diff options
| author | Meik Sievertsen <acydburn@phpbb.com> | 2006-12-27 17:43:55 +0000 |
|---|---|---|
| committer | Meik Sievertsen <acydburn@phpbb.com> | 2006-12-27 17:43:55 +0000 |
| commit | 945afbc5fa427f6e6fa15f3e2f5c67969121b01e (patch) | |
| tree | 1742cf822c3339eec48d8d54e6ce08c51316b59b /phpBB/includes/acp/acp_groups.php | |
| parent | b9da985180730252133699242ef639f91da2880e (diff) | |
| download | forums-945afbc5fa427f6e6fa15f3e2f5c67969121b01e.tar forums-945afbc5fa427f6e6fa15f3e2f5c67969121b01e.tar.gz forums-945afbc5fa427f6e6fa15f3e2f5c67969121b01e.tar.bz2 forums-945afbc5fa427f6e6fa15f3e2f5c67969121b01e.tar.xz forums-945afbc5fa427f6e6fa15f3e2f5c67969121b01e.zip | |
Unused Code inside function update_forum_data [Bug #6606]
Copy permissions protection for groups [Bug #6594]
HTML issues in ACP [Bug #6580, #6578]
Always send the correct encoding [related to bug #6576]
Mass email fixes for first loop iteration [Bug #6570]
Extension groups to be allowed in PM's and/or Posts [Bug #6558]
Extension allowance checking clarified (no longer using forum id 0 for private messaging)
Using request_var() array method for some variables [Bug #6556]
Added confirmation for deletion of ranks/smilies/icons/word censores [Bug #6548, #6530, #6512, #6466]
Only show postable forums in dropdown list for moving posts on forum deletion as well as correct re-indexing [Bug #6510, #6476, #6384]
Jabber password being password field in jabber settings screen [Bug #6478]
user activity language variable if viewing not own profile [Bug #6432]
Show moderator group/user-name colour [Bug #6402]
Log rank creation/updating/removing [Bug #6398]
Update check permission changed from a_ to a_board [Bug #6392]
git-svn-id: file:///svn/phpbb/trunk@6816 89ea8834-ac86-4346-8a33-228a782c2dd0
Diffstat (limited to 'phpBB/includes/acp/acp_groups.php')
| -rw-r--r-- | phpBB/includes/acp/acp_groups.php | 63 |
1 files changed, 39 insertions, 24 deletions
diff --git a/phpBB/includes/acp/acp_groups.php b/phpBB/includes/acp/acp_groups.php index 678a4f3bcf..f7b4d8fc66 100644 --- a/phpBB/includes/acp/acp_groups.php +++ b/phpBB/includes/acp/acp_groups.php @@ -358,35 +358,49 @@ class acp_groups $group_perm_from = request_var('group_perm_from', 0); // Copy permissions? - if ($group_perm_from && $action == 'add') + // If the user has the a_authgroups permission and at least one additional permission ability set the permissions are fully transfered. + // We do not limit on one auth category because this can lead to incomplete permissions being tricky to fix for the admin, roles being assigned or added non-default permissions. + // Since the user only has the option to copy permissions from non leader managed groups this seems to be a good compromise. + if ($group_perm_from && $action == 'add' && $auth->acl_get('a_authgroups') && $auth->acl_gets('a_aauth', 'a_fauth', 'a_mauth', 'a_uauth')) { - // From the mysql documentation: - // Prior to MySQL 4.0.14, the target table of the INSERT statement cannot appear in the FROM clause of the SELECT part of the query. This limitation is lifted in 4.0.14. - // Due to this we stay on the safe side if we do the insertion "the manual way" - - // Copy permisisons from/to the acl groups table (only group_id gets changed) - $sql = 'SELECT forum_id, auth_option_id, auth_role_id, auth_setting - FROM ' . ACL_GROUPS_TABLE . ' + $sql = 'SELECT group_manage_founder + FROM ' . GROUPS_TABLE . ' WHERE group_id = ' . $group_perm_from; $result = $db->sql_query($sql); + $check_row = $db->sql_fetchrow($result); + $db->sql_freeresult($result); - $groups_sql_ary = array(); - while ($row = $db->sql_fetchrow($result)) + // Check the group if non-founder + if ($check_row && ($user->data['user_type'] == USER_FOUNDER || $check_row['group_manage_founder'] == 0)) { - $groups_sql_ary[] = array( - 'group_id' => (int) $group_id, - 'forum_id' => (int) $row['forum_id'], - 'auth_option_id' => (int) $row['auth_option_id'], - 'auth_role_id' => (int) $row['auth_role_id'], - 'auth_setting' => (int) $row['auth_setting'] - ); + // From the mysql documentation: + // Prior to MySQL 4.0.14, the target table of the INSERT statement cannot appear in the FROM clause of the SELECT part of the query. This limitation is lifted in 4.0.14. + // Due to this we stay on the safe side if we do the insertion "the manual way" + + // Copy permisisons from/to the acl groups table (only group_id gets changed) + $sql = 'SELECT forum_id, auth_option_id, auth_role_id, auth_setting + FROM ' . ACL_GROUPS_TABLE . ' + WHERE group_id = ' . $group_perm_from; + $result = $db->sql_query($sql); + + $groups_sql_ary = array(); + while ($row = $db->sql_fetchrow($result)) + { + $groups_sql_ary[] = array( + 'group_id' => (int) $group_id, + 'forum_id' => (int) $row['forum_id'], + 'auth_option_id' => (int) $row['auth_option_id'], + 'auth_role_id' => (int) $row['auth_role_id'], + 'auth_setting' => (int) $row['auth_setting'] + ); + } + $db->sql_freeresult($result); + + // Now insert the data + $db->sql_multi_insert(ACL_GROUPS_TABLE, $groups_sql_ary); + + $auth->acl_clear_prefetch(); } - $db->sql_freeresult($result); - - // Now insert the data - $db->sql_multi_insert(ACL_GROUPS_TABLE, $groups_sql_ary); - - $auth->acl_clear_prefetch(); } $cache->destroy('sql', GROUPS_TABLE); @@ -494,6 +508,7 @@ class acp_groups $template->assign_vars(array( 'S_EDIT' => true, 'S_ADD_GROUP' => ($action == 'add') ? true : false, + 'S_GROUP_PERM' => ($action == 'add' && $auth->acl_get('a_authgroups') && $auth->acl_gets('a_aauth', 'a_fauth', 'a_mauth', 'a_uauth')) ? true : false, 'S_INCLUDE_SWATCH' => true, 'S_CAN_UPLOAD' => $can_upload, 'S_ERROR' => (sizeof($error)) ? true : false, @@ -518,7 +533,7 @@ class acp_groups 'S_DESC_SMILIES_CHECKED'=> $group_desc_data['allow_smilies'], 'S_RANK_OPTIONS' => $rank_options, - 'S_GROUP_OPTIONS' => group_select_options(0), + 'S_GROUP_OPTIONS' => group_select_options(false, false, (($user->data['user_type'] == USER_FOUNDER) ? false : 0)), 'AVATAR_IMAGE' => $avatar_img, 'AVATAR_MAX_FILESIZE' => $config['avatar_filesize'], 'GROUP_AVATAR_WIDTH' => (isset($group_row['group_avatar_width'])) ? $group_row['group_avatar_width'] : '', |