phpBB

Code Changes

File: phpbb/db/migration/tool/permission.php

  Unmodified   Added   Modified   Removed
Line 20Line 20
{
/** @var \phpbb\auth\auth */
protected $auth;

{
/** @var \phpbb\auth\auth */
protected $auth;

 

/** @var \includes\acp\auth\auth_admin */
protected $auth_admin;


/** @var \phpbb\cache\service */
protected $cache;


/** @var \phpbb\cache\service */
protected $cache;

Line 49Line 52
		$this->auth = $auth;
$this->phpbb_root_path = $phpbb_root_path;
$this->php_ext = $php_ext;

		$this->auth = $auth;
$this->phpbb_root_path = $phpbb_root_path;
$this->php_ext = $php_ext;

 

if (!class_exists('auth_admin'))
{
include($this->phpbb_root_path . 'includes/acp/auth.' . $this->php_ext);
}
$this->auth_admin = new \auth_admin();

	}

/**

	}

/**

Line 117Line 126

// We've added permissions, so set to true to notify the user.
$this->permissions_added = true;


// We've added permissions, so set to true to notify the user.
$this->permissions_added = true;


if (!class_exists('auth_admin'))
{
include($this->phpbb_root_path . 'includes/acp/auth.' . $this->php_ext);
}
$auth_admin = new \auth_admin();

 

// We have to add a check to see if the !$global (if global, local, and if local, global) permission already exists. If it does, acl_add_option currently has a bug which would break the ACL system, so we are having a work-around here.
if ($this->exists($auth_option, !$global))


// We have to add a check to see if the !$global (if global, local, and if local, global) permission already exists. If it does, acl_add_option currently has a bug which would break the ACL system, so we are having a work-around here.
if ($this->exists($auth_option, !$global))

Line 140Line 143
		{
if ($global)
{

		{
if ($global)
{

				$auth_admin->acl_add_option(array('global' => array($auth_option)));

				$this->auth_admin->acl_add_option(array('global' => array($auth_option)));

			}
else
{

			}
else
{

				$auth_admin->acl_add_option(array('local' => array($auth_option)));

				$this->auth_admin->acl_add_option(array('local' => array($auth_option)));

			}
}

// The permission has been added, now we can copy it if needed

			}
}

// The permission has been added, now we can copy it if needed

		if ($copy_from && isset($auth_admin->acl_options['id'][$copy_from]))

		if ($copy_from && isset($this->auth_admin->acl_options['id'][$copy_from]))

		{

		{

			$old_id = $auth_admin->acl_options['id'][$copy_from];
$new_id = $auth_admin->acl_options['id'][$auth_option];

			$old_id = $this->auth_admin->acl_options['id'][$copy_from];
$new_id = $this->auth_admin->acl_options['id'][$auth_option];


$tables = array(ACL_GROUPS_TABLE, ACL_ROLES_DATA_TABLE, ACL_USERS_TABLE);



$tables = array(ACL_GROUPS_TABLE, ACL_ROLES_DATA_TABLE, ACL_USERS_TABLE);


Line 177Line 180
				}
}


				}
}


			$auth_admin->acl_clear_prefetch();

			$this->auth_admin->acl_clear_prefetch();

		}
}


		}
}


Line 238Line 241
		// Purge the auth cache
$this->cache->destroy('_acl_options');
$this->auth->acl_clear_prefetch();

		// Purge the auth cache
$this->cache->destroy('_acl_options');
$this->auth->acl_clear_prefetch();

 
	}

/**
* Check if a permission role exists
*
* @param string $role_name The role name
*
* @return int The id of the role if it exists, 0 otherwise
*/
public function role_exists($role_name)
{
$sql = 'SELECT role_id
FROM ' . ACL_ROLES_TABLE . "
WHERE role_name = '" . $this->db->sql_escape($role_name) . "'";
$result = $this->db->sql_query($sql);
$role_id = (int) $this->db->sql_fetchfield('role_id');
$this->db->sql_freeresult($result);

return $role_id;

	}

/**

	}

/**

Line 251Line 273
	*/
public function role_add($role_name, $role_type, $role_description = '')
{

	*/
public function role_add($role_name, $role_type, $role_description = '')
{

		$sql = 'SELECT role_id
FROM ' . ACL_ROLES_TABLE . "
WHERE role_name = '" . $this->db->sql_escape($role_name) . "'";
$this->db->sql_query($sql);
$role_id = (int) $this->db->sql_fetchfield('role_id');

if ($role_id)

		if ($this->role_exists($role_name))







		{
return;
}

		{
return;
}

Line 278Line 294

$sql = 'INSERT INTO ' . ACL_ROLES_TABLE . ' ' . $this->db->sql_build_array('INSERT', $sql_ary);
$this->db->sql_query($sql);


$sql = 'INSERT INTO ' . ACL_ROLES_TABLE . ' ' . $this->db->sql_build_array('INSERT', $sql_ary);
$this->db->sql_query($sql);

 

return $this->db->sql_nextid();

	}

/**

	}

/**

Line 290Line 308
	*/
public function role_update($old_role_name, $new_role_name)
{

	*/
public function role_update($old_role_name, $new_role_name)
{

		$sql = 'SELECT role_id
FROM ' . ACL_ROLES_TABLE . "
WHERE role_name = '" . $this->db->sql_escape($old_role_name) . "'";
$this->db->sql_query($sql);
$role_id = (int) $this->db->sql_fetchfield('role_id');

if (!$role_id)

		if (!$this->role_exists($old_role_name))







		{
throw new \phpbb\db\migration\exception('ROLE_NOT_EXIST', $old_role_name);
}

		{
throw new \phpbb\db\migration\exception('ROLE_NOT_EXIST', $old_role_name);
}

Line 315Line 327
	*/
public function role_remove($role_name)
{

	*/
public function role_remove($role_name)
{

		$sql = 'SELECT role_id
FROM ' . ACL_ROLES_TABLE . "
WHERE role_name = '" . $this->db->sql_escape($role_name) . "'";
$this->db->sql_query($sql);
$role_id = (int) $this->db->sql_fetchfield('role_id');

if (!$role_id)

		if (!($role_id = $this->role_exists($role_name)))







		{
return;
}

		{
return;
}

 

// Get the role type
$sql = 'SELECT role_type
FROM ' . ACL_ROLES_TABLE . '
WHERE role_id = ' . (int) $role_id;
$result = $this->db->sql_query($sql);
$role_type = $this->db->sql_fetchfield('role_type');
$this->db->sql_freeresult($result);

// Get complete auth array
$sql = 'SELECT auth_option, auth_option_id
FROM ' . ACL_OPTIONS_TABLE . "
WHERE auth_option " . $this->db->sql_like_expression($role_type . $this->db->get_any_char());
$result = $this->db->sql_query($sql);

$auth_settings = [];
while ($row = $this->db->sql_fetchrow($result))
{
$auth_settings[$row['auth_option']] = ACL_NO;
}
$this->db->sql_freeresult($result);

// Get the role auth settings we need to re-set...
$sql = 'SELECT o.auth_option, r.auth_setting
FROM ' . ACL_ROLES_DATA_TABLE . ' r, ' . ACL_OPTIONS_TABLE . ' o
WHERE o.auth_option_id = r.auth_option_id
AND r.role_id = ' . (int) $role_id;
$result = $this->db->sql_query($sql);

while ($row = $this->db->sql_fetchrow($result))
{
$auth_settings[$row['auth_option']] = $row['auth_setting'];
}
$this->db->sql_freeresult($result);

// Get role assignments
$hold_ary = $this->auth_admin->get_role_mask($role_id);

// Re-assign permissions
foreach ($hold_ary as $forum_id => $forum_ary)
{
if (isset($forum_ary['users']))
{
$this->auth_admin->acl_set('user', $forum_id, $forum_ary['users'], $auth_settings, 0, false);
}

if (isset($forum_ary['groups']))
{
$this->auth_admin->acl_set('group', $forum_id, $forum_ary['groups'], $auth_settings, 0, false);
}
}

// Remove role from users and groups just to be sure (happens through acl_set)
$sql = 'DELETE FROM ' . ACL_USERS_TABLE . '
WHERE auth_role_id = ' . $role_id;
$this->db->sql_query($sql);

$sql = 'DELETE FROM ' . ACL_GROUPS_TABLE . '
WHERE auth_role_id = ' . $role_id;
$this->db->sql_query($sql);


$sql = 'DELETE FROM ' . ACL_ROLES_DATA_TABLE . '
WHERE role_id = ' . $role_id;


$sql = 'DELETE FROM ' . ACL_ROLES_DATA_TABLE . '
WHERE role_id = ' . $role_id;

Line 369Line 435
		}
$this->db->sql_freeresult($result);


		}
$this->db->sql_freeresult($result);


		if (empty($new_auth))


		$type = (string) $type; // Prevent PHP bug.
if (empty($new_auth) || !in_array($type, ['role','group']))

		{
return;
}

$current_auth = array();

		{
return;
}

$current_auth = array();


$type = (string) $type; // Prevent PHP bug.

 

switch ($type)
{
case 'role':


switch ($type)
{
case 'role':

				$sql = 'SELECT role_id
FROM ' . ACL_ROLES_TABLE . "
WHERE role_name = '" . $this->db->sql_escape($name) . "'";
$this->db->sql_query($sql);
$role_id = (int) $this->db->sql_fetchfield('role_id');

if (!$role_id)

				if (!($role_id = $this->role_exists($name)))







				{
throw new \phpbb\db\migration\exception('ROLE_NOT_EXIST', $name);
}

				{
throw new \phpbb\db\migration\exception('ROLE_NOT_EXIST', $name);
}

Line 430Line 489
						WHERE role_id = ' . $role_id;
$this->db->sql_query($sql);
$role_data = $this->db->sql_fetchrow();

						WHERE role_id = ' . $role_id;
$this->db->sql_query($sql);
$role_data = $this->db->sql_fetchrow();

 
					if (!$role_data)
{
throw new \phpbb\db\migration\exception('ROLE_ASSIGNED_NOT_EXIST', $name, $role_id);
}


					$role_name = $role_data['role_name'];
$role_type = $role_data['role_type'];


					$role_name = $role_data['role_name'];
$role_type = $role_data['role_type'];


Line 460Line 524
			break;
}


			break;
}


		$sql_ary = array();
switch ($type)
{
case 'role':

		$sql_ary = $auth_update_list = [];
$table = $type == 'role' ? ACL_ROLES_DATA_TABLE : ACL_GROUPS_TABLE;



				foreach ($new_auth as $auth_option_id)
{
if (!isset($current_auth[$auth_option_id]))
{

				foreach ($new_auth as $auth_option_id)
{
if (!isset($current_auth[$auth_option_id]))
{

						$sql_ary[] = array(
'role_id' => $role_id,

				$sql_ary[] = [
$type . '_id' => ${$type . '_id'},

							'auth_option_id'	=> $auth_option_id,

							'auth_option_id'	=> $auth_option_id,

							'auth_setting'		=> $has_permission,
);

					'auth_setting'		=> (int) $has_permission,
];

					}

					}

				}

$this->db->sql_multi_insert(ACL_ROLES_DATA_TABLE, $sql_ary);
break;

case 'group':
foreach ($new_auth as $auth_option_id)

			else







				{

				{

					if (!isset($current_auth[$auth_option_id]))
{
$sql_ary[] = array(
'group_id' => $group_id,
'auth_option_id' => $auth_option_id,
'auth_setting' => $has_permission,
);

				$auth_update_list[] = $auth_option_id;







					}
}

					}
}

 
		$this->db->sql_multi_insert($table, $sql_ary);





				$this->db->sql_multi_insert(ACL_GROUPS_TABLE, $sql_ary);
break;






		if (count($auth_update_list))
{
$sql = 'UPDATE ' . $table . '
SET auth_setting = ' . (int) $has_permission . '
WHERE ' . $this->db->sql_in_set('auth_option_id', $auth_update_list) . '
AND ' . $type . '_id = ' . (int) ${$type . '_id'};
$this->db->sql_query($sql);

		}

$this->auth->acl_clear_prefetch();

		}

$this->auth->acl_clear_prefetch();

Line 539Line 595
		switch ($type)
{
case 'role':

		switch ($type)
{
case 'role':

				$sql = 'SELECT role_id
FROM ' . ACL_ROLES_TABLE . "
WHERE role_name = '" . $this->db->sql_escape($name) . "'";
$this->db->sql_query($sql);
$role_id = (int) $this->db->sql_fetchfield('role_id');

if (!$role_id)

				if (!($role_id = $this->role_exists($name)))







				{
throw new \phpbb\db\migration\exception('ROLE_NOT_EXIST', $name);
}

				{
throw new \phpbb\db\migration\exception('ROLE_NOT_EXIST', $name);
}

Line 582Line 632
						WHERE role_id = ' . $role_id;
$this->db->sql_query($sql);
$role_name = $this->db->sql_fetchfield('role_name');

						WHERE role_id = ' . $role_id;
$this->db->sql_query($sql);
$role_name = $this->db->sql_fetchfield('role_name');

 
					if (!$role_name)
{
throw new \phpbb\db\migration\exception('ROLE_ASSIGNED_NOT_EXIST', $name, $role_id);
}


return $this->permission_unset($role_name, $auth_option, 'role');
}


return $this->permission_unset($role_name, $auth_option, 'role');
}