search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
replace constants with class constants.
[phpbb.git] / phpBB / modules / acp / acp_permission_roles.php
blob00bdcedcc6f571f975b3c3722714635933fdc2d7
1 <?php
2 /**
3 *
4 * @package acp
5 * @version $Id$
6 * @copyright (c) 2005 phpBB Group
7 * @license http://opensource.org/licenses/gpl-license.php GNU Public License
8 *
9 */
10
11 /**
12 * @ignore
13 */
14 if (!defined('IN_PHPBB'))
15 {
16 exit;
17 }
18
19 /**
20 * @package acp
21 */
22 class acp_permission_roles
23 {
24 var $u_action;
25
26 function main($id, $mode)
27 {
28 global $db, $user, $auth, $template, $cache, $config;
29
30 include_once(PHPBB_ROOT_PATH . 'includes/functions_user.' . PHP_EXT);
31 include_once(PHPBB_ROOT_PATH . 'includes/acp/auth.' . PHP_EXT);
32
33 $auth_admin = new auth_admin();
34
35 $user->add_lang('acp/permissions');
36 add_permission_language();
37
38 $this->tpl_name = 'acp_permission_roles';
39
40 $submit = phpbb_request::is_set_post('submit');
41 $role_id = request_var('role_id', 0);
42 $action = request_var('action', '');
43 $action = (phpbb_request::is_set_post('add')) ? 'add' : $action;
44
45 $form_name = 'acp_permissions';
46 add_form_key($form_name);
47
48 switch ($mode)
49 {
50 case 'admin_roles':
51 $permission_type = 'a_';
52 $this->page_title = 'ACP_ADMIN_ROLES';
53 break;
54
55 case 'user_roles':
56 $permission_type = 'u_';
57 $this->page_title = 'ACP_USER_ROLES';
58 break;
59
60 case 'mod_roles':
61 $permission_type = 'm_';
62 $this->page_title = 'ACP_MOD_ROLES';
63 break;
64
65 case 'forum_roles':
66 $permission_type = 'f_';
67 $this->page_title = 'ACP_FORUM_ROLES';
68 break;
69
70 default:
71 trigger_error('NO_MODE', E_USER_ERROR);
72 break;
73 }
74
75 $template->assign_vars(array(
76 'L_TITLE' => $user->lang[$this->page_title],
77 'L_EXPLAIN' => $user->lang[$this->page_title . '_EXPLAIN'])
78 );
79
80 // Take action... admin submitted something
81 if ($submit || $action == 'remove')
82 {
83 switch ($action)
84 {
85 case 'remove':
86
87 if (!$role_id)
88 {
89 trigger_error($user->lang['NO_ROLE_SELECTED'] . adm_back_link($this->u_action), E_USER_WARNING);
90 }
91
92 $sql = 'SELECT *
93 FROM ' . ACL_ROLES_TABLE . '
94 WHERE role_id = ' . $role_id;
95 $result = $db->sql_query($sql);
96 $role_row = $db->sql_fetchrow($result);
97 $db->sql_freeresult($result);
98
99 if (!$role_row)
100 {
101 trigger_error($user->lang['NO_ROLE_SELECTED'] . adm_back_link($this->u_action), E_USER_WARNING);
102 }
103
104 if (confirm_box(true))
105 {
106 $this->remove_role($role_id, $permission_type);
107
108 $role_name = (!empty($user->lang[$role_row['role_name']])) ? $user->lang[$role_row['role_name']] : $role_row['role_name'];
109 add_log('admin', 'LOG_' . strtoupper($permission_type) . 'ROLE_REMOVED', $role_name);
110 trigger_error($user->lang['ROLE_DELETED'] . adm_back_link($this->u_action));
111 }
112 else
113 {
114 confirm_box(false, 'DELETE_ROLE', build_hidden_fields(array(
115 'i' => $id,
116 'mode' => $mode,
117 'role_id' => $role_id,
118 'action' => $action,
119 )));
120 }
121
122 break;
123
124 case 'edit':
125 if (!$role_id)
126 {
127 trigger_error($user->lang['NO_ROLE_SELECTED'] . adm_back_link($this->u_action), E_USER_WARNING);
128 }
129
130 // Get role we edit
131 $sql = 'SELECT *
132 FROM ' . ACL_ROLES_TABLE . '
133 WHERE role_id = ' . $role_id;
134 $result = $db->sql_query($sql);
135 $role_row = $db->sql_fetchrow($result);
136 $db->sql_freeresult($result);
137
138 if (!$role_row)
139 {
140 trigger_error($user->lang['NO_ROLE_SELECTED'] . adm_back_link($this->u_action), E_USER_WARNING);
141 }
142
143 // no break;
144
145 case 'add':
146
147 if (!check_form_key($form_name))
148 {
149 trigger_error($user->lang['FORM_INVALID']. adm_back_link($this->u_action), E_USER_WARNING);
150 }
151
152 $role_name = utf8_normalize_nfc(request_var('role_name', '', true));
153 $role_description = utf8_normalize_nfc(request_var('role_description', '', true));
154 $auth_settings = request_var('setting', array('' => 0));
155
156 if (!$role_name)
157 {
158 trigger_error($user->lang['NO_ROLE_NAME_SPECIFIED'] . adm_back_link($this->u_action), E_USER_WARNING);
159 }
160
161 if (utf8_strlen($role_description) > 4000)
162 {
163 trigger_error($user->lang['ROLE_DESCRIPTION_LONG'] . adm_back_link($this->u_action), E_USER_WARNING);
164 }
165
166 // if we add/edit a role we check the name to be unique among the settings...
167 $sql = 'SELECT role_id
168 FROM ' . ACL_ROLES_TABLE . "
169 WHERE role_type = '" . $db->sql_escape($permission_type) . "'
170 AND role_name = '" . $db->sql_escape($role_name) . "'";
171 $result = $db->sql_query($sql);
172 $row = $db->sql_fetchrow($result);
173 $db->sql_freeresult($result);
174
175 // Make sure we only print out the error if we add the role or change it's name
176 if ($row && ($mode == 'add' || ($mode == 'edit' && $role_row['role_name'] != $role_name)))
177 {
178 trigger_error(sprintf($user->lang['ROLE_NAME_ALREADY_EXIST'], $role_name) . adm_back_link($this->u_action), E_USER_WARNING);
179 }
180
181 $sql_ary = array(
182 'role_name' => (string) $role_name,
183 'role_description' => (string) $role_description,
184 'role_type' => (string) $permission_type,
185 );
186
187 if ($action == 'edit')
188 {
189 $sql = 'UPDATE ' . ACL_ROLES_TABLE . '
190 SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
191 WHERE role_id = ' . $role_id;
192 $db->sql_query($sql);
193 }
194 else
195 {
196 // Get maximum role order for inserting a new role...
197 $sql = 'SELECT MAX(role_order) as max_order
198 FROM ' . ACL_ROLES_TABLE . "
199 WHERE role_type = '" . $db->sql_escape($permission_type) . "'";
200 $result = $db->sql_query($sql);
201 $max_order = (int) $db->sql_fetchfield('max_order');
202 $db->sql_freeresult($result);
203
204 $sql_ary['role_order'] = $max_order + 1;
205
206 $sql = 'INSERT INTO ' . ACL_ROLES_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary);
207 $db->sql_query($sql);
208
209 $role_id = $db->sql_nextid();
210 }
211
212 // Now add the auth settings
213 $auth_admin->acl_set_role($role_id, $auth_settings);
214
215 $role_name = (!empty($user->lang[$role_name])) ? $user->lang[$role_name] : $role_name;
216 add_log('admin', 'LOG_' . strtoupper($permission_type) . 'ROLE_' . strtoupper($action), $role_name);
217
218 trigger_error($user->lang['ROLE_' . strtoupper($action) . '_SUCCESS'] . adm_back_link($this->u_action));
219
220 break;
221 }
222 }
223
224 // Display screens
225 switch ($action)
226 {
227 case 'add':
228
229 $options_from = request_var('options_from', 0);
230
231 $role_row = array(
232 'role_name' => utf8_normalize_nfc(request_var('role_name', '', true)),
233 'role_description' => utf8_normalize_nfc(request_var('role_description', '', true)),
234 'role_type' => $permission_type,
235 );
236
237 if ($options_from)
238 {
239 $sql = 'SELECT p.auth_option_id, p.auth_setting, o.auth_option
240 FROM ' . ACL_ROLES_DATA_TABLE . ' p, ' . ACL_OPTIONS_TABLE . ' o
241 WHERE o.auth_option_id = p.auth_option_id
242 AND p.role_id = ' . $options_from . '
243 ORDER BY p.auth_option_id';
244 $result = $db->sql_query($sql);
245
246 $auth_options = array();
247 while ($row = $db->sql_fetchrow($result))
248 {
249 $auth_options[$row['auth_option']] = $row['auth_setting'];
250 }
251 $db->sql_freeresult($result);
252 }
253 else
254 {
255 $sql = 'SELECT auth_option_id, auth_option
256 FROM ' . ACL_OPTIONS_TABLE . "
257 WHERE auth_option " . $db->sql_like_expression($permission_type . $db->any_char) . "
258 AND auth_option <> '{$permission_type}'
259 ORDER BY auth_option_id";
260 $result = $db->sql_query($sql);
261
262 $auth_options = array();
263 while ($row = $db->sql_fetchrow($result))
264 {
265 $auth_options[$row['auth_option']] = phpbb::ACL_NO;
266 }
267 $db->sql_freeresult($result);
268 }
269
270 // no break;
271
272 case 'edit':
273
274 if ($action == 'edit')
275 {
276 if (!$role_id)
277 {
278 trigger_error($user->lang['NO_ROLE_SELECTED'] . adm_back_link($this->u_action), E_USER_WARNING);
279 }
280
281 $sql = 'SELECT *
282 FROM ' . ACL_ROLES_TABLE . '
283 WHERE role_id = ' . $role_id;
284 $result = $db->sql_query($sql);
285 $role_row = $db->sql_fetchrow($result);
286 $db->sql_freeresult($result);
287
288 $sql = 'SELECT p.auth_option_id, p.auth_setting, o.auth_option
289 FROM ' . ACL_ROLES_DATA_TABLE . ' p, ' . ACL_OPTIONS_TABLE . ' o
290 WHERE o.auth_option_id = p.auth_option_id
291 AND p.role_id = ' . $role_id . '
292 ORDER BY p.auth_option_id';
293 $result = $db->sql_query($sql);
294
295 $auth_options = array();
296 while ($row = $db->sql_fetchrow($result))
297 {
298 $auth_options[$row['auth_option']] = $row['auth_setting'];
299 }
300 $db->sql_freeresult($result);
301 }
302
303 if (!$role_row)
304 {
305 trigger_error($user->lang['NO_ROLE_SELECTED'] . adm_back_link($this->u_action), E_USER_WARNING);
306 }
307
308 $template->assign_vars(array(
309 'S_EDIT' => true,
310
311 'U_ACTION' => $this->u_action . "&amp;action={$action}&amp;role_id={$role_id}",
312 'U_BACK' => $this->u_action,
313
314 'ROLE_NAME' => $role_row['role_name'],
315 'ROLE_DESCRIPTION' => $role_row['role_description'],
316 'L_ACL_TYPE' => $user->lang['ACL_TYPE_' . strtoupper($permission_type)],
317 )
318 );
319
320 // We need to fill the auth options array with ACL_NO options ;)
321 $sql = 'SELECT auth_option_id, auth_option
322 FROM ' . ACL_OPTIONS_TABLE . "
323 WHERE auth_option " . $db->sql_like_expression($permission_type . $db->any_char) . "
324 AND auth_option <> '{$permission_type}'
325 ORDER BY auth_option_id";
326 $result = $db->sql_query($sql);
327
328 while ($row = $db->sql_fetchrow($result))
329 {
330 if (!isset($auth_options[$row['auth_option']]))
331 {
332 $auth_options[$row['auth_option']] = phpbb::ACL_NO;
333 }
334 }
335 $db->sql_freeresult($result);
336
337 // Unset global permission option
338 unset($auth_options[$permission_type]);
339
340 // Display auth options
341 $this->display_auth_options($auth_options);
342
343 // Get users/groups/forums using this preset...
344 if ($action == 'edit')
345 {
346 $hold_ary = $auth_admin->get_role_mask($role_id);
347
348 if (sizeof($hold_ary))
349 {
350 $role_name = (!empty($user->lang[$role_row['role_name']])) ? $user->lang[$role_row['role_name']] : $role_row['role_name'];
351
352 $template->assign_vars(array(
353 'S_DISPLAY_ROLE_MASK' => true,
354 'L_ROLE_ASSIGNED_TO' => sprintf($user->lang['ROLE_ASSIGNED_TO'], $role_name))
355 );
356
357 $auth_admin->display_role_mask($hold_ary);
358 }
359 }
360
361 return;
362 break;
363
364 case 'move_up':
365 case 'move_down':
366
367 $order = request_var('order', 0);
368 $order_total = $order * 2 + (($action == 'move_up') ? -1 : 1);
369
370 $sql = 'UPDATE ' . ACL_ROLES_TABLE . '
371 SET role_order = ' . $order_total . " - role_order
372 WHERE role_type = '" . $db->sql_escape($permission_type) . "'
373 AND role_order IN ($order, " . (($action == 'move_up') ? $order - 1 : $order + 1) . ')';
374 $db->sql_query($sql);
375
376 break;
377 }
378
379 // By default, check that role_order is valid and fix it if necessary
380 $sql = 'SELECT role_id, role_order
381 FROM ' . ACL_ROLES_TABLE . "
382 WHERE role_type = '" . $db->sql_escape($permission_type) . "'
383 ORDER BY role_order ASC";
384 $result = $db->sql_query($sql);
385
386 if ($row = $db->sql_fetchrow($result))
387 {
388 $order = 0;
389 do
390 {
391 $order++;
392 if ($row['role_order'] != $order)
393 {
394 $db->sql_query('UPDATE ' . ACL_ROLES_TABLE . " SET role_order = $order WHERE role_id = {$row['role_id']}");
395 }
396 }
397 while ($row = $db->sql_fetchrow($result));
398 }
399 $db->sql_freeresult($result);
400
401 // Display assigned items?
402 $display_item = request_var('display_item', 0);
403
404 // Select existing roles
405 $sql = 'SELECT *
406 FROM ' . ACL_ROLES_TABLE . "
407 WHERE role_type = '" . $db->sql_escape($permission_type) . "'
408 ORDER BY role_order ASC";
409 $result = $db->sql_query($sql);
410
411 $s_role_options = '';
412 while ($row = $db->sql_fetchrow($result))
413 {
414 $role_name = (!empty($user->lang[$row['role_name']])) ? $user->lang[$row['role_name']] : $row['role_name'];
415
416 $template->assign_block_vars('roles', array(
417 'ROLE_NAME' => $role_name,
418 'ROLE_DESCRIPTION' => (!empty($user->lang[$row['role_description']])) ? $user->lang[$row['role_description']] : nl2br($row['role_description']),
419
420 'U_EDIT' => $this->u_action . '&amp;action=edit&amp;role_id=' . $row['role_id'],
421 'U_REMOVE' => $this->u_action . '&amp;action=remove&amp;role_id=' . $row['role_id'],
422 'U_MOVE_UP' => $this->u_action . '&amp;action=move_up&amp;order=' . $row['role_order'],
423 'U_MOVE_DOWN' => $this->u_action . '&amp;action=move_down&amp;order=' . $row['role_order'],
424 'U_DISPLAY_ITEMS' => ($row['role_id'] == $display_item) ? '' : $this->u_action . '&amp;display_item=' . $row['role_id'] . '#assigned_to')
425 );
426
427 $s_role_options .= '<option value="' . $row['role_id'] . '">' . $role_name . '</option>';
428
429 if ($display_item == $row['role_id'])
430 {
431 $template->assign_vars(array(
432 'L_ROLE_ASSIGNED_TO' => sprintf($user->lang['ROLE_ASSIGNED_TO'], $role_name))
433 );
434 }
435 }
436 $db->sql_freeresult($result);
437
438 $template->assign_vars(array(
439 'S_ROLE_OPTIONS' => $s_role_options)
440 );
441
442 if ($display_item)
443 {
444 $template->assign_vars(array(
445 'S_DISPLAY_ROLE_MASK' => true)
446 );
447
448 $hold_ary = $auth_admin->get_role_mask($display_item);
449 $auth_admin->display_role_mask($hold_ary);
450 }
451 }
452
453 /**
454 * Display permission settings able to be set
455 */
456 function display_auth_options($auth_options)
457 {
458 global $template, $user;
459
460 $content_array = $categories = array();
461 $key_sort_array = array(0);
462 $auth_options = array(0 => $auth_options);
463
464 // Making use of auth_admin method here (we do not really want to change two similar code fragments)
465 auth_admin::build_permission_array($auth_options, $content_array, $categories, $key_sort_array);
466
467 $content_array = $content_array[0];
468
469 $template->assign_var('S_NUM_PERM_COLS', sizeof($categories));
470
471 // Assign to template
472 foreach ($content_array as $cat => $cat_array)
473 {
474 $template->assign_block_vars('auth', array(
475 'CAT_NAME' => $user->lang['permission_cat'][$cat],
476
477 'S_YES' => ($cat_array['S_YES'] && !$cat_array['S_NEVER'] && !$cat_array['S_NO']) ? true : false,
478 'S_NEVER' => ($cat_array['S_NEVER'] && !$cat_array['S_YES'] && !$cat_array['S_NO']) ? true : false,
479 'S_NO' => ($cat_array['S_NO'] && !$cat_array['S_NEVER'] && !$cat_array['S_YES']) ? true : false)
480 );
481
482 foreach ($cat_array['permissions'] as $permission => $allowed)
483 {
484 $template->assign_block_vars('auth.mask', array(
485 'S_YES' => ($allowed == phpbb::ACL_YES) ? true : false,
486 'S_NEVER' => ($allowed == phpbb::ACL_NEVER) ? true : false,
487 'S_NO' => ($allowed == phpbb::ACL_NO) ? true : false,
488
489 'FIELD_NAME' => $permission,
490 'PERMISSION' => $user->lang['acl_' . $permission]['lang'])
491 );
492 }
493 }
494 }
495
496 /**
497 * Remove role
498 */
499 function remove_role($role_id, $permission_type)
500 {
501 global $db;
502
503 $auth_admin = new auth_admin();
504
505 // Get complete auth array
506 $sql = 'SELECT auth_option, auth_option_id
507 FROM ' . ACL_OPTIONS_TABLE . "
508 WHERE auth_option " . $db->sql_like_expression($permission_type . $db->any_char);
509 $result = $db->sql_query($sql);
510
511 $auth_settings = array();
512 while ($row = $db->sql_fetchrow($result))
513 {
514 $auth_settings[$row['auth_option']] = phpbb::ACL_NO;
515 }
516 $db->sql_freeresult($result);
517
518 // Get the role auth settings we need to re-set...
519 $sql = 'SELECT o.auth_option, r.auth_setting
520 FROM ' . ACL_ROLES_DATA_TABLE . ' r, ' . ACL_OPTIONS_TABLE . ' o
521 WHERE o.auth_option_id = r.auth_option_id
522 AND r.role_id = ' . $role_id;
523 $result = $db->sql_query($sql);
524
525 while ($row = $db->sql_fetchrow($result))
526 {
527 $auth_settings[$row['auth_option']] = $row['auth_setting'];
528 }
529 $db->sql_freeresult($result);
530
531 // Get role assignments
532 $hold_ary = $auth_admin->get_role_mask($role_id);
533
534 // Re-assign permissions
535 foreach ($hold_ary as $forum_id => $forum_ary)
536 {
537 if (isset($forum_ary['users']))
538 {
539 $auth_admin->acl_set('user', $forum_id, $forum_ary['users'], $auth_settings, 0, false);
540 }
541
542 if (isset($forum_ary['groups']))
543 {
544 $auth_admin->acl_set('group', $forum_id, $forum_ary['groups'], $auth_settings, 0, false);
545 }
546 }
547
548 // Remove role from users and groups just to be sure (happens through acl_set)
549 $sql = 'DELETE FROM ' . ACL_USERS_TABLE . '
550 WHERE auth_role_id = ' . $role_id;
551 $db->sql_query($sql);
552
553 $sql = 'DELETE FROM ' . ACL_GROUPS_TABLE . '
554 WHERE auth_role_id = ' . $role_id;
555 $db->sql_query($sql);
556
557 // Remove role data and role
558 $sql = 'DELETE FROM ' . ACL_ROLES_DATA_TABLE . '
559 WHERE role_id = ' . $role_id;
560 $db->sql_query($sql);
561
562 $sql = 'DELETE FROM ' . ACL_ROLES_TABLE . '
563 WHERE role_id = ' . $role_id;
564 $db->sql_query($sql);
565
566 $auth_admin->acl_clear_prefetch();
567 }
568 }
569
570 ?>
phpbb is a php-based BBS (buletin board system)