2015-05-29 19:27:45 +00:00
|
|
|
<?php
|
|
|
|
|
/*
|
|
|
|
|
* Permission Handler
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
namespace Sakura;
|
|
|
|
|
|
|
|
|
|
class Permissions {
|
|
|
|
|
|
2015-06-04 12:41:55 +00:00
|
|
|
// Fallback permission data
|
|
|
|
|
private static $fallback = [
|
|
|
|
|
|
|
|
|
|
'rid' => 0,
|
|
|
|
|
'uid' => 0,
|
2015-08-21 22:07:45 +00:00
|
|
|
'siteperms' => 1,
|
|
|
|
|
'manageperms' => 0,
|
|
|
|
|
'forumperms' => 0,
|
|
|
|
|
'rankinherit' => 111
|
2015-06-04 12:41:55 +00:00
|
|
|
|
|
|
|
|
];
|
|
|
|
|
|
2015-05-29 19:27:45 +00:00
|
|
|
// Global permissions table
|
|
|
|
|
protected static $permissions = [
|
|
|
|
|
|
|
|
|
|
// Site permissions
|
|
|
|
|
'SITE' => [
|
|
|
|
|
|
2015-08-21 22:07:45 +00:00
|
|
|
'DEACTIVATED' => 1, // Is a user deactivated
|
|
|
|
|
'RESTRICTED' => 2, // Is a user restricted
|
2015-05-29 19:27:45 +00:00
|
|
|
'ALTER_PROFILE' => 4, // Can alter their profile data
|
|
|
|
|
'CHANGE_AVATAR' => 8, // Can change their avatar
|
|
|
|
|
'CREATE_BACKGROUND' => 16, // Can create a background (different from changing)
|
|
|
|
|
'CHANGE_BACKGROUND' => 32, // Can change their background
|
|
|
|
|
'VIEW_MEMBERLIST' => 64, // Can view the memberlist
|
|
|
|
|
'CREATE_USERPAGE' => 128, // Can create a userpage (different from changing)
|
|
|
|
|
'CHANGE_USERPAGE' => 256, // Can change their userpage
|
|
|
|
|
'USE_MESSAGES' => 512, // Can use the Private Messaging system
|
|
|
|
|
'SEND_MESSAGES' => 1024, // Can send Private Messages to other users
|
|
|
|
|
'CHANGE_EMAIL' => 2048, // Can change their account e-mail address
|
|
|
|
|
'CHANGE_USERNAME' => 4096, // Can change their username
|
|
|
|
|
'CHANGE_USERTITLE' => 8192, // Can change their usertitle
|
|
|
|
|
'CHANGE_PASSWORD' => 16384, // Can change their password
|
|
|
|
|
'CHANGE_DEFAULT_RANK' => 32768, // Can change their default rank
|
|
|
|
|
'MANAGE_SESSIONS' => 65536, // Can manage their sessions
|
|
|
|
|
'CREATE_REGKEYS' => 131072, // Can create registration keys
|
|
|
|
|
'DEACTIVATE_ACCOUNT' => 262144, // Can deactivate their account
|
|
|
|
|
'VIEW_PROFILE_DATA' => 524288, // Can view other's profile data
|
|
|
|
|
'MANAGE_FRIENDS' => 1048576, // Can manage friends (add/remove)
|
|
|
|
|
'REPORT_USERS' => 2097152, // Can report users to staff
|
|
|
|
|
'OBTAIN_PREMIUM' => 4194304, // Can obtain the premium rank
|
|
|
|
|
'JOIN_GROUPS' => 8388608, // Can join groups
|
|
|
|
|
'CREATE_GROUP' => 16777216, // Can create a group
|
|
|
|
|
'MULTIPLE_GROUPS' => 33554432, // Can create multiple groups (requires single group perm)
|
2015-08-21 22:07:45 +00:00
|
|
|
'CHANGE_NAMECOLOUR' => 67108864, // Can change their username colour
|
|
|
|
|
'STATIC_PREMIUM' => 134217728 // Can change their username colour
|
2015-05-29 19:27:45 +00:00
|
|
|
|
|
|
|
|
],
|
|
|
|
|
|
|
|
|
|
// Forum permissions
|
|
|
|
|
'FORUM' => [
|
|
|
|
|
|
|
|
|
|
'USE_FORUM' => 1
|
|
|
|
|
|
|
|
|
|
],
|
|
|
|
|
|
|
|
|
|
// Site management permissions
|
|
|
|
|
'MANAGE' => [
|
|
|
|
|
|
|
|
|
|
'USE_MANAGE' => 1
|
|
|
|
|
|
|
|
|
|
]
|
|
|
|
|
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
// Checking if a user has the permissions to do a thing
|
2015-06-04 12:41:55 +00:00
|
|
|
public static function check($layer, $action, $operator, $mode = 0) {
|
2015-05-29 19:27:45 +00:00
|
|
|
|
|
|
|
|
// Check if the permission layer and the permission itself exists
|
2015-06-04 12:41:55 +00:00
|
|
|
if(!array_key_exists($layer, self::$permissions) || !array_key_exists($action, self::$permissions[$layer]))
|
2015-05-29 19:27:45 +00:00
|
|
|
return false;
|
|
|
|
|
|
2015-06-04 12:41:55 +00:00
|
|
|
// Convert to the appropiate mode
|
|
|
|
|
if($mode === 2)
|
|
|
|
|
$operator = self::getRankPermissions($operator)[$layer];
|
|
|
|
|
elseif($mode === 1)
|
|
|
|
|
$operator = self::getUserPermissions($operator)[$layer];
|
|
|
|
|
|
2015-05-29 19:27:45 +00:00
|
|
|
// Perform the bitwise AND
|
2015-06-04 12:41:55 +00:00
|
|
|
if(bindec($operator) & self::$permissions[$layer][$action])
|
2015-05-29 19:27:45 +00:00
|
|
|
return true;
|
|
|
|
|
|
|
|
|
|
// Else just return false
|
|
|
|
|
return false;
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Get permission data of a rank from the database
|
|
|
|
|
public static function getRankPermissions($ranks) {
|
|
|
|
|
|
|
|
|
|
// Container array
|
|
|
|
|
$getRanks = [];
|
|
|
|
|
$perms = [];
|
|
|
|
|
|
|
|
|
|
// Get permission row for all ranks
|
|
|
|
|
foreach($ranks as $rank)
|
|
|
|
|
$getRanks[] = Database::fetch('permissions', false, ['rid' => [$rank, '='], 'uid' => [0 ,'=']]);
|
|
|
|
|
|
2015-06-04 12:41:55 +00:00
|
|
|
// Check if getRanks is empty or if the rank id is 0 return the fallback
|
|
|
|
|
if(empty($getRanks) || in_array(0, $ranks))
|
|
|
|
|
$getRanks = [self::$fallback];
|
|
|
|
|
|
2015-05-29 19:27:45 +00:00
|
|
|
// Go over the permission data
|
|
|
|
|
foreach($getRanks as $rank) {
|
|
|
|
|
|
|
|
|
|
// Check if perms is empty
|
|
|
|
|
if(empty($perms)) {
|
|
|
|
|
|
|
|
|
|
// Store the data of the current rank in $perms
|
|
|
|
|
$perms = [
|
|
|
|
|
|
|
|
|
|
'SITE' => $rank['siteperms'],
|
|
|
|
|
'MANAGE' => $rank['manageperms'],
|
|
|
|
|
'FORUM' => $rank['forumperms']
|
|
|
|
|
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
} else {
|
|
|
|
|
|
|
|
|
|
// Perform a bitwise OR on the ranks
|
|
|
|
|
$perms = [
|
|
|
|
|
|
|
|
|
|
'SITE' => $perms['SITE'] | $rank['siteperms'],
|
|
|
|
|
'MANAGE' => $perms['MANAGE'] | $rank['manageperms'],
|
|
|
|
|
'FORUM' => $perms['FORUM'] | $rank['forumperms']
|
|
|
|
|
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Return the compiled permission strings
|
|
|
|
|
return $perms;
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Get permission data for a user
|
|
|
|
|
public static function getUserPermissions($uid) {
|
|
|
|
|
|
|
|
|
|
// Get user data
|
|
|
|
|
$user = Users::getUser($uid);
|
|
|
|
|
|
|
|
|
|
// Attempt to get the permission row of a user
|
|
|
|
|
$userPerms = Database::fetch('permissions', false, ['rid' => [0, '='], 'uid' => [$user['id'] ,'=']]);
|
|
|
|
|
|
|
|
|
|
// Get their rank permissions
|
|
|
|
|
$rankPerms = self::getRankPermissions(json_decode($user['ranks'], true));
|
|
|
|
|
|
|
|
|
|
// Just return the rank permissions if no special ones are set
|
|
|
|
|
if(empty($userPerms))
|
|
|
|
|
return $rankPerms;
|
|
|
|
|
|
|
|
|
|
// Split the inherit option things up
|
|
|
|
|
$inheritance = str_split($userPerms['rankinherit']);
|
|
|
|
|
|
|
|
|
|
// Override site permissions
|
|
|
|
|
if(!$inheritance[0])
|
|
|
|
|
$rankPerms['SITE'] = $userPerms['siteperms'];
|
|
|
|
|
|
|
|
|
|
// Override management permissions
|
|
|
|
|
if(!$inheritance[1])
|
|
|
|
|
$rankPerms['MANAGE'] = $userPerms['manageperms'];
|
|
|
|
|
|
|
|
|
|
// Override forum permissions
|
|
|
|
|
if(!$inheritance[2])
|
|
|
|
|
$rankPerms['FORUM'] = $userPerms['forumperms'];
|
|
|
|
|
|
|
|
|
|
// Return permissions
|
|
|
|
|
return $rankPerms;
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
}
|
