[Phpbbkb-checkins] SF.net SVN: phpbbkb: [33] root
Status: Alpha
Brought to you by:
markthedaemon
Menu
▾
▴
[Phpbbkb-checkins] SF.net SVN: phpbbkb: [33] root
|
From: <so...@us...> - 2006-12-28 01:47:25
|
Revision: 33
http://svn.sourceforge.net/phpbbkb/?rev=33&view=rev
Author: softphp
Date: 2006-12-27 17:47:23 -0800 (Wed, 27 Dec 2006)
Log Message:
-----------
- Introduced the auth system, haven't implemented it completely into the kb.php, but I'm working on it, still waiting to be tested. Along with the admin panel and a lot of other stuff.
Modified Paths:
--------------
root/kb/auth.php
root/kb/constants.php
root/kb.php
root/kb_install.php
Modified: root/kb/auth.php
===================================================================
--- root/kb/auth.php 2006-12-19 20:14:53 UTC (rev 32)
+++ root/kb/auth.php 2006-12-28 01:47:23 UTC (rev 33)
@@ -18,10 +18,170 @@
*
***************************************************************************/
-// This file holds the kb_auth functions, very similar to the phpBB auth functions, but differs certain places :)
+// This file holds the kb auth functions, very similar to the phpBB auth functions, but differs certain places :)
+// As of now, the articles auth is handles out from which category it is selected through, therefore an article
+// can have different kinds of auth, all depending on through which category it is viewed. This solution might seem
+// stupid, but it is the best I can come up with, and I think admins will just take that into consideration when creating
+// category permissions.
+
+//
+// This function returns info on whether the user is allowed to do the supplied argument(s) all dependant on the given category id
+//
function kb_auth($type, $cat_id, $userdata)
{
+ switch($type)
+ {
+ case "view":
+ $sql = "a.auth_view";
+ $auth_fields = array('auth_view');
+ break;
+
+ case "add":
+ $sql = "a.auth_add";
+ $auth_fields = array('auth_add');
+ break;
+
+ case "edit":
+ $sql = "a.auth_edit";
+ $auth_fields = array('auth_edit');
+ break;
+
+ case "delete":
+ $sql = "a.auth_delete";
+ $auth_fields = array('auth_delete');
+ break;
+
+ case "mod":
+ $sql = "a.auth_mod";
+ $auth_fields = array('auth_mod');
+ break;
+
+ case "comment":
+ $sql = "a.auth_comment";
+ $auth_fields = array('auth_comment');
+ break;
+
+ case "rate":
+ $sql = "a.auth_rate";
+ $auth_fields = array('auth_rate');
+ break;
+
+ case "attach":
+ $sql = "a.auth_attach";
+ $auth_fields = array('auth_attach');
+ break;
+
+ // Returns array containing everything above
+ case "all":
+ $sql = "a.auth_view, a.auth_add, a.auth_edit, a.auth_delete, a.auth_mod, a.auth_comment, a.auth_rate, a.auth_attach";
+ $auth_fields = array('auth_view', 'auth_add', 'auth_edit', 'auth_delete', 'auth_mod', 'auth_comment', 'auth_rate', 'auth_attach');
+ break;
+
+ // Returns array containing article related auth
+ case "article":
+ $sql = "a.auth_view, a.auth_edit, a.auth_delete, a.auth_mod, a.auth_comment, a.auth_rate";
+ $auth_fields = array('auth_view', 'auth_edit', 'auth_delete', 'auth_mod', 'auth_comment', 'auth_rate');
+ break;
+
+ // Returns array containing category related auth
+ case "cat":
+ $sql = "a.auth_view, a.auth_add, a.auth_attach";
+ $auth_fields = array('auth_view', 'auth_add', 'auth_attach');
+ break;
+ }
+ $sql = "SELECT a.cat_id, $sql
+ FROM " . KB_CATEGORIES_TABLE . " a
+ WHERE a.cat_id = '" . $cat_id . "'";
+
+ if(!$result = $db->sql_query($sql))
+ {
+ message_die(GENERAL_MESSAGE, 'Could not retrieve categorys auth info.', '', __LINE__, __FILE__, $sql);
+ }
+
+ $f_access = $db->sql_fetchrow($result);
+
+ //
+ // If user is logged in we need to see if he is in any usergroups that changes his auth info, else just return it
+ //
+ if($userdata['session_logged_in'])
+ {
+ // Check if the user is present in a group that changes his permissions
+ $sql = "SELECT a.cat_id, $sql, a.auth_mod
+ FROM " . KB_AUTH_ACCESS_TABLE . " a, " . USER_GROUP_TABLE . " ug
+ WHERE ug.user_id = ".$userdata['user_id']. "
+ AND ug.user_pending = 0
+ AND a.group_id = ug.group_id
+ AND a.cat_id = '" . $cat_id . "'";
+ if ( !($result = $db->sql_query($sql)) )
+ {
+ message_die(GENERAL_ERROR, 'Failed obtaining category access control lists', '', __LINE__, __FILE__, $sql);
+ }
+
+ if ( $row = $db->sql_fetchrow($result) )
+ {
+ do
+ {
+ $u_access[] = $row;
+ }
+ while( $row = $db->sql_fetchrow($result) );
+ }
+ $db->sql_freeresult($result);
+ }
+
+ $is_admin = ( $userdata['user_level'] == ADMIN && $userdata['session_logged_in'] ) ? TRUE : 0;
+
+ $auth = array();
+ for($i = 0; $i < count($auth_fields); $i++)
+ {
+ $key = $auth_fields[$i];
+
+ //
+ // If the user is logged on and the forum type is either ALL or REG then the user has access
+ //
+ // If the type if ACL, MOD or ADMIN then we need to see if the user has specific permissions
+ // to do whatever it is they want to do ... to do this we pull relevant information for the
+ // user (and any groups they belong to)
+ //
+ // Now we compare the users access level against the forums. We assume here that a moderator
+ // and admin automatically have access to an ACL forum, similarly we assume admins meet an
+ // auth requirement of MOD
+ //
+ $value = $f_access[$key];
+
+ switch( $value )
+ {
+ case AUTH_ALL:
+ $auth[$key] = TRUE;
+ $auth[$key . '_type'] = $lang['Auth_Anonymous_Users'];
+ break;
+
+ case AUTH_REG:
+ $auth_user[$key] = ( $userdata['session_logged_in'] ) ? TRUE : 0;
+ $auth_user[$key . '_type'] = $lang['Auth_Registered_Users'];
+ break;
+
+ case AUTH_ACL:
+ $auth[$key] = ( $userdata['session_logged_in'] ) ? auth_check_user(AUTH_ACL, $key, $u_access, $is_admin) : 0;
+ $auth[$key . '_type'] = $lang['Auth_Users_granted_access'];
+ break;
+
+ case AUTH_MOD:
+ $auth[$key] = ( $userdata['session_logged_in'] ) ? auth_check_user(AUTH_MOD, 'auth_mod', $u_access, $is_admin) : 0;
+ $auth[$key . '_type'] = $lang['Auth_Moderators'];
+ break;
+
+ case AUTH_ADMIN:
+ $auth[$key] = $is_admin;
+ $auth[$key . '_type'] = $lang['Auth_Administrators'];
+ break;
+
+ default:
+ $auth[$key] = 0;
+ break;
+ }
+ }
+
return $auth;
}
Modified: root/kb/constants.php
===================================================================
--- root/kb/constants.php 2006-12-19 20:14:53 UTC (rev 32)
+++ root/kb/constants.php 2006-12-28 01:47:23 UTC (rev 33)
@@ -28,5 +28,6 @@
define('KB_CATEGORIES_TABLE', $table_prefix . "kb_categories");
define('KB_ARTICLES_TABLE', $table_prefix . "kb_articles");
define('KB_ARTICLECATS_TABLE', $table_prefix . "kb_articlecats"); // For Multiple cats
+define('KB_AUTH_ACCESS', $table_prefix . "kb_auth_access");
?>
\ No newline at end of file
Modified: root/kb.php
===================================================================
--- root/kb.php 2006-12-19 20:14:53 UTC (rev 32)
+++ root/kb.php 2006-12-28 01:47:23 UTC (rev 33)
@@ -88,51 +88,61 @@
{
for($i = 0; $i < $total_catrows; $i++)
{
- // Ok display one cat here
- $template->assign_block_vars('catrow', array(
- 'CAT_TITLE' => $catrows[$i]['cat_title'],
- 'CAT_DESC' => $catrows[$i]['cat_desc'],
- 'CAT_ARTICLES' => $catrows[$i]['cat_articles'],
- 'U_VIEWCAT' => append_sid("kb." . $phpEx . "?pid=view_cat&id=" . $catrows[$i]['cat_id']),
- 'L_SUBCATS' => $lang['kb_subcats'],
- 'FORUM_FOLDER_IMG' => $images['forum']) // Stolen :D
- );
+ $auth = kb_auth("view", $catrows[$i]['cat_id'], $userdata);
- // Now let's look at subcats
- $sql = "SELECT c.cat_id, c.cat_main, c.cat_title, c.cat_order
- FROM " . KB_CATEGORIES_TABLE . " c
- WHERE c.cat_main = '" . $catrows[$i]['cat_id'] . "'
- ORDER BY c.cat_order";
- if( !($result = $db->sql_query($sql)) )
+ if($auth['auth_view'])
{
- message_die(GENERAL_ERROR, 'Could not query subcategories list', '', __LINE__, __FILE__, $sql);
- }
-
- $subcats = array();
- while ($row = $db->sql_fetchrow($result))
- {
- $subcats[] = $row;
- }
-
- if($total_subcats = count($subcats))
- {
- // Contains subcats, show them
- $template->assign_block_vars('catrow.switch_subcats', array());
+ // Ok display one cat here
+ $template->assign_block_vars('catrow', array(
+ 'CAT_TITLE' => $catrows[$i]['cat_title'],
+ 'CAT_DESC' => $catrows[$i]['cat_desc'],
+ 'CAT_ARTICLES' => $catrows[$i]['cat_articles'],
+ 'U_VIEWCAT' => append_sid("kb." . $phpEx . "?pid=view_cat&id=" . $catrows[$i]['cat_id']),
+ 'L_SUBCATS' => $lang['kb_subcats'],
+ 'FORUM_FOLDER_IMG' => $images['forum']) // Stolen :D
+ );
- for($j = 0; $j < $total_subcats; $j++)
+ // Now let's look at subcats
+ $sql = "SELECT c.cat_id, c.cat_main, c.cat_title, c.cat_order
+ FROM " . KB_CATEGORIES_TABLE . " c
+ WHERE c.cat_main = '" . $catrows[$i]['cat_id'] . "'
+ ORDER BY c.cat_order";
+ if( !($result = $db->sql_query($sql)) )
{
- // Show the subcat
- $k = $j + 1;
- $subcat_comma = ( isset($subcats[$k]) ) ? ", " : ".";
- $template->assign_block_vars('catrow.subcatrow', array(
- 'U_SUBCAT' => append_sid("kb." . $phpEx . "?pid=view_cat&id=" . $subcats[$j]['cat_id']),
- 'SUBCAT_TITLE' => $subcats[$j]['cat_title'],
- 'SUBCAT_COMMA' => $subcat_comma)
- );
+ message_die(GENERAL_ERROR, 'Could not query subcategories list', '', __LINE__, __FILE__, $sql);
+ }
+
+ $subcats = array();
+ while ($row = $db->sql_fetchrow($result))
+ {
+ $subcats[] = $row;
}
- }
- }
- }
+
+ if($total_subcats = count($subcats))
+ {
+ // Contains subcats, show them
+ $template->assign_block_vars('catrow.switch_subcats', array());
+
+ for($j = 0; $j < $total_subcats; $j++)
+ {
+ $auth = kb_auth("view", $subcats[$j]['cat_id'], $userdata);
+
+ if($auth['auth_view'])
+ {
+ // Show the subcat
+ $k = $j + 1;
+ $subcat_comma = ( isset($subcats[$k]) ) ? ", " : ".";
+ $template->assign_block_vars('catrow.subcatrow', array(
+ 'U_SUBCAT' => append_sid("kb." . $phpEx . "?pid=view_cat&id=" . $subcats[$j]['cat_id']),
+ 'SUBCAT_TITLE' => $subcats[$j]['cat_title'],
+ 'SUBCAT_COMMA' => $subcat_comma)
+ );
+ } // if auth view
+ } // for subcats
+ } // if subcats
+ } // auth view
+ } // for cats
+ }// total cats
else
{
message_die(GENERAL_MESSAGE, $lang['No_kb_cats']);
@@ -367,6 +377,7 @@
//
// These vars are for later use
//
+ $in_cat = false;
$cats = array();
while($row = $db->sql_fetchrow($result))
{
@@ -374,12 +385,21 @@
if($row['cat_id'] == $cid)
{
+ $in_cat = true;
$current_cat['cat_title'] = $row['cat_title'];
$current_cat['cat_id'] = $row['cat_id'];
$current_cat['cat_main'] = $row['cat_main'];
}
}
+ //
+ // Check that the given category is true
+ //
+ if(!$in_cat)
+ {
+ message_die(GENERAL_MESSAGE, "The category specified in GET variables did not exist along with this article in the database.");
+ }
+
$article_title = $article['article_title'];
$article_text = $article['article_text'];
$article_bbcode_uid = $article['bbcode_uid'];
Modified: root/kb_install.php
===================================================================
--- root/kb_install.php 2006-12-19 20:14:53 UTC (rev 32)
+++ root/kb_install.php 2006-12-28 01:47:23 UTC (rev 33)
@@ -56,6 +56,14 @@
cat_desc varchar(255) NOT NULL,
cat_articles mediumint(8) UNSIGNED DEFAULT '0',
cat_order mediumint(8) UNSIGNED NOT NULL,
+ auth_view tinyint(1) NOT NULL default '0',
+ auth_add tinyint(1) NOT NULL default '0',
+ auth_edit tinyint(1) NOT NULL default '0',
+ auth_delete tinyint(1) NOT NULL default '0',
+ auth_mod tinyint(1) NOT NULL default '0',
+ auth_comment tinyint(1) NOT NULL default '0',
+ auth_rate tinyint(1) NOT NULL default '0',
+ auth_attach tinyint(1) NOT NULL default '0',
PRIMARY KEY (cat_id),
KEY cat_order (cat_order)
)";
@@ -86,20 +94,18 @@
)";
$sql[] = "CREATE TABLE " . $table_prefix . "kb_auth_access (
- `group_id` mediumint(8) NOT NULL default '0',
- `cat_id` smallint(5) unsigned NOT NULL default '0',
- `auth_view` tinyint(1) NOT NULL default '0',
- `auth_add` tinyint(1) NOT NULL default '0',
- `auth_edit` tinyint(1) NOT NULL default '0',
- `auth_delete` tinyint(1) NOT NULL default '0',
- `auth_mod` tinyint(1) NOT NULL default '0',
- `auth_comment` tinyint(1) NOT NULL default '0',
- `auth_rate` tinyint(1) NOT NULL default '0',
- `auth_a` tinyint(1) NOT NULL default '0',
- `auth_attachments` tinyint(1) NOT NULL default '0',
- KEY `group_id` (`group_id`),
- KEY `cat_id` (`cat_id`)
-) ENGINE=MyISAM DEFAULT CHARSET=latin1;
+ group_id mediumint(8) NOT NULL default '0',
+ cat_id smallint(5) unsigned NOT NULL default '0',
+ auth_view tinyint(1) NOT NULL default '0',
+ auth_add tinyint(1) NOT NULL default '0',
+ auth_edit tinyint(1) NOT NULL default '0',
+ auth_delete tinyint(1) NOT NULL default '0',
+ auth_mod tinyint(1) NOT NULL default '0',
+ auth_comment tinyint(1) NOT NULL default '0',
+ auth_rate tinyint(1) NOT NULL default '0',
+ auth_attach tinyint(1) NOT NULL default '0',
+ KEY group_id (group_id),
+ KEY cat_id (cat_id)
)";
echo '<table width="100%" cellspacing="1" cellpadding="2" border="0" class="forumline">';
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
