[ Index ]

PHP Cross Reference of MyBB 1.8.21

title

Body

[close]

/admin/modules/user/ -> admin_permissions.php (source)

   1  <?php
   2  /**
   3   * MyBB 1.8
   4   * Copyright 2014 MyBB Group, All Rights Reserved
   5   *
   6   * Website: http://www.mybb.com
   7   * License: http://www.mybb.com/about/license
   8   *
   9   */
  10  
  11  // Disallow direct access to this file for security reasons
  12  if(!defined("IN_MYBB"))
  13  {
  14      die("Direct initialization of this file is not allowed.<br /><br />Please make sure IN_MYBB is defined.");
  15  }
  16  
  17  $page->add_breadcrumb_item($lang->admin_permissions, "index.php?module=user-admin_permissions");
  18  
  19  if(($mybb->input['action'] == "edit" && $mybb->input['uid'] == 0) || $mybb->input['action'] == "group" || !$mybb->input['action'])
  20  {
  21      $sub_tabs['user_permissions'] = array(
  22          'title' => $lang->user_permissions,
  23          'link' => "index.php?module=user-admin_permissions",
  24          'description' => $lang->user_permissions_desc
  25      );
  26  
  27      $sub_tabs['group_permissions'] = array(
  28          'title' => $lang->group_permissions,
  29          'link' => "index.php?module=user-admin_permissions&amp;action=group",
  30          'description' => $lang->group_permissions_desc
  31      );
  32  
  33      $sub_tabs['default_permissions'] = array(
  34          'title' => $lang->default_permissions,
  35          'link' => "index.php?module=user-admin_permissions&amp;action=edit&amp;uid=0",
  36          'description' => $lang->default_permissions_desc
  37      );
  38  }
  39  
  40  $uid = $mybb->get_input('uid', MyBB::INPUT_INT);
  41  
  42  $plugins->run_hooks("admin_user_admin_permissions_begin");
  43  
  44  if($mybb->input['action'] == "delete")
  45  {
  46      if(is_super_admin($uid))
  47      {
  48          flash_message($lang->error_super_admin, 'error');
  49          admin_redirect("index.php?module=user-admin_permissions");
  50      }
  51  
  52      if($mybb->input['no'])
  53      {
  54          admin_redirect("index.php?module=user-admin_permissions");
  55      }
  56  
  57      if(!trim($mybb->input['uid']))
  58      {
  59          flash_message($lang->error_delete_no_uid, 'error');
  60          admin_redirect("index.php?module=user-admin_permissions");
  61      }
  62  
  63      $query = $db->simple_select("adminoptions", "COUNT(uid) as adminoptions", "uid = '{$mybb->input['uid']}'");
  64      if($db->fetch_field($query, 'adminoptions') == 0)
  65      {
  66          flash_message($lang->error_delete_invalid_uid, 'error');
  67          admin_redirect("index.php?module=user-admin_permissions");
  68      }
  69  
  70      $plugins->run_hooks("admin_user_admin_permissions_delete");
  71  
  72      if($mybb->request_method == "post")
  73      {
  74          $newperms = array(
  75              "permissions" => ''
  76          );
  77  
  78          $plugins->run_hooks("admin_user_admin_permissions_delete_commit");
  79  
  80          $db->update_query("adminoptions", $newperms, "uid = '{$uid}'");
  81  
  82          // Log admin action
  83          if($uid < 0)
  84          {
  85              $gid = abs($uid);
  86              $query = $db->simple_select("usergroups", "title", "gid='{$gid}'");
  87              $group = $db->fetch_array($query);
  88              log_admin_action($uid, $group['title']);
  89  
  90          }
  91          elseif($uid == 0)
  92          {
  93              // Default
  94              log_admin_action(0, $lang->default);
  95          }
  96          else
  97          {
  98              $user = get_user($uid);
  99              log_admin_action($uid, $user['username']);
 100          }
 101  
 102          flash_message($lang->success_perms_deleted, 'success');
 103          admin_redirect("index.php?module=user-admin_permissions");
 104      }
 105      else
 106      {
 107          $page->output_confirm_action("index.php?module=user-admin_permissions&amp;action=delete&amp;uid={$mybb->input['uid']}", $lang->confirm_perms_deletion);
 108      }
 109  }
 110  
 111  if($mybb->input['action'] == "edit")
 112  {
 113      if(is_super_admin($uid))
 114      {
 115          flash_message($lang->error_super_admin, 'error');
 116          admin_redirect("index.php?module=user-admin_permissions");
 117      }
 118  
 119      $plugins->run_hooks("admin_user_admin_permissions_edit");
 120  
 121      if($mybb->request_method == "post")
 122      {
 123          foreach($mybb->input['permissions'] as $module => $actions)
 124          {
 125              if(is_array($actions))
 126              {
 127                  $no_access = 0;
 128                  foreach($actions as $action => $access)
 129                  {
 130                      if($access == 0)
 131                      {
 132                          ++$no_access;
 133                      }
 134                  }
 135                  // User can't access any actions in this module - just disallow it completely
 136                  if($no_access == count($actions))
 137                  {
 138                      unset($mybb->input['permissions'][$module]);
 139                  }
 140              }
 141          }
 142  
 143          // Does an options row exist for this admin already?
 144          $query = $db->simple_select("adminoptions", "COUNT(uid) AS existing_options", "uid='".$mybb->get_input('uid', MyBB::INPUT_INT)."'");
 145          $existing_options = $db->fetch_field($query, "existing_options");
 146          if($existing_options > 0)
 147          {
 148              $db->update_query("adminoptions", array('permissions' => $db->escape_string(my_serialize($mybb->input['permissions']))), "uid = '".$mybb->get_input('uid', MyBB::INPUT_INT)."'");
 149          }
 150          else
 151          {
 152              $insert_array = array(
 153                  "uid" => $mybb->get_input('uid', MyBB::INPUT_INT),
 154                  "permissions" => $db->escape_string(my_serialize($mybb->input['permissions'])),
 155                  "notes" => '',
 156                  "defaultviews" => ''
 157              );
 158              $db->insert_query("adminoptions", $insert_array);
 159          }
 160  
 161          $plugins->run_hooks("admin_user_admin_permissions_edit_commit");
 162  
 163          // Log admin action
 164          if($uid > 0)
 165          {
 166              // Users
 167              $user = get_user($uid);
 168              log_admin_action($uid, $user['username']);
 169          }
 170          elseif($uid < 0)
 171          {
 172              // Groups
 173              $gid = abs($uid);
 174              $query = $db->simple_select("usergroups", "title", "gid='{$gid}'");
 175              $group = $db->fetch_array($query);
 176              log_admin_action($uid, $group['title']);
 177          }
 178          else
 179          {
 180              // Default
 181              log_admin_action(0);
 182          }
 183  
 184          flash_message($lang->admin_permissions_updated, 'success');
 185          admin_redirect("index.php?module=user-admin_permissions");
 186      }
 187  
 188      if($uid > 0)
 189      {
 190          switch($db->type)
 191          {
 192              case "pgsql":
 193              case "sqlite":
 194                  $query = $db->query("
 195                      SELECT u.uid, u.username, g.cancp, g.gid
 196                      FROM ".TABLE_PREFIX."users u
 197                      LEFT JOIN ".TABLE_PREFIX."usergroups g ON (((','|| u.additionalgroups|| ',' LIKE '%,'|| g.gid|| ',%') OR u.usergroup = g.gid))
 198                      WHERE u.uid='$uid'
 199                      AND g.cancp=1
 200                      LIMIT 1
 201                  ");
 202                  break;
 203              default:
 204              $query = $db->query("
 205                  SELECT u.uid, u.username, g.cancp, g.gid
 206                  FROM ".TABLE_PREFIX."users u
 207                  LEFT JOIN ".TABLE_PREFIX."usergroups g ON (((CONCAT(',', u.additionalgroups, ',') LIKE CONCAT('%,', g.gid, ',%')) OR u.usergroup = g.gid))
 208                  WHERE u.uid='$uid'
 209                  AND g.cancp=1
 210                  LIMIT 1
 211              ");
 212          }
 213  
 214          $admin = $db->fetch_array($query);
 215          $permission_data = get_admin_permissions($uid, $admin['gid']);
 216          $title = htmlspecialchars_uni($admin['username']);
 217          $page->add_breadcrumb_item($lang->user_permissions, "index.php?module=user-admin_permissions");
 218      }
 219      elseif($uid < 0)
 220      {
 221          $gid = abs($uid);
 222          $query = $db->simple_select("usergroups", "title", "gid='$gid'");
 223          $group = $db->fetch_array($query);
 224          $permission_data = get_admin_permissions("", $gid);
 225          $title = $group['title'];
 226          $page->add_breadcrumb_item($lang->group_permissions, "index.php?module=user-admin_permissions&amp;action=group");
 227      }
 228      else
 229      {
 230          $query = $db->simple_select("adminoptions", "permissions", "uid='0'");
 231          $permission_data = my_unserialize($db->fetch_field($query, "permissions"));
 232          $page->add_breadcrumb_item($lang->default_permissions);
 233          $title = $lang->default;
 234      }
 235  
 236      if($uid != 0)
 237      {
 238          $page->add_breadcrumb_item($lang->edit_permissions.": {$title}");
 239      }
 240  
 241      $page->output_header($lang->edit_permissions);
 242  
 243      if($uid != 0)
 244      {
 245          $sub_tabs['edit_permissions'] = array(
 246              'title' => $lang->edit_permissions,
 247              'link' => "index.php?module=user-admin_permissions&amp;action=edit&amp;uid={$uid}",
 248              'description' => $lang->edit_permissions_desc
 249          );
 250  
 251          $page->output_nav_tabs($sub_tabs, 'edit_permissions');
 252      }
 253  
 254      $form = new Form("index.php?module=user-admin_permissions&amp;action=edit", "post", "edit");
 255  
 256      echo $form->generate_hidden_field("uid", $uid);
 257  
 258      // Fetch all of the modules we have
 259      $modules_dir = MYBB_ADMIN_DIR."modules";
 260      $dir = opendir($modules_dir);
 261      $modules = array();
 262      while(($module = readdir($dir)) !== false)
 263      {
 264          if(is_dir($modules_dir."/".$module) && !in_array($module, array(".", "..")) && file_exists($modules_dir."/".$module."/module_meta.php"))
 265          {
 266              require_once $modules_dir."/".$module."/module_meta.php";
 267              $meta_function = $module."_admin_permissions";
 268  
 269              // Module has no permissions, skip it
 270              if(function_exists($meta_function) && is_array($meta_function()))
 271              {
 272                  $permission_modules[$module] = $meta_function();
 273                  $modules[$permission_modules[$module]['disporder']][] = $module;
 274              }
 275          }
 276      }
 277      closedir($dir);
 278  
 279      ksort($modules);
 280      foreach($modules as $disp_order => $mod)
 281      {
 282          if(!is_array($mod))
 283          {
 284              continue;
 285          }
 286  
 287          foreach($mod as $module)
 288          {
 289              $module_tabs[$module] = $permission_modules[$module]['name'];
 290          }
 291      }
 292      $page->output_tab_control($module_tabs);
 293  
 294      foreach($permission_modules as $key => $module)
 295      {
 296          echo "<div id=\"tab_{$key}\">\n";
 297          $form_container = new FormContainer("{$module['name']}");
 298          foreach($module['permissions'] as $action => $title)
 299          {
 300              $form_container->output_row($title, "", $form->generate_yes_no_radio('permissions['.$key.']['.$action.']', (int)$permission_data[$key][$action], array('yes' => 1, 'no' => 0)), 'permissions['.$key.']['.$action.']');
 301          }
 302          $form_container->end();
 303          echo "</div>\n";
 304      }
 305  
 306      $buttons[] = $form->generate_submit_button($lang->update_permissions);
 307      $form->output_submit_wrapper($buttons);
 308      $form->end();
 309  
 310      $page->output_footer();
 311  }
 312  
 313  if($mybb->input['action'] == "group")
 314  {
 315      $plugins->run_hooks("admin_user_admin_permissions_group");
 316  
 317      $page->add_breadcrumb_item($lang->group_permissions);
 318      $page->output_header($lang->group_permissions);
 319  
 320      $page->output_nav_tabs($sub_tabs, 'group_permissions');
 321  
 322      $table = new Table;
 323      $table->construct_header($lang->group);
 324      $table->construct_header($lang->controls, array("class" => "align_center", "width" => 150));
 325  
 326      // Get usergroups with ACP access
 327      $query = $db->query("
 328          SELECT g.title, g.cancp, a.permissions, g.gid
 329          FROM ".TABLE_PREFIX."usergroups g
 330          LEFT JOIN ".TABLE_PREFIX."adminoptions a ON (a.uid = -g.gid)
 331          WHERE g.cancp = 1
 332          ORDER BY g.title ASC
 333      ");
 334      while($group = $db->fetch_array($query))
 335      {
 336          if($group['permissions'] != "")
 337          {
 338              $perm_type = "group";
 339          }
 340          else
 341          {
 342              $perm_type = "default";
 343          }
 344          $uid = -$group['gid'];
 345  
 346          $group['title'] = htmlspecialchars_uni($group['title']);
 347  
 348          $table->construct_cell("<div class=\"float_right\"><img src=\"styles/{$page->style}/images/icons/{$perm_type}.png\" title=\"{$lang->permissions_type_group}\" alt=\"{$perm_type}\" /></div><div><strong><a href=\"index.php?module=user-admin_permissions&amp;action=edit&amp;uid={$uid}\" title=\"{$lang->edit_group}\">{$group['title']}</a></strong><br /></div>");
 349  
 350          if($group['permissions'] != "")
 351          {
 352              $popup = new PopupMenu("groupperm_{$uid}", $lang->options);
 353              $popup->add_item($lang->edit_permissions, "index.php?module=user-admin_permissions&amp;action=edit&amp;uid={$uid}");
 354  
 355              // Check permissions for Revoke
 356              $popup->add_item($lang->revoke_permissions, "index.php?module=user-admin_permissions&amp;action=delete&amp;uid={$uid}&amp;my_post_key={$mybb->post_code}", "return AdminCP.deleteConfirmation(this, 'Are you sure you wish to revoke this group\'s permissions?')");
 357              $table->construct_cell($popup->fetch(), array("class" => "align_center"));
 358          }
 359          else
 360          {
 361              $table->construct_cell("<a href=\"index.php?module=user-admin_permissions&amp;action=edit&amp;uid={$uid}\">{$lang->set_permissions}</a>", array("class" => "align_center"));
 362          }
 363          $table->construct_row();
 364      }
 365  
 366      if($table->num_rows() == 0)
 367      {
 368          $table->construct_cell($lang->no_group_perms, array("colspan" => "3"));
 369          $table->construct_row();
 370      }
 371  
 372      $table->output($lang->group_permissions);
 373  
 374      echo <<<LEGEND
 375  <br />
 376  <fieldset>
 377  <legend>{$lang->legend}</legend>
 378  <img src="styles/{$page->style}/images/icons/group.png" alt="{$lang->using_custom_perms}" style="vertical-align: middle;" /> {$lang->using_custom_perms}<br />
 379  <img src="styles/{$page->style}/images/icons/default.png" alt="{$lang->using_default_perms}" style="vertical-align: middle;" /> {$lang->using_default_perms}</fieldset>
 380  LEGEND;
 381  
 382      $page->output_footer();
 383  }
 384  
 385  if(!$mybb->input['action'])
 386  {
 387      $plugins->run_hooks("admin_user_admin_permissions_start");
 388  
 389      $page->add_breadcrumb_item($lang->user_permissions);
 390      $page->output_header($lang->user_permissions);
 391  
 392      $page->output_nav_tabs($sub_tabs, 'user_permissions');
 393  
 394      $table = new Table;
 395      $table->construct_header($lang->user);
 396      $table->construct_header($lang->last_active, array("class" => "align_center", "width" => 200));
 397      $table->construct_header($lang->controls, array("class" => "align_center", "width" => 150));
 398  
 399      // Get usergroups with ACP access
 400      $usergroups = array();
 401      $query = $db->simple_select("usergroups", "*", "cancp = 1");
 402      while($usergroup = $db->fetch_array($query))
 403      {
 404          $usergroups[$usergroup['gid']] = $usergroup;
 405      }
 406  
 407      if(!empty($usergroups))
 408      {
 409          // Get users whose primary or secondary usergroup has ACP access
 410          $comma = $primary_group_list = $secondary_group_list = '';
 411          foreach($usergroups as $gid => $group_info)
 412          {
 413              $primary_group_list .= $comma.$gid;
 414              switch($db->type)
 415              {
 416                  case "pgsql":
 417                  case "sqlite":
 418                      $secondary_group_list .= " OR ','|| u.additionalgroups||',' LIKE '%,{$gid},%'";
 419                      break;
 420                  default:
 421                      $secondary_group_list .= " OR CONCAT(',', u.additionalgroups,',') LIKE '%,{$gid},%'";
 422              }
 423  
 424              $comma = ',';
 425          }
 426  
 427          $group_list = implode(',', array_keys($usergroups));
 428          $secondary_groups = ','.$group_list.',';
 429  
 430          // Get usergroups with ACP access
 431          $query = $db->query("
 432              SELECT g.title, g.cancp, a.permissions, g.gid
 433              FROM ".TABLE_PREFIX."usergroups g
 434              LEFT JOIN ".TABLE_PREFIX."adminoptions a ON (a.uid = -g.gid)
 435              WHERE g.cancp = 1
 436              ORDER BY g.title ASC
 437          ");
 438          while($group = $db->fetch_array($query))
 439          {
 440              $group_permissions[$group['gid']] = $group['permissions'];
 441          }
 442  
 443          $query = $db->query("
 444              SELECT u.uid, u.username, u.lastactive, u.usergroup, u.additionalgroups, a.permissions
 445              FROM ".TABLE_PREFIX."users u
 446              LEFT JOIN ".TABLE_PREFIX."adminoptions a ON (a.uid=u.uid)
 447              WHERE u.usergroup IN ({$primary_group_list}) {$secondary_group_list}
 448              ORDER BY u.username ASC
 449          ");
 450          while($admin = $db->fetch_array($query))
 451          {
 452              $perm_type = "default";
 453              
 454              if($admin['permissions'] != "")
 455              {
 456                  $perm_type = "user";
 457              }
 458              else
 459              {
 460                  $groups = explode(",", $admin['additionalgroups'].",".$admin['usergroup']);
 461                  foreach($groups as $group)
 462                  {
 463                      if($group == "") continue;
 464                      if($group_permissions[$group] != "")
 465                      {
 466                          $perm_type = "group";
 467                          break;
 468                      }
 469                  }
 470              }
 471  
 472              $usergroup_list = array();
 473  
 474              // Build a list of group memberships that have access to the Admin CP
 475              // Primary usergroup?
 476              if($usergroups[$admin['usergroup']]['cancp'] == 1)
 477              {
 478                  $usergroup_list[] = "<i>".htmlspecialchars_uni($usergroups[$admin['usergroup']]['title'])."</i>";
 479              }
 480  
 481              // Secondary usergroups?
 482              $additional_groups = explode(',', $admin['additionalgroups']);
 483              if(is_array($additional_groups))
 484              {
 485                  foreach($additional_groups as $gid)
 486                  {
 487                      if($usergroups[$gid]['cancp'] == 1)
 488                      {
 489                          $usergroup_list[] = htmlspecialchars_uni($usergroups[$gid]['title']);
 490                      }
 491                  }
 492              }
 493              $usergroup_list = implode($lang->comma, $usergroup_list);
 494  
 495              $username = htmlspecialchars_uni($admin['username']);
 496              $table->construct_cell("<div class=\"float_right\"><img src=\"styles/{$page->style}/images/icons/{$perm_type}.png\" title=\"{$lang->perms_type_user}\" alt=\"{$perm_type}\" /></div><div><strong><a href=\"index.php?module=user-admin_permissions&amp;action=edit&amp;uid={$admin['uid']}\" title=\"{$lang->edit_user}\">{$username}</a></strong><br /><small>{$usergroup_list}</small></div>");
 497  
 498              $table->construct_cell(my_date('relative', $admin['lastactive']), array("class" => "align_center"));
 499  
 500              $popup = new PopupMenu("adminperm_{$admin['uid']}", $lang->options);
 501              if(!is_super_admin($admin['uid']))
 502              {
 503                  if($admin['permissions'] != "")
 504                  {
 505                      $popup->add_item($lang->edit_permissions, "index.php?module=user-admin_permissions&amp;action=edit&amp;uid={$admin['uid']}");
 506                      $popup->add_item($lang->revoke_permissions, "index.php?module=user-admin_permissions&amp;action=delete&amp;uid={$admin['uid']}&amp;my_post_key={$mybb->post_code}", "return AdminCP.deleteConfirmation(this, '{$lang->confirm_perms_deletion2}')");
 507                  }
 508                  else
 509                  {
 510                      $popup->add_item($lang->set_permissions, "index.php?module=user-admin_permissions&amp;action=edit&amp;uid={$admin['uid']}");
 511                  }
 512              }
 513              $popup->add_item($lang->view_log, "index.php?module=tools-adminlog&amp;uid={$admin['uid']}");
 514              $table->construct_cell($popup->fetch(), array("class" => "align_center"));
 515              $table->construct_row();
 516          }
 517      }
 518  
 519      if(empty($usergroups) || $table->num_rows() == 0)
 520      {
 521          $table->construct_cell($lang->no_user_perms, array("colspan" => "3"));
 522          $table->construct_row();
 523      }
 524  
 525      $table->output($lang->user_permissions);
 526  
 527      echo <<<LEGEND
 528  <br />
 529  <fieldset>
 530  <legend>{$lang->legend}</legend>
 531  <img src="styles/{$page->style}/images/icons/user.png" alt="{$lang->using_individual_perms}" style="vertical-align: middle;" /> {$lang->using_individual_perms}<br />
 532  <img src="styles/{$page->style}/images/icons/group.png" alt="{$lang->using_group_perms}" style="vertical-align: middle;" /> {$lang->using_group_perms}<br />
 533  <img src="styles/{$page->style}/images/icons/default.png" alt="{$lang->using_default_perms}" style="vertical-align: middle;" /> {$lang->using_default_perms}</fieldset>
 534  LEGEND;
 535      $page->output_footer();
 536  }
 537  


2005 - 2019 © MyBB.de | Alle Rechte vorbehalten! | Sponsor: netcup Cross-referenced by PHPXref 0.7.1