Line 20 | Line 20 |
---|
{ /** @var \phpbb\auth\auth */ protected $auth;
|
{ /** @var \phpbb\auth\auth */ protected $auth;
|
| /** @var \includes\acp\auth\auth_admin */ protected $auth_admin;
|
/** @var \phpbb\cache\service */ protected $cache;
| /** @var \phpbb\cache\service */ protected $cache;
|
Line 49 | Line 52 |
---|
$this->auth = $auth; $this->phpbb_root_path = $phpbb_root_path; $this->php_ext = $php_ext;
|
$this->auth = $auth; $this->phpbb_root_path = $phpbb_root_path; $this->php_ext = $php_ext;
|
| if (!class_exists('auth_admin')) { include($this->phpbb_root_path . 'includes/acp/auth.' . $this->php_ext); } $this->auth_admin = new \auth_admin();
|
}
/**
| }
/**
|
Line 117 | Line 126 |
---|
// We've added permissions, so set to true to notify the user. $this->permissions_added = true;
|
// We've added permissions, so set to true to notify the user. $this->permissions_added = true;
|
if (!class_exists('auth_admin')) { include($this->phpbb_root_path . 'includes/acp/auth.' . $this->php_ext); } $auth_admin = new \auth_admin();
| |
// We have to add a check to see if the !$global (if global, local, and if local, global) permission already exists. If it does, acl_add_option currently has a bug which would break the ACL system, so we are having a work-around here. if ($this->exists($auth_option, !$global))
| // We have to add a check to see if the !$global (if global, local, and if local, global) permission already exists. If it does, acl_add_option currently has a bug which would break the ACL system, so we are having a work-around here. if ($this->exists($auth_option, !$global))
|
Line 140 | Line 143 |
---|
{ if ($global) {
|
{ if ($global) {
|
$auth_admin->acl_add_option(array('global' => array($auth_option)));
| $this->auth_admin->acl_add_option(array('global' => array($auth_option)));
|
} else {
|
} else {
|
$auth_admin->acl_add_option(array('local' => array($auth_option)));
| $this->auth_admin->acl_add_option(array('local' => array($auth_option)));
|
} }
// The permission has been added, now we can copy it if needed
|
} }
// The permission has been added, now we can copy it if needed
|
if ($copy_from && isset($auth_admin->acl_options['id'][$copy_from]))
| if ($copy_from && isset($this->auth_admin->acl_options['id'][$copy_from]))
|
{
|
{
|
$old_id = $auth_admin->acl_options['id'][$copy_from]; $new_id = $auth_admin->acl_options['id'][$auth_option];
| $old_id = $this->auth_admin->acl_options['id'][$copy_from]; $new_id = $this->auth_admin->acl_options['id'][$auth_option];
|
$tables = array(ACL_GROUPS_TABLE, ACL_ROLES_DATA_TABLE, ACL_USERS_TABLE);
| $tables = array(ACL_GROUPS_TABLE, ACL_ROLES_DATA_TABLE, ACL_USERS_TABLE);
|
Line 177 | Line 180 |
---|
} }
|
} }
|
$auth_admin->acl_clear_prefetch();
| $this->auth_admin->acl_clear_prefetch();
|
} }
| } }
|
Line 238 | Line 241 |
---|
// Purge the auth cache $this->cache->destroy('_acl_options'); $this->auth->acl_clear_prefetch();
|
// Purge the auth cache $this->cache->destroy('_acl_options'); $this->auth->acl_clear_prefetch();
|
| }
/** * Check if a permission role exists * * @param string $role_name The role name * * @return int The id of the role if it exists, 0 otherwise */ public function role_exists($role_name) { $sql = 'SELECT role_id FROM ' . ACL_ROLES_TABLE . " WHERE role_name = '" . $this->db->sql_escape($role_name) . "'"; $result = $this->db->sql_query($sql); $role_id = (int) $this->db->sql_fetchfield('role_id'); $this->db->sql_freeresult($result);
return $role_id;
|
}
/**
| }
/**
|
Line 251 | Line 273 |
---|
*/ public function role_add($role_name, $role_type, $role_description = '') {
|
*/ public function role_add($role_name, $role_type, $role_description = '') {
|
$sql = 'SELECT role_id FROM ' . ACL_ROLES_TABLE . " WHERE role_name = '" . $this->db->sql_escape($role_name) . "'"; $this->db->sql_query($sql); $role_id = (int) $this->db->sql_fetchfield('role_id');
if ($role_id)
| if ($this->role_exists($role_name))
|
{ return; }
| { return; }
|
Line 278 | Line 294 |
---|
$sql = 'INSERT INTO ' . ACL_ROLES_TABLE . ' ' . $this->db->sql_build_array('INSERT', $sql_ary); $this->db->sql_query($sql);
|
$sql = 'INSERT INTO ' . ACL_ROLES_TABLE . ' ' . $this->db->sql_build_array('INSERT', $sql_ary); $this->db->sql_query($sql);
|
| return $this->db->sql_nextid();
|
}
/**
| }
/**
|
Line 290 | Line 308 |
---|
*/ public function role_update($old_role_name, $new_role_name) {
|
*/ public function role_update($old_role_name, $new_role_name) {
|
$sql = 'SELECT role_id FROM ' . ACL_ROLES_TABLE . " WHERE role_name = '" . $this->db->sql_escape($old_role_name) . "'"; $this->db->sql_query($sql); $role_id = (int) $this->db->sql_fetchfield('role_id');
if (!$role_id)
| if (!$this->role_exists($old_role_name))
|
{ throw new \phpbb\db\migration\exception('ROLE_NOT_EXIST', $old_role_name); }
| { throw new \phpbb\db\migration\exception('ROLE_NOT_EXIST', $old_role_name); }
|
Line 315 | Line 327 |
---|
*/ public function role_remove($role_name) {
|
*/ public function role_remove($role_name) {
|
$sql = 'SELECT role_id FROM ' . ACL_ROLES_TABLE . " WHERE role_name = '" . $this->db->sql_escape($role_name) . "'"; $this->db->sql_query($sql); $role_id = (int) $this->db->sql_fetchfield('role_id');
if (!$role_id)
| if (!($role_id = $this->role_exists($role_name)))
|
{ return; }
|
{ return; }
|
| // Get the role type $sql = 'SELECT role_type FROM ' . ACL_ROLES_TABLE . ' WHERE role_id = ' . (int) $role_id; $result = $this->db->sql_query($sql); $role_type = $this->db->sql_fetchfield('role_type'); $this->db->sql_freeresult($result);
// Get complete auth array $sql = 'SELECT auth_option, auth_option_id FROM ' . ACL_OPTIONS_TABLE . " WHERE auth_option " . $this->db->sql_like_expression($role_type . $this->db->get_any_char()); $result = $this->db->sql_query($sql);
$auth_settings = []; while ($row = $this->db->sql_fetchrow($result)) { $auth_settings[$row['auth_option']] = ACL_NO; } $this->db->sql_freeresult($result);
// Get the role auth settings we need to re-set... $sql = 'SELECT o.auth_option, r.auth_setting FROM ' . ACL_ROLES_DATA_TABLE . ' r, ' . ACL_OPTIONS_TABLE . ' o WHERE o.auth_option_id = r.auth_option_id AND r.role_id = ' . (int) $role_id; $result = $this->db->sql_query($sql);
while ($row = $this->db->sql_fetchrow($result)) { $auth_settings[$row['auth_option']] = $row['auth_setting']; } $this->db->sql_freeresult($result);
// Get role assignments $hold_ary = $this->auth_admin->get_role_mask($role_id);
// Re-assign permissions foreach ($hold_ary as $forum_id => $forum_ary) { if (isset($forum_ary['users'])) { $this->auth_admin->acl_set('user', $forum_id, $forum_ary['users'], $auth_settings, 0, false); }
if (isset($forum_ary['groups'])) { $this->auth_admin->acl_set('group', $forum_id, $forum_ary['groups'], $auth_settings, 0, false); } }
// Remove role from users and groups just to be sure (happens through acl_set) $sql = 'DELETE FROM ' . ACL_USERS_TABLE . ' WHERE auth_role_id = ' . $role_id; $this->db->sql_query($sql);
$sql = 'DELETE FROM ' . ACL_GROUPS_TABLE . ' WHERE auth_role_id = ' . $role_id; $this->db->sql_query($sql);
|
$sql = 'DELETE FROM ' . ACL_ROLES_DATA_TABLE . ' WHERE role_id = ' . $role_id;
| $sql = 'DELETE FROM ' . ACL_ROLES_DATA_TABLE . ' WHERE role_id = ' . $role_id;
|
Line 381 | Line 447 |
---|
switch ($type) { case 'role':
|
switch ($type) { case 'role':
|
$sql = 'SELECT role_id FROM ' . ACL_ROLES_TABLE . " WHERE role_name = '" . $this->db->sql_escape($name) . "'"; $this->db->sql_query($sql); $role_id = (int) $this->db->sql_fetchfield('role_id');
if (!$role_id)
| if (!($role_id = $this->role_exists($name)))
|
{ throw new \phpbb\db\migration\exception('ROLE_NOT_EXIST', $name); }
| { throw new \phpbb\db\migration\exception('ROLE_NOT_EXIST', $name); }
|
Line 430 | Line 490 |
---|
WHERE role_id = ' . $role_id; $this->db->sql_query($sql); $role_data = $this->db->sql_fetchrow();
|
WHERE role_id = ' . $role_id; $this->db->sql_query($sql); $role_data = $this->db->sql_fetchrow();
|
| if (!$role_data) { throw new \phpbb\db\migration\exception('ROLE_ASSIGNED_NOT_EXIST', $name, $role_id); }
|
$role_name = $role_data['role_name']; $role_type = $role_data['role_type'];
| $role_name = $role_data['role_name']; $role_type = $role_data['role_type'];
|
Line 539 | Line 604 |
---|
switch ($type) { case 'role':
|
switch ($type) { case 'role':
|
$sql = 'SELECT role_id FROM ' . ACL_ROLES_TABLE . " WHERE role_name = '" . $this->db->sql_escape($name) . "'"; $this->db->sql_query($sql); $role_id = (int) $this->db->sql_fetchfield('role_id');
if (!$role_id)
| if (!($role_id = $this->role_exists($name)))
|
{ throw new \phpbb\db\migration\exception('ROLE_NOT_EXIST', $name); }
| { throw new \phpbb\db\migration\exception('ROLE_NOT_EXIST', $name); }
|
Line 582 | Line 641 |
---|
WHERE role_id = ' . $role_id; $this->db->sql_query($sql); $role_name = $this->db->sql_fetchfield('role_name');
|
WHERE role_id = ' . $role_id; $this->db->sql_query($sql); $role_name = $this->db->sql_fetchfield('role_name');
|
| if (!$role_name) { throw new \phpbb\db\migration\exception('ROLE_ASSIGNED_NOT_EXIST', $name, $role_id); }
|
return $this->permission_unset($role_name, $auth_option, 'role'); }
| return $this->permission_unset($role_name, $auth_option, 'role'); }
|