diff options
| author | rxu <rxu@mail.ru> | 2015-04-26 10:51:01 +0700 |
|---|---|---|
| committer | rxu <rxu@mail.ru> | 2015-04-26 11:57:02 +0700 |
| commit | 2308472eb0a5bc03aa520f4afe2e69aa52622653 (patch) | |
| tree | d90288049a11eb4aa7d09a64085e8dc510acc9ed /phpBB/phpbb/db/migration/tool | |
| parent | 887f83589ff34dc087b75f3f2dfa9f1da73c8dea (diff) | |
| download | forums-2308472eb0a5bc03aa520f4afe2e69aa52622653.tar forums-2308472eb0a5bc03aa520f4afe2e69aa52622653.tar.gz forums-2308472eb0a5bc03aa520f4afe2e69aa52622653.tar.bz2 forums-2308472eb0a5bc03aa520f4afe2e69aa52622653.tar.xz forums-2308472eb0a5bc03aa520f4afe2e69aa52622653.zip | |
[ticket/13779] Set new auth options to the role only if matching the role type
Migrations' permission tool allows setting permissions to the role which
doesn't match the role type, e.g. m_ permissions for u_ role types and so on.
As one of side effects, this may lead to granting users moderative/admin
permissions silently.
With this patch the only new permissions matching the role type will be set.
PHPBB3-13779
Diffstat (limited to 'phpBB/phpbb/db/migration/tool')
| -rw-r--r-- | phpBB/phpbb/db/migration/tool/permission.php | 22 |
1 files changed, 18 insertions, 4 deletions
diff --git a/phpBB/phpbb/db/migration/tool/permission.php b/phpBB/phpbb/db/migration/tool/permission.php index 1a91127d2d..ceff6d7d5a 100644 --- a/phpBB/phpbb/db/migration/tool/permission.php +++ b/phpBB/phpbb/db/migration/tool/permission.php @@ -425,13 +425,27 @@ class permission implements \phpbb\db\migration\tool\tool_interface $role_id = (int) $this->db->sql_fetchfield('auth_role_id'); if ($role_id) { - $sql = 'SELECT role_name + $sql = 'SELECT role_name, role_type FROM ' . ACL_ROLES_TABLE . ' WHERE role_id = ' . $role_id; $this->db->sql_query($sql); - $role_name = $this->db->sql_fetchfield('role_name'); - - return $this->permission_set($role_name, $auth_option, 'role', $has_permission); + $role_data = $this->db->sql_fetchrow(); + $role_name = $role_data['role_name']; + $role_type = $role_data['role_type']; + + // Filter new auth options to match the role type: a_ | f_ | m_ | u_ + // Set new auth options to the role only if options matching the role type were found + $auth_option = array_filter($auth_option, + function ($option) use ($role_type) + { + return strpos($option, $role_type) === 0; + } + ); + + if (sizeof($auth_option)) + { + return $this->permission_set($role_name, $auth_option, 'role', $has_permission); + } } $sql = 'SELECT auth_option_id, auth_setting |