From 4103c99a8676653a868014a6f58a76e8986bd5ed Mon Sep 17 00:00:00 2001
From: Joas Schilling <nickvergessen@gmx.de>
Date: Thu, 1 Mar 2012 16:15:11 +0100
Subject: [PATCH 1/3] [ticket/10679] Add new permission for changing profile
 field information

The setting is copied from "Can use signature"

PHPBB3-10679
---
 phpBB/includes/ucp/ucp_profile.php          |  5 +++
 phpBB/install/database_update.php           | 48 +++++++++++++++++++--
 phpBB/install/schemas/schema_data.sql       |  3 +-
 phpBB/language/en/acp/permissions_phpbb.php |  1 +
 phpBB/language/en/ucp.php                   |  1 +
 phpBB/ucp.php                               |  6 +++
 6 files changed, 59 insertions(+), 5 deletions(-)

diff --git a/phpBB/includes/ucp/ucp_profile.php b/phpBB/includes/ucp/ucp_profile.php
index 89bf20a30f..e7cea06a45 100644
--- a/phpBB/includes/ucp/ucp_profile.php
+++ b/phpBB/includes/ucp/ucp_profile.php
@@ -251,6 +251,11 @@ class ucp_profile
 			break;
 
 			case 'profile_info':
+				// Do not display profile information panel if not authed to do so
+				if (!$auth->acl_get('u_chgprofileinfo'))
+				{
+					trigger_error('NO_AUTH_PROFILEINFO');
+				}
 
 				include($phpbb_root_path . 'includes/functions_profile_fields.' . $phpEx);
 
diff --git a/phpBB/install/database_update.php b/phpBB/install/database_update.php
index e966756337..f0a16844e9 100644
--- a/phpBB/install/database_update.php
+++ b/phpBB/install/database_update.php
@@ -2731,8 +2731,6 @@ function change_database_data(&$no_updates, $version)
 				$config->set('display_last_subject', '1');
 			}
 
-			$no_updates = false;
-
 			if (!isset($config['assets_version']))
 			{
 				$config->set('assets_version', '1');
@@ -2771,7 +2769,7 @@ function change_database_data(&$no_updates, $version)
 			}
 
 			// PHPBB3-10601: Make inbox default. Add basename to ucp's pm category
-			
+
 			// Get the category wanted while checking, at the same time, if this has already been applied
 			$sql = 'SELECT module_id, module_basename
 					FROM ' . MODULES_TABLE . "
@@ -2788,10 +2786,52 @@ function change_database_data(&$no_updates, $version)
 					SET module_basename = 'ucp_pm'
 					WHERE  module_id = " . (int) $row['module_id'];
 
-				_sql($sql, $errored, $error_ary);		
+				_sql($sql, $errored, $error_ary);
 			}
 			$db->sql_freeresult($result);
 
+			// Add new permission u_chgprofileinfo and duplicate settings from u_sig
+			include_once($phpbb_root_path . 'includes/acp/auth.' . $phpEx);
+			$auth_admin = new auth_admin();
+
+			// Only add the new permission if it does not already exist
+			if (empty($auth_admin->acl_options['id']['u_chgprofileinfo']))
+			{
+				$auth_admin->acl_add_option(array('global' => array('u_chgprofileinfo')));
+
+				// Now the tricky part, filling the permission
+				$old_id = $auth_admin->acl_options['id']['u_sig'];
+				$new_id = $auth_admin->acl_options['id']['u_chgprofileinfo'];
+
+				$tables = array(ACL_GROUPS_TABLE, ACL_ROLES_DATA_TABLE, ACL_USERS_TABLE);
+
+				foreach ($tables as $table)
+				{
+					$sql = 'SELECT *
+						FROM ' . $table . '
+						WHERE auth_option_id = ' . $old_id;
+					$result = _sql($sql, $errored, $error_ary);
+
+					$sql_ary = array();
+					while ($row = $db->sql_fetchrow($result))
+					{
+						$row['auth_option_id'] = $new_id;
+						$sql_ary[] = $row;
+					}
+					$db->sql_freeresult($result);
+
+					if (sizeof($sql_ary))
+					{
+						$db->sql_multi_insert($table, $sql_ary);
+					}
+				}
+
+				// Remove any old permission entries
+				$auth_admin->acl_clear_prefetch();
+			}
+
+			$no_updates = false;
+
 		break;
 	}
 }
diff --git a/phpBB/install/schemas/schema_data.sql b/phpBB/install/schemas/schema_data.sql
index dbb5fd7481..7c1a7d40f5 100644
--- a/phpBB/install/schemas/schema_data.sql
+++ b/phpBB/install/schemas/schema_data.sql
@@ -387,6 +387,7 @@ INSERT INTO phpbb_acl_options (auth_option, is_global) VALUES ('u_chgemail', 1);
 INSERT INTO phpbb_acl_options (auth_option, is_global) VALUES ('u_chggrp', 1);
 INSERT INTO phpbb_acl_options (auth_option, is_global) VALUES ('u_chgname', 1);
 INSERT INTO phpbb_acl_options (auth_option, is_global) VALUES ('u_chgpasswd', 1);
+INSERT INTO phpbb_acl_options (auth_option, is_global) VALUES ('u_chgprofileinfo', 1);
 INSERT INTO phpbb_acl_options (auth_option, is_global) VALUES ('u_download', 1);
 INSERT INTO phpbb_acl_options (auth_option, is_global) VALUES ('u_hideonline', 1);
 INSERT INTO phpbb_acl_options (auth_option, is_global) VALUES ('u_ignoreflood', 1);
@@ -548,7 +549,7 @@ INSERT INTO phpbb_acl_roles_data (role_id, auth_option_id, auth_setting) SELECT
 INSERT INTO phpbb_acl_roles_data (role_id, auth_option_id, auth_setting) SELECT 22, auth_option_id, 1 FROM phpbb_acl_options WHERE auth_option LIKE 'f_%' AND auth_option NOT IN ('f_announce', 'f_attach', 'f_bump', 'f_delete', 'f_flash', 'f_icons', 'f_ignoreflood', 'f_sticky', 'f_user_lock', 'f_votechg');
 
 # New Member (u_)
-INSERT INTO phpbb_acl_roles_data (role_id, auth_option_id, auth_setting) SELECT 23, auth_option_id, 0 FROM phpbb_acl_options WHERE auth_option LIKE 'u_%' AND auth_option IN ('u_sendpm', 'u_masspm', 'u_masspm_group');
+INSERT INTO phpbb_acl_roles_data (role_id, auth_option_id, auth_setting) SELECT 23, auth_option_id, 0 FROM phpbb_acl_options WHERE auth_option LIKE 'u_%' AND auth_option IN ('u_sendpm', 'u_masspm', 'u_masspm_group', 'u_chgprofileinfo');
 
 # New Member (f_)
 INSERT INTO phpbb_acl_roles_data (role_id, auth_option_id, auth_setting) SELECT 24, auth_option_id, 0 FROM phpbb_acl_options WHERE auth_option LIKE 'f_%' AND auth_option IN ('f_noapprove');
diff --git a/phpBB/language/en/acp/permissions_phpbb.php b/phpBB/language/en/acp/permissions_phpbb.php
index b142cfd9aa..27ef714f8b 100644
--- a/phpBB/language/en/acp/permissions_phpbb.php
+++ b/phpBB/language/en/acp/permissions_phpbb.php
@@ -102,6 +102,7 @@ $lang = array_merge($lang, array(
 	'acl_u_chgemail'	=> array('lang' => 'Can change email address', 'cat' => 'profile'),
 	'acl_u_chgavatar'	=> array('lang' => 'Can change avatar', 'cat' => 'profile'),
 	'acl_u_chggrp'		=> array('lang' => 'Can change default usergroup', 'cat' => 'profile'),
+	'acl_u_chgprofileinfo'	=> array('lang' => 'Can change profile field information', 'cat' => 'profile'),
 
 	'acl_u_attach'		=> array('lang' => 'Can attach files', 'cat' => 'post'),
 	'acl_u_download'	=> array('lang' => 'Can download files', 'cat' => 'post'),
diff --git a/phpBB/language/en/ucp.php b/phpBB/language/en/ucp.php
index b919699ea0..267ae00710 100644
--- a/phpBB/language/en/ucp.php
+++ b/phpBB/language/en/ucp.php
@@ -318,6 +318,7 @@ $lang = array_merge($lang, array(
 	'NO_AUTH_FORWARD_MESSAGE'		=> 'You are not authorised to forward private messages.',
 	'NO_AUTH_GROUP_MESSAGE'			=> 'You are not authorised to send private messages to groups.',
 	'NO_AUTH_PASSWORD_REMINDER'		=> 'You are not authorised to request a new password.',
+	'NO_AUTH_PROFILEINFO'			=> 'You are not authorised to change your profile information.',
 	'NO_AUTH_READ_HOLD_MESSAGE'		=> 'You are not authorised to read private messages that are on hold.',
 	'NO_AUTH_READ_MESSAGE'			=> 'You are not authorised to read private messages.',
 	'NO_AUTH_READ_REMOVED_MESSAGE'	=> 'You are not able to read this message because it was removed by the author.',
diff --git a/phpBB/ucp.php b/phpBB/ucp.php
index a7e75f76c4..7f4cd94f6f 100644
--- a/phpBB/ucp.php
+++ b/phpBB/ucp.php
@@ -334,6 +334,12 @@ if (!$config['allow_topic_notify'] && !$config['allow_forum_notify'])
 $vars = array('module', 'id', 'mode');
 extract($phpbb_dispatcher->trigger_event('core.ucp_display_module_before', compact($vars)));
 
+// Do not display profile information panel if not authed to do so
+if (!$auth->acl_get('u_chgprofileinfo'))
+{
+	$module->set_display('profile', 'profile_info', false);
+}
+
 // Select the active module
 $module->set_active($id, $mode);
 

From 2f490293e4b8d08d6c1008ef5ea324ae259d9993 Mon Sep 17 00:00:00 2001
From: Joas Schilling <nickvergessen@gmx.de>
Date: Thu, 6 Dec 2012 16:33:12 +0100
Subject: [PATCH 2/3] [ticket/10679] Use module_auth to limit access to the
 module

PHPBB3-10679
---
 phpBB/includes/ucp/info/ucp_profile.php | 2 +-
 phpBB/install/database_update.php       | 8 ++++++++
 phpBB/ucp.php                           | 6 ------
 3 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/phpBB/includes/ucp/info/ucp_profile.php b/phpBB/includes/ucp/info/ucp_profile.php
index 201216e9fd..3581a7f533 100644
--- a/phpBB/includes/ucp/info/ucp_profile.php
+++ b/phpBB/includes/ucp/info/ucp_profile.php
@@ -19,7 +19,7 @@ class ucp_profile_info
 			'title'		=> 'UCP_PROFILE',
 			'version'	=> '1.0.0',
 			'modes'		=> array(
-				'profile_info'	=> array('title' => 'UCP_PROFILE_PROFILE_INFO', 'auth' => '', 'cat' => array('UCP_PROFILE')),
+				'profile_info'	=> array('title' => 'UCP_PROFILE_PROFILE_INFO', 'auth' => 'acl_u_chgprofileinfo', 'cat' => array('UCP_PROFILE')),
 				'signature'		=> array('title' => 'UCP_PROFILE_SIGNATURE', 'auth' => 'acl_u_sig', 'cat' => array('UCP_PROFILE')),
 				'avatar'		=> array('title' => 'UCP_PROFILE_AVATAR', 'auth' => 'cfg_allow_avatar && (cfg_allow_avatar_local || cfg_allow_avatar_remote || cfg_allow_avatar_upload || cfg_allow_avatar_remote_upload)', 'cat' => array('UCP_PROFILE')),
 				'reg_details'	=> array('title' => 'UCP_PROFILE_REG_DETAILS', 'auth' => '', 'cat' => array('UCP_PROFILE')),
diff --git a/phpBB/install/database_update.php b/phpBB/install/database_update.php
index f0a16844e9..95fd1ca2c2 100644
--- a/phpBB/install/database_update.php
+++ b/phpBB/install/database_update.php
@@ -2830,6 +2830,14 @@ function change_database_data(&$no_updates, $version)
 				$auth_admin->acl_clear_prefetch();
 			}
 
+			// Update the auth setting for the module
+			$sql = 'UPDATE ' . MODULES_TABLE . "
+				SET module_auth = 'acl_u_chgprofileinfo'
+				WHERE module_class = 'ucp'
+					AND module_basename = 'profile'
+					AND module_mode = 'profile_info'";
+			_sql($sql, $errored, $error_ary);
+
 			$no_updates = false;
 
 		break;
diff --git a/phpBB/ucp.php b/phpBB/ucp.php
index 7f4cd94f6f..a7e75f76c4 100644
--- a/phpBB/ucp.php
+++ b/phpBB/ucp.php
@@ -334,12 +334,6 @@ if (!$config['allow_topic_notify'] && !$config['allow_forum_notify'])
 $vars = array('module', 'id', 'mode');
 extract($phpbb_dispatcher->trigger_event('core.ucp_display_module_before', compact($vars)));
 
-// Do not display profile information panel if not authed to do so
-if (!$auth->acl_get('u_chgprofileinfo'))
-{
-	$module->set_display('profile', 'profile_info', false);
-}
-
 // Select the active module
 $module->set_active($id, $mode);
 

From c23d2457e9be616bfa83aebc5e743130b6c69624 Mon Sep 17 00:00:00 2001
From: Joas Schilling <nickvergessen@gmx.de>
Date: Fri, 7 Dec 2012 12:50:21 +0100
Subject: [PATCH 3/3] [ticket/10679] Update module basename, we added the xcp_
 prefix in 3.1

PHPBB3-10679
---
 phpBB/install/database_update.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/phpBB/install/database_update.php b/phpBB/install/database_update.php
index 95fd1ca2c2..30592b995d 100644
--- a/phpBB/install/database_update.php
+++ b/phpBB/install/database_update.php
@@ -2834,7 +2834,7 @@ function change_database_data(&$no_updates, $version)
 			$sql = 'UPDATE ' . MODULES_TABLE . "
 				SET module_auth = 'acl_u_chgprofileinfo'
 				WHERE module_class = 'ucp'
-					AND module_basename = 'profile'
+					AND module_basename = 'ucp_profile'
 					AND module_mode = 'profile_info'";
 			_sql($sql, $errored, $error_ary);