| [ Index ] |
PHP Cross Reference of MyBB |
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * MyBB 1.6 4 * Copyright 2010 MyBB Group, All Rights Reserved 5 * 6 * Website: http://mybb.com 7 * License: http://mybb.com/about/license 8 * 9 * $Id: admin_permissions.php 5297 2010-12-28 22:01:14Z Tomm $ 10 */ 11 12 // Disallow direct access to this file for security reasons 13 if(!defined("IN_MYBB")) 14 { 15 die("Direct initialization of this file is not allowed.<br /><br />Please make sure IN_MYBB is defined."); 16 } 17 18 $page->add_breadcrumb_item($lang->admin_permissions, "index.php?module=user-admin_permissions"); 19 20 if(($mybb->input['action'] == "edit" && $mybb->input['uid'] == 0) || $mybb->input['action'] == "group" || !$mybb->input['action']) 21 { 22 $sub_tabs['user_permissions'] = array( 23 'title' => $lang->user_permissions, 24 'link' => "index.php?module=user-admin_permissions", 25 'description' => $lang->user_permissions_desc 26 ); 27 28 $sub_tabs['group_permissions'] = array( 29 'title' => $lang->group_permissions, 30 'link' => "index.php?module=user-admin_permissions&action=group", 31 'description' => $lang->group_permissions_desc 32 ); 33 34 $sub_tabs['default_permissions'] = array( 35 'title' => $lang->default_permissions, 36 'link' => "index.php?module=user-admin_permissions&action=edit&uid=0", 37 'description' => $lang->default_permissions_desc 38 ); 39 } 40 41 $uid = intval($mybb->input['uid']); 42 43 $plugins->run_hooks("admin_user_admin_permissions_begin"); 44 45 if($mybb->input['action'] == "delete") 46 { 47 $plugins->run_hooks("admin_user_admin_permissions_delete"); 48 49 if(is_super_admin($uid) && $mybb->user['uid'] != $uid) 50 { 51 flash_message($lang->error_delete_super_admin, 'error'); 52 admin_redirect("index.php?module=user-admin_permissions"); 53 } 54 55 if($mybb->input['no']) 56 { 57 admin_redirect("index.php?module=user-admin_permissions"); 58 } 59 60 if(!trim($mybb->input['uid'])) 61 { 62 flash_message($lang->error_delete_no_uid, 'error'); 63 admin_redirect("index.php?module=user-admin_permissions"); 64 } 65 66 $query = $db->simple_select("adminoptions", "COUNT(uid) as adminoptions", "uid = '{$mybb->input['uid']}'"); 67 if($db->fetch_field($query, 'adminoptions') == 0) 68 { 69 flash_message($lang->error_delete_invalid_uid, 'error'); 70 admin_redirect("index.php?module=user-admin_permissions"); 71 } 72 73 if($mybb->request_method == "post") 74 { 75 $newperms = array( 76 "permissions" => '' 77 ); 78 $db->update_query("adminoptions", $newperms, "uid = '{$uid}'"); 79 80 $plugins->run_hooks("admin_user_admin_permissions_delete_commit"); 81 82 // Log admin action 83 if($uid < 0) 84 { 85 $query = $db->simple_select("usergroups", "title", "gid='$gid'"); 86 $group = $db->fetch_array($query); 87 log_admin_action($uid, $group['title']); 88 89 } 90 elseif($uid == 0) 91 { 92 // Default 93 log_admin_action(0, $lang->default); 94 } 95 else 96 { 97 $user = get_user($uid); 98 log_admin_action($uid, $user['username']); 99 } 100 101 flash_message($lang->success_perms_deleted, 'success'); 102 admin_redirect("index.php?module=user-admin_permissions"); 103 } 104 else 105 { 106 $page->output_confirm_action("index.php?module=user-admin_permissions&action=delete&uid={$mybb->input['uid']}", $lang->confirm_perms_deletion); 107 } 108 } 109 110 if($mybb->input['action'] == "edit") 111 { 112 $plugins->run_hooks("admin_user_admin_permissions_edit"); 113 114 if($mybb->request_method == "post") 115 { 116 foreach($mybb->input['permissions'] as $module => $actions) 117 { 118 $no_access = 0; 119 foreach($actions as $action => $access) 120 { 121 if($access == 0) 122 { 123 ++$no_access; 124 } 125 } 126 // User can't access any actions in this module - just disallow it completely 127 if($no_access == count($actions)) 128 { 129 unset($mybb->input['permissions'][$module]); 130 } 131 } 132 133 // Does an options row exist for this admin already? 134 $query = $db->simple_select("adminoptions", "COUNT(uid) AS existing_options", "uid='".intval($mybb->input['uid'])."'"); 135 $existing_options = $db->fetch_field($query, "existing_options"); 136 if($existing_options > 0) 137 { 138 $db->update_query("adminoptions", array('permissions' => $db->escape_string(serialize($mybb->input['permissions']))), "uid = '".intval($mybb->input['uid'])."'"); 139 } 140 else 141 { 142 $insert_array = array( 143 "uid" => intval($mybb->input['uid']), 144 "permissions" => $db->escape_string(serialize($mybb->input['permissions'])), 145 "notes" => '', 146 "defaultviews" => '' 147 ); 148 $db->insert_query("adminoptions", $insert_array); 149 } 150 151 $plugins->run_hooks("admin_user_admin_permissions_edit_commit"); 152 153 // Log admin action 154 if($uid > 0) 155 { 156 // Users 157 $user = get_user($uid); 158 log_admin_action($uid, $user['username']); 159 } 160 elseif($uid < 0) 161 { 162 // Groups 163 $gid = abs($uid); 164 $query = $db->simple_select("usergroups", "title", "gid='$gid'"); 165 $group = $db->fetch_array($query); 166 log_admin_action($uid, $group['title']); 167 } 168 else 169 { 170 // Default 171 log_admin_action(0); 172 } 173 174 flash_message($lang->admin_permissions_updated, 'success'); 175 admin_redirect("index.php?module=user-admin_permissions"); 176 } 177 178 if($uid > 0) 179 { 180 $query = $db->query(" 181 SELECT u.uid, u.username, g.cancp, g.gid 182 FROM ".TABLE_PREFIX."users u 183 LEFT JOIN ".TABLE_PREFIX."usergroups g ON (u.usergroup=g.gid) 184 WHERE u.uid='$uid' 185 AND g.cancp=1 186 LIMIT 1 187 "); 188 $admin = $db->fetch_array($query); 189 $permission_data = get_admin_permissions($uid, $admin['gid']); 190 $title = $admin['username']; 191 $page->add_breadcrumb_item($lang->user_permissions, "index.php?module=user-admin_permissions"); 192 } 193 elseif($uid < 0) 194 { 195 $gid = abs($uid); 196 $query = $db->simple_select("usergroups", "title", "gid='$gid'"); 197 $group = $db->fetch_array($query); 198 $permission_data = get_admin_permissions("", $gid); 199 $title = $group['title']; 200 $page->add_breadcrumb_item($lang->group_permissions, "index.php?module=user-admin_permissions&action=group"); 201 } 202 else 203 { 204 $query = $db->simple_select("adminoptions", "permissions", "uid='0'"); 205 $permission_data = unserialize($db->fetch_field($query, "permissions")); 206 $page->add_breadcrumb_item($lang->default_permissions); 207 $title = $lang->default; 208 } 209 210 if($uid != 0) 211 { 212 $page->add_breadcrumb_item($lang->edit_permissions.": {$title}"); 213 } 214 215 $page->output_header($lang->edit_permissions); 216 217 if($uid != 0) 218 { 219 $sub_tabs['edit_permissions'] = array( 220 'title' => $lang->edit_permissions, 221 'link' => "index.php?module=user-admin_permissions&action=edit&uid={$uid}", 222 'description' => $lang->edit_permissions_desc 223 ); 224 225 $page->output_nav_tabs($sub_tabs, 'edit_permissions'); 226 } 227 228 $form = new Form("index.php?module=user-admin_permissions&action=edit", "post", "edit"); 229 230 echo $form->generate_hidden_field("uid", $uid); 231 232 // Fetch all of the modules we have 233 $modules_dir = MYBB_ADMIN_DIR."modules"; 234 $dir = opendir($modules_dir); 235 while(($module = readdir($dir)) !== false) 236 { 237 if(is_dir($modules_dir."/".$module) && !in_array($module, array(".", "..")) && file_exists($modules_dir."/".$module."/module_meta.php")) 238 { 239 require_once $modules_dir."/".$module."/module_meta.php"; 240 $meta_function = $module."_admin_permissions"; 241 242 // Module has no permissions, skip it 243 if(function_exists($meta_function) && is_array($meta_function())) 244 { 245 $permission_modules[$module] = $meta_function(); 246 $modules[$permission_modules[$module]['disporder']][] = $module; 247 } 248 } 249 } 250 closedir($dir); 251 252 ksort($modules); 253 foreach($modules as $disp_order => $mod) 254 { 255 if(!is_array($mod)) 256 { 257 continue; 258 } 259 260 foreach($mod as $module) 261 { 262 $module_tabs[$module] = $permission_modules[$module]['name']; 263 } 264 } 265 $page->output_tab_control($module_tabs); 266 267 foreach($permission_modules as $key => $module) 268 { 269 echo "<div id=\"tab_{$key}\">\n"; 270 $form_container = new FormContainer("{$module['name']}"); 271 foreach($module['permissions'] as $action => $title) 272 { 273 $form_container->output_row($title, "", $form->generate_yes_no_radio('permissions['.$key.']['.$action.']', intval($permission_data[$key][$action]), array('yes' => 1, 'no' => 0)), 'permissions['.$key.']['.$action.']'); 274 } 275 $form_container->end(); 276 echo "</div>\n"; 277 } 278 279 $buttons[] = $form->generate_submit_button($lang->update_permissions); 280 $form->output_submit_wrapper($buttons); 281 $form->end(); 282 283 $page->output_footer(); 284 } 285 286 if($mybb->input['action'] == "group") 287 { 288 $plugins->run_hooks("admin_user_admin_permissions_group"); 289 290 $page->add_breadcrumb_item($lang->group_permissions); 291 $page->output_header($lang->group_permissions); 292 293 $page->output_nav_tabs($sub_tabs, 'group_permissions'); 294 295 $table = new Table; 296 $table->construct_header($lang->group); 297 $table->construct_header($lang->controls, array("class" => "align_center", "width" => 150)); 298 299 // Get usergroups with ACP access 300 $query = $db->query(" 301 SELECT g.title, g.cancp, a.permissions, g.gid 302 FROM ".TABLE_PREFIX."usergroups g 303 LEFT JOIN ".TABLE_PREFIX."adminoptions a ON (a.uid = -g.gid) 304 WHERE g.cancp = 1 305 ORDER BY g.title ASC 306 "); 307 while($group = $db->fetch_array($query)) 308 { 309 if($group['permissions'] != "") 310 { 311 $perm_type = "group"; 312 } 313 else 314 { 315 $perm_type = "default"; 316 } 317 $uid = -$group['gid']; 318 $table->construct_cell("<div class=\"float_right\"><img src=\"styles/{$page->style}/images/icons/{$perm_type}.gif\" title=\"{$lang->permissions_type_group}\" alt=\"{$perm_type}\" /></div><div><strong><a href=\"index.php?module=user-admin_permissions&action=edit&uid={$uid}\" title=\"{$lang->edit_group}\">{$group['title']}</a></strong><br /></div>"); 319 320 if($group['permissions'] != "") 321 { 322 $popup = new PopupMenu("groupperm_{$uid}", $lang->options); 323 $popup->add_item($lang->edit_permissions, "index.php?module=user-admin_permissions&action=edit&uid={$uid}"); 324 325 // Check permissions for Revoke 326 $popup->add_item($lang->revoke_permissions, "index.php?module=user-admin_permissions&action=delete&uid={$uid}&my_post_key={$mybb->post_code}", "return AdminCP.deleteConfirmation(this, 'Are you sure you wish to revoke this group\'s permissions?')"); 327 $table->construct_cell($popup->fetch(), array("class" => "align_center")); 328 } 329 else 330 { 331 $table->construct_cell("<a href=\"index.php?module=user-admin_permissions&action=edit&uid={$uid}\">{$lang->set_permissions}</a>", array("class" => "align_center")); 332 } 333 $table->construct_row(); 334 } 335 336 if($table->num_rows() == 0) 337 { 338 $table->construct_cell($lang->no_group_perms, array("colspan" => "2")); 339 $table->construct_row(); 340 } 341 342 $table->output($lang->group_permissions); 343 344 echo <<<LEGEND 345 <br /> 346 <fieldset> 347 <legend>{$lang->legend}</legend> 348 <img src="styles/{$page->style}/images/icons/group.gif" alt="{$lang->using_custom_perms}" style="vertical-align: middle;" /> {$lang->using_custom_perms}<br /> 349 <img src="styles/{$page->style}/images/icons/default.gif" alt="{$lang->using_default_perms}" style="vertical-align: middle;" /> {$lang->using_default_perms}</fieldset> 350 LEGEND; 351 352 $page->output_footer(); 353 } 354 355 if(!$mybb->input['action']) 356 { 357 $plugins->run_hooks("admin_user_admin_permissions_start"); 358 359 $page->add_breadcrumb_item($lang->user_permissions); 360 $page->output_header($lang->user_permissions); 361 362 $page->output_nav_tabs($sub_tabs, 'user_permissions'); 363 364 $table = new Table; 365 $table->construct_header($lang->user); 366 $table->construct_header($lang->last_active, array("class" => "align_center", "width" => 200)); 367 $table->construct_header($lang->controls, array("class" => "align_center", "width" => 150)); 368 369 // Get usergroups with ACP access 370 $usergroups = array(); 371 $query = $db->simple_select("usergroups", "*", "cancp = 1"); 372 while($usergroup = $db->fetch_array($query)) 373 { 374 $usergroups[$usergroup['gid']] = $usergroup; 375 } 376 377 // Get users whose primary or secondary usergroup has ACP access 378 $comma = $primary_group_list = $secondary_group_list = ''; 379 foreach($usergroups as $gid => $group_info) 380 { 381 $primary_group_list .= $comma.$gid; 382 switch($db->type) 383 { 384 case "pgsql": 385 case "sqlite": 386 $secondary_group_list .= " OR ','|| u.additionalgroups||',' LIKE '%,{$gid},%'"; 387 break; 388 default: 389 $secondary_group_list .= " OR CONCAT(',', u.additionalgroups,',') LIKE '%,{$gid},%'"; 390 } 391 392 $comma = ','; 393 } 394 395 $group_list = implode(',', array_keys($usergroups)); 396 $secondary_groups = ','.$group_list.','; 397 398 // Get usergroups with ACP access 399 $query = $db->query(" 400 SELECT g.title, g.cancp, a.permissions, g.gid 401 FROM ".TABLE_PREFIX."usergroups g 402 LEFT JOIN ".TABLE_PREFIX."adminoptions a ON (a.uid = -g.gid) 403 WHERE g.cancp = 1 404 ORDER BY g.title ASC 405 "); 406 while($group = $db->fetch_array($query)) 407 { 408 $group_permissions[$group['gid']] = $group['permissions']; 409 } 410 411 $query = $db->query(" 412 SELECT u.uid, u.username, u.lastactive, u.usergroup, u.additionalgroups, a.permissions 413 FROM ".TABLE_PREFIX."users u 414 LEFT JOIN ".TABLE_PREFIX."adminoptions a ON (a.uid=u.uid) 415 WHERE u.usergroup IN ({$primary_group_list}) {$secondary_group_list} 416 ORDER BY u.username ASC 417 "); 418 while($admin = $db->fetch_array($query)) 419 { 420 if($admin['permissions'] != "") 421 { 422 $perm_type = "user"; 423 } 424 else 425 { 426 $groups = explode(",", $admin['additionalgroups'].",".$admin['usergroup']); 427 foreach($groups as $group) 428 { 429 if($group == "") continue; 430 if($group_permissions[$group] != "") 431 { 432 $perm_type = "group"; 433 break; 434 } 435 } 436 437 if(!$group_permissions) 438 { 439 $perm_type = "default"; 440 } 441 } 442 443 $usergroup_list = array(); 444 445 // Build a list of group memberships that have access to the Admin CP 446 // Primary usergroup? 447 if($usergroups[$admin['usergroup']]['cancp'] == 1) 448 { 449 $usergroup_list[] = "<i>".$usergroups[$admin['usergroup']]['title']."</i>"; 450 } 451 452 // Secondary usergroups? 453 $additional_groups = explode(',', $admin['additionalgroups']); 454 if(is_array($additional_groups)) 455 { 456 foreach($additional_groups as $gid) 457 { 458 if($usergroups[$gid]['cancp'] == 1) 459 { 460 $usergroup_list[] = $usergroups[$gid]['title']; 461 } 462 } 463 } 464 $usergroup_list = implode(", ", $usergroup_list); 465 466 $table->construct_cell("<div class=\"float_right\"><img src=\"styles/{$page->style}/images/icons/{$perm_type}.gif\" title=\"{$lang->perms_type_user}\" alt=\"{$perm_type}\" /></div><div><strong><a href=\"index.php?module=user-admin_permissions&action=edit&uid={$admin['uid']}\" title=\"{$lang->edit_user}\">{$admin['username']}</a></strong><br /><small>{$usergroup_list}</small></div>"); 467 468 $table->construct_cell(my_date($mybb->settings['dateformat'].", ".$mybb->settings['timeformat'], $admin['lastactive']), array("class" => "align_center")); 469 470 $popup = new PopupMenu("adminperm_{$admin['uid']}", $lang->options); 471 if($admin['permissions'] != "") 472 { 473 $popup->add_item($lang->edit_permissions, "index.php?module=user-admin_permissions&action=edit&uid={$admin['uid']}"); 474 $popup->add_item($lang->revoke_permissions, "index.php?module=user-admin_permissions&action=delete&uid={$admin['uid']}&my_post_key={$mybb->post_code}", "return AdminCP.deleteConfirmation(this, '{$lang->confirm_perms_deletion2}')"); 475 } 476 else 477 { 478 $popup->add_item($lang->set_permissions, "index.php?module=user-admin_permissions&action=edit&uid={$admin['uid']}"); 479 } 480 $popup->add_item($lang->view_log, "index.php?module=tools-adminlog&uid={$admin['uid']}"); 481 $table->construct_cell($popup->fetch(), array("class" => "align_center")); 482 $table->construct_row(); 483 } 484 485 if($table->num_rows() == 0) 486 { 487 $table->construct_cell($lang->no_user_perms, array("colspan" => "2")); 488 $table->construct_row(); 489 } 490 491 $table->output($lang->user_permissions); 492 493 echo <<<LEGEND 494 <br /> 495 <fieldset> 496 <legend>{$lang->legend}</legend> 497 <img src="styles/{$page->style}/images/icons/user.gif" alt="{$lang->using_individual_perms}" style="vertical-align: middle;" /> {$lang->using_individual_perms}<br /> 498 <img src="styles/{$page->style}/images/icons/group.gif" alt="{$lang->using_group_perms}" style="vertical-align: middle;" /> {$lang->using_group_perms}<br /> 499 <img src="styles/{$page->style}/images/icons/default.gif" alt="{$lang->using_default_perms}" style="vertical-align: middle;" /> {$lang->using_default_perms}</fieldset> 500 LEGEND; 501 $page->output_footer(); 502 } 503 504 ?>
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Tue Oct 8 19:19:50 2013 | Cross-referenced by PHPXref 0.7.1 |