6 * @copyright (c) 2005 phpBB Group
7 * @license http://opensource.org/licenses/gpl-license.php GNU Public License
14 if (!defined('IN_PHPBB'))
22 class acp_permission_roles
26 function main($id, $mode)
28 global $db, $user, $auth, $template, $cache, $config;
30 include_once(PHPBB_ROOT_PATH
. 'includes/functions_user.' . PHP_EXT
);
31 include_once(PHPBB_ROOT_PATH
. 'includes/acp/auth.' . PHP_EXT
);
33 $auth_admin = new auth_admin();
35 $user->add_lang('acp/permissions');
36 add_permission_language();
38 $this->tpl_name
= 'acp_permission_roles';
40 $submit = phpbb_request
::is_set_post('submit');
41 $role_id = request_var('role_id', 0);
42 $action = request_var('action', '');
43 $action = (phpbb_request
::is_set_post('add')) ?
'add' : $action;
45 $form_name = 'acp_permissions';
46 add_form_key($form_name);
51 $permission_type = 'a_';
52 $this->page_title
= 'ACP_ADMIN_ROLES';
56 $permission_type = 'u_';
57 $this->page_title
= 'ACP_USER_ROLES';
61 $permission_type = 'm_';
62 $this->page_title
= 'ACP_MOD_ROLES';
66 $permission_type = 'f_';
67 $this->page_title
= 'ACP_FORUM_ROLES';
71 trigger_error('NO_MODE', E_USER_ERROR
);
75 $template->assign_vars(array(
76 'L_TITLE' => $user->lang
[$this->page_title
],
77 'L_EXPLAIN' => $user->lang
[$this->page_title
. '_EXPLAIN'])
80 // Take action... admin submitted something
81 if ($submit ||
$action == 'remove')
89 trigger_error($user->lang
['NO_ROLE_SELECTED'] . adm_back_link($this->u_action
), E_USER_WARNING
);
93 FROM ' . ACL_ROLES_TABLE
. '
94 WHERE role_id = ' . $role_id;
95 $result = $db->sql_query($sql);
96 $role_row = $db->sql_fetchrow($result);
97 $db->sql_freeresult($result);
101 trigger_error($user->lang
['NO_ROLE_SELECTED'] . adm_back_link($this->u_action
), E_USER_WARNING
);
104 if (confirm_box(true))
106 $this->remove_role($role_id, $permission_type);
108 $role_name = (!empty($user->lang
[$role_row['role_name']])) ?
$user->lang
[$role_row['role_name']] : $role_row['role_name'];
109 add_log('admin', 'LOG_' . strtoupper($permission_type) . 'ROLE_REMOVED', $role_name);
110 trigger_error($user->lang
['ROLE_DELETED'] . adm_back_link($this->u_action
));
114 confirm_box(false, 'DELETE_ROLE', build_hidden_fields(array(
117 'role_id' => $role_id,
127 trigger_error($user->lang
['NO_ROLE_SELECTED'] . adm_back_link($this->u_action
), E_USER_WARNING
);
132 FROM ' . ACL_ROLES_TABLE
. '
133 WHERE role_id = ' . $role_id;
134 $result = $db->sql_query($sql);
135 $role_row = $db->sql_fetchrow($result);
136 $db->sql_freeresult($result);
140 trigger_error($user->lang
['NO_ROLE_SELECTED'] . adm_back_link($this->u_action
), E_USER_WARNING
);
147 if (!check_form_key($form_name))
149 trigger_error($user->lang
['FORM_INVALID']. adm_back_link($this->u_action
), E_USER_WARNING
);
152 $role_name = utf8_normalize_nfc(request_var('role_name', '', true));
153 $role_description = utf8_normalize_nfc(request_var('role_description', '', true));
154 $auth_settings = request_var('setting', array('' => 0));
158 trigger_error($user->lang
['NO_ROLE_NAME_SPECIFIED'] . adm_back_link($this->u_action
), E_USER_WARNING
);
161 if (utf8_strlen($role_description) > 4000)
163 trigger_error($user->lang
['ROLE_DESCRIPTION_LONG'] . adm_back_link($this->u_action
), E_USER_WARNING
);
166 // if we add/edit a role we check the name to be unique among the settings...
167 $sql = 'SELECT role_id
168 FROM ' . ACL_ROLES_TABLE
. "
169 WHERE role_type = '" . $db->sql_escape($permission_type) . "'
170 AND role_name = '" . $db->sql_escape($role_name) . "'";
171 $result = $db->sql_query($sql);
172 $row = $db->sql_fetchrow($result);
173 $db->sql_freeresult($result);
175 // Make sure we only print out the error if we add the role or change it's name
176 if ($row && ($mode == 'add' ||
($mode == 'edit' && $role_row['role_name'] != $role_name)))
178 trigger_error(sprintf($user->lang
['ROLE_NAME_ALREADY_EXIST'], $role_name) . adm_back_link($this->u_action
), E_USER_WARNING
);
182 'role_name' => (string) $role_name,
183 'role_description' => (string) $role_description,
184 'role_type' => (string) $permission_type,
187 if ($action == 'edit')
189 $sql = 'UPDATE ' . ACL_ROLES_TABLE
. '
190 SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
191 WHERE role_id = ' . $role_id;
192 $db->sql_query($sql);
196 // Get maximum role order for inserting a new role...
197 $sql = 'SELECT MAX(role_order) as max_order
198 FROM ' . ACL_ROLES_TABLE
. "
199 WHERE role_type = '" . $db->sql_escape($permission_type) . "'";
200 $result = $db->sql_query($sql);
201 $max_order = (int) $db->sql_fetchfield('max_order');
202 $db->sql_freeresult($result);
204 $sql_ary['role_order'] = $max_order +
1;
206 $sql = 'INSERT INTO ' . ACL_ROLES_TABLE
. ' ' . $db->sql_build_array('INSERT', $sql_ary);
207 $db->sql_query($sql);
209 $role_id = $db->sql_nextid();
212 // Now add the auth settings
213 $auth_admin->acl_set_role($role_id, $auth_settings);
215 $role_name = (!empty($user->lang
[$role_name])) ?
$user->lang
[$role_name] : $role_name;
216 add_log('admin', 'LOG_' . strtoupper($permission_type) . 'ROLE_' . strtoupper($action), $role_name);
218 trigger_error($user->lang
['ROLE_' . strtoupper($action) . '_SUCCESS'] . adm_back_link($this->u_action
));
229 $options_from = request_var('options_from', 0);
232 'role_name' => utf8_normalize_nfc(request_var('role_name', '', true)),
233 'role_description' => utf8_normalize_nfc(request_var('role_description', '', true)),
234 'role_type' => $permission_type,
239 $sql = 'SELECT p.auth_option_id, p.auth_setting, o.auth_option
240 FROM ' . ACL_ROLES_DATA_TABLE
. ' p, ' . ACL_OPTIONS_TABLE
. ' o
241 WHERE o.auth_option_id = p.auth_option_id
242 AND p.role_id = ' . $options_from . '
243 ORDER BY p.auth_option_id';
244 $result = $db->sql_query($sql);
246 $auth_options = array();
247 while ($row = $db->sql_fetchrow($result))
249 $auth_options[$row['auth_option']] = $row['auth_setting'];
251 $db->sql_freeresult($result);
255 $sql = 'SELECT auth_option_id, auth_option
256 FROM ' . ACL_OPTIONS_TABLE
. "
257 WHERE auth_option " . $db->sql_like_expression($permission_type . $db->any_char
) . "
258 AND auth_option <> '{$permission_type}'
259 ORDER BY auth_option_id";
260 $result = $db->sql_query($sql);
262 $auth_options = array();
263 while ($row = $db->sql_fetchrow($result))
265 $auth_options[$row['auth_option']] = phpbb
::ACL_NO
;
267 $db->sql_freeresult($result);
274 if ($action == 'edit')
278 trigger_error($user->lang
['NO_ROLE_SELECTED'] . adm_back_link($this->u_action
), E_USER_WARNING
);
282 FROM ' . ACL_ROLES_TABLE
. '
283 WHERE role_id = ' . $role_id;
284 $result = $db->sql_query($sql);
285 $role_row = $db->sql_fetchrow($result);
286 $db->sql_freeresult($result);
288 $sql = 'SELECT p.auth_option_id, p.auth_setting, o.auth_option
289 FROM ' . ACL_ROLES_DATA_TABLE
. ' p, ' . ACL_OPTIONS_TABLE
. ' o
290 WHERE o.auth_option_id = p.auth_option_id
291 AND p.role_id = ' . $role_id . '
292 ORDER BY p.auth_option_id';
293 $result = $db->sql_query($sql);
295 $auth_options = array();
296 while ($row = $db->sql_fetchrow($result))
298 $auth_options[$row['auth_option']] = $row['auth_setting'];
300 $db->sql_freeresult($result);
305 trigger_error($user->lang
['NO_ROLE_SELECTED'] . adm_back_link($this->u_action
), E_USER_WARNING
);
308 $template->assign_vars(array(
311 'U_ACTION' => $this->u_action
. "&action={$action}&role_id={$role_id}",
312 'U_BACK' => $this->u_action
,
314 'ROLE_NAME' => $role_row['role_name'],
315 'ROLE_DESCRIPTION' => $role_row['role_description'],
316 'L_ACL_TYPE' => $user->lang
['ACL_TYPE_' . strtoupper($permission_type)],
320 // We need to fill the auth options array with ACL_NO options ;)
321 $sql = 'SELECT auth_option_id, auth_option
322 FROM ' . ACL_OPTIONS_TABLE
. "
323 WHERE auth_option " . $db->sql_like_expression($permission_type . $db->any_char
) . "
324 AND auth_option <> '{$permission_type}'
325 ORDER BY auth_option_id";
326 $result = $db->sql_query($sql);
328 while ($row = $db->sql_fetchrow($result))
330 if (!isset($auth_options[$row['auth_option']]))
332 $auth_options[$row['auth_option']] = phpbb
::ACL_NO
;
335 $db->sql_freeresult($result);
337 // Unset global permission option
338 unset($auth_options[$permission_type]);
340 // Display auth options
341 $this->display_auth_options($auth_options);
343 // Get users/groups/forums using this preset...
344 if ($action == 'edit')
346 $hold_ary = $auth_admin->get_role_mask($role_id);
348 if (sizeof($hold_ary))
350 $role_name = (!empty($user->lang
[$role_row['role_name']])) ?
$user->lang
[$role_row['role_name']] : $role_row['role_name'];
352 $template->assign_vars(array(
353 'S_DISPLAY_ROLE_MASK' => true,
354 'L_ROLE_ASSIGNED_TO' => sprintf($user->lang
['ROLE_ASSIGNED_TO'], $role_name))
357 $auth_admin->display_role_mask($hold_ary);
367 $order = request_var('order', 0);
368 $order_total = $order * 2 +
(($action == 'move_up') ?
-1 : 1);
370 $sql = 'UPDATE ' . ACL_ROLES_TABLE
. '
371 SET role_order = ' . $order_total . " - role_order
372 WHERE role_type = '" . $db->sql_escape($permission_type) . "'
373 AND role_order IN ($order, " . (($action == 'move_up') ?
$order - 1 : $order +
1) . ')';
374 $db->sql_query($sql);
379 // By default, check that role_order is valid and fix it if necessary
380 $sql = 'SELECT role_id, role_order
381 FROM ' . ACL_ROLES_TABLE
. "
382 WHERE role_type = '" . $db->sql_escape($permission_type) . "'
383 ORDER BY role_order ASC";
384 $result = $db->sql_query($sql);
386 if ($row = $db->sql_fetchrow($result))
392 if ($row['role_order'] != $order)
394 $db->sql_query('UPDATE ' . ACL_ROLES_TABLE
. " SET role_order = $order WHERE role_id = {$row['role_id']}");
397 while ($row = $db->sql_fetchrow($result));
399 $db->sql_freeresult($result);
401 // Display assigned items?
402 $display_item = request_var('display_item', 0);
404 // Select existing roles
406 FROM ' . ACL_ROLES_TABLE
. "
407 WHERE role_type = '" . $db->sql_escape($permission_type) . "'
408 ORDER BY role_order ASC";
409 $result = $db->sql_query($sql);
411 $s_role_options = '';
412 while ($row = $db->sql_fetchrow($result))
414 $role_name = (!empty($user->lang
[$row['role_name']])) ?
$user->lang
[$row['role_name']] : $row['role_name'];
416 $template->assign_block_vars('roles', array(
417 'ROLE_NAME' => $role_name,
418 'ROLE_DESCRIPTION' => (!empty($user->lang
[$row['role_description']])) ?
$user->lang
[$row['role_description']] : nl2br($row['role_description']),
420 'U_EDIT' => $this->u_action
. '&action=edit&role_id=' . $row['role_id'],
421 'U_REMOVE' => $this->u_action
. '&action=remove&role_id=' . $row['role_id'],
422 'U_MOVE_UP' => $this->u_action
. '&action=move_up&order=' . $row['role_order'],
423 'U_MOVE_DOWN' => $this->u_action
. '&action=move_down&order=' . $row['role_order'],
424 'U_DISPLAY_ITEMS' => ($row['role_id'] == $display_item) ?
'' : $this->u_action
. '&display_item=' . $row['role_id'] . '#assigned_to')
427 $s_role_options .= '<option value="' . $row['role_id'] . '">' . $role_name . '</option>';
429 if ($display_item == $row['role_id'])
431 $template->assign_vars(array(
432 'L_ROLE_ASSIGNED_TO' => sprintf($user->lang
['ROLE_ASSIGNED_TO'], $role_name))
436 $db->sql_freeresult($result);
438 $template->assign_vars(array(
439 'S_ROLE_OPTIONS' => $s_role_options)
444 $template->assign_vars(array(
445 'S_DISPLAY_ROLE_MASK' => true)
448 $hold_ary = $auth_admin->get_role_mask($display_item);
449 $auth_admin->display_role_mask($hold_ary);
454 * Display permission settings able to be set
456 function display_auth_options($auth_options)
458 global $template, $user;
460 $content_array = $categories = array();
461 $key_sort_array = array(0);
462 $auth_options = array(0 => $auth_options);
464 // Making use of auth_admin method here (we do not really want to change two similar code fragments)
465 auth_admin
::build_permission_array($auth_options, $content_array, $categories, $key_sort_array);
467 $content_array = $content_array[0];
469 $template->assign_var('S_NUM_PERM_COLS', sizeof($categories));
471 // Assign to template
472 foreach ($content_array as $cat => $cat_array)
474 $template->assign_block_vars('auth', array(
475 'CAT_NAME' => $user->lang
['permission_cat'][$cat],
477 'S_YES' => ($cat_array['S_YES'] && !$cat_array['S_NEVER'] && !$cat_array['S_NO']) ?
true : false,
478 'S_NEVER' => ($cat_array['S_NEVER'] && !$cat_array['S_YES'] && !$cat_array['S_NO']) ?
true : false,
479 'S_NO' => ($cat_array['S_NO'] && !$cat_array['S_NEVER'] && !$cat_array['S_YES']) ?
true : false)
482 foreach ($cat_array['permissions'] as $permission => $allowed)
484 $template->assign_block_vars('auth.mask', array(
485 'S_YES' => ($allowed == phpbb
::ACL_YES
) ?
true : false,
486 'S_NEVER' => ($allowed == phpbb
::ACL_NEVER
) ?
true : false,
487 'S_NO' => ($allowed == phpbb
::ACL_NO
) ?
true : false,
489 'FIELD_NAME' => $permission,
490 'PERMISSION' => $user->lang
['acl_' . $permission]['lang'])
499 function remove_role($role_id, $permission_type)
503 $auth_admin = new auth_admin();
505 // Get complete auth array
506 $sql = 'SELECT auth_option, auth_option_id
507 FROM ' . ACL_OPTIONS_TABLE
. "
508 WHERE auth_option " . $db->sql_like_expression($permission_type . $db->any_char
);
509 $result = $db->sql_query($sql);
511 $auth_settings = array();
512 while ($row = $db->sql_fetchrow($result))
514 $auth_settings[$row['auth_option']] = phpbb
::ACL_NO
;
516 $db->sql_freeresult($result);
518 // Get the role auth settings we need to re-set...
519 $sql = 'SELECT o.auth_option, r.auth_setting
520 FROM ' . ACL_ROLES_DATA_TABLE
. ' r, ' . ACL_OPTIONS_TABLE
. ' o
521 WHERE o.auth_option_id = r.auth_option_id
522 AND r.role_id = ' . $role_id;
523 $result = $db->sql_query($sql);
525 while ($row = $db->sql_fetchrow($result))
527 $auth_settings[$row['auth_option']] = $row['auth_setting'];
529 $db->sql_freeresult($result);
531 // Get role assignments
532 $hold_ary = $auth_admin->get_role_mask($role_id);
534 // Re-assign permissions
535 foreach ($hold_ary as $forum_id => $forum_ary)
537 if (isset($forum_ary['users']))
539 $auth_admin->acl_set('user', $forum_id, $forum_ary['users'], $auth_settings, 0, false);
542 if (isset($forum_ary['groups']))
544 $auth_admin->acl_set('group', $forum_id, $forum_ary['groups'], $auth_settings, 0, false);
548 // Remove role from users and groups just to be sure (happens through acl_set)
549 $sql = 'DELETE FROM ' . ACL_USERS_TABLE
. '
550 WHERE auth_role_id = ' . $role_id;
551 $db->sql_query($sql);
553 $sql = 'DELETE FROM ' . ACL_GROUPS_TABLE
. '
554 WHERE auth_role_id = ' . $role_id;
555 $db->sql_query($sql);
557 // Remove role data and role
558 $sql = 'DELETE FROM ' . ACL_ROLES_DATA_TABLE
. '
559 WHERE role_id = ' . $role_id;
560 $db->sql_query($sql);
562 $sql = 'DELETE FROM ' . ACL_ROLES_TABLE
. '
563 WHERE role_id = ' . $role_id;
564 $db->sql_query($sql);
566 $auth_admin->acl_clear_prefetch();