From b7eef160740e22939fe6f78f64d78d8b6a99efe5 Mon Sep 17 00:00:00 2001 From: "Paul S. Owen" Date: Tue, 15 Apr 2003 17:32:49 +0000 Subject: Seems to be working ... git-svn-id: file:///svn/phpbb/trunk@3832 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/adm/admin_permissions.php | 347 +++++++++++++++++++++------------------- 1 file changed, 183 insertions(+), 164 deletions(-) (limited to 'phpBB/adm') diff --git a/phpBB/adm/admin_permissions.php b/phpBB/adm/admin_permissions.php index fb22ef8861..0864d9a540 100644 --- a/phpBB/adm/admin_permissions.php +++ b/phpBB/adm/admin_permissions.php @@ -43,18 +43,18 @@ require('pagestart.' . $phpEx); // // 'mode' determines what we're altering; administrators, users, deps, etc. // 'submit' is used to determine what we're doing ... special format -$mode = (isset($_REQUEST['mode'])) ? htmlspecialchars($_REQUEST['mode']) : ''; -$submode= (isset($_REQUEST['submode'])) ? htmlspecialchars($_REQUEST['submode']) : ''; +$mode = (isset($_REQUEST['mode'])) ? htmlspecialchars($_REQUEST['mode']) : ''; +$submode = (isset($_REQUEST['submode'])) ? htmlspecialchars($_REQUEST['submode']) : ''; $which_mode = (!empty($submode) && $submode != $mode) ? $submode : $mode; -$submit = array_values(preg_grep('#^submit_(.*)$#i', array_keys($_POST))); -$submit = (sizeof($submit)) ? substr($submit[0], strpos($submit[0], '_') + 1) : ''; +$submit = array_values(preg_grep('#^submit_(.*)$#i', array_keys($_POST))); +$submit = (sizeof($submit)) ? substr($submit[0], strpos($submit[0], '_') + 1) : ''; // Submitted setting data // // 'auth_settings' contains the submitted option settings assigned to options, should be an // associative array with integer values -$auth_settings = (isset($_POST['settings'])) ? $_POST['settings'] : ''; +$auth_settings = (isset($_POST['settings'])) ? $_POST['settings'] : ''; // Forum, User or Group information @@ -76,6 +76,19 @@ if (!isset($forum_id[$which_mode])) } $sql_forum_id = implode(', ', array_map('intval', $forum_id[$which_mode])); +// Generate list of forum id's +$s_forum_id = ''; +foreach ($forum_id as $forum_submode => $forum_submode_ids) +{ + foreach ($forum_submode_ids as $submode_forum_id) + { + $s_forum_id .= ''; + } +} +unset($forum_submode_ids); +unset($forum_submode); +unset($submode_forum_id); + // Instantiate a new auth admin object in readiness $auth_admin = new auth_admin(); @@ -179,88 +192,84 @@ switch ($submit) { case 'update': - print_r($auth_settings); - - // Here we decide which depedencies we are looking for ... if all the submitted - // settings are the same we look for a dependency of "All options". This allows - // for situations where for example changing permissions for all options to the - // same setting (e.g. 'unset' or 'no') could lead to forum view permissions being - // changed to 'unset'. When all options do not have the same setting we lookup - // dependencies for the given range of options and settings and those where - // "Any option" has been specified for the current range of settings - - // No dependencies exist or we've already shown 'em ... so now - // we go ahead and update the permission sets - echo "DONE"; - exit; - - // If we are submitting with dependencies first we set the original options - if (isset($_POST['skipdeps'])) + if (sizeof($auth_settings)) { - foreach ($ug_data as $id) + // Admin wants subforums to inherit permissions ... so add these + // forums to the list ... since inheritance is only available for + // forum and moderator primary modes we deal with '$forum_id[$mode]' + if (!empty($_POST['inherit'])) { - $auth_admin->acl_set($ug_type, $forum_id_deps, $id, $auth_settings_deps); + $forum_id[$mode] = array_merge($forum_id[$mode], array_map('intval', $_POST['inherit'])); } - } - unset($auth_settings_deps); - unset($forum_id_deps); - - // Admin wants subforums to inherit permissions ... so handle this - if (!empty($_POST['inherit'])) - { - array_push($_POST['inherit'], $forum_id); - $forum_id = $_POST['inherit']; - } - // This will be either the submitted dependencies or the "original" options - // dependending on whether any dependencies existed and were submitted - if (empty($_POST['skipdeps'])) - { - foreach ($ug_data as $id) + // Update the permission set ... we loop through each auth setting + // array + foreach ($auth_settings as $auth_submode => $auth_setting) { - $auth_admin->acl_set($ug_type, $forum_id, $id, $auth_settings); + // Are any entries * ? If so we need to remove them since they + // are options the user wishes to ignore + if (in_array('*', $auth_setting)) + { + $temp = array(); + foreach ($auth_setting as $option => $setting) + { + if ($setting != '*') + { + $temp[$option] = $setting; + } + } + $auth_setting = $temp; + } + + if (sizeof($auth_setting)) + { + foreach ($ug_data as $id) + { + $auth_admin->acl_set($ug_type, $forum_id[$auth_submode], $id, $auth_setting); + } + } } } + unset($auth_submode); + unset($auth_setting); - cache_moderators(); + // Do we need to recache the moderator lists? We do if the mode + // was mod or auth_settings['mod'] is a non-zero size array + if ($mode == 'mod' || sizeof($auth_settings['mod'])) + { + cache_moderators(); + } trigger_error($user->lang['AUTH_UPDATED']); break; case 'delete': - echo "HERE :: DELETE"; - exit; -/* - $option_ids = false; - if (!empty($settings) - { - $sql = "SELECT auth_option_id - FROM " . ACL_OPTIONS_TABLE . " - WHERE auth_option LIKE '" . $settings['option'] . "_%'"; - $result = $db->sql_query($sql); + $sql = "SELECT auth_option_id + FROM " . ACL_OPTIONS_TABLE . " + WHERE auth_option LIKE '{$sql_option_mode}_%'"; + $result = $db->sql_query($sql); - if ($row = $db->sql_fetchrow($result)) + if ($row = $db->sql_fetchrow($result)) + { + $option_id_ary = array(); + do { - $option_ids = array(); - do - { - $option_ids[] = $row['auth_option_id']; - } - while($row = $db->sql_fetchrow($result)); + $option_id_ary[] = $row['auth_option_id']; } - $db->sql_freeresult($result); - } + while($row = $db->sql_fetchrow($result)); - foreach ($_POST['ug_id'] as $id) - { - $auth_admin->acl_delete($_POST['type'], $forum_id, $id, $option_ids); + foreach ($ug_data as $id) + { + $auth_admin->acl_delete($ug_type, $forum_id[$mode], $id, $option_id_ary); + } + unset($option_id_ary); } + $db->sql_freeresult($result); cache_moderators(); trigger_error($user->lang['AUTH_UPDATED']); -*/ break; case 'presetsave': @@ -344,9 +353,9 @@ if (in_array($mode, array('user', 'group', 'forum', 'mod')) && empty($submit)) lang['LOOK_UP_FORUM']; ?> -      @@ -361,7 +370,7 @@ if (in_array($mode, array('user', 'group', 'forum', 'mod')) && empty($submit)) lang['LOOK_UP_USER']; ?> - ', '_phpbbsearch', 'HEIGHT=500,resizable=yes,scrollbars=yes,WIDTH=740');return false;" /> + ', '_phpbbsearch', 'HEIGHT=500,resizable=yes,scrollbars=yes,WIDTH=740');return false;" /> lang['LOOK_UP_GROUP']; ?> -      +      $forum_submode_ids) - { - foreach ($forum_submode_ids as $submode_forum_id) - { - $s_forum_id .= ''; - } - } - unset($forum_submode_ids); - unset($forum_submode); - unset($submode_forum_id); ?> +

+

- + @@ -462,7 +461,7 @@ if ((in_array($submit, array('usergroups', 'delete', 'cancel'))) || ($submit != - +

lang['USERS']; ?>

lang['GROUPS']; ?>

lang['USERGROUPS']; ?>
   
@@ -505,7 +504,7 @@ if ((in_array($submit, array('usergroups', 'delete', 'cancel'))) || ($submit != -   +   @@ -520,7 +519,7 @@ if ((in_array($submit, array('usergroups', 'delete', 'cancel'))) || ($submit != -     &mode=searchuser&form=2&field=entries', '_phpbbsearch', 'HEIGHT=500,resizable=yes,scrollbars=yes,WIDTH=740');return false;" /> +     &mode=searchuser&form=2&field=entries', '_phpbbsearch', 'HEIGHT=500,resizable=yes,scrollbars=yes,WIDTH=740');return false;" /> @@ -532,7 +531,7 @@ if ((in_array($submit, array('usergroups', 'delete', 'cancel'))) || ($submit != -   +   @@ -550,12 +549,14 @@ if ((in_array($submit, array('usergroups', 'delete', 'cancel'))) || ($submit != // Third possible form, this is the major section of this script. It // handles the entry of permission options for all situations -if (in_array($submit, array('options', 'presetsave', 'presetdel', 'update')) || !empty($submode)) +if (in_array($submit, array('add_options', 'edit_options', 'presetsave', 'presetdel', 'update')) || !empty($submode)) { - if (!isset($forum_id) && empty($ug_data)) + // Did the user specify any users or groups? + if (empty($ug_data)) { - trigger_error($user->lang['NO_MODE']); + $l_message = ($ug_type == 'user') ? 'NO_USER' : 'NO_GROUP'; + trigger_error($user->lang[$l_message]); } @@ -577,24 +578,17 @@ if (in_array($submit, array('options', 'presetsave', 'presetdel', 'update')) || // Grab relevant user or group information - $ug_ids = $ug_names = $ug_hidden = ''; - $l_no_error = ''; + $ug_ids = $ug_names = $ug_hidden = $l_no_error = ''; switch ($ug_type) { case 'user': + // If we've just come from the usergroup form then user will actually + // be a username rather than a user_id, so act appropriately $l_no_error = $user->lang['NO_USER']; $sql = 'SELECT user_id AS id, username AS name - FROM ' . USERS_TABLE . ' - WHERE user_id'; - $sql .= (is_array($ug_data)) ? ' IN (' . implode(', ', $ug_data) . ')' : ' = ' . $ug_data; - break; - - case 'username': - $l_no_error = $user->lang['NO_USER']; - $sql = 'SELECT user_id AS id, username AS name - FROM ' . USERS_TABLE . ' - WHERE username'; - $sql .= (is_array($ug_data)) ? ' IN (' . implode(', ', preg_replace('#^[\s]*?(.*?)[\s]*?$#', "'\\1'", $ug_data)) . ')' : ' = ' . "'" . trim($ug_data) . "'"; + FROM ' . USERS_TABLE . ' + WHERE '; + $sql .= ($submit == 'add_options') ? ' username IN (' . implode(', ', preg_replace('#^[\s]*?(.*?)[\s]*?$#', "'\\1'", explode("\n", $ug_data[0]))) . ')' : ' user_id ' . ((is_array($ug_data)) ? 'IN (' . implode(', ', $ug_data) . ')' : '= ' . $ug_data); break; case 'group': @@ -612,7 +606,6 @@ if (in_array($submit, array('options', 'presetsave', 'presetdel', 'update')) || trigger_error($l_no_error); } unset($l_no_error); - unset($ug_data); // Store the user_ids and names for later use do @@ -742,8 +735,8 @@ if (in_array($submit, array('options', 'presetsave', 'presetdel', 'update')) || break; case 'user': - $sql_table = ACL_USERS_TABLE . ' a, '; - $sql_join = 'a.user_id';; + $sql_table = ACL_USERS_TABLE . ' a '; + $sql_join = 'a.user_id'; break; } @@ -765,41 +758,56 @@ if (in_array($submit, array('options', 'presetsave', 'presetdel', 'update')) || } else { - // We're looking at a view ... so we'll set all options to ignore + // We're looking at a view ... so we'll set all options to unset // We could be a little more clever here but the "safe side" looks // better right now $auth_settings[$which_mode] = array(); foreach ($auth_options as $option) { - $auth_settings[$which_mode][$option['auth_option']] = -1; + $auth_settings[$which_mode][$option['auth_option']] = '*'; } + unset($option); } } - // Should we display a dropdown for views? $view_options = ''; + // Should we display a dropdown for views? if (in_array($mode, array('admin', 'supermod', 'mod'))) { - $view_options .= ''; - $view_options .= (!empty($submode) && $mode != $submode) ? '' : ''; + $view_options .= ''; $view_ary = array( - 'admin' => array('forum' => 'a_auth', 'mod' => 'a_authmods', 'supermod' => 'a_authmods'), - 'supermod' => array('forum' => 'a_auth'), - 'mod' => array('forum' => 'a_auth') + 'admin' => array('admin' => 'a_', 'forum' => 'a_auth', 'supermod' => 'a_authmods', 'mod' => 'a_authmods'), + 'supermod' => array('supermod' => 'a_authmods', 'mod' => 'a_authmods', 'forum' => 'a_auth'), + 'mod' => array('mod' => 'a_authmods', 'forum' => 'a_auth') ); foreach ($view_ary[$mode] as $which_submode => $which_acl) { if ($auth->acl_get($which_acl)) { - $view_options .= ''; + $view_options .= ''; } } unset($view_ary); } -// print_r($auth_settings); + $settings_hidden = ''; + // Output original settings ... needed when we jump views + foreach ($auth_settings as $auth_submode => $auth_submode_settings) + { + if ($auth_submode != $which_mode) + { + foreach ($auth_submode_settings as $submode_option => $submode_setting) + { + $settings_hidden .= ($submode_setting != '*') ? '' : ''; + } + } + } + unset($auth_submode); + unset($auth_submode_settings); + unset($auth_submode_option); + unset($auth_submode_setting); ?> @@ -848,7 +856,7 @@ if (in_array($submit, array('options', 'presetsave', 'presetdel', 'update')) || break; case 'all_ignore': - if (elem.value == -1) + if (elem.value == '*') elem.checked = true; break; @@ -891,8 +899,36 @@ if (in_array($submit, array('options', 'presetsave', 'presetdel', 'update')) ||

+

lang[$l_selected_users]; + + unset($l_selected_users); + unset($ug_data); + +?>:

+

+ + +

lang['WARNING']; ?>

+ +

lang['WARNING_EXPLAIN']; ?>

+ + +
">
- + - + @@ -928,23 +964,24 @@ if (in_array($submit, array('options', 'presetsave', 'presetdel', 'update')) || @@ -955,13 +992,15 @@ if (in_array($submit, array('options', 'presetsave', 'presetdel', 'update')) || -  lang['NO']; ?>  + -  lang['IGNORE']; ?>  + - - + +" align="center"> /> - " align="center"> /> + - - +
 lang['SELECT_FORUM']; ?>
Will set options in:
lang['WILL_SET_OPTIONS']; ?>:
lang['PRESETS']; ?>:  lang['OPTION']; ?>   lang['YES']; ?>   lang['UNSET']; ?>  lang['NO']; ?>   
  /> /> /> />
lang['ACL_SUBFORUMS']; ?>lang['ACL_SUBFORUMS']; ?>
@@ -1057,7 +1097,7 @@ if (in_array($submit, array('options', 'presetsave', 'presetdel', 'update')) || ?>