phpBB

Code Changes

File: includes/acp/acp_permissions.php

  Unmodified   Added   Modified   Removed
Line 48Line 48

$this->tpl_name = 'permission_trace';



$this->tpl_name = 'permission_trace';


			if ($user_id && isset($auth_admin->option_ids[$permission]) && $auth->acl_get('a_viewauth'))

			if ($user_id && isset($auth_admin->acl_options['id'][$permission]) && $auth->acl_get('a_viewauth'))

			{
$this->page_title = sprintf($user->lang['TRACE_PERMISSION'], $user->lang['acl_' . $permission]['lang']);
$this->permission_trace($user_id, $forum_id, $permission);
return;
}

			{
$this->page_title = sprintf($user->lang['TRACE_PERMISSION'], $user->lang['acl_' . $permission]['lang']);
$this->permission_trace($user_id, $forum_id, $permission);
return;
}

 
			trigger_error('NO_MODE', E_USER_ERROR);
}

// Copy forum permissions
if ($mode == 'setting_forum_copy')
{
$this->tpl_name = 'permission_forum_copy';

if ($auth->acl_get('a_fauth') && $auth->acl_get('a_authusers') && $auth->acl_get('a_authgroups') && $auth->acl_get('a_mauth'))
{
$this->page_title = 'ACP_FORUM_PERMISSIONS_COPY';
$this->copy_forum_permissions();
return;
}


			trigger_error('NO_MODE', E_USER_ERROR);
}


			trigger_error('NO_MODE', E_USER_ERROR);
}


Line 124Line 139
			$forum_id = array();
while ($row = $db->sql_fetchrow($result))
{

			$forum_id = array();
while ($row = $db->sql_fetchrow($result))
{

				$forum_id[] = $row['forum_id'];

				$forum_id[] = (int) $row['forum_id'];

			}
$db->sql_freeresult($result);
}

			}
$db->sql_freeresult($result);
}

Line 133Line 148
			$forum_id = array();
foreach (get_forum_branch($subforum_id, 'children') as $row)
{

			$forum_id = array();
foreach (get_forum_branch($subforum_id, 'children') as $row)
{

				$forum_id[] = $row['forum_id'];

				$forum_id[] = (int) $row['forum_id'];

			}
}


			}
}


Line 216Line 231
		{
trigger_error($user->lang['WRONG_PERMISSION_TYPE'] . adm_back_link($this->u_action), E_USER_WARNING);
}

		{
trigger_error($user->lang['WRONG_PERMISSION_TYPE'] . adm_back_link($this->u_action), E_USER_WARNING);
}



 

// Handle actions
if (strpos($mode, 'setting_') === 0 && $action)


// Handle actions
if (strpos($mode, 'setting_') === 0 && $action)

Line 224Line 238
			switch ($action)
{
case 'delete':

			switch ($action)
{
case 'delete':


if (!check_form_key($form_name))

					if (confirm_box(true))


					{

					{

						trigger_error($user->lang['FORM_INVALID']. adm_back_link($this->u_action), E_USER_WARNING);
}

 
					// All users/groups selected?
$all_users = (isset($_POST['all_users'])) ? true : false;
$all_groups = (isset($_POST['all_groups'])) ? true : false;

					// All users/groups selected?
$all_users = (isset($_POST['all_users'])) ? true : false;
$all_groups = (isset($_POST['all_groups'])) ? true : false;

Line 254Line 265
					else
{
trigger_error($user->lang['NO_USER_GROUP_SELECTED'] . adm_back_link($this->u_action), E_USER_WARNING);

					else
{
trigger_error($user->lang['NO_USER_GROUP_SELECTED'] . adm_back_link($this->u_action), E_USER_WARNING);

 
						}
}
else
{
if (isset($_POST['cancel']))
{
$u_redirect = $this->u_action . '&type=' . $permission_type;
foreach ($forum_id as $fid)
{
$u_redirect .= '&forum_id[]=' . $fid;
}
redirect($u_redirect);
}

$s_hidden_fields = array(
'i' => $id,
'mode' => $mode,
'action' => array($action => 1),
'user_id' => $user_id,
'group_id' => $group_id,
'forum_id' => $forum_id,
'type' => $permission_type,
);
if (isset($_POST['all_users']))
{
$s_hidden_fields['all_users'] = 1;
}
if (isset($_POST['all_groups']))
{
$s_hidden_fields['all_groups'] = 1;
}
confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields($s_hidden_fields));

					}
break;


					}
break;


Line 369Line 412

$template->assign_vars(array(
'S_SELECT_GROUP' => true,


$template->assign_vars(array(
'S_SELECT_GROUP' => true,

						'S_GROUP_OPTIONS'		=> group_select_options(false, false, (($user->data['user_type'] == USER_FOUNDER) ? false : 0)))
);

						'S_GROUP_OPTIONS'		=> group_select_options(false, false, false), // Show all groups
));


break;



break;


Line 415Line 458
						'S_SELECT_USERGROUP_VIEW'	=> ($victim == 'usergroup_view') ? true : false,
'S_DEFINED_USER_OPTIONS' => $items['user_ids_options'],
'S_DEFINED_GROUP_OPTIONS' => $items['group_ids_options'],

						'S_SELECT_USERGROUP_VIEW'	=> ($victim == 'usergroup_view') ? true : false,
'S_DEFINED_USER_OPTIONS' => $items['user_ids_options'],
'S_DEFINED_GROUP_OPTIONS' => $items['group_ids_options'],

						'S_ADD_GROUP_OPTIONS'		=> group_select_options(false, $items['group_ids'], (($user->data['user_type'] == USER_FOUNDER) ? false : 0)),

						'S_ADD_GROUP_OPTIONS'		=> group_select_options(false, $items['group_ids'], false),	// Show all groups

						'U_FIND_USERNAME'			=> append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&form=add_user&field=username&select_single=true'),
));


						'U_FIND_USERNAME'			=> append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&form=add_user&field=username&select_single=true'),
));


Line 598Line 641
			$ids = array();
while ($row = $db->sql_fetchrow($result))
{

			$ids = array();
while ($row = $db->sql_fetchrow($result))
{

				$ids[] = $row[$sql_id];

				$ids[] = (int) $row[$sql_id];

			}
$db->sql_freeresult($result);
}

			}
$db->sql_freeresult($result);
}

Line 762Line 805

$this->log_action($mode, 'add', $permission_type, $ug_type, $ug_ids, $forum_ids);



$this->log_action($mode, 'add', $permission_type, $ug_type, $ug_ids, $forum_ids);


 
		if ($mode == 'setting_forum_local' || $mode == 'setting_mod_local')
{
trigger_error($user->lang['AUTH_UPDATED'] . adm_back_link($this->u_action . '&forum_id[]=' . implode('&forum_id[]=', $forum_ids)));
}
else
{

		trigger_error($user->lang['AUTH_UPDATED'] . adm_back_link($this->u_action));

		trigger_error($user->lang['AUTH_UPDATED'] . adm_back_link($this->u_action));

 
		}

	}

/**

	}

/**

Line 829Line 879

$this->log_action($mode, 'del', $permission_type, $ug_type, (($ug_type == 'user') ? $user_id : $group_id), (sizeof($forum_id) ? $forum_id : array(0 => 0)));



$this->log_action($mode, 'del', $permission_type, $ug_type, (($ug_type == 'user') ? $user_id : $group_id), (sizeof($forum_id) ? $forum_id : array(0 => 0)));


 
		if ($mode == 'setting_forum_local' || $mode == 'setting_mod_local')
{
trigger_error($user->lang['AUTH_UPDATED'] . adm_back_link($this->u_action . '&forum_id[]=' . implode('&forum_id[]=', $forum_id)));
}
else
{

		trigger_error($user->lang['AUTH_UPDATED'] . adm_back_link($this->u_action));

		trigger_error($user->lang['AUTH_UPDATED'] . adm_back_link($this->u_action));

 
		}

	}

/**

	}

/**

Line 949Line 1006
				LEFT JOIN ' . USER_GROUP_TABLE . ' ug ON (ug.group_id = g.group_id)
WHERE ug.user_id = ' . $user_id . '
AND ug.user_pending = 0

				LEFT JOIN ' . USER_GROUP_TABLE . ' ug ON (ug.group_id = g.group_id)
WHERE ug.user_id = ' . $user_id . '
AND ug.user_pending = 0

 
				AND NOT (ug.group_leader = 1 AND g.group_skip_auth = 1)

			ORDER BY g.group_type DESC, g.group_id DESC';
$result = $db->sql_query($sql);


			ORDER BY g.group_type DESC, g.group_id DESC';
$result = $db->sql_query($sql);


Line 1106Line 1164
			'S_RESULT_NO'		=> ($total == ACL_NO) ? true : false,
'S_RESULT_YES' => ($total == ACL_YES) ? true : false,
'S_RESULT_NEVER' => ($total == ACL_NEVER) ? true : false,

			'S_RESULT_NO'		=> ($total == ACL_NO) ? true : false,
'S_RESULT_YES' => ($total == ACL_YES) ? true : false,
'S_RESULT_NEVER' => ($total == ACL_NEVER) ? true : false,

 
		));
}

/**
* Handles copying permissions from one forum to others
*/
function copy_forum_permissions()
{
global $auth, $cache, $template, $user;

$user->add_lang('acp/forums');

$submit = isset($_POST['submit']) ? true : false;

if ($submit)
{
$src = request_var('src_forum_id', 0);
$dest = request_var('dest_forum_ids', array(0));

if (confirm_box(true))
{
if (copy_forum_permissions($src, $dest))
{
cache_moderators();

$auth->acl_clear_prefetch();
$cache->destroy('sql', FORUMS_TABLE);

trigger_error($user->lang['AUTH_UPDATED'] . adm_back_link($this->u_action));
}
else
{
trigger_error($user->lang['SELECTED_FORUM_NOT_EXIST'] . adm_back_link($this->u_action), E_USER_WARNING);
}
}
else
{
$s_hidden_fields = array(
'submit' => $submit,
'src_forum_id' => $src,
'dest_forum_ids' => $dest,
);

$s_hidden_fields = build_hidden_fields($s_hidden_fields);

confirm_box(false, $user->lang['COPY_PERMISSIONS_CONFIRM'], $s_hidden_fields);
}
}

$template->assign_vars(array(
'S_FORUM_OPTIONS' => make_forum_select(false, false, false, false, false),

		));
}


		));
}


Line 1117Line 1226
		global $db, $user;

$sql_forum_id = ($permission_scope == 'global') ? 'AND a.forum_id = 0' : ((sizeof($forum_id)) ? 'AND ' . $db->sql_in_set('a.forum_id', $forum_id) : 'AND a.forum_id <> 0');

		global $db, $user;

$sql_forum_id = ($permission_scope == 'global') ? 'AND a.forum_id = 0' : ((sizeof($forum_id)) ? 'AND ' . $db->sql_in_set('a.forum_id', $forum_id) : 'AND a.forum_id <> 0');

		$sql_permission_option = ' AND o.auth_option ' . $db->sql_like_expression($permission_type . $db->any_char);

 
		

		

		$sql = $db->sql_build_query('SELECT_DISTINCT', array(
'SELECT' => 'u.username, u.username_clean, u.user_regdate, u.user_id',

		// Permission options are only able to be a permission set... therefore we will pre-fetch the possible options and also the possible roles
$option_ids = $role_ids = array();





			'FROM'		=> array(
USERS_TABLE => 'u',
ACL_OPTIONS_TABLE => 'o',
ACL_USERS_TABLE => 'a'
),

		$sql = 'SELECT auth_option_id
FROM ' . ACL_OPTIONS_TABLE . '
WHERE auth_option ' . $db->sql_like_expression($permission_type . $db->any_char);
$result = $db->sql_query($sql);






			'LEFT_JOIN'	=> array(
array(
'FROM' => array(ACL_ROLES_DATA_TABLE => 'r'),
'ON' => 'a.auth_role_id = r.role_id'
)
),

		while ($row = $db->sql_fetchrow($result))
{
$option_ids[] = (int) $row['auth_option_id'];
}
$db->sql_freeresult($result);






			'WHERE'		=> "(a.auth_option_id = o.auth_option_id OR r.auth_option_id = o.auth_option_id)
$sql_permission_option
$sql_forum_id
AND u.user_id = a.user_id",



		if (sizeof($option_ids))
{
$sql = 'SELECT DISTINCT role_id
FROM ' . ACL_ROLES_DATA_TABLE . '
WHERE ' . $db->sql_in_set('auth_option_id', $option_ids);
$result = $db->sql_query($sql);





			'ORDER_BY'	=> 'u.username_clean, u.user_regdate ASC'
));


























			while ($row = $db->sql_fetchrow($result))
{
$role_ids[] = (int) $row['role_id'];
}
$db->sql_freeresult($result);
}

if (sizeof($option_ids) && sizeof($role_ids))
{
$sql_where = 'AND (' . $db->sql_in_set('a.auth_option_id', $option_ids) . ' OR ' . $db->sql_in_set('a.auth_role_id', $role_ids) . ')';
}
else if (sizeof($role_ids))
{
$sql_where = 'AND ' . $db->sql_in_set('a.auth_role_id', $role_ids);
}
else if (sizeof($option_ids))
{
$sql_where = 'AND ' . $db->sql_in_set('a.auth_option_id', $option_ids);
}

// Not ideal, due to the filesort, non-use of indexes, etc.
$sql = 'SELECT DISTINCT u.user_id, u.username, u.username_clean, u.user_regdate
FROM ' . USERS_TABLE . ' u, ' . ACL_USERS_TABLE . " a
WHERE u.user_id = a.user_id
$sql_forum_id
$sql_where
ORDER BY u.username_clean, u.user_regdate ASC";

		$result = $db->sql_query($sql);

$s_defined_user_options = '';

		$result = $db->sql_query($sql);

$s_defined_user_options = '';

Line 1153Line 1286
		}
$db->sql_freeresult($result);


		}
$db->sql_freeresult($result);


		$sql = $db->sql_build_query('SELECT_DISTINCT', array(
'SELECT' => 'g.group_type, g.group_name, g.group_id',

'FROM' => array(
GROUPS_TABLE => 'g',
ACL_OPTIONS_TABLE => 'o',
ACL_GROUPS_TABLE => 'a'
),

'LEFT_JOIN' => array(
array(
'FROM' => array(ACL_ROLES_DATA_TABLE => 'r'),
'ON' => 'a.auth_role_id = r.role_id'
)
),

'WHERE' => "(a.auth_option_id = o.auth_option_id OR r.auth_option_id = o.auth_option_id)
$sql_permission_option

		$sql = 'SELECT DISTINCT g.group_type, g.group_name, g.group_id
FROM ' . GROUPS_TABLE . ' g, ' . ACL_GROUPS_TABLE . " a
WHERE g.group_id = a.group_id
















				$sql_forum_id

				$sql_forum_id

				AND g.group_id = a.group_id",

'ORDER_BY' => 'g.group_type DESC, g.group_name ASC'
));

				$sql_where
ORDER BY g.group_type DESC, g.group_name ASC";



		$result = $db->sql_query($sql);

$s_defined_group_options = '';

		$result = $db->sql_query($sql);

$s_defined_group_options = '';