* @license GNU General Public License, version 2 (GPL-2.0)
*
* For full copyright and license information, please see
* the docs/CREDITS.txt file.
*
*/
/**
* @ignore
*/
if (!defined('IN_PHPBB'))
{
exit;
}
/**
* ACP Permission/Auth class
*/
class auth_admin extends \phpbb\auth\auth
{
/**
* Init auth settings
*/
function auth_admin()
{
global $db, $cache;
if (($this->acl_options = $cache->get('_acl_options')) === false)
{
$sql = 'SELECT auth_option_id, auth_option, is_global, is_local
FROM ' . ACL_OPTIONS_TABLE . '
ORDER BY auth_option_id';
$result = $db->sql_query($sql);
$global = $local = 0;
$this->acl_options = array();
while ($row = $db->sql_fetchrow($result))
{
if ($row['is_global'])
{
$this->acl_options['global'][$row['auth_option']] = $global++;
}
if ($row['is_local'])
{
$this->acl_options['local'][$row['auth_option']] = $local++;
}
$this->acl_options['id'][$row['auth_option']] = (int) $row['auth_option_id'];
$this->acl_options['option'][(int) $row['auth_option_id']] = $row['auth_option'];
}
$db->sql_freeresult($result);
$cache->put('_acl_options', $this->acl_options);
}
}
/**
* Get permission mask
* This function only supports getting permissions of one type (for example a_)
*
* @param set|view $mode defines the permissions we get, view gets effective permissions (checking user AND group permissions), set only gets the user or group permission set alone
* @param mixed $user_id user ids to search for (a user_id or a group_id has to be specified at least)
* @param mixed $group_id group ids to search for, return group related settings (a user_id or a group_id has to be specified at least)
* @param mixed $forum_id forum_ids to search for. Defining a forum id also means getting local settings
* @param string $auth_option the auth_option defines the permission setting to look for (a_ for example)
* @param local|global $scope the scope defines the permission scope. If local, a forum_id is additionally required
* @param ACL_NEVER|ACL_NO|ACL_YES $acl_fill defines the mode those permissions not set are getting filled with
*/
function get_mask($mode, $user_id = false, $group_id = false, $forum_id = false, $auth_option = false, $scope = false, $acl_fill = ACL_NEVER)
{
global $db, $user;
$hold_ary = array();
$view_user_mask = ($mode == 'view' && $group_id === false) ? true : false;
if ($auth_option === false || $scope === false)
{
return array();
}
$acl_user_function = ($mode == 'set') ? 'acl_user_raw_data' : 'acl_raw_data';
if (!$view_user_mask)
{
if ($forum_id !== false)
{
$hold_ary = ($group_id !== false) ? $this->acl_group_raw_data($group_id, $auth_option . '%', $forum_id) : $this->$acl_user_function($user_id, $auth_option . '%', $forum_id);
}
else
{
$hold_ary = ($group_id !== false) ? $this->acl_group_raw_data($group_id, $auth_option . '%', ($scope == 'global') ? 0 : false) : $this->$acl_user_function($user_id, $auth_option . '%', ($scope == 'global') ? 0 : false);
}
}
// Make sure hold_ary is filled with every setting (prevents missing forums/users/groups)
$ug_id = ($group_id !== false) ? ((!is_array($group_id)) ? array($group_id) : $group_id) : ((!is_array($user_id)) ? array($user_id) : $user_id);
$forum_ids = ($forum_id !== false) ? ((!is_array($forum_id)) ? array($forum_id) : $forum_id) : (($scope == 'global') ? array(0) : array());
// Only those options we need
$compare_options = array_diff(preg_replace('/^((?!' . $auth_option . ').+)|(' . $auth_option . ')$/', '', array_keys($this->acl_options[$scope])), array(''));
// If forum_ids is false and the scope is local we actually want to have all forums within the array
if ($scope == 'local' && !count($forum_ids))
{
$sql = 'SELECT forum_id
FROM ' . FORUMS_TABLE;
$result = $db->sql_query($sql, 120);
while ($row = $db->sql_fetchrow($result))
{
$forum_ids[] = (int) $row['forum_id'];
}
$db->sql_freeresult($result);
}
if ($view_user_mask)
{
$auth2 = null;
$sql = 'SELECT user_id, user_permissions, user_type
FROM ' . USERS_TABLE . '
WHERE ' . $db->sql_in_set('user_id', $ug_id);
$result = $db->sql_query($sql);
while ($userdata = $db->sql_fetchrow($result))
{
if ($user->data['user_id'] != $userdata['user_id'])
{
$auth2 = new \phpbb\auth\auth();
$auth2->acl($userdata);
}
else
{
global $auth;
$auth2 = &$auth;
}
$hold_ary[$userdata['user_id']] = array();
foreach ($forum_ids as $f_id)
{
$hold_ary[$userdata['user_id']][$f_id] = array();
foreach ($compare_options as $option)
{
$hold_ary[$userdata['user_id']][$f_id][$option] = $auth2->acl_get($option, $f_id);
}
}
}
$db->sql_freeresult($result);
unset($userdata);
unset($auth2);
}
foreach ($ug_id as $_id)
{
if (!isset($hold_ary[$_id]))
{
$hold_ary[$_id] = array();
}
foreach ($forum_ids as $f_id)
{
if (!isset($hold_ary[$_id][$f_id]))
{
$hold_ary[$_id][$f_id] = array();
}
}
}
// Now, we need to fill the gaps with $acl_fill. ;)
// Now switch back to keys
if (count($compare_options))
{
$compare_options = array_combine($compare_options, array_fill(1, count($compare_options), $acl_fill));
}
// Defining the user-function here to save some memory
$return_acl_fill = function () use ($acl_fill)
{
return $acl_fill;
};
// Actually fill the gaps
if (count($hold_ary))
{
foreach ($hold_ary as $ug_id => $row)
{
foreach ($row as $id => $options)
{
// Do not include the global auth_option
unset($options[$auth_option]);
// Not a "fine" solution, but at all it's a 1-dimensional
// array_diff_key function filling the resulting array values with zeros
// The differences get merged into $hold_ary (all permissions having $acl_fill set)
$hold_ary[$ug_id][$id] = array_merge($options,
array_map($return_acl_fill,
array_flip(
array_diff(
array_keys($compare_options), array_keys($options)
)
)
)
);
}
}
}
else
{
$hold_ary[($group_id !== false) ? $group_id : $user_id][(int) $forum_id] = $compare_options;
}
return $hold_ary;
}
/**
* Get permission mask for roles
* This function only supports getting masks for one role
*/
function get_role_mask($role_id)
{
global $db;
$hold_ary = array();
// Get users having this role set...
$sql = 'SELECT user_id, forum_id
FROM ' . ACL_USERS_TABLE . '
WHERE auth_role_id = ' . $role_id . '
ORDER BY forum_id';
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
{
$hold_ary[$row['forum_id']]['users'][] = $row['user_id'];
}
$db->sql_freeresult($result);
// Now grab groups...
$sql = 'SELECT group_id, forum_id
FROM ' . ACL_GROUPS_TABLE . '
WHERE auth_role_id = ' . $role_id . '
ORDER BY forum_id';
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
{
$hold_ary[$row['forum_id']]['groups'][] = $row['group_id'];
}
$db->sql_freeresult($result);
return $hold_ary;
}
/**
* Display permission mask (assign to template)
*/
function display_mask($mode, $permission_type, &$hold_ary, $user_mode = 'user', $local = false, $group_display = true)
{
global $template, $user, $db, $phpbb_container;
/* @var $phpbb_permissions \phpbb\permissions */
$phpbb_permissions = $phpbb_container->get('acl.permissions');
/** @var \phpbb\group\helper $group_helper */
$group_helper = $phpbb_container->get('group_helper');
// Define names for template loops, might be able to be set
$tpl_pmask = 'p_mask';
$tpl_fmask = 'f_mask';
$tpl_category = 'category';
$tpl_mask = 'mask';
$l_acl_type = $phpbb_permissions->get_type_lang($permission_type, (($local) ? 'local' : 'global'));
// Allow trace for viewing permissions and in user mode
$show_trace = ($mode == 'view' && $user_mode == 'user') ? true : false;
// Get names
if ($user_mode == 'user')
{
$sql = 'SELECT user_id as ug_id, username as ug_name
FROM ' . USERS_TABLE . '
WHERE ' . $db->sql_in_set('user_id', array_keys($hold_ary)) . '
ORDER BY username_clean ASC';
}
else
{
$sql = 'SELECT group_id as ug_id, group_name as ug_name, group_type
FROM ' . GROUPS_TABLE . '
WHERE ' . $db->sql_in_set('group_id', array_keys($hold_ary)) . '
ORDER BY group_type DESC, group_name ASC';
}
$result = $db->sql_query($sql);
$ug_names_ary = array();
while ($row = $db->sql_fetchrow($result))
{
$ug_names_ary[$row['ug_id']] = ($user_mode == 'user') ? $row['ug_name'] : $group_helper->get_name($row['ug_name']);
}
$db->sql_freeresult($result);
// Get used forums
$forum_ids = array();
foreach ($hold_ary as $ug_id => $row)
{
$forum_ids = array_merge($forum_ids, array_keys($row));
}
$forum_ids = array_unique($forum_ids);
$forum_names_ary = array();
if ($local)
{
$forum_names_ary = make_forum_select(false, false, true, false, false, false, true);
// Remove the disabled ones, since we do not create an option field here...
foreach ($forum_names_ary as $key => $value)
{
if (!$value['disabled'])
{
continue;
}
unset($forum_names_ary[$key]);
}
}
else
{
$forum_names_ary[0] = $l_acl_type;
}
// Get available roles
$sql = 'SELECT *
FROM ' . ACL_ROLES_TABLE . "
WHERE role_type = '" . $db->sql_escape($permission_type) . "'
ORDER BY role_order ASC";
$result = $db->sql_query($sql);
$roles = array();
while ($row = $db->sql_fetchrow($result))
{
$roles[$row['role_id']] = $row;
}
$db->sql_freeresult($result);
$cur_roles = $this->acl_role_data($user_mode, $permission_type, array_keys($hold_ary));
// Build js roles array (role data assignments)
$s_role_js_array = '';
if (count($roles))
{
$s_role_js_array = array();
// Make sure every role (even if empty) has its array defined
foreach ($roles as $_role_id => $null)
{
$s_role_js_array[$_role_id] = "\n" . 'role_options[' . $_role_id . '] = new Array();' . "\n";
}
$sql = 'SELECT r.role_id, o.auth_option, r.auth_setting
FROM ' . ACL_ROLES_DATA_TABLE . ' r, ' . ACL_OPTIONS_TABLE . ' o
WHERE o.auth_option_id = r.auth_option_id
AND ' . $db->sql_in_set('r.role_id', array_keys($roles));
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
{
$flag = substr($row['auth_option'], 0, strpos($row['auth_option'], '_') + 1);
if ($flag == $row['auth_option'])
{
continue;
}
$s_role_js_array[$row['role_id']] .= 'role_options[' . $row['role_id'] . '][\'' . addslashes($row['auth_option']) . '\'] = ' . $row['auth_setting'] . '; ';
}
$db->sql_freeresult($result);
$s_role_js_array = implode('', $s_role_js_array);
}
$template->assign_var('S_ROLE_JS_ARRAY', $s_role_js_array);
unset($s_role_js_array);
// Now obtain memberships
$user_groups_default = $user_groups_custom = array();
if ($user_mode == 'user' && $group_display)
{
$sql = 'SELECT group_id, group_name, group_type
FROM ' . GROUPS_TABLE . '
ORDER BY group_type DESC, group_name ASC';
$result = $db->sql_query($sql);
$groups = array();
while ($row = $db->sql_fetchrow($result))
{
$groups[$row['group_id']] = $row;
}
$db->sql_freeresult($result);
$memberships = group_memberships(false, array_keys($hold_ary), false);
// User is not a member of any group? Bad admin, bad bad admin...
if ($memberships)
{
foreach ($memberships as $row)
{
$user_groups_default[$row['user_id']][] = $group_helper->get_name($groups[$row['group_id']]['group_name']);
}
}
unset($memberships, $groups);
}
// If we only have one forum id to display or being in local mode and more than one user/group to display,
// we switch the complete interface to group by user/usergroup instead of grouping by forum
// To achieve this, we need to switch the array a bit
if (count($forum_ids) == 1 || ($local && count($ug_names_ary) > 1))
{
$hold_ary_temp = $hold_ary;
$hold_ary = array();
foreach ($hold_ary_temp as $ug_id => $row)
{
foreach ($forum_names_ary as $forum_id => $forum_row)
{
if (isset($row[$forum_id]))
{
$hold_ary[$forum_id][$ug_id] = $row[$forum_id];
}
}
}
unset($hold_ary_temp);
foreach ($hold_ary as $forum_id => $forum_array)
{
$content_array = $categories = array();
$this->build_permission_array($hold_ary[$forum_id], $content_array, $categories, array_keys($ug_names_ary));
$template->assign_block_vars($tpl_pmask, array(
'NAME' => ($forum_id == 0) ? $forum_names_ary[0] : $forum_names_ary[$forum_id]['forum_name'],
'PADDING' => ($forum_id == 0) ? '' : $forum_names_ary[$forum_id]['padding'],
'CATEGORIES' => implode('