diff options
Diffstat (limited to 'phpBB/includes/acp')
| -rw-r--r-- | phpBB/includes/acp/acp_main.php | 10 | ||||
| -rw-r--r-- | phpBB/includes/acp/acp_users.php | 4 | ||||
| -rw-r--r-- | phpBB/includes/acp/auth.php | 53 |
3 files changed, 61 insertions, 6 deletions
diff --git a/phpBB/includes/acp/acp_main.php b/phpBB/includes/acp/acp_main.php index 8a7bf5ff75..acc1c50112 100644 --- a/phpBB/includes/acp/acp_main.php +++ b/phpBB/includes/acp/acp_main.php @@ -154,7 +154,7 @@ class acp_main switch ($action) { case 'online': - if (!$auth->acl_get('a_defaults')) + if (!$auth->acl_get('a_board')) { trigger_error($user->lang['NO_ADMIN']); } @@ -165,7 +165,7 @@ class acp_main break; case 'stats': - if (!$auth->acl_get('a_defaults')) + if (!$auth->acl_get('a_board')) { trigger_error($user->lang['NO_ADMIN']); } @@ -215,7 +215,7 @@ class acp_main break; case 'user': - if (!$auth->acl_get('a_defaults')) + if (!$auth->acl_get('a_board')) { trigger_error($user->lang['NO_ADMIN']); } @@ -256,7 +256,7 @@ class acp_main break; case 'date': - if (!$auth->acl_get('a_defaults')) + if (!$auth->acl_get('a_board')) { trigger_error($user->lang['NO_ADMIN']); } @@ -347,7 +347,7 @@ class acp_main 'U_ACTION' => "{$phpbb_admin_path}index.$phpEx$SID", - 'S_ACTION_OPTIONS' => $s_action_options, + 'S_ACTION_OPTIONS' => ($auth->acl_get('a_board')) ? $s_action_options : '', ) ); diff --git a/phpBB/includes/acp/acp_users.php b/phpBB/includes/acp/acp_users.php index 29572b7147..62a9a38d98 100644 --- a/phpBB/includes/acp/acp_users.php +++ b/phpBB/includes/acp/acp_users.php @@ -734,7 +734,9 @@ class acp_users 'U_SHOW_IP' => $this->u_action . "&u=$user_id&ip=" . (($ip == 'ip') ? 'hostname' : 'ip'), 'U_WHOIS' => $this->u_action . "&action=whois&user_ip={$user_row['user_ip']}", - + + 'U_SWITCH_PERMISSIONS' => ($auth->acl_get('a_switchperm') && $user->data['user_id'] != $user_row['user_id']) ? "{$phpbb_root_path}ucp.$phpEx$SID&mode=switch_perm&u={$user_row['user_id']}" : '', + 'USER' => $user_row['username'], 'USER_REGISTERED' => $user->format_date($user_row['user_regdate']), 'REGISTERED_IP' => ($ip == 'hostname') ? gethostbyaddr($user_row['user_ip']) : $user_row['user_ip'], diff --git a/phpBB/includes/acp/auth.php b/phpBB/includes/acp/auth.php index 2307d413fa..e8c2c12079 100644 --- a/phpBB/includes/acp/auth.php +++ b/phpBB/includes/acp/auth.php @@ -1101,6 +1101,59 @@ class auth_admin extends auth } } } + + /** + * Use permissions from another user. This transferes a permission set from one user to another. + * The other user is always able to revert back to his permission set. + * This function does not check for lower/higher permissions, it is possible for the user to gain + * "more" permissions by this. + * + */ + function ghost_permissions($from_user_id, $to_user_id) + { + global $db; + + if ($to_user_id == ANONYMOUS) + { + return false; + } + + $hold_ary = $this->acl_raw_data($from_user_id, false, false); + + if (isset($hold_ary[$from_user_id])) + { + $hold_ary = $hold_ary[$from_user_id]; + } + + // Key 0 in $hold_ary are global options, all others are forum_ids + + // We disallow copying admin permissions + foreach ($this->acl_options['global'] as $opt => $id) + { + if (strpos($opt, 'a_') === 0) + { + $hold_ary[0][$opt] = ACL_NO; + } + } + + // Force a_switchperm to be allowed + $hold_ary[0]['a_switchperm'] = ACL_YES; + + $user_permissions = $this->build_bitstring($hold_ary); + + if (!$user_permissions) + { + return false; + } + + $sql = 'UPDATE ' . USERS_TABLE . " + SET user_permissions = '" . $db->sql_escape($user_permissions) . "', + user_perm_from = $from_user_id + WHERE user_id = " . $to_user_id; + $db->sql_query($sql); + + return true; + } } ?>
\ No newline at end of file |