From ad4cfc051ca94b8f326072bd877ede82195188d6 Mon Sep 17 00:00:00 2001 From: "Paul S. Owen" Date: Fri, 1 Jun 2001 13:44:12 +0000 Subject: [PATCH] Allow restricted view forums git-svn-id: file:///svn/phpbb/trunk@402 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/auth.php | 274 ++++++++++++++++++++++++---------------- phpBB/index.php | 65 ++++++---- phpBB/viewforum.php | 2 +- phpBB/viewtopic.php | 4 +- 4 files changed, 212 insertions(+), 133 deletions(-) diff --git a/phpBB/includes/auth.php b/phpBB/includes/auth.php index 86a4b3bbcd..f7959d8f5d 100644 --- a/phpBB/includes/auth.php +++ b/phpBB/includes/auth.php @@ -125,6 +125,8 @@ function auth($type, $forum_id, $userdata, $f_access = -1) // if(!$userdata['session_logged_in']) { + $auth_user = array(); + if($forum_id != AUTH_LIST_ALL) { for($i = 0; $i < count($f_access); $i++) @@ -134,12 +136,11 @@ function auth($type, $forum_id, $userdata, $f_access = -1) } else { - $auth_user_list = array(); for($i = 0; $i < count($f_access); $i++) { for($j = 0; $j < count($auth_fields); $j++) { - $auth_user_list[$f_access[$i]['forum_id']][$auth_fields[$j]] = ($f_access[$i][$auth_fields[$j]] == AUTH_ALL) ? 1 : 0; + $auth_user[$f_access[$i]['forum_id']][$auth_fields[$j]] = ($f_access[$i][$auth_fields[$j]] == AUTH_ALL) ? 1 : 0; } } } @@ -154,126 +155,183 @@ function auth($type, $forum_id, $userdata, $f_access = -1) AND aa.group_id = ug.group_id $forum_match_sql"; $au_result = $db->sql_query($sql); - $u_access = $db->sql_fetchrowset($au_result); + $num_forums = (is_array($f_access[0])) ? count($f_access) : 1; + $is_admin = ($userdata['user_level'] == ADMIN) ? 1 : 0; $auth_user = array(); - for($i = 0; $i < count($auth_fields); $i++) + for($k = 0; $k < $num_forums; $k++) { - $key = $auth_fields[$i]; - $value = $f_access[$key]; + for($i = 0; $i < count($auth_fields); $i++) + { + $key = $auth_fields[$i]; + $value = ($forum_id != AUTH_LIST_ALL) ? $f_access[$key] : $f_access[$f_access[$k]['forum_id']][$key]; + + // + // If the user is logged on and the forum + // type is either ALL or REG then the user + // has access + // + if($value == AUTH_ALL || $value == AUTH_REG) + { + if($forum_id != AUTH_LIST_ALL) + { + $auth_user[$key] = 1; + } + else + { + $auth_user[$f_access[$k]['forum_id']][$key] = 1; + } + } + else + { + // + // If the type if ACL, MOD or ADMIN + // then we need to see if the user has + // specific permissions to do whatever it + // is they want to do ... to do this + // we pull relevant information for the user + // (and any groups they belong to) + // + + $single_user = 0; + + // + // Now we compare the users access level + // against the forums We assume here that + // a moderator and admin automatically have + // access to an ACL forum, similarly we assume + // admins meet an auth requirement of MOD + // + // The access level assigned to a single user + // automatically takes precedence over any + // levels granted by that user being a member + // of a multi-user usergroup, eg. a user + // who is banned from a forum won't gain + // access to it even if they belong to a group + // which has access (and vice versa). This + // check is done via the single_user check + // + // PS : I appologise for the fantastically clear + // and hugely readable code here ;) Simple gist + // is, if this row of auth_access doesn't represent + // a single user then OR the contents of relevant auth_access + // levels against the current level (allows + // maximum group privileges to be assigned). If + // the row does represent a single user then forget + // any previous group results and instead set + // the auth to whatever the OR'd contents of the + // access levels are. + // + switch($value) + { + case AUTH_ACL: + for($j = 0; $j < count($u_access); $j++) + { + if(!$single_user) + { + $single_user = $u_access[$j]['single_user']; + + $result = (!$single_user) ? ($auth_user[$key] || $u_access[$j][$key] || $u_access[$i]['auth_mod'] || $is_admin) : ($u_access[$j][$key] || $u_access[$i]['auth_mod'] || $is_admin); + + if($forum_id != AUTH_LIST_ALL) + { + $auth_user[$key] = $result; + } + else + { + $auth_user[$f_access[$k]['forum_id']][$key] = $result; + } + } + } + break; + + case AUTH_MOD: + for($j = 0; $j < count($u_access); $j++) + { + if(!$single_user) + { + $single_user = $u_access[$j]['single_user']; + + $auth_user[$key] = (!$single_user) ? ($auth_user[$key] || $u_access[$j]['auth_mod'] || $is_admin) : ($u_access[$j]['auth_mod'] || $is_admin); + + if($forum_id != AUTH_LIST_ALL) + { + $auth_user[$key] = $result; + } + else + { + $auth_user[$f_access[$k]['forum_id']][$key] = $result; + } + } + } + break; + + case AUTH_ADMIN: + // + // Pretty redundant right now ... + // + if($forum_id != AUTH_LIST_ALL) + { + $auth_user[$key] = $is_admin; + } + else + { + $auth_user[$f_access[$k]['forum_id']][$key] = $is_admin; + } + break; + + default: + if($forum_id != AUTH_LIST_ALL) + { + $auth_user[$key] = 0; + } + else + { + $auth_user[$f_access[$k]['forum_id']][$key] = 0; + } + break; + } + } + } + // + // Is user a moderator? + // + $single_user = 0; + for($j = 0; $j < count($u_access); $j++) + { + if(!$single_user) + { + $single_user = $u_access[$j]['single_user']; + + $result = (!$single_user) ? ($auth_user['auth_mod'] || $u_access[$j]['auth_mod'] || $is_admin) : ($u_access[$j]['auth_mod'] || $is_admin); + + if($forum_id != AUTH_LIST_ALL) + { + $auth_user['auth_mod'] = $result; + } + else + { + $auth_user[$f_access[$k]['forum_id']]['auth_mod'] = $result; + } + } + } // - // If the user is logged on and the forum - // type is either ALL or REG then the user - // has access + // Is user an admin (this is + // really redundant at this time) // - if($value == AUTH_ALL || $value == AUTH_REG) + if($forum_id != AUTH_LIST_ALL) { - $auth_user[$key] = 1; + $auth_user['auth_admin'] = $is_admin; } else { - // - // If the type if ACL, MOD or ADMIN - // then we need to see if the user has - // specific permissions to do whatever it - // is they want to do ... to do this - // we pull relevant information for the user - // (and any groups they belong to) - // - - $single_user = 0; - - // - // Now we compare the users access level - // against the forums We assume here that - // a moderator and admin automatically have - // access to an ACL forum, similarly we assume - // admins meet an auth requirement of MOD - // - // The access level assigned to a single user - // automatically takes precedence over any - // levels granted by that user being a member - // of a multi-user usergroup, eg. a user - // who is banned from a forum won't gain - // access to it even if they belong to a group - // which has access (and vice versa). This - // check is done via the single_user check - // - // PS : I appologise for the fantastically clear - // and hugely readable code here ;) Simple gist - // is, if this row of auth_access doesn't represent - // a single user then OR the contents of relevant auth_access - // levels against the current level (allows - // maximum group privileges to be assigned). If - // the row does represent a single user then forget - // any previous group results and instead set - // the auth to whatever the OR'd contents of the - // access levels are. - // - switch($value) - { - case AUTH_ACL: - for($j = 0; $j < count($u_access); $j++) - { - if(!$single_user) - { - $single_user = $u_access[$j]['single_user']; - - $auth_user[$key] = (!$single_user) ? ($auth_user[$key] || $u_access[$j][$key] || $u_access[$i]['auth_mod'] || $is_admin) : ($u_access[$j][$key] || $u_access[$i]['auth_mod'] || $is_admin); - } - } - break; - - case AUTH_MOD: - for($j = 0; $j < count($u_access); $j++) - { - if(!$single_user) - { - $single_user = $u_access[$j]['single_user']; - - $auth_user[$key] = (!$single_user) ? ($auth_user[$key] || $u_access[$j]['auth_mod'] || $is_admin) : ($u_access[$j]['auth_mod'] || $is_admin); - } - } - break; - - case AUTH_ADMIN: - // - // Pretty redundant right now ... - // - $auth_user[$key] = ($userdata['user_level'] == ADMIN) ? 1 : 0; - break; - - default: - $auth_user[$key] = 0; - break; - } + $auth_user[$f_access[$k]['forum_id']]['auth_admin'] = $is_admin; } } - - // - // Is user a moderator? - // - $single_user = 0; - for($j = 0; $j < count($u_access); $j++) - { - if(!$single_user) - { - $single_user = $u_access[$j]['single_user']; - - $auth_user['auth_mod'] = (!$single_user) ? ($auth_user['auth_mod'] || $u_access[$j]['auth_mod'] || $is_admin) : ($u_access[$j]['auth_mod'] || $is_admin); - } - } - - // - // Is user an admin (this is - // really redundant at this time) - // - $auth_user['auth_admin'] = $is_admin; - } // @@ -281,7 +339,7 @@ function auth($type, $forum_id, $userdata, $f_access = -1) // however it will also return an array if a listing // of all forums to which a user has access was requested. // - return ( ($forum_id != AUTH_LIST_ALL) ? $auth_user : $auth_user_list ); + return $auth_user; } ?> \ No newline at end of file diff --git a/phpBB/index.php b/phpBB/index.php index ee66b632e1..d1de5625b4 100644 --- a/phpBB/index.php +++ b/phpBB/index.php @@ -127,11 +127,12 @@ if($total_categories) default: // This works on: MySQL, MSSQL and ODBC (Access) $limit_forums = ($viewcat != -1) ? "WHERE f.cat_id = $viewcat " : ""; - $sql = "SELECT f.*, t.topic_id, t.topic_replies, t.topic_last_post_id, u.username, u.user_id, p.post_time - FROM (( ".FORUMS_TABLE." f + $sql = "SELECT f.*, t.topic_id, t.topic_replies, t.topic_last_post_id, u.username, u.user_id, p.post_time, af.auth_view, af.auth_read, af.auth_post, af.auth_reply, af.auth_edit, af.auth_delete, af.auth_votecreate, af.auth_vote + FROM ((( ".FORUMS_TABLE." f LEFT JOIN ".POSTS_TABLE." p ON f.forum_last_post_id = p.post_id ) LEFT JOIN ".TOPICS_TABLE." t ON p.post_id = t.topic_last_post_id ) - LEFT JOIN ".USERS_TABLE." u ON p.poster_id = u.user_id + LEFT JOIN ".USERS_TABLE." u ON p.poster_id = u.user_id ) + LEFT JOIN ".AUTH_FORUMS_TABLE." af ON af.forum_id = f.forum_id $limit_forums ORDER BY f.cat_id, f.forum_order"; break; @@ -140,6 +141,8 @@ if($total_categories) { error_die(SQL_QUERY, "Could not query forums information.", __LINE__, __FILE__); } + $total_forums = $db->sql_numrows($q_forums); + $forum_rows = $db->sql_fetchrowset($q_forums); // // Note that this doesn't resolve conflicts where a user @@ -162,9 +165,6 @@ if($total_categories) { error_die(SQL_QUERY, "Could not query forum moderator information.", __LINE__, __FILE__); } - - $total_forums = $db->sql_numrows($q_forums); - $forum_rows = $db->sql_fetchrowset($q_forums); $forum_mods_list = $db->sql_fetchrowset($q_forum_mods); for($i = 0; $i < count($forum_mods_list); $i++) @@ -173,23 +173,25 @@ if($total_categories) $forum_mods['forum_'.$forum_mods_list[$i]['forum_id'].'_id'][] = $forum_mods_list[$i]['user_id']; } + // + // Find which forums are visible for + // this user + // + $is_auth_ary = auth(AUTH_VIEW, AUTH_LIST_ALL, $userdata, $forum_rows); + + // + // Okay, let's build the index + // + $gen_cat = array(); + for($i = 0; $i < $total_categories; $i++) { - $template->assign_block_vars("catrow", - array( - "CAT_ID" => $category_rows[$i]['cat_id'], - "CAT_DESC" => stripslashes($category_rows[$i]['cat_title']), - "U_VIEWCAT" => append_sid("index." . $phpEx . "?viewcat=" . $category_rows[$i]['cat_id']) - ) - ); - for($j = 0; $j < $total_forums; $j++) { - - if( ( $forum_rows[$j]['cat_id'] == $category_rows[$i]['cat_id'] && $viewcat == -1 ) || - ( $category_rows[$i]['cat_id'] == $viewcat) ) + if( ( ($forum_rows[$j]['cat_id'] == $category_rows[$i]['cat_id'] && $viewcat == -1) || + ($category_rows[$i]['cat_id'] == $viewcat) ) && + $is_auth_ary[$forum_rows[$j]['forum_id']]['auth_view']) { - $folder_image = ""; $posts = $forum_rows[$j]['forum_posts']; $topics = $forum_rows[$j]['forum_topics']; @@ -231,6 +233,17 @@ if($total_categories) $moderators_links .= "".$forum_mods['forum_'.$forum_rows[$j]['forum_id'].'_name'][$mods].""; } + if(!$gen_cat[$category_rows[$i]['cat_id']]) + { + $category_rows[$i]['cat_id']. " : " . $gen_cat[$category_rows[$i]['cat_id']]."
"; + $template->assign_block_vars("catrow", array( + "CAT_ID" => $category_rows[$i]['cat_id'], + "CAT_DESC" => stripslashes($category_rows[$i]['cat_title']), + "U_VIEWCAT" => append_sid("index." . $phpEx . "?viewcat=" . $category_rows[$i]['cat_id'])) + ); + $gen_cat[$category_rows[$i]['cat_id']] = 1; + } + $template->assign_block_vars("catrow.forumrow", array( "FOLDER" => $folder_image, @@ -243,13 +256,21 @@ if($total_categories) "MODERATORS" => $moderators_links, "U_VIEWFORUM" => append_sid("viewforum." . $phpEx . "?" . POST_FORUM_URL . "=" . $forum_rows[$j]['forum_id'] . "&" . $forum_rows[$j]['forum_posts'])) + ); + } + else if($viewcat != -1) + { + if(!$gen_cat[$category_rows[$i]['cat_id']]) + { + $template->assign_block_vars("catrow", array( + "CAT_ID" => $category_rows[$i]['cat_id'], + "CAT_DESC" => stripslashes($category_rows[$i]['cat_title']), + "U_VIEWCAT" => append_sid("index." . $phpEx . "?viewcat=" . $category_rows[$i]['cat_id'])) ); -// "LAST_POST_USER" => "$forum_rows[$j]['username']", -// "U_LAST_POST_USER_PROFILE" => "profile.$phpEx?mode=viewprofile&".POST_USERS_URL."=".$forum_rows[$j]['user_id']", -// "U_LAST_POST" => "viewtopic.".$phpEx."?t=".$forum_rows[$j]['topic_id'], + $gen_cat[$category_rows[$i]['cat_id']] = 1; + } } } - } // for ... categories }// if ... total_categories diff --git a/phpBB/viewforum.php b/phpBB/viewforum.php index ca76f5f042..59f8c2ca74 100644 --- a/phpBB/viewforum.php +++ b/phpBB/viewforum.php @@ -92,7 +92,7 @@ if(!$forum_row) // $is_auth = auth(AUTH_ALL, $forum_id, $userdata, $forum_row[0]); -if(!$is_auth['auth_read']) +if(!$is_auth['auth_read'] || !$is_auth['auth_view']) { // // Ooopss, user is not authed diff --git a/phpBB/viewtopic.php b/phpBB/viewtopic.php index 21e0cd9fd7..a12f94d0d8 100644 --- a/phpBB/viewtopic.php +++ b/phpBB/viewtopic.php @@ -214,9 +214,9 @@ init_userprefs($userdata); // // Start auth check // -$is_auth = auth(AUTH_ALL, $forum_id, $userdata, $forum_row[0]); +$is_auth = auth(AUTH_ALL, $forum_id, $userdata, $forum_row[0]); -if(!$is_auth) +if(!$is_auth['auth_view'] || !$is_auth['auth_view']) { // // Ooopss, user is not authed