diff options
| author | Meik Sievertsen <acydburn@phpbb.com> | 2004-07-11 15:20:35 +0000 |
|---|---|---|
| committer | Meik Sievertsen <acydburn@phpbb.com> | 2004-07-11 15:20:35 +0000 |
| commit | 59767029a969b4cea2eacb38cb27fd784937f72e (patch) | |
| tree | 3b2a8024048201998ce61d58a3df876258d8b9ad /phpBB/mcp.php | |
| parent | 6a6910650103980c5741e9958c6067b0de772d24 (diff) | |
| download | forums-59767029a969b4cea2eacb38cb27fd784937f72e.tar forums-59767029a969b4cea2eacb38cb27fd784937f72e.tar.gz forums-59767029a969b4cea2eacb38cb27fd784937f72e.tar.bz2 forums-59767029a969b4cea2eacb38cb27fd784937f72e.tar.xz forums-59767029a969b4cea2eacb38cb27fd784937f72e.zip | |
- fixed permissions for mcp (global permission settings are false if user is only able to moderate one to x forums)
- determine permission settings for submodules
- further approve/disapprove work (approve_details added)
git-svn-id: file:///svn/phpbb/trunk@4925 89ea8834-ac86-4346-8a33-228a782c2dd0
Diffstat (limited to 'phpBB/mcp.php')
| -rw-r--r-- | phpBB/mcp.php | 59 |
1 files changed, 39 insertions, 20 deletions
diff --git a/phpBB/mcp.php b/phpBB/mcp.php index b9f4d935b2..c5e975d9ae 100644 --- a/phpBB/mcp.php +++ b/phpBB/mcp.php @@ -36,18 +36,16 @@ class module if ($post_id) { - if (!$topic_id || !$forum_id) - { - $sql = 'SELECT topic_id, forum_id - FROM ' . POSTS_TABLE . " - WHERE post_id = $post_id"; - $result = $db->sql_query($sql); - $row = $db->sql_fetchrow($result); - $db->sql_freeresult($result); + // We determine the topic and forum id here, to make sure the moderator really has moderative rights on this post + $sql = 'SELECT topic_id, forum_id + FROM ' . POSTS_TABLE . " + WHERE post_id = $post_id"; + $result = $db->sql_query($sql); + $row = $db->sql_fetchrow($result); + $db->sql_freeresult($result); - $topic_id = (int) $row['topic_id']; - $forum_id = (int) $row['forum_id']; - } + $topic_id = (int) $row['topic_id']; + $forum_id = (int) $row['forum_id']; } if ($topic_id && !$forum_id) @@ -62,6 +60,20 @@ class module $forum_id = (int) $row['forum_id']; } + // If we do not have a forum id and the user is not a super moderator (global options are set to false, even if the user is able to moderator at least one forum + if (!$forum_id && !$auth->acl_get('m_')) + { + $forum_list = get_forum_list('m_'); + + if (!sizeof($forum_list)) + { + trigger_error('MODULE_NOT_EXIST'); + } + + // We do not check all forums, only the first one should be sufficiant. + $forum_id = $forum_list[0]; + } + $sql = 'SELECT module_id, module_title, module_filename, module_subs, module_acl FROM ' . MODULES_TABLE . " WHERE module_type = '{$module_type}' @@ -76,7 +88,7 @@ class module if ($row['module_acl']) { $is_auth = false; - eval('$is_auth = (' . preg_replace(array('#acl_([a-z_]+)#e', '#cfg_([a-z_]+)#e'), array('(int) $auth->acl_get("\\1")', '(int) $config["\\1"]'), trim($row['module_acl'])) . ');'); + eval('$is_auth = (' . preg_replace(array('#acl_([a-z_]+)#e', '#cfg_([a-z_]+)#e'), array('(int) $auth->acl_get("\\1", ' . $forum_id . ')', '(int) $config["\\1"]'), trim($row['module_acl'])) . ');'); // The user is not authorised to use this module, skip it if (!$is_auth) @@ -106,19 +118,26 @@ class module $submodules_ary = explode("\n", $row['module_subs']); foreach ($submodules_ary as $submodule) { + if (!trim($submodule)) + { + continue; + } + $submodule = explode(',', trim($submodule)); $submodule_title = array_shift($submodule); $is_auth = true; foreach ($submodule as $auth_option) { - if (!$auth->acl_get($auth_option)) + eval('$is_auth = (' . preg_replace(array('#acl_([a-z_]+)#e', '#cfg_([a-z_]+)#e'), array('(int) $auth->acl_get("\\1", ' . $forum_id . ')', '(int) $config["\\1"]'), trim($auth_option)) . ');'); + + if (!$is_auth) { - $is_auth = false; + break; } } - if (!$is_auth || empty($submodule_title)) + if (!$is_auth) { continue; } @@ -316,14 +335,14 @@ if ($mode2) } // Only Moderators can go beyond this point -if ($user->data['user_id'] == ANONYMOUS || !$auth->acl_get('m_')) +if ($user->data['user_id'] == ANONYMOUS) { - if ($user->data['user_id'] != ANONYMOUS) + login_box("{$phpbb_root_path}mcp.$phpEx$SID&mode=$mode&i=$module", '', $user->lang['LOGIN_EXPLAIN_MCP']); + + if ($user->data['user_id'] == ANONYMOUS) { redirect("index.$phpEx$SID"); } - - login_box("{$phpbb_root_path}mcp.$phpEx$SID&mode=$mode&i=$module", '', $user->lang['LOGIN_EXPLAIN_MCP']); } $quickmod = (isset($_REQUEST['quickmod'])) ? true : false; @@ -365,7 +384,7 @@ if (!$quickmod) $mcp->create('mcp', "mcp.$phpEx$SID", $post_id, $topic_id, $forum_id, $module, $mode); // Load and execute the relevant module - $mcp->load(); + $mcp->load('mcp', false, $mode); exit; } |