Vergleich admin/modules/user/admin_permissions.php - 1.8.1 - 1.8.30

  Keine Änderungen   Hinzugefügt   Modifiziert   Entfernt
Zeile 37Zeile 37
	);
}


	);
}


$uid = $mybb->get_input('uid', 1);

$uid = $mybb->get_input('uid', MyBB::INPUT_INT);


$plugins->run_hooks("admin_user_admin_permissions_begin");



$plugins->run_hooks("admin_user_admin_permissions_begin");


Zeile 49Zeile 49
		admin_redirect("index.php?module=user-admin_permissions");
}


		admin_redirect("index.php?module=user-admin_permissions");
}


	if($mybb->input['no'])

	if($mybb->get_input('no'))

	{
admin_redirect("index.php?module=user-admin_permissions");
}

	{
admin_redirect("index.php?module=user-admin_permissions");
}

Zeile 122Zeile 122
	{
foreach($mybb->input['permissions'] as $module => $actions)
{

	{
foreach($mybb->input['permissions'] as $module => $actions)
{

			$no_access = 0;
foreach($actions as $action => $access)

			if(is_array($actions))


			{

			{

				if($access == 0)


				$no_access = 0;
foreach($actions as $action => $access)

				{

				{

					++$no_access;









					if($access == 0)
{
++$no_access;
}
}
// User can't access any actions in this module - just disallow it completely
if($no_access == count($actions))
{
unset($mybb->input['permissions'][$module]);

				}

				}

			}
// User can't access any actions in this module - just disallow it completely
if($no_access == count($actions))
{
unset($mybb->input['permissions'][$module]);

 
			}
}

// Does an options row exist for this admin already?

			}
}

// Does an options row exist for this admin already?

		$query = $db->simple_select("adminoptions", "COUNT(uid) AS existing_options", "uid='".$mybb->get_input('uid', 1)."'");

		$query = $db->simple_select("adminoptions", "COUNT(uid) AS existing_options", "uid='".$mybb->get_input('uid', MyBB::INPUT_INT)."'");

		$existing_options = $db->fetch_field($query, "existing_options");
if($existing_options > 0)
{

		$existing_options = $db->fetch_field($query, "existing_options");
if($existing_options > 0)
{

			$db->update_query("adminoptions", array('permissions' => $db->escape_string(serialize($mybb->input['permissions']))), "uid = '".$mybb->get_input('uid', 1)."'");

			$db->update_query("adminoptions", array('permissions' => $db->escape_string(my_serialize($mybb->input['permissions']))), "uid = '".$mybb->get_input('uid', MyBB::INPUT_INT)."'");

		}
else
{
$insert_array = array(

		}
else
{
$insert_array = array(

				"uid" => $mybb->get_input('uid', 1),
"permissions" => $db->escape_string(serialize($mybb->input['permissions'])),

				"uid" => $mybb->get_input('uid', MyBB::INPUT_INT),
"permissions" => $db->escape_string(my_serialize($mybb->input['permissions'])),

				"notes" => '',
"defaultviews" => ''
);

				"notes" => '',
"defaultviews" => ''
);

Zeile 210Zeile 213

$admin = $db->fetch_array($query);
$permission_data = get_admin_permissions($uid, $admin['gid']);


$admin = $db->fetch_array($query);
$permission_data = get_admin_permissions($uid, $admin['gid']);

		$title = $admin['username'];

		$title = htmlspecialchars_uni($admin['username']);

		$page->add_breadcrumb_item($lang->user_permissions, "index.php?module=user-admin_permissions");
}
elseif($uid < 0)

		$page->add_breadcrumb_item($lang->user_permissions, "index.php?module=user-admin_permissions");
}
elseif($uid < 0)

	{

	{

		$gid = abs($uid);
$query = $db->simple_select("usergroups", "title", "gid='$gid'");
$group = $db->fetch_array($query);

		$gid = abs($uid);
$query = $db->simple_select("usergroups", "title", "gid='$gid'");
$group = $db->fetch_array($query);

Zeile 294Zeile 297
		$form_container = new FormContainer("{$module['name']}");
foreach($module['permissions'] as $action => $title)
{

		$form_container = new FormContainer("{$module['name']}");
foreach($module['permissions'] as $action => $title)
{

 
			if(!isset($permission_data[$key][$action]))
{
$permission_data[$key][$action] = 0;
}


			$form_container->output_row($title, "", $form->generate_yes_no_radio('permissions['.$key.']['.$action.']', (int)$permission_data[$key][$action], array('yes' => 1, 'no' => 0)), 'permissions['.$key.']['.$action.']');
}
$form_container->end();
echo "</div>\n";
}

			$form_container->output_row($title, "", $form->generate_yes_no_radio('permissions['.$key.']['.$action.']', (int)$permission_data[$key][$action], array('yes' => 1, 'no' => 0)), 'permissions['.$key.']['.$action.']');
}
$form_container->end();
echo "</div>\n";
}





	$buttons[] = $form->generate_submit_button($lang->update_permissions);
$form->output_submit_wrapper($buttons);
$form->end();

	$buttons[] = $form->generate_submit_button($lang->update_permissions);
$form->output_submit_wrapper($buttons);
$form->end();

Zeile 318Zeile 326

$table = new Table;
$table->construct_header($lang->group);


$table = new Table;
$table->construct_header($lang->group);

	$table->construct_header($lang->controls, array("class" => "align_center", "width" => 150));

// Get usergroups with ACP access
$query = $db->query("
SELECT g.title, g.cancp, a.permissions, g.gid
FROM ".TABLE_PREFIX."usergroups g
LEFT JOIN ".TABLE_PREFIX."adminoptions a ON (a.uid = -g.gid)
WHERE g.cancp = 1
ORDER BY g.title ASC
");

	$table->construct_header($lang->controls, array("class" => "align_center", "width" => 150));

// Get usergroups with ACP access
$query = $db->query("
SELECT g.title, g.cancp, a.permissions, g.gid
FROM ".TABLE_PREFIX."usergroups g
LEFT JOIN ".TABLE_PREFIX."adminoptions a ON (a.uid = -g.gid)
WHERE g.cancp = 1
ORDER BY g.title ASC
");

	while($group = $db->fetch_array($query))
{
if($group['permissions'] != "")

	while($group = $db->fetch_array($query))
{
if($group['permissions'] != "")

		{

		{

			$perm_type = "group";
}
else

			$perm_type = "group";
}
else

Zeile 339Zeile 347
			$perm_type = "default";
}
$uid = -$group['gid'];

			$perm_type = "default";
}
$uid = -$group['gid'];

 

$group['title'] = htmlspecialchars_uni($group['title']);


		$table->construct_cell("<div class=\"float_right\"><img src=\"styles/{$page->style}/images/icons/{$perm_type}.png\" title=\"{$lang->permissions_type_group}\" alt=\"{$perm_type}\" /></div><div><strong><a href=\"index.php?module=user-admin_permissions&amp;action=edit&amp;uid={$uid}\" title=\"{$lang->edit_group}\">{$group['title']}</a></strong><br /></div>");

if($group['permissions'] != "")

		$table->construct_cell("<div class=\"float_right\"><img src=\"styles/{$page->style}/images/icons/{$perm_type}.png\" title=\"{$lang->permissions_type_group}\" alt=\"{$perm_type}\" /></div><div><strong><a href=\"index.php?module=user-admin_permissions&amp;action=edit&amp;uid={$uid}\" title=\"{$lang->edit_group}\">{$group['title']}</a></strong><br /></div>");

if($group['permissions'] != "")

Zeile 347Zeile 358
			$popup->add_item($lang->edit_permissions, "index.php?module=user-admin_permissions&amp;action=edit&amp;uid={$uid}");

// Check permissions for Revoke

			$popup->add_item($lang->edit_permissions, "index.php?module=user-admin_permissions&amp;action=edit&amp;uid={$uid}");

// Check permissions for Revoke

			$popup->add_item($lang->revoke_permissions, "index.php?module=user-admin_permissions&amp;action=delete&amp;uid={$uid}&amp;my_post_key={$mybb->post_code}", "return AdminCP.deleteConfirmation(this, 'Are you sure you wish to revoke this group\'s permissions?')");

			$popup->add_item($lang->revoke_permissions, "index.php?module=user-admin_permissions&amp;action=delete&amp;uid={$uid}&amp;my_post_key={$mybb->post_code}", "return AdminCP.deleteConfirmation(this, '$lang->confirm_perms_deletion3')");

			$table->construct_cell($popup->fetch(), array("class" => "align_center"));
}
else

			$table->construct_cell($popup->fetch(), array("class" => "align_center"));
}
else

Zeile 398Zeile 409
		$usergroups[$usergroup['gid']] = $usergroup;
}


		$usergroups[$usergroup['gid']] = $usergroup;
}


	// Get users whose primary or secondary usergroup has ACP access
$comma = $primary_group_list = $secondary_group_list = '';
foreach($usergroups as $gid => $group_info)

	if(!empty($usergroups))



	{

	{

		$primary_group_list .= $comma.$gid;
switch($db->type)
{
case "pgsql":
case "sqlite":
$secondary_group_list .= " OR ','|| u.additionalgroups||',' LIKE '%,{$gid},%'";
break;
default:
$secondary_group_list .= " OR CONCAT(',', u.additionalgroups,',') LIKE '%,{$gid},%'";
}

$comma = ',';
}

$group_list = implode(',', array_keys($usergroups));
$secondary_groups = ','.$group_list.',';

// Get usergroups with ACP access
$query = $db->query("
SELECT g.title, g.cancp, a.permissions, g.gid
FROM ".TABLE_PREFIX."usergroups g
LEFT JOIN ".TABLE_PREFIX."adminoptions a ON (a.uid = -g.gid)
WHERE g.cancp = 1
ORDER BY g.title ASC
");
while($group = $db->fetch_array($query))
{
$group_permissions[$group['gid']] = $group['permissions'];
}

$query = $db->query("
SELECT u.uid, u.username, u.lastactive, u.usergroup, u.additionalgroups, a.permissions
FROM ".TABLE_PREFIX."users u
LEFT JOIN ".TABLE_PREFIX."adminoptions a ON (a.uid=u.uid)
WHERE u.usergroup IN ({$primary_group_list}) {$secondary_group_list}
ORDER BY u.username ASC
");
while($admin = $db->fetch_array($query))
{
if($admin['permissions'] != "")
{
$perm_type = "user";
}
else

		// Get users whose primary or secondary usergroup has ACP access
$comma = $primary_group_list = $secondary_group_list = '';
foreach($usergroups as $gid => $group_info)










































		{

		{

			$groups = explode(",", $admin['additionalgroups'].",".$admin['usergroup']);
foreach($groups as $group)

			$primary_group_list .= $comma.$gid;
switch($db->type)

			{

			{

				if($group == "") continue;
if($group_permissions[$group] != "")
{
$perm_type = "group";

				case "pgsql":
case "sqlite":
$secondary_group_list .= " OR ','|| u.additionalgroups||',' LIKE '%,{$gid},%'";


					break;

					break;

				}
}

if(!$group_permissions)
{
$perm_type = "default";
}















				default:
$secondary_group_list .= " OR CONCAT(',', u.additionalgroups,',') LIKE '%,{$gid},%'";
}

$comma = ',';
}

$group_list = implode(',', array_keys($usergroups));
$secondary_groups = ','.$group_list.',';

// Get usergroups with ACP access
$query = $db->query("
SELECT g.title, g.cancp, a.permissions, g.gid
FROM ".TABLE_PREFIX."usergroups g
LEFT JOIN ".TABLE_PREFIX."adminoptions a ON (a.uid = -g.gid)
WHERE g.cancp = 1
ORDER BY g.title ASC
");
while($group = $db->fetch_array($query))
{
$group_permissions[$group['gid']] = $group['permissions'];

		}


		}


		$usergroup_list = array();
























































		$query = $db->query("
SELECT u.uid, u.username, u.lastactive, u.usergroup, u.additionalgroups, a.permissions
FROM ".TABLE_PREFIX."users u
LEFT JOIN ".TABLE_PREFIX."adminoptions a ON (a.uid=u.uid)
WHERE u.usergroup IN ({$primary_group_list}) {$secondary_group_list}
ORDER BY u.username ASC
");
while($admin = $db->fetch_array($query))
{
$perm_type = "default";

if($admin['permissions'] != "")
{
$perm_type = "user";
}
else
{
$groups = explode(",", $admin['additionalgroups'].",".$admin['usergroup']);
foreach($groups as $group)
{
if($group == "") continue;
if($group_permissions[$group] != "")
{
$perm_type = "group";
break;
}
}
}

$usergroup_list = array();

// Build a list of group memberships that have access to the Admin CP
// Primary usergroup?
if(!empty($usergroups[$admin['usergroup']]) && $usergroups[$admin['usergroup']]['cancp'] == 1)
{
$usergroup_list[] = "<i>".htmlspecialchars_uni($usergroups[$admin['usergroup']]['title'])."</i>";
}

// Secondary usergroups?
$additional_groups = explode(',', $admin['additionalgroups']);
if(is_array($additional_groups))
{
foreach($additional_groups as $gid)
{
if(!empty($usergroups[$gid]) && $usergroups[$gid]['cancp'] == 1)
{
$usergroup_list[] = htmlspecialchars_uni($usergroups[$gid]['title']);
}
}
}
$usergroup_list = implode($lang->comma, $usergroup_list);

$username = htmlspecialchars_uni($admin['username']);
$table->construct_cell("<div class=\"float_right\"><img src=\"styles/{$page->style}/images/icons/{$perm_type}.png\" title=\"{$lang->permissions_type_user}\" alt=\"{$perm_type}\" /></div><div><strong><a href=\"index.php?module=user-admin_permissions&amp;action=edit&amp;uid={$admin['uid']}\" title=\"{$lang->edit_user}\">{$username}</a></strong><br /><small>{$usergroup_list}</small></div>");

$table->construct_cell(my_date('relative', $admin['lastactive']), array("class" => "align_center"));





		// Build a list of group memberships that have access to the Admin CP
// Primary usergroup?
if($usergroups[$admin['usergroup']]['cancp'] == 1)
{
$usergroup_list[] = "<i>".$usergroups[$admin['usergroup']]['title']."</i>";
}

// Secondary usergroups?
$additional_groups = explode(',', $admin['additionalgroups']);
if(is_array($additional_groups))
{
foreach($additional_groups as $gid)

			$popup = new PopupMenu("adminperm_{$admin['uid']}", $lang->options);
if(!is_super_admin($admin['uid']))











			{

			{

				if($usergroups[$gid]['cancp'] == 1)

				if($admin['permissions'] != "")

				{

				{

					$usergroup_list[] = $usergroups[$gid]['title'];






					$popup->add_item($lang->edit_permissions, "index.php?module=user-admin_permissions&amp;action=edit&amp;uid={$admin['uid']}");
$popup->add_item($lang->revoke_permissions, "index.php?module=user-admin_permissions&amp;action=delete&amp;uid={$admin['uid']}&amp;my_post_key={$mybb->post_code}", "return AdminCP.deleteConfirmation(this, '{$lang->confirm_perms_deletion2}')");
}
else
{
$popup->add_item($lang->set_permissions, "index.php?module=user-admin_permissions&amp;action=edit&amp;uid={$admin['uid']}");

				}
}

				}
}

 
			$popup->add_item($lang->view_log, "index.php?module=tools-adminlog&amp;uid={$admin['uid']}");
$table->construct_cell($popup->fetch(), array("class" => "align_center"));
$table->construct_row();

		}

		}

		$usergroup_list = implode(", ", $usergroup_list);

$table->construct_cell("<div class=\"float_right\"><img src=\"styles/{$page->style}/images/icons/{$perm_type}.png\" title=\"{$lang->perms_type_user}\" alt=\"{$perm_type}\" /></div><div><strong><a href=\"index.php?module=user-admin_permissions&amp;action=edit&amp;uid={$admin['uid']}\" title=\"{$lang->edit_user}\">{$admin['username']}</a></strong><br /><small>{$usergroup_list}</small></div>");

$table->construct_cell(my_date('relative', $admin['lastactive']), array("class" => "align_center"));

$popup = new PopupMenu("adminperm_{$admin['uid']}", $lang->options);
if(!is_super_admin($admin['uid']))
{
if($admin['permissions'] != "")
{
$popup->add_item($lang->edit_permissions, "index.php?module=user-admin_permissions&amp;action=edit&amp;uid={$admin['uid']}");
$popup->add_item($lang->revoke_permissions, "index.php?module=user-admin_permissions&amp;action=delete&amp;uid={$admin['uid']}&amp;my_post_key={$mybb->post_code}", "return AdminCP.deleteConfirmation(this, '{$lang->confirm_perms_deletion2}')");
}
else
{
$popup->add_item($lang->set_permissions, "index.php?module=user-admin_permissions&amp;action=edit&amp;uid={$admin['uid']}");
}
}
$popup->add_item($lang->view_log, "index.php?module=tools-adminlog&amp;uid={$admin['uid']}");
$table->construct_cell($popup->fetch(), array("class" => "align_center"));
$table->construct_row();

 
	}


	}


	if($table->num_rows() == 0)

	if(empty($usergroups) || $table->num_rows() == 0)

	{
$table->construct_cell($lang->no_user_perms, array("colspan" => "3"));
$table->construct_row();

	{
$table->construct_cell($lang->no_user_perms, array("colspan" => "3"));
$table->construct_row();