Menu
▾
▴
[Phpbb-checkins] r9185 [2/4] - in /branches/acydburn/phpBB/includes: acm/index.php acp/auth.php auth.php auth/auth_db.php auth/db.php classes/acl.php classes/acl_admin.php classes/session.php classes/user.php core/core_security.php core/core_url.php session.php
|
From: Meik S. <acy...@ph...> - 2008-12-11 17:42:53
|
Added: branches/acydburn/phpBB/includes/classes/acl.php ============================================================================== *** branches/acydburn/phpBB/includes/classes/acl.php (added) --- branches/acydburn/phpBB/includes/classes/acl.php Thu Dec 11 17:39:51 2008 *************** *** 0 **** --- 1,924 ---- + <?php + /** + * + * @package phpBB3 + * @version $Id$ + * @copyright (c) 2005 phpBB Group + * @license http://opensource.org/licenses/gpl-license.php GNU Public License + * + */ + + /** + * @ignore + */ + if (!defined('IN_PHPBB')) + { + exit; + } + + /** + * Permission/ACL class + * @package phpBB3 + */ + class phpbb_acl + { + private $acl = array(); + private $cache = array(); + public $acl_options = array(); + private $acl_element_ids = false; + private $recache = false; + + public function __construct() + { + $this->acl = $this->cache = $this->acl_options = array(); + $this->acl_element_ids = false; + + if (($this->acl_options = phpbb::$acm->get('acl_options')) === false) + { + $sql = 'SELECT auth_option_id, auth_option, is_global, is_local + FROM ' . ACL_OPTIONS_TABLE . ' + ORDER BY auth_option_id'; + $result = phpbb::$db->sql_query($sql); + + $global = $local = 0; + $this->acl_options = array(); + + while ($row = phpbb::$db->sql_fetchrow($result)) + { + if ($row['is_global']) + { + $this->acl_options['global'][$row['auth_option']] = $global++; + } + + if ($row['is_local']) + { + $this->acl_options['local'][$row['auth_option']] = $local++; + } + + $this->acl_options['id'][$row['auth_option']] = (int) $row['auth_option_id']; + $this->acl_options['option'][(int) $row['auth_option_id']] = $row['auth_option']; + } + phpbb::$db->sql_freeresult($result); + + phpbb::$acm->put('acl_options', $this->acl_options); + $this->recache = true; + } + } + + /** + * Init permissions + */ + public function init(array &$userdata) + { + if (!trim($userdata['user_permissions']) || $this->recache) + { + $this->acl_cache($userdata); + } + + // Fill ACL array + $this->_fill_acl($userdata['user_permissions']); + + // Verify bitstring length with options provided... + $renew = false; + $global_length = sizeof($this->acl_options['global']); + $local_length = sizeof($this->acl_options['local']); + + // Specify comparing length (bitstring is padded to 31 bits) + $global_length = ($global_length % 31) ? ($global_length - ($global_length % 31) + 31) : $global_length; + $local_length = ($local_length % 31) ? ($local_length - ($local_length % 31) + 31) : $local_length; + + // You thought we are finished now? Noooo... now compare them. + foreach ($this->acl as $forum_id => $bitstring) + { + if (($forum_id && strlen($bitstring) != $local_length) || (!$forum_id && strlen($bitstring) != $global_length)) + { + $renew = true; + break; + } + } + + // If a bitstring within the list does not match the options, we have a user with incorrect permissions set and need to renew them + if ($renew) + { + $this->acl_cache($userdata); + $this->_fill_acl($userdata['user_permissions']); + } + + return; + } + + /** + * Fill ACL array with relevant bitstrings from user_permissions column + * @access private + */ + private function _fill_acl($user_permissions) + { + $this->acl = array(); + $user_permissions = explode("\n", $user_permissions); + + foreach ($user_permissions as $f => $seq) + { + if ($seq) + { + $i = 0; + + if (!isset($this->acl[$f])) + { + $this->acl[$f] = ''; + } + + while ($subseq = substr($seq, $i, 6)) + { + // We put the original bitstring into the acl array + $this->acl[$f] .= str_pad(base_convert($subseq, 36, 2), 31, 0, STR_PAD_LEFT); + $i += 6; + } + } + } + } + + /** + * Look up an option + * if the option is prefixed with !, then the result becomes negated + * + * If a forum id is specified the local option will be combined with a global option if one exist. + * If a forum id is not specified, only the global option will be checked. + */ + public function acl_get($opt, $f = 0) + { + $negate = false; + + if (strpos($opt, '!') === 0) + { + $negate = true; + $opt = substr($opt, 1); + } + + if (!isset($this->cache[$f][$opt])) + { + // We combine the global/local option with an OR because some options are global and local. + // If the user has the global permission the local one is true too and vice versa + $this->cache[$f][$opt] = false; + + // Is this option a global permission setting? + if (isset($this->acl_options['global'][$opt])) + { + if (isset($this->acl[0])) + { + $this->cache[$f][$opt] = $this->acl[0][$this->acl_options['global'][$opt]]; + } + } + + // Is this option a local permission setting? + // But if we check for a global option only, we won't combine the options... + if ($f != 0 && isset($this->acl_options['local'][$opt])) + { + if (isset($this->acl[$f]) && isset($this->acl[$f][$this->acl_options['local'][$opt]])) + { + $this->cache[$f][$opt] |= $this->acl[$f][$this->acl_options['local'][$opt]]; + } + } + } + + // Founder always has all global options set to true... + return $negate xor $this->cache[$f][$opt]; + } + + /** + * Get forums with the specified permission setting + * if the option is prefixed with !, then the result becomes negated + * + * @param bool $clean set to true if only values needs to be returned which are set/unset + */ + public function acl_getf($opt, $clean = false) + { + $acl_f = array(); + $negate = false; + + if (strpos($opt, '!') === 0) + { + $negate = true; + $opt = substr($opt, 1); + } + + // If we retrieve a list of forums not having permissions in, we need to get every forum_id + if ($negate) + { + if ($this->acl_forum_ids === false) + { + $sql = 'SELECT forum_id + FROM ' . FORUMS_TABLE; + + if (sizeof($this->acl)) + { + $sql .= ' WHERE ' . phpbb::$db->sql_in_set('forum_id', array_keys($this->acl), true); + } + $result = phpbb::$db->sql_query($sql); + + $this->acl_forum_ids = array(); + while ($row = phpbb::$db->sql_fetchrow($result)) + { + $this->acl_forum_ids[] = $row['forum_id']; + } + phpbb::$db->sql_freeresult($result); + } + } + + if (isset($this->acl_options['local'][$opt])) + { + foreach ($this->acl as $f => $bitstring) + { + // Skip global settings + if (!$f) + { + continue; + } + + $allowed = (!isset($this->cache[$f][$opt])) ? $this->acl_get($opt, $f) : $this->cache[$f][$opt]; + + if (!$clean) + { + $acl_f[$f][$opt] = $negate xor $allowed; + } + else if ($negate xor $allowed) + { + $acl_f[$f][$opt] = 1; + } + } + } + + // If we get forum_ids not having this permission, we need to fill the remaining parts + if ($negate && sizeof($this->acl_forum_ids)) + { + foreach ($this->acl_forum_ids as $f) + { + $acl_f[$f][$opt] = 1; + } + } + + return $acl_f; + } + + /** + * Get local permission state for any forum. + * + * Returns true if user has the permission in one or more forums, false if in no forum. + * If global option is checked it returns the global state (same as acl_get($opt)) + * Local option has precedence... + */ + public function acl_getf_global($opt) + { + if (is_array($opt)) + { + // evaluates to true as soon as acl_getf_global is true for one option + foreach ($opt as $check_option) + { + if ($this->acl_getf_global($check_option)) + { + return true; + } + } + + return false; + } + + if (isset($this->acl_options['local'][$opt])) + { + foreach ($this->acl as $f => $bitstring) + { + // Skip global settings + if (!$f) + { + continue; + } + + // as soon as the user has any permission we're done so return true + if ((!isset($this->cache[$f][$opt])) ? $this->acl_get($opt, $f) : $this->cache[$f][$opt]) + { + return true; + } + } + } + else if (isset($this->acl_options['global'][$opt])) + { + return $this->acl_get($opt); + } + + return false; + } + + /** + * Get permission settings (more than one) + */ + public function acl_gets() + { + $args = func_get_args(); + $f = array_pop($args); + + if (!is_numeric($f)) + { + $args[] = $f; + $f = 0; + } + + // alternate syntax: acl_gets(array('m_', 'a_'), $forum_id) + if (is_array($args[0])) + { + $args = $args[0]; + } + + $acl = 0; + foreach ($args as $opt) + { + $acl |= $this->acl_get($opt, $f); + } + + return $acl; + } + + /** + * Get permission listing based on user_id/options/forum_ids + */ + public function acl_get_list($user_id = false, $opts = false, $forum_id = false) + { + if ($user_id !== false && !is_array($user_id) && $opts === false && $forum_id === false) + { + $hold_ary = array($user_id => $this->acl_raw_data_single_user($user_id)); + } + else + { + $hold_ary = $this->acl_raw_data($user_id, $opts, $forum_id); + } + + $auth_ary = array(); + foreach ($hold_ary as $user_id => $forum_ary) + { + foreach ($forum_ary as $forum_id => $auth_option_ary) + { + foreach ($auth_option_ary as $auth_option => $auth_setting) + { + if ($auth_setting) + { + $auth_ary[$forum_id][$auth_option][] = $user_id; + } + } + } + } + + return $auth_ary; + } + + /** + * Cache data to user_permissions row + */ + public function acl_cache(array &$userdata) + { + // Empty user_permissions + $userdata['user_permissions'] = ''; + + $hold_ary = $this->acl_raw_data_single_user($userdata['user_id']); + + // Key 0 in $hold_ary are global options, all others are forum_ids + + // If this user is founder we're going to force fill the admin options ... + if ($userdata['user_type'] == USER_FOUNDER) + { + foreach ($this->acl_options['global'] as $opt => $id) + { + if (strpos($opt, 'a_') === 0) + { + $hold_ary[0][$this->acl_options['id'][$opt]] = ACL_YES; + } + } + } + + $hold_str = $this->build_bitstring($hold_ary); + + if ($hold_str) + { + $userdata['user_permissions'] = $hold_str; + + $sql = 'UPDATE ' . USERS_TABLE . " + SET user_permissions = '" . phpbb::$db->sql_escape($userdata['user_permissions']) . "', + user_perm_from = 0 + WHERE user_id = " . $userdata['user_id']; + phpbb::$db->sql_query($sql); + } + + return; + } + + /** + * Build bitstring from permission set + */ + protected function build_bitstring(&$hold_ary) + { + $hold_str = ''; + + if (sizeof($hold_ary)) + { + ksort($hold_ary); + + $last_f = 0; + + foreach ($hold_ary as $f => $auth_ary) + { + $ary_key = (!$f) ? 'global' : 'local'; + + $bitstring = array(); + foreach ($this->acl_options[$ary_key] as $opt => $id) + { + if (isset($auth_ary[$this->acl_options['id'][$opt]])) + { + $bitstring[$id] = $auth_ary[$this->acl_options['id'][$opt]]; + + $option_key = substr($opt, 0, strpos($opt, '_') + 1); + + // If one option is allowed, the global permission for this option has to be allowed too + // example: if the user has the a_ permission this means he has one or more a_* permissions + if ($auth_ary[$this->acl_options['id'][$opt]] == ACL_YES && (!isset($bitstring[$this->acl_options[$ary_key][$option_key]]) || $bitstring[$this->acl_options[$ary_key][$option_key]] == ACL_NEVER)) + { + $bitstring[$this->acl_options[$ary_key][$option_key]] = ACL_YES; + } + } + else + { + $bitstring[$id] = ACL_NEVER; + } + } + + // Now this bitstring defines the permission setting for the current forum $f (or global setting) + $bitstring = implode('', $bitstring); + + // The line number indicates the id, therefore we have to add empty lines for those ids not present + $hold_str .= str_repeat("\n", $f - $last_f); + + // Convert bitstring for storage - we do not use binary/bytes because PHP's string functions are not fully binary safe + for ($i = 0, $bit_length = strlen($bitstring); $i < $bit_length; $i += 31) + { + $hold_str .= str_pad(base_convert(str_pad(substr($bitstring, $i, 31), 31, 0, STR_PAD_RIGHT), 2, 36), 6, 0, STR_PAD_LEFT); + } + + $last_f = $f; + } + unset($bitstring); + + $hold_str = rtrim($hold_str); + } + + return $hold_str; + } + + /** + * Clear one or all users cached permission settings + */ + public function acl_clear_prefetch($user_id = false) + { + // Rebuild options cache + phpbb::$acm->destroy('role_cache'); + + $sql = 'SELECT * + FROM ' . ACL_ROLES_DATA_TABLE . ' + ORDER BY role_id ASC'; + $result = phpbb::$db->sql_query($sql); + + $this->role_cache = array(); + while ($row = phpbb::$db->sql_fetchrow($result)) + { + $this->role_cache[$row['role_id']][$row['auth_option_id']] = (int) $row['auth_setting']; + } + phpbb::$db->sql_freeresult($result); + + foreach ($this->role_cache as $role_id => $role_options) + { + $this->role_cache[$role_id] = serialize($role_options); + } + + phpbb::$acm->put('role_cache', $this->role_cache); + + // Now empty user permissions + $where_sql = ''; + + if ($user_id !== false) + { + $user_id = (!is_array($user_id)) ? $user_id = array((int) $user_id) : array_map('intval', $user_id); + $where_sql = ' WHERE ' . phpbb::$db->sql_in_set('user_id', $user_id); + } + + $sql = 'UPDATE ' . USERS_TABLE . " + SET user_permissions = '', + user_perm_from = 0 + $where_sql"; + phpbb::$db->sql_query($sql); + + return; + } + + /** + * Get assigned roles + * @todo: protected or public? + */ + public function acl_role_data($user_type, $role_type, $ug_id = false, $forum_id = false) + { + $roles = array(); + + $sql_id = ($user_type == 'user') ? 'user_id' : 'group_id'; + + $sql_ug = ($ug_id !== false) ? ((!is_array($ug_id)) ? "AND a.$sql_id = $ug_id" : 'AND ' . phpbb::$db->sql_in_set("a.$sql_id", $ug_id)) : ''; + $sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? "AND a.forum_id = $forum_id" : 'AND ' . phpbb::$db->sql_in_set('a.forum_id', $forum_id)) : ''; + + // Grab assigned roles... + $sql = 'SELECT a.auth_role_id, a.' . $sql_id . ', a.forum_id + FROM ' . (($user_type == 'user') ? ACL_USERS_TABLE : ACL_GROUPS_TABLE) . ' a, ' . ACL_ROLES_TABLE . " r + WHERE a.auth_role_id = r.role_id + AND r.role_type = '" . phpbb::$db->sql_escape($role_type) . "' + $sql_ug + $sql_forum + ORDER BY r.role_order ASC"; + $result = phpbb::$db->sql_query($sql); + + while ($row = phpbb::$db->sql_fetchrow($result)) + { + $roles[$row[$sql_id]][$row['forum_id']] = $row['auth_role_id']; + } + phpbb::$db->sql_freeresult($result); + + return $roles; + } + + /** + * Get raw acl data based on user/option/forum + * @todo: protected or public? + */ + public function acl_raw_data($user_id = false, $opts = false, $forum_id = false) + { + $sql_user = ($user_id !== false) ? ((!is_array($user_id)) ? 'user_id = ' . (int) $user_id : phpbb::$db->sql_in_set('user_id', array_map('intval', $user_id))) : ''; + $sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? 'AND a.forum_id = ' . (int) $forum_id : 'AND ' . phpbb::$db->sql_in_set('a.forum_id', array_map('intval', $forum_id))) : ''; + + $sql_opts = $sql_opts_select = $sql_opts_from = ''; + $hold_ary = array(); + + if ($opts !== false) + { + $sql_opts_select = ', ao.auth_option'; + $sql_opts_from = ', ' . ACL_OPTIONS_TABLE . ' ao'; + $this->build_auth_option_statement('ao.auth_option', $opts, $sql_opts); + } + + $sql_ary = array(); + + // Grab non-role settings - user-specific + $sql_ary[] = 'SELECT a.user_id, a.forum_id, a.auth_setting, a.auth_option_id' . $sql_opts_select . ' + FROM ' . ACL_USERS_TABLE . ' a' . $sql_opts_from . ' + WHERE a.auth_role_id = 0 ' . + (($sql_opts_from) ? 'AND a.auth_option_id = ao.auth_option_id ' : '') . + (($sql_user) ? 'AND a.' . $sql_user : '') . " + $sql_forum + $sql_opts"; + + // Now the role settings - user-specific + $sql_ary[] = 'SELECT a.user_id, a.forum_id, r.auth_option_id, r.auth_setting, r.auth_option_id' . $sql_opts_select . ' + FROM ' . ACL_USERS_TABLE . ' a, ' . ACL_ROLES_DATA_TABLE . ' r' . $sql_opts_from . ' + WHERE a.auth_role_id = r.role_id ' . + (($sql_opts_from) ? 'AND r.auth_option_id = ao.auth_option_id ' : '') . + (($sql_user) ? 'AND a.' . $sql_user : '') . " + $sql_forum + $sql_opts"; + + foreach ($sql_ary as $sql) + { + $result = phpbb::$db->sql_query($sql); + + while ($row = phpbb::$db->sql_fetchrow($result)) + { + $option = ($sql_opts_select) ? $row['auth_option'] : $this->acl_options['option'][$row['auth_option_id']]; + $hold_ary[$row['user_id']][$row['forum_id']][$option] = $row['auth_setting']; + } + phpbb::$db->sql_freeresult($result); + } + + $sql_ary = array(); + + // Now grab group settings - non-role specific... + $sql_ary[] = 'SELECT ug.user_id, a.forum_id, a.auth_setting, a.auth_option_id' . $sql_opts_select . ' + FROM ' . ACL_GROUPS_TABLE . ' a, ' . USER_GROUP_TABLE . ' ug' . $sql_opts_from . ' + WHERE a.auth_role_id = 0 ' . + (($sql_opts_from) ? 'AND a.auth_option_id = ao.auth_option_id ' : '') . ' + AND a.group_id = ug.group_id + AND ug.user_pending = 0 + ' . (($sql_user) ? 'AND ug.' . $sql_user : '') . " + $sql_forum + $sql_opts"; + + // Now grab group settings - role specific... + $sql_ary[] = 'SELECT ug.user_id, a.forum_id, r.auth_setting, r.auth_option_id' . $sql_opts_select . ' + FROM ' . ACL_GROUPS_TABLE . ' a, ' . USER_GROUP_TABLE . ' ug, ' . ACL_ROLES_DATA_TABLE . ' r' . $sql_opts_from . ' + WHERE a.auth_role_id = r.role_id ' . + (($sql_opts_from) ? 'AND r.auth_option_id = ao.auth_option_id ' : '') . ' + AND a.group_id = ug.group_id + AND ug.user_pending = 0 + ' . (($sql_user) ? 'AND ug.' . $sql_user : '') . " + $sql_forum + $sql_opts"; + + foreach ($sql_ary as $sql) + { + $result = phpbb::$db->sql_query($sql); + + while ($row = phpbb::$db->sql_fetchrow($result)) + { + $option = ($sql_opts_select) ? $row['auth_option'] : $this->acl_options['option'][$row['auth_option_id']]; + + // @todo: use the ref technique to reduce opcode generation + if (!isset($hold_ary[$row['user_id']][$row['forum_id']][$option]) || (isset($hold_ary[$row['user_id']][$row['forum_id']][$option]) && $hold_ary[$row['user_id']][$row['forum_id']][$option] != ACL_NEVER)) + { + $hold_ary[$row['user_id']][$row['forum_id']][$option] = $row['auth_setting']; + + // If we detect ACL_NEVER, we will unset the flag option (within building the bitstring it is correctly set again) + if ($row['auth_setting'] == ACL_NEVER) + { + $flag = substr($option, 0, strpos($option, '_') + 1); + + if (isset($hold_ary[$row['user_id']][$row['forum_id']][$flag]) && $hold_ary[$row['user_id']][$row['forum_id']][$flag] == ACL_YES) + { + unset($hold_ary[$row['user_id']][$row['forum_id']][$flag]); + + /* if (in_array(ACL_YES, $hold_ary[$row['user_id']][$row['forum_id']])) + { + $hold_ary[$row['user_id']][$row['forum_id']][$flag] = ACL_YES; + } + */ + } + } + } + } + phpbb::$db->sql_freeresult($result); + } + + return $hold_ary; + } + + /** + * Get raw user based permission settings + */ + public function acl_user_raw_data($user_id = false, $opts = false, $forum_id = false) + { + $sql_user = ($user_id !== false) ? ((!is_array($user_id)) ? 'user_id = ' . (int) $user_id : phpbb::$db->sql_in_set('user_id', array_map('intval', $user_id))) : ''; + $sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? 'AND a.forum_id = ' . (int) $forum_id : 'AND ' . phpbb::$db->sql_in_set('a.forum_id', array_map('intval', $forum_id))) : ''; + + $sql_opts = ''; + $hold_ary = $sql_ary = array(); + + if ($opts !== false) + { + $this->build_auth_option_statement('ao.auth_option', $opts, $sql_opts); + } + + // Grab user settings - non-role specific... + $sql_ary[] = 'SELECT a.user_id, a.forum_id, a.auth_setting, a.auth_option_id, ao.auth_option + FROM ' . ACL_USERS_TABLE . ' a, ' . ACL_OPTIONS_TABLE . ' ao + WHERE a.auth_role_id = 0 + AND a.auth_option_id = ao.auth_option_id ' . + (($sql_user) ? 'AND a.' . $sql_user : '') . " + $sql_forum + $sql_opts + ORDER BY a.forum_id, ao.auth_option"; + + // Now the role settings - user-specific + $sql_ary[] = 'SELECT a.user_id, a.forum_id, r.auth_option_id, r.auth_setting, r.auth_option_id, ao.auth_option + FROM ' . ACL_USERS_TABLE . ' a, ' . ACL_ROLES_DATA_TABLE . ' r, ' . ACL_OPTIONS_TABLE . ' ao + WHERE a.auth_role_id = r.role_id + AND r.auth_option_id = ao.auth_option_id ' . + (($sql_user) ? 'AND a.' . $sql_user : '') . " + $sql_forum + $sql_opts + ORDER BY a.forum_id, ao.auth_option"; + + foreach ($sql_ary as $sql) + { + $result = phpbb::$db->sql_query($sql); + + while ($row = phpbb::$db->sql_fetchrow($result)) + { + $hold_ary[$row['user_id']][$row['forum_id']][$row['auth_option']] = $row['auth_setting']; + } + phpbb::$db->sql_freeresult($result); + } + + return $hold_ary; + } + + /** + * Get raw group based permission settings + */ + public function acl_group_raw_data($group_id = false, $opts = false, $forum_id = false) + { + $sql_group = ($group_id !== false) ? ((!is_array($group_id)) ? 'group_id = ' . (int) $group_id : phpbb::$db->sql_in_set('group_id', array_map('intval', $group_id))) : ''; + $sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? 'AND a.forum_id = ' . (int) $forum_id : 'AND ' . phpbb::$db->sql_in_set('a.forum_id', array_map('intval', $forum_id))) : ''; + + $sql_opts = ''; + $hold_ary = $sql_ary = array(); + + if ($opts !== false) + { + $this->build_auth_option_statement('ao.auth_option', $opts, $sql_opts); + } + + // Grab group settings - non-role specific... + $sql_ary[] = 'SELECT a.group_id, a.forum_id, a.auth_setting, a.auth_option_id, ao.auth_option + FROM ' . ACL_GROUPS_TABLE . ' a, ' . ACL_OPTIONS_TABLE . ' ao + WHERE a.auth_role_id = 0 + AND a.auth_option_id = ao.auth_option_id ' . + (($sql_group) ? 'AND a.' . $sql_group : '') . " + $sql_forum + $sql_opts + ORDER BY a.forum_id, ao.auth_option"; + + // Now grab group settings - role specific... + $sql_ary[] = 'SELECT a.group_id, a.forum_id, r.auth_setting, r.auth_option_id, ao.auth_option + FROM ' . ACL_GROUPS_TABLE . ' a, ' . ACL_ROLES_DATA_TABLE . ' r, ' . ACL_OPTIONS_TABLE . ' ao + WHERE a.auth_role_id = r.role_id + AND r.auth_option_id = ao.auth_option_id ' . + (($sql_group) ? 'AND a.' . $sql_group : '') . " + $sql_forum + $sql_opts + ORDER BY a.forum_id, ao.auth_option"; + + foreach ($sql_ary as $sql) + { + $result = phpbb::$db->sql_query($sql); + + while ($row = phpbb::$db->sql_fetchrow($result)) + { + $hold_ary[$row['group_id']][$row['forum_id']][$row['auth_option']] = $row['auth_setting']; + } + phpbb::$db->sql_freeresult($result); + } + + return $hold_ary; + } + + /** + * Get raw acl data based on user for caching user_permissions + * This function returns the same data as acl_raw_data(), but without the user id as the first key within the array. + */ + public function acl_raw_data_single_user($user_id) + { + // Check if the role-cache is there + if (($this->role_cache = phpbb::$acm->get('role_cache')) === false) + { + $this->role_cache = array(); + + // We pre-fetch roles + $sql = 'SELECT * + FROM ' . ACL_ROLES_DATA_TABLE . ' + ORDER BY role_id ASC'; + $result = phpbb::$db->sql_query($sql); + + while ($row = phpbb::$db->sql_fetchrow($result)) + { + $this->role_cache[$row['role_id']][$row['auth_option_id']] = (int) $row['auth_setting']; + } + phpbb::$db->sql_freeresult($result); + + foreach ($this->role_cache as $role_id => $role_options) + { + $this->role_cache[$role_id] = serialize($role_options); + } + + phpbb::$acm->put('role_cache', $this->role_cache); + } + + $hold_ary = array(); + + // Grab user-specific permission settings + $sql = 'SELECT forum_id, auth_option_id, auth_role_id, auth_setting + FROM ' . ACL_USERS_TABLE . ' + WHERE user_id = ' . $user_id; + $result = phpbb::$db->sql_query($sql); + + while ($row = phpbb::$db->sql_fetchrow($result)) + { + // If a role is assigned, assign all options included within this role. Else, only set this one option. + if ($row['auth_role_id']) + { + $hold_ary[$row['forum_id']] = (empty($hold_ary[$row['forum_id']])) ? unserialize($this->role_cache[$row['auth_role_id']]) : $hold_ary[$row['forum_id']] + unserialize($this->role_cache[$row['auth_role_id']]); + } + else + { + $hold_ary[$row['forum_id']][$row['auth_option_id']] = $row['auth_setting']; + } + } + phpbb::$db->sql_freeresult($result); + + // Now grab group-specific permission settings + $sql = 'SELECT a.forum_id, a.auth_option_id, a.auth_role_id, a.auth_setting + FROM ' . ACL_GROUPS_TABLE . ' a, ' . USER_GROUP_TABLE . ' ug + WHERE a.group_id = ug.group_id + AND ug.user_pending = 0 + AND ug.user_id = ' . $user_id; + $result = phpbb::$db->sql_query($sql); + + while ($row = phpbb::$db->sql_fetchrow($result)) + { + if (!$row['auth_role_id']) + { + $this->_set_group_hold_ary($hold_ary[$row['forum_id']], $row['auth_option_id'], $row['auth_setting']); + } + else if (!empty($this->role_cache[$row['auth_role_id']])) + { + foreach (unserialize($this->role_cache[$row['auth_role_id']]) as $option_id => $setting) + { + $this->_set_group_hold_ary($hold_ary[$row['forum_id']], $option_id, $setting); + } + } + } + phpbb::$db->sql_freeresult($result); + + return $hold_ary; + } + + /** + * Private function snippet for setting a specific piece of the hold_ary + */ + private function _set_group_hold_ary(&$hold_ary, $option_id, $setting) + { + if (!isset($hold_ary[$option_id]) || (isset($hold_ary[$option_id]) && $hold_ary[$option_id] != ACL_NEVER)) + { + $hold_ary[$option_id] = $setting; + + // If we detect ACL_NEVER, we will unset the flag option (within building the bitstring it is correctly set again) + if ($setting == ACL_NEVER) + { + $flag = substr($this->acl_options['option'][$option_id], 0, strpos($this->acl_options['option'][$option_id], '_') + 1); + $flag = (int) $this->acl_options['id'][$flag]; + + if (isset($hold_ary[$flag]) && $hold_ary[$flag] == ACL_YES) + { + unset($hold_ary[$flag]); + + /* This is uncommented, because i suspect this being slightly wrong due to mixed permission classes being possible + if (in_array(ACL_YES, $hold_ary)) + { + $hold_ary[$flag] = ACL_YES; + }*/ + } + } + } + } + + /** + * Fill auth_option statement for later querying based on the supplied options + */ + private function build_auth_option_statement($key, $auth_options, &$sql_opts) + { + if (!is_array($auth_options)) + { + if (strpos($auth_options, '%') !== false) + { + $sql_opts = "AND $key " . phpbb::$db->sql_like_expression(str_replace('%', phpbb::$db->any_char, $auth_options)); + } + else + { + $sql_opts = "AND $key = '" . phpbb::$db->sql_escape($auth_options) . "'"; + } + } + else + { + $is_like_expression = false; + + foreach ($auth_options as $option) + { + if (strpos($option, '%') !== false) + { + $is_like_expression = true; + } + } + + if (!$is_like_expression) + { + $sql_opts = 'AND ' . phpbb::$db->sql_in_set($key, $auth_options); + } + else + { + $sql = array(); + + foreach ($auth_options as $option) + { + if (strpos($option, '%') !== false) + { + $sql[] = $key . ' ' . phpbb::$db->sql_like_expression(str_replace('%', phpbb::$db->any_char, $option)); + } + else + { + $sql[] = $key . " = '" . phpbb::$db->sql_escape($option) . "'"; + } + } + + $sql_opts = 'AND (' . implode(' OR ', $sql) . ')'; + } + } + } + } + + ?> \ No newline at end of file Propchange: branches/acydburn/phpBB/includes/classes/acl.php ------------------------------------------------------------------------------ svn:eol-style = LF Propchange: branches/acydburn/phpBB/includes/classes/acl.php ------------------------------------------------------------------------------ svn:keywords = "Author Date Id Revision" Added: branches/acydburn/phpBB/includes/classes/acl_admin.php ============================================================================== *** branches/acydburn/phpBB/includes/classes/acl_admin.php (added) --- branches/acydburn/phpBB/includes/classes/acl_admin.php Thu Dec 11 17:39:51 2008 *************** *** 0 **** --- 1,1225 ---- + <?php + /** + * + * @package phpBB3 + * @version $Id$ + * @copyright (c) 2005 phpBB Group + * @license http://opensource.org/licenses/gpl-license.php GNU Public License + * + */ + + /** + * @ignore + */ + if (!defined('IN_PHPBB')) + { + exit; + } + + /** + * ACP Permission/Auth class + * @package phpBB3 + */ + class phpbb_acl_admin extends acl + { + function __construct() { parent::__construct(); } + + /** + * Get permission mask + * This function only supports getting permissions of one type (for example a_) + * + * @param set|view $mode defines the permissions we get, view gets effective permissions (checking user AND group permissions), set only gets the user or group permission set alone + * @param mixed $user_id user ids to search for (a user_id or a group_id has to be specified at least) + * @param mixed $group_id group ids to search for, return group related settings (a user_id or a group_id has to be specified at least) + * @param mixed $forum_id forum_ids to search for. Defining a forum id also means getting local settings + * @param string $auth_option the auth_option defines the permission setting to look for (a_ for example) + * @param local|global $scope the scope defines the permission scope. If local, a forum_id is additionally required + * @param ACL_NEVER|ACL_NO|ACL_YES $acl_fill defines the mode those permissions not set are getting filled with + */ + public function get_mask($mode, $user_id = false, $group_id = false, $forum_id = false, $auth_option = false, $scope = false, $acl_fill = ACL_NEVER) + { + global $db, $user; + + $hold_ary = array(); + $view_user_mask = ($mode == 'view' && $group_id === false) ? true : false; + + if ($auth_option === false || $scope === false) + { + return array(); + } + + $acl_user_function = ($mode == 'set') ? 'acl_user_raw_data' : 'acl_raw_data'; + + if (!$view_user_mask) + { + if ($forum_id !== false) + { + $hold_ary = ($group_id !== false) ? $this->acl_group_raw_data($group_id, $auth_option . '%', $forum_id) : $this->$acl_user_function($user_id, $auth_option . '%', $forum_id); + } + else + { + $hold_ary = ($group_id !== false) ? $this->acl_group_raw_data($group_id, $auth_option . '%', ($scope == 'global') ? 0 : false) : $this->$acl_user_function($user_id, $auth_option . '%', ($scope == 'global') ? 0 : false); + } + } + + // Make sure hold_ary is filled with every setting (prevents missing forums/users/groups) + $ug_id = ($group_id !== false) ? ((!is_array($group_id)) ? array($group_id) : $group_id) : ((!is_array($user_id)) ? array($user_id) : $user_id); + $forum_ids = ($forum_id !== false) ? ((!is_array($forum_id)) ? array($forum_id) : $forum_id) : (($scope == 'global') ? array(0) : array()); + + // Only those options we need + $compare_options = array_diff(preg_replace('/^((?!' . $auth_option . ').+)|(' . $auth_option . ')$/', '', array_keys($this->acl_options[$scope])), array('')); + + // If forum_ids is false and the scope is local we actually want to have all forums within the array + if ($scope == 'local' && !sizeof($forum_ids)) + { + $sql = 'SELECT forum_id + FROM ' . FORUMS_TABLE; + $result = $db->sql_query($sql, 120); + + while ($row = $db->sql_fetchrow($result)) + { + $forum_ids[] = (int) $row['forum_id']; + } + $db->sql_freeresult($result); + } + + if ($view_user_mask) + { + $auth2 = null; + + $sql = 'SELECT user_id, user_permissions, user_type + FROM ' . USERS_TABLE . ' + WHERE ' . $db->sql_in_set('user_id', $ug_id); + $result = $db->sql_query($sql); + + while ($userdata = $db->sql_fetchrow($result)) + { + if ($user->data['user_id'] != $userdata['user_id']) + { + $auth2 = new auth(); + $auth2->acl($userdata); + } + else + { + global $auth; + $auth2 = &$auth; + } + + + $hold_ary[$userdata['user_id']] = array(); + foreach ($forum_ids as $f_id) + { + $hold_ary[$userdata['user_id']][$f_id] = array(); + foreach ($compare_options as $option) + { + $hold_ary[$userdata['user_id']][$f_id][$option] = $auth2->acl_get($option, $f_id); + } + } + } + $db->sql_freeresult($result); + + unset($userdata); + unset($auth2); + } + + foreach ($ug_id as $_id) + { + if (!isset($hold_ary[$_id])) + { + $hold_ary[$_id] = array(); + } + + foreach ($forum_ids as $f_id) + { + if (!isset($hold_ary[$_id][$f_id])) + { + $hold_ary[$_id][$f_id] = array(); + } + } + } + + // Now, we need to fill the gaps with $acl_fill. ;) + + // Now switch back to keys + if (sizeof($compare_options)) + { + $compare_options = array_combine($compare_options, array_fill(1, sizeof($compare_options), $acl_fill)); + } + + // Defining the user-function here to save some memory + $return_acl_fill = create_function('$value', 'return ' . $acl_fill . ';'); + + // Actually fill the gaps + if (sizeof($hold_ary)) + { + foreach ($hold_ary as $ug_id => $row) + { + foreach ($row as $id => $options) + { + // Do not include the global auth_option + unset($options[$auth_option]); + + // Not a "fine" solution, but at all it's a 1-dimensional + // array_diff_key function filling the resulting array values with zeros + // The differences get merged into $hold_ary (all permissions having $acl_fill set) + $hold_ary[$ug_id][$id] = array_merge($options, + + array_map($return_acl_fill, + array_flip( + array_diff( + array_keys($compare_options), array_keys($options) + ) + ) + ) + ); + } + } + } + else + { + $hold_ary[($group_id !== false) ? $group_id : $user_id][(int) $forum_id] = $compare_options; + } + + return $hold_ary; + } + + /** + * Get permission mask for roles + * This function only supports getting masks for one role + */ + public function get_role_mask($role_id) + { + global $db; + + $hold_ary = array(); + + // Get users having this role set... + $sql = 'SELECT user_id, forum_id + FROM ' . ACL_USERS_TABLE . ' + WHERE auth_role_id = ' . $role_id . ' + ORDER BY forum_id'; + $result = $db->sql_query($sql); + + while ($row = $db->sql_fetchrow($result)) + { + $hold_ary[$row['forum_id']]['users'][] = $row['user_id']; + } + $db->sql_freeresult($result); + + // Now grab groups... + $sql = 'SELECT group_id, forum_id + FROM ' . ACL_GROUPS_TABLE . ' + WHERE auth_role_id = ' . $role_id . ' + ORDER BY forum_id'; + $result = $db->sql_query($sql); + + while ($row = $db->sql_fetchrow($result)) + { + $hold_ary[$row['forum_id']]['groups'][] = $row['group_id']; + } + $db->sql_freeresult($result); + + return $hold_ary; + } + + /** + * Display permission mask (assign to template) + */ + public function display_mask($mode, $permission_type, array $hold_ary, $user_mode = 'user', $local = false, $group_display = true) + { + global $template, $user, $db; + + // Define names for template loops, might be able to be set + $tpl_pmask = 'p_mask'; + $tpl_fmask = 'f_mask'; + $tpl_category = 'category'; + $tpl_mask = 'mask'; + + $l_acl_type = (isset($user->lang['ACL_TYPE_' . (($local) ? 'LOCAL' : 'GLOBAL') . '_' . strtoupper($permission_type)])) ? $user->lang['ACL_TYPE_' . (($local) ? 'LOCAL' : 'GLOBAL') . '_' . strtoupper($permission_type)] : 'ACL_TYPE_' . (($local) ? 'LOCAL' : 'GLOBAL') . '_' . strtoupper($permission_type); + + // Allow trace for viewing permissions and in user mode + $show_trace = ($mode == 'view' && $user_mode == 'user') ? true : false; + + // Get names + if ($user_mode == 'user') + { + $sql = 'SELECT user_id as ug_id, username as ug_name + FROM ' . USERS_TABLE . ' + WHERE ' . $db->sql_in_set('user_id', array_keys($hold_ary)) . ' + ORDER BY username_clean ASC'; + } + else + { + $sql = 'SELECT group_id as ug_id, group_name as ug_name, group_type + FROM ' . GROUPS_TABLE . ' + WHERE ' . $db->sql_in_set('group_id', array_keys($hold_ary)) . ' + ORDER BY group_type DESC, group_name ASC'; + } + $result = $db->sql_query($sql); + + $ug_names_ary = array(); + while ($row = $db->sql_fetchrow($result)) + { + $ug_names_ary[$row['ug_id']] = ($user_mode == 'user') ? $row['ug_name'] : (($row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $row['ug_name']] : $row['ug_name']); + } + $db->sql_freeresult($result); + + // Get used forums + $forum_ids = array(); + foreach ($hold_ary as $ug_id => $row) + { + $forum_ids = array_merge($forum_ids, array_keys($row)); + } + $forum_ids = array_unique($forum_ids); + + $forum_names_ary = array(); + if ($local) + { + $forum_names_ary = make_forum_select(false, false, true, false, false, false, true); + + // Remove the disabled ones, since we do not create an option field here... + foreach ($forum_names_ary as $key => $value) + { + if (!$value['disabled']) + { + continue; + } + unset($forum_names_ary[$key]); + } + } + else + { + $forum_names_ary[0] = $l_acl_type; + } + + // Get available roles + $sql = 'SELECT * + FROM ' . ACL_ROLES_TABLE . " + WHERE role_type = '" . $db->sql_escape($permission_type) . "' + ORDER BY role_order ASC"; + $result = $db->sql_query($sql); + + $roles = array(); + while ($row = $db->sql_fetchrow($result)) + { + $roles[$row['role_id']] = $row; + } + $db->sql_freeresult($result); + + $cur_roles = $this->acl_role_data($user_mode, $permission_type, array_keys($hold_ary)); + + // Build js roles array (role data assignments) + $s_role_js_array = ''; + + if (sizeof($roles)) + { + $s_role_js_array = array(); + + // Make sure every role (even if empty) has its array defined + foreach ($roles as $_role_id => $null) + { + $s_role_js_array[$_role_id] = "\n" . 'role_options[' . $_role_id . '] = new Array();' . "\n"; + } + + $sql = 'SELECT r.role_id, o.auth_option, r.auth_setting + FROM ' . ACL_ROLES_DATA_TABLE . ' r, ' . ACL_OPTIONS_TABLE . ' o + WHERE o.auth_option_id = r.auth_option_id + AND ' . $db->sql_in_set('r.role_id', array_keys($roles)); + $result = $db->sql_query($sql); + + while ($row = $db->sql_fetchrow($result)) + { + $flag = substr($row['auth_option'], 0, strpos($row['auth_option'], '_') + 1); + if ($flag == $row['auth_option']) + { + continue; + } + + $s_role_js_array[$row['role_id']] .= 'role_options[' . $row['role_id'] . '][\'' . addslashes($row['auth_option']) . '\'] = ' . $row['auth_setting'] . '; '; + } + $db->sql_freeresult($result); + + $s_role_js_array = implode('', $s_role_js_array); + } + + $template->assign_var('S_ROLE_JS_ARRAY', $s_role_js_array); + unset($s_role_js_array); + + // Now obtain memberships + $user_groups_default = $user_groups_custom = array(); + if ($user_mode == 'user' && $group_display) + { + $sql = 'SELECT group_id, group_name, group_type + FROM ' . GROUPS_TABLE . ' + ORDER BY group_type DESC, group_name ASC'; + $result = $db->sql_query($sql); + + $groups = array(); + while ($row = $db->sql_fetchrow($result)) + { + $groups[$row['group_id']] = $row; + } + $db->sql_freeresult($result); + + $memberships = group_memberships(false, array_keys($hold_ary), false); + + // User is not a member of any group? Bad admin, bad bad admin... + if ($memberships) + { + foreach ($memberships as $row) + { + if ($groups[$row['group_id']]['group_type'] == GROUP_SPECIAL) + { + $user_groups_default[$row['user_id']][] = $user->lang['G_' . $groups[$row['group_id']]['group_name']]; + } + else + { + $user_groups_custom[$row['user_id']][] = $groups[$row['group_id']]['group_name']; + } + } + } + unset($memberships, $groups); + } + + // If we only have one forum id to display or being in local mode and more than one user/group to display, + // we switch the complete interface to group by user/usergroup instead of grouping by forum + // To achieve this, we need to switch the array a bit + if (sizeof($forum_ids) == 1 || ($local && sizeof($ug_names_ary) > 1)) + { + $hold_ary_temp = $hold_ary; + $hold_ary = array(); + foreach ($hold_ary_temp as $ug_id => $row) + { + foreach ($forum_names_ary as $forum_id => $forum_row) + { + if (isset($row[$forum_id])) + { + $hold_ary[$forum_id][$ug_id] = $row[$forum_id]; + } + } + } + unset($hold_ary_temp); + + foreach ($hold_ary as $forum_id => $forum_array) + { + $content_array = $categories = array(); + self::build_permission_array($hold_ary[$forum_id], $content_array, $categories, array_keys($ug_names_ary)); + + $template->assign_block_vars($tpl_pmask, array( + 'NAME' => ($forum_id == 0) ? $forum_names_ary[0] : $forum_names_ary[$forum_id]['forum_name'], + 'PADDING' => ($forum_id == 0) ? '' : $forum_names_ary[$forum_id]['padding'], + + 'CATEGORIES' => implode('</th><th>', $categories), + + 'L_ACL_TYPE' => $l_acl_type, + + 'S_LOCAL' => ($local) ? true : false, + 'S_GLOBAL' => (!$local) ? true : false, + 'S_NUM_CATS' => sizeof($categories), + 'S_VIEW' => ($mode == 'view') ? true : false, + 'S_NUM_OBJECTS' => sizeof($content_array), + 'S_USER_MODE' => ($user_mode == 'user') ? true : false, + 'S_GROUP_MODE' => ($user_mode == 'group') ? true : false) + ); + + @reset($content_array); + while (list($ug_id, $ug_array) = each($content_array)) + { + // Build role dropdown options + $current_role_id = (isset($cur_roles[$ug_id][$forum_id])) ? $cur_roles[$ug_id][$forum_id] : 0; + + $s_role_options = ''; + + @reset($roles); + while (list($role_id, $role_row) = each($roles)) + { + $role_description = (!empty($user->lang[$role_row['role_description']])) ? $user->lang[$role_row['role_description']] : nl2br($role_row['role_description']); + $role_name = (!empty($user->lang[$role_row['role_name']])) ? $user->lang[$role_row['role_name']] : $role_row['role_name']; + + $title = ($role_description) ? ' title="' . $role_description . '"' : ''; + $s_role_options .= '<option value="' . $role_id . '"' . (($role_id == $current_role_id) ? ' selected="selected"' : '') . $title . '>' . $role_name . '</option>'; + } + + if ($s_role_options) + { + $s_role_options = '<option value="0"' . ((!$current_role_id) ? ' selected="selected"' : '') . ' title="' . htmlspecialchars($user->lang['NO_ROLE_ASSIGNED_EXPLAIN']) . '">' . $user->lang['NO_ROLE_ASSIGNED'] . '</option>' . $s_role_options; + } + + if (!$current_role_id && $mode != 'view') + { + $s_custom_permissions = false; + + foreach ($ug_array as $key => $value) + { + if ($value['S_NEVER'] || $value['S_YES']) + { + $s_custom_permissions = true; + break; + } + } + } + else + { + $s_custom_permissions = false; + } + + $template->assign_block_vars($tpl_pmask . '.' . $tpl_fmask, array( + 'NAME' => $ug_names_ary[$ug_id], + 'S_ROLE_OPTIONS' => $s_role_options, + 'UG_ID' => $ug_id, + 'S_CUSTOM' => $s_custom_permissions, + 'FORUM_ID' => $forum_id) + ); + + self::assign_cat_array($ug_array, $tpl_pmask . '.' . $tpl_fmask . '.' . $tpl_category, $tpl_mask, $ug_id, $forum_id, $show_trace, ($mode == 'view')); + + unset($content_array[$ug_id]); + } + + unset($hold_ary[$forum_id]); + } + } + else + { + foreach ($ug_names_ary as $ug_id => $ug_name) + { + if (!isset($hold_ary[$ug_id])) + { + continue; + } + + $content_array = $categories = array(); + self::build_permission_array($hold_ary[$ug_id], $content_array, $categories, array_keys($forum_names_ary)); + + $template->assign_block_vars($tpl_pmask, array( + 'NAME' => $ug_name, + 'CATEGORIES' => implode('</th><th>', $categories), + + 'USER_GROUPS_DEFAULT' => ($user_mode == 'user' && isset($user_groups_default[$ug_id]) && sizeof($user_groups_default[$ug_id])) ? implode(', ', $user_groups_default[$ug_id]) : '', + 'USER_GROUPS_CUSTOM' => ($user_mode == 'user' && isset($user_groups_custom[$ug_id]) && sizeof($user_groups_custom[$ug_id])) ? implode(', ', $user_groups_custom[$ug_id]) : '', + 'L_ACL_TYPE' => $l_acl_type, + + 'S_LOCAL' => ($local) ? true : false, + 'S_GLOBAL' => (!$local) ? true : false, + 'S_NUM_CATS' => sizeof($categories), + 'S_VIEW' => ($mode == 'view') ? true : false, + 'S_NUM_OBJECTS' => sizeof($content_array), + 'S_USER_MODE' => ($user_mode == 'user') ? true : false, + 'S_GROUP_MODE' => ($user_mode == 'group') ? true : false) + ); + + @reset($content_array); + while (list($forum_id, $forum_array) = each($content_array)) + { + // Build role dropdown options + $current_role_id = (isset($cur_roles[$ug_id][$forum_id])) ? $cur_roles[$ug_id][$forum_id] : 0; + + $s_role_options = ''; + + @reset($roles); + while (list($role_id, $role_row) = each($roles)) + { + $role_description = (!empty($user->lang[$role_row['role_description']])) ? $user->lang[$role_row['role_description']] : nl2br($role_row['role_description']); + $role_name = (!empty($user->lang[$role_row['role_name']])) ? $user->lang[$role_row['role_name']] : $role_row['role_name']; + + $title = ($role_description) ? ' title="' . $role_description . '"' : ''; + $s_role_options .= '<option value="' . $role_id . '"' . (($role_id == $current_role_id) ? ' selected="selected"' : '') . $title . '>' . $role_name . '</option>'; + } + + if ($s_role_options) + { + $s_role_options = '<option value="0"' . ((!$current_role_id) ? ' selected="selected"' : '') . ' title="' . htmlspecialchars($user->lang['NO_ROLE_ASSIGNED_EXPLAIN']) . '">' . $user->lang['NO_ROLE_ASSIGNED'] . '</option>' . $s_role_options; + } + + if (!$current_role_id && $mode != 'view') + { + $s_custom_permissions = false; + + foreach ($forum_array as $key => $value) + { + if ($value['S_NEVER'] || $value['S_YES']) + { + $s_custom_permissions = true; + break; + } + } + } + else + { + $s_custom_permissions = false; + } + + $template->assign_block_vars($tpl_pmask . '.' . $tpl_fmask, array( + 'NAME' => ($forum_id == 0) ? $forum_names_ary[0] : $forum_names_ary[$forum_id]['forum_name'], + 'PADDING' => ($forum_id == 0) ? '' : $forum_names_ary[$forum_id]['padding'], + 'S_ROLE_OPTIONS' => $s_role_options, + 'S_CUSTOM' => $s_custom_permissions, + 'UG_ID' => $ug_id, + 'FORUM_ID' => $forum_id) + ); + + self::assign_cat_array($forum_array, $tpl_pmask . '.' . $tpl_fmask . '.' . $tpl_category, $tpl_mask, $ug_id, $forum_id, $show_trace, ($mode == 'view')); + } + + unset($hold_ary[$ug_id], $ug_names_ary[$ug_id]); + } + } + } + + /** + * Display permission mask for roles + */ + public function display_role_mask(array $hold_ary) + { + global $db, $template, $user; + + if (!sizeof($hold_ary)) + { + return; + } + + // Get forum names + $sql = 'SELECT forum_id, forum_name + FROM ' . FORUMS_TABLE . ' + WHERE ' . $db->sql_in_set('forum_id', array_keys($hold_ary)) . ' + ORDER BY left_id'; + $result = $db->sql_query($sql); + + // If the role is used globally, then reflect that + $forum_names = (isset($hold_ary[0])) ? array(0 => '') : array(); + while ($row = $db->sql_fetchrow($result)) + { + $forum_names[$row['forum_id']] = $row['forum_name']; + } + $db->sql_freeresult($result); + + foreach ($forum_names as $forum_id => $forum_name) + { + $auth_ary = $hold_ary[$forum_id]; + + $template->assign_block_vars('role_mask', array( + 'NAME' => ($forum_id == 0) ? $user->lang['GLOBAL_MASK'] : $forum_name, + 'FORUM_ID' => $forum_id) + ); + + if (isset($auth_ary['users']) && sizeof($auth_ary['users'])) + { + $sql = 'SELECT user_id, username + FROM ' . USERS_TABLE . ' + WHERE ' . $db->sql_in_set('user_id', $auth_ary['users']) . ' + ORDER BY username_clean ASC'; + $result = $db->sql_query($sql); + + while ($row = $db->sql_fetchrow($result)) + { + $template->assign_block_vars('role_mask.users', array( + 'USER_ID' => $row['user_id'], + 'USERNAME' => $row['username'], + 'U_PROFILE' => append_sid('memberlist', "mode=viewprofile&u={$row['user_id']}")) + ); + } + $db->sql_freeresult($result); + } + + if (isset($auth_ary['groups']) && sizeof($auth_ary['groups'])) + { + $sql = 'SELECT group_id, group_name, group_type + FROM ' . GROUPS_TABLE . ' + WHERE ' . $db->sql_in_set('group_id', $auth_ary['groups']) . ' + ORDER BY group_type ASC, group_name'; + $result = $db->sql_query($sql); + + while ($row = $db->sql_fetchrow($result)) + { + $template->assign_block_vars('role_mask.groups', array( + 'GROUP_ID' => $row['group_id'], + 'GROUP_NAME' => ($row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $row['group_name']] : $row['group_name'], + 'U_PROFILE' => append_sid('memberlist', "mode=group&g={$row['group_id']}")) + ); + } + $db->sql_freeresult($result); + } + } + } + + /** + * NOTE: this function is not in use atm + * Add a new option to the list ... $options is a hash of form -> + * $options = array( + * 'local' => array('option1', 'option2', ...), + * 'global' => array('optionA', 'optionB', ...) + * ); + */ + public function acl_add_option(array $options) + { + global $db, $cache; + + $cur_options = array(); + + $sql = 'SELECT auth_option, is_global, is_local + FROM ' . ACL_OPTIONS_TABLE . ' + ORDER BY auth_option_id'; + $result = $db->sql_query($sql); + + while ($row = $db->sql_fetchrow($result)) + { + if ($row['is_global']) + { + $cur_options['global'][] = $row['auth_option']; + } + + if ($row['is_local']) + { + $cur_options['local'][] = $row['auth_option']; + } + } + $db->sql_freeresult($result); + + // Here we need to insert new options ... this requires discovering whether + // an options is global, local or both and whether we need to add an permission + // set flag (x_) + $new_options = array('local' => array(), 'global' => array()); + + foreach ($options as $type => $option_ary) + { + $option_ary = array_unique($option_ary); + + foreach ($option_ary as $option_value) + { + if (!in_array($option_value, $cur_options[$type])) + { + $new_options[$type][] = $option_value; + } + + $flag = substr($option_value, 0, strpos($option_value, '_') + 1); + + if (!in_array($flag, $cur_options[$type]) && !in_array($flag, $new_options[$type])) + { + $new_options[$type][] = $flag; + } + } + } + unset($options); + + $options = array(); + $options['local'] = array_diff($new_options['local'], $new_options['global']); + $options['global'] = array_diff($new_options['global'], $new_options['local']); + $options['local_global'] = array_intersect($new_options['local'], $new_options['global']); + + $sql_ary = array(); + + foreach ($options as $type => $option_ary) + { + foreach ($option_ary as $option) + { + $sql_ary[] = array( + 'auth_option' => (string) $option, + 'is_global' => ($type == 'global' || $type == 'local_global') ? 1 : 0, + 'is_local' => ($type == 'local' || $type == 'local_global') ? 1 : 0 + ); + } + } + + $db->sql_multi_insert(ACL_OPTIONS_TABLE, $sql_ary); + + $cache->destroy('_acl_options'); + $this->acl_clear_prefetch(); + + // Because we just changed the options and also purged the options cache, we instantly update/regenerate it for later calls to succeed. + $this->acl_options = array(); + $this->__construct(); + + return true; + } + + /** + * Set a user or group ACL record + */ + public function acl_set($ug_type, $forum_id, $ug_id, $auth, $role_id = 0, $clear_prefetch = true) + { + global $db; + + // One or more forums + if (!is_array($forum_id)) + { + $forum_id = array($forum_id); + } + + // One or more users + if (!is_array($ug_id)) + { + $ug_id = array($ug_id); + } + + $ug_id_sql = $db->sql_in_set($ug_type . '_id', array_map('intval', $ug_id)); + $forum_sql = $db->sql_in_set('forum_id', array_map('intval', $forum_id)); + + // Instead of updating, inserting, removing we just remove all current settings and re-set everything... + $table = ($ug_type == 'user') ? ACL_USERS_TABLE : ACL_GROUPS_TABLE; + $id_field = $ug_type . '_id'; + + // Get any flags as required + reset($auth); + $flag = key($auth); + $flag = substr($flag, 0, strpos($flag, '_') + 1); + + // This ID (the any-flag) is set if one or more permissions are true... + $any_option_id = (int) $this->acl_options['id'][$flag]; + + // Remove any-flag from auth ary + if (isset($auth[$flag])) + { + unset($auth[$flag]); + } + + // Remove current auth options... + $auth_option_ids = array((int)$any_option_id); + foreach ($auth as $auth_option => $auth_setting) + { + $auth_option_ids[] = (int) $this->acl_options['id'][$auth_option]; + } + + $sql = "DELETE FROM $table + WHERE $forum_sql + AND $ug_id_sql + AND " . $db->sql_in_set('auth_option_id', $auth_option_ids); + $db->sql_query($sql); + + // Remove those having a role assigned... the correct type of course... + $sql = 'SELECT role_id + FROM ' . ACL_ROLES_TABLE . " + WHERE role_type = '" . $db->sql_escape($flag) . "'"; + $result = $db->sql_query($sql); + + $role_ids = array(); + while ($row = $db->sql_fetchrow($result)) + { + $role_ids[] = $row['role_id']; + } + $db->sql_freeresult($result); + + if (sizeof($role_ids)) + { + $sql = "DELETE FROM $table + WHERE $forum_sql + AND $ug_id_sql + AND auth_option_id = 0 + AND " . $db->sql_in_set('auth_role_id', $role_ids); + $db->sql_query($sql); + } + + // Ok, include the any-flag if one or more auth options are set to yes... + foreach ($auth as $auth_option => $setting) + { + if ($setting == ACL_YES && (!isset($auth[$flag]) || $auth[$flag] == ACL_NEVER)) + { + $auth[$flag] = ACL_YES; + } + } + + $sql_ary = array(); + foreach ($forum_id as $forum) + { + $forum = (int) $forum; + + if ($role_id) + { + foreach ($ug_id as $id) + { + $sql_ary[] = array( + $id_field => (int) $id, + 'forum_id' => (int) $forum, + 'auth_option_id' => 0, + 'auth_setting' => 0, + 'auth_role_id' => (int) $role_id, + ); + } + } + else + { + foreach ($auth as $auth_option => $setting) + { + $auth_option_id = (int) $this->acl_options['id'][$auth_option]; + + if ($setting != ACL_NO) + { + foreach ($ug_id as $id) + { + $sql_ary[] = array( + $id_field => (int) $id, + 'forum_id' => (int) $forum, + 'auth_option_id' => (int) $auth_option_id, + 'auth_setting' => (int) $setting + ); + } + } + } + } + } + + $db->sql_multi_insert($table, $sql_ary); + + if ($clear_prefetch) + { + $this->acl_clear_prefetch(); + } + } + + /** + * Set a role-specific ACL record + */ + public function acl_set_role($role_id, $auth) + { + global $db; + + // Get any-flag as required + reset($auth); + $flag = key($auth); + $flag = substr($flag, 0, strpos($flag, '_') + 1); + + // Remove any-flag from auth ary + if (isset($auth[$flag])) + { + unset($auth[$flag]); + } + + // Re-set any flag... + foreach ($auth as $auth_option => $setting) + { + if ($setting == ACL_YES && (!isset($auth[$flag]) || $auth[$flag] == ACL_NEVER)) + { + $auth[$flag] = ACL_YES; + } + } + + $sql_ary = array(); + foreach ($auth as $auth_option => $setting) + { + $auth_option_id = (int) $this->acl_options['id'][$auth_option]; + + if ($setting != ACL_NO) + { + $sql_ary[] = array( + 'role_id' => (int) $role_id, + 'auth_option_id' => (int) $auth_option_id, + 'auth_setting' => (int) $setting + ); + } + } + + // If no data is there, we set the any-flag to ACL_NEVER... + if (!sizeof($sql_ary)) + { + $sql_ary[] = array( + 'role_id' => (int) $role_id, + 'auth_option_id' => (int) $this->acl_options['id'][$flag], + 'auth_setting' => ACL_NEVER + ); + } + + // Remove current auth options... + $sql = 'DELETE FROM ' . ACL_ROLES_DATA_TABLE . ' + WHERE role_id = ' . $role_id; + $db->sql_query($sql); + + // Now insert the new values + $db->sql_multi_insert(ACL_ROLES_DATA_TABLE, $sql_ary); + + $this->acl_clear_prefetch(); + } + + /** + * Remove local permission + */ + public function acl_delete($mode, $ug_id = false, $forum_id = false, $permission_type = false) + { + global $db; + + if ($ug_id === false && $forum_id === false) + { + return; + } + + $option_id_ary = array(); + $table = ($mode == 'user') ? ACL_USERS_TABLE : ACL_GROUPS_TABLE; + $id_field = $mode . '_id'; + + $where_sql = array(); + + if ($forum_id !== false) + { + $where_sql[] = (!is_array($forum_id)) ? 'forum_id = ' . (int) $forum_id : $db->sql_in_set('forum_id', array_map('intval', $forum_id)); + } + + if ($ug_id !== false) + { + $where_sql[] = (!is_array($ug_id)) ? $id_field . ' = ' . (int) $ug_id : $db->sql_in_set($id_field, array_map('intval', $ug_id)); + } + + // There seem to be auth options involved, therefore we need to go through the list and make sure we capture roles correctly + if ($permission_type !== false) + { + // Get permission type + $sql = 'SELECT auth_option, auth_option_id + FROM ' . ACL_OPTIONS_TABLE . " + WHERE auth_option " . $db->sql_like_expression($permission_type . $db->any_char); + $result = $db->sql_query($sql); + + $auth_id_ary = array(); + while ($row = $db->sql_fetchrow($result)) + { + $option_id_ary[] = $row['auth_option_id']; + $auth_id_ary[$row['auth_option']] = ACL_NO; + } + $db->sql_freeresult($result); + + // First of all, lets grab the items having roles with the specified auth options assigned + $sql = "SELECT auth_role_id, $id_field, forum_id + FROM $table, " . ACL_ROLES_TABLE . " r + WHERE auth_role_id <> 0 + AND auth_role_id = r.role_id + AND r.role_type = '{$permission_type}' + AND " . implode(' AND ', $where_sql) . ' + ORDER BY auth_role_id'; + $result = $db->sql_query($sql); + + $cur_role_auth = array(); + while ($row = $db->sql_fetchrow($result)) + { + $cur_role_auth[$row['auth_role_id']][$row['forum_id']][] = $row[$id_field]; + } + $db->sql_freeresult($result); + + // Get role data for resetting... [truncated message content] |
