aboutsummaryrefslogtreecommitdiffstats
path: root/phpBB/includes
diff options
context:
space:
mode:
Diffstat (limited to 'phpBB/includes')
-rw-r--r--phpBB/includes/acp/acp_groups.php38
-rw-r--r--phpBB/includes/acp/acp_permissions.php1
-rw-r--r--phpBB/includes/auth.php12
-rw-r--r--phpBB/includes/functions_admin.php7
-rw-r--r--phpBB/includes/functions_user.php76
-rw-r--r--phpBB/includes/ucp/ucp_groups.php19
6 files changed, 101 insertions, 52 deletions
diff --git a/phpBB/includes/acp/acp_groups.php b/phpBB/includes/acp/acp_groups.php
index 2ee5ded01d..3df61ff4e2 100644
--- a/phpBB/includes/acp/acp_groups.php
+++ b/phpBB/includes/acp/acp_groups.php
@@ -309,6 +309,7 @@ class acp_groups
'message_limit' => request_var('group_message_limit', 0),
'max_recipients' => request_var('group_max_recipients', 0),
'founder_manage' => 0,
+ 'skip_auth' => request_var('group_skip_auth', 0),
);
if ($user->data['user_type'] == USER_FOUNDER)
@@ -400,11 +401,26 @@ class acp_groups
// were made.
$group_attributes = array();
- $test_variables = array('rank', 'colour', 'avatar', 'avatar_type', 'avatar_width', 'avatar_height', 'receive_pm', 'legend', 'message_limit', 'max_recipients', 'founder_manage');
- foreach ($test_variables as $test)
+ $test_variables = array(
+ 'rank' => 'int',
+ 'colour' => 'string',
+ 'avatar' => 'string',
+ 'avatar_type' => 'int',
+ 'avatar_width' => 'int',
+ 'avatar_height' => 'int',
+ 'receive_pm' => 'int',
+ 'legend' => 'int',
+ 'message_limit' => 'int',
+ 'max_recipients'=> 'int',
+ 'founder_manage'=> 'int',
+ 'skip_auth' => 'int',
+ );
+
+ foreach ($test_variables as $test => $type)
{
if (isset($submit_ary[$test]) && ($action == 'add' || $group_row['group_' . $test] != $submit_ary[$test]))
{
+ settype($submit_ary[$test], $type);
$group_attributes['group_' . $test] = $group_row['group_' . $test] = $submit_ary[$test];
}
}
@@ -562,7 +578,7 @@ class acp_groups
'GROUP_MESSAGE_LIMIT' => (isset($group_row['group_message_limit'])) ? $group_row['group_message_limit'] : 0,
'GROUP_MAX_RECIPIENTS' => (isset($group_row['group_max_recipients'])) ? $group_row['group_max_recipients'] : 0,
'GROUP_COLOUR' => (isset($group_row['group_colour'])) ? $group_row['group_colour'] : '',
-
+ 'GROUP_SKIP_AUTH' => (!empty($group_row['group_skip_auth'])) ? ' checked="checked"' : '',
'S_DESC_BBCODE_CHECKED' => $group_desc_data['allow_bbcode'],
'S_DESC_URLS_CHECKED' => $group_desc_data['allow_urls'],
@@ -591,8 +607,7 @@ class acp_groups
'U_SWATCH' => append_sid("{$phpbb_admin_path}swatch.$phpEx", 'form=settings&name=group_colour'),
'U_ACTION' => "{$this->u_action}&action=$action&g=$group_id",
'L_AVATAR_EXPLAIN' => sprintf($user->lang['AVATAR_EXPLAIN'], $config['avatar_max_width'], $config['avatar_max_height'], round($config['avatar_filesize'] / 1024)),
- )
- );
+ ));
return;
break;
@@ -607,7 +622,7 @@ class acp_groups
$this->page_title = 'GROUP_MEMBERS';
// Grab the leaders - always, on every page...
- $sql = 'SELECT u.user_id, u.username, u.username_clean, u.user_regdate, u.user_posts, u.group_id, ug.group_leader, ug.user_pending
+ $sql = 'SELECT u.user_id, u.username, u.username_clean, u.user_regdate, u.user_colour, u.user_posts, u.group_id, ug.group_leader, ug.user_pending
FROM ' . USERS_TABLE . ' u, ' . USER_GROUP_TABLE . " ug
WHERE ug.group_id = $group_id
AND u.user_id = ug.user_id
@@ -621,11 +636,12 @@ class acp_groups
'U_USER_EDIT' => append_sid("{$phpbb_admin_path}index.$phpEx", "i=users&action=edit&u={$row['user_id']}"),
'USERNAME' => $row['username'],
+ 'USERNAME_COLOUR' => $row['user_colour'],
'S_GROUP_DEFAULT' => ($row['group_id'] == $group_id) ? true : false,
'JOINED' => ($row['user_regdate']) ? $user->format_date($row['user_regdate']) : ' - ',
'USER_POSTS' => $row['user_posts'],
- 'USER_ID' => $row['user_id'])
- );
+ 'USER_ID' => $row['user_id'],
+ ));
}
$db->sql_freeresult($result);
@@ -662,7 +678,7 @@ class acp_groups
));
// Grab the members
- $sql = 'SELECT u.user_id, u.username, u.username_clean, u.user_regdate, u.user_posts, u.group_id, ug.group_leader, ug.user_pending
+ $sql = 'SELECT u.user_id, u.username, u.username_clean, u.user_colour, u.user_regdate, u.user_posts, u.group_id, ug.group_leader, ug.user_pending
FROM ' . USERS_TABLE . ' u, ' . USER_GROUP_TABLE . " ug
WHERE ug.group_id = $group_id
AND u.user_id = ug.user_id
@@ -687,6 +703,7 @@ class acp_groups
'U_USER_EDIT' => append_sid("{$phpbb_admin_path}index.$phpEx", "i=users&action=edit&u={$row['user_id']}"),
'USERNAME' => $row['username'],
+ 'USERNAME_COLOUR' => $row['user_colour'],
'S_GROUP_DEFAULT' => ($row['group_id'] == $group_id) ? true : false,
'JOINED' => ($row['user_regdate']) ? $user->format_date($row['user_regdate']) : ' - ',
'USER_POSTS' => $row['user_posts'],
@@ -763,8 +780,7 @@ class acp_groups
'GROUP_NAME' => $group_name,
'TOTAL_MEMBERS' => $row['total_members'],
- )
- );
+ ));
}
}
}
diff --git a/phpBB/includes/acp/acp_permissions.php b/phpBB/includes/acp/acp_permissions.php
index 164970b5d5..1dab6febdd 100644
--- a/phpBB/includes/acp/acp_permissions.php
+++ b/phpBB/includes/acp/acp_permissions.php
@@ -963,6 +963,7 @@ class acp_permissions
LEFT JOIN ' . USER_GROUP_TABLE . ' ug ON (ug.group_id = g.group_id)
WHERE ug.user_id = ' . $user_id . '
AND ug.user_pending = 0
+ AND NOT (ug.group_leader = 1 AND g.group_skip_auth = 1)
ORDER BY g.group_type DESC, g.group_id DESC';
$result = $db->sql_query($sql);
diff --git a/phpBB/includes/auth.php b/phpBB/includes/auth.php
index 1196a9a0f0..2a269c3c80 100644
--- a/phpBB/includes/auth.php
+++ b/phpBB/includes/auth.php
@@ -608,22 +608,26 @@ class auth
// Now grab group settings - non-role specific...
$sql_ary[] = 'SELECT ug.user_id, a.forum_id, a.auth_setting, a.auth_option_id' . $sql_opts_select . '
- FROM ' . ACL_GROUPS_TABLE . ' a, ' . USER_GROUP_TABLE . ' ug' . $sql_opts_from . '
+ FROM ' . ACL_GROUPS_TABLE . ' a, ' . USER_GROUP_TABLE . ' ug, ' . GROUPS_TABLE . ' g' . $sql_opts_from . '
WHERE a.auth_role_id = 0 ' .
(($sql_opts_from) ? 'AND a.auth_option_id = ao.auth_option_id ' : '') . '
AND a.group_id = ug.group_id
+ AND g.group_id = ug.group_id
AND ug.user_pending = 0
+ AND NOT (ug.group_leader = 1 AND g.group_skip_auth = 1)
' . (($sql_user) ? 'AND ug.' . $sql_user : '') . "
$sql_forum
$sql_opts";
// Now grab group settings - role specific...
$sql_ary[] = 'SELECT ug.user_id, a.forum_id, r.auth_setting, r.auth_option_id' . $sql_opts_select . '
- FROM ' . ACL_GROUPS_TABLE . ' a, ' . USER_GROUP_TABLE . ' ug, ' . ACL_ROLES_DATA_TABLE . ' r' . $sql_opts_from . '
+ FROM ' . ACL_GROUPS_TABLE . ' a, ' . USER_GROUP_TABLE . ' ug, ' . GROUPS_TABLE . ' g, ' . ACL_ROLES_DATA_TABLE . ' r' . $sql_opts_from . '
WHERE a.auth_role_id = r.role_id ' .
(($sql_opts_from) ? 'AND r.auth_option_id = ao.auth_option_id ' : '') . '
AND a.group_id = ug.group_id
+ AND g.group_id = ug.group_id
AND ug.user_pending = 0
+ AND NOT (ug.group_leader = 1 AND g.group_skip_auth = 1)
' . (($sql_user) ? 'AND ug.' . $sql_user : '') . "
$sql_forum
$sql_opts";
@@ -825,9 +829,11 @@ class auth
// Now grab group-specific permission settings
$sql = 'SELECT a.forum_id, a.auth_option_id, a.auth_role_id, a.auth_setting
- FROM ' . ACL_GROUPS_TABLE . ' a, ' . USER_GROUP_TABLE . ' ug
+ FROM ' . ACL_GROUPS_TABLE . ' a, ' . USER_GROUP_TABLE . ' ug, ' . GROUPS_TABLE . ' g
WHERE a.group_id = ug.group_id
+ AND g.group_id = ug.group_id
AND ug.user_pending = 0
+ AND NOT (ug.group_leader = 1 AND g.group_skip_auth = 1)
AND ug.user_id = ' . $user_id;
$result = $db->sql_query($sql);
diff --git a/phpBB/includes/functions_admin.php b/phpBB/includes/functions_admin.php
index 52a7017e09..f9a072d1a8 100644
--- a/phpBB/includes/functions_admin.php
+++ b/phpBB/includes/functions_admin.php
@@ -2137,12 +2137,13 @@ function cache_moderators()
// Remove users who have group memberships with DENY moderator permissions
$sql = $db->sql_build_query('SELECT', array(
- 'SELECT' => 'a.forum_id, ug.user_id',
+ 'SELECT' => 'a.forum_id, ug.user_id, g.group_id',
'FROM' => array(
ACL_OPTIONS_TABLE => 'o',
USER_GROUP_TABLE => 'ug',
- ACL_GROUPS_TABLE => 'a'
+ ACL_GROUPS_TABLE => 'a',
+ GROUPS_TABLE => 'g',
),
'LEFT_JOIN' => array(
@@ -2156,6 +2157,8 @@ function cache_moderators()
AND ((a.auth_setting = ' . ACL_NEVER . ' AND r.auth_setting IS NULL)
OR r.auth_setting = ' . ACL_NEVER . ')
AND a.group_id = ug.group_id
+ AND g.ground_id = ug.group_id
+ AND NOT (ug.group_leader = 1 AND g.group_skip_auth = 1)
AND ' . $db->sql_in_set('ug.user_id', $ug_id_ary) . "
AND ug.user_pending = 0
AND o.auth_option " . $db->sql_like_expression('m_' . $db->any_char),
diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php
index f8827154c9..5e8108eb64 100644
--- a/phpBB/includes/functions_user.php
+++ b/phpBB/includes/functions_user.php
@@ -2396,24 +2396,9 @@ function group_create(&$group_id, $type, $name, $desc, $group_attributes, $allow
global $phpbb_root_path, $config, $db, $user, $file_upload;
$error = array();
- $attribute_ary = array(
- 'group_colour' => 'string',
- 'group_rank' => 'int',
- 'group_avatar' => 'string',
- 'group_avatar_type' => 'int',
- 'group_avatar_width' => 'int',
- 'group_avatar_height' => 'int',
-
- 'group_receive_pm' => 'int',
- 'group_legend' => 'int',
- 'group_message_limit' => 'int',
- 'group_max_recipients' => 'int',
-
- 'group_founder_manage' => 'int',
- );
- // Those are group-only attributes
- $group_only_ary = array('group_receive_pm', 'group_legend', 'group_message_limit', 'group_max_recipients', 'group_founder_manage');
+ // Attributes which also affect the users table
+ $user_attribute_ary = array('group_colour', 'group_rank', 'group_avatar', 'group_avatar_type', 'group_avatar_width', 'group_avatar_height');
// Check data. Limit group name length.
if (!utf8_strlen($name) || utf8_strlen($name) > 60)
@@ -2451,14 +2436,8 @@ function group_create(&$group_id, $type, $name, $desc, $group_attributes, $allow
if (sizeof($group_attributes))
{
- foreach ($attribute_ary as $attribute => $_type)
- {
- if (isset($group_attributes[$attribute]))
- {
- settype($group_attributes[$attribute], $_type);
- $sql_ary[$attribute] = $group_attributes[$attribute];
- }
- }
+ // Merge them with $sql_ary to properly update the group
+ $sql_ary = array_merge($sql_ary, $group_attributes);
}
// Setting the log message before we set the group id (if group gets added)
@@ -2483,6 +2462,7 @@ function group_create(&$group_id, $type, $name, $desc, $group_attributes, $allow
{
remove_default_avatar($group_id, $user_ary);
}
+
if (isset($sql_ary['group_rank']) && !$sql_ary['group_rank'])
{
remove_default_rank($group_id, $user_ary);
@@ -2498,6 +2478,32 @@ function group_create(&$group_id, $type, $name, $desc, $group_attributes, $allow
SET group_name = '" . $db->sql_escape($sql_ary['group_name']) . "'
WHERE group_id = $group_id";
$db->sql_query($sql);
+
+ // One special case is the group skip auth setting. If this was changed we need to purge permissions for this group
+ if (isset($group_attributes['group_skip_auth']))
+ {
+ // Get users within this group...
+ $sql = 'SELECT user_id
+ FROM ' . USER_GROUP_TABLE . '
+ WHERE group_id = ' . $group_id . '
+ AND user_pending = 0';
+ $result = $db->sql_query($sql);
+
+ $user_id_ary = array();
+ while ($row = $db->sql_fetchrow($result))
+ {
+ $user_id_ary[] = $row['user_id'];
+ }
+ $db->sql_freeresult($result);
+
+ if (!empty($user_id_ary))
+ {
+ global $auth;
+
+ // Clear permissions cache of relevant users
+ $auth->acl_clear_prefetch($user_id_ary);
+ }
+ }
}
else
{
@@ -2508,6 +2514,7 @@ function group_create(&$group_id, $type, $name, $desc, $group_attributes, $allow
if (!$group_id)
{
$group_id = $db->sql_nextid();
+
if (isset($sql_ary['group_avatar_type']) && $sql_ary['group_avatar_type'] == AVATAR_UPLOAD)
{
group_correct_avatar($group_id, $sql_ary['group_avatar']);
@@ -2518,18 +2525,21 @@ function group_create(&$group_id, $type, $name, $desc, $group_attributes, $allow
$sql_ary = array();
if (sizeof($group_attributes))
{
- foreach ($attribute_ary as $attribute => $_type)
+ // Go through the user attributes array, check if a group attribute matches it and then set it. ;)
+ foreach ($user_attribute_ary as $attribute)
{
- if (isset($group_attributes[$attribute]) && !in_array($attribute, $group_only_ary))
+ if (!isset($group_attributes[$attribute]))
{
- // If we are about to set an avatar, we will not overwrite user avatars if no group avatar is set...
- if (strpos($attribute, 'group_avatar') === 0 && !$group_attributes[$attribute])
- {
- continue;
- }
+ continue;
+ }
- $sql_ary[$attribute] = $group_attributes[$attribute];
+ // If we are about to set an avatar, we will not overwrite user avatars if no group avatar is set...
+ if (strpos($attribute, 'group_avatar') === 0 && !$group_attributes[$attribute])
+ {
+ continue;
}
+
+ $sql_ary[$attribute] = $group_attributes[$attribute];
}
}
diff --git a/phpBB/includes/ucp/ucp_groups.php b/phpBB/includes/ucp/ucp_groups.php
index 49ebc48684..3f27f093ec 100644
--- a/phpBB/includes/ucp/ucp_groups.php
+++ b/phpBB/includes/ucp/ucp_groups.php
@@ -606,11 +606,24 @@ class ucp_groups
// were made.
$group_attributes = array();
- $test_variables = array('rank', 'colour', 'avatar', 'avatar_type', 'avatar_width', 'avatar_height', 'receive_pm', 'legend', 'message_limit', 'max_recipients');
- foreach ($test_variables as $test)
+ $test_variables = array(
+ 'rank' => 'int',
+ 'colour' => 'string',
+ 'avatar' => 'string',
+ 'avatar_type' => 'int',
+ 'avatar_width' => 'int',
+ 'avatar_height' => 'int',
+ 'receive_pm' => 'int',
+ 'legend' => 'int',
+ 'message_limit' => 'int',
+ 'max_recipients'=> 'int',
+ );
+
+ foreach ($test_variables as $test => $type)
{
- if ($action == 'add' || (isset($submit_ary[$test]) && $group_row['group_' . $test] != $submit_ary[$test]))
+ if (isset($submit_ary[$test]) && ($action == 'add' || $group_row['group_' . $test] != $submit_ary[$test]))
{
+ settype($submit_ary[$test], $type);
$group_attributes['group_' . $test] = $group_row['group_' . $test] = $submit_ary[$test];
}
}
generated by cgit v1.2.1 (git 2.21.0) at 2025-05-19 11:54:46 +0000