diff --git a/phpBB/admin/userauth.php b/phpBB/admin/userauth.php index 45aa01d456..ed2f33c26c 100644 --- a/phpBB/admin/userauth.php +++ b/phpBB/admin/userauth.php @@ -29,6 +29,51 @@ $auth_field_match = array( ); $forum_auth_fields = array("auth_view", "auth_read", "auth_post", "auth_reply", "auth_edit", "auth_delete", "auth_sticky", "auth_announce", "auth_votecreate", "auth_vote", "auth_attachments"); +$forum_auth_key_fields = array("auth_view", "auth_read", "auth_post", "auth_reply"); + +// ---------- +// Start Functions +// +function a_auth_check_user($type, $key, $u_auth, $is_admin) +{ + + $single_user = 0; + $auth_user = array(); + + while( list($entry, $u_ary) = each($u_auth) ) + { + if(!$single_user) + { + $single_user = $u_ary['group_single_user']; + + $result = 0; + switch($type) + { + case AUTH_ACL: + $result = $u_ary[$key]; + + case AUTH_MOD: + $result = $result || $u_ary['auth_mod']; + + case AUTH_ADMIN: + $result = $result || $is_admin; + break; + } + + $auth_user['auth'] = (!$single_user) ? ( $auth_user || $result ) : $result; + + } + $auth_user['single_group'] = ($single_user) ? "single" : "group"; + + } + + return $auth_user; +} +// +// Start Functions +// ---------- + + // // // @@ -67,16 +112,18 @@ if(isset($HTTP_POST_VARS['submit']) && !empty($HTTP_POST_VARS[POST_USERS_URL])) if( !$HTTP_POST_VARS['makeadmin'] && $HTTP_POST_VARS['curadmin'] ) { // - // Delete any entries granting moderator - // status in auth_access + // Delete any entries granting in auth_access // $sql_unmod = "DELETE FROM " . AUTH_ACCESS_TABLE . " WHERE group_id = $group_id"; if(!$result = $db->sql_query($sql_unmod)) { // Error, couldn't delete entries - } + } + // + // Update users level, reset to USER + // $sql_userlevel = "UPDATE " . USERS_TABLE . " SET user_level = " . USER . " WHERE user_id = $user_id"; @@ -91,10 +138,7 @@ if(isset($HTTP_POST_VARS['submit']) && !empty($HTTP_POST_VARS[POST_USERS_URL])) else if( $HTTP_POST_VARS['makeadmin'] && !$HTTP_POST_VARS['curadmin'] ) { // - // Need to switch on admin - // level, this also requires - // we remove this user from all - // auth fields(?) + // Switch user_level to ADMIN // $sql_userlevel = "UPDATE " . USERS_TABLE . " SET user_level = " . ADMIN . " @@ -103,43 +147,37 @@ if(isset($HTTP_POST_VARS['submit']) && !empty($HTTP_POST_VARS[POST_USERS_URL])) { // Error, couldn't set user level } - + + // This needs changing -> Remove the + // user from auth_access where special + // access permissions are granted but leave + // moderator status // + // --------------------------------------- // Delete any entries in auth_access, they // are unrequired if user is becoming an // admin // - $sql_unmod = "DELETE FROM " . AUTH_ACCESS_TABLE . " + $sql_unauth = "DELETE FROM " . AUTH_ACCESS_TABLE . " WHERE aa.group_id = $group_id"; - if(!$result = $db->sql_query($sql_unmod)) + if(!$result = $db->sql_query($sql_unauth)) { // Error, couldn't delete entries } // - // Remove user from any groups // - $sql_rmgrp = "DELETE FROM " . USER_GROUP_TABLE . " - WHERE user_id = $user_id - AND group_id <> $group_id"; - if(!$result = $db->sql_query($sql_rmgrp)) - { - // Error, couldn't delete entries - } - - - $sql_mod = "INSERT INTO " . AUTH_ACCESS_TABLE . " (group_id, forum_id, auth_mod) - VALUES ($group_id, 0, 1)"; - if(!$result = $db->sql_query($sql_mod)) - { - // Error, couldn't delete entries - } + // ---------------------------------------- header("Location: userauth.$phpEx?" . POST_USERS_URL . "=$user_id"); } else { + + $change_mod_ary = (isset($HTTP_POST_VARS['moderator'])) ? $HTTP_POST_VARS['moderator'] : 0; + $change_prv_ary = (isset($HTTP_POST_VARS['private'])) ? $HTTP_POST_VARS['private'] : 0; + // // Pull all the group info // for this user @@ -149,7 +187,7 @@ if(isset($HTTP_POST_VARS['submit']) && !empty($HTTP_POST_VARS[POST_USERS_URL])) WHERE ug.user_id = $user_id AND g.group_id = ug.group_id AND aa.group_id = ug.group_id - AND g.group_single_user <> 1"; + AND g.group_single_user <> " . TRUE; $au_result = $db->sql_query($sql); $num_u_access = $db->sql_numrows($au_result); @@ -158,6 +196,87 @@ if(isset($HTTP_POST_VARS['submit']) && !empty($HTTP_POST_VARS[POST_USERS_URL])) $u_access = $db->sql_fetchrowset($au_result); } + // + // The data above lists access and moderator permissions + // for this user given by all the groups they belong to. + // These values must be checked against those requested + // by the admin and where necessary the admin is + // informed of problems. For example, if a group the user + // belongs to already grants the user moderator status + // then the user won't have moderator status enabled. + // If the user has a group entry preventing access to a + // forum then again, we must warn the admin that giving + // the user access goes against the group permissions + // (although in this case we'll go ahead and add the user) + // + + // + // Check against moderator table ... + // + $valid_auth_mod_chg = array(); + reset($change_mod_ary); + while(list($chg_forum_id, $value) = each($change_mod_ary)) + { + $a_match = $value; + for($i = 0; $i < count($u_access); $i++) + { + $forum_id = $u_access[$i]['forum_id']; + + if($forum_id == $chg_forum_id && $u_access[$i]['auth_mod'] == 1) + { + $a_match = 0; + } + } + + $valid_auth_mod_chg[$chg_forum_id] = $a_match; + + } + // + // valid_auth_mod_chg now contains an array (key is forum_id) + // where the value is 1 if the user should be an admin and 0 + // where the user is prevented (either by the admin disallowing + // or the user belonging to a group which already moderates) + // + + print_r($valid_auth_mod_chg); + echo "

"; + + // + // Check against priv access table ... + // + $valid_auth_prv_chg = array(); + reset($change_prv_ary); + while(list($chg_forum_id, $value) = each($change_prv_ary)) + { + $a_match = $value; + for($i = 0; $i < count($u_access); $i++) + { + $forum_id = $u_access[$i]['forum_id']; + + if($forum_id == $chg_forum_id) + { + for($k = 0; $k < count($forum_auth_key_fields); $k++) + { + $a_match = $a_match && $u_access[$i][$forum_auth_key_fields[$k]]; + } + } + } + + $valid_auth_prv_chg[$chg_forum_id] = $a_match; + + } + // + // valid_auth_mod_chg now contains an array (key is forum_id) + // where the value is 1 if the user should be an admin and 0 + // where the user is prevented (either by the admin disallowing + // or the user belonging to a group which already moderates) + // + + print_r($valid_auth_prv_chg); + echo "

"; + + exit; + header("Location: userauth.$phpEx?" . POST_USERS_URL . "=$user_id"); } @@ -220,7 +339,13 @@ else if(empty($HTTP_GET_VARS[POST_USERS_URL])) for($j = 0; $j < count($forum_auth_fields); $j++) { $basic_auth_level[$forum_row['forum_id']] = "public"; - if($forum_row[$forum_auth_fields[$j]] == AUTH_ACL) + + if($forum_row[$forum_auth_fields[$j]] == AUTH_REG) + { + $basic_auth_level[$forum_row['forum_id']] = "registered"; + $basic_auth_level_fields[$forum_row['forum_id']][] = $forum_auth_fields[$j]; + } + else if($forum_row[$forum_auth_fields[$j]] == AUTH_ACL) { $basic_auth_level[$forum_row['forum_id']] = "private"; $basic_auth_level_fields[$forum_row['forum_id']][] = $forum_auth_fields[$j]; @@ -245,18 +370,21 @@ else if(empty($HTTP_GET_VARS[POST_USERS_URL])) $u_result = $db->sql_query($sql); $userinf = $db->sql_fetchrowset($u_result); - $sql = "SELECT aa.forum_id, aa.auth_view, aa.auth_read, aa.auth_post, aa.auth_reply, aa.auth_edit, aa.auth_delete, aa.auth_votecreate, aa.auth_vote, aa.auth_attachments, aa.auth_mod, aa.auth_admin, g.group_single_user + $sql = "SELECT aa.forum_id, aa.auth_view, aa.auth_read, aa.auth_post, aa.auth_reply, aa.auth_edit, aa.auth_delete, aa.auth_votecreate, aa.auth_vote, aa.auth_attachments, aa.auth_mod, g.group_single_user FROM " . AUTH_ACCESS_TABLE . " aa, " . USER_GROUP_TABLE . " ug, " . GROUPS_TABLE. " g WHERE ug.user_id = $user_id AND g.group_id = ug.group_id - AND aa.group_id = ug.group_id - AND g.group_single_user = 1"; + AND aa.group_id = ug.group_id"; $au_result = $db->sql_query($sql); $num_u_access = $db->sql_numrows($au_result); if($num_u_access) { - $u_access = $db->sql_fetchrowset($au_result); + while($u_row = $db->sql_fetchrow($au_result)) + { + $u_access[$u_row['forum_id']][] = $u_row; + $num_forum_access[$u_row['forum_id']]++; + } } $is_admin = ($userinf[0]['user_level'] == ADMIN && $userinf[0]['user_id'] != ANONYMOUS) ? 1 : 0; @@ -282,11 +410,29 @@ else if(empty($HTTP_GET_VARS[POST_USERS_URL])) break; case AUTH_ACL: - $auth_user[$f_forum_id][$key] = ($user_id != ANONYMOUS) ? auth_check_user(AUTH_ACL, $key, $u_access, $is_admin) : 0; + if($user_id != ANONYMOUS && $num_forum_access[$f_forum_id]) + { + $result = a_auth_check_user(AUTH_ACL, $key, $u_access[$f_forum_id], $is_admin); + $auth_user_group[$f_forum_id][$key] = $result['single_group']; + $auth_user[$f_forum_id][$key] = $result['auth']; + } + else + { + $auth_user[$f_forum_id][$key] = 0; + } break; case AUTH_MOD: - $auth_user[$f_forum_id][$key] = ($user_id != ANONYMOUS) ? auth_check_user(AUTH_MOD, $key, $u_access, $is_admin) : 0; + if($user_id != ANONYMOUS && $num_forum_access[$f_forum_id]) + { + $result = a_auth_check_user(AUTH_MOD, $key, $u_access[$f_forum_id], $is_admin); + $auth_user_group[$f_forum_id][$key] = $result['single_group']; + $auth_user[$f_forum_id][$key] = $result['auth']; + } + else + { + $auth_user[$f_forum_id][$key] = 0; + } break; case AUTH_ADMIN: @@ -301,7 +447,16 @@ else if(empty($HTTP_GET_VARS[POST_USERS_URL])) // // Is user a moderator? // - $auth_user[$f_forum_id]['auth_mod'] = ($user_id != ANONYMOUS) ? auth_check_user(AUTH_MOD, 'auth_mod', $u_access, $is_admin) : 0; + if($user_id != ANONYMOUS && $num_forum_access[$f_forum_id]) + { + $result = a_auth_check_user(AUTH_MOD, 'auth_mod', $u_access[$f_forum_id], $is_admin); + $auth_user_group[$f_forum_id]['auth_mod'] = $result['single_group']; + $auth_user[$f_forum_id]['auth_mod'] = $result['auth']; + } + else + { + $auth_user[$f_forum_id][$key] = 0; + } } while(list($forumkey, $user_ary) = each($auth_user)) @@ -309,11 +464,24 @@ else if(empty($HTTP_GET_VARS[POST_USERS_URL])) $simple_auth[$forumkey] = 1; while(list($fieldkey, $value) = each($user_ary)) { - $simple_auth[$forumkey] = $simple_auth[$forumkey] && $value; + $simple_auth[$forumkey] = $simple_auth[$forumkey] && $value; } } reset($auth_user); + while(list($forumkey, $user_ary) = each($auth_user_group)) + { + $simple_auth_acl[$forumkey] = "single"; + $simple_auth_mod[$forumkey] = "single"; + + while(list($fieldkey, $value) = each($user_ary)) + { + $simple_auth_acl[$forumkey] = ($simple_auth_acl[$forumkey] != "group") ? $value : "group"; + $simple_auth_mod[$forumkey] = ($simple_auth_mod[$forumkey] != "group") ? $value : "group"; + } + } + + $i = 0; if($adv == -1) { @@ -329,10 +497,14 @@ else if(empty($HTTP_GET_VARS[POST_USERS_URL])) $allowed = 0; } } - $optionlist_grant = ""; + if($is_admin || $user_ary['auth_mod']) { - $optionlist_grant .= ""; + $optionlist_grant .= ""; + } + else if($allowed) + { + $optionlist_grant .= ""; } else { @@ -344,9 +516,10 @@ else if(empty($HTTP_GET_VARS[POST_USERS_URL])) { $optionlist_grant = ""; } + if($user_ary['auth_mod']) { - $optionlist_mod = ""; + $optionlist_mod = ""; } else { @@ -355,25 +528,60 @@ else if(empty($HTTP_GET_VARS[POST_USERS_URL])) switch($basic_auth_level[$forumkey]) { case 'public': - $row_class = "authall"; + $min_auth = "ANY"; + break; + case 'registered': + $min_auth = "REG"; break; case 'private': - $row_class = "authacl"; + $min_auth = "ACL"; break; case 'moderate': - $row_class = "authmod"; + $min_auth = "MOD"; break; case 'admin': - $row_class = "authadmin"; + $min_auth = "MOD"; break; default: - $row_class = "authall"; + $min_auth = "authall"; break; } + $single_group_acl = ""; + if(!empty($simple_auth_acl[$forumkey])) + { + switch($simple_auth_acl[$forumkey]) + { + case 'single': + $single_group_acl = "authuser"; + break; + case 'group': + $single_group_acl = "authgroup"; + break; + } + } + $single_group_mod = ""; + if(!empty($simple_auth_mod[$forumkey])) + { + switch($simple_auth_mod[$forumkey]) + { + case 'single': + $single_group_mod = "authuser"; + break; + case 'group': + $single_group_mod = "authgroup"; + break; + } + } + + $row_class = ($i%2) ? "row2" : "row1"; $template->assign_block_vars("forums", array( - "ROW_CLASS" => $row_class, - "FORUM_NAME" => $forum_access[$i]['forum_name'], + "ROW_CLASS" => $row_class, + "MIN_AUTH" => $min_auth, + "FORUM_NAME" => $forum_access[$i]['forum_name'], + + "AUTH_TYPE_ACL" => $row_class . $single_group_acl, + "AUTH_TYPE_MOD" => $row_class . $single_group_mod, "SELECT_GRANT_LIST" => "$optionlist_grant", "SELECT_MOD_LIST" => "") diff --git a/phpBB/templates/PSO/admin/userauth_body.tpl b/phpBB/templates/PSO/admin/userauth_body.tpl index 23ea56dd73..e32f406628 100644 --- a/phpBB/templates/PSO/admin/userauth_body.tpl +++ b/phpBB/templates/PSO/admin/userauth_body.tpl @@ -14,13 +14,14 @@ TH {background-color:#CCCCCC;font-family:Verdana,serif;font-size:8pt} TD {font-family:Verdana,serif;font-size:8pt} - TD.cell1 {background-color:#DDDDDD} - TD.cell2 {background-color:#EEEEEE} + TD.row1 {background-color:#DDDDDD} + TD.row2 {background-color:#EEEEEE} - TD.authall {background-color:#EEEEEE;text-align:center} - TD.authacl {background-color:#DDDDDD;text-align:center} - TD.authmod {background-color:#CCCCCC;text-align:center} - TD.authadmin {background-color:#BBBBBB;text-align:center} + TD.row1authuser {background-color:#FF8888;text-align:center} + TD.row2authuser {background-color:#EE8888;text-align:center} + + TD.row1authgroup {background-color:#77FF77;text-align:center} + TD.row2authgroup {background-color:#66EE66;text-align:center} SELECT.small {width:140px;font-family:"Courier New",courier;font-size:8pt;} INPUT.text {font-family:"Courier New",courier;font-size:8pt;} @@ -31,8 +32,6 @@

User Authorisation Control

-

Remember that users are also granted access via usergroups so be sure to check group auth control when assigning and changing access rights!

-

Username: {USERNAME}

This user is {USERTYPE} and {USER_GROUP_LIST} @@ -42,42 +41,38 @@

Access to Forums

-

The following table lists all forums on you board. Different colour rows indicate different levels of authorisation required for a user to do one or more basic function, eg. view, read, post, reply. By design Administrators have access to and are moderators of every forum (you cannot alter individual settings for Administrators, you must first set them as users by unchecking the box above)

+

The Min Auth Reqd. field indicates the minimum authorisation rights required to carry out one or more basic forum operation, eg. view, read, post or reply. The colour coded rows in the table whether access is granted by the user or group rights, if access is granted by group rights then you should visit the Group Auth Admin page to alter it.

- + + - - - + + + + - +
Forum NameForum NameMin Auth Reqd. Simple Access Control Moderator
{forums.FORUM_NAME}{forums.SELECT_GRANT_LIST}{forums.SELECT_MOD_LIST}{forums.FORUM_NAME}{forums.MIN_AUTH}{forums.SELECT_GRANT_LIST}{forums.SELECT_MOD_LIST}
{S_HIDDEN_FIELDS}   {S_HIDDEN_FIELDS}   
-

The colour coded rows in the table indicate the access level required to view, read, post or reply in the forum.

+

The Min Auth Reqd. field indicates the minimum authorisation rights required to carry out one or more basic forum operation, eg. view, read or post. The colour coded rows in the table whether access is granted by the user or group rights.

- + - - - - - - - +
Any or registered users can access this forumAccess rights are granted by User Auth Control
Users must be granted special access
Users must be moderators
Users must be adminsAccess rights are granted by Group Auth Control