search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Update code_sniffer build.xml file to be executable on our system
[phpbb.git] / phpBB / modules / acp / auth.php
blobb1dae06cea55c3be071d79ce009f3a1ba0874c93
1 <?php
2 /**
3 *
4 * @package phpBB3
5 * @version $Id$
6 * @copyright (c) 2005 phpBB Group
7 * @license http://opensource.org/licenses/gpl-license.php GNU Public License
8 *
9 */
10
11 /**
12 * @ignore
13 */
14 if (!defined('IN_PHPBB'))
15 {
16 exit;
17 }
18
19 /**
20 * ACP Permission/Auth class
21 * @package phpBB3
22 */
23 class auth_admin extends auth
24 {
25 /**
26 * Init auth settings
27 */
28 function __construct()
29 {
30 if (($this->acl_options = phpbb::$acm->get('acl_options')) === false)
31 {
32 $sql = 'SELECT auth_option_id, auth_option, is_global, is_local
33 FROM ' . ACL_OPTIONS_TABLE . '
34 ORDER BY auth_option_id';
35 $result = phpbb::$db->sql_query($sql);
36
37 $global = $local = 0;
38 $this->acl_options = array();
39 while ($row = phpbb::$db->sql_fetchrow($result))
40 {
41 if ($row['is_global'])
42 {
43 $this->acl_options['global'][$row['auth_option']] = $global++;
44 }
45
46 if ($row['is_local'])
47 {
48 $this->acl_options['local'][$row['auth_option']] = $local++;
49 }
50
51 $this->acl_options['id'][$row['auth_option']] = (int) $row['auth_option_id'];
52 $this->acl_options['option'][(int) $row['auth_option_id']] = $row['auth_option'];
53 }
54 phpbb::$db->sql_freeresult($result);
55
56 phpbb::$acm->put('acl_options', $this->acl_options);
57 }
58 }
59
60 /**
61 * Get permission mask
62 * This function only supports getting permissions of one type (for example a_)
63 *
64 * @param set|view $mode defines the permissions we get, view gets effective permissions (checking user AND group permissions), set only gets the user or group permission set alone
65 * @param mixed $user_id user ids to search for (a user_id or a group_id has to be specified at least)
66 * @param mixed $group_id group ids to search for, return group related settings (a user_id or a group_id has to be specified at least)
67 * @param mixed $forum_id forum_ids to search for. Defining a forum id also means getting local settings
68 * @param string $auth_option the auth_option defines the permission setting to look for (a_ for example)
69 * @param local|global $scope the scope defines the permission scope. If local, a forum_id is additionally required
70 * @param phpbb::ACL_NEVER|phpbb::ACL_NO|phpbb::ACL_YES $acl_fill defines the mode those permissions not set are getting filled with
71 */
72 public function get_mask($mode, $user_id = false, $group_id = false, $forum_id = false, $auth_option = false, $scope = false, $acl_fill = phpbb::ACL_NEVER)
73 {
74 $hold_ary = array();
75 $view_user_mask = ($mode == 'view' && $group_id === false) ? true : false;
76
77 if ($auth_option === false || $scope === false)
78 {
79 return array();
80 }
81
82 $acl_user_function = ($mode == 'set') ? 'acl_user_raw_data' : 'acl_raw_data';
83
84 if (!$view_user_mask)
85 {
86 if ($forum_id !== false)
87 {
88 $hold_ary = ($group_id !== false) ? $this->acl_group_raw_data($group_id, $auth_option . '%', $forum_id) : $this->$acl_user_function($user_id, $auth_option . '%', $forum_id);
89 }
90 else
91 {
92 $hold_ary = ($group_id !== false) ? $this->acl_group_raw_data($group_id, $auth_option . '%', ($scope == 'global') ? 0 : false) : $this->$acl_user_function($user_id, $auth_option . '%', ($scope == 'global') ? 0 : false);
93 }
94 }
95
96 // Make sure hold_ary is filled with every setting (prevents missing forums/users/groups)
97 $ug_id = ($group_id !== false) ? ((!is_array($group_id)) ? array($group_id) : $group_id) : ((!is_array($user_id)) ? array($user_id) : $user_id);
98 $forum_ids = ($forum_id !== false) ? ((!is_array($forum_id)) ? array($forum_id) : $forum_id) : (($scope == 'global') ? array(0) : array());
99
100 // Only those options we need
101 $compare_options = array_diff(preg_replace('/^((?!' . $auth_option . ').+)|(' . $auth_option . ')$/', '', array_keys($this->acl_options[$scope])), array(''));
102
103 // If forum_ids is false and the scope is local we actually want to have all forums within the array
104 if ($scope == 'local' && !sizeof($forum_ids))
105 {
106 $sql = 'SELECT forum_id
107 FROM ' . FORUMS_TABLE;
108 $result = phpbb::$db->sql_query($sql, 120);
109
110 while ($row = phpbb::$db->sql_fetchrow($result))
111 {
112 $forum_ids[] = (int) $row['forum_id'];
113 }
114 phpbb::$db->sql_freeresult($result);
115 }
116
117 if ($view_user_mask)
118 {
119 $auth2 = null;
120
121 $sql = 'SELECT user_id, user_permissions, user_type
122 FROM ' . USERS_TABLE . '
123 WHERE ' . phpbb::$db->sql_in_set('user_id', $ug_id);
124 $result = phpbb::$db->sql_query($sql);
125
126 while ($userdata = phpbb::$db->sql_fetchrow($result))
127 {
128 if (phpbb::$user->data['user_id'] != $userdata['user_id'])
129 {
130 $auth2 = new auth();
131 $auth2->acl($userdata);
132 }
133 else
134 {
135 global $auth;
136 $auth2 = &$auth;
137 }
138
139
140 $hold_ary[$userdata['user_id']] = array();
141 foreach ($forum_ids as $f_id)
142 {
143 $hold_ary[$userdata['user_id']][$f_id] = array();
144 foreach ($compare_options as $option)
145 {
146 $hold_ary[$userdata['user_id']][$f_id][$option] = $auth2->acl_get($option, $f_id);
147 }
148 }
149 }
150 phpbb::$db->sql_freeresult($result);
151
152 unset($userdata);
153 unset($auth2);
154 }
155
156 foreach ($ug_id as $_id)
157 {
158 if (!isset($hold_ary[$_id]))
159 {
160 $hold_ary[$_id] = array();
161 }
162
163 foreach ($forum_ids as $f_id)
164 {
165 if (!isset($hold_ary[$_id][$f_id]))
166 {
167 $hold_ary[$_id][$f_id] = array();
168 }
169 }
170 }
171
172 // Now, we need to fill the gaps with $acl_fill. ;)
173
174 // Now switch back to keys
175 if (sizeof($compare_options))
176 {
177 $compare_options = array_combine($compare_options, array_fill(1, sizeof($compare_options), $acl_fill));
178 }
179
180 // Defining the user-function here to save some memory
181 $return_acl_fill = create_function('$value', 'return ' . $acl_fill . ';');
182
183 // Actually fill the gaps
184 if (sizeof($hold_ary))
185 {
186 foreach ($hold_ary as $ug_id => $row)
187 {
188 foreach ($row as $id => $options)
189 {
190 // Do not include the global auth_option
191 unset($options[$auth_option]);
192
193 // Not a "fine" solution, but at all it's a 1-dimensional
194 // array_diff_key function filling the resulting array values with zeros
195 // The differences get merged into $hold_ary (all permissions having $acl_fill set)
196 $hold_ary[$ug_id][$id] = array_merge($options,
197
198 array_map($return_acl_fill,
199 array_flip(
200 array_diff(
201 array_keys($compare_options), array_keys($options)
202 )
203 )
204 )
205 );
206 }
207 }
208 }
209 else
210 {
211 $hold_ary[($group_id !== false) ? $group_id : $user_id][(int) $forum_id] = $compare_options;
212 }
213
214 return $hold_ary;
215 }
216
217 /**
218 * Get permission mask for roles
219 * This function only supports getting masks for one role
220 */
221 public function get_role_mask($role_id)
222 {
223 $hold_ary = array();
224
225 // Get users having this role set...
226 $sql = 'SELECT user_id, forum_id
227 FROM ' . ACL_USERS_TABLE . '
228 WHERE auth_role_id = ' . $role_id . '
229 ORDER BY forum_id';
230 $result = phpbb::$db->sql_query($sql);
231
232 while ($row = phpbb::$db->sql_fetchrow($result))
233 {
234 $hold_ary[$row['forum_id']]['users'][] = $row['user_id'];
235 }
236 phpbb::$db->sql_freeresult($result);
237
238 // Now grab groups...
239 $sql = 'SELECT group_id, forum_id
240 FROM ' . ACL_GROUPS_TABLE . '
241 WHERE auth_role_id = ' . $role_id . '
242 ORDER BY forum_id';
243 $result = phpbb::$db->sql_query($sql);
244
245 while ($row = phpbb::$db->sql_fetchrow($result))
246 {
247 $hold_ary[$row['forum_id']]['groups'][] = $row['group_id'];
248 }
249 phpbb::$db->sql_freeresult($result);
250
251 return $hold_ary;
252 }
253
254 /**
255 * Display permission mask (assign to template)
256 */
257 public function display_mask($mode, $permission_type, array $hold_ary, $user_mode = 'user', $local = false, $group_display = true)
258 {
259 // Define names for template loops, might be able to be set
260 $tpl_pmask = 'p_mask';
261 $tpl_fmask = 'f_mask';
262 $tpl_category = 'category';
263 $tpl_mask = 'mask';
264
265 $l_acl_type = (isset(phpbb::$user->lang['ACL_TYPE_' . (($local) ? 'LOCAL' : 'GLOBAL') . '_' . strtoupper($permission_type)])) ? phpbb::$user->lang['ACL_TYPE_' . (($local) ? 'LOCAL' : 'GLOBAL') . '_' . strtoupper($permission_type)] : 'ACL_TYPE_' . (($local) ? 'LOCAL' : 'GLOBAL') . '_' . strtoupper($permission_type);
266
267 // Allow trace for viewing permissions and in user mode
268 $show_trace = ($mode == 'view' && $user_mode == 'user') ? true : false;
269
270 // Get names
271 if ($user_mode == 'user')
272 {
273 $sql = 'SELECT user_id as ug_id, username as ug_name
274 FROM ' . USERS_TABLE . '
275 WHERE ' . phpbb::$db->sql_in_set('user_id', array_keys($hold_ary)) . '
276 ORDER BY username_clean ASC';
277 }
278 else
279 {
280 $sql = 'SELECT group_id as ug_id, group_name as ug_name, group_type
281 FROM ' . GROUPS_TABLE . '
282 WHERE ' . phpbb::$db->sql_in_set('group_id', array_keys($hold_ary)) . '
283 ORDER BY group_type DESC, group_name ASC';
284 }
285 $result = phpbb::$db->sql_query($sql);
286
287 $ug_names_ary = array();
288 while ($row = phpbb::$db->sql_fetchrow($result))
289 {
290 $ug_names_ary[$row['ug_id']] = ($user_mode == 'user') ? $row['ug_name'] : (($row['group_type'] == GROUP_SPECIAL) ? phpbb::$user->lang['G_' . $row['ug_name']] : $row['ug_name']);
291 }
292 phpbb::$db->sql_freeresult($result);
293
294 // Get used forums
295 $forum_ids = array();
296 foreach ($hold_ary as $ug_id => $row)
297 {
298 $forum_ids = array_merge($forum_ids, array_keys($row));
299 }
300 $forum_ids = array_unique($forum_ids);
301
302 $forum_names_ary = array();
303 if ($local)
304 {
305 $forum_names_ary = make_forum_select(false, false, true, false, false, false, true);
306
307 // Remove the disabled ones, since we do not create an option field here...
308 foreach ($forum_names_ary as $key => $value)
309 {
310 if (!$value['disabled'])
311 {
312 continue;
313 }
314 unset($forum_names_ary[$key]);
315 }
316 }
317 else
318 {
319 $forum_names_ary[0] = $l_acl_type;
320 }
321
322 // Get available roles
323 $sql = 'SELECT *
324 FROM ' . ACL_ROLES_TABLE . "
325 WHERE role_type = '" . phpbb::$db->sql_escape($permission_type) . "'
326 ORDER BY role_order ASC";
327 $result = phpbb::$db->sql_query($sql);
328
329 $roles = array();
330 while ($row = phpbb::$db->sql_fetchrow($result))
331 {
332 $roles[$row['role_id']] = $row;
333 }
334 phpbb::$db->sql_freeresult($result);
335
336 $cur_roles = $this->acl_role_data($user_mode, $permission_type, array_keys($hold_ary));
337
338 // Build js roles array (role data assignments)
339 $s_role_js_array = '';
340
341 if (sizeof($roles))
342 {
343 $s_role_js_array = array();
344
345 // Make sure every role (even if empty) has its array defined
346 foreach ($roles as $_role_id => $null)
347 {
348 $s_role_js_array[$_role_id] = "\n" . 'role_options[' . $_role_id . '] = new Array();' . "\n";
349 }
350
351 $sql = 'SELECT r.role_id, o.auth_option, r.auth_setting
352 FROM ' . ACL_ROLES_DATA_TABLE . ' r, ' . ACL_OPTIONS_TABLE . ' o
353 WHERE o.auth_option_id = r.auth_option_id
354 AND ' . phpbb::$db->sql_in_set('r.role_id', array_keys($roles));
355 $result = phpbb::$db->sql_query($sql);
356
357 while ($row = phpbb::$db->sql_fetchrow($result))
358 {
359 $flag = substr($row['auth_option'], 0, strpos($row['auth_option'], '_') + 1);
360 if ($flag == $row['auth_option'])
361 {
362 continue;
363 }
364
365 $s_role_js_array[$row['role_id']] .= 'role_options[' . $row['role_id'] . '][\'' . addslashes($row['auth_option']) . '\'] = ' . $row['auth_setting'] . '; ';
366 }
367 phpbb::$db->sql_freeresult($result);
368
369 $s_role_js_array = implode('', $s_role_js_array);
370 }
371
372 phpbb::$template->assign_var('S_ROLE_JS_ARRAY', $s_role_js_array);
373 unset($s_role_js_array);
374
375 // Now obtain memberships
376 $user_groups_default = $user_groups_custom = array();
377 if ($user_mode == 'user' && $group_display)
378 {
379 $sql = 'SELECT group_id, group_name, group_type
380 FROM ' . GROUPS_TABLE . '
381 ORDER BY group_type DESC, group_name ASC';
382 $result = phpbb::$db->sql_query($sql);
383
384 $groups = array();
385 while ($row = phpbb::$db->sql_fetchrow($result))
386 {
387 $groups[$row['group_id']] = $row;
388 }
389 phpbb::$db->sql_freeresult($result);
390
391 $memberships = group_memberships(false, array_keys($hold_ary), false);
392
393 // User is not a member of any group? Bad admin, bad bad admin...
394 if ($memberships)
395 {
396 foreach ($memberships as $row)
397 {
398 if ($groups[$row['group_id']]['group_type'] == GROUP_SPECIAL)
399 {
400 $user_groups_default[$row['user_id']][] = phpbb::$user->lang['G_' . $groups[$row['group_id']]['group_name']];
401 }
402 else
403 {
404 $user_groups_custom[$row['user_id']][] = $groups[$row['group_id']]['group_name'];
405 }
406 }
407 }
408 unset($memberships, $groups);
409 }
410
411 // If we only have one forum id to display or being in local mode and more than one user/group to display,
412 // we switch the complete interface to group by user/usergroup instead of grouping by forum
413 // To achieve this, we need to switch the array a bit
414 if (sizeof($forum_ids) == 1 || ($local && sizeof($ug_names_ary) > 1))
415 {
416 $hold_ary_temp = $hold_ary;
417 $hold_ary = array();
418 foreach ($hold_ary_temp as $ug_id => $row)
419 {
420 foreach ($forum_names_ary as $forum_id => $forum_row)
421 {
422 if (isset($row[$forum_id]))
423 {
424 $hold_ary[$forum_id][$ug_id] = $row[$forum_id];
425 }
426 }
427 }
428 unset($hold_ary_temp);
429
430 foreach ($hold_ary as $forum_id => $forum_array)
431 {
432 $content_array = $categories = array();
433 self::build_permission_array($hold_ary[$forum_id], $content_array, $categories, array_keys($ug_names_ary));
434
435 phpbb::$template->assign_block_vars($tpl_pmask, array(
436 'NAME' => ($forum_id == 0) ? $forum_names_ary[0] : $forum_names_ary[$forum_id]['forum_name'],
437 'PADDING' => ($forum_id == 0) ? '' : $forum_names_ary[$forum_id]['padding'],
438
439 'CATEGORIES' => implode('</th><th>', $categories),
440
441 'L_ACL_TYPE' => $l_acl_type,
442
443 'S_LOCAL' => ($local) ? true : false,
444 'S_GLOBAL' => (!$local) ? true : false,
445 'S_NUM_CATS' => sizeof($categories),
446 'S_VIEW' => ($mode == 'view') ? true : false,
447 'S_NUM_OBJECTS' => sizeof($content_array),
448 'S_USER_MODE' => ($user_mode == 'user') ? true : false,
449 'S_GROUP_MODE' => ($user_mode == 'group') ? true : false,
450 ));
451
452 @reset($content_array);
453 while (list($ug_id, $ug_array) = each($content_array))
454 {
455 // Build role dropdown options
456 $current_role_id = (isset($cur_roles[$ug_id][$forum_id])) ? $cur_roles[$ug_id][$forum_id] : 0;
457
458 $s_role_options = '';
459
460 @reset($roles);
461 while (list($role_id, $role_row) = each($roles))
462 {
463 $role_description = (!empty(phpbb::$user->lang[$role_row['role_description']])) ? phpbb::$user->lang[$role_row['role_description']] : nl2br($role_row['role_description']);
464 $role_name = (!empty(phpbb::$user->lang[$role_row['role_name']])) ? phpbb::$user->lang[$role_row['role_name']] : $role_row['role_name'];
465
466 $title = ($role_description) ? ' title="' . $role_description . '"' : '';
467 $s_role_options .= '<option value="' . $role_id . '"' . (($role_id == $current_role_id) ? ' selected="selected"' : '') . $title . '>' . $role_name . '</option>';
468 }
469
470 if ($s_role_options)
471 {
472 $s_role_options = '<option value="0"' . ((!$current_role_id) ? ' selected="selected"' : '') . ' title="' . htmlspecialchars(phpbb::$user->lang['NO_ROLE_ASSIGNED_EXPLAIN']) . '">' . phpbb::$user->lang['NO_ROLE_ASSIGNED'] . '</option>' . $s_role_options;
473 }
474
475 if (!$current_role_id && $mode != 'view')
476 {
477 $s_custom_permissions = false;
478
479 foreach ($ug_array as $key => $value)
480 {
481 if ($value['S_NEVER'] || $value['S_YES'])
482 {
483 $s_custom_permissions = true;
484 break;
485 }
486 }
487 }
488 else
489 {
490 $s_custom_permissions = false;
491 }
492
493 phpbb::$template->assign_block_vars($tpl_pmask . '.' . $tpl_fmask, array(
494 'NAME' => $ug_names_ary[$ug_id],
495 'S_ROLE_OPTIONS' => $s_role_options,
496 'UG_ID' => $ug_id,
497 'S_CUSTOM' => $s_custom_permissions,
498 'FORUM_ID' => $forum_id,
499 ));
500
501 self::assign_cat_array($ug_array, $tpl_pmask . '.' . $tpl_fmask . '.' . $tpl_category, $tpl_mask, $ug_id, $forum_id, $show_trace, ($mode == 'view'));
502
503 unset($content_array[$ug_id]);
504 }
505
506 unset($hold_ary[$forum_id]);
507 }
508 }
509 else
510 {
511 foreach ($ug_names_ary as $ug_id => $ug_name)
512 {
513 if (!isset($hold_ary[$ug_id]))
514 {
515 continue;
516 }
517
518 $content_array = $categories = array();
519 self::build_permission_array($hold_ary[$ug_id], $content_array, $categories, array_keys($forum_names_ary));
520
521 phpbb::$template->assign_block_vars($tpl_pmask, array(
522 'NAME' => $ug_name,
523 'CATEGORIES' => implode('</th><th>', $categories),
524
525 'USER_GROUPS_DEFAULT' => ($user_mode == 'user' && isset($user_groups_default[$ug_id]) && sizeof($user_groups_default[$ug_id])) ? implode(', ', $user_groups_default[$ug_id]) : '',
526 'USER_GROUPS_CUSTOM' => ($user_mode == 'user' && isset($user_groups_custom[$ug_id]) && sizeof($user_groups_custom[$ug_id])) ? implode(', ', $user_groups_custom[$ug_id]) : '',
527 'L_ACL_TYPE' => $l_acl_type,
528
529 'S_LOCAL' => ($local) ? true : false,
530 'S_GLOBAL' => (!$local) ? true : false,
531 'S_NUM_CATS' => sizeof($categories),
532 'S_VIEW' => ($mode == 'view') ? true : false,
533 'S_NUM_OBJECTS' => sizeof($content_array),
534 'S_USER_MODE' => ($user_mode == 'user') ? true : false,
535 'S_GROUP_MODE' => ($user_mode == 'group') ? true : false,
536 ));
537
538 @reset($content_array);
539 while (list($forum_id, $forum_array) = each($content_array))
540 {
541 // Build role dropdown options
542 $current_role_id = (isset($cur_roles[$ug_id][$forum_id])) ? $cur_roles[$ug_id][$forum_id] : 0;
543
544 $s_role_options = '';
545
546 @reset($roles);
547 while (list($role_id, $role_row) = each($roles))
548 {
549 $role_description = (!empty(phpbb::$user->lang[$role_row['role_description']])) ? phpbb::$user->lang[$role_row['role_description']] : nl2br($role_row['role_description']);
550 $role_name = (!empty(phpbb::$user->lang[$role_row['role_name']])) ? phpbb::$user->lang[$role_row['role_name']] : $role_row['role_name'];
551
552 $title = ($role_description) ? ' title="' . $role_description . '"' : '';
553 $s_role_options .= '<option value="' . $role_id . '"' . (($role_id == $current_role_id) ? ' selected="selected"' : '') . $title . '>' . $role_name . '</option>';
554 }
555
556 if ($s_role_options)
557 {
558 $s_role_options = '<option value="0"' . ((!$current_role_id) ? ' selected="selected"' : '') . ' title="' . htmlspecialchars(phpbb::$user->lang['NO_ROLE_ASSIGNED_EXPLAIN']) . '">' . phpbb::$user->lang['NO_ROLE_ASSIGNED'] . '</option>' . $s_role_options;
559 }
560
561 if (!$current_role_id && $mode != 'view')
562 {
563 $s_custom_permissions = false;
564
565 foreach ($forum_array as $key => $value)
566 {
567 if ($value['S_NEVER'] || $value['S_YES'])
568 {
569 $s_custom_permissions = true;
570 break;
571 }
572 }
573 }
574 else
575 {
576 $s_custom_permissions = false;
577 }
578
579 phpbb::$template->assign_block_vars($tpl_pmask . '.' . $tpl_fmask, array(
580 'NAME' => ($forum_id == 0) ? $forum_names_ary[0] : $forum_names_ary[$forum_id]['forum_name'],
581 'PADDING' => ($forum_id == 0) ? '' : $forum_names_ary[$forum_id]['padding'],
582 'S_ROLE_OPTIONS' => $s_role_options,
583 'S_CUSTOM' => $s_custom_permissions,
584 'UG_ID' => $ug_id,
585 'FORUM_ID' => $forum_id,
586 ));
587
588 self::assign_cat_array($forum_array, $tpl_pmask . '.' . $tpl_fmask . '.' . $tpl_category, $tpl_mask, $ug_id, $forum_id, $show_trace, ($mode == 'view'));
589 }
590
591 unset($hold_ary[$ug_id], $ug_names_ary[$ug_id]);
592 }
593 }
594 }
595
596 /**
597 * Display permission mask for roles
598 */
599 public function display_role_mask(array $hold_ary)
600 {
601 if (!sizeof($hold_ary))
602 {
603 return;
604 }
605
606 // Get forum names
607 $sql = 'SELECT forum_id, forum_name
608 FROM ' . FORUMS_TABLE . '
609 WHERE ' . phpbb::$db->sql_in_set('forum_id', array_keys($hold_ary)) . '
610 ORDER BY left_id';
611 $result = phpbb::$db->sql_query($sql);
612
613 // If the role is used globally, then reflect that
614 $forum_names = (isset($hold_ary[0])) ? array(0 => '') : array();
615 while ($row = phpbb::$db->sql_fetchrow($result))
616 {
617 $forum_names[$row['forum_id']] = $row['forum_name'];
618 }
619 phpbb::$db->sql_freeresult($result);
620
621 foreach ($forum_names as $forum_id => $forum_name)
622 {
623 $auth_ary = $hold_ary[$forum_id];
624
625 phpbb::$template->assign_block_vars('role_mask', array(
626 'NAME' => ($forum_id == 0) ? phpbb::$user->lang['GLOBAL_MASK'] : $forum_name,
627 'FORUM_ID' => $forum_id,
628 ));
629
630 if (isset($auth_ary['users']) && sizeof($auth_ary['users']))
631 {
632 $sql = 'SELECT user_id, username
633 FROM ' . USERS_TABLE . '
634 WHERE ' . phpbb::$db->sql_in_set('user_id', $auth_ary['users']) . '
635 ORDER BY username_clean ASC';
636 $result = phpbb::$db->sql_query($sql);
637
638 while ($row = phpbb::$db->sql_fetchrow($result))
639 {
640 phpbb::$template->assign_block_vars('role_mask.users', array(
641 'USER_ID' => $row['user_id'],
642 'USERNAME' => $row['username'],
643 'U_PROFILE' => append_sid('memberlist', "mode=viewprofile&amp;u={$row['user_id']}"),
644 ));
645 }
646 phpbb::$db->sql_freeresult($result);
647 }
648
649 if (isset($auth_ary['groups']) && sizeof($auth_ary['groups']))
650 {
651 $sql = 'SELECT group_id, group_name, group_type
652 FROM ' . GROUPS_TABLE . '
653 WHERE ' . phpbb::$db->sql_in_set('group_id', $auth_ary['groups']) . '
654 ORDER BY group_type ASC, group_name';
655 $result = phpbb::$db->sql_query($sql);
656
657 while ($row = phpbb::$db->sql_fetchrow($result))
658 {
659 phpbb::$template->assign_block_vars('role_mask.groups', array(
660 'GROUP_ID' => $row['group_id'],
661 'GROUP_NAME' => ($row['group_type'] == GROUP_SPECIAL) ? phpbb::$user->lang['G_' . $row['group_name']] : $row['group_name'],
662 'U_PROFILE' => append_sid('memberlist', "mode=group&amp;g={$row['group_id']}"),
663 ));
664 }
665 phpbb::$db->sql_freeresult($result);
666 }
667 }
668 }
669
670 /**
671 * NOTE: this function is not in use atm
672 * Add a new option to the list ... $options is a hash of form ->
673 * $options = array(
674 * 'local' => array('option1', 'option2', ...),
675 * 'global' => array('optionA', 'optionB', ...)
676 * );
677 */
678 public function acl_add_option(array $options)
679 {
680 $cur_options = array();
681
682 // Determine current options
683 $sql = 'SELECT auth_option, is_global, is_local
684 FROM ' . ACL_OPTIONS_TABLE . '
685 ORDER BY auth_option_id';
686 $result = phpbb::$db->sql_query($sql);
687
688 while ($row = phpbb::$db->sql_fetchrow($result))
689 {
690 $cur_options[$row['auth_option']] = ($row['is_global'] && $row['is_local']) ? 'both' : (($row['is_global']) ? 'global' : 'local');
691 }
692 phpbb::$db->sql_freeresult($result);
693
694 // Here we need to insert new options ... this requires discovering whether
695 // an options is global, local or both and whether we need to add an permission
696 // set flag (x_)
697 $new_options = array('local' => array(), 'global' => array());
698
699 foreach ($options as $type => $option_ary)
700 {
701 $option_ary = array_unique($option_ary);
702
703 foreach ($option_ary as $option_value)
704 {
705 $new_options[$type][] = $option_value;
706
707 $flag = substr($option_value, 0, strpos($option_value, '_') + 1);
708
709 if (!in_array($flag, $new_options[$type]))
710 {
711 $new_options[$type][] = $flag;
712 }
713 }
714 }
715 unset($options);
716
717 $options = array();
718 $options['local'] = array_diff($new_options['local'], $new_options['global']);
719 $options['global'] = array_diff($new_options['global'], $new_options['local']);
720 $options['both'] = array_intersect($new_options['local'], $new_options['global']);
721
722 // Now check which options to add/update
723 $add_options = $update_options = array();
724
725 // First local ones...
726 foreach ($options as $type => $option_ary)
727 {
728 foreach ($option_ary as $option)
729 {
730 if (!isset($cur_options[$option]))
731 {
732 $add_options[] = array(
733 'auth_option' => (string) $option,
734 'is_global' => ($type == 'global' || $type == 'both') ? 1 : 0,
735 'is_local' => ($type == 'local' || $type == 'both') ? 1 : 0
736 );
737
738 continue;
739 }
740
741 // Else, update existing entry if it is changed...
742 if ($type === $cur_options[$option])
743 {
744 continue;
745 }
746
747 // New type is always both:
748 // If is now both, we set both.
749 // If it was global the new one is local and we need to set it to both
750 // If it was local the new one is global and we need to set it to both
751 $update_options[] = $option;
752 }
753 }
754
755 if (!empty($add_options))
756 {
757 phpbb::$db->sql_multi_insert(ACL_OPTIONS_TABLE, $add_options);
758 }
759
760 if (!empty($update_options))
761 {
762 $sql = 'UPDATE ' . ACL_OPTIONS_TABLE . '
763 SET is_global = 1, is_local = 1
764 WHERE ' . phpbb::$db->sql_in_set('auth_option', $update_options);
765 phpbb::$db->sql_query($sql);
766 }
767
768 phpbb::$acm->destroy('acl_options');
769 $this->acl_clear_prefetch();
770
771 // Because we just changed the options and also purged the options cache, we instantly update/regenerate it for later calls to succeed.
772 $this->acl_options = array();
773 $this->__construct();
774
775 return true;
776 }
777
778 /**
779 * Set a user or group ACL record
780 */
781 public function acl_set($ug_type, $forum_id, $ug_id, $auth, $role_id = 0, $clear_prefetch = true)
782 {
783 // One or more forums
784 if (!is_array($forum_id))
785 {
786 $forum_id = array($forum_id);
787 }
788
789 // One or more users
790 if (!is_array($ug_id))
791 {
792 $ug_id = array($ug_id);
793 }
794
795 $ug_id_sql = phpbb::$db->sql_in_set($ug_type . '_id', array_map('intval', $ug_id));
796 $forum_sql = phpbb::$db->sql_in_set('forum_id', array_map('intval', $forum_id));
797
798 // Instead of updating, inserting, removing we just remove all current settings and re-set everything...
799 $table = ($ug_type == 'user') ? ACL_USERS_TABLE : ACL_GROUPS_TABLE;
800 $id_field = $ug_type . '_id';
801
802 // Get any flags as required
803 reset($auth);
804 $flag = key($auth);
805 $flag = substr($flag, 0, strpos($flag, '_') + 1);
806
807 // This ID (the any-flag) is set if one or more permissions are true...
808 $any_option_id = (int) $this->acl_options['id'][$flag];
809
810 // Remove any-flag from auth ary
811 if (isset($auth[$flag]))
812 {
813 unset($auth[$flag]);
814 }
815
816 // Remove current auth options...
817 $auth_option_ids = array((int)$any_option_id);
818 foreach ($auth as $auth_option => $auth_setting)
819 {
820 $auth_option_ids[] = (int) $this->acl_options['id'][$auth_option];
821 }
822
823 $sql = "DELETE FROM $table
824 WHERE $forum_sql
825 AND $ug_id_sql
826 AND " . phpbb::$db->sql_in_set('auth_option_id', $auth_option_ids);
827 phpbb::$db->sql_query($sql);
828
829 // Remove those having a role assigned... the correct type of course...
830 $sql = 'SELECT role_id
831 FROM ' . ACL_ROLES_TABLE . "
832 WHERE role_type = '" . phpbb::$db->sql_escape($flag) . "'";
833 $result = phpbb::$db->sql_query($sql);
834
835 $role_ids = array();
836 while ($row = phpbb::$db->sql_fetchrow($result))
837 {
838 $role_ids[] = $row['role_id'];
839 }
840 phpbb::$db->sql_freeresult($result);
841
842 if (sizeof($role_ids))
843 {
844 $sql = "DELETE FROM $table
845 WHERE $forum_sql
846 AND $ug_id_sql
847 AND auth_option_id = 0
848 AND " . phpbb::$db->sql_in_set('auth_role_id', $role_ids);
849 phpbb::$db->sql_query($sql);
850 }
851
852 // Ok, include the any-flag if one or more auth options are set to yes...
853 foreach ($auth as $auth_option => $setting)
854 {
855 if ($setting == phpbb::ACL_YES && (!isset($auth[$flag]) || $auth[$flag] == phpbb::ACL_NEVER))
856 {
857 $auth[$flag] = phpbb::ACL_YES;
858 }
859 }
860
861 $sql_ary = array();
862 foreach ($forum_id as $forum)
863 {
864 $forum = (int) $forum;
865
866 if ($role_id)
867 {
868 foreach ($ug_id as $id)
869 {
870 $sql_ary[] = array(
871 $id_field => (int) $id,
872 'forum_id' => (int) $forum,
873 'auth_option_id' => 0,
874 'auth_setting' => 0,
875 'auth_role_id' => (int) $role_id,
876 );
877 }
878 }
879 else
880 {
881 foreach ($auth as $auth_option => $setting)
882 {
883 $auth_option_id = (int) $this->acl_options['id'][$auth_option];
884
885 if ($setting != phpbb::ACL_NO)
886 {
887 foreach ($ug_id as $id)
888 {
889 $sql_ary[] = array(
890 $id_field => (int) $id,
891 'forum_id' => (int) $forum,
892 'auth_option_id' => (int) $auth_option_id,
893 'auth_setting' => (int) $setting
894 );
895 }
896 }
897 }
898 }
899 }
900
901 phpbb::$db->sql_multi_insert($table, $sql_ary);
902
903 if ($clear_prefetch)
904 {
905 $this->acl_clear_prefetch();
906 }
907 }
908
909 /**
910 * Set a role-specific ACL record
911 */
912 public function acl_set_role($role_id, $auth)
913 {
914 // Get any-flag as required
915 reset($auth);
916 $flag = key($auth);
917 $flag = substr($flag, 0, strpos($flag, '_') + 1);
918
919 // Remove any-flag from auth ary
920 if (isset($auth[$flag]))
921 {
922 unset($auth[$flag]);
923 }
924
925 // Re-set any flag...
926 foreach ($auth as $auth_option => $setting)
927 {
928 if ($setting == phpbb::ACL_YES && (!isset($auth[$flag]) || $auth[$flag] == phpbb::ACL_NEVER))
929 {
930 $auth[$flag] = phpbb::ACL_YES;
931 }
932 }
933
934 $sql_ary = array();
935 foreach ($auth as $auth_option => $setting)
936 {
937 $auth_option_id = (int) $this->acl_options['id'][$auth_option];
938
939 if ($setting != phpbb::ACL_NO)
940 {
941 $sql_ary[] = array(
942 'role_id' => (int) $role_id,
943 'auth_option_id' => (int) $auth_option_id,
944 'auth_setting' => (int) $setting
945 );
946 }
947 }
948
949 // If no data is there, we set the any-flag to ACL_NEVER...
950 if (!sizeof($sql_ary))
951 {
952 $sql_ary[] = array(
953 'role_id' => (int) $role_id,
954 'auth_option_id' => (int) $this->acl_options['id'][$flag],
955 'auth_setting' => phpbb::ACL_NEVER
956 );
957 }
958
959 // Remove current auth options...
960 $sql = 'DELETE FROM ' . ACL_ROLES_DATA_TABLE . '
961 WHERE role_id = ' . $role_id;
962 phpbb::$db->sql_query($sql);
963
964 // Now insert the new values
965 phpbb::$db->sql_multi_insert(ACL_ROLES_DATA_TABLE, $sql_ary);
966
967 $this->acl_clear_prefetch();
968 }
969
970 /**
971 * Remove local permission
972 */
973 public function acl_delete($mode, $ug_id = false, $forum_id = false, $permission_type = false)
974 {
975 if ($ug_id === false && $forum_id === false)
976 {
977 return;
978 }
979
980 $option_id_ary = array();
981 $table = ($mode == 'user') ? ACL_USERS_TABLE : ACL_GROUPS_TABLE;
982 $id_field = $mode . '_id';
983
984 $where_sql = array();
985
986 if ($forum_id !== false)
987 {
988 $where_sql[] = (!is_array($forum_id)) ? 'forum_id = ' . (int) $forum_id : phpbb::$db->sql_in_set('forum_id', array_map('intval', $forum_id));
989 }
990
991 if ($ug_id !== false)
992 {
993 $where_sql[] = (!is_array($ug_id)) ? $id_field . ' = ' . (int) $ug_id : phpbb::$db->sql_in_set($id_field, array_map('intval', $ug_id));
994 }
995
996 // There seem to be auth options involved, therefore we need to go through the list and make sure we capture roles correctly
997 if ($permission_type !== false)
998 {
999 // Get permission type
1000 $sql = 'SELECT auth_option, auth_option_id
1001 FROM ' . ACL_OPTIONS_TABLE . "
1002 WHERE auth_option " . phpbb::$db->sql_like_expression($permission_type . phpbb::$db->any_char);
1003 $result = phpbb::$db->sql_query($sql);
1004
1005 $auth_id_ary = array();
1006 while ($row = phpbb::$db->sql_fetchrow($result))
1007 {
1008 $option_id_ary[] = $row['auth_option_id'];
1009 $auth_id_ary[$row['auth_option']] = phpbb::ACL_NO;
1010 }
1011 phpbb::$db->sql_freeresult($result);
1012
1013 // First of all, lets grab the items having roles with the specified auth options assigned
1014 $sql = "SELECT auth_role_id, $id_field, forum_id
1015 FROM $table, " . ACL_ROLES_TABLE . " r
1016 WHERE auth_role_id <> 0
1017 AND auth_role_id = r.role_id
1018 AND r.role_type = '{$permission_type}'
1019 AND " . implode(' AND ', $where_sql) . '
1020 ORDER BY auth_role_id';
1021 $result = phpbb::$db->sql_query($sql);
1022
1023 $cur_role_auth = array();
1024 while ($row = phpbb::$db->sql_fetchrow($result))
1025 {
1026 $cur_role_auth[$row['auth_role_id']][$row['forum_id']][] = $row[$id_field];
1027 }
1028 phpbb::$db->sql_freeresult($result);
1029
1030 // Get role data for resetting data
1031 if (sizeof($cur_role_auth))
1032 {
1033 $sql = 'SELECT ao.auth_option, rd.role_id, rd.auth_setting
1034 FROM ' . ACL_OPTIONS_TABLE . ' ao, ' . ACL_ROLES_DATA_TABLE . ' rd
1035 WHERE ao.auth_option_id = rd.auth_option_id
1036 AND ' . phpbb::$db->sql_in_set('rd.role_id', array_keys($cur_role_auth));
1037 $result = phpbb::$db->sql_query($sql);
1038
1039 $auth_settings = array();
1040 while ($row = phpbb::$db->sql_fetchrow($result))
1041 {
1042 // We need to fill all auth_options, else setting it will fail...
1043 if (!isset($auth_settings[$row['role_id']]))
1044 {
1045 $auth_settings[$row['role_id']] = $auth_id_ary;
1046 }
1047 $auth_settings[$row['role_id']][$row['auth_option']] = $row['auth_setting'];
1048 }
1049 phpbb::$db->sql_freeresult($result);
1050
1051 // Set the options
1052 foreach ($cur_role_auth as $role_id => $auth_row)
1053 {
1054 foreach ($auth_row as $f_id => $ug_row)
1055 {
1056 $this->acl_set($mode, $f_id, $ug_row, $auth_settings[$role_id], 0, false);
1057 }
1058 }
1059 }
1060 }
1061
1062 // Now, normally remove permissions...
1063 if ($permission_type !== false)
1064 {
1065 $where_sql[] = phpbb::$db->sql_in_set('auth_option_id', array_map('intval', $option_id_ary));
1066 }
1067
1068 $sql = "DELETE FROM $table
1069 WHERE " . implode(' AND ', $where_sql);
1070 phpbb::$db->sql_query($sql);
1071
1072 $this->acl_clear_prefetch();
1073 }
1074
1075 /**
1076 * Assign category to template
1077 * used by display_mask()
1078 */
1079 private static function assign_cat_array(array $category_array, $tpl_cat, $tpl_mask, $ug_id, $forum_id, $show_trace = false, $s_view)
1080 {
1081 @reset($category_array);
1082 while (list($cat, $cat_array) = each($category_array))
1083 {
1084 phpbb::$template->assign_block_vars($tpl_cat, array(
1085 'S_YES' => ($cat_array['S_YES'] && !$cat_array['S_NEVER'] && !$cat_array['S_NO']) ? true : false,
1086 'S_NEVER' => ($cat_array['S_NEVER'] && !$cat_array['S_YES'] && !$cat_array['S_NO']) ? true : false,
1087 'S_NO' => ($cat_array['S_NO'] && !$cat_array['S_NEVER'] && !$cat_array['S_YES']) ? true : false,
1088
1089 'CAT_NAME' => phpbb::$user->lang['permission_cat'][$cat],
1090 ));
1091
1092 /* Sort permissions by name (more naturaly and user friendly than sorting by a primary key)
1093 * Commented out due to it's memory consumption and time needed
1094 *
1095 $key_array = array_intersect(array_keys(phpbb::$user->lang), array_map(create_function('$a', 'return "acl_" . $a;'), array_keys($cat_array['permissions'])));
1096 $values_array = $cat_array['permissions'];
1097
1098 $cat_array['permissions'] = array();
1099
1100 foreach ($key_array as $key)
1101 {
1102 $key = str_replace('acl_', '', $key);
1103 $cat_array['permissions'][$key] = $values_array[$key];
1104 }
1105 unset($key_array, $values_array);
1106 */
1107 @reset($cat_array['permissions']);
1108 while (list($permission, $allowed) = each($cat_array['permissions']))
1109 {
1110 if ($s_view)
1111 {
1112 phpbb::$template->assign_block_vars($tpl_cat . '.' . $tpl_mask, array(
1113 'S_YES' => ($allowed == phpbb::ACL_YES) ? true : false,
1114 'S_NEVER' => ($allowed == phpbb::ACL_NEVER) ? true : false,
1115
1116 'UG_ID' => $ug_id,
1117 'FORUM_ID' => $forum_id,
1118 'FIELD_NAME' => $permission,
1119 'S_FIELD_NAME' => 'setting[' . $ug_id . '][' . $forum_id . '][' . $permission . ']',
1120
1121 'U_TRACE' => ($show_trace) ? append_sid(PHPBB_ADMIN_PATH . 'index.' . PHP_EXT, "i=permissions&amp;mode=trace&amp;u=$ug_id&amp;f=$forum_id&amp;auth=$permission") : '',
1122 'UA_TRACE' => ($show_trace) ? append_sid(PHPBB_ADMIN_PATH . 'index.' . PHP_EXT, "i=permissions&mode=trace&u=$ug_id&f=$forum_id&auth=$permission", false) : '',
1123
1124 'PERMISSION' => phpbb::$user->lang['acl_' . $permission]['lang'],
1125 ));
1126 }
1127 else
1128 {
1129 phpbb::$template->assign_block_vars($tpl_cat . '.' . $tpl_mask, array(
1130 'S_YES' => ($allowed == phpbb::ACL_YES) ? true : false,
1131 'S_NEVER' => ($allowed == phpbb::ACL_NEVER) ? true : false,
1132 'S_NO' => ($allowed == phpbb::ACL_NO) ? true : false,
1133
1134 'UG_ID' => $ug_id,
1135 'FORUM_ID' => $forum_id,
1136 'FIELD_NAME' => $permission,
1137 'S_FIELD_NAME' => 'setting[' . $ug_id . '][' . $forum_id . '][' . $permission . ']',
1138
1139 'U_TRACE' => ($show_trace) ? append_sid(PHPBB_ADMIN_PATH . 'index.' . PHP_EXT, "i=permissions&amp;mode=trace&amp;u=$ug_id&amp;f=$forum_id&amp;auth=$permission") : '',
1140 'UA_TRACE' => ($show_trace) ? append_sid(PHPBB_ADMIN_PATH . 'index.' . PHP_EXT, "i=permissions&mode=trace&u=$ug_id&f=$forum_id&auth=$permission", false) : '',
1141
1142 'PERMISSION' => phpbb::$user->lang['acl_' . $permission]['lang'],
1143 ));
1144 }
1145 }
1146 }
1147 }
1148
1149 /**
1150 * Building content array from permission rows with explicit key ordering
1151 * used by display_mask()
1152 */
1153 public static function build_permission_array(array $permission_row, array &$content_array, array &$categories, array $key_sort_array)
1154 {
1155 foreach ($key_sort_array as $forum_id)
1156 {
1157 if (!isset($permission_row[$forum_id]))
1158 {
1159 continue;
1160 }
1161
1162 $permissions = $permission_row[$forum_id];
1163 ksort($permissions);
1164
1165 @reset($permissions);
1166 while (list($permission, $auth_setting) = each($permissions))
1167 {
1168 if (!isset(phpbb::$user->lang['acl_' . $permission]))
1169 {
1170 phpbb::$user->lang['acl_' . $permission] = array(
1171 'cat' => 'misc',
1172 'lang' => '{ acl_' . $permission . ' }'
1173 );
1174 }
1175
1176 $cat = phpbb::$user->lang['acl_' . $permission]['cat'];
1177
1178 // Build our categories array
1179 if (!isset($categories[$cat]))
1180 {
1181 $categories[$cat] = phpbb::$user->lang['permission_cat'][$cat];
1182 }
1183
1184 // Build our content array
1185 if (!isset($content_array[$forum_id]))
1186 {
1187 $content_array[$forum_id] = array();
1188 }
1189
1190 if (!isset($content_array[$forum_id][$cat]))
1191 {
1192 $content_array[$forum_id][$cat] = array(
1193 'S_YES' => false,
1194 'S_NEVER' => false,
1195 'S_NO' => false,
1196 'permissions' => array(),
1197 );
1198 }
1199
1200 $content_array[$forum_id][$cat]['S_YES'] |= ($auth_setting == phpbb::ACL_YES) ? true : false;
1201 $content_array[$forum_id][$cat]['S_NEVER'] |= ($auth_setting == phpbb::ACL_NEVER) ? true : false;
1202 $content_array[$forum_id][$cat]['S_NO'] |= ($auth_setting == phpbb::ACL_NO) ? true : false;
1203
1204 $content_array[$forum_id][$cat]['permissions'][$permission] = $auth_setting;
1205 }
1206 }
1207 }
1208
1209 /**
1210 * Use permissions from another user. This transferes a permission set from one user to another.
1211 * The other user is always able to revert back to his permission set.
1212 * This function does not check for lower/higher permissions, it is possible for the user to gain
1213 * "more" permissions by this.
1214 * Admin permissions will not be copied.
1215 */
1216 public function ghost_permissions($from_user_id, $to_user_id)
1217 {
1218 if ($to_user_id == ANONYMOUS)
1219 {
1220 return false;
1221 }
1222
1223 $hold_ary = $this->acl_raw_data_single_user($from_user_id);
1224
1225 // Key 0 in $hold_ary are global options, all others are forum_ids
1226
1227 // We disallow copying admin permissions
1228 foreach ($this->acl_options['global'] as $opt => $id)
1229 {
1230 if (strpos($opt, 'a_') === 0)
1231 {
1232 $hold_ary[0][$this->acl_options['id'][$opt]] = phpbb::ACL_NEVER;
1233 }
1234 }
1235
1236 // Force a_switchperm to be allowed
1237 $hold_ary[0][$this->acl_options['id']['a_switchperm']] = phpbb::ACL_YES;
1238
1239 $user_permissions = $this->build_bitstring($hold_ary);
1240
1241 if (!$user_permissions)
1242 {
1243 return false;
1244 }
1245
1246 $sql = 'UPDATE ' . USERS_TABLE . "
1247 SET user_permissions = '" . phpbb::$db->sql_escape($user_permissions) . "',
1248 user_perm_from = $from_user_id
1249 WHERE user_id = " . $to_user_id;
1250 phpbb::$db->sql_query($sql);
1251
1252 return true;
1253 }
1254 }
1255
1256 ?>
phpbb is a php-based BBS (buletin board system)