implementing permission roles

- copy permissions (adding groups) - copy permissions (adding forums) - checking proper groupadd/del settings - added intro page to permissions (to give an overview and quick links) - able to select forums + subforums, single forum, all groups, all users (permission screens) - able to reset permissions (only reset input field) - fix forum deletion bug git-svn-id: file:///svn/phpbb/trunk@5574 89ea8834-ac86-4346-8a33-228a782c2dd0
author: Meik Sievertsen <acydburn@phpbb.com> 2006-02-22 21:42:26 +0000
committer: Meik Sievertsen <acydburn@phpbb.com> 2006-02-22 21:42:26 +0000
commit: 6b13f94be9fdd4054e08d593f5c871a11853344e (patch)
tree: a9394609b17fc472f2b9748d6e16130d18df22aa /phpBB/includes
parent: 19d5dddaebecd2ef85eee40690a69f272fafdb2d (diff)
download: forums-6b13f94be9fdd4054e08d593f5c871a11853344e.tar
forums-6b13f94be9fdd4054e08d593f5c871a11853344e.tar.gz
forums-6b13f94be9fdd4054e08d593f5c871a11853344e.tar.bz2
forums-6b13f94be9fdd4054e08d593f5c871a11853344e.tar.xz
forums-6b13f94be9fdd4054e08d593f5c871a11853344e.zip
17 files changed, 1297 insertions, 271 deletions
diff --git a/phpBB/includes/acp/acp_forums.php b/phpBB/includes/acp/acp_forums.php
index a193808010..00052b8d23 100644
--- a/phpBB/includes/acp/acp_forums.php
+++ b/phpBB/includes/acp/acp_forums.php
@@ -144,6 +144,35 @@ class acp_forums
 					
 					if (!sizeof($errors))
 					{
+						$forum_perm_from = request_var('forum_perm_from', 0);
+
+						// Copy permissions?
+						if ($forum_perm_from && $action == 'add')
+						{
+							$sql_ary = array(
+								'user_id'			=> array('user_id'),
+								'forum_id'			=> (int) $forum_data['forum_id'],
+								'auth_option_id'	=> array('auth_option_id'),
+								'auth_role_id'		=> array('auth_role_id'),
+								'auth_setting'		=> array('auth_setting')
+							);
+							
+							// We copy the permissions the manual way. ;)
+							$sql = 'INSERT INTO ' . ACL_USERS_TABLE . ' ' . $db->sql_build_array('INSERT_SELECT', $sql_ary) . '
+								FROM ' . ACL_USERS_TABLE . ' 
+								WHERE forum_id = ' . $forum_perm_from;
+							$db->sql_query($sql);
+
+							// Change array for copying settings from the acl groups table
+							unset($sql_ary['user_id']);
+							$sql_ary['group_id'] = array('group_id');
+							
+							$sql = 'INSERT INTO ' . ACL_GROUPS_TABLE . ' ' . $db->sql_build_array('INSERT_SELECT', $sql_ary) . '
+								FROM ' . ACL_GROUPS_TABLE . ' 
+								WHERE forum_id = ' . $forum_perm_from;
+							$db->sql_query($sql);
+						}
+
 						$auth->acl_clear_prefetch();
 						recalc_btree('forum_id', FORUMS_TABLE);
 
@@ -477,6 +506,7 @@ class acp_forums
 					'S_STATUS_OPTIONS'			=> $statuslist,
 					'S_PARENT_OPTIONS'			=> $parents_list,
 					'S_STYLES_OPTIONS'			=> $styles_list,
+					'S_FORUM_OPTIONS'			=> make_forum_select(false, false, false),
 					'S_SHOW_DISPLAY_ON_INDEX'	=> $s_show_display_on_index,
 					'S_FORUM_POST'				=> ($forum_data['forum_type'] == FORUM_POST) ? true : false,
 					'S_FORUM_ORIG_POST'			=> (isset($old_forum_type) && $old_forum_type == FORUM_POST) ? true : false,
@@ -1309,7 +1339,7 @@ class acp_forums
 		// Set forum ids to 0
 		$table_ary = array(DRAFTS_TABLE);
 
-		foreach ($tables_ary as $table)
+		foreach ($table_ary as $table)
 		{
 			$db->sql_query("UPDATE $table SET forum_id = 0 WHERE forum_id = $forum_id");
 		}
diff --git a/phpBB/includes/acp/acp_groups.php b/phpBB/includes/acp/acp_groups.php
index 5fa8d8b5fd..644f4f7cf9 100644
--- a/phpBB/includes/acp/acp_groups.php
+++ b/phpBB/includes/acp/acp_groups.php
@@ -10,7 +10,6 @@
 
 /**
 * @package acp
-* @todo make sure permissions are met for adding groups and removing groups (a_groupadd, a_groupdel)
 */
 class acp_groups
 {
@@ -164,6 +163,11 @@ class acp_groups
 					switch ($action)
 					{
 						case 'delete':
+							if (!$auth->acl_get('a_groupdel'))
+							{
+								trigger_error($user->lang['NO_AUTH_OPERATION'] . adm_back_link($this->u_action));
+							}
+
 							$error = group_delete($group_id, $group_row['group_name']);
 						break;
 
@@ -225,6 +229,11 @@ class acp_groups
 					trigger_error($user->lang['NO_GROUP'] . adm_back_link($this->u_action));
 				}
 
+				if ($action == 'add' && !$auth->acl_get('a_groupadd'))
+				{
+					trigger_error($user->lang['NO_AUTH_OPERATION'] . adm_back_link($this->u_action));
+				}
+
 				$error = array();
 				$user->add_lang('ucp');
 			
@@ -309,7 +318,7 @@ class acp_groups
 					$test_variables = array('rank', 'colour', 'avatar', 'avatar_type', 'avatar_width', 'avatar_height', 'receive_pm', 'message_limit');
 					foreach ($test_variables as $test)
 					{
-						if ($action == 'add' || (isset($submit_ary[$test]) && $group_row['group_' . $test] != $submit_ary[$test]))
+						if (isset($submit_ary[$test]) && ($action == 'add' || $group_row['group_' . $test] != $submit_ary[$test]))
 						{
 							$group_attributes['group_' . $test] = $group_row['group_' . $test] = $submit_ary[$test];
 						}
@@ -317,6 +326,28 @@ class acp_groups
 
 					if (!($error = group_create($group_id, $group_type, $group_name, $group_description, $group_attributes)))
 					{
+						$group_perm_from = request_var('group_perm_from', 0);
+
+						// Copy permissions?
+						if ($group_perm_from && $action == 'add')
+						{
+							$sql_ary = array(
+								'group_id'			=> $group_id,
+								'forum_id'			=> array('forum_id'),
+								'auth_option_id'	=> array('auth_option_id'),
+								'auth_role_id'		=> array('auth_role_id'),
+								'auth_setting'		=> array('auth_setting')
+							);
+							
+							// We copy the permissions the manual way. ;)
+							$sql = 'INSERT INTO ' . ACL_GROUPS_TABLE . ' ' . $db->sql_build_array('INSERT_SELECT', $sql_ary) . '
+								FROM ' . ACL_GROUPS_TABLE . ' 
+								WHERE group_id = ' . $group_perm_from;
+							$db->sql_query($sql);
+
+							$auth->acl_clear_prefetch();
+						}
+
 						$message = ($action == 'edit') ? 'GROUP_UPDATED' : 'GROUP_CREATED';
 						trigger_error($user->lang[$message] . adm_back_link($this->u_action));
 					}
@@ -398,6 +429,7 @@ class acp_groups
 
 				$template->assign_vars(array(
 					'S_EDIT'			=> true,
+					'S_ADD_GROUP'		=> ($action == 'add') ? true : false,
 					'S_INCLUDE_SWATCH'	=> true,
 					'S_CAN_UPLOAD'		=> $can_upload,
 					'S_ERROR'			=> (sizeof($error)) ? true : false,
@@ -414,6 +446,7 @@ class acp_groups
 					'GROUP_COLOUR'			=> (isset($group_row['group_colour'])) ? $group_row['group_colour'] : '',
 
 					'S_RANK_OPTIONS'		=> $rank_options,
+					'S_GROUP_OPTIONS'		=> group_select_options(0),
 					'AVATAR_IMAGE'			=> $avatar_img,
 					'AVATAR_MAX_FILESIZE'	=> $config['avatar_filesize'],
 					'GROUP_AVATAR_WIDTH'	=> (isset($group_row['group_avatar_width'])) ? $group_row['group_avatar_width'] : '',
@@ -562,7 +595,7 @@ class acp_groups
 
 		$template->assign_vars(array(
 			'U_ACTION'		=> $this->u_action,
-			)
+			'S_GROUP_ADD'	=> ($auth->acl_get('a_groupadd')) ? true : false)
 		);
 
 		$sql = 'SELECT g.group_id, g.group_name, g.group_type, COUNT(ug.user_id) AS total_members 
@@ -609,7 +642,7 @@ class acp_groups
 					'U_LIST'		=> "{$this->u_action}&amp;action=list&amp;g=$group_id",
 					'U_DEFAULT'		=> "{$this->u_action}&amp;action=default&amp;g=$group_id",
 					'U_EDIT'		=> "{$this->u_action}&amp;action=edit&amp;g=$group_id",
-					'U_DELETE'		=> "{$this->u_action}&amp;action=delete&amp;g=$group_id",
+					'U_DELETE'		=> ($auth->acl_get('a_groupdel')) ? "{$this->u_action}&amp;action=delete&amp;g=$group_id" : '',
 
 					'S_GROUP_SPECIAL'	=> ($row['group_type'] == GROUP_SPECIAL) ? true : false,
 					
diff --git a/phpBB/includes/acp/acp_modules.php b/phpBB/includes/acp/acp_modules.php
index 39239d8901..fab7731567 100644
--- a/phpBB/includes/acp/acp_modules.php
+++ b/phpBB/includes/acp/acp_modules.php
@@ -661,7 +661,7 @@ class acp_modules
 			if (!$ignore_acl && $row['module_auth'])
 			{
 				$is_auth = false;
-				eval('$is_auth = (int) (' . preg_replace(array('#acl_([a-z_]+)(,\$id)?#e', '#\$id#', '#cfg_([a-z_]+)#e'), array('(int) $auth->acl_get("\\1"\\2)', '$this->acl_forup_id', '(int) $config["\\1"]'), trim($row['module_auth'])) . ');');
+				eval('$is_auth = (int) (' . preg_replace(array('#acl_([a-z_]+)(,\$id)?#', '#\$id#', '#aclf_([a-z_]+)#', '#cfg_([a-z_]+)#'), array('(int) $auth->acl_get("\\1"\\2)', 'true', '(int) $auth->acl_getf_global("\\1")', '(int) $config["\\1"]'), $row['module_auth']) . ');');
 				if (!$is_auth)
 				{
 					continue;
diff --git a/phpBB/includes/acp/acp_permission_roles.php b/phpBB/includes/acp/acp_permission_roles.php
new file mode 100644
index 0000000000..2bf32093f4
--- /dev/null
+++ b/phpBB/includes/acp/acp_permission_roles.php
@@ -0,0 +1,776 @@
+<?php
+/** 
+*
+* @package acp
+* @version $Id$
+* @copyright (c) 2005 phpBB Group 
+* @license http://opensource.org/licenses/gpl-license.php GNU Public License 
+*
+*/
+
+/**
+* @package acp
+*/
+class acp_permission_roles
+{
+	var $u_action;
+	var $pre_selection_array;
+
+	function main($id, $mode)
+	{
+		global $db, $user, $auth, $template, $cache;
+		global $config, $SID, $phpbb_root_path, $phpbb_admin_path, $phpEx;
+
+		include_once($phpbb_root_path . 'includes/functions_user.' . $phpEx);
+		include_once($phpbb_root_path . 'includes/acp/auth.' . $phpEx);
+
+		$auth_admin = new auth_admin();
+
+		$user->add_lang('acp/permissions');
+		$user->add_lang('acp/permissions_phpbb');
+
+		$this->tpl_name = 'acp_permission_roles';
+
+		$submit = (isset($_POST['submit'])) ? true : false;
+		$role_id = request_var('role_id', 0);
+		$action = request_var('action', '');
+		$action = (isset($_POST['add'])) ? 'add' : $action;
+
+		// Define pre-selection array
+		$this->pre_selection_array = array(
+			1		=> array('lang' => 'PRE_ONLY_SPECIAL_GUEST', 'type' => GROUP_SPECIAL, 'name' => array('BOTS', 'GUESTS', 'INACTIVE', 'INACTIVE_COPPA'), 'negate' => false),
+			2		=> array('lang' => 'PRE_ONLY_SPECIAL_REGISTERED', 'type' => GROUP_SPECIAL, 'name' => array('ADMINISTRATORS', 'SUPER_MODERATORS', 'REGISTERED', 'REGISTERED_COPPA'), 'negate' => false),
+			3		=> array('lang' => 'PRE_NOT_SPECIAL_GUEST', 'type' => GROUP_SPECIAL, 'name' => array('BOTS', 'GUESTS', 'INACTIVE', 'INACTIVE_COPPA'), 'negate' => true),
+			4		=> array('lang' => 'PRE_NOT_SPECIAL_REGISTERED', 'type' => GROUP_SPECIAL, 'name' => array('ADMINISTRATORS', 'SUPER_MODERATORS', 'REGISTERED', 'REGISTERED_COPPA'), 'negate' => true),
+			5		=> array('lang' => 'PRE_ALL_SPECIAL', 'type' => GROUP_SPECIAL, 'negate' => false),
+			6		=> array('lang' => 'PRE_NOT_SPECIAL', 'type' => GROUP_SPECIAL, 'negate' => true),
+			7		=> array('lang' => 'PRE_ALL_FREE', 'type' => GROUP_FREE, 'negate' => false),
+			8		=> array('lang' => 'PRE_NOT_FREE', 'type' => GROUP_FREE, 'negate' => true),
+			9		=> array('lang' => 'PRE_ALL_CLOSED', 'type' => GROUP_CLOSED, 'negate' => false),
+			10		=> array('lang' => 'PRE_NOT_CLOSED', 'type' => GROUP_CLOSED, 'negate' => true),
+			11		=> array('lang' => 'PRE_ALL_HIDDEN', 'type' => GROUP_HIDDEN, 'negate' => false),
+			12		=> array('lang' => 'PRE_NOT_HIDDEN', 'type' => GROUP_HIDDEN, 'negate' => true),
+			13		=> array('lang' => 'PRE_ALL_OPEN', 'type' => GROUP_OPEN, 'negate' => false),
+			14		=> array('lang' => 'PRE_NOT_OPEN', 'type' => GROUP_OPEN, 'negate' => true),
+		);
+
+		switch ($mode)
+		{
+			case 'admin_roles':
+				$permission_type = 'a_';
+				$this->page_title = 'ACP_ADMIN_ROLES';
+			break;
+
+			case 'user_roles':
+				$permission_type = 'u_';
+				$this->page_title = 'ACP_USER_ROLES';
+			break;
+
+			case 'mod_roles':
+				$permission_type = 'm_';
+				$this->page_title = 'ACP_MOD_ROLES';
+			break;
+
+			case 'forum_roles':
+				$permission_type = 'f_';
+				$this->page_title = 'ACP_FORUM_ROLES';
+			break;
+
+			default:
+				trigger_error('INVALID_MODE');
+		}
+
+		$template->assign_vars(array(
+			'L_TITLE'		=> $user->lang[$this->page_title],
+			'L_EXPLAIN'		=> $user->lang[$this->page_title . '_EXPLAIN'])
+		);
+
+		// Take action... admin submitted something
+		if ($submit || $action == 'remove')
+		{
+			switch ($action)
+			{
+				case 'remove':
+
+					if (!$role_id)
+					{
+						trigger_error($user->lang['NO_ROLE_SELECTED'] . adm_back_link($this->u_action));
+					}
+
+					$sql = 'SELECT *
+						FROM ' . ACL_ROLES_TABLE . '
+						WHERE role_id = ' . $role_id;
+					$result = $db->sql_query($sql);
+					$role_row = $db->sql_fetchrow($result);
+					$db->sql_freeresult($result);
+
+					if (!$role_row)
+					{
+						trigger_error($user->lang['NO_ROLE_SELECTED'] . adm_back_link($this->u_action));
+					}
+
+					if (confirm_box(true))
+					{
+						$this->remove_role($role_id);
+
+						add_log('admin', 'LOG_' . strtoupper($permission_type) . 'ROLE_REMOVED', $role_row['role_name']);
+						trigger_error($user->lang['ROLE_DELETED'] . adm_back_link($this->u_action));
+					}
+					else
+					{
+						confirm_box(false, 'DELETE_ROLE', build_hidden_fields(array(
+							'i'			=> $id,
+							'mode'		=> $mode,
+							'role_id'	=> $role_id,
+							'action'	=> $action,
+						)));
+					}
+
+				break;
+
+				case 'edit':
+					if (!$role_id)
+					{
+						trigger_error($user->lang['NO_ROLE_SELECTED'] . adm_back_link($this->u_action));
+					}
+
+					// Get role we edit
+					$sql = 'SELECT *
+						FROM ' . ACL_ROLES_TABLE . '
+						WHERE role_id = ' . $role_id;
+					$result = $db->sql_query($sql);
+					$role_row = $db->sql_fetchrow($result);
+					$db->sql_freeresult($result);
+
+					if (!$role_row)
+					{
+						trigger_error($user->lang['NO_ROLE_SELECTED'] . adm_back_link($this->u_action));
+					}
+
+				case 'add':
+
+					$role_name = request_var('role_name', '');
+					$role_group_ids = request_var('role_group_ids', array(0));
+					$pre_select = request_var('pre_select', 'custom');
+					$auth_settings = request_var('setting', array('' => 0));
+
+					if (!$role_name)
+					{
+						trigger_error($user->lang['NO_ROLE_NAME_SPECIFIED'] . adm_back_link($this->u_action));
+					}
+
+					// Adjust group array if we have a pre-selection
+					if ($pre_select != 'custom')
+					{
+						$pre_select = (int) $pre_select;
+
+						if (!$pre_select || !isset($this->pre_selection_array[$pre_select]))
+						{
+							$role_group_ids = array(0);
+						}
+						else
+						{
+							$sql = 'SELECT group_id, group_name, group_type
+								FROM ' . GROUPS_TABLE . '
+								ORDER BY group_type DESC, group_name ASC';
+							$result = $db->sql_query($sql);
+
+							$groups = array();
+							while ($row = $db->sql_fetchrow($result))
+							{
+								$groups[$row['group_type']][$row['group_id']] = $row['group_name'];
+							}
+							$db->sql_freeresult($result);
+
+							// Build role_group_ids
+							$role_group_ids = array();
+
+							$row = $this->pre_selection_array[$pre_select];
+
+							if (!$row['negate'] && !isset($row['name']))
+							{
+								foreach ($groups[$row['type']] as $group_id => $group_name)
+								{
+									$role_group_ids[] = $group_id;
+								}
+							}
+							else if ($row['negate'] && !isset($row['name']))
+							{
+								$group_types = array(GROUP_OPEN, GROUP_CLOSED, GROUP_HIDDEN, GROUP_SPECIAL, GROUP_FREE);
+								unset($group_types[array_search($row['type'], $group_types)]);
+
+								foreach ($group_types as $type)
+								{
+									foreach ($groups[$type] as $group_id => $group_name)
+									{
+										$role_group_ids[] = $group_id;
+									}
+								}
+							}
+							else if (!$row['negate'] && isset($row['name']))
+							{
+								foreach ($groups[$row['type']] as $group_id => $group_name)
+								{
+									if (in_array($group_name, $row['name']))
+									{
+										$role_group_ids[] = $group_id;
+									}
+								}
+							}
+							else if ($row['negate'] && isset($row['name']))
+							{
+								$group_types = array(GROUP_OPEN, GROUP_CLOSED, GROUP_HIDDEN, GROUP_SPECIAL, GROUP_FREE);
+
+								foreach ($group_types as $type)
+								{
+									foreach ($groups[$type] as $group_id => $group_name)
+									{
+										if ($type != $row['type'])
+										{
+											$role_group_ids[] = $group_id;
+										}
+										else if (!in_array($group_name, $row['name']))
+										{
+											$role_group_ids[] = $group_id;
+										}
+									}
+								}
+							}
+						}
+					}
+
+					// if we add/edit a role we check the name to be unique among the settings...
+					$sql = 'SELECT role_id
+						FROM ' . ACL_ROLES_TABLE . "
+						WHERE role_type = '" . $db->sql_escape($permission_type) . "'
+							AND LOWER(role_name) = '" . $db->sql_escape(strtolower($role_name)) . "'";
+					$result = $db->sql_query($sql);
+					$row = $db->sql_fetchrow($result);
+					$db->sql_freeresult($result);
+
+					// Make sure we only print out the error if we add the role or change it's name
+					if ($row && ($mode == 'add' || ($mode == 'edit' && strtolower($role_row['role_name']) != strtolower($role_name))))
+					{
+						trigger_error(sprintf($user->lang['ROLE_NAME_ALREADY_EXIST'], $role_name) . adm_back_link($this->u_action));
+					}
+
+					// If role_group_ids include "every user/group" we do not need to set it...
+					if (in_array(0, $role_group_ids))
+					{
+						$role_group_ids = array(0);
+					}
+					
+					$sql_ary = array(
+						'role_name'			=> (string) $role_name,
+						'role_type'			=> (string) $permission_type,
+						'role_group_ids'	=> (string) implode(':', $role_group_ids),
+					);
+
+					if ($action == 'edit')
+					{
+						$sql = 'UPDATE ' . ACL_ROLES_TABLE . ' 
+							SET ' . $db->sql_build_array('UPDATE', $sql_ary) . ' 
+							WHERE role_id = ' . $role_id;
+						$db->sql_query($sql);
+					}
+					else
+					{
+						$sql = 'INSERT INTO ' . ACL_ROLES_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary);
+						$db->sql_query($sql);
+
+						$role_id = $db->sql_nextid();
+					}
+
+					// Now add the auth settings
+					$auth_admin->acl_set_role($role_id, $auth_settings);
+
+					add_log('admin', 'LOG_' . strtoupper($permission_type) . 'ROLE_' . strtoupper($action), $role_name);
+
+					trigger_error($user->lang['ROLE_' . strtoupper($action) . '_SUCCESS'] . adm_back_link($this->u_action));
+
+				break;
+			}
+		}
+
+		// Display screens
+		switch ($action)
+		{
+			case 'add':
+
+				$options_from = request_var('options_from', 0);
+
+				$role_row = array(
+					'role_name'			=> request_var('role_name', ''),
+					'role_type'			=> $permission_type,
+					'role_group_ids'	=> implode(':', request_var('role_group_ids', array(0))),
+				);
+
+				if ($options_from)
+				{
+					$sql = 'SELECT p.auth_option_id, p.auth_setting, o.auth_option
+						FROM ' . ACL_ROLES_DATA_TABLE . ' p, ' . ACL_OPTIONS_TABLE . ' o
+						WHERE o.auth_option_id = p.auth_option_id
+							AND p.role_id = ' . $options_from . '
+						ORDER BY p.auth_option_id';
+					$result = $db->sql_query($sql);
+
+					$auth_options = array();
+					while ($row = $db->sql_fetchrow($result))
+					{
+						$auth_options[$row['auth_option']] = $row['auth_setting'];
+					}
+					$db->sql_freeresult($result);
+				}
+				else
+				{
+					$sql = 'SELECT auth_option_id, auth_option
+						FROM ' . ACL_OPTIONS_TABLE . "
+						WHERE auth_option LIKE '{$permission_type}%'
+							AND auth_option <> '{$permission_type}'
+						ORDER BY auth_option_id";
+					$result = $db->sql_query($sql);
+
+					$auth_options = array();
+					while ($row = $db->sql_fetchrow($result))
+					{
+						$auth_options[$row['auth_option']] = ACL_UNSET;
+					}
+					$db->sql_freeresult($result);
+				}
+
+			case 'edit':
+
+				if ($action == 'edit')
+				{
+					if (!$role_id)
+					{
+						trigger_error($user->lang['NO_ROLE_SELECTED'] . adm_back_link($this->u_action));
+					}
+					
+					$sql = 'SELECT *
+						FROM ' . ACL_ROLES_TABLE . '
+						WHERE role_id = ' . $role_id;
+					$result = $db->sql_query($sql);
+					$role_row = $db->sql_fetchrow($result);
+					$db->sql_freeresult($result);
+
+					$sql = 'SELECT p.auth_option_id, p.auth_setting, o.auth_option
+						FROM ' . ACL_ROLES_DATA_TABLE . ' p, ' . ACL_OPTIONS_TABLE . ' o
+						WHERE o.auth_option_id = p.auth_option_id
+							AND p.role_id = ' . $role_id . '
+						ORDER BY p.auth_option_id';
+					$result = $db->sql_query($sql);
+
+					$auth_options = array();
+					while ($row = $db->sql_fetchrow($result))
+					{
+						$auth_options[$row['auth_option']] = $row['auth_setting'];
+					}
+					$db->sql_freeresult($result);
+				}
+
+				if (!$role_row)
+				{
+					trigger_error($user->lang['NO_PRESET_SELECTED'] . adm_back_link($this->u_action));
+				}
+
+				// Build group options array (with pre-selection)
+				$s_preselect_options = $s_group_options = array();
+				$this->build_group_options($role_row['role_group_ids'], $s_preselect_options, $s_group_options);
+
+				$template->assign_vars(array(
+					'S_EDIT'				=> true,
+					'S_PRESELECT_OPTIONS'	=> $s_preselect_options,
+					'S_GROUP_OPTIONS'		=> $s_group_options,
+
+					'U_ACTION'			=> $this->u_action . "&amp;action={$action}&amp;role_id={$role_id}",
+					'U_BACK'			=> $this->u_action,
+					
+					'ROLE_NAME'			=> $role_row['role_name'],
+					'L_ACL_TYPE'		=> $user->lang['ACL_TYPE_' . strtoupper($permission_type)],
+					)
+				);
+
+				// We need to fill the auth options array with ACL_UNSET options ;)
+				$sql = 'SELECT auth_option_id, auth_option
+					FROM ' . ACL_OPTIONS_TABLE . "
+					WHERE auth_option LIKE '{$permission_type}%'
+						AND auth_option <> '{$permission_type}'
+					ORDER BY auth_option_id";
+				$result = $db->sql_query($sql);
+
+				while ($row = $db->sql_fetchrow($result))
+				{
+					if (!isset($auth_options[$row['auth_option']]))
+					{
+						$auth_options[$row['auth_option']] = ACL_UNSET;
+					}
+				}
+				$db->sql_freeresult($result);
+
+				// Unset global permission option
+				unset($auth_options[$permission_type]);
+
+				// Display auth options
+				$this->display_auth_options($auth_options);
+
+				// Get users/groups/forums using this preset...
+				if ($action == 'edit')
+				{
+					$hold_ary = $auth_admin->get_role_mask($role_id);
+
+					if (sizeof($hold_ary))
+					{
+						$template->assign_var('S_DISPLAY_ROLE_MASK', true);
+						$auth_admin->display_role_mask($hold_ary);
+					}
+				}
+
+				return;
+			break;
+		}
+
+		// Select existing roles
+		$sql = 'SELECT *
+			FROM ' . ACL_ROLES_TABLE . "
+			WHERE role_type = '" . $db->sql_escape($permission_type) . "'
+			ORDER BY role_name ASC";
+		$result = $db->sql_query($sql);
+
+		$roles = $groups = $group_ids = $group_info = array();
+		while ($row = $db->sql_fetchrow($result))
+		{
+			$roles[] = $row;
+			if ($row['role_group_ids'])
+			{
+				$groups[$row['role_id']] = explode(':', $row['role_group_ids']);
+				$group_ids = array_merge($group_ids, $groups[$row['role_id']]);
+			}
+		}
+		$db->sql_freeresult($result);
+
+		if (sizeof($group_ids))
+		{
+			$sql = 'SELECT group_id, group_type, group_name
+				FROM ' . GROUPS_TABLE . '
+				WHERE group_id IN (' . implode(', ', array_map('intval', $group_ids)) . ')';
+			$result = $db->sql_query($sql);
+			
+			while ($row = $db->sql_fetchrow($result))
+			{
+				$group_info[$row['group_id']] = array(
+					'group_name'	=> ($row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $row['group_name']] : $row['group_name'],
+					'group_special'	=> ($row['group_type'] == GROUP_SPECIAL) ? true : false,
+				);
+			}
+			$db->sql_freeresult($result);
+		}
+		
+		$s_role_options = '';
+		foreach ($roles as $row)
+		{
+			$template->assign_block_vars('roles', array(
+				'NAME'				=> $row['role_name'],
+
+				'S_GROUP'			=> ($row['role_group_ids']) ? true : false,
+				
+				'U_EDIT'			=> $this->u_action . '&amp;action=edit&amp;role_id=' . $row['role_id'],
+				'U_REMOVE'			=> $this->u_action . '&amp;action=remove&amp;role_id=' . $row['role_id'],
+				'U_DISPLAY_ITEMS'	=> $this->u_action . '&amp;display_item=' . $row['role_id'] . '#assigned_to')
+			);
+
+			if (isset($groups[$row['role_id']]) && sizeof($groups[$row['role_id']]))
+			{
+				foreach ($groups[$row['role_id']] as $group_id)
+				{
+					$template->assign_block_vars('roles.groups', array(
+						'S_SPECIAL_GROUP'	=> $group_info[$group_id]['group_special'],
+						'GROUP_NAME'		=> $group_info[$group_id]['group_name'],
+						'U_GROUP'			=> $phpbb_root_path . "memberlist.$phpEx$SID&amp;mode=group&amp;g=$group_id")
+					);
+				}
+			}
+			
+			$s_role_options .= '<option value="' . $row['role_id'] . '">' . $row['role_name'] . '</option>';
+		}
+
+		$template->assign_vars(array(
+			'S_ROLE_OPTIONS'		=> $s_role_options)
+		);
+
+		// Display assigned items?
+		$display_item = request_var('display_item', 0);
+
+		if ($display_item)
+		{
+			$template->assign_var('S_DISPLAY_ROLE_MASK', true);
+
+			$hold_ary = $auth_admin->get_role_mask($display_item);
+			$auth_admin->display_role_mask($hold_ary);
+		}
+	}
+
+	/**
+	* Display permission settings able to be set
+	*/
+	function display_auth_options($auth_options)
+	{
+		global $template, $user;
+
+		$content_array = $categories = array();
+		$key_sort_array = array(0);
+		$auth_options = array(0 => $auth_options);
+		
+		// Making use of auth_admin method here (we do not really want to change two similar code fragments)
+		auth_admin::build_permission_array($auth_options, $content_array, $categories, $key_sort_array);
+
+		$content_array = $content_array[0];
+		
+		$template->assign_var('S_NUM_PERM_COLS', sizeof($categories));
+
+		// Assign to template
+		foreach ($content_array as $cat => $cat_array)
+		{
+			$template->assign_block_vars('auth', array(
+				'CAT_NAME'	=> $user->lang['permission_cat'][$cat],
+				'S_YES'		=> $cat_array['S_YES'],
+				'S_NO'		=> $cat_array['S_NO'],
+				'S_UNSET'	=> $cat_array['S_UNSET'])
+			);
+				
+			foreach ($cat_array['permissions'] as $permission => $allowed)
+			{
+				$template->assign_block_vars('auth.mask', array(
+					'S_YES'		=> ($allowed == ACL_YES) ? true : false,
+					'S_NO'		=> ($allowed == ACL_NO) ? true : false,
+					'S_UNSET'	=> ($allowed == ACL_UNSET) ? true : false,
+
+					'FIELD_NAME'	=> $permission,
+					'PERMISSION'	=> $user->lang['acl_' . $permission]['lang'])
+				);
+			}
+		}
+	}
+
+	
+	/**
+	* Build user-friendly group options
+	*/
+	function build_group_options($role_group_ids, &$s_preselect_options, &$s_group_options)
+	{
+		global $db, $user, $template;
+
+		$groups = $selected_groups = array();
+
+		$sql = 'SELECT group_id, group_name, group_type
+			FROM ' . GROUPS_TABLE . '
+			ORDER BY group_type DESC, group_name ASC';
+		$result = $db->sql_query($sql);
+
+		$groups = array();
+		while ($row = $db->sql_fetchrow($result))
+		{
+			$groups[$row['group_type']][$row['group_id']] = $row['group_name'];
+		}
+		$db->sql_freeresult($result);
+
+		$selected_group_ids = explode(':', $role_group_ids);
+
+		// First of all, build the group options for the custom interface...
+		$s_group_options = '';
+		foreach ($groups as $group_type => $group_row)
+		{
+			foreach ($group_row as $group_id => $group_name)
+			{
+				if (in_array($group_id, $selected_group_ids))
+				{
+					$selected_groups[$group_type][$group_id] = $group_name;
+				}
+				$s_group_options .= '<option value="' . $group_id . '"' . ((in_array($group_id, $selected_group_ids)) ? ' selected="selected"' : '') . (($group_type == GROUP_SPECIAL) ? ' class="sep"' : '') . '>' . (($group_type == GROUP_SPECIAL) ? $user->lang['G_' . $group_name] : $group_name) . '</option>';
+			}
+		}
+
+		// Build preselect array...
+		$one_selected_item = false;
+
+		$s_preselect_options = '<option value="0"' . ((!$role_group_ids) ? ' selected="selected"' : '') . '>' . $user->lang['EVERY_USER_GROUP'] . '</option>';
+		if (!$role_group_ids)
+		{
+			$one_selected_item = true;
+		}
+
+		// Build pre-selection dropdown field
+		foreach ($this->pre_selection_array as $option_id => $row)
+		{
+			if (!$row['negate'] && !isset($row['name']))
+			{
+				$s_selected = false;
+				if (sizeof($selected_groups) == 1 && isset($selected_groups[$row['type']]) && sizeof($selected_groups[$row['type']]) == sizeof($groups[$row['type']]))
+				{
+					$s_selected = true;
+				}
+			}
+			else if ($row['negate'] && !isset($row['name']))
+			{
+				$group_types = array(GROUP_OPEN, GROUP_CLOSED, GROUP_HIDDEN, GROUP_SPECIAL, GROUP_FREE);
+				unset($group_types[array_search($row['type'], $group_types)]);
+
+				$s_selected = true;
+				if (isset($selected_groups[$row['type']]))
+				{
+					$s_selected = false;
+				}
+				
+				foreach ($group_types as $type)
+				{
+					if (!isset($selected_groups[$type]) || sizeof($selected_groups[$type]) != sizeof($groups[$type]))
+					{
+						$s_selected = false;
+					}
+				}
+			}
+			else if (!$row['negate'] && isset($row['name']))
+			{
+				$s_selected = false;
+				if (sizeof($selected_groups) == 1 && isset($selected_groups[$row['type']]) && sizeof($selected_groups[$row['type']]) == sizeof($row['name']))
+				{
+					$s_selected = true;
+
+					foreach ($row['name'] as $name)
+					{
+						if (!in_array($name, $selected_groups[$row['type']]))
+						{
+							$s_selected = false;
+						}
+					}
+				}
+			}
+			else if ($row['negate'] && isset($row['name']))
+			{
+				$group_types = array(GROUP_OPEN, GROUP_CLOSED, GROUP_HIDDEN, GROUP_SPECIAL, GROUP_FREE);
+				unset($group_types[array_search($row['type'], $group_types)]);
+
+				$s_selected = true;
+				if (isset($selected_groups[$row['type']]))
+				{
+					foreach ($row['name'] as $name)
+					{
+						if (in_array($name, $selected_groups[$row['type']]))
+						{
+							$s_selected = false;
+						}
+					}
+				}
+				
+				foreach ($group_types as $type)
+				{
+					if (!isset($selected_groups[$type]) || sizeof($selected_groups[$type]) != sizeof($groups[$type]))
+					{
+						$s_selected = false;
+					}
+				}
+			}
+
+			if ($s_selected)
+			{
+				$one_selected_item = true;
+			}
+
+			$s_preselect_options .= '<option value="' . $option_id . '"' . (($s_selected) ? ' selected="selected"' : '') . '>' . $user->lang[$row['lang']] . '</option>';
+		}
+
+		$s_preselect_options .= '<option value="custom"' . ((!$one_selected_item) ? ' selected="selected"' : '') . '>' . $user->lang['CUSTOM'] . '</option>';
+
+		$template->assign_var('S_CUSTOM_GROUP_IDS', ($one_selected_item) ? false : true);
+	}
+
+	/**
+	* Remove role
+	*/
+	function remove_role($role_id)
+	{
+		global $db;
+
+		$auth_admin = new auth_admin();
+		
+		// First of all, get the role auth settings we need to re-set...
+		$sql = 'SELECT o.auth_option, r.auth_setting
+			FROM ' . ACL_ROLES_DATA_TABLE . ' r, ' . ACL_OPTIONS_TABLE . ' o
+			WHERE o.auth_option_id = r.auth_option_id
+				AND r.role_id = ' . $role_id;
+		$result = $db->sql_query($sql);
+
+		$auth_settings = array();
+		while ($row = $db->sql_fetchrow($result))
+		{
+			$auth_settings[$row['auth_option']] = $row['auth_setting'];
+		}
+		$db->sql_freeresult($result);
+
+		// Get role assignments
+		$hold_ary = $auth_admin->get_role_mask($role_id);
+		
+		// Remove role from users and groups
+		$sql = 'DELETE FROM ' . ACL_USERS_TABLE . '
+			WHERE auth_role_id = ' . $role_id;
+		$db->sql_query($sql);
+
+		$sql = 'DELETE FROM ' . ACL_GROUPS_TABLE . '
+			WHERE auth_role_id = ' . $role_id;
+		$db->sql_query($sql);
+
+		// Re-assign permisisons
+		foreach ($hold_ary as $forum_id => $forum_ary)
+		{
+			if (isset($forum_ary['users']))
+			{
+				$auth_admin->acl_set('user', $forum_id, $forum_ary['users'], $auth_settings);
+			}
+
+			if (isset($forum_ary['groups']))
+			{
+				$auth_admin->acl_set('group', $forum_id, $forum_ary['users'], $auth_settings);
+			}
+		}
+
+		// Remove role data and role
+		$sql = 'DELETE FROM ' . ACL_ROLES_DATA_TABLE . '
+			WHERE role_id = ' . $role_id;
+		$db->sql_query($sql);
+
+		$sql = 'DELETE FROM ' . ACL_ROLES_TABLE . '
+			WHERE role_id = ' . $role_id;
+		$db->sql_query($sql);
+	}
+}
+
+/**
+* @package module_install
+*/
+class acp_permission_roles_info
+{
+	function module()
+	{
+		return array(
+			'filename'	=> 'acp_permission_roles',
+			'title'		=> 'ACP_PERMISSION_ROLES',
+			'version'	=> '1.0.0',
+			'modes'		=> array(
+				'admin_roles'		=> array('title' => 'ACP_ADMIN_ROLES', 'auth' => 'acl_a_roles'),
+				'user_roles'		=> array('title' => 'ACP_USER_ROLES', 'auth' => 'acl_a_roles'),
+				'mod_roles'			=> array('title' => 'ACP_MOD_ROLES', 'auth' => 'acl_a_roles'),
+				'forum_roles'		=> array('title' => 'ACP_FORUM_ROLES', 'auth' => 'acl_a_roles'),
+			),
+		);
+	}
+
+	function install()
+	{
+	}
+
+	function uninstall()
+	{
+	}
+}
+
+?>
+\ No newline at end of file
diff --git a/phpBB/includes/acp/acp_permissions.php b/phpBB/includes/acp/acp_permissions.php
index f47133c7b9..dec3e03170 100644
--- a/phpBB/includes/acp/acp_permissions.php
+++ b/phpBB/includes/acp/acp_permissions.php
@@ -38,11 +38,14 @@ class acp_permissions
 		$action = (isset($_POST['psubmit'])) ? 'apply_permissions' : $action;
 
 		$all_forums = request_var('all_forums', 0);
-		$user_id = request_var('user_id', array(0));
-		$group_id = request_var('group_id', array(0));
+		$subforum_id = request_var('subforum_id', 0);
 		$forum_id = request_var('forum_id', array(0));
+
 		$username = request_var('username', array(''));
 		$usernames = request_var('usernames', '');
+		$user_id = request_var('user_id', array(0));
+
+		$group_id = request_var('group_id', array(0));
 
 		// Map usernames to ids and vice versa
 		if ($usernames)
@@ -62,11 +65,45 @@ class acp_permissions
 		}
 		unset($username);
 		
+		// Build forum ids (of all forums are checked or subforum listing used)
+		if ($all_forums)
+		{
+			$sql = 'SELECT forum_id
+				FROM ' . FORUMS_TABLE . '
+				ORDER BY left_id';
+			$result = $db->sql_query($sql);
+
+			$forum_id = array();
+			while ($row = $db->sql_fetchrow($result))
+			{
+				$forum_id[] = $row['forum_id'];
+			}
+			$db->sql_freeresult($result);
+		}
+		else if ($subforum_id)
+		{
+			$forum_id = array();
+			foreach (get_forum_branch($subforum_id, 'children') as $row)
+			{
+				$forum_id[] = $row['forum_id'];
+			}
+		}
+
 		// Define some common variables for every mode
 		$error = array();
 		
 		$permission_scope = (strpos($mode, '_global') !== false) ? 'global' : 'local';
 
+		// Showing introductionary page?
+		if ($mode == 'intro')
+		{
+			$template->assign_vars(array(
+				'S_INTRO'		=> true)
+			);
+
+			return;
+		}
+
 		switch ($mode)
 		{
 			case 'setting_user_global':
@@ -168,11 +205,6 @@ class acp_permissions
 			'type'			=> $permission_type)
 		);
 
-		if ($all_forums)
-		{
-			$s_hidden_fields .= build_hidden_fields(array('all_forums' => $all_forums));
-		}
-
 		// Go through the screens/options needed and present them in correct order
 		foreach ($permission_victim as $victim)
 		{
@@ -195,19 +227,28 @@ class acp_permissions
 					
 				case 'forums':
 
-					if (sizeof($forum_id) || $all_forums)
+					if (sizeof($forum_id))
 					{
-						if (sizeof($forum_id))
-						{
-							$this->check_existence('forum', $forum_id);
-						}
-
+						$this->check_existence('forum', $forum_id);
 						continue 2;
 					}
 
+					$forum_list = make_forum_select(false, false, false, false, true, true);
+
+					// Build forum options
+					$s_forum_options = '';
+					foreach ($forum_list as $f_id => $f_row)
+					{
+						$s_forum_options .= '<option value="' . $f_id . '"' . $f_row['selected'] . '>' . $f_row['padding'] . $f_row['forum_name'] . '</option>';
+					}
+
+					// Build subforum options
+					$s_subforum_options = $this->build_subforum_options($forum_list);
+
 					$template->assign_vars(array(
 						'S_SELECT_FORUM'		=> true,
-						'S_FORUM_OPTIONS'		=> make_forum_select(false, false, false),
+						'S_FORUM_OPTIONS'		=> $s_forum_options,
+						'S_SUBFORUM_OPTIONS'	=> $s_subforum_options,
 						'S_FORUM_ALL'			=> true,
 						'S_FORUM_MULTIPLE'		=> true)
 					);
@@ -263,29 +304,33 @@ class acp_permissions
 					}
 
 					$sql_forum_id = ($permission_scope == 'global') ? 'AND a.forum_id = 0' : ((sizeof($forum_id)) ? 'AND a.forum_id IN (' . implode(', ', $forum_id) . ')' : 'AND a.forum_id <> 0');
-					$sql_permission_option = "o.auth_option LIKE '" . $db->sql_escape($permission_type) . "%'";
+					$sql_permission_option = "AND o.auth_option LIKE '" . $db->sql_escape($permission_type) . "%'";
 
 					$sql = 'SELECT DISTINCT u.user_id, u.username
-						FROM ' . USERS_TABLE . ' u, ' . ACL_USERS_TABLE . ' a, ' . ACL_OPTIONS_TABLE . " o
-						WHERE $sql_permission_option
+						FROM (' . USERS_TABLE . ' u, ' . ACL_USERS_TABLE . ' a, ' . ACL_OPTIONS_TABLE . ' o)
+						LEFT JOIN ' . ACL_ROLES_DATA_TABLE . " r ON (a.auth_role_id = r.role_id)
+						WHERE (a.auth_option_id = o.auth_option_id OR r.auth_option_id = o.auth_option_id)
+							$sql_permission_option
 							$sql_forum_id
-							AND a.auth_option_id = o.auth_option_id
 							AND u.user_id = a.user_id
 						ORDER BY u.username, u.user_regdate ASC";
 					$result = $db->sql_query($sql);
 
 					$s_defined_user_options = '';
+					$defined_user_ids = array();
 					while ($row = $db->sql_fetchrow($result))
 					{
 						$s_defined_user_options .= '<option value="' . $row['user_id'] . '">' . $row['username'] . '</option>';
+						$defined_user_ids[] = $row['user_id'];
 					}
 					$db->sql_freeresult($result);
 
 					$sql = 'SELECT DISTINCT g.group_id, g.group_name, g.group_type 
-						FROM ' . GROUPS_TABLE . ' g, ' . ACL_GROUPS_TABLE . ' a, ' . ACL_OPTIONS_TABLE . " o
-						WHERE $sql_permission_option
+						FROM (' . GROUPS_TABLE . ' g, ' . ACL_GROUPS_TABLE . ' a, ' . ACL_OPTIONS_TABLE . ' o)
+						LEFT JOIN ' . ACL_ROLES_DATA_TABLE . " r ON (a.auth_role_id = r.role_id)
+						WHERE (a.auth_option_id = o.auth_option_id OR r.auth_option_id = o.auth_option_id)
+							$sql_permission_option
 							$sql_forum_id
-							AND a.auth_option_id = o.auth_option_id
 							AND g.group_id = a.group_id
 						ORDER BY g.group_type DESC, g.group_name ASC";
 					$result = $db->sql_query($sql);
@@ -299,6 +344,22 @@ class acp_permissions
 					}
 					$db->sql_freeresult($result);
 
+					// Now we check the users... because the "all"-selection is different here (all defined users/groups)
+					$all_users = (isset($_POST['all_users'])) ? true : false;
+					$all_groups = (isset($_POST['all_groups'])) ? true : false;
+
+					if ($all_users && sizeof($defined_user_ids))
+					{
+						$user_id = $defined_user_ids;
+						continue 2;
+					}
+
+					if ($all_groups && sizeof($defined_group_ids))
+					{
+						$group_id = $defined_group_ids;
+						continue 2;
+					}
+
 					$template->assign_vars(array(
 						'S_SELECT_USERGROUP'		=> ($victim == 'usergroup') ? true : false,
 						'S_SELECT_USERGROUP_VIEW'	=> ($victim == 'usergroup_view') ? true : false,
@@ -346,12 +407,6 @@ class acp_permissions
 			return;
 		}
 
-		// Set to all forums if selected
-		if ($permission_scope == 'local' && $all_forums)
-		{
-			$forum_id = array();
-		}
-
 		// Do not allow forum_ids being set and no other setting defined (will bog down the server too much)
 		if (sizeof($forum_id) && !sizeof($user_id) && !sizeof($group_id))
 		{
@@ -387,6 +442,45 @@ class acp_permissions
 	}
 
 	/**
+	* Build +subforum options
+	*/
+	function build_subforum_options($forum_list)
+	{
+		global $user;
+
+		$s_options = '';
+
+		$forum_list = array_merge($forum_list);
+
+		foreach ($forum_list as $key => $row)
+		{
+			$s_options .= '<option value="' . $row['forum_id'] . '"' . $row['selected'] . '>' . $row['padding'] . $row['forum_name'];
+
+			// We check if a branch is there...
+			$branch_there = false;
+
+			foreach (array_slice($forum_list, $key + 1) as $temp_row)
+			{
+				if ($temp_row['left_id'] > $row['left_id'] && $temp_row['left_id'] < $row['right_id'])
+				{
+					$branch_there = true;
+					break;
+				}
+				continue;
+			}
+			
+			if ($branch_there)
+			{
+				$s_options .= ' [' . $user->lang['PLUS_SUBFORUMS'] . ']';
+			}
+
+			$s_options .= '</option>';
+		}
+
+		return $s_options;
+	}
+	
+	/**
 	* Build dropdown field for changing permission types
 	*/
 	function build_permission_dropdown($options, $default_option)
@@ -476,9 +570,12 @@ class acp_permissions
 
 		$auth_settings = array_map('intval', $_POST['setting'][$ug_id][$forum_id]);
 
-		// Do the admin want to set these permissions to other forums too?
+		// Do we have a role we want to set?
+		$assigned_role = (isset($_POST['role'][$ug_id][$forum_id])) ? (int) $_POST['role'][$ug_id][$forum_id] : 0;
+
+		// Do the admin want to set these permissions to other items too?
 		$inherit = request_var('inherit', array(0));
-			
+
 		$ug_id = array($ug_id);
 		$forum_id = array($forum_id);
 
@@ -499,8 +596,17 @@ class acp_permissions
 
 		$forum_id = array_unique($forum_id);
 
+		// If the auth settings differ from the assigned role, then do not set a role...
+		if ($assigned_role)
+		{
+			if (!$this->check_assigned_role($assigned_role, $auth_settings))
+			{
+				$assigned_role = 0;
+			}
+		}
+
 		// Update the permission set...
-		$auth_admin->acl_set($ug_type, $forum_id, $ug_id, $auth_settings);
+		$auth_admin->acl_set($ug_type, $forum_id, $ug_id, $auth_settings, $assigned_role);
 
 		// Do we need to recache the moderator lists?
 		if ($permission_type == 'm_')
@@ -549,8 +655,20 @@ class acp_permissions
 				$forum_id = (int) $forum_id;
 				$forum_ids[] = $forum_id;
 
+				// Check role...
+				$assigned_role = (isset($_POST['role'][$ug_id][$forum_id])) ? (int) $_POST['role'][$ug_id][$forum_id] : 0;
+
+				// If the auth settings differ from the assigned role, then do not set a role...
+				if ($assigned_role)
+				{
+					if (!$this->check_assigned_role($assigned_role, $auth_options))
+					{
+						$assigned_role = 0;
+					}
+				}
+
 				// Update the permission set...
-				$auth_admin->acl_set($ug_type, $forum_id, $ug_id, $auth_options);
+				$auth_admin->acl_set($ug_type, $forum_id, $ug_id, $auth_options, $assigned_role);
 			}
 		}
 
@@ -572,6 +690,44 @@ class acp_permissions
 	}
 
 	/**
+	* Compare auth settings with auth settings from role
+	* returns false if they differ, true if they are equal
+	*/
+	function check_assigned_role($role_id, &$auth_settings)
+	{
+		global $db;
+
+		$sql = 'SELECT o.auth_option, r.auth_setting
+			FROM ' . ACL_OPTIONS_TABLE . ' o, ' . ACL_ROLES_DATA_TABLE . ' r
+			WHERE o.auth_option_id = r.auth_option_id
+				AND r.role_id = ' . $role_id;
+		$result = $db->sql_query($sql);
+
+		$test_auth_settings = array();
+		while ($row = $db->sql_fetchrow($result))
+		{
+			$test_auth_settings[$row['auth_option']] = $row['auth_setting'];
+		}
+		$db->sql_freeresult($result);
+
+		// We need to add any ACL_UNSET setting from auth_settings to compare correctly
+		foreach ($auth_settings as $option => $setting)
+		{
+			if ($setting == ACL_UNSET)
+			{
+				$test_auth_settings[$option] = $setting;
+			}
+		}
+
+		if (sizeof(array_diff_assoc($auth_settings, $test_auth_settings)))
+		{
+			return false;
+		}
+
+		return true;
+	}
+
+	/**
 	* Remove permissions
 	*/
 	function remove_permissions($mode, $permission_type, &$auth_admin, &$user_id, &$group_id, &$forum_id)
@@ -708,6 +864,8 @@ class acp_permissions_info
 			'title'		=> 'ACP_PERMISSIONS',
 			'version'	=> '1.0.0',
 			'modes'		=> array(
+				'intro'					=> array('title' => 'ACP_PERMISSIONS', 'auth' => 'acl_a_authusers || acl_a_authgroups || acl_a_viewauth'),
+
 				'setting_user_global'	=> array('title' => 'ACP_USERS_PERMISSIONS', 'auth' => 'acl_a_authusers && (acl_a_aauth || acl_a_mauth || acl_a_uauth)'),
 				'setting_user_local'	=> array('title' => 'ACP_USERS_FORUM_PERMISSIONS', 'auth' => 'acl_a_authusers && (acl_a_mauth || acl_a_fauth)'),
 				'setting_group_global'	=> array('title' => 'ACP_GROUPS_PERMISSIONS', 'auth' => 'acl_a_authgroups && (acl_a_aauth || acl_a_mauth || acl_a_uauth)'),
diff --git a/phpBB/includes/acp/auth.php b/phpBB/includes/acp/auth.php
index ab744990a2..905ab2b7cc 100644
--- a/phpBB/includes/acp/auth.php
+++ b/phpBB/includes/acp/auth.php
@@ -166,19 +166,19 @@ class auth_admin extends auth
 	}
 
 	/**
-	* Get permission mask for presets
-	* This function only supports getting masks for one preset
+	* Get permission mask for roles
+	* This function only supports getting masks for one role
 	*/
-	function get_preset_mask($preset_id)
+	function get_role_mask($role_id)
 	{
 		global $db;
 
 		$hold_ary = array();
 
-		// Get users having this preset set...
+		// Get users having this role set...
 		$sql = 'SELECT user_id, forum_id
 			FROM ' . ACL_USERS_TABLE . '
-			WHERE auth_preset_id = ' . $preset_id . '
+			WHERE auth_role_id = ' . $role_id . '
 			ORDER BY forum_id';
 		$result = $db->sql_query($sql);
 
@@ -191,7 +191,7 @@ class auth_admin extends auth
 		// Now grab groups... 
 		$sql = 'SELECT group_id, forum_id
 			FROM ' . ACL_GROUPS_TABLE . '
-			WHERE auth_preset_id = ' . $preset_id . '
+			WHERE auth_role_id = ' . $role_id . '
 			ORDER BY forum_id';
 		$result = $db->sql_query($sql);
 
@@ -261,6 +261,49 @@ class auth_admin extends auth
 			$forum_names_ary[0] = $l_acl_type;
 		}
 
+		// Get available roles
+		$sql = 'SELECT *
+			FROM ' . ACL_ROLES_TABLE . "
+			WHERE role_type = '" . $db->sql_escape($permission_type) . "'";
+		$result = $db->sql_query($sql);
+
+		$roles = array();
+		while ($row = $db->sql_fetchrow($result))
+		{
+			$roles[$row['role_id']] = $row;
+			$roles[$row['role_id']]['groups'] = ($row['role_group_ids']) ? explode(':', $row['role_group_ids']) : array();
+		}
+		$db->sql_freeresult($result);
+
+		$cur_roles = $this->acl_role_data($user_mode, $permission_type, array_keys($hold_ary));
+
+		// Build js roles array (role data assignments)
+		$s_role_js_array = '';
+		
+		if (sizeof($roles))
+		{
+			$sql = 'SELECT r.role_id, o.auth_option, r.auth_setting
+				FROM ' . ACL_ROLES_DATA_TABLE . ' r, ' . ACL_OPTIONS_TABLE . ' o
+				WHERE o.auth_option_id = r.auth_option_id
+					AND r.role_id IN (' . implode(', ', array_keys($roles)) . ')';
+			$result = $db->sql_query($sql);
+
+			$s_role_js_array = array();
+			while ($row = $db->sql_fetchrow($result))
+			{
+				if (!isset($s_role_js_array[$row['role_id']]))
+				{
+					$s_role_js_array[$row['role_id']] = "\n" . 'role_options[' . $row['role_id'] . '] = new Array();' . "\n";
+				}
+				$s_role_js_array[$row['role_id']] .= 'role_options[' . $row['role_id'] . '][\'' . $row['auth_option'] . '\'] = ' . $row['auth_setting'] . '; ';
+			}
+			$db->sql_freeresult($result);
+
+			$s_role_js_array = implode('', $s_role_js_array);
+		}
+
+		$template->assign_var('S_ROLE_JS_ARRAY', $s_role_js_array);
+
 		// Now obtain memberships
 		$user_groups_default = $user_groups_custom = array();
 		if ($user_mode == 'user' && $group_display)
@@ -293,9 +336,10 @@ class auth_admin extends auth
 			unset($memberships, $groups);
 		}
 
-		// If we only have one forum id to display, we switch the complete interface to group by user/usergroup instead of grouping by forum
+		// If we only have one forum id to display or being in local mode and more than one user/group to display, 
+		// we switch the complete interface to group by user/usergroup instead of grouping by forum
 		// To achive this, we need to switch the array a bit
-		if (sizeof($forum_ids) == 1)
+		if (sizeof($forum_ids) == 1 || ($local && sizeof($ug_names_ary) > 1))
 		{
 			$hold_ary_temp = $hold_ary;
 			$hold_ary = array();
@@ -330,10 +374,28 @@ class auth_admin extends auth
 
 				foreach ($content_array as $ug_id => $ug_array)
 				{
+					// Build role dropdown options
+					$current_role_id = (isset($cur_roles[$ug_id][$forum_id])) ? $cur_roles[$ug_id][$forum_id] : 0;
+
+					$s_role_options = '';
+					foreach ($roles as $role_id => $role_row)
+					{
+						if ($role_id == $current_role_id || !sizeof($role_row['groups']) || ($user_mode == 'group' && in_array($ug_id, $role_row['groups'])))
+						{
+							$s_role_options .= '<option value="' . $role_id . '"' . (($role_id == $current_role_id) ? ' selected="selected"' : '') . '>' . $role_row['role_name'] . '</option>';
+						}
+					}
+					
+					if ($s_role_options)
+					{
+						$s_role_options = '<option value="0"' . ((!$current_role_id) ? ' selected="selected"' : '') . '>' . $user->lang['SELECT_ROLE'] . '</option>' . $s_role_options;
+					}
+
 					$template->assign_block_vars($tpl_pmask . '.' . $tpl_fmask, array(
-						'NAME'		=> $ug_names_ary[$ug_id],
-						'UG_ID'		=> $ug_id,
-						'FORUM_ID'	=> $forum_id)
+						'NAME'				=> $ug_names_ary[$ug_id],
+						'S_ROLE_OPTIONS'	=> $s_role_options,
+						'UG_ID'				=> $ug_id,
+						'FORUM_ID'			=> $forum_id)
 					);
 
 					$this->assign_cat_array($ug_array, $tpl_pmask . '.' . $tpl_fmask . '.' . $tpl_category, $tpl_mask, $ug_id, $forum_id);
@@ -371,11 +433,29 @@ class auth_admin extends auth
 
 				foreach ($content_array as $forum_id => $forum_array)
 				{
+					// Build role dropdown options
+					$current_role_id = (isset($cur_roles[$ug_id][$forum_id])) ? $cur_roles[$ug_id][$forum_id] : 0;
+
+					$s_role_options = '';
+					foreach ($roles as $role_id => $role_row)
+					{
+						if ($role_id == $current_role_id || !sizeof($role_row['groups']) || ($user_mode == 'group' && in_array($ug_id, $role_row['groups'])))
+						{
+							$s_role_options .= '<option value="' . $role_id . '"' . (($role_id == $current_role_id) ? ' selected="selected"' : '') . '>' . $role_row['role_name'] . '</option>';
+						}
+					}
+
+					if ($s_role_options)
+					{
+						$s_role_options = '<option value="0"' . ((!$current_role_id) ? ' selected="selected"' : '') . '>' . $user->lang['SELECT_ROLE'] . '</option>' . $s_role_options;
+					}
+
 					$template->assign_block_vars($tpl_pmask . '.' . $tpl_fmask, array(
-						'NAME'		=> ($forum_id == 0) ? $forum_names_ary[0] : $forum_names_ary[$forum_id]['forum_name'],
-						'PADDING'	=> ($forum_id == 0) ? '' : $forum_names_ary[$forum_id]['padding'],
-						'UG_ID'		=> $ug_id,
-						'FORUM_ID'	=> $forum_id)
+						'NAME'				=> ($forum_id == 0) ? $forum_names_ary[0] : $forum_names_ary[$forum_id]['forum_name'],
+						'PADDING'			=> ($forum_id == 0) ? '' : $forum_names_ary[$forum_id]['padding'],
+						'S_ROLE_OPTIONS'	=> $s_role_options,
+						'UG_ID'				=> $ug_id,
+						'FORUM_ID'			=> $forum_id)
 					);
 
 					$this->assign_cat_array($forum_array, $tpl_pmask . '.' . $tpl_fmask . '.' . $tpl_category, $tpl_mask, $ug_id, $forum_id);
@@ -385,9 +465,9 @@ class auth_admin extends auth
 	}
 
 	/**
-	* Display permission mask for presets
+	* Display permission mask for roles
 	*/
-	function display_preset_mask(&$hold_ary)
+	function display_role_mask(&$hold_ary)
 	{
 		global $db, $template, $user, $phpbb_root_path, $phpbb_admin_path, $phpEx, $SID;
 
@@ -411,7 +491,7 @@ class auth_admin extends auth
 
 		foreach ($hold_ary as $forum_id => $auth_ary)
 		{
-			$template->assign_block_vars('preset_mask', array(
+			$template->assign_block_vars('role_mask', array(
 				'NAME'				=> ($forum_id == 0) ? $user->lang['GLOBAL_MASK'] : $forum_names[$forum_id],
 				'FORUM_ID'			=> $forum_id)
 			);
@@ -426,7 +506,7 @@ class auth_admin extends auth
 
 				while ($row = $db->sql_fetchrow($result))
 				{
-					$template->assign_block_vars('preset_mask.users', array(
+					$template->assign_block_vars('role_mask.users', array(
 						'USER_ID'		=> $row['user_id'],
 						'USERNAME'		=> $row['username'],
 						'U_PROFILE'		=> "{$phpbb_root_path}memberlist.$phpEx$SID&amp;mode=viewprofile&amp;u={$row['user_id']}")
@@ -445,7 +525,7 @@ class auth_admin extends auth
 
 				while ($row = $db->sql_fetchrow($result))
 				{
-					$template->assign_block_vars('preset_mask.groups', array(
+					$template->assign_block_vars('role_mask.groups', array(
 						'GROUP_ID'		=> $row['group_id'],
 						'GROUP_NAME'	=> ($row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $row['group_name']] : $row['group_name'],
 						'U_PROFILE'		=> $phpbb_root_path . "memberlist.$phpEx$SID&amp;mode=group&amp;g={$row['group_id']}")
@@ -566,7 +646,7 @@ class auth_admin extends auth
 	/**
 	* Set a user or group ACL record
 	*/
-	function acl_set($ug_type, &$forum_id, &$ug_id, &$auth)
+	function acl_set($ug_type, &$forum_id, &$ug_id, &$auth, $role_id = 0)
 	{
 		global $db;
 
@@ -599,120 +679,70 @@ class auth_admin extends auth
 		$ug_id_sql = 'IN (' . implode(', ', array_map('intval', $ug_id)) . ')';
 		$forum_sql = 'IN (' . implode(', ', array_map('intval', $forum_id)) . ') ';
 
-		// Set any flags as required
-		foreach ($auth as $auth_option => $setting)
-		{
-			$flag = substr($auth_option, 0, strpos($auth_option, '_') + 1);
-
-			if (!isset($auth[$flag]) || !$auth[$flag])
-			{
-				$auth[$flag] = $setting;
-			}
-		}
-
-		if ($ug_type == 'user')
-		{
-			$sql = 'SELECT o.auth_option_id, o.auth_option, a.forum_id, a.auth_setting 
-				FROM ' . ACL_USERS_TABLE . ' a, ' . ACL_OPTIONS_TABLE . " o 
-				WHERE a.auth_option_id = o.auth_option_id 
-					AND a.forum_id $forum_sql
-					AND a.user_id $ug_id_sql";
-		}
-		else
-		{
-			$sql = 'SELECT o.auth_option_id, o.auth_option, a.forum_id, a.auth_setting 
-				FROM ' . ACL_GROUPS_TABLE . ' a, ' . ACL_OPTIONS_TABLE . " o 
-				WHERE a.auth_option_id = o.auth_option_id 
-					AND a.forum_id $forum_sql
-					AND a.group_id $ug_id_sql";
-		}
-		$result = $db->sql_query($sql);
-
-		$cur_auth = array();
-		while ($row = $db->sql_fetchrow($result))
-		{
-			$cur_auth[$row['forum_id']][$row['auth_option_id']] = $row['auth_setting'];
-		}
-		$db->sql_freeresult($result);
-
+		// Instead of updating, inserting, removing we just remove all current settings and re-set everything...
 		$table = ($ug_type == 'user') ? ACL_USERS_TABLE : ACL_GROUPS_TABLE;
 		$id_field  = $ug_type . '_id';
 
+		// Remove current auth options...
+		$sql = "DELETE FROM $table
+			WHERE forum_id $forum_sql
+				AND $id_field $ug_id_sql";
+		$db->sql_query($sql);
+
 		$sql_ary = array();
 		foreach ($forum_id as $forum)
 		{
 			$forum = (int) $forum;
 
-			foreach ($auth as $auth_option => $setting)
+			if ($role_id)
 			{
-				$auth_option_id = (int) $this->option_ids[$auth_option];
-
-				switch ($setting)
+				foreach ($ug_id as $id)
 				{
-					case ACL_UNSET:
-						if (isset($cur_auth[$forum][$auth_option_id]))
-						{
-							$sql_ary['delete'][] = "DELETE FROM $table 
-								WHERE forum_id = $forum
-									AND auth_option_id = $auth_option_id
-									AND $id_field $ug_id_sql";
-						}
-					break;
+					$sql_ary[] = array(
+						$id_field			=> (int) $id,
+						'forum_id'			=> (int) $forum,
+						'auth_option_id'	=> 0,
+						'auth_setting'		=> 0,
+						'auth_role_id'		=> $role_id
+					);
+				}
+			}
+			else
+			{
+				foreach ($auth as $auth_option => $setting)
+				{
+					$auth_option_id = (int) $this->option_ids[$auth_option];
 
-					default:
-						if (!isset($cur_auth[$forum][$auth_option_id]))
-						{
-							foreach ($ug_id as $id)
-							{
-								$sql_ary['insert'][] = array(
-									$id_field			=> (int) $id,
-									'forum_id'			=> (int) $forum,
-									'auth_option_id'	=> (int) $auth_option_id,
-									'auth_setting'		=> (int) $setting
-								);
-							}
-						}
-						else if ($cur_auth[$forum][$auth_option_id] != $setting)
+					if ($setting != ACL_UNSET)
+					{
+						foreach ($ug_id as $id)
 						{
-							$sql_ary['update'][] = "UPDATE $table 
-								SET auth_setting = " . (int) $setting . "
-								WHERE $id_field $ug_id_sql
-									AND forum_id = $forum
-									AND auth_option_id = $auth_option_id";
+							$sql_ary[] = array(
+								$id_field			=> (int) $id,
+								'forum_id'			=> (int) $forum,
+								'auth_option_id'	=> (int) $auth_option_id,
+								'auth_setting'		=> (int) $setting
+							);
 						}
-					break;
+					}
 				}
 			}
 		}
-		unset($cur_auth);
 
-		foreach ($sql_ary as $sql_type => $sql_subary)
+		if (sizeof($sql_ary))
 		{
-			switch ($sql_type)
+			switch (SQL_LAYER)
 			{
-				case 'insert':
-					switch (SQL_LAYER)
-					{
-						case 'mysql':
-						case 'mysql4':
-						case 'mysqli':
-							$db->sql_query("INSERT INTO $table " . $db->sql_build_array('MULTI_INSERT', $sql_subary));
-						break;
-
-						default:
-							foreach ($sql_subary as $ary)
-							{
-								$db->sql_query("INSERT INTO $table " . $db->sql_build_array('INSERT', $ary));
-							}
-						break;
-					}
+				case 'mysql':
+				case 'mysql4':
+				case 'mysqli':
+					$db->sql_query("INSERT INTO $table " . $db->sql_build_array('MULTI_INSERT', $sql_ary));
 				break;
 
-				case 'update':
-				case 'delete':
-					foreach ($sql_subary as $sql)
+				default:
+					foreach ($sql_ary as $ary)
 					{
-						$db->sql_query($sql);
+						$db->sql_query("INSERT INTO $table " . $db->sql_build_array('INSERT', $ary));
 					}
 				break;
 			}
@@ -722,9 +752,9 @@ class auth_admin extends auth
 	}
 
 	/**
-	* Set a preset ACL record
+	* Set a role-specific ACL record
 	*/
-	function acl_set_preset($preset_id, &$auth)
+	function acl_set_role($role_id, &$auth)
 	{
 		global $db;
 
@@ -742,97 +772,40 @@ class auth_admin extends auth
 			$db->sql_freeresult($result);
 		}
 
-		// Set any flags as required
-		foreach ($auth as $auth_option => $setting)
-		{
-			$flag = substr($auth_option, 0, strpos($auth_option, '_') + 1);
-
-			if (!isset($auth[$flag]) || !$auth[$flag])
-			{
-				$auth[$flag] = $setting;
-			}
-		}
-
-		$sql = 'SELECT auth_option_id, auth_setting
-			FROM ' . ACL_PRESETS_DATA_TABLE . '
-			WHERE preset_id = ' . $preset_id;
-		$result = $db->sql_query($sql);
-
-		$cur_auth = array();
-		while ($row = $db->sql_fetchrow($result))
-		{
-			$cur_auth[$row['auth_option_id']] = $row['auth_setting'];
-		}
-		$db->sql_freeresult($result);
+		// Remove current auth options...
+		$sql = 'DELETE FROM ' . ACL_ROLES_DATA_TABLE . '
+			WHERE role_id = ' . $role_id;
+		$db->sql_query($sql);
 
 		$sql_ary = array();
-
 		foreach ($auth as $auth_option => $setting)
 		{
 			$auth_option_id = (int) $this->option_ids[$auth_option];
 
-			switch ($setting)
+			if ($setting != ACL_UNSET)
 			{
-				case ACL_UNSET:
-					if (isset($cur_auth[$auth_option_id]))
-					{
-						$sql_ary['delete'][] = 'DELETE FROM ' . ACL_PRESETS_DATA_TABLE . '
-							WHERE auth_option_id = ' . $auth_option_id . '
-								AND preset_id = ' . $preset_id;
-					}
-				break;
-
-				default:
-					if (!isset($cur_auth[$auth_option_id]))
-					{
-						$sql_ary['insert'][] = array(
-							'preset_id'			=> (int) $preset_id,
-							'auth_option_id'	=> (int) $auth_option_id,
-							'auth_setting'		=> (int) $setting
-						);
-					}
-					else if ($cur_auth[$auth_option_id] != $setting)
-					{
-						$sql_ary['update'][] = 'UPDATE ' . ACL_PRESETS_DATA_TABLE . '
-							SET auth_setting = ' . (int) $setting . '
-							WHERE preset_id = ' . $preset_id . '
-								AND auth_option_id = ' . $auth_option_id;
-					}
-				break;
+				$sql_ary[] = array(
+					'role_id'			=> (int) $role_id,
+					'auth_option_id'	=> (int) $auth_option_id,
+					'auth_setting'		=> (int) $setting
+				);
 			}
 		}
-		unset($cur_auth);
 
-		foreach ($sql_ary as $sql_type => $sql_subary)
+		switch (SQL_LAYER)
 		{
-			switch ($sql_type)
-			{
-				case 'insert':
-					switch (SQL_LAYER)
-					{
-						case 'mysql':
-						case 'mysql4':
-						case 'mysqli':
-							$db->sql_query('INSERT INTO ' . ACL_PRESETS_DATA_TABLE . ' ' . $db->sql_build_array('MULTI_INSERT', $sql_subary));
-						break;
-
-						default:
-							foreach ($sql_subary as $ary)
-							{
-								$db->sql_query('INSERT INTO ' . ACL_PRESETS_DATA_TABLE . ' ' . $db->sql_build_array('INSERT', $ary));
-							}
-						break;
-					}
-				break;
+			case 'mysql':
+			case 'mysql4':
+			case 'mysqli':
+				$db->sql_query('INSERT INTO ' . ACL_ROLES_DATA_TABLE . ' ' . $db->sql_build_array('MULTI_INSERT', $sql_ary));
+			break;
 
-				case 'update':
-				case 'delete':
-					foreach ($sql_subary as $sql)
-					{
-						$db->sql_query($sql);
-					}
-				break;
-			}
+			default:
+				foreach ($sql_ary as $ary)
+				{
+					$db->sql_query('INSERT INTO ' . ACL_ROLES_DATA_TABLE . ' ' . $db->sql_build_array('INSERT', $ary));
+				}
+			break;
 		}
 
 		$this->acl_clear_prefetch();
@@ -840,6 +813,7 @@ class auth_admin extends auth
 
 	/**
 	* Remove local permission
+	* @todo take roles into consideration (if one auth option is being removed and placed within a role we need to re-build the acl entries)
 	*/
 	function acl_delete($mode, $ug_id = false, $forum_id = false, $auth_id = false)
 	{
diff --git a/phpBB/includes/auth.php b/phpBB/includes/auth.php
index ad6de1d6a8..80e57f1254 100644
--- a/phpBB/includes/auth.php
+++ b/phpBB/includes/auth.php
@@ -353,7 +353,7 @@ class auth
 		if (sizeof($hold_ary))
 		{
 			ksort($hold_ary);
-			
+
 			$last_f = 0;
 
 			foreach ($hold_ary as $f => $auth_ary)
@@ -378,7 +378,7 @@ class auth
 					}
 					else
 					{
-						$bitstring[$id] = 0;
+						$bitstring[$id] = ACL_NO;
 					}
 				}
 
@@ -428,6 +428,39 @@ class auth
 	}
 
 	/**
+	* Get assigned roles
+	*/
+	function acl_role_data($user_type, $role_type, $ug_id = false, $forum_id = false)
+	{
+		global $db;
+
+		$roles = array();
+
+		$sql_id = ($user_type == 'user') ? 'user_id' : 'group_id';
+
+		$sql_ug = ($ug_id !== false) ? ((!is_array($ug_id)) ? "AND a.$sql_id = $ug_id" : "AND a.$sql_id IN (" . implode(', ', $ug_id) . ')') : '';
+		$sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? "AND a.forum_id = $forum_id" : 'AND a.forum_id IN (' . implode(', ', $forum_id) . ')') : '';
+
+		// Grab assigned roles...
+		$sql = 'SELECT a.auth_role_id, a.' . $sql_id . ', a.forum_id
+			FROM ' . (($user_type == 'user') ? ACL_USERS_TABLE : ACL_GROUPS_TABLE) . ' a, ' . ACL_ROLES_TABLE . " r
+			WHERE a.auth_role_id = r.role_id
+				AND r.role_type = '" . $db->sql_escape($role_type) . "'
+				$sql_ug
+				$sql_forum
+			ORDER BY r.role_name ASC";
+		$result = $db->sql_query($sql);
+
+		while ($row = $db->sql_fetchrow($result))
+		{
+			$roles[$row[$sql_id]][$row['forum_id']] = $row['auth_role_id'];
+		}
+		$db->sql_freeresult($result);
+
+		return $roles;
+	}
+
+	/**
 	* Get raw acl data based on user/option/forum
 	*/
 	function acl_raw_data($user_id = false, $opts = false, $forum_id = false)
@@ -455,37 +488,41 @@ class auth
 
 		// First grab user settings ... each user has only one setting for each
 		// option ... so we shouldn't need any ACL_NO checks ... he says ...
-		$sql = 'SELECT ao.auth_option, a.user_id, a.forum_id, a.auth_setting
-			FROM ' . ACL_OPTIONS_TABLE . ' ao, ' . ACL_USERS_TABLE . ' a
-			WHERE ao.auth_option_id = a.auth_option_id
+		$sql = 'SELECT ao.auth_option, a.auth_role_id, r.auth_setting as role_auth_setting, a.user_id, a.forum_id, a.auth_setting
+			FROM (' . ACL_OPTIONS_TABLE . ' ao, ' . ACL_USERS_TABLE . ' a)
+			LEFT JOIN ' . ACL_ROLES_DATA_TABLE . ' r ON (a.auth_role_id = r.role_id)
+			WHERE (ao.auth_option_id = a.auth_option_id OR ao.auth_option_id = r.auth_option_id)
 				' . (($sql_user) ? 'AND a.' . $sql_user : '') . "
 				$sql_forum
 				$sql_opts
-			ORDER BY a.forum_id, ao.auth_option_id";
+			ORDER BY a.forum_id, ao.auth_option";
 		$result = $db->sql_query($sql);
 
 		while ($row = $db->sql_fetchrow($result))
 		{
-			$hold_ary[$row['user_id']][$row['forum_id']][$row['auth_option']] = $row['auth_setting'];
+			$setting = ($row['auth_role_id']) ? $row['role_auth_setting'] : $row['auth_setting'];
+			$hold_ary[$row['user_id']][$row['forum_id']][$row['auth_option']] = $setting;
 		}
 		$db->sql_freeresult($result);
 
 		// Now grab group settings ... ACL_NO overrides ACL_YES so act appropriatley
-		$sql = 'SELECT ug.user_id, ao.auth_option, a.forum_id, a.auth_setting
-			FROM ' . USER_GROUP_TABLE . ' ug, ' . ACL_OPTIONS_TABLE . ' ao, ' . ACL_GROUPS_TABLE . ' a
-			WHERE ao.auth_option_id = a.auth_option_id
+		$sql = 'SELECT ug.user_id, ao.auth_option, a.forum_id, a.auth_setting, a.auth_role_id, r.auth_setting as role_auth_setting
+			FROM (' . USER_GROUP_TABLE . ' ug, ' . ACL_OPTIONS_TABLE . ' ao, ' . ACL_GROUPS_TABLE . ' a)
+			LEFT JOIN ' . ACL_ROLES_DATA_TABLE . ' r ON (a.auth_role_id = r.role_id)
+			WHERE (ao.auth_option_id = a.auth_option_id OR ao.auth_option_id = r.auth_option_id)
 				AND a.group_id = ug.group_id
 				' . (($sql_user) ? 'AND ug.' . $sql_user : '') . "
 				$sql_forum
 				$sql_opts
-			ORDER BY a.forum_id, ao.auth_option_id";
+			ORDER BY a.forum_id, ao.auth_option";
 		$result = $db->sql_query($sql);
 
 		while ($row = $db->sql_fetchrow($result))
 		{
 			if (!isset($hold_ary[$row['user_id']][$row['forum_id']][$row['auth_option']]) || (isset($hold_ary[$row['user_id']][$row['forum_id']][$row['auth_option']]) && $hold_ary[$row['user_id']][$row['forum_id']][$row['auth_option']] != ACL_NO))
 			{
-				$hold_ary[$row['user_id']][$row['forum_id']][$row['auth_option']] = $row['auth_setting'];
+				$setting = ($row['auth_role_id']) ? $row['role_auth_setting'] : $row['auth_setting'];
+				$hold_ary[$row['user_id']][$row['forum_id']][$row['auth_option']] = $setting;
 			}
 		}
 		$db->sql_freeresult($result);
@@ -519,20 +556,21 @@ class auth
 
 		$hold_ary = array();
 
-		// Grab user settings ... each user has only one setting for each
-		// option ... so we shouldn't need any ACL_NO checks ... he says ...
-		$sql = 'SELECT ao.auth_option, a.user_id, a.forum_id, a.auth_setting
-			FROM ' . ACL_OPTIONS_TABLE . ' ao, ' . ACL_USERS_TABLE . ' a
-			WHERE ao.auth_option_id = a.auth_option_id
+		// Grab user settings...
+		$sql = 'SELECT ao.auth_option, a.auth_role_id, r.auth_setting as role_auth_setting, a.user_id, a.forum_id, a.auth_setting
+			FROM (' . ACL_OPTIONS_TABLE . ' ao, ' . ACL_USERS_TABLE . ' a)
+			LEFT JOIN ' . ACL_ROLES_DATA_TABLE . ' r ON (a.auth_role_id = r.role_id)
+			WHERE (ao.auth_option_id = a.auth_option_id OR ao.auth_option_id = r.auth_option_id)
 				' . (($sql_user) ? 'AND a.' . $sql_user : '') . "
 				$sql_forum
 				$sql_opts
-			ORDER BY a.forum_id, ao.auth_option_id";
+			ORDER BY a.forum_id, ao.auth_option";
 		$result = $db->sql_query($sql);
 
 		while ($row = $db->sql_fetchrow($result))
 		{
-			$hold_ary[$row['user_id']][$row['forum_id']][$row['auth_option']] = $row['auth_setting'];
+			$setting = ($row['auth_role_id']) ? $row['role_auth_setting'] : $row['auth_setting'];
+			$hold_ary[$row['user_id']][$row['forum_id']][$row['auth_option']] = $setting;
 		}
 		$db->sql_freeresult($result);
 
@@ -564,18 +602,20 @@ class auth
 		$hold_ary = array();
 
 		// Grab group settings... 
-		$sql = 'SELECT a.group_id, ao.auth_option, a.forum_id, a.auth_setting
-			FROM ' . ACL_OPTIONS_TABLE . ' ao, ' . ACL_GROUPS_TABLE . ' a
-			WHERE ao.auth_option_id = a.auth_option_id
+		$sql = 'SELECT a.group_id, ao.auth_option, a.forum_id, a.auth_setting, a.auth_role_id, r.auth_setting as role_auth_setting
+			FROM (' . ACL_OPTIONS_TABLE . ' ao, ' . ACL_GROUPS_TABLE . ' a)
+			LEFT JOIN ' . ACL_ROLES_DATA_TABLE . ' r ON (a.auth_role_id = r.role_id)
+			WHERE (ao.auth_option_id = a.auth_option_id OR ao.auth_option_id = r.auth_option_id)
 				' . (($sql_group) ? 'AND a.' . $sql_group : '') . "
 				$sql_forum
 				$sql_opts
-			ORDER BY a.forum_id, ao.auth_option_id";
+			ORDER BY a.forum_id, ao.auth_option";
 		$result = $db->sql_query($sql);
 
 		while ($row = $db->sql_fetchrow($result))
 		{
-			$hold_ary[$row['group_id']][$row['forum_id']][$row['auth_option']] = $row['auth_setting'];
+			$setting = ($row['auth_role_id']) ? $row['role_auth_setting'] : $row['auth_setting'];
+			$hold_ary[$row['group_id']][$row['forum_id']][$row['auth_option']] = $setting;
 		}
 		$db->sql_freeresult($result);
 
diff --git a/phpBB/includes/constants.php b/phpBB/includes/constants.php
index 3a25de7942..474ca978e9 100644
--- a/phpBB/includes/constants.php
+++ b/phpBB/includes/constants.php
@@ -117,8 +117,8 @@ define('FIELD_DATE', 6);
 // Table names
 define('ACL_GROUPS_TABLE', $table_prefix.'auth_groups');
 define('ACL_OPTIONS_TABLE', $table_prefix.'auth_options');
-define('ACL_PRESETS_TABLE', $table_prefix.'auth_presets');
-define('ACL_PRESETS_DATA_TABLE', $table_prefix.'auth_preset_data');
+define('ACL_ROLES_TABLE', $table_prefix.'auth_roles');
+define('ACL_ROLES_DATA_TABLE', $table_prefix.'auth_roles_data');
 define('ACL_USERS_TABLE', $table_prefix.'auth_users');
 define('ATTACHMENTS_TABLE', $table_prefix.'attachments');
 define('BANLIST_TABLE', $table_prefix.'banlist');
diff --git a/phpBB/includes/db/dbal.php b/phpBB/includes/db/dbal.php
index 6a573f42b4..737872dd8f 100644
--- a/phpBB/includes/db/dbal.php
+++ b/phpBB/includes/db/dbal.php
@@ -130,6 +130,7 @@ class dbal
 				}
 				else if (is_array($var) && is_string($var[0]))
 				{
+					// This is used for INSERT_SELECT(s)
 					$values[] = $var[0];
 				}
 				else
diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php
index 807aeb6578..fb33b280d2 100644
--- a/phpBB/includes/functions.php
+++ b/phpBB/includes/functions.php
@@ -2219,7 +2219,7 @@ function get_backtrace()
 				
 				case 'string':
 					$argument = htmlspecialchars(substr($argument, 0, 64)) . ((strlen($argument) > 64) ? '...' : '');
-					$args[] = '"' . $argument . '"';
+					$args[] = "'{$argument}'";
 				break;
 				
 				case 'array':
diff --git a/phpBB/includes/functions_admin.php b/phpBB/includes/functions_admin.php
index 4221ac0cdc..4ce8e4ddfa 100644
--- a/phpBB/includes/functions_admin.php
+++ b/phpBB/includes/functions_admin.php
@@ -1869,11 +1869,11 @@ function cache_moderators()
 */
 function view_log($mode, &$log, &$log_count, $limit = 0, $offset = 0, $forum_id = 0, $topic_id = 0, $user_id = 0, $limit_days = 0, $sort_by = 'l.log_time DESC')
 {
-	global $db, $user, $auth, $phpEx, $SID, $phpbb_root_path;
+	global $db, $user, $auth, $phpEx, $SID, $phpbb_root_path, $phpbb_admin_path;
 
 	$topic_id_list = $is_auth = $is_mod = array();
 
-	$profile_url = (defined('IN_ADMIN')) ? "{$phpbb_root_path}index.$phpEx$SID&amp;i=users&amp;mode=overview" : "{$phpbb_root_path}memberlist.$phpEx$SID&amp;mode=viewprofile";
+	$profile_url = (defined('IN_ADMIN')) ? "{$phpbb_admin_path}index.$phpEx$SID&amp;i=users&amp;mode=overview" : "{$phpbb_root_path}memberlist.$phpEx$SID&amp;mode=viewprofile";
 
 	switch ($mode)
 	{
diff --git a/phpBB/includes/functions_posting.php b/phpBB/includes/functions_posting.php
index 40f17a33e9..3670d118c5 100644
--- a/phpBB/includes/functions_posting.php
+++ b/phpBB/includes/functions_posting.php
@@ -938,7 +938,7 @@ function user_notification($mode, $subject, $topic_title, $forum_name, $forum_id
 	$db->sql_freeresult($result);
 	
 	// forum notification is sent to those not receiving post notification
-	if ($topic_notification)
+	if ($forum_notification)
 	{
 		if (sizeof($notify_rows))
 		{
@@ -1037,10 +1037,10 @@ function user_notification($mode, $subject, $topic_title, $forum_name, $forum_id
 
 				$messenger->assign_vars(array(
 					'EMAIL_SIG'		=> $email_sig,
-					'SITENAME'		=> $config['sitename'],
-					'USERNAME'		=> $addr['name'],
-					'TOPIC_TITLE'	=> $topic_title,  
-					'FORUM_NAME'	=> $forum_name,
+					'SITENAME'		=> html_entity_decode($config['sitename']),
+					'USERNAME'		=> html_entity_decode($addr['name']),
+					'TOPIC_TITLE'	=> html_entity_decode($topic_title),
+					'FORUM_NAME'	=> html_entity_decode($forum_name),
 
 					'U_FORUM'				=> generate_board_url() . "/viewforum.$phpEx?f=$forum_id&e=0",
 					'U_TOPIC'				=> generate_board_url() . "/viewtopic.$phpEx?f=$forum_id&t=$topic_id&e=0",
diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php
index 0ed104d9f1..5f1fdff5e5 100644
--- a/phpBB/includes/functions_user.php
+++ b/phpBB/includes/functions_user.php
@@ -1172,7 +1172,7 @@ function avatar_gallery($category, $avatar_select, $items_per_column, $block_var
 * Add or edit a group. If we're editing a group we only update user
 * parameters such as rank, etc. if they are changed
 */
-function group_create($group_id, $type, $name, $desc, $group_attributes)
+function group_create(&$group_id, $type, $name, $desc, $group_attributes)
 {
 	global $phpbb_root_path, $config, $db, $user, $file_upload;
 
@@ -1228,9 +1228,17 @@ function group_create($group_id, $type, $name, $desc, $group_attributes)
 			}
 		}
 
+		// Setting the log message before we set the group id (if group gets added)
+		$log = ($group_id) ? 'LOG_GROUP_UPDATED' : 'LOG_GROUP_CREATED';
+
 		$sql = ($group_id) ? 'UPDATE ' . GROUPS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . "	WHERE group_id = $group_id" : 'INSERT INTO ' . GROUPS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary);
 		$db->sql_query($sql);
 
+		if (!$group_id)
+		{
+			$group_id = $db->sql_nextid();
+		}
+
 		// Set user attributes
 		$sql_ary = array();
 		if (sizeof($group_attributes))
@@ -1251,7 +1259,6 @@ function group_create($group_id, $type, $name, $desc, $group_attributes)
 			$db->sql_query($sql);
 		}
 
-		$log = ($group_id) ? 'LOG_GROUP_UPDATED' : 'LOG_GROUP_CREATED';
 		add_log('admin', $log, $name);
 	}
 
diff --git a/phpBB/includes/mcp/mcp_post.php b/phpBB/includes/mcp/mcp_post.php
index cbdf6d4f6a..a7422354b3 100644
--- a/phpBB/includes/mcp/mcp_post.php
+++ b/phpBB/includes/mcp/mcp_post.php
@@ -96,7 +96,7 @@ function mcp_post_details($id, $mode, $action)
 		'U_POST_ACTION'			=> "$url&amp;i=$id&amp;mode=post_details", // Use this for action parameters
 		'U_APPROVE_ACTION'		=> "{$phpbb_root_path}mcp.$phpEx$SID&amp;i=queue&amp;p=$post_id",
 
-		'S_CAN_VIEWIP'			=> $auth->acl_get('m_ip', $post_info['forum_id']),
+		'S_CAN_VIEWIP'			=> $auth->acl_get('m_info', $post_info['forum_id']),
 		'S_CAN_CHGPOSTER'		=> $auth->acl_get('m_', $post_info['forum_id']),
 		'S_CAN_LOCK_POST'		=> $auth->acl_get('m_lock', $post_info['forum_id']),
 		'S_CAN_DELETE_POST'		=> $auth->acl_get('m_delete', $post_info['forum_id']),
@@ -182,7 +182,7 @@ function mcp_post_details($id, $mode, $action)
 	}
 
 	// Get IP
-	if ($auth->acl_get('m_ip', $post_info['forum_id']))
+	if ($auth->acl_get('m_info', $post_info['forum_id']))
 	{
 		$rdns_ip_num = request_var('rdns', '');
 
diff --git a/phpBB/includes/mcp/mcp_queue.php b/phpBB/includes/mcp/mcp_queue.php
index 0825bc1da5..aa649df8d4 100644
--- a/phpBB/includes/mcp/mcp_queue.php
+++ b/phpBB/includes/mcp/mcp_queue.php
@@ -104,7 +104,7 @@ class mcp_queue
 					'S_MCP_QUEUE'			=> true,
 					'S_APPROVE_ACTION'		=> "mcp.$phpEx$SID&amp;i=queue&amp;p=$post_id&amp;f=$forum_id",
 					
-					'S_CAN_VIEWIP'			=> $auth->acl_get('m_ip', $post_info['forum_id']),
+					'S_CAN_VIEWIP'			=> $auth->acl_get('m_info', $post_info['forum_id']),
 					'S_POST_REPORTED'		=> $post_info['post_reported'],
 					'S_POST_UNAPPROVED'		=> !$post_info['post_approved'],
 					'S_POST_LOCKED'			=> $post_info['post_edit_locked'],
diff --git a/phpBB/includes/message_parser.php b/phpBB/includes/message_parser.php
index feeeafc4c0..292ab36d76 100644
--- a/phpBB/includes/message_parser.php
+++ b/phpBB/includes/message_parser.php
@@ -1063,6 +1063,10 @@ class parse_message extends bbcode_firstpass
 				}
 				else
 				{
+					if (!function_exists('delete_attachments'))
+					{
+						include_once($phpbb_root_path . 'includes/functions_admin.' . $phpEx);
+					}
 					delete_attachments('attach', array(intval($this->attachment_data[$index]['attach_id'])));
 				}
 				
diff --git a/phpBB/includes/ucp/ucp_attachments.php b/phpBB/includes/ucp/ucp_attachments.php
index 3266d47818..d06eb08709 100644
--- a/phpBB/includes/ucp/ucp_attachments.php
+++ b/phpBB/includes/ucp/ucp_attachments.php
@@ -38,7 +38,10 @@ class ucp_attachments
 
 			if (confirm_box(true))
 			{
-				include($phpbb_root_path . 'includes/functions_admin.' . $phpEx);
+				if (!function_exists('delete_attachments'))
+				{
+					include_once($phpbb_root_path . 'includes/functions_admin.' . $phpEx);
+				}
 				delete_attachments('attach', $delete_ids);
 
 				$refresh_url = "{$phpbb_root_path}ucp.$phpEx$SID&amp;i=$id";
author	Meik Sievertsen <acydburn@phpbb.com>	2006-02-22 21:42:26 +0000
committer	Meik Sievertsen <acydburn@phpbb.com>	2006-02-22 21:42:26 +0000
commit	6b13f94be9fdd4054e08d593f5c871a11853344e (patch)
tree	a9394609b17fc472f2b9748d6e16130d18df22aa /phpBB/includes
parent	19d5dddaebecd2ef85eee40690a69f272fafdb2d (diff)
download	forums-6b13f94be9fdd4054e08d593f5c871a11853344e.tar forums-6b13f94be9fdd4054e08d593f5c871a11853344e.tar.gz forums-6b13f94be9fdd4054e08d593f5c871a11853344e.tar.bz2 forums-6b13f94be9fdd4054e08d593f5c871a11853344e.tar.xz forums-6b13f94be9fdd4054e08d593f5c871a11853344e.zip