Maybe - just maybe - it might a good idea to only allow users actually allowed to change permissions to do so.

git-svn-id: file:///svn/phpbb/trunk@8083 89ea8834-ac86-4346-8a33-228a782c2dd0
2025-06-28 14:18:52 +00:00 · 2007-09-07 14:01:18 +00:00 · 2007-09-07 14:01:18 +00:00 · c8ecf341b9
commit c8ecf341b9
parent a74fe8a811
3 changed files with 10 additions and 5 deletions
--- a/phpBB/adm/style/acp_forums.html
+++ b/phpBB/adm/style/acp_forums.html
@ -171,10 +171,12 @@
 		<dt><label for="forum_style">{L_FORUM_STYLE}:</label></dt>
 		<dd><select id="forum_style" name="forum_style"><option value="0">{L_DEFAULT_STYLE}</option>{S_STYLES_OPTIONS}</select></dd>
 	</dl>
-	<dl>
-		<dt><label for="forum_perm_from">{L_COPY_PERMISSIONS}:</label><br /><span>{L_COPY_PERMISSIONS_EXPLAIN}</span></dt>
-		<dd><select id="forum_perm_from" name="forum_perm_from"><option value="0">{L_NO_PERMISSIONS}</option>{S_FORUM_OPTIONS}</select></dd>
-	</dl>
+	<!-- IF S_CAN_COPY_PERMISSIONS -->
+		<dl>
+			<dt><label for="forum_perm_from">{L_COPY_PERMISSIONS}:</label><br /><span>{L_COPY_PERMISSIONS_EXPLAIN}</span></dt>
+			<dd><select id="forum_perm_from" name="forum_perm_from"><option value="0">{L_NO_PERMISSIONS}</option>{S_FORUM_OPTIONS}</select></dd>
+		</dl>
+	<!-- ENDIF -->
 	</fieldset>

 	<div id="forum_cat_options">
--- a/phpBB/docs/CHANGELOG.html
+++ b/phpBB/docs/CHANGELOG.html
@ -202,6 +202,7 @@ p a {
 		<li>[Fix] Do not use register_shutdown_function within cron.php if handling the queue and the mail function being used (Bug #14321)</li>
 		<li>[Fix] Fixing private message on-hold code if moving messages into folder based on rules (Bug #14309)</li>
 		<li>[Fix] Allow the merge selection screen to work (Bug #14363)</li>
+		<li>[Change] Require additional permissions for copying permission when editing forums </li>
 	</ul>

 	</div>
--- a/phpBB/includes/acp/acp_forums.php
+++ b/phpBB/includes/acp/acp_forums.php
@ -163,7 +163,8 @@ class acp_forums
 						$forum_perm_from = request_var('forum_perm_from', 0);

 						// Copy permissions?
-						if ($forum_perm_from && !empty($forum_perm_from) && $forum_perm_from != $forum_data['forum_id'])
+						if ($forum_perm_from && !empty($forum_perm_from) && $forum_perm_from != $forum_data['forum_id'] && 
+							(($action != 'edit') || $auth->acl_get('acl_a_fauth && acl_a_authusers && acl_a_authgroups && acl_a_mauth')))
 						{
 							// if we edit a forum delete current permissions first
 							if ($action == 'edit')
@ -656,6 +657,7 @@ class acp_forums
 					'S_PRUNE_STICKY'			=> ($forum_data['forum_flags'] & FORUM_FLAG_PRUNE_STICKY) ? true : false,
 					'S_DISPLAY_ACTIVE_TOPICS'	=> ($forum_data['forum_flags'] & FORUM_FLAG_ACTIVE_TOPICS) ? true : false,
 					'S_ENABLE_POST_REVIEW'		=> ($forum_data['forum_flags'] & FORUM_FLAG_POST_REVIEW) ? true : false,
+					'S_CAN_COPY_PERMISSIONS'	=> (($action != 'edit') || $auth->acl_get('acl_a_fauth && acl_a_authusers && acl_a_authgroups && acl_a_mauth')),
 					)
 				);