[ Index ]

PHP Cross Reference of MyBB 1.8.38

title

Body

[close]

/admin/modules/user/ -> admin_permissions.php (source)

   1  <?php
   2  /**
   3   * MyBB 1.8
   4   * Copyright 2014 MyBB Group, All Rights Reserved
   5   *
   6   * Website: http://www.mybb.com
   7   * License: http://www.mybb.com/about/license
   8   *
   9   */
  10  
  11  // Disallow direct access to this file for security reasons
  12  if(!defined("IN_MYBB"))
  13  {
  14      die("Direct initialization of this file is not allowed.<br /><br />Please make sure IN_MYBB is defined.");
  15  }
  16  
  17  $page->add_breadcrumb_item($lang->admin_permissions, "index.php?module=user-admin_permissions");
  18  
  19  if(($mybb->input['action'] == "edit" && $mybb->input['uid'] == 0) || $mybb->input['action'] == "group" || !$mybb->input['action'])
  20  {
  21      $sub_tabs['user_permissions'] = array(
  22          'title' => $lang->user_permissions,
  23          'link' => "index.php?module=user-admin_permissions",
  24          'description' => $lang->user_permissions_desc
  25      );
  26  
  27      $sub_tabs['group_permissions'] = array(
  28          'title' => $lang->group_permissions,
  29          'link' => "index.php?module=user-admin_permissions&amp;action=group",
  30          'description' => $lang->group_permissions_desc
  31      );
  32  
  33      $sub_tabs['default_permissions'] = array(
  34          'title' => $lang->default_permissions,
  35          'link' => "index.php?module=user-admin_permissions&amp;action=edit&amp;uid=0",
  36          'description' => $lang->default_permissions_desc
  37      );
  38  }
  39  
  40  $uid = $mybb->get_input('uid', MyBB::INPUT_INT);
  41  
  42  $plugins->run_hooks("admin_user_admin_permissions_begin");
  43  
  44  if($mybb->input['action'] == "delete")
  45  {
  46      if(is_super_admin($uid))
  47      {
  48          flash_message($lang->error_super_admin, 'error');
  49          admin_redirect("index.php?module=user-admin_permissions");
  50      }
  51  
  52      if($mybb->get_input('no'))
  53      {
  54          admin_redirect("index.php?module=user-admin_permissions");
  55      }
  56  
  57      if(!trim($mybb->input['uid']))
  58      {
  59          flash_message($lang->error_delete_no_uid, 'error');
  60          admin_redirect("index.php?module=user-admin_permissions");
  61      }
  62  
  63      $query = $db->simple_select("adminoptions", "COUNT(uid) as adminoptions", "uid = '{$mybb->input['uid']}'");
  64      if($db->fetch_field($query, 'adminoptions') == 0)
  65      {
  66          flash_message($lang->error_delete_invalid_uid, 'error');
  67          admin_redirect("index.php?module=user-admin_permissions");
  68      }
  69  
  70      $plugins->run_hooks("admin_user_admin_permissions_delete");
  71  
  72      if($mybb->request_method == "post")
  73      {
  74          $newperms = array(
  75              "permissions" => ''
  76          );
  77  
  78          $plugins->run_hooks("admin_user_admin_permissions_delete_commit");
  79  
  80          $db->update_query("adminoptions", $newperms, "uid = '{$uid}'");
  81  
  82          // Log admin action
  83          if($uid < 0)
  84          {
  85              $gid = abs($uid);
  86              $query = $db->simple_select("usergroups", "title", "gid='{$gid}'");
  87              $group = $db->fetch_array($query);
  88              log_admin_action($uid, $group['title']);
  89  
  90          }
  91          elseif($uid == 0)
  92          {
  93              // Default
  94              log_admin_action(0, $lang->default);
  95          }
  96          else
  97          {
  98              $user = get_user($uid);
  99              log_admin_action($uid, $user['username']);
 100          }
 101  
 102          flash_message($lang->success_perms_deleted, 'success');
 103          admin_redirect("index.php?module=user-admin_permissions");
 104      }
 105      else
 106      {
 107          $page->output_confirm_action("index.php?module=user-admin_permissions&amp;action=delete&amp;uid={$mybb->input['uid']}", $lang->confirm_perms_deletion);
 108      }
 109  }
 110  
 111  if($mybb->input['action'] == "edit")
 112  {
 113      if(is_super_admin($uid))
 114      {
 115          flash_message($lang->error_super_admin, 'error');
 116          admin_redirect("index.php?module=user-admin_permissions");
 117      }
 118  
 119      $plugins->run_hooks("admin_user_admin_permissions_edit");
 120  
 121      if($mybb->request_method == "post")
 122      {
 123          foreach($mybb->input['permissions'] as $module => $actions)
 124          {
 125              if(is_array($actions))
 126              {
 127                  $no_access = 0;
 128                  foreach($actions as $action => $access)
 129                  {
 130                      if($access == 0)
 131                      {
 132                          ++$no_access;
 133                      }
 134                  }
 135                  // User can't access any actions in this module - just disallow it completely
 136                  if($no_access == count($actions))
 137                  {
 138                      unset($mybb->input['permissions'][$module]);
 139                  }
 140              }
 141          }
 142  
 143          // Does an options row exist for this admin already?
 144          $query = $db->simple_select("adminoptions", "COUNT(uid) AS existing_options", "uid='".$mybb->get_input('uid', MyBB::INPUT_INT)."'");
 145          $existing_options = $db->fetch_field($query, "existing_options");
 146          if($existing_options > 0)
 147          {
 148              $db->update_query("adminoptions", array('permissions' => $db->escape_string(my_serialize($mybb->input['permissions']))), "uid = '".$mybb->get_input('uid', MyBB::INPUT_INT)."'");
 149          }
 150          else
 151          {
 152              $insert_array = array(
 153                  "uid" => $mybb->get_input('uid', MyBB::INPUT_INT),
 154                  "permissions" => $db->escape_string(my_serialize($mybb->input['permissions'])),
 155                  "notes" => '',
 156                  "defaultviews" => ''
 157              );
 158              $db->insert_query("adminoptions", $insert_array);
 159          }
 160  
 161          $plugins->run_hooks("admin_user_admin_permissions_edit_commit");
 162  
 163          // Log admin action
 164          if($uid > 0)
 165          {
 166              // Users
 167              $user = get_user($uid);
 168              log_admin_action($uid, $user['username']);
 169          }
 170          elseif($uid < 0)
 171          {
 172              // Groups
 173              $gid = abs($uid);
 174              $query = $db->simple_select("usergroups", "title", "gid='{$gid}'");
 175              $group = $db->fetch_array($query);
 176              log_admin_action($uid, $group['title']);
 177          }
 178          else
 179          {
 180              // Default
 181              log_admin_action(0);
 182          }
 183  
 184          flash_message($lang->admin_permissions_updated, 'success');
 185          admin_redirect("index.php?module=user-admin_permissions");
 186      }
 187  
 188      if($uid > 0)
 189      {
 190          switch($db->type)
 191          {
 192              case "pgsql":
 193              case "sqlite":
 194                  $query = $db->query("
 195                      SELECT u.uid, u.username, g.cancp, g.gid
 196                      FROM ".TABLE_PREFIX."users u
 197                      LEFT JOIN ".TABLE_PREFIX."usergroups g ON (((','|| u.additionalgroups|| ',' LIKE '%,'|| g.gid|| ',%') OR u.usergroup = g.gid))
 198                      WHERE u.uid='$uid'
 199                      AND g.cancp=1
 200                      LIMIT 1
 201                  ");
 202                  break;
 203              default:
 204              $query = $db->query("
 205                  SELECT u.uid, u.username, g.cancp, g.gid
 206                  FROM ".TABLE_PREFIX."users u
 207                  LEFT JOIN ".TABLE_PREFIX."usergroups g ON (((CONCAT(',', u.additionalgroups, ',') LIKE CONCAT('%,', g.gid, ',%')) OR u.usergroup = g.gid))
 208                  WHERE u.uid='$uid'
 209                  AND g.cancp=1
 210                  LIMIT 1
 211              ");
 212          }
 213  
 214          $admin = $db->fetch_array($query);
 215          $permission_data = get_admin_permissions($uid, $admin['gid']);
 216          $title = htmlspecialchars_uni($admin['username']);
 217          $page->add_breadcrumb_item($lang->user_permissions, "index.php?module=user-admin_permissions");
 218      }
 219      elseif($uid < 0)
 220      {
 221          $gid = abs($uid);
 222          $query = $db->simple_select("usergroups", "title", "gid='$gid'");
 223          $group = $db->fetch_array($query);
 224          $permission_data = get_admin_permissions("", $gid);
 225          $title = $group['title'];
 226          $page->add_breadcrumb_item($lang->group_permissions, "index.php?module=user-admin_permissions&amp;action=group");
 227      }
 228      else
 229      {
 230          $query = $db->simple_select("adminoptions", "permissions", "uid='0'");
 231          $permission_data = my_unserialize($db->fetch_field($query, "permissions"));
 232          $page->add_breadcrumb_item($lang->default_permissions);
 233          $title = $lang->default;
 234      }
 235  
 236      if($uid != 0)
 237      {
 238          $page->add_breadcrumb_item($lang->edit_permissions.": {$title}");
 239      }
 240  
 241      $page->output_header($lang->edit_permissions);
 242  
 243      if($uid != 0)
 244      {
 245          $sub_tabs['edit_permissions'] = array(
 246              'title' => $lang->edit_permissions,
 247              'link' => "index.php?module=user-admin_permissions&amp;action=edit&amp;uid={$uid}",
 248              'description' => $lang->edit_permissions_desc
 249          );
 250  
 251          $page->output_nav_tabs($sub_tabs, 'edit_permissions');
 252      }
 253  
 254      $form = new Form("index.php?module=user-admin_permissions&amp;action=edit", "post", "edit");
 255  
 256      echo $form->generate_hidden_field("uid", $uid);
 257  
 258      // Fetch all of the modules we have
 259      $modules_dir = MYBB_ADMIN_DIR."modules";
 260      $dir = opendir($modules_dir);
 261      $modules = array();
 262      while(($module = readdir($dir)) !== false)
 263      {
 264          if(is_dir($modules_dir."/".$module) && !in_array($module, array(".", "..")) && file_exists($modules_dir."/".$module."/module_meta.php"))
 265          {
 266              require_once $modules_dir."/".$module."/module_meta.php";
 267              $meta_function = $module."_admin_permissions";
 268  
 269              // Module has no permissions, skip it
 270              if(function_exists($meta_function) && is_array($meta_function()))
 271              {
 272                  $permission_modules[$module] = $meta_function();
 273                  $modules[$permission_modules[$module]['disporder']][] = $module;
 274              }
 275          }
 276      }
 277      closedir($dir);
 278  
 279      ksort($modules);
 280      foreach($modules as $disp_order => $mod)
 281      {
 282          if(!is_array($mod))
 283          {
 284              continue;
 285          }
 286  
 287          foreach($mod as $module)
 288          {
 289              $module_tabs[$module] = $permission_modules[$module]['name'];
 290          }
 291      }
 292      $page->output_tab_control($module_tabs);
 293  
 294      foreach($permission_modules as $key => $module)
 295      {
 296          echo "<div id=\"tab_{$key}\">\n";
 297          $form_container = new FormContainer("{$module['name']}");
 298          foreach($module['permissions'] as $action => $title)
 299          {
 300              if(!isset($permission_data[$key][$action]))
 301              {
 302                  $permission_data[$key][$action] = 0;
 303              }
 304  
 305              $form_container->output_row($title, "", $form->generate_yes_no_radio('permissions['.$key.']['.$action.']', (int)$permission_data[$key][$action], array('yes' => 1, 'no' => 0)), 'permissions['.$key.']['.$action.']');
 306          }
 307          $form_container->end();
 308          echo "</div>\n";
 309      }
 310  
 311      $buttons[] = $form->generate_submit_button($lang->update_permissions);
 312      $form->output_submit_wrapper($buttons);
 313      $form->end();
 314  
 315      $page->output_footer();
 316  }
 317  
 318  if($mybb->input['action'] == "group")
 319  {
 320      $plugins->run_hooks("admin_user_admin_permissions_group");
 321  
 322      $page->add_breadcrumb_item($lang->group_permissions);
 323      $page->output_header($lang->group_permissions);
 324  
 325      $page->output_nav_tabs($sub_tabs, 'group_permissions');
 326  
 327      $table = new Table;
 328      $table->construct_header($lang->group);
 329      $table->construct_header($lang->controls, array("class" => "align_center", "width" => 150));
 330  
 331      // Get usergroups with ACP access
 332      $query = $db->query("
 333          SELECT g.title, g.cancp, a.permissions, g.gid
 334          FROM ".TABLE_PREFIX."usergroups g
 335          LEFT JOIN ".TABLE_PREFIX."adminoptions a ON (a.uid = -g.gid)
 336          WHERE g.cancp = 1
 337          ORDER BY g.title ASC
 338      ");
 339      while($group = $db->fetch_array($query))
 340      {
 341          if($group['permissions'] != "")
 342          {
 343              $perm_type = "group";
 344          }
 345          else
 346          {
 347              $perm_type = "default";
 348          }
 349          $uid = -$group['gid'];
 350  
 351          $group['title'] = htmlspecialchars_uni($group['title']);
 352  
 353          $table->construct_cell("<div class=\"float_right\"><img src=\"styles/{$page->style}/images/icons/{$perm_type}.png\" title=\"{$lang->permissions_type_group}\" alt=\"{$perm_type}\" /></div><div><strong><a href=\"index.php?module=user-admin_permissions&amp;action=edit&amp;uid={$uid}\" title=\"{$lang->edit_group}\">{$group['title']}</a></strong><br /></div>");
 354  
 355          if($group['permissions'] != "")
 356          {
 357              $popup = new PopupMenu("groupperm_{$uid}", $lang->options);
 358              $popup->add_item($lang->edit_permissions, "index.php?module=user-admin_permissions&amp;action=edit&amp;uid={$uid}");
 359  
 360              // Check permissions for Revoke
 361              $popup->add_item($lang->revoke_permissions, "index.php?module=user-admin_permissions&amp;action=delete&amp;uid={$uid}&amp;my_post_key={$mybb->post_code}", "return AdminCP.deleteConfirmation(this, '$lang->confirm_perms_deletion3')");
 362              $table->construct_cell($popup->fetch(), array("class" => "align_center"));
 363          }
 364          else
 365          {
 366              $table->construct_cell("<a href=\"index.php?module=user-admin_permissions&amp;action=edit&amp;uid={$uid}\">{$lang->set_permissions}</a>", array("class" => "align_center"));
 367          }
 368          $table->construct_row();
 369      }
 370  
 371      if($table->num_rows() == 0)
 372      {
 373          $table->construct_cell($lang->no_group_perms, array("colspan" => "3"));
 374          $table->construct_row();
 375      }
 376  
 377      $table->output($lang->group_permissions);
 378  
 379      echo <<<LEGEND
 380  <br />
 381  <fieldset>
 382  <legend>{$lang->legend}</legend>
 383  <img src="styles/{$page->style}/images/icons/group.png" alt="{$lang->using_custom_perms}" style="vertical-align: middle;" /> {$lang->using_custom_perms}<br />
 384  <img src="styles/{$page->style}/images/icons/default.png" alt="{$lang->using_default_perms}" style="vertical-align: middle;" /> {$lang->using_default_perms}</fieldset>
 385  LEGEND;
 386  
 387      $page->output_footer();
 388  }
 389  
 390  if(!$mybb->input['action'])
 391  {
 392      $plugins->run_hooks("admin_user_admin_permissions_start");
 393  
 394      $page->add_breadcrumb_item($lang->user_permissions);
 395      $page->output_header($lang->user_permissions);
 396  
 397      $page->output_nav_tabs($sub_tabs, 'user_permissions');
 398  
 399      $table = new Table;
 400      $table->construct_header($lang->user);
 401      $table->construct_header($lang->last_active, array("class" => "align_center", "width" => 200));
 402      $table->construct_header($lang->controls, array("class" => "align_center", "width" => 150));
 403  
 404      // Get usergroups with ACP access
 405      $usergroups = array();
 406      $query = $db->simple_select("usergroups", "*", "cancp = 1");
 407      while($usergroup = $db->fetch_array($query))
 408      {
 409          $usergroups[$usergroup['gid']] = $usergroup;
 410      }
 411  
 412      if(!empty($usergroups))
 413      {
 414          // Get users whose primary or secondary usergroup has ACP access
 415          $comma = $primary_group_list = $secondary_group_list = '';
 416          foreach($usergroups as $gid => $group_info)
 417          {
 418              $primary_group_list .= $comma.$gid;
 419              switch($db->type)
 420              {
 421                  case "pgsql":
 422                  case "sqlite":
 423                      $secondary_group_list .= " OR ','|| u.additionalgroups||',' LIKE '%,{$gid},%'";
 424                      break;
 425                  default:
 426                      $secondary_group_list .= " OR CONCAT(',', u.additionalgroups,',') LIKE '%,{$gid},%'";
 427              }
 428  
 429              $comma = ',';
 430          }
 431  
 432          $group_list = implode(',', array_keys($usergroups));
 433          $secondary_groups = ','.$group_list.',';
 434  
 435          // Get usergroups with ACP access
 436          $query = $db->query("
 437              SELECT g.title, g.cancp, a.permissions, g.gid
 438              FROM ".TABLE_PREFIX."usergroups g
 439              LEFT JOIN ".TABLE_PREFIX."adminoptions a ON (a.uid = -g.gid)
 440              WHERE g.cancp = 1
 441              ORDER BY g.title ASC
 442          ");
 443          while($group = $db->fetch_array($query))
 444          {
 445              $group_permissions[$group['gid']] = $group['permissions'];
 446          }
 447  
 448          $query = $db->query("
 449              SELECT u.uid, u.username, u.lastactive, u.usergroup, u.additionalgroups, a.permissions
 450              FROM ".TABLE_PREFIX."users u
 451              LEFT JOIN ".TABLE_PREFIX."adminoptions a ON (a.uid=u.uid)
 452              WHERE u.usergroup IN ({$primary_group_list}) {$secondary_group_list}
 453              ORDER BY u.username ASC
 454          ");
 455          while($admin = $db->fetch_array($query))
 456          {
 457              $perm_type = "default";
 458  
 459              if($admin['permissions'] != "")
 460              {
 461                  $perm_type = "user";
 462              }
 463              else
 464              {
 465                  $groups = explode(",", $admin['additionalgroups'].",".$admin['usergroup']);
 466                  foreach($groups as $group)
 467                  {
 468                      if($group == "") continue;
 469                      if($group_permissions[$group] != "")
 470                      {
 471                          $perm_type = "group";
 472                          break;
 473                      }
 474                  }
 475              }
 476  
 477              $usergroup_list = array();
 478  
 479              // Build a list of group memberships that have access to the Admin CP
 480              // Primary usergroup?
 481              if(!empty($usergroups[$admin['usergroup']]) && $usergroups[$admin['usergroup']]['cancp'] == 1)
 482              {
 483                  $usergroup_list[] = "<i>".htmlspecialchars_uni($usergroups[$admin['usergroup']]['title'])."</i>";
 484              }
 485  
 486              // Secondary usergroups?
 487              $additional_groups = explode(',', $admin['additionalgroups']);
 488              if(is_array($additional_groups))
 489              {
 490                  foreach($additional_groups as $gid)
 491                  {
 492                      if(!empty($usergroups[$gid]) && $usergroups[$gid]['cancp'] == 1)
 493                      {
 494                          $usergroup_list[] = htmlspecialchars_uni($usergroups[$gid]['title']);
 495                      }
 496                  }
 497              }
 498              $usergroup_list = implode($lang->comma, $usergroup_list);
 499  
 500              $username = htmlspecialchars_uni($admin['username']);
 501              $table->construct_cell("<div class=\"float_right\"><img src=\"styles/{$page->style}/images/icons/{$perm_type}.png\" title=\"{$lang->permissions_type_user}\" alt=\"{$perm_type}\" /></div><div><strong><a href=\"index.php?module=user-admin_permissions&amp;action=edit&amp;uid={$admin['uid']}\" title=\"{$lang->edit_user}\">{$username}</a></strong><br /><small>{$usergroup_list}</small></div>");
 502  
 503              $table->construct_cell(my_date('relative', $admin['lastactive']), array("class" => "align_center"));
 504  
 505              $popup = new PopupMenu("adminperm_{$admin['uid']}", $lang->options);
 506              if(!is_super_admin($admin['uid']))
 507              {
 508                  if($admin['permissions'] != "")
 509                  {
 510                      $popup->add_item($lang->edit_permissions, "index.php?module=user-admin_permissions&amp;action=edit&amp;uid={$admin['uid']}");
 511                      $popup->add_item($lang->revoke_permissions, "index.php?module=user-admin_permissions&amp;action=delete&amp;uid={$admin['uid']}&amp;my_post_key={$mybb->post_code}", "return AdminCP.deleteConfirmation(this, '{$lang->confirm_perms_deletion2}')");
 512                  }
 513                  else
 514                  {
 515                      $popup->add_item($lang->set_permissions, "index.php?module=user-admin_permissions&amp;action=edit&amp;uid={$admin['uid']}");
 516                  }
 517              }
 518              $popup->add_item($lang->view_log, "index.php?module=tools-adminlog&amp;uid={$admin['uid']}");
 519              $table->construct_cell($popup->fetch(), array("class" => "align_center"));
 520              $table->construct_row();
 521          }
 522      }
 523  
 524      if(empty($usergroups) || $table->num_rows() == 0)
 525      {
 526          $table->construct_cell($lang->no_user_perms, array("colspan" => "3"));
 527          $table->construct_row();
 528      }
 529  
 530      $table->output($lang->user_permissions);
 531  
 532      echo <<<LEGEND
 533  <br />
 534  <fieldset>
 535  <legend>{$lang->legend}</legend>
 536  <img src="styles/{$page->style}/images/icons/user.png" alt="{$lang->using_individual_perms}" style="vertical-align: middle;" /> {$lang->using_individual_perms}<br />
 537  <img src="styles/{$page->style}/images/icons/group.png" alt="{$lang->using_group_perms}" style="vertical-align: middle;" /> {$lang->using_group_perms}<br />
 538  <img src="styles/{$page->style}/images/icons/default.png" alt="{$lang->using_default_perms}" style="vertical-align: middle;" /> {$lang->using_default_perms}</fieldset>
 539  LEGEND;
 540      $page->output_footer();
 541  }
 542  


2005 - 2021 © MyBB.de | Alle Rechte vorbehalten! | Sponsor: netcup Cross-referenced by PHPXref