REQUEST['pid']]))
- fatal_lang_error('no_access', false);
- // Change the selected tab to better reflect that this really is a board profile.
- $context[$context['admin_menu_name']]['current_subsection'] = 'profiles';
- $request = $smcFunc['db_query']('', '
- SELECT id_profile, id_group, COUNT(*) AS num_permissions, add_deny
- FROM {db_prefix}board_permissions
- WHERE id_profile = {int:current_profile}
- GROUP BY id_profile, id_group, add_deny',
- array(
- 'current_profile' => $_REQUEST['pid'],
- )
- );
- while ($row = $smcFunc['db_fetch_assoc']($request))
- {
- if (isset($context['groups'][(int) $row['id_group']]) && (!empty($row['add_deny']) || $row['id_group'] != -1))
- $context['groups'][(int) $row['id_group']]['num_permissions'][empty($row['add_deny']) ? 'denied' : 'allowed'] += $row['num_permissions'];
- }
- $smcFunc['db_free_result']($request);
- $context['profile'] = array(
- 'id' => $_REQUEST['pid'],
- 'name' => $context['profiles'][$_REQUEST['pid']]['name'],
- );
- }
- // We can modify any permission set apart from the read only, reply only and no polls ones as they are redefined.
- $context['can_modify'] = empty($_REQUEST['pid']) || $_REQUEST['pid'] == 1 || $_REQUEST['pid'] > 4;
- // Load the proper template.
- $context['sub_template'] = 'permission_index';
- createToken('admin-mpq');
- }
- /**
- * Handle permissions by board... more or less. :P
- */
- function PermissionByBoard()
- {
- global $context, $modSettings, $txt, $smcFunc, $sourcedir, $cat_tree, $boardList, $boards;
- $context['page_title'] = $txt['permissions_boards'];
- $context['edit_all'] = isset($_GET['edit']);
- // Saving?
- if (!empty($_POST['save_changes']) && !empty($_POST['boardprofile']))
- {
- checkSession('request');
- validateToken('admin-mpb');
- $changes = array();
- foreach ($_POST['boardprofile'] as $board => $profile)
- {
- $changes[(int) $profile][] = (int) $board;
- }
- if (!empty($changes))
- {
- foreach ($changes as $profile => $boards)
- $smcFunc['db_query']('', '
- UPDATE {db_prefix}boards
- SET id_profile = {int:current_profile}
- WHERE id_board IN ({array_int:board_list})',
- array(
- 'board_list' => $boards,
- 'current_profile' => $profile,
- )
- );
- }
- $context['edit_all'] = false;
- }
- // Load all permission profiles.
- loadPermissionProfiles();
- // Get the board tree.
- require_once($sourcedir . '/Subs-Boards.php');
- getBoardTree();
- // Build the list of the boards.
- $context['categories'] = array();
- foreach ($cat_tree as $catid => $tree)
- {
- $context['categories'][$catid] = array(
- 'name' => &$tree['node']['name'],
- 'id' => &$tree['node']['id'],
- 'boards' => array()
- );
- foreach ($boardList[$catid] as $boardid)
- {
- if (!isset($context['profiles'][$boards[$boardid]['profile']]))
- $boards[$boardid]['profile'] = 1;
- $context['categories'][$catid]['boards'][$boardid] = array(
- 'id' => &$boards[$boardid]['id'],
- 'name' => &$boards[$boardid]['name'],
- 'description' => &$boards[$boardid]['description'],
- 'child_level' => &$boards[$boardid]['level'],
- 'profile' => &$boards[$boardid]['profile'],
- 'profile_name' => $context['profiles'][$boards[$boardid]['profile']]['name'],
- );
- }
- }
- $context['sub_template'] = 'by_board';
- createToken('admin-mpb');
- }
- /**
- * Handles permission modification actions from the upper part of the
- * permission manager index.
- */
- function SetQuickGroups()
- {
- global $context, $smcFunc;
- checkSession();
- validateToken('admin-mpq', 'quick');
- loadIllegalPermissions();
- loadIllegalGuestPermissions();
- // Make sure only one of the quick options was selected.
- if ((!empty($_POST['predefined']) && ((isset($_POST['copy_from']) && $_POST['copy_from'] != 'empty') || !empty($_POST['permissions']))) || (!empty($_POST['copy_from']) && $_POST['copy_from'] != 'empty' && !empty($_POST['permissions'])))
- fatal_lang_error('permissions_only_one_option', false);
- if (empty($_POST['group']) || !is_array($_POST['group']))
- $_POST['group'] = array();
- // Only accept numeric values for selected membergroups.
- foreach ($_POST['group'] as $id => $group_id)
- $_POST['group'][$id] = (int) $group_id;
- $_POST['group'] = array_unique($_POST['group']);
- if (empty($_REQUEST['pid']))
- $_REQUEST['pid'] = 0;
- else
- $_REQUEST['pid'] = (int) $_REQUEST['pid'];
- // Fix up the old global to the new default!
- $bid = max(1, $_REQUEST['pid']);
- // No modifying the predefined profiles.
- if ($_REQUEST['pid'] > 1 && $_REQUEST['pid'] < 5)
- fatal_lang_error('no_access', false);
- // Clear out any cached authority.
- updateSettings(array('settings_updated' => time()));
- // No groups where selected.
- if (empty($_POST['group']))
- redirectexit('action=admin;area=permissions;pid=' . $_REQUEST['pid']);
- // Set a predefined permission profile.
- if (!empty($_POST['predefined']))
- {
- // Make sure it's a predefined permission set we expect.
- if (!in_array($_POST['predefined'], array('restrict', 'standard', 'moderator', 'maintenance')))
- redirectexit('action=admin;area=permissions;pid=' . $_REQUEST['pid']);
- foreach ($_POST['group'] as $group_id)
- {
- if (!empty($_REQUEST['pid']))
- setPermissionLevel($_POST['predefined'], $group_id, $_REQUEST['pid']);
- else
- setPermissionLevel($_POST['predefined'], $group_id);
- }
- }
- // Set a permission profile based on the permissions of a selected group.
- elseif ($_POST['copy_from'] != 'empty')
- {
- // Just checking the input.
- if (!is_numeric($_POST['copy_from']))
- redirectexit('action=admin;area=permissions;pid=' . $_REQUEST['pid']);
- // Make sure the group we're copying to is never included.
- $_POST['group'] = array_diff($_POST['group'], array($_POST['copy_from']));
- // No groups left? Too bad.
- if (empty($_POST['group']))
- redirectexit('action=admin;area=permissions;pid=' . $_REQUEST['pid']);
- if (empty($_REQUEST['pid']))
- {
- // Retrieve current permissions of group.
- $request = $smcFunc['db_query']('', '
- SELECT permission, add_deny
- FROM {db_prefix}permissions
- WHERE id_group = {int:copy_from}',
- array(
- 'copy_from' => $_POST['copy_from'],
- )
- );
- $target_perm = array();
- while ($row = $smcFunc['db_fetch_assoc']($request))
- $target_perm[$row['permission']] = $row['add_deny'];
- $smcFunc['db_free_result']($request);
- $inserts = array();
- foreach ($_POST['group'] as $group_id)
- foreach ($target_perm as $perm => $add_deny)
- {
- // No dodgy permissions please!
- if (!empty($context['illegal_permissions']) && in_array($perm, $context['illegal_permissions']))
- continue;
- if ($group_id == -1 && in_array($perm, $context['non_guest_permissions']))
- continue;
- if ($group_id != 1 && $group_id != 3)
- $inserts[] = array($perm, $group_id, $add_deny);
- }
- // Delete the previous permissions...
- $smcFunc['db_query']('', '
- DELETE FROM {db_prefix}permissions
- WHERE id_group IN ({array_int:group_list})
- ' . (empty($context['illegal_permissions']) ? '' : ' AND permission NOT IN ({array_string:illegal_permissions})'),
- array(
- 'group_list' => $_POST['group'],
- 'illegal_permissions' => !empty($context['illegal_permissions']) ? $context['illegal_permissions'] : array(),
- )
- );
- if (!empty($inserts))
- {
- // ..and insert the new ones.
- $smcFunc['db_insert']('',
- '{db_prefix}permissions',
- array(
- 'permission' => 'string', 'id_group' => 'int', 'add_deny' => 'int',
- ),
- $inserts,
- array('permission', 'id_group')
- );
- }
- }
- // Now do the same for the board permissions.
- $request = $smcFunc['db_query']('', '
- SELECT permission, add_deny
- FROM {db_prefix}board_permissions
- WHERE id_group = {int:copy_from}
- AND id_profile = {int:current_profile}',
- array(
- 'copy_from' => $_POST['copy_from'],
- 'current_profile' => $bid,
- )
- );
- $target_perm = array();
- while ($row = $smcFunc['db_fetch_assoc']($request))
- $target_perm[$row['permission']] = $row['add_deny'];
- $smcFunc['db_free_result']($request);
- $inserts = array();
- foreach ($_POST['group'] as $group_id)
- foreach ($target_perm as $perm => $add_deny)
- {
- // Are these for guests?
- if ($group_id == -1 && in_array($perm, $context['non_guest_permissions']))
- continue;
- $inserts[] = array($perm, $group_id, $bid, $add_deny);
- }
- // Delete the previous global board permissions...
- $smcFunc['db_query']('', '
- DELETE FROM {db_prefix}board_permissions
- WHERE id_group IN ({array_int:current_group_list})
- AND id_profile = {int:current_profile}',
- array(
- 'current_group_list' => $_POST['group'],
- 'current_profile' => $bid,
- )
- );
- // And insert the copied permissions.
- if (!empty($inserts))
- {
- // ..and insert the new ones.
- $smcFunc['db_insert']('',
- '{db_prefix}board_permissions',
- array('permission' => 'string', 'id_group' => 'int', 'id_profile' => 'int', 'add_deny' => 'int'),
- $inserts,
- array('permission', 'id_group', 'id_profile')
- );
- }
- // Update any children out there!
- updateChildPermissions($_POST['group'], $_REQUEST['pid']);
- }
- // Set or unset a certain permission for the selected groups.
- elseif (!empty($_POST['permissions']))
- {
- // Unpack two variables that were transported.
- list ($permissionType, $permission) = explode('/', $_POST['permissions']);
- // Check whether our input is within expected range.
- if (!in_array($_POST['add_remove'], array('add', 'clear', 'deny')) || !in_array($permissionType, array('membergroup', 'board')))
- redirectexit('action=admin;area=permissions;pid=' . $_REQUEST['pid']);
- if ($_POST['add_remove'] == 'clear')
- {
- if ($permissionType == 'membergroup')
- $smcFunc['db_query']('', '
- DELETE FROM {db_prefix}permissions
- WHERE id_group IN ({array_int:current_group_list})
- AND permission = {string:current_permission}
- ' . (empty($context['illegal_permissions']) ? '' : ' AND permission NOT IN ({array_string:illegal_permissions})'),
- array(
- 'current_group_list' => $_POST['group'],
- 'current_permission' => $permission,
- 'illegal_permissions' => !empty($context['illegal_permissions']) ? $context['illegal_permissions'] : array(),
- )
- );
- else
- $smcFunc['db_query']('', '
- DELETE FROM {db_prefix}board_permissions
- WHERE id_group IN ({array_int:current_group_list})
- AND id_profile = {int:current_profile}
- AND permission = {string:current_permission}',
- array(
- 'current_group_list' => $_POST['group'],
- 'current_profile' => $bid,
- 'current_permission' => $permission,
- )
- );
- }
- // Add a permission (either 'set' or 'deny').
- else
- {
- $add_deny = $_POST['add_remove'] == 'add' ? '1' : '0';
- $permChange = array();
- foreach ($_POST['group'] as $groupID)
- {
- if ($groupID == -1 && in_array($permission, $context['non_guest_permissions']))
- continue;
- if ($permissionType == 'membergroup' && $groupID != 1 && $groupID != 3 && (empty($context['illegal_permissions']) || !in_array($permission, $context['illegal_permissions'])))
- $permChange[] = array($permission, $groupID, $add_deny);
- elseif ($permissionType != 'membergroup')
- $permChange[] = array($permission, $groupID, $bid, $add_deny);
- }
- if (!empty($permChange))
- {
- if ($permissionType == 'membergroup')
- $smcFunc['db_insert']('replace',
- '{db_prefix}permissions',
- array('permission' => 'string', 'id_group' => 'int', 'add_deny' => 'int'),
- $permChange,
- array('permission', 'id_group')
- );
- // Board permissions go into the other table.
- else
- $smcFunc['db_insert']('replace',
- '{db_prefix}board_permissions',
- array('permission' => 'string', 'id_group' => 'int', 'id_profile' => 'int', 'add_deny' => 'int'),
- $permChange,
- array('permission', 'id_group', 'id_profile')
- );
- }
- }
- // Another child update!
- updateChildPermissions($_POST['group'], $_REQUEST['pid']);
- }
- redirectexit('action=admin;area=permissions;pid=' . $_REQUEST['pid']);
- }
- /**
- * Initializes the necessary to modify a membergroup's permissions.
- */
- function ModifyMembergroup()
- {
- global $context, $txt, $modSettings, $smcFunc, $sourcedir;
- if (!isset($_GET['group']))
- fatal_lang_error('no_access', false);
- $context['group']['id'] = (int) $_GET['group'];
- // Are they toggling the view?
- if (isset($_GET['view']))
- {
- $context['admin_preferences']['pv'] = $_GET['view'] == 'classic' ? 'classic' : 'simple';
- // Update the users preferences.
- require_once($sourcedir . '/Subs-Admin.php');
- updateAdminPreferences();
- }
- $context['view_type'] = !empty($context['admin_preferences']['pv']) && $context['admin_preferences']['pv'] == 'classic' ? 'classic' : 'simple';
- // It's not likely you'd end up here with this setting disabled.
- if ($_GET['group'] == 1)
- redirectexit('action=admin;area=permissions');
- loadAllPermissions($context['view_type']);
- loadPermissionProfiles();
- if ($context['group']['id'] > 0)
- {
- $result = $smcFunc['db_query']('', '
- SELECT group_name, id_parent
- FROM {db_prefix}membergroups
- WHERE id_group = {int:current_group}
- LIMIT 1',
- array(
- 'current_group' => $context['group']['id'],
- )
- );
- list ($context['group']['name'], $parent) = $smcFunc['db_fetch_row']($result);
- $smcFunc['db_free_result']($result);
- // Cannot edit an inherited group!
- if ($parent != -2)
- fatal_lang_error('cannot_edit_permissions_inherited');
- }
- elseif ($context['group']['id'] == -1)
- $context['group']['name'] = $txt['membergroups_guests'];
- else
- $context['group']['name'] = $txt['membergroups_members'];
- $context['profile']['id'] = empty($_GET['pid']) ? 0 : (int) $_GET['pid'];
- // If this is a moderator and they are editing "no profile" then we only do boards.
- if ($context['group']['id'] == 3 && empty($context['profile']['id']))
- {
- // For sanity just check they have no general permissions.
- $smcFunc['db_query']('', '
- DELETE FROM {db_prefix}permissions
- WHERE id_group = {int:moderator_group}',
- array(
- 'moderator_group' => 3,
- )
- );
- $context['profile']['id'] = 1;
- }
- $context['permission_type'] = empty($context['profile']['id']) ? 'membergroup' : 'board';
- $context['profile']['can_modify'] = !$context['profile']['id'] || $context['profiles'][$context['profile']['id']]['can_modify'];
- // Set up things a little nicer for board related stuff...
- if ($context['permission_type'] == 'board')
- {
- $context['profile']['name'] = $context['profiles'][$context['profile']['id']]['name'];
- $context[$context['admin_menu_name']]['current_subsection'] = 'profiles';
- }
- // Fetch the current permissions.
- $permissions = array(
- 'membergroup' => array('allowed' => array(), 'denied' => array()),
- 'board' => array('allowed' => array(), 'denied' => array())
- );
- // General permissions?
- if ($context['permission_type'] == 'membergroup')
- {
- $result = $smcFunc['db_query']('', '
- SELECT permission, add_deny
- FROM {db_prefix}permissions
- WHERE id_group = {int:current_group}',
- array(
- 'current_group' => $_GET['group'],
- )
- );
- while ($row = $smcFunc['db_fetch_assoc']($result))
- $permissions['membergroup'][empty($row['add_deny']) ? 'denied' : 'allowed'][] = $row['permission'];
- $smcFunc['db_free_result']($result);
- }
- // Fetch current board permissions...
- $result = $smcFunc['db_query']('', '
- SELECT permission, add_deny
- FROM {db_prefix}board_permissions
- WHERE id_group = {int:current_group}
- AND id_profile = {int:current_profile}',
- array(
- 'current_group' => $context['group']['id'],
- 'current_profile' => $context['permission_type'] == 'membergroup' ? 1 : $context['profile']['id'],
- )
- );
- while ($row = $smcFunc['db_fetch_assoc']($result))
- $permissions['board'][empty($row['add_deny']) ? 'denied' : 'allowed'][] = $row['permission'];
- $smcFunc['db_free_result']($result);
- // Loop through each permission and set whether it's checked.
- foreach ($context['permissions'] as $permissionType => $tmp)
- {
- foreach ($tmp['columns'] as $position => $permissionGroups)
- {
- foreach ($permissionGroups as $permissionGroup => $permissionArray)
- {
- foreach ($permissionArray['permissions'] as $perm)
- {
- // Create a shortcut for the current permission.
- $curPerm = &$context['permissions'][$permissionType]['columns'][$position][$permissionGroup]['permissions'][$perm['id']];
- if ($tmp['view'] == 'classic')
- {
- if ($perm['has_own_any'])
- {
- $curPerm['any']['select'] = in_array($perm['id'] . '_any', $permissions[$permissionType]['allowed']) ? 'on' : (in_array($perm['id'] . '_any', $permissions[$permissionType]['denied']) ? 'denied' : 'off');
- $curPerm['own']['select'] = in_array($perm['id'] . '_own', $permissions[$permissionType]['allowed']) ? 'on' : (in_array($perm['id'] . '_own', $permissions[$permissionType]['denied']) ? 'denied' : 'off');
- }
- else
- $curPerm['select'] = in_array($perm['id'], $permissions[$permissionType]['denied']) ? 'denied' : (in_array($perm['id'], $permissions[$permissionType]['allowed']) ? 'on' : 'off');
- }
- else
- {
- $curPerm['select'] = in_array($perm['id'], $permissions[$permissionType]['denied']) ? 'denied' : (in_array($perm['id'], $permissions[$permissionType]['allowed']) ? 'on' : 'off');
- }
- }
- }
- }
- }
- $context['sub_template'] = 'modify_group';
- $context['page_title'] = $txt['permissions_modify_group'];
- createToken('admin-mp');
- }
- /**
- * This function actually saves modifications to a membergroup's board permissions.
- */
- function ModifyMembergroup2()
- {
- global $modSettings, $smcFunc, $context;
- checkSession();
- validateToken('admin-mp');
- loadIllegalPermissions();
- $_GET['group'] = (int) $_GET['group'];
- $_GET['pid'] = (int) $_GET['pid'];
- // Cannot modify predefined profiles.
- if ($_GET['pid'] > 1 && $_GET['pid'] < 5)
- fatal_lang_error('no_access', false);
- // Verify this isn't inherited.
- if ($_GET['group'] == -1 || $_GET['group'] == 0)
- $parent = -2;
- else
- {
- $result = $smcFunc['db_query']('', '
- SELECT id_parent
- FROM {db_prefix}membergroups
- WHERE id_group = {int:current_group}
- LIMIT 1',
- array(
- 'current_group' => $_GET['group'],
- )
- );
- list ($parent) = $smcFunc['db_fetch_row']($result);
- $smcFunc['db_free_result']($result);
- }
- if ($parent != -2)
- fatal_lang_error('cannot_edit_permissions_inherited');
- $givePerms = array('membergroup' => array(), 'board' => array());
- // Guest group, we need illegal, guest permissions.
- if ($_GET['group'] == -1)
- {
- loadIllegalGuestPermissions();
- $context['illegal_permissions'] = array_merge($context['illegal_permissions'], $context['non_guest_permissions']);
- }
- // Prepare all permissions that were set or denied for addition to the DB.
- if (isset($_POST['perm']) && is_array($_POST['perm']))
- {
- foreach ($_POST['perm'] as $perm_type => $perm_array)
- {
- if (is_array($perm_array))
- {
- foreach ($perm_array as $permission => $value)
- if ($value == 'on' || $value == 'deny')
- {
- // Don't allow people to escalate themselves!
- if (!empty($context['illegal_permissions']) && in_array($permission, $context['illegal_permissions']))
- continue;
- $givePerms[$perm_type][] = array($_GET['group'], $permission, $value == 'deny' ? 0 : 1);
- }
- }
- }
- }
- // Insert the general permissions.
- if ($_GET['group'] != 3 && empty($_GET['pid']))
- {
- $smcFunc['db_query']('', '
- DELETE FROM {db_prefix}permissions
- WHERE id_group = {int:current_group}
- ' . (empty($context['illegal_permissions']) ? '' : ' AND permission NOT IN ({array_string:illegal_permissions})'),
- array(
- 'current_group' => $_GET['group'],
- 'illegal_permissions' => !empty($context['illegal_permissions']) ? $context['illegal_permissions'] : array(),
- )
- );
- if (!empty($givePerms['membergroup']))
- {
- $smcFunc['db_insert']('replace',
- '{db_prefix}permissions',
- array('id_group' => 'int', 'permission' => 'string', 'add_deny' => 'int'),
- $givePerms['membergroup'],
- array('id_group', 'permission')
- );
- }
- }
- // Insert the boardpermissions.
- $profileid = max(1, $_GET['pid']);
- $smcFunc['db_query']('', '
- DELETE FROM {db_prefix}board_permissions
- WHERE id_group = {int:current_group}
- AND id_profile = {int:current_profile}',
- array(
- 'current_group' => $_GET['group'],
- 'current_profile' => $profileid,
- )
- );
- if (!empty($givePerms['board']))
- {
- foreach ($givePerms['board'] as $k => $v)
- $givePerms['board'][$k][] = $profileid;
- $smcFunc['db_insert']('replace',
- '{db_prefix}board_permissions',
- array('id_group' => 'int', 'permission' => 'string', 'add_deny' => 'int', 'id_profile' => 'int'),
- $givePerms['board'],
- array('id_group', 'permission', 'id_profile')
- );
- }
- // Update any inherited permissions as required.
- updateChildPermissions($_GET['group'], $_GET['pid']);
- // Clear cached privs.
- updateSettings(array('settings_updated' => time()));
- redirectexit('action=admin;area=permissions;pid=' . $_GET['pid']);
- }
- /**
- * A screen to set some general settings for permissions.
- *
- * @param bool $return_config = false
- */
- function GeneralPermissionSettings($return_config = false)
- {
- global $context, $modSettings, $sourcedir, $txt, $scripturl, $smcFunc;
- // All the setting variables
- $config_vars = array(
- array('title', 'settings'),
- // Inline permissions.
- array('permissions', 'manage_permissions'),
- '',
- // A few useful settings
- array('check', 'permission_enable_deny', 0, $txt['permission_settings_enable_deny'], 'help' => 'permissions_deny'),
- array('check', 'permission_enable_postgroups', 0, $txt['permission_settings_enable_postgroups'], 'help' => 'permissions_postgroups'),
- );
- call_integration_hook('integrate_modify_permission_settings', array(&$config_vars));
- if ($return_config)
- return $config_vars;
- $context['page_title'] = $txt['permission_settings_title'];
- $context['sub_template'] = 'show_settings';
- // Needed for the inline permission functions, and the settings template.
- require_once($sourcedir . '/ManageServer.php');
- // Don't let guests have these permissions.
- $context['post_url'] = $scripturl . '?action=admin;area=permissions;save;sa=settings';
- $context['permissions_excluded'] = array(-1);
- // Saving the settings?
- if (isset($_GET['save']))
- {
- checkSession('post');
- call_integration_hook('integrate_save_permission_settings');
- saveDBSettings($config_vars);
- // Clear all deny permissions...if we want that.
- if (empty($modSettings['permission_enable_deny']))
- {
- $smcFunc['db_query']('', '
- DELETE FROM {db_prefix}permissions
- WHERE add_deny = {int:denied}',
- array(
- 'denied' => 0,
- )
- );
- $smcFunc['db_query']('', '
- DELETE FROM {db_prefix}board_permissions
- WHERE add_deny = {int:denied}',
- array(
- 'denied' => 0,
- )
- );
- }
- // Make sure there are no postgroup based permissions left.
- if (empty($modSettings['permission_enable_postgroups']))
- {
- // Get a list of postgroups.
- $post_groups = array();
- $request = $smcFunc['db_query']('', '
- SELECT id_group
- FROM {db_prefix}membergroups
- WHERE min_posts != {int:min_posts}',
- array(
- 'min_posts' => -1,
- )
- );
- while ($row = $smcFunc['db_fetch_assoc']($request))
- $post_groups[] = $row['id_group'];
- $smcFunc['db_free_result']($request);
- // Remove'em.
- $smcFunc['db_query']('', '
- DELETE FROM {db_prefix}permissions
- WHERE id_group IN ({array_int:post_group_list})',
- array(
- 'post_group_list' => $post_groups,
- )
- );
- $smcFunc['db_query']('', '
- DELETE FROM {db_prefix}board_permissions
- WHERE id_group IN ({array_int:post_group_list})',
- array(
- 'post_group_list' => $post_groups,
- )
- );
- $smcFunc['db_query']('', '
- UPDATE {db_prefix}membergroups
- SET id_parent = {int:not_inherited}
- WHERE id_parent IN ({array_int:post_group_list})',
- array(
- 'post_group_list' => $post_groups,
- 'not_inherited' => -2,
- )
- );
- }
- $_SESSION['adm-save'] = true;
- redirectexit('action=admin;area=permissions;sa=settings');
- }
- // We need this for the in-line permissions
- createToken('admin-mp');
- prepareDBSettingContext($config_vars);
- }
- /**
- * Set the permission level for a specific profile, group, or group for a profile.
- * @internal
- *
- * @param string $level
- * @param int $group
- * @param mixed $profile = null, int expected
- */
- function setPermissionLevel($level, $group, $profile = 'null')
- {
- global $smcFunc, $context;
- loadIllegalPermissions();
- loadIllegalGuestPermissions();
- // Levels by group... restrict, standard, moderator, maintenance.
- $groupLevels = array(
- 'board' => array('inherit' => array()),
- 'group' => array('inherit' => array())
- );
- // Levels by board... standard, publish, free.
- $boardLevels = array('inherit' => array());
- // Restrictive - ie. guests.
- $groupLevels['global']['restrict'] = array(
- 'search_posts',
- 'calendar_view',
- 'view_stats',
- 'who_view',
- 'profile_view_own',
- 'profile_identity_own',
- );
- $groupLevels['board']['restrict'] = array(
- 'poll_view',
- 'post_new',
- 'post_reply_own',
- 'post_reply_any',
- 'delete_own',
- 'modify_own',
- 'mark_any_notify',
- 'mark_notify',
- 'report_any',
- 'send_topic',
- );
- // Standard - ie. members. They can do anything Restrictive can.
- $groupLevels['global']['standard'] = array_merge($groupLevels['global']['restrict'], array(
- 'view_mlist',
- 'karma_edit',
- 'pm_read',
- 'pm_send',
- 'send_email_to_members',
- 'profile_view_any',
- 'profile_extra_own',
- 'profile_signature_own',
- 'profile_forum_own',
- 'profile_other_own',
- 'profile_password_own',
- 'profile_server_avatar',
- 'profile_displayed_name',
- 'profile_upload_avatar',
- 'profile_remote_avatar',
- 'profile_remove_own',
- ));
- $groupLevels['board']['standard'] = array_merge($groupLevels['board']['restrict'], array(
- 'poll_vote',
- 'poll_edit_own',
- 'poll_post',
- 'poll_add_own',
- 'post_attachment',
- 'lock_own',
- 'remove_own',
- 'view_attachments',
- ));
- // Moderator - ie. moderators :P. They can do what standard can, and more.
- $groupLevels['global']['moderator'] = array_merge($groupLevels['global']['standard'], array(
- 'calendar_post',
- 'calendar_edit_own',
- 'access_mod_center',
- 'issue_warning',
- ));
- $groupLevels['board']['moderator'] = array_merge($groupLevels['board']['standard'], array(
- 'make_sticky',
- 'poll_edit_any',
- 'delete_any',
- 'modify_any',
- 'lock_any',
- 'remove_any',
- 'move_any',
- 'merge_any',
- 'split_any',
- 'poll_lock_any',
- 'poll_remove_any',
- 'poll_add_any',
- 'approve_posts',
- ));
- // Maintenance - wannabe admins. They can do almost everything.
- $groupLevels['global']['maintenance'] = array_merge($groupLevels['global']['moderator'], array(
- 'manage_attachments',
- 'manage_smileys',
- 'manage_boards',
- 'moderate_forum',
- 'manage_membergroups',
- 'manage_bans',
- 'admin_forum',
- 'manage_permissions',
- 'edit_news',
- 'calendar_edit_any',
- 'profile_identity_any',
- 'profile_extra_any',
- 'profile_signature_any',
- 'profile_forum_own',
- 'profile_other_any',
- 'profile_displayed_name_any',
- 'profile_password_any',
- 'profile_title_any',
- ));
- $groupLevels['board']['maintenance'] = array_merge($groupLevels['board']['moderator'], array(
- ));
- // Standard - nothing above the group permissions. (this SHOULD be empty.)
- $boardLevels['standard'] = array(
- );
- // Locked - just that, you can't post here.
- $boardLevels['locked'] = array(
- 'poll_view',
- 'mark_notify',
- 'report_any',
- 'send_topic',
- 'view_attachments',
- );
- // Publisher - just a little more...
- $boardLevels['publish'] = array_merge($boardLevels['locked'], array(
- 'post_new',
- 'post_reply_own',
- 'post_reply_any',
- 'delete_own',
- 'modify_own',
- 'mark_any_notify',
- 'delete_replies',
- 'modify_replies',
- 'poll_vote',
- 'poll_edit_own',
- 'poll_post',
- 'poll_add_own',
- 'poll_remove_own',
- 'post_attachment',
- 'lock_own',
- 'remove_own',
- ));
- // Free for All - Scary. Just scary.
- $boardLevels['free'] = array_merge($boardLevels['publish'], array(
- 'poll_lock_any',
- 'poll_edit_any',
- 'poll_add_any',
- 'poll_remove_any',
- 'make_sticky',
- 'lock_any',
- 'remove_any',
- 'delete_any',
- 'split_any',
- 'merge_any',
- 'modify_any',
- 'approve_posts',
- ));
- // Make sure we're not granting someone too many permissions!
- foreach ($groupLevels['global'][$level] as $k => $permission)
- {
- if (!empty($context['illegal_permissions']) && in_array($permission, $context['illegal_permissions']))
- unset($groupLevels['global'][$level][$k]);
- if ($group == -1 && in_array($permission, $context['non_guest_permissions']))
- unset($groupLevels['global'][$level][$k]);
- }
- if ($group == -1)
- foreach ($groupLevels['board'][$level] as $k => $permission)
- if (in_array($permission, $context['non_guest_permissions']))
- unset($groupLevels['board'][$level][$k]);
- // Reset all cached permissions.
- updateSettings(array('settings_updated' => time()));
- // Setting group permissions.
- if ($profile === 'null' && $group !== 'null')
- {
- $group = (int) $group;
- if (empty($groupLevels['global'][$level]))
- return;
- $smcFunc['db_query']('', '
- DELETE FROM {db_prefix}permissions
- WHERE id_group = {int:current_group}
- ' . (empty($context['illegal_permissions']) ? '' : ' AND permission NOT IN ({array_string:illegal_permissions})'),
- array(
- 'current_group' => $group,
- 'illegal_permissions' => !empty($context['illegal_permissions']) ? $context['illegal_permissions'] : array(),
- )
- );
- $smcFunc['db_query']('', '
- DELETE FROM {db_prefix}board_permissions
- WHERE id_group = {int:current_group}
- AND id_profile = {int:default_profile}',
- array(
- 'current_group' => $group,
- 'default_profile' => 1,
- )
- );
- $groupInserts = array();
- foreach ($groupLevels['global'][$level] as $permission)
- $groupInserts[] = array($group, $permission);
- $smcFunc['db_insert']('insert',
- '{db_prefix}permissions',
- array('id_group' => 'int', 'permission' => 'string'),
- $groupInserts,
- array('id_group')
- );
- $boardInserts = array();
- foreach ($groupLevels['board'][$level] as $permission)
- $boardInserts[] = array(1, $group, $permission);
- $smcFunc['db_insert']('insert',
- '{db_prefix}board_permissions',
- array('id_profile' => 'int', 'id_group' => 'int', 'permission' => 'string'),
- $boardInserts,
- array('id_profile', 'id_group')
- );
- }
- // Setting profile permissions for a specific group.
- elseif ($profile !== 'null' && $group !== 'null' && ($profile == 1 || $profile > 4))
- {
- $group = (int) $group;
- $profile = (int) $profile;
- if (!empty($groupLevels['global'][$level]))
- {
- $smcFunc['db_query']('', '
- DELETE FROM {db_prefix}board_permissions
- WHERE id_group = {int:current_group}
- AND id_profile = {int:current_profile}',
- array(
- 'current_group' => $group,
- 'current_profile' => $profile,
- )
- );
- }
- if (!empty($groupLevels['board'][$level]))
- {
- $boardInserts = array();
- foreach ($groupLevels['board'][$level] as $permission)
- $boardInserts[] = array($profile, $group, $permission);
- $smcFunc['db_insert']('insert',
- '{db_prefix}board_permissions',
- array('id_profile' => 'int', 'id_group' => 'int', 'permission' => 'string'),
- $boardInserts,
- array('id_profile', 'id_group')
- );
- }
- }
- // Setting profile permissions for all groups.
- elseif ($profile !== 'null' && $group === 'null' && ($profile == 1 || $profile > 4))
- {
- $profile = (int) $profile;
- $smcFunc['db_query']('', '
- DELETE FROM {db_prefix}board_permissions
- WHERE id_profile = {int:current_profile}',
- array(
- 'current_profile' => $profile,
- )
- );
- if (empty($boardLevels[$level]))
- return;
- // Get all the groups...
- $query = $smcFunc['db_query']('', '
- SELECT id_group
- FROM {db_prefix}membergroups
- WHERE id_group > {int:moderator_group}
- ORDER BY min_posts, CASE WHEN id_group < {int:newbie_group} THEN id_group ELSE 4 END, group_name',
- array(
- 'moderator_group' => 3,
- 'newbie_group' => 4,
- )
- );
- while ($row = $smcFunc['db_fetch_row']($query))
- {
- $group = $row[0];
- $boardInserts = array();
- foreach ($boardLevels[$level] as $permission)
- $boardInserts[] = array($profile, $group, $permission);
- $smcFunc['db_insert']('insert',
- '{db_prefix}board_permissions',
- array('id_profile' => 'int', 'id_group' => 'int', 'permission' => 'string'),
- $boardInserts,
- array('id_profile', 'id_group')
- );
- }
- $smcFunc['db_free_result']($query);
- // Add permissions for ungrouped members.
- $boardInserts = array();
- foreach ($boardLevels[$level] as $permission)
- $boardInserts[] = array($profile, 0, $permission);
- $smcFunc['db_insert']('insert',
- '{db_prefix}board_permissions',
- array('id_profile' => 'int', 'id_group' => 'int', 'permission' => 'string'),
- $boardInserts,
- array('id_profile', 'id_group')
- );
- }
- // $profile and $group are both null!
- else
- fatal_lang_error('no_access', false);
- }
- /**
- * Load permissions into $context['permissions'].
- * @internal
- *
- * @param string $loadType options: 'classic' or 'simple'
- */
- function loadAllPermissions($loadType = 'classic')
- {
- global $context, $txt, $modSettings;
- // List of all the groups dependant on the currently selected view - for the order so it looks pretty, yea?
- // Note to Mod authors - you don't need to stick your permission group here if you don't mind SMF sticking it the last group of the page.
- $permissionGroups = array(
- 'membergroup' => array(
- 'simple' => array(
- 'view_basic_info',
- 'use_pm_system',
- 'post_calendar',
- 'edit_profile',
- 'delete_account',
- 'use_avatar',
- 'moderate_general',
- 'administrate',
- ),
- 'classic' => array(
- 'general',
- 'pm',
- 'calendar',
- 'maintenance',
- 'member_admin',
- 'profile',
- ),
- ),
- 'board' => array(
- 'simple' => array(
- 'make_posts',
- 'make_unapproved_posts',
- 'post_polls',
- 'participate',
- 'modify',
- 'notification',
- 'attach',
- 'moderate',
- ),
- 'classic' => array(
- 'general_board',
- 'topic',
- 'post',
- 'poll',
- 'notification',
- 'attachment',
- ),
- ),
- );
- /* The format of this list is as follows:
- 'membergroup' => array(
- 'permissions_inside' => array(has_multiple_options, classic_view_group, simple_view_group(_own)*, simple_view_group_any*),
- ),
- 'board' => array(
- 'permissions_inside' => array(has_multiple_options, classic_view_group, simple_view_group(_own)*, simple_view_group_any*),
- );
- */
- $permissionList = array(
- 'membergroup' => array(
- 'view_stats' => array(false, 'general', 'view_basic_info'),
- 'view_mlist' => array(false, 'general', 'view_basic_info'),
- 'who_view' => array(false, 'general', 'view_basic_info'),
- 'search_posts' => array(false, 'general', 'view_basic_info'),
- 'karma_edit' => array(false, 'general', 'moderate_general'),
- 'pm_read' => array(false, 'pm', 'use_pm_system'),
- 'pm_send' => array(false, 'pm', 'use_pm_system'),
- 'pm_draft' => array(false, 'pm', 'use_pm_system'),
- 'pm_autosave_draft' => array(false, 'pm', 'use_pm_system'),
- 'send_email_to_members' => array(false, 'pm', 'use_pm_system'),
- 'calendar_view' => array(false, 'calendar', 'view_basic_info'),
- 'calendar_post' => array(false, 'calendar', 'post_calendar'),
- 'calendar_edit' => array(true, 'calendar', 'post_calendar', 'moderate_general'),
- 'admin_forum' => array(false, 'maintenance', 'administrate'),
- 'manage_boards' => array(false, 'maintenance', 'administrate'),
- 'manage_attachments' => array(false, 'maintenance', 'administrate'),
- 'manage_smileys' => array(false, 'maintenance', 'administrate'),
- 'edit_news' => array(false, 'maintenance', 'administrate'),
- 'access_mod_center' => array(false, 'maintenance', 'moderate_general'),
- 'moderate_forum' => array(false, 'member_admin', 'moderate_general'),
- 'manage_membergroups' => array(false, 'member_admin', 'administrate'),
- 'manage_permissions' => array(false, 'member_admin', 'administrate'),
- 'manage_bans' => array(false, 'member_admin', 'administrate'),
- 'send_mail' => array(false, 'member_admin', 'administrate'),
- 'issue_warning' => array(false, 'member_admin', 'moderate_general'),
- 'profile_view' => array(true, 'profile', 'view_basic_info', 'view_basic_info'),
- 'profile_identity' => array(true, 'profile', 'edit_profile', 'moderate_general'),
- 'profile_forum' => array(true, 'profile', 'edit_profile', 'moderate_general'),
- 'profile_password' => array(true, 'profile', 'edit_profile', 'moderate_general'),
- 'profile_extra' => array(true, 'profile', 'edit_profile', 'moderate_general'),
- 'profile_signature' => array(true, 'profile', 'edit_profile', 'moderate_general'),
- 'profile_other' => array(true, 'profile', 'edit_profile', 'moderate_general'),
- 'profile_title' => array(true, 'profile', 'edit_profile', 'moderate_general'),
- 'profile_displayed_name' => array(true, 'profile', 'edit_profile', 'moderate_general'),
- 'profile_blurb' => array(true, 'profile', 'edit_profile', 'moderate_general'),
- 'profile_remove' => array(true, 'profile', 'delete_account', 'moderate_general'),
- 'profile_server_avatar' => array(false, 'profile', 'use_avatar'),
- 'profile_upload_avatar' => array(false, 'profile', 'use_avatar'),
- 'profile_remote_avatar' => array(false, 'profile', 'use_avatar'),
- ),
- 'board' => array(
- 'moderate_board' => array(false, 'general_board', 'moderate'),
- 'approve_posts' => array(false, 'general_board', 'moderate'),
- 'post_new' => array(false, 'topic', 'make_posts'),
- 'post_draft' => array(false, 'topic', 'make_posts'),
- 'post_autosave_draft' => array(false, 'topic', 'make_posts'),
- 'post_unapproved_topics' => array(false, 'topic', 'make_unapproved_posts'),
- 'post_unapproved_replies' => array(true, 'topic', 'make_unapproved_posts', 'make_unapproved_posts'),
- 'post_reply' => array(true, 'topic', 'make_posts', 'make_posts'),
- 'merge_any' => array(false, 'topic', 'moderate'),
- 'split_any' => array(false, 'topic', 'moderate'),
- 'send_topic' => array(false, 'topic', 'moderate'),
- 'make_sticky' => array(false, 'topic', 'moderate'),
- 'move' => array(true, 'topic', 'moderate', 'moderate'),
- 'lock' => array(true, 'topic', 'moderate', 'moderate'),
- 'remove' => array(true, 'topic', 'modify', 'moderate'),
- 'modify_replies' => array(false, 'topic', 'moderate'),
- 'delete_replies' => array(false, 'topic', 'moderate'),
- 'announce_topic' => array(false, 'topic', 'moderate'),
- 'delete' => array(true, 'post', 'modify', 'moderate'),
- 'modify' => array(true, 'post', 'modify', 'moderate'),
- 'report_any' => array(false, 'post', 'participate'),
- 'poll_view' => array(false, 'poll', 'participate'),
- 'poll_vote' => array(false, 'poll', 'participate'),
- 'poll_post' => array(false, 'poll', 'post_polls'),
- 'poll_add' => array(true, 'poll', 'post_polls', 'moderate'),
- 'poll_edit' => array(true, 'poll', 'modify', 'moderate'),
- 'poll_lock' => array(true, 'poll', 'moderate', 'moderate'),
- 'poll_remove' => array(true, 'poll', 'modify', 'moderate'),
- 'mark_any_notify' => array(false, 'notification', 'notification'),
- 'mark_notify' => array(false, 'notification', 'notification'),
- 'view_attachments' => array(false, 'attachment', 'participate'),
- 'post_unapproved_attachments' => array(false, 'attachment', 'make_unapproved_posts'),
- 'post_attachment' => array(false, 'attachment', 'attach'),
- ),
- );
- // All permission groups that will be shown in the left column on classic view.
- $leftPermissionGroups = array(
- 'general',
- 'calendar',
- 'maintenance',
- 'member_admin',
- 'topic',
- 'post',
- );
- // We need to know what permissions we can't give to guests.
- loadIllegalGuestPermissions();
- // Some permissions are hidden if features are off.
- $hiddenPermissions = array();
- $relabelPermissions = array(); // Permissions to apply a different label to.
- $relabelGroups = array(); // As above but for groups.
- if (empty($modSettings['cal_enabled']))
- {
- $hiddenPermissions[] = 'calendar_view';
- $hiddenPermissions[] = 'calendar_post';
- $hiddenPermissions[] = 'calendar_edit';
- }
- if ($modSettings['warning_settings'][0] == 0)
- $hiddenPermissions[] = 'issue_warning';
- if (empty($modSettings['karmaMode']))
- $hiddenPermissions[] = 'karma_edit';
- // Post moderation?
- if (!$modSettings['postmod_active'])
- {
- $hiddenPermissions[] = 'approve_posts';
- $hiddenPermissions[] = 'post_unapproved_topics';
- $hiddenPermissions[] = 'post_unapproved_replies';
- $hiddenPermissions[] = 'post_unapproved_attachments';
- }
- // If we show them on classic view we change the name.
- else
- {
- // Relabel the topics permissions
- $relabelPermissions['post_new'] = 'auto_approve_topics';
- // Relabel the reply permissions
- $relabelPermissions['post_reply'] = 'auto_approve_replies';
- // Relabel the attachment permissions
- $relabelPermissions['post_attachment'] = 'auto_approve_attachments';
- }
- // Are attachments enabled?
- if (empty($modSettings['attachmentEnable']))
- {
- $hiddenPermissions[] = 'manage_attachments';
- $hiddenPermissions[] = 'view_attachments';
- $hiddenPermissions[] = 'post_unapproved_attachments';
- $hiddenPermissions[] = 'post_attachment';
- }
- // Provide a practical way to modify permissions.
- call_integration_hook('integrate_load_permissions', array(&$permissionGroups, &$permissionList, &$leftPermissionGroups, &$hiddenPermissions, &$relabelPermissions));
- $context['permissions'] = array();
- $context['hidden_permissions'] = array();
- foreach ($permissionList as $permissionType => $permissionList)
- {
- $context['permissions'][$permissionType] = array(
- 'id' => $permissionType,
- 'view' => $loadType,
- 'columns' => array()
- );
- foreach ($permissionList as $permission => $permissionArray)
- {
- // If this is a guest permission we don't do it if it's the guest group.
- if (isset($context['group']['id']) && $context['group']['id'] == -1 && in_array($permission, $context['non_guest_permissions']))
- continue;
- // What groups will this permission be in?
- $own_group = $permissionArray[($loadType == 'classic' ? 1 : 2)];
- $any_group = $loadType == 'simple' && !empty($permissionArray[3]) ? $permissionArray[3] : ($loadType == 'simple' && $permissionArray[0] ? $permissionArray[2] : '');
- // First, Do these groups actually exist - if not add them.
- if (!isset($permissionGroups[$permissionType][$loadType][$own_group]))
- $permissionGroups[$permissionType][$loadType][$own_group] = true;
- if (!empty($any_group) && !isset($permissionGroups[$permissionType][$loadType][$any_group]))
- $permissionGroups[$permissionType][$loadType][$any_group] = true;
- // What column should this be located into?
- $position = $loadType == 'classic' && !in_array($own_group, $leftPermissionGroups) ? 1 : 0;
- // If the groups have not yet been created be sure to create them.
- $bothGroups = array('own' => $own_group);
- $bothGroups = array();
- // For guests, just reset the array.
- if (!isset($context['group']['id']) || !($context['group']['id'] == -1 && $any_group))
- $bothGroups['own'] = $own_group;
- if ($any_group)
- {
- $bothGroups['any'] = $any_group;
- }
- foreach ($bothGroups as $group)
- if (!isset($context['permissions'][$permissionType]['columns'][$position][$group]))
- $context['permissions'][$permissionType]['columns'][$position][$group] = array(
- 'type' => $permissionType,
- 'id' => $group,
- 'name' => $loadType == 'simple' ? (isset($txt['permissiongroup_simple_' . $group]) ? $txt['permissiongroup_simple_' . $group] : '') : $txt['permissiongroup_' . $group],
- 'icon' => isset($txt['permissionicon_' . $group]) ? $txt['permissionicon_' . $group] : $txt['permissionicon'],
- 'help' => isset($txt['permissionhelp_' . $group]) ? $txt['permissionhelp_' . $group] : '',
- 'hidden' => false,
- 'permissions' => array()
- );
- // This is where we set up the permission dependant on the view.
- if ($loadType == 'classic')
- {
- $context['permissions'][$permissionType]['columns'][$position][$own_group]['permissions'][$permission] = array(
- 'id' => $permission,
- 'name' => !isset($relabelPermissions[$permission]) ? $txt['permissionname_' . $permission] : $txt[$relabelPermissions[$permission]],
- 'show_help' => isset($txt['permissionhelp_' . $permission]),
- 'note' => isset($txt['permissionnote_' . $permission]) ? $txt['permissionnote_' . $permission] : '',
- 'has_own_any' => $permissionArray[0],
- 'own' => array(
- 'id' => $permission . '_own',
- 'name' => $permissionArray[0] ? $txt['permissionname_' . $permission . '_own'] : ''
- ),
- 'any' => array(
- 'id' => $permission . '_any',
- 'name' => $permissionArray[0] ? $txt['permissionname_' . $permission . '_any'] : ''
- ),
- 'hidden' => in_array($permission, $hiddenPermissions),
- );
- }
- else
- {
- foreach ($bothGroups as $group_type => $group)
- {
- $context['permissions'][$permissionType]['columns'][$position][$group]['permissions'][$permission . ($permissionArray[0] ? '_' . $group_type : '')] = array(
- 'id' => $permission . ($permissionArray[0] ? '_' . $group_type : ''),
- 'name' => isset($txt['permissionname_simple_' . $permission . ($permissionArray[0] ? '_' . $group_type : '')]) ? $txt['permissionname_simple_' . $permission . ($permissionArray[0] ? '_' . $group_type : '')] : $txt['permissionname_' . $permission],
- 'help_index' => isset($txt['permissionhelp_' . $permission]) ? 'permissionhelp_' . $permission : '',
- 'hidden' => in_array($permission, $hiddenPermissions),
- );
- }
- }
- if (in_array($permission, $hiddenPermissions))
- {
- if ($permissionArray[0])
- {
- $context['hidden_permissions'][] = $permission . '_own';
- $context['hidden_permissions'][] = $permission . '_any';
- }
- else
- $context['hidden_permissions'][] = $permission;
- }
- }
- ksort($context['permissions'][$permissionType]['columns']);
- // Check we don't leave any empty groups - and mark hidden ones as such.
- foreach ($context['permissions'][$permissionType]['columns'] as $column => $groups)
- foreach ($groups as $id => $group)
- {
- if (empty($group['permissions']))
- unset($context['permissions'][$permissionType]['columns'][$column][$id]);
- else
- {
- $foundNonHidden = false;
- foreach ($group['permissions'] as $permission)
- if (empty($permission['hidden']))
- $foundNonHidden = true;
- if (!$foundNonHidden)
- $context['permissions'][$permissionType]['columns'][$column][$id]['hidden'] = true;
- }
- }
- }
- }
- /**
- * Initialize a form with inline permissions settings.
- * It loads a context variables for each permission.
- * This function is used by several settings screens to set specific permissions.
- * @internal
- *
- * @param array $permissions
- * @param array $excluded_groups = array()
- *
- * @uses ManagePermissions language
- * @uses ManagePermissions template.
- */
- function init_inline_permissions($permissions, $excluded_groups = array())
- {
- global $context, $txt, $modSettings, $smcFunc;
- loadLanguage('ManagePermissions');
- loadTemplate('ManagePermissions');
- $context['can_change_permissions'] = allowedTo('manage_permissions');
- // Nothing to initialize here.
- if (!$context['can_change_permissions'])
- return;
- // Load the permission settings for guests
- foreach ($permissions as $permission)
- $context[$permission] = array(
- -1 => array(
- 'id' => -1,
- 'name' => $txt['membergroups_guests'],
- 'is_postgroup' => false,
- 'status' => 'off',
- ),
- 0 => array(
- 'id' => 0,
- 'name' => $txt['membergroups_members'],
- 'is_postgroup' => false,
- 'status' => 'off',
- ),
- );
- $request = $smcFunc['db_query']('', '
- SELECT id_group, CASE WHEN add_deny = {int:denied} THEN {string:deny} ELSE {string:on} END AS status, permission
- FROM {db_prefix}permissions
- WHERE id_group IN (-1, 0)
- AND permission IN ({array_string:permissions})',
- array(
- 'denied' => 0,
- 'permissions' => $permissions,
- 'deny' => 'deny',
- 'on' => 'on',
- )
- );
- while ($row = $smcFunc['db_fetch_assoc']($request))
- $context[$row['permission']][$row['id_group']]['status'] = $row['status'];
- $smcFunc['db_free_result']($request);
- $request = $smcFunc['db_query']('', '
- SELECT mg.id_group, mg.group_name, mg.min_posts, IFNULL(p.add_deny, -1) AS status, p.permission
- FROM {db_prefix}membergroups AS mg
- LEFT JOIN {db_prefix}permissions AS p ON (p.id_group = mg.id_group AND p.permission IN ({array_string:permissions}))
- WHERE mg.id_group NOT IN (1, 3)
- AND mg.id_parent = {int:not_inherited}' . (empty($modSettings['permission_enable_postgroups']) ? '
- AND mg.min_posts = {int:min_posts}' : '') . '
- ORDER BY mg.min_posts, CASE WHEN mg.id_group < {int:newbie_group} THEN mg.id_group ELSE 4 END, mg.group_name',
- array(
- 'not_inherited' => -2,
- 'min_posts' => -1,
- 'newbie_group' => 4,
- 'permissions' => $permissions,
- )
- );
- while ($row = $smcFunc['db_fetch_assoc']($request))
- {
- // Initialize each permission as being 'off' until proven otherwise.
- foreach ($permissions as $permission)
- if (!isset($context[$permission][$row['id_group']]))
- $context[$permission][$row['id_group']] = array(
- 'id' => $row['id_group'],
- 'name' => $row['group_name'],
- 'is_postgroup' => $row['min_posts'] != -1,
- 'status' => 'off',
- );
- $context[$row['permission']][$row['id_group']]['status'] = empty($row['status']) ? 'deny' : ($row['status'] == 1 ? 'on' : 'off');
- }
- $smcFunc['db_free_result']($request);
- // Some permissions cannot be given to certain groups. Remove the groups.
- foreach ($excluded_groups as $group)
- {
- foreach ($permissions as $permission)
- {
- if (isset($context[$permission][$group]))
- unset($context[$permission][$group]);
- }
- }
- }
- /**
- * Show a collapsible box to set a specific permission.
- * The function is called by templates to show a list of permissions settings.
- * Calls the template function template_inline_permissions().
- *
- * @param string $permission
- */
- function theme_inline_permissions($permission)
- {
- global $context;
- $context['current_permission'] = $permission;
- $context['member_groups'] = $context[$permission];
- template_inline_permissions();
- }
- /**
- * Save the permissions of a form containing inline permissions.
- * @internal
- *
- * @param array $permissions
- */
- function save_inline_permissions($permissions)
- {
- global $context, $smcFunc;
- // No permissions? Not a great deal to do here.
- if (!allowedTo('manage_permissions'))
- return;
- // Almighty session check, verify our ways.
- checkSession();
- validateToken('admin-mp');
- // Check they can't do certain things.
- loadIllegalPermissions();
- $insertRows = array();
- foreach ($permissions as $permission)
- {
- if (!isset($_POST[$permission]))
- continue;
- foreach ($_POST[$permission] as $id_group => $value)
- {
- if (in_array($value, array('on', 'deny')) && (empty($context['illegal_permissions']) || !in_array($permission, $context['illegal_permissions'])))
- $insertRows[] = array((int) $id_group, $permission, $value == 'on' ? 1 : 0);
- }
- }
- // Remove the old permissions...
- $smcFunc['db_query']('', '
- DELETE FROM {db_prefix}permissions
- WHERE permission IN ({array_string:permissions})
- ' . (empty($context['illegal_permissions']) ? '' : ' AND permission NOT IN ({array_string:illegal_permissions})'),
- array(
- 'illegal_permissions' => !empty($context['illegal_permissions']) ? $context['illegal_permissions'] : array(),
- 'permissions' => $permissions,
- )
- );
- // ...and replace them with new ones.
- if (!empty($insertRows))
- $smcFunc['db_insert']('insert',
- '{db_prefix}permissions',
- array('id_group' => 'int', 'permission' => 'string', 'add_deny' => 'int'),
- $insertRows,
- array('id_group', 'permission')
- );
- // Do a full child update.
- updateChildPermissions(array(), -1);
- // Just in case we cached this.
- updateSettings(array('settings_updated' => time()));
- }
- /**
- * Load permissions profiles.
- */
- function loadPermissionProfiles()
- {
- global $context, $txt, $smcFunc;
- $request = $smcFunc['db_query']('', '
- SELECT id_profile, profile_name
- FROM {db_prefix}permission_profiles
- ORDER BY id_profile',
- array(
- )
- );
- $context['profiles'] = array();
- while ($row = $smcFunc['db_fetch_assoc']($request))
- {
- // Format the label nicely.
- if (isset($txt['permissions_profile_' . $row['profile_name']]))
- $name = $txt['permissions_profile_' . $row['profile_name']];
- else
- $name = $row['profile_name'];
- $context['profiles'][$row['id_profile']] = array(
- 'id' => $row['id_profile'],
- 'name' => $name,
- 'can_modify' => $row['id_profile'] == 1 || $row['id_profile'] > 4,
- 'unformatted_name' => $row['profile_name'],
- );
- }
- $smcFunc['db_free_result']($request);
- }
- /**
- * Add/Edit/Delete profiles.
- */
- function EditPermissionProfiles()
- {
- global $context, $txt, $smcFunc;
- // Setup the template, first for fun.
- $context['page_title'] = $txt['permissions_profile_edit'];
- $context['sub_template'] = 'edit_profiles';
- // If we're creating a new one do it first.
- if (isset($_POST['create']) && trim($_POST['profile_name']) != '')
- {
- checkSession();
- validateToken('admin-mpp');
- $_POST['copy_from'] = (int) $_POST['copy_from'];
- $_POST['profile_name'] = $smcFunc['htmlspecialchars']($_POST['profile_name']);
- // Insert the profile itself.
- $smcFunc['db_insert']('',
- '{db_prefix}permission_profiles',
- array(
- 'profile_name' => 'string',
- ),
- array(
- $_POST['profile_name'],
- ),
- array('id_profile')
- );
- $profile_id = $smcFunc['db_insert_id']('{db_prefix}permission_profiles', 'id_profile');
- // Load the permissions from the one it's being copied from.
- $request = $smcFunc['db_query']('', '
- SELECT id_group, permission, add_deny
- FROM {db_prefix}board_permissions
- WHERE id_profile = {int:copy_from}',
- array(
- 'copy_from' => $_POST['copy_from'],
- )
- );
- $inserts = array();
- while ($row = $smcFunc['db_fetch_assoc']($request))
- $inserts[] = array($profile_id, $row['id_group'], $row['permission'], $row['add_deny']);
- $smcFunc['db_free_result']($request);
- if (!empty($inserts))
- $smcFunc['db_insert']('insert',
- '{db_prefix}board_permissions',
- array('id_profile' => 'int', 'id_group' => 'int', 'permission' => 'string', 'add_deny' => 'int'),
- $inserts,
- array('id_profile', 'id_group', 'permission')
- );
- }
- // Renaming?
- elseif (isset($_POST['rename']))
- {
- checkSession();
- validateToken('admin-mpp');
- // Just showing the boxes?
- if (!isset($_POST['rename_profile']))
- $context['show_rename_boxes'] = true;
- else
- {
- foreach ($_POST['rename_profile'] as $id => $value)
- {
- $value = $smcFunc['htmlspecialchars']($value);
- if (trim($value) != '' && $id > 4)
- $smcFunc['db_query']('', '
- UPDATE {db_prefix}permission_profiles
- SET profile_name = {string:profile_name}
- WHERE id_profile = {int:current_profile}',
- array(
- 'current_profile' => (int) $id,
- 'profile_name' => $value,
- )
- );
- }
- }
- }
- // Deleting?
- elseif (isset($_POST['delete']) && !empty($_POST['delete_profile']))
- {
- checkSession('post');
- validateToken('admin-mpp');
- $profiles = array();
- foreach ($_POST['delete_profile'] as $profile)
- if ($profile > 4)
- $profiles[] = (int) $profile;
- // Verify it's not in use...
- $request = $smcFunc['db_query']('', '
- SELECT id_board
- FROM {db_prefix}boards
- WHERE id_profile IN ({array_int:profile_list})
- LIMIT 1',
- array(
- 'profile_list' => $profiles,
- )
- );
- if ($smcFunc['db_num_rows']($request) != 0)
- fatal_lang_error('no_access', false);
- $smcFunc['db_free_result']($request);
- // Oh well, delete.
- $smcFunc['db_query']('', '
- DELETE FROM {db_prefix}permission_profiles
- WHERE id_profile IN ({array_int:profile_list})',
- array(
- 'profile_list' => $profiles,
- )
- );
- }
- // Clearly, we'll need this!
- loadPermissionProfiles();
- // Work out what ones are in use.
- $request = $smcFunc['db_query']('', '
- SELECT id_profile, COUNT(id_board) AS board_count
- FROM {db_prefix}boards
- GROUP BY id_profile',
- array(
- )
- );
- while ($row = $smcFunc['db_fetch_assoc']($request))
- if (isset($context['profiles'][$row['id_profile']]))
- {
- $context['profiles'][$row['id_profile']]['in_use'] = true;
- $context['profiles'][$row['id_profile']]['boards'] = $row['board_count'];
- $context['profiles'][$row['id_profile']]['boards_text'] = $row['board_count'] > 1 ? sprintf($txt['permissions_profile_used_by_many'], $row['board_count']) : $txt['permissions_profile_used_by_' . ($row['board_count'] ? 'one' : 'none')];
- }
- $smcFunc['db_free_result']($request);
- // What can we do with these?
- $context['can_edit_something'] = false;
- foreach ($context['profiles'] as $id => $profile)
- {
- // Can't delete special ones.
- $context['profiles'][$id]['can_edit'] = isset($txt['permissions_profile_' . $profile['unformatted_name']]) ? false : true;
- if ($context['profiles'][$id]['can_edit'])
- $context['can_edit_something'] = true;
- // You can only delete it if you can edit it AND it's not in use.
- $context['profiles'][$id]['can_delete'] = $context['profiles'][$id]['can_edit'] && empty($profile['in_use']) ? true : false;
- }
- createToken('admin-mpp');
- }
- /**
- * This function updates the permissions of any groups based off this group.
- *
- * @param mixed $parents (array or int)
- * @param mixed $profile = null, int expected
- */
- function updateChildPermissions($parents, $profile = null)
- {
- global $smcFunc;
- // All the parent groups to sort out.
- if (!is_array($parents))
- $parents = array($parents);
- // Find all the children of this group.
- $request = $smcFunc['db_query']('', '
- SELECT id_parent, id_group
- FROM {db_prefix}membergroups
- WHERE id_parent != {int:not_inherited}
- ' . (empty($parents) ? '' : 'AND id_parent IN ({array_int:parent_list})'),
- array(
- 'parent_list' => $parents,
- 'not_inherited' => -2,
- )
- );
- $children = array();
- $parents = array();
- $child_groups = array();
- while ($row = $smcFunc['db_fetch_assoc']($request))
- {
- $children[$row['id_parent']][] = $row['id_group'];
- $child_groups[] = $row['id_group'];
- $parents[] = $row['id_parent'];
- }
- $smcFunc['db_free_result']($request);
- $parents = array_unique($parents);
- // Not a sausage, or a child?
- if (empty($children))
- return false;
- // First off, are we doing general permissions?
- if ($profile < 1 || $profile === null)
- {
- // Fetch all the parent permissions.
- $request = $smcFunc['db_query']('', '
- SELECT id_group, permission, add_deny
- FROM {db_prefix}permissions
- WHERE id_group IN ({array_int:parent_list})',
- array(
- 'parent_list' => $parents,
- )
- );
- $permissions = array();
- while ($row = $smcFunc['db_fetch_assoc']($request))
- foreach ($children[$row['id_group']] as $child)
- $permissions[] = array($child, $row['permission'], $row['add_deny']);
- $smcFunc['db_free_result']($request);
- $smcFunc['db_query']('', '
- DELETE FROM {db_prefix}permissions
- WHERE id_group IN ({array_int:child_groups})',
- array(
- 'child_groups' => $child_groups,
- )
- );
- // Finally insert.
- if (!empty($permissions))
- {
- $smcFunc['db_insert']('insert',
- '{db_prefix}permissions',
- array('id_group' => 'int', 'permission' => 'string', 'add_deny' => 'int'),
- $permissions,
- array('id_group', 'permission')
- );
- }
- }
- // Then, what about board profiles?
- if ($profile != -1)
- {
- $profileQuery = $profile === null ? '' : ' AND id_profile = {int:current_profile}';
- // Again, get all the parent permissions.
- $request = $smcFunc['db_query']('', '
- SELECT id_profile, id_group, permission, add_deny
- FROM {db_prefix}board_permissions
- WHERE id_group IN ({array_int:parent_groups})
- ' . $profileQuery,
- array(
- 'parent_groups' => $parents,
- 'current_profile' => $profile !== null && $profile ? $profile : 1,
- )
- );
- $permissions = array();
- while ($row = $smcFunc['db_fetch_assoc']($request))
- foreach ($children[$row['id_group']] as $child)
- $permissions[] = array($child, $row['id_profile'], $row['permission'], $row['add_deny']);
- $smcFunc['db_free_result']($request);
- $smcFunc['db_query']('', '
- DELETE FROM {db_prefix}board_permissions
- WHERE id_group IN ({array_int:child_groups})
- ' . $profileQuery,
- array(
- 'child_groups' => $child_groups,
- 'current_profile' => $profile !== null && $profile ? $profile : 1,
- )
- );
- // Do the insert.
- if (!empty($permissions))
- {
- $smcFunc['db_insert']('insert',
- '{db_prefix}board_permissions',
- array('id_group' => 'int', 'id_profile' => 'int', 'permission' => 'string', 'add_deny' => 'int'),
- $permissions,
- array('id_group', 'id_profile', 'permission')
- );
- }
- }
- }
- /**
- * Load permissions someone cannot grant.
- */
- function loadIllegalPermissions()
- {
- global $context;
- $context['illegal_permissions'] = array();
- if (!allowedTo('admin_forum'))
- $context['illegal_permissions'][] = 'admin_forum';
- if (!allowedTo('manage_membergroups'))
- $context['illegal_permissions'][] = 'manage_membergroups';
- if (!allowedTo('manage_permissions'))
- $context['illegal_permissions'][] = 'manage_permissions';
- call_integration_hook('integrate_load_illegal_permissions');
- }
- /**
- * Loads the permissions that can not be given to guests.
- * Stores the permissions in $context['non_guest_permissions'].
- */
- function loadIllegalGuestPermissions()
- {
- global $context;
- $context['non_guest_permissions'] = array(
- 'delete_replies',
- 'karma_edit',
- 'poll_add_own',
- 'pm_read',
- 'pm_send',
- 'profile_identity',
- 'profile_extra',
- 'profile_signature',
- 'profile_forum',
- 'profile_other',
- 'profile_password',
- 'profile_title',
- 'profile_blurb',
- 'profile_displayed_name',
- 'profile_remove',
- 'profile_server_avatar',
- 'profile_upload_avatar',
- 'profile_remote_avatar',
- 'profile_view_own',
- 'mark_any_notify',
- 'mark_notify',
- 'admin_forum',
- 'manage_boards',
- 'manage_attachments',
- 'manage_smileys',
- 'edit_news',
- 'access_mod_center',
- 'moderate_forum',
- 'issue_warning',
- 'manage_membergroups',
- 'manage_permissions',
- 'manage_bans',
- 'move_own',
- 'modify_replies',
- 'send_mail',
- 'approve_posts',
- 'post_draft',
- 'post_autosave_draft',
- 'pm_draft',
- 'pm_autosave_draft',
- 'report_any',
- 'make_sticky',
- 'merge_any',
- 'split_any',
- 'lock_any',
- 'move_any',
- 'modify_any',
- 'remove_any',
- 'moderate_board',
- 'poll_add_any',
- 'poll_edit_any',
- 'poll_lock_any',
- 'poll_remove_any',
- 'announce_topic'
- );
- call_integration_hook('integrate_load_illegal_guest_permissions');
- }
- /**
- * Present a nice way of applying post moderation.
- */
- function ModifyPostModeration()
- {
- global $context, $txt, $smcFunc, $modSettings, $sourcedir;
- // Just in case.
- checkSession('get');
- $context['page_title'] = $txt['permissions_post_moderation'];
- $context['sub_template'] = 'postmod_permissions';
- $context['current_profile'] = isset($_REQUEST['pid']) ? (int) $_REQUEST['pid'] : 1;
- // Load all the permission profiles.
- loadPermissionProfiles();
- // Mappings, our key => array(can_do_moderated, can_do_all)
- $mappings = array(
- 'new_topic' => array('post_new', 'post_unapproved_topics'),
- 'replies_own' => array('post_reply_own', 'post_unapproved_replies_own'),
- 'replies_any' => array('post_reply_any', 'post_unapproved_replies_any'),
- 'attachment' => array('post_attachment', 'post_unapproved_attachments'),
- );
- call_integration_hook('integrate_post_moderation_mapping', array(&$mappings));
- // Start this with the guests/members.
- $context['profile_groups'] = array(
- -1 => array(
- 'id' => -1,
- 'name' => $txt['membergroups_guests'],
- 'color' => '',
- 'new_topic' => 'disallow',
- 'replies_own' => 'disallow',
- 'replies_any' => 'disallow',
- 'attachment' => 'disallow',
- 'children' => array(),
- ),
- 0 => array(
- 'id' => 0,
- 'name' => $txt['membergroups_members'],
- 'color' => '',
- 'new_topic' => 'disallow',
- 'replies_own' => 'disallow',
- 'replies_any' => 'disallow',
- 'attachment' => 'disallow',
- 'children' => array(),
- ),
- );
- // Load the groups.
- $request = $smcFunc['db_query']('', '
- SELECT id_group, group_name, online_color, id_parent
- FROM {db_prefix}membergroups
- WHERE id_group != {int:admin_group}
- ' . (empty($modSettings['permission_enable_postgroups']) ? ' AND min_posts = {int:min_posts}' : '') . '
- ORDER BY id_parent ASC',
- array(
- 'admin_group' => 1,
- 'min_posts' => -1,
- )
- );
- while ($row = $smcFunc['db_fetch_assoc']($request))
- {
- if ($row['id_parent'] == -2)
- {
- $context['profile_groups'][$row['id_group']] = array(
- 'id' => $row['id_group'],
- 'name' => $row['group_name'],
- 'color' => $row['online_color'],
- 'new_topic' => 'disallow',
- 'replies_own' => 'disallow',
- 'replies_any' => 'disallow',
- 'attachment' => 'disallow',
- 'children' => array(),
- );
- }
- elseif (isset($context['profile_groups'][$row['id_parent']]))
- $context['profile_groups'][$row['id_parent']]['children'][] = $row['group_name'];
- }
- $smcFunc['db_free_result']($request);
- // What are the permissions we are querying?
- $all_permissions = array();
- foreach ($mappings as $perm_set)
- $all_permissions = array_merge($all_permissions, $perm_set);
- // If we're saving the changes then do just that - save them.
- if (!empty($_POST['save_changes']) && ($context['current_profile'] == 1 || $context['current_profile'] > 4))
- {
- validateToken('admin-mppm');
- // First, are we saving a new value for enabled post moderation?
- $new_setting = !empty($_POST['postmod_active']);
- if ($new_setting != $modSettings['postmod_active'])
- {
- if ($new_setting)
- {
- // Turning it on. This seems easy enough.
- updateSettings(array('postmod_active' => 1));
- }
- else
- {
- // Turning it off. Not so straightforward. We have to turn off warnings to moderation level, and make everything approved.
- updateSettings(array(
- 'postmod_active' => 0,
- 'warning_moderate' => 0,
- ));
-
- require_once($sourcedir . '/PostModeration.php');
- approveAllData();
- }
- }
- elseif ($modSettings['postmod_active'])
- {
- // We're not saving a new setting - and if it's still enabled we have more work to do.
- // Start by deleting all the permissions relevant.
- $smcFunc['db_query']('', '
- DELETE FROM {db_prefix}board_permissions
- WHERE id_profile = {int:current_profile}
- AND permission IN ({array_string:permissions})
- AND id_group IN ({array_int:profile_group_list})',
- array(
- 'profile_group_list' => array_keys($context['profile_groups']),
- 'current_profile' => $context['current_profile'],
- 'permissions' => $all_permissions,
- )
- );
- // Do it group by group.
- $new_permissions = array();
- foreach ($context['profile_groups'] as $id => $group)
- {
- foreach ($mappings as $index => $data)
- {
- if (isset($_POST[$index][$group['id']]))
- {
- if ($_POST[$index][$group['id']] == 'allow')
- {
- // Give them both sets for fun.
- $new_permissions[] = array($context['current_profile'], $group['id'], $data[0], 1);
- $new_permissions[] = array($context['current_profile'], $group['id'], $data[1], 1);
- }
- elseif ($_POST[$index][$group['id']] == 'moderate')
- $new_permissions[] = array($context['current_profile'], $group['id'], $data[1], 1);
- }
- }
- }
- // Insert new permissions.
- if (!empty($new_permissions))
- $smcFunc['db_insert']('',
- '{db_prefix}board_permissions',
- array('id_profile' => 'int', 'id_group' => 'int', 'permission' => 'string', 'add_deny' => 'int'),
- $new_permissions,
- array('id_profile', 'id_group', 'permission')
- );
- }
- }
- // Now get all the permissions!
- $request = $smcFunc['db_query']('', '
- SELECT id_group, permission, add_deny
- FROM {db_prefix}board_permissions
- WHERE id_profile = {int:current_profile}
- AND permission IN ({array_string:permissions})
- AND id_group IN ({array_int:profile_group_list})',
- array(
- 'profile_group_list' => array_keys($context['profile_groups']),
- 'current_profile' => $context['current_profile'],
- 'permissions' => $all_permissions,
- )
- );
- while ($row = $smcFunc['db_fetch_assoc']($request))
- {
- foreach ($mappings as $key => $data)
- {
- foreach ($data as $index => $perm)
- {
- if ($perm == $row['permission'])
- {
- // Only bother if it's not denied.
- if ($row['add_deny'])
- {
- // Full allowance?
- if ($index == 0)
- $context['profile_groups'][$row['id_group']][$key] = 'allow';
- // Otherwise only bother with moderate if not on allow.
- elseif ($context['profile_groups'][$row['id_group']][$key] != 'allow')
- $context['profile_groups'][$row['id_group']][$key] = 'moderate';
- }
- }
- }
- }
- }
- $smcFunc['db_free_result']($request);
- createToken('admin-mppm');
- }
- ?>
|