authInfo->getPerms('user'); if(!$viewerPerms->check(Perm::U_ROLES_MANAGE)) Template::throwError(403); $roleInfo = null; if(filter_has_var(INPUT_GET, 'r')) { $roleId = (string)filter_input(INPUT_GET, 'r', FILTER_SANITIZE_NUMBER_INT); try { $isNew = false; $roleInfo = $msz->usersCtx->roles->getRole($roleId); } catch(RuntimeException $ex) { Template::throwError(404); } } else $isNew = true; $currentUser = $msz->authInfo->userInfo; $canEditPerms = $viewerPerms->check(Perm::U_PERMS_MANAGE); $permsInfos = $roleInfo === null ? null : $msz->perms->getPermissionInfo(roleInfo: $roleInfo, categoryNames: Perm::INFO_FOR_ROLE); $permsLists = Perm::createList(Perm::LISTS_FOR_ROLE); while($_SERVER['REQUEST_METHOD'] === 'POST' && CSRF::validateRequest()) { $userRank = $msz->usersCtx->users->getUserRank($currentUser); if(!$isNew && !$currentUser->super && $roleInfo->rank >= $userRank) { echo 'You aren\'t allowed to edit this role.'; break; } $roleString = (string)filter_input(INPUT_POST, 'ur_string'); $roleName = (string)filter_input(INPUT_POST, 'ur_name'); $roleHide = !empty($_POST['ur_hidden']); $roleLeavable = !empty($_POST['ur_leavable']); $roleRank = (int)filter_input(INPUT_POST, 'ur_rank', FILTER_SANITIZE_NUMBER_INT); $roleTitle = (string)filter_input(INPUT_POST, 'ur_title'); $roleDesc = (string)filter_input(INPUT_POST, 'ur_desc'); $colourInherit = !empty($_POST['ur_col_inherit']); $colourRed = (int)filter_input(INPUT_POST, 'ur_col_red', FILTER_SANITIZE_NUMBER_INT); $colourGreen = (int)filter_input(INPUT_POST, 'ur_col_green', FILTER_SANITIZE_NUMBER_INT); $colourBlue = (int)filter_input(INPUT_POST, 'ur_col_blue', FILTER_SANITIZE_NUMBER_INT); Template::set([ 'role_ur_string' => $roleString, 'role_ur_name' => $roleName, 'role_ur_hidden' => $roleHide, 'role_ur_leavable' => $roleLeavable, 'role_ur_rank' => $roleRank, 'role_ur_title' => $roleTitle, 'role_ur_desc' => $roleDesc, 'role_ur_col_inherit' => $colourInherit, 'role_ur_col_red' => $colourRed, 'role_ur_col_green' => $colourGreen, 'role_ur_col_blue' => $colourBlue, ]); if(!$currentUser->super && $roleRank >= $userRank) { echo 'You aren\'t allowed to make a role with equal rank to your own.'; break; } $roleNameLength = mb_strlen($roleName); if($roleNameLength < 1 || $roleNameLength > 100) { echo 'Provided role name is either too long or too short.'; break; } if($roleRank < 1 || $roleRank > 100) { echo 'Role rank may not be less than 1 or more than 100.'; break; } $roleColour = $colourInherit ? Colour::none() : new ColourRgb($colourRed, $colourGreen, $colourBlue); if(mb_strlen($roleDesc) > 1000) { echo 'Description may not be longer than 1000 characters.'; break; } if(mb_strlen($roleTitle) > 64) { echo 'Role title may not be longer than 64 characters.'; break; } if(strlen($roleString) > 20) { echo 'Role string may not be longer than 20 characters.'; break; } if(strlen($roleString) > 1 && !ctype_alpha($roleString[0])) { echo 'Role string most start with an alphabetical character.'; break; } if($isNew) { $roleInfo = $msz->usersCtx->roles->createRole( $roleName, $roleRank, $roleColour, string: $roleString, title: $roleTitle, description: $roleDesc, hidden: $roleHide, leavable: $roleLeavable ); } else { if($roleName === $roleInfo->name) $roleName = null; if($roleString === $roleInfo->string) $roleString = null; if($roleHide === $roleInfo->hidden) $roleHide = null; if($roleLeavable === $roleInfo->leavable) $roleLeavable = null; if($roleRank === $roleInfo->rank) $roleRank = null; if($roleTitle === $roleInfo->title) $roleTitle = null; if($roleDesc === $roleInfo->description) $roleDesc = null; // local genius did not implement colour comparison if((string)$roleColour === (string)$roleInfo->colour) $roleColour = null; $msz->usersCtx->roles->updateRole( $roleInfo, string: $roleString, name: $roleName, rank: $roleRank, colour: $roleColour, title: $roleTitle, description: $roleDesc, hidden: $roleHide, leavable: $roleLeavable ); } $msz->createAuditLog( $isNew ? 'ROLE_CREATE' : 'ROLE_UPDATE', [$roleInfo->id] ); if($canEditPerms && filter_has_var(INPUT_POST, 'perms')) { $permsApply = Perm::convertSubmission( filter_input(INPUT_POST, 'perms', FILTER_DEFAULT, FILTER_REQUIRE_ARRAY), Perm::INFO_FOR_ROLE ); foreach($permsApply as $categoryName => $values) $msz->perms->setPermissions($categoryName, $values['allow'], $values['deny'], roleInfo: $roleInfo); // could target all users with the role but ech $msz->config->setBoolean('perms.needsRecalc', true); } Tools::redirect($msz->urls->format('manage-role', ['role' => $roleInfo->id])); return; } Template::render('manage.users.role', [ 'role_new' => $isNew, 'role_info' => $roleInfo ?? null, 'can_edit_perms' => $canEditPerms, 'perms_lists' => $permsLists, 'perms_infos' => $permsInfos, ]);