Rewrote permissions system.
This commit is contained in:
parent
ca23822e40
commit
07a2868159
63 changed files with 1286 additions and 989 deletions
|
@ -2,6 +2,6 @@
|
|||
> Misuzu can and will steal your lunch money.
|
||||
|
||||
## Requirements
|
||||
- PHP 8.2
|
||||
- PHP 8.2 (64-bit)
|
||||
- MariaDB 10.6
|
||||
- [Composer](https://getcomposer.org/)
|
||||
|
|
125
database/2023_08_30_213930_new_permissions_system.php
Normal file
125
database/2023_08_30_213930_new_permissions_system.php
Normal file
|
@ -0,0 +1,125 @@
|
|||
<?php
|
||||
use Index\Data\IDbConnection;
|
||||
use Index\Data\Migration\IDbMigration;
|
||||
|
||||
final class NewPermissionsSystem_20230830_213930 implements IDbMigration {
|
||||
public function migrate(IDbConnection $conn): void {
|
||||
// make sure cron doesn't fuck us over
|
||||
$conn->execute('DELETE FROM msz_config WHERE config_name = "perms.needsRecalc"');
|
||||
|
||||
$conn->execute('
|
||||
CREATE TABLE msz_perms (
|
||||
user_id INT(10) UNSIGNED NULL DEFAULT NULL,
|
||||
role_id INT(10) UNSIGNED NULL DEFAULT NULL,
|
||||
forum_id INT(10) UNSIGNED NULL DEFAULT NULL,
|
||||
perms_category VARBINARY(64) NOT NULL,
|
||||
perms_allow BIGINT(20) UNSIGNED NOT NULL,
|
||||
perms_deny BIGINT(20) UNSIGNED NOT NULL,
|
||||
UNIQUE KEY perms_unique (user_id, role_id, forum_id, perms_category),
|
||||
KEY perms_user_foreign (user_id),
|
||||
KEY perms_role_foreign (role_id),
|
||||
KEY perms_forum_foreign (forum_id),
|
||||
KEY perms_category_index (perms_category),
|
||||
CONSTRAINT perms_user_foreign
|
||||
FOREIGN KEY (user_id)
|
||||
REFERENCES msz_users (user_id)
|
||||
ON UPDATE CASCADE
|
||||
ON DELETE CASCADE,
|
||||
CONSTRAINT perms_role_foreign
|
||||
FOREIGN KEY (role_id)
|
||||
REFERENCES msz_roles (role_id)
|
||||
ON UPDATE CASCADE
|
||||
ON DELETE CASCADE,
|
||||
CONSTRAINT perms_forum_foreign
|
||||
FOREIGN KEY (forum_id)
|
||||
REFERENCES msz_forum_categories (forum_id)
|
||||
ON UPDATE CASCADE
|
||||
ON DELETE CASCADE
|
||||
) ENGINE=InnoDB COLLATE=utf8mb4_bin
|
||||
');
|
||||
|
||||
$conn->execute('
|
||||
ALTER TABLE msz_perms
|
||||
ADD CONSTRAINT perms_53bit
|
||||
CHECK (perms_allow >= 0 AND perms_deny >= 0 AND perms_allow <= 9007199254740991 AND perms_deny <= 9007199254740991),
|
||||
ADD CONSTRAINT perms_only_user_or_role
|
||||
CHECK ((user_id IS NULL AND role_id IS NULL) OR (user_id IS NULL AND role_id IS NOT NULL) OR (user_id IS NOT NULL AND role_id IS NULL))
|
||||
');
|
||||
|
||||
$conn->execute('
|
||||
CREATE TABLE msz_perms_calculated (
|
||||
user_id INT(10) UNSIGNED NULL DEFAULT NULL,
|
||||
forum_id INT(10) UNSIGNED NULL DEFAULT NULL,
|
||||
perms_category VARBINARY(64) NOT NULL,
|
||||
perms_calculated BIGINT(20) UNSIGNED NOT NULL,
|
||||
UNIQUE KEY perms_calculated_unique (user_id, forum_id, perms_category),
|
||||
KEY perms_calculated_user_foreign (user_id),
|
||||
KEY perms_calculated_forum_foreign (forum_id),
|
||||
KEY perms_calculated_category_index (perms_category),
|
||||
CONSTRAINT perms_calculated_user_foreign
|
||||
FOREIGN KEY (user_id)
|
||||
REFERENCES msz_users (user_id)
|
||||
ON UPDATE CASCADE
|
||||
ON DELETE CASCADE,
|
||||
CONSTRAINT perms_calculated_forum_foreign
|
||||
FOREIGN KEY (forum_id)
|
||||
REFERENCES msz_forum_categories (forum_id)
|
||||
ON UPDATE CASCADE
|
||||
ON DELETE CASCADE
|
||||
) ENGINE=InnoDB COLLATE=utf8mb4_bin
|
||||
');
|
||||
|
||||
$conn->execute('
|
||||
ALTER TABLE msz_perms_calculated
|
||||
ADD CONSTRAINT perms_calculated_53bit
|
||||
CHECK (perms_calculated >= 0 AND perms_calculated <= 9007199254740991)
|
||||
');
|
||||
|
||||
$insert = $conn->prepare('INSERT INTO msz_perms (user_id, role_id, forum_id, perms_category, perms_allow, perms_deny) VALUES (?, ?, ?, ?, ?, ?)');
|
||||
|
||||
$result = $conn->query('SELECT user_id, role_id, general_perms_allow, general_perms_deny, user_perms_allow, user_perms_deny, changelog_perms_allow, changelog_perms_deny, news_perms_allow, news_perms_deny, forum_perms_allow, forum_perms_deny, comments_perms_allow, comments_perms_deny FROM msz_permissions');
|
||||
while($result->next()) {
|
||||
$insert->addParameter(1, $result->isNull(0) ? null : $result->getString(0));
|
||||
$insert->addParameter(2, $result->isNull(1) ? null : $result->getString(1));
|
||||
$insert->addParameter(3, null);
|
||||
$insert->addParameter(4, 'user');
|
||||
$insert->addParameter(5, $result->getInteger(4));
|
||||
$insert->addParameter(6, $result->getInteger(5));
|
||||
$insert->execute();
|
||||
|
||||
$allow = $result->getInteger(2);
|
||||
$allow |= $result->getInteger(6) << 8;
|
||||
$allow |= $result->getInteger(8) << 16;
|
||||
$allow |= $result->getInteger(10) << 24;
|
||||
$allow |= $result->getInteger(12) << 32;
|
||||
|
||||
$deny = $result->getInteger(3);
|
||||
$deny |= $result->getInteger(7) << 8;
|
||||
$deny |= $result->getInteger(9) << 16;
|
||||
$deny |= $result->getInteger(11) << 24;
|
||||
$deny |= $result->getInteger(13) << 32;
|
||||
|
||||
$insert->addParameter(4, 'global');
|
||||
$insert->addParameter(5, $allow);
|
||||
$insert->addParameter(6, $deny);
|
||||
$insert->execute();
|
||||
}
|
||||
|
||||
$result = $conn->query('SELECT user_id, role_id, forum_id, forum_perms_allow, forum_perms_deny FROM msz_forum_permissions');
|
||||
while($result->next()) {
|
||||
$insert->addParameter(1, $result->isNull(0) ? null : $result->getString(0));
|
||||
$insert->addParameter(2, $result->isNull(1) ? null : $result->getString(1));
|
||||
$insert->addParameter(3, $result->getString(2));
|
||||
$insert->addParameter(4, 'forum');
|
||||
$insert->addParameter(5, $result->getInteger(3));
|
||||
$insert->addParameter(6, $result->getInteger(4));
|
||||
$insert->execute();
|
||||
}
|
||||
|
||||
$conn->execute('DROP TABLE msz_forum_permissions');
|
||||
$conn->execute('DROP TABLE msz_permissions');
|
||||
|
||||
// schedule recalc
|
||||
$conn->execute('INSERT INTO msz_config (config_name, config_value) VALUES ("perms.needsRecalc", "b:1;")');
|
||||
}
|
||||
}
|
|
@ -23,7 +23,6 @@ mb_internal_encoding('utf-8');
|
|||
date_default_timezone_set('utc');
|
||||
|
||||
require_once MSZ_ROOT . '/utility.php';
|
||||
require_once MSZ_SOURCE . '/perms.php';
|
||||
require_once MSZ_SOURCE . '/url.php';
|
||||
|
||||
$dbConfig = parse_ini_file(MSZ_CONFIG . '/config.ini', true, INI_SCANNER_TYPED);
|
||||
|
|
|
@ -113,7 +113,7 @@ while(!empty($_POST['login']) && is_array($_POST['login'])) {
|
|||
if($userInfo->passwordNeedsRehash())
|
||||
$users->updateUser($userInfo, password: $_POST['login']['password']);
|
||||
|
||||
if(!empty($loginPermCat) && $loginPermVal > 0 && !perms_check_user($loginPermCat, $userInfo->getId(), $loginPermVal)) {
|
||||
if(!empty($loginPermCat) && $loginPermVal > 0 && !$msz->getPerms()->checkPermissions($loginPermCat, $loginPermVal, $userInfo)) {
|
||||
$notices[] = "Login succeeded, but you're not allowed to browse the site right now.";
|
||||
$loginAttempts->recordAttempt(true, $ipAddress, $countryCode, $userAgent, $clientInfo, $userInfo);
|
||||
break;
|
||||
|
|
|
@ -30,7 +30,7 @@ if($msz->hasActiveBan()) {
|
|||
$currentUserInfo = $msz->getActiveUser();
|
||||
|
||||
$comments = $msz->getComments();
|
||||
$commentPerms = perms_for_comments($currentUserInfo->getId());
|
||||
$perms = $msz->getAuthInfo()->getPerms('global');
|
||||
|
||||
$commentId = (string)filter_input(INPUT_GET, 'c', FILTER_SANITIZE_NUMBER_INT);
|
||||
$commentMode = (string)filter_input(INPUT_GET, 'm');
|
||||
|
@ -55,7 +55,7 @@ if($commentMode !== 'create' && empty($commentInfo)) {
|
|||
switch($commentMode) {
|
||||
case 'pin':
|
||||
case 'unpin':
|
||||
if(!$commentPerms['can_pin'] && !$categoryInfo->isOwner($currentUserInfo)) {
|
||||
if(!$perms->check(Perm::G_COMMENTS_PIN) && !$categoryInfo->isOwner($currentUserInfo)) {
|
||||
echo render_info("You're not allowed to pin comments.", 403);
|
||||
break;
|
||||
}
|
||||
|
@ -92,7 +92,7 @@ switch($commentMode) {
|
|||
break;
|
||||
|
||||
case 'vote':
|
||||
if(!$commentPerms['can_vote'] && !$categoryInfo->isOwner($currentUserInfo)) {
|
||||
if(!$perms->check(Perm::G_COMMENTS_VOTE) && !$categoryInfo->isOwner($currentUserInfo)) {
|
||||
echo render_info("You're not allowed to vote on comments.", 403);
|
||||
break;
|
||||
}
|
||||
|
@ -113,21 +113,23 @@ switch($commentMode) {
|
|||
break;
|
||||
|
||||
case 'delete':
|
||||
if(!$commentPerms['can_delete'] && !$categoryInfo->isOwner($currentUserInfo)) {
|
||||
$canDelete = $perms->check(Perm::G_COMMENTS_DELETE_OWN | Perm::G_COMMENTS_DELETE_ANY);
|
||||
if(!$canDelete && !$categoryInfo->isOwner($currentUserInfo)) {
|
||||
echo render_info("You're not allowed to delete comments.", 403);
|
||||
break;
|
||||
}
|
||||
|
||||
$canDeleteAny = $perms->check(Perm::G_COMMENTS_DELETE_ANY);
|
||||
if($commentInfo->isDeleted()) {
|
||||
echo render_info(
|
||||
$commentPerms['can_delete_any'] ? 'This comment is already marked for deletion.' : "This comment doesn't exist.",
|
||||
$canDeleteAny ? 'This comment is already marked for deletion.' : "This comment doesn't exist.",
|
||||
400
|
||||
);
|
||||
break;
|
||||
}
|
||||
|
||||
$isOwnComment = $commentInfo->getUserId() === $currentUserInfo->getId();
|
||||
$isModAction = $commentPerms['can_delete_any'] && !$isOwnComment;
|
||||
$isModAction = $canDeleteAny && !$isOwnComment;
|
||||
|
||||
if(!$isModAction && !$isOwnComment) {
|
||||
echo render_info("You're not allowed to delete comments made by others.", 403);
|
||||
|
@ -150,7 +152,7 @@ switch($commentMode) {
|
|||
break;
|
||||
|
||||
case 'restore':
|
||||
if(!$commentPerms['can_delete_any']) {
|
||||
if(!$perms->check(Perm::G_COMMENTS_DELETE_ANY)) {
|
||||
echo render_info("You're not allowed to restore deleted comments.", 403);
|
||||
break;
|
||||
}
|
||||
|
@ -172,7 +174,7 @@ switch($commentMode) {
|
|||
break;
|
||||
|
||||
case 'create':
|
||||
if(!$commentPerms['can_comment'] && !$categoryInfo->isOwner($currentUserInfo)) {
|
||||
if(!$perms->check(Perm::G_COMMENTS_CREATE) && !$categoryInfo->isOwner($currentUserInfo)) {
|
||||
echo render_info("You're not allowed to post comments.", 403);
|
||||
break;
|
||||
}
|
||||
|
@ -192,15 +194,16 @@ switch($commentMode) {
|
|||
break;
|
||||
}
|
||||
|
||||
if($categoryInfo->isLocked() && !$commentPerms['can_lock']) {
|
||||
$canLock = $perms->check(Perm::G_COMMENTS_LOCK);
|
||||
if($categoryInfo->isLocked() && !$canLock) {
|
||||
echo render_info('This comment category has been locked.', 403);
|
||||
break;
|
||||
}
|
||||
|
||||
$commentText = !empty($_POST['comment']['text']) && is_string($_POST['comment']['text']) ? $_POST['comment']['text'] : '';
|
||||
$commentReply = (string)(!empty($_POST['comment']['reply']) && is_string($_POST['comment']['reply']) ? (int)$_POST['comment']['reply'] : 0);
|
||||
$commentLock = !empty($_POST['comment']['lock']) && $commentPerms['can_lock'];
|
||||
$commentPin = !empty($_POST['comment']['pin']) && $commentPerms['can_pin'];
|
||||
$commentLock = !empty($_POST['comment']['lock']) && $canLock;
|
||||
$commentPin = !empty($_POST['comment']['pin']) && $perms->check(Perm::G_COMMENTS_PIN);
|
||||
|
||||
if($commentLock) {
|
||||
if($categoryInfo->isLocked())
|
||||
|
@ -212,7 +215,7 @@ switch($commentMode) {
|
|||
if(strlen($commentText) > 0) {
|
||||
$commentText = preg_replace("/[\r\n]{2,}/", "\n", $commentText);
|
||||
} else {
|
||||
if($commentPerms['can_lock']) {
|
||||
if($canLock) {
|
||||
echo render_info('The action has been processed.', 400);
|
||||
} else {
|
||||
echo render_info('Your comment is too short.', 400);
|
||||
|
|
|
@ -3,6 +3,7 @@ namespace Misuzu;
|
|||
|
||||
use stdClass;
|
||||
use RuntimeException;
|
||||
use Index\XArray;
|
||||
|
||||
$forum = $msz->getForum();
|
||||
$users = $msz->getUsers();
|
||||
|
@ -16,18 +17,18 @@ try {
|
|||
return;
|
||||
}
|
||||
|
||||
$perms = $msz->getAuthInfo()->getPerms('forum', $categoryInfo);
|
||||
|
||||
$currentUser = $msz->getActiveUser();
|
||||
$currentUserId = $currentUser === null ? '0' : $currentUser->getId();
|
||||
|
||||
$perms = forum_perms_get_user($categoryInfo->getId(), $currentUserId)[MSZ_FORUM_PERMS_GENERAL];
|
||||
|
||||
if(!perms_check($perms, MSZ_FORUM_PERM_VIEW_FORUM)) {
|
||||
if(!$perms->check(Perm::F_CATEGORY_VIEW)) {
|
||||
echo render_error(403);
|
||||
return;
|
||||
}
|
||||
|
||||
if(isset($currentUser) && $msz->hasActiveBan($currentUser))
|
||||
$perms &= MSZ_FORUM_PERM_LIST_FORUM | MSZ_FORUM_PERM_VIEW_FORUM;
|
||||
if($msz->hasActiveBan())
|
||||
$perms = $perms->apply(fn($calc) => $calc & (Perm::F_CATEGORY_LIST | Perm::F_CATEGORY_VIEW));
|
||||
|
||||
if($categoryInfo->isLink()) {
|
||||
if($categoryInfo->hasLinkTarget()) {
|
||||
|
@ -40,7 +41,7 @@ if($categoryInfo->isLink()) {
|
|||
$forumPagination = new Pagination($forum->countTopics(
|
||||
categoryInfo: $categoryInfo,
|
||||
global: true,
|
||||
deleted: perms_check($perms, MSZ_FORUM_PERM_DELETE_ANY_POST) ? null : false
|
||||
deleted: $perms->check(Perm::F_POST_DELETE_ANY) ? null : false
|
||||
), 20);
|
||||
|
||||
if(!$forumPagination->hasValidOffset()) {
|
||||
|
@ -56,9 +57,9 @@ $topics = [];
|
|||
if($categoryInfo->mayHaveChildren()) {
|
||||
$children = $forum->getCategoryChildren($categoryInfo, hidden: false, asTree: true);
|
||||
|
||||
foreach($children as $child) {
|
||||
$childPerms = forum_perms_get_user($child->info->getId(), (int)$currentUserId)[MSZ_FORUM_PERMS_GENERAL];
|
||||
if(!perms_check($childPerms, MSZ_FORUM_PERM_LIST_FORUM)) {
|
||||
foreach($children as $childId => $child) {
|
||||
$childPerms = $msz->getAuthInfo()->getPerms('forum', $child->info);
|
||||
if(!$childPerms->check(Perm::F_CATEGORY_LIST)) {
|
||||
unset($category->children[$childId]);
|
||||
continue;
|
||||
}
|
||||
|
@ -67,8 +68,8 @@ if($categoryInfo->mayHaveChildren()) {
|
|||
|
||||
if($child->info->mayHaveChildren()) {
|
||||
foreach($child->children as $grandChildId => $grandChild) {
|
||||
$grandChildPerms = forum_perms_get_user($grandChild->info->getId(), (int)$currentUserId)[MSZ_FORUM_PERMS_GENERAL];
|
||||
if(!perms_check($grandChildPerms, MSZ_FORUM_PERM_LIST_FORUM)) {
|
||||
$grandChildPerms = $msz->getAuthInfo()->getPerms('forum', $grandChild->info);
|
||||
if(!$grandChildPerms->check(Perm::F_CATEGORY_LIST)) {
|
||||
unset($child->children[$grandChildId]);
|
||||
continue;
|
||||
}
|
||||
|
@ -78,8 +79,8 @@ if($categoryInfo->mayHaveChildren()) {
|
|||
if($grandChild->info->mayHaveTopics()) {
|
||||
$catIds = [$grandChild->info->getId()];
|
||||
foreach($grandChild->childIds as $greatGrandChildId) {
|
||||
$greatGrandChildPerms = forum_perms_get_user($greatGrandChildId, (int)$currentUserId)[MSZ_FORUM_PERMS_GENERAL];
|
||||
if(perms_check($greatGrandChildPerms, MSZ_FORUM_PERM_LIST_FORUM))
|
||||
$greatGrandChildPerms = $msz->getAuthInfo()->getPerms('forum', $greatGrandChildId);
|
||||
if(!$greatGrandChildPerms->check(Perm::F_CATEGORY_LIST))
|
||||
$catIds[] = $greatGrandChildId;
|
||||
}
|
||||
|
||||
|
@ -96,8 +97,8 @@ if($categoryInfo->mayHaveChildren()) {
|
|||
if($child->info->mayHaveChildren() || $child->info->mayHaveTopics()) {
|
||||
$catIds = [$child->info->getId()];
|
||||
foreach($child->childIds as $grandChildId) {
|
||||
$grandChildPerms = forum_perms_get_user($grandChildId, (int)$currentUserId)[MSZ_FORUM_PERMS_GENERAL];
|
||||
if(perms_check($grandChildPerms, MSZ_FORUM_PERM_LIST_FORUM))
|
||||
$grandChildPerms = $msz->getAuthInfo()->getPerms('forum', $grandChildId);
|
||||
if($grandChildPerms->check(Perm::F_CATEGORY_LIST))
|
||||
$catIds[] = $grandChildId;
|
||||
}
|
||||
|
||||
|
@ -138,7 +139,7 @@ if($categoryInfo->mayHaveTopics()) {
|
|||
$topicInfos = $forum->getTopics(
|
||||
categoryInfo: $categoryInfo,
|
||||
global: true,
|
||||
deleted: perms_check($perms, MSZ_FORUM_PERM_DELETE_ANY_POST) ? null : false,
|
||||
deleted: $perms->check(Perm::F_POST_DELETE_ANY) ? null : false,
|
||||
pagination: $forumPagination,
|
||||
);
|
||||
|
||||
|
@ -183,8 +184,8 @@ if($categoryInfo->mayHaveTopics()) {
|
|||
}
|
||||
}
|
||||
|
||||
$perms = perms_check_bulk($perms, [
|
||||
'can_create_topic' => MSZ_FORUM_PERM_CREATE_TOPIC,
|
||||
$perms = $perms->checkMany([
|
||||
'can_create_topic' => Perm::F_TOPIC_CREATE,
|
||||
]);
|
||||
|
||||
Template::render('forum.forum', [
|
||||
|
|
|
@ -25,8 +25,8 @@ if($mode === 'mark') {
|
|||
: $forum->getCategoryChildren(parentInfo: $categoryId, includeSelf: true);
|
||||
|
||||
foreach($categoryInfos as $categoryInfo) {
|
||||
$perms = forum_perms_get_user($categoryInfo->getId(), (int)$currentUserId)[MSZ_FORUM_PERMS_GENERAL];
|
||||
if(perms_check($perms, MSZ_FORUM_PERM_LIST_FORUM))
|
||||
$perms = $msz->getAuthInfo()->getPerms('forum', $categoryInfo);
|
||||
if($perms->check(Perm::F_CATEGORY_LIST))
|
||||
$forum->updateUserReadCategory($userInfo, $categoryInfo);
|
||||
}
|
||||
|
||||
|
@ -55,8 +55,8 @@ $userColours = [];
|
|||
$categories = $forum->getCategories(hidden: false, asTree: true);
|
||||
|
||||
foreach($categories as $categoryId => $category) {
|
||||
$perms = forum_perms_get_user($category->info->getId(), (int)$currentUserId)[MSZ_FORUM_PERMS_GENERAL];
|
||||
if(!perms_check($perms, MSZ_FORUM_PERM_LIST_FORUM)) {
|
||||
$perms = $msz->getAuthInfo()->getPerms('forum', $category->info);
|
||||
if(!$perms->check(Perm::F_CATEGORY_LIST)) {
|
||||
unset($categories[$categoryId]);
|
||||
continue;
|
||||
}
|
||||
|
@ -65,8 +65,8 @@ foreach($categories as $categoryId => $category) {
|
|||
|
||||
if($category->info->mayHaveChildren())
|
||||
foreach($category->children as $childId => $child) {
|
||||
$childPerms = forum_perms_get_user($child->info->getId(), (int)$currentUserId)[MSZ_FORUM_PERMS_GENERAL];
|
||||
if(!perms_check($childPerms, MSZ_FORUM_PERM_LIST_FORUM)) {
|
||||
$childPerms = $msz->getAuthInfo()->getPerms('forum', $child->info);
|
||||
if(!$childPerms->check(Perm::F_CATEGORY_LIST)) {
|
||||
unset($category->children[$childId]);
|
||||
continue;
|
||||
}
|
||||
|
@ -76,8 +76,8 @@ foreach($categories as $categoryId => $category) {
|
|||
if($category->info->isListing()) {
|
||||
if($child->info->mayHaveChildren()) {
|
||||
foreach($child->children as $grandChildId => $grandChild) {
|
||||
$grandChildPerms = forum_perms_get_user($grandChild->info->getId(), (int)$currentUserId)[MSZ_FORUM_PERMS_GENERAL];
|
||||
if(!perms_check($grandChildPerms, MSZ_FORUM_PERM_LIST_FORUM)) {
|
||||
$grandChildPerms = $msz->getAuthInfo()->getPerms('forum', $grandChild->info);
|
||||
if(!$grandChildPerms->check(Perm::F_CATEGORY_LIST)) {
|
||||
unset($child->children[$grandChildId]);
|
||||
continue;
|
||||
}
|
||||
|
@ -87,8 +87,8 @@ foreach($categories as $categoryId => $category) {
|
|||
if($grandChild->info->mayHaveTopics()) {
|
||||
$catIds = [$grandChild->info->getId()];
|
||||
foreach($grandChild->childIds as $greatGrandChildId) {
|
||||
$greatGrandChildPerms = forum_perms_get_user($greatGrandChildId, (int)$currentUserId)[MSZ_FORUM_PERMS_GENERAL];
|
||||
if(perms_check($greatGrandChildPerms, MSZ_FORUM_PERM_LIST_FORUM))
|
||||
$greatGrandChildPerms = $msz->getAuthInfo()->getPerms('forum', $greatGrandChildId);
|
||||
if($greatGrandChildPerms->check(Perm::F_CATEGORY_LIST))
|
||||
$catIds[] = $greatGrandChildId;
|
||||
}
|
||||
|
||||
|
@ -105,8 +105,8 @@ foreach($categories as $categoryId => $category) {
|
|||
if($child->info->mayHaveChildren() || $child->info->mayHaveTopics()) {
|
||||
$catIds = [$child->info->getId()];
|
||||
foreach($child->childIds as $grandChildId) {
|
||||
$grandChildPerms = forum_perms_get_user($grandChildId, (int)$currentUserId)[MSZ_FORUM_PERMS_GENERAL];
|
||||
if(perms_check($grandChildPerms, MSZ_FORUM_PERM_LIST_FORUM))
|
||||
$grandChildPerms = $msz->getAuthInfo()->getPerms('forum', $grandChildId);
|
||||
if($grandChildPerms->check(Perm::F_CATEGORY_LIST))
|
||||
$catIds[] = $grandChildId;
|
||||
}
|
||||
|
||||
|
@ -165,8 +165,8 @@ foreach($categories as $categoryId => $category) {
|
|||
if($category->info->mayHaveChildren() || $category->info->mayHaveTopics()) {
|
||||
$catIds = [$category->info->getId()];
|
||||
foreach($category->childIds as $childId) {
|
||||
$childPerms = forum_perms_get_user($childId, (int)$currentUserId)[MSZ_FORUM_PERMS_GENERAL];
|
||||
if(perms_check($childPerms, MSZ_FORUM_PERM_LIST_FORUM))
|
||||
$childPerms = $msz->getAuthInfo()->getPerms('forum', $childId);
|
||||
if($childPerms->check(Perm::F_CATEGORY_LIST))
|
||||
$catIds[] = $childId;
|
||||
}
|
||||
|
||||
|
|
|
@ -3,7 +3,7 @@ namespace Misuzu;
|
|||
|
||||
use RuntimeException;
|
||||
|
||||
if(!$msz->isLoggedIn() || !perms_check_user(MSZ_PERMS_FORUM, $msz->getActiveUser()->getId(), MSZ_PERM_FORUM_VIEW_LEADERBOARD)) {
|
||||
if(!$msz->getAuthInfo()->getPerms('global')->check(Perm::G_FORUM_LEADERBOARD_VIEW)) {
|
||||
echo render_error(403);
|
||||
return;
|
||||
}
|
||||
|
|
|
@ -31,14 +31,14 @@ try {
|
|||
return;
|
||||
}
|
||||
|
||||
$perms = forum_perms_get_user($postInfo->getCategoryId(), $currentUserId)[MSZ_FORUM_PERMS_GENERAL];
|
||||
$perms = $msz->getAuthInfo()->getPerms('forum', $postInfo->getCategoryId());
|
||||
|
||||
if(!perms_check($perms, MSZ_FORUM_PERM_VIEW_FORUM)) {
|
||||
if(!$perms->check(Perm::F_CATEGORY_VIEW)) {
|
||||
echo render_error(403);
|
||||
return;
|
||||
}
|
||||
|
||||
$canDeleteAny = perms_check($perms, MSZ_FORUM_PERM_DELETE_ANY_POST);
|
||||
$canDeleteAny = $perms->check(Perm::F_POST_DELETE_ANY);
|
||||
|
||||
switch($postMode) {
|
||||
case 'delete':
|
||||
|
@ -53,7 +53,7 @@ switch($postMode) {
|
|||
return;
|
||||
}
|
||||
|
||||
if(!perms_check($perms, MSZ_FORUM_PERM_DELETE_POST)) {
|
||||
if(!$perms->check(Perm::F_POST_DELETE_OWN)) {
|
||||
echo render_info('You are not allowed to delete posts.', 403);
|
||||
return;
|
||||
}
|
||||
|
|
|
@ -121,12 +121,13 @@ if(empty($forumId)) {
|
|||
$hasCategoryInfo = true;
|
||||
}
|
||||
|
||||
$perms = forum_perms_get_user($categoryInfo->getId(), $currentUserId)[MSZ_FORUM_PERMS_GENERAL];
|
||||
$perms = $msz->getAuthInfo()->getPerms('forum', $categoryInfo);
|
||||
|
||||
if($categoryInfo->isArchived()
|
||||
|| (isset($topicInfo) && $topicInfo->isLocked() && !perms_check($perms, MSZ_FORUM_PERM_LOCK_TOPIC))
|
||||
|| !perms_check($perms, MSZ_FORUM_PERM_VIEW_FORUM | MSZ_FORUM_PERM_CREATE_POST)
|
||||
|| (!isset($topicInfo) && !perms_check($perms, MSZ_FORUM_PERM_CREATE_TOPIC))) {
|
||||
|| (isset($topicInfo) && $topicInfo->isLocked() && !$perms->check(Perm::F_TOPIC_LOCK))
|
||||
|| !$perms->check(Perm::F_CATEGORY_VIEW)
|
||||
|| !$perms->check(Perm::F_POST_CREATE)
|
||||
|| (!isset($topicInfo) && !$perms->check(Perm::F_TOPIC_CREATE))) {
|
||||
echo render_error(403);
|
||||
return;
|
||||
}
|
||||
|
@ -141,16 +142,16 @@ $topicTypes = [];
|
|||
if($mode === 'create' || $mode === 'edit') {
|
||||
$topicTypes['discussion'] = 'Normal discussion';
|
||||
|
||||
if(perms_check($perms, MSZ_FORUM_PERM_STICKY_TOPIC))
|
||||
if($perms->check(Perm::F_TOPIC_STICKY))
|
||||
$topicTypes['sticky'] = 'Sticky topic';
|
||||
if(perms_check($perms, MSZ_FORUM_PERM_ANNOUNCE_TOPIC))
|
||||
if($perms->check(Perm::F_TOPIC_ANNOUNCE_LOCAL))
|
||||
$topicTypes['announce'] = 'Announcement';
|
||||
if(perms_check($perms, MSZ_FORUM_PERM_GLOBAL_ANNOUNCE_TOPIC))
|
||||
if($perms->check(Perm::F_TOPIC_ANNOUNCE_GLOBAL))
|
||||
$topicTypes['global'] = 'Global Announcement';
|
||||
}
|
||||
|
||||
// edit mode stuff
|
||||
if($mode === 'edit' && !perms_check($perms, $postInfo->getUserId() === $currentUserId ? MSZ_FORUM_PERM_EDIT_POST : MSZ_FORUM_PERM_EDIT_ANY_POST)) {
|
||||
if($mode === 'edit' && !$perms->check($postInfo->getUserId() === $currentUserId ? Perm::F_POST_EDIT_OWN : Perm::F_POST_EDIT_ANY)) {
|
||||
echo render_error(403);
|
||||
return;
|
||||
}
|
||||
|
|
|
@ -25,8 +25,8 @@ if($topicId < 1 && $postId > 0) {
|
|||
}
|
||||
|
||||
$categoryId = $postInfo->getCategoryId();
|
||||
$perms = forum_perms_get_user($categoryId, $currentUserId)[MSZ_FORUM_PERMS_GENERAL];
|
||||
$canDeleteAny = !perms_check($perms, MSZ_FORUM_PERM_DELETE_ANY_POST);
|
||||
$perms = $msz->getAuthInfo()->getPerms('forum', $postInfo->getCategoryId());
|
||||
$canDeleteAny = $perms->check(Perm::F_POST_DELETE_ANY);
|
||||
|
||||
if($postInfo->isDeleted() && !$canDeleteAny) {
|
||||
echo render_error(404);
|
||||
|
@ -53,13 +53,13 @@ if(!$topicIsNuked) {
|
|||
|
||||
if($categoryId !== (int)$topicInfo->getCategoryId()) {
|
||||
$categoryId = (int)$topicInfo->getCategoryId();
|
||||
$perms = forum_perms_get_user($categoryId, $currentUserId)[MSZ_FORUM_PERMS_GENERAL];
|
||||
$perms = $msz->getAuthInfo()->getPerms('forum', $topicInfo->getCategoryId());
|
||||
}
|
||||
|
||||
if(isset($currentUser) && $msz->hasActiveBan($currentUser))
|
||||
$perms &= MSZ_FORUM_PERM_LIST_FORUM | MSZ_FORUM_PERM_VIEW_FORUM;
|
||||
if($msz->hasActiveBan())
|
||||
$perms = $perms->apply(fn($calc) => $calc & (Perm::F_CATEGORY_LIST | Perm::F_CATEGORY_VIEW));
|
||||
|
||||
$canDeleteAny = perms_check($perms, MSZ_FORUM_PERM_DELETE_ANY_POST);
|
||||
$canDeleteAny = $perms->check(Perm::F_POST_DELETE_ANY);
|
||||
}
|
||||
|
||||
if(($topicIsNuked || $topicIsDeleted) && $forum->hasTopicRedirect($topicId)) {
|
||||
|
@ -75,7 +75,7 @@ if(($topicIsNuked || $topicIsDeleted) && $forum->hasTopicRedirect($topicId)) {
|
|||
}
|
||||
}
|
||||
|
||||
if(!perms_check($perms, MSZ_FORUM_PERM_VIEW_FORUM)) {
|
||||
if(!$perms->check(Perm::F_CATEGORY_VIEW)) {
|
||||
echo render_error(403);
|
||||
return;
|
||||
}
|
||||
|
@ -89,9 +89,9 @@ $topicIsLocked = $topicInfo->isLocked();
|
|||
$topicIsArchived = $categoryInfo->isArchived();
|
||||
$topicPostsTotal = $topicInfo->getTotalPostsCount();
|
||||
$topicIsFrozen = $topicIsArchived || $topicIsDeleted;
|
||||
$canDeleteOwn = !$topicIsFrozen && !$topicIsLocked && perms_check($perms, MSZ_FORUM_PERM_DELETE_POST);
|
||||
$canBumpTopic = !$topicIsFrozen && perms_check($perms, MSZ_FORUM_PERM_BUMP_TOPIC);
|
||||
$canLockTopic = !$topicIsFrozen && perms_check($perms, MSZ_FORUM_PERM_LOCK_TOPIC);
|
||||
$canDeleteOwn = !$topicIsFrozen && !$topicIsLocked && $perms->check(Perm::F_POST_DELETE_OWN);
|
||||
$canBumpTopic = !$topicIsFrozen && $perms->check(Perm::F_TOPIC_BUMP);
|
||||
$canLockTopic = !$topicIsFrozen && $perms->check(Perm::F_TOPIC_LOCK);
|
||||
$canNukeOrRestore = $canDeleteAny && $topicIsDeleted;
|
||||
$canDelete = !$topicIsDeleted && (
|
||||
$canDeleteAny || (
|
||||
|
@ -304,7 +304,7 @@ if(!$topicPagination->hasValidOffset()) {
|
|||
|
||||
$postInfos = $forum->getPosts(
|
||||
topicInfo: $topicInfo,
|
||||
deleted: perms_check($perms, MSZ_FORUM_PERM_DELETE_ANY_POST) ? null : false,
|
||||
deleted: $perms->check(Perm::F_POST_DELETE_ANY) ? null : false,
|
||||
pagination: $topicPagination,
|
||||
);
|
||||
|
||||
|
@ -343,19 +343,19 @@ foreach($postInfos as $postInfo) {
|
|||
&& $originalPostInfo->getUserId() === $postInfo->getUserId();
|
||||
}
|
||||
|
||||
$canReply = !$topicIsArchived && !$topicIsLocked && !$topicIsDeleted && perms_check($perms, MSZ_FORUM_PERM_CREATE_POST);
|
||||
$canReply = !$topicIsArchived && !$topicIsLocked && !$topicIsDeleted && $perms->check(Perm::F_POST_CREATE);
|
||||
|
||||
if(!$forum->checkUserHasReadTopic($userInfo, $topicInfo))
|
||||
$forum->incrementTopicView($topicInfo);
|
||||
|
||||
$forum->updateUserReadTopic($currentUser, $topicInfo);
|
||||
|
||||
$perms = perms_check_bulk($perms, [
|
||||
'can_create_post' => MSZ_FORUM_PERM_CREATE_POST,
|
||||
'can_edit_post' => MSZ_FORUM_PERM_EDIT_POST,
|
||||
'can_edit_any_post' => MSZ_FORUM_PERM_EDIT_ANY_POST,
|
||||
'can_delete_post' => MSZ_FORUM_PERM_DELETE_POST,
|
||||
'can_delete_any_post' => MSZ_FORUM_PERM_DELETE_ANY_POST,
|
||||
$perms = $perms->checkMany([
|
||||
'can_create_post' => Perm::F_POST_CREATE,
|
||||
'can_edit_post' => Perm::F_POST_EDIT_OWN,
|
||||
'can_edit_any_post' => Perm::F_POST_EDIT_ANY,
|
||||
'can_delete_post' => Perm::F_POST_DELETE_OWN,
|
||||
'can_delete_any_post' => Perm::F_POST_DELETE_ANY,
|
||||
]);
|
||||
|
||||
Template::render('forum.topic', [
|
||||
|
|
|
@ -7,7 +7,7 @@ use Index\DateTime;
|
|||
use Index\XArray;
|
||||
use Misuzu\Changelog\Changelog;
|
||||
|
||||
if(!$msz->isLoggedIn() || !perms_check_user(MSZ_PERMS_CHANGELOG, $msz->getActiveUser()->getId(), MSZ_PERM_CHANGELOG_MANAGE_CHANGES)) {
|
||||
if(!$msz->getAuthInfo()->getPerms('global')->check(Perm::G_CL_CHANGES_MANAGE)) {
|
||||
echo render_error(403);
|
||||
return;
|
||||
}
|
||||
|
|
|
@ -3,7 +3,7 @@ namespace Misuzu;
|
|||
|
||||
use RuntimeException;
|
||||
|
||||
if(!$msz->isLoggedIn() || !perms_check_user(MSZ_PERMS_CHANGELOG, $msz->getActiveUser()->getId(), MSZ_PERM_CHANGELOG_MANAGE_CHANGES)) {
|
||||
if(!$msz->getAuthInfo()->getPerms('global')->check(Perm::G_CL_CHANGES_MANAGE)) {
|
||||
echo render_error(403);
|
||||
return;
|
||||
}
|
||||
|
|
|
@ -3,7 +3,7 @@ namespace Misuzu;
|
|||
|
||||
use RuntimeException;
|
||||
|
||||
if(!$msz->isLoggedIn() || !perms_check_user(MSZ_PERMS_CHANGELOG, $msz->getActiveUser()->getId(), MSZ_PERM_CHANGELOG_MANAGE_TAGS)) {
|
||||
if(!$msz->getAuthInfo()->getPerms('global')->check(Perm::G_CL_TAGS_MANAGE)) {
|
||||
echo render_error(403);
|
||||
return;
|
||||
}
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
<?php
|
||||
namespace Misuzu;
|
||||
|
||||
if(!$msz->isLoggedIn() || !perms_check_user(MSZ_PERMS_CHANGELOG, $msz->getActiveUser()->getId(), MSZ_PERM_CHANGELOG_MANAGE_TAGS)) {
|
||||
if(!$msz->getAuthInfo()->getPerms('global')->check(Perm::G_CL_TAGS_MANAGE)) {
|
||||
echo render_error(403);
|
||||
return;
|
||||
}
|
||||
|
|
|
@ -1,18 +1,24 @@
|
|||
<?php
|
||||
namespace Misuzu;
|
||||
|
||||
if(!$msz->isLoggedIn() || !perms_check_user(MSZ_PERMS_GENERAL, $msz->getActiveUser()->getId(), MSZ_PERM_FORUM_MANAGE_FORUMS)) {
|
||||
use Misuzu\Perm;
|
||||
|
||||
if(!$msz->getAuthInfo()->getPerms('global')->check(Perm::G_FORUM_CATEGORIES_MANAGE)) {
|
||||
echo render_error(403);
|
||||
return;
|
||||
}
|
||||
|
||||
$rawPerms = perms_create(MSZ_FORUM_PERM_MODES);
|
||||
$perms = manage_forum_perms_list($rawPerms);
|
||||
$perms = $msz->getPerms();
|
||||
$permsInfos = $perms->getPermissionInfo(categoryNames: Perm::INFO_FOR_FORUM_CATEGORY);
|
||||
$permsLists = Perm::createList(Perm::LISTS_FOR_FORUM_CATEGORY);
|
||||
|
||||
if(!empty($_POST['perms']) && is_array($_POST['perms'])) {
|
||||
$finalPerms = manage_perms_apply($perms, $_POST['perms'], $rawPerms);
|
||||
$perms = manage_forum_perms_list($finalPerms);
|
||||
Template::set('calculated_perms', $finalPerms);
|
||||
}
|
||||
if(filter_has_var(INPUT_POST, 'perms'))
|
||||
Template::set('calculated_perms', Perm::convertSubmission(
|
||||
filter_input(INPUT_POST, 'perms', FILTER_DEFAULT, FILTER_REQUIRE_ARRAY),
|
||||
Perm::INFO_FOR_FORUM_CATEGORY
|
||||
));
|
||||
|
||||
Template::render('manage.forum.listing', compact('perms'));
|
||||
Template::render('manage.forum.listing', [
|
||||
'perms_lists' => $permsLists,
|
||||
'perms_infos' => $permsInfos,
|
||||
]);
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
<?php
|
||||
namespace Misuzu;
|
||||
|
||||
if(!$msz->isLoggedIn() || !perms_check_user(MSZ_PERMS_GENERAL, $msz->getActiveUser()->getId(), MSZ_PERM_FORUM_TOPIC_REDIRS)) {
|
||||
if(!$msz->getAuthInfo()->getPerms('global')->check(Perm::G_FORUM_TOPIC_REDIRS_MANAGE)) {
|
||||
echo render_error(403);
|
||||
return;
|
||||
}
|
||||
|
|
|
@ -4,7 +4,7 @@ namespace Misuzu;
|
|||
use RuntimeException;
|
||||
use Index\XArray;
|
||||
|
||||
if(!$msz->isLoggedIn() || !perms_check_user(MSZ_PERMS_GENERAL, $msz->getActiveUser()->getId(), MSZ_PERM_GENERAL_MANAGE_EMOTES)) {
|
||||
if(!$msz->getAuthInfo()->getPerms('global')->check(Perm::G_EMOTES_MANAGE)) {
|
||||
echo render_error(403);
|
||||
return;
|
||||
}
|
||||
|
|
|
@ -3,7 +3,7 @@ namespace Misuzu;
|
|||
|
||||
use RuntimeException;
|
||||
|
||||
if(!$msz->isLoggedIn() || !perms_check_user(MSZ_PERMS_GENERAL, $msz->getActiveUser()->getId(), MSZ_PERM_GENERAL_MANAGE_EMOTES)) {
|
||||
if(!$msz->getAuthInfo()->getPerms('global')->check(Perm::G_EMOTES_MANAGE)) {
|
||||
echo render_error(403);
|
||||
return;
|
||||
}
|
||||
|
|
|
@ -3,7 +3,7 @@ namespace Misuzu;
|
|||
|
||||
use Misuzu\Pagination;
|
||||
|
||||
if(!$msz->isLoggedIn() || !perms_check_user(MSZ_PERMS_GENERAL, $msz->getActiveUser()->getId(), MSZ_PERM_GENERAL_VIEW_LOGS)) {
|
||||
if(!$msz->getAuthInfo()->getPerms('global')->check(Perm::G_LOGS_VIEW)) {
|
||||
echo render_error(403);
|
||||
return;
|
||||
}
|
||||
|
|
|
@ -3,7 +3,7 @@ namespace Misuzu;
|
|||
|
||||
use Misuzu\Config\CfgTools;
|
||||
|
||||
if(!$msz->isLoggedIn() || !perms_check_user(MSZ_PERMS_GENERAL, $msz->getActiveUser()->getId(), MSZ_PERM_GENERAL_MANAGE_CONFIG)) {
|
||||
if(!$msz->getAuthInfo()->getPerms('global')->check(Perm::G_CONFIG_MANAGE)) {
|
||||
echo render_error(403);
|
||||
return;
|
||||
}
|
||||
|
|
|
@ -3,7 +3,7 @@ namespace Misuzu;
|
|||
|
||||
use Misuzu\Config\DbConfig;
|
||||
|
||||
if(!$msz->isLoggedIn() || !perms_check_user(MSZ_PERMS_GENERAL, $msz->getActiveUser()->getId(), MSZ_PERM_GENERAL_MANAGE_CONFIG)) {
|
||||
if(!$msz->getAuthInfo()->getPerms('global')->check(Perm::G_CONFIG_MANAGE)) {
|
||||
echo render_error(403);
|
||||
return;
|
||||
}
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
<?php
|
||||
namespace Misuzu;
|
||||
|
||||
if(!$msz->isLoggedIn() || !perms_check_user(MSZ_PERMS_GENERAL, $msz->getActiveUser()->getId(), MSZ_PERM_GENERAL_MANAGE_CONFIG)) {
|
||||
if(!$msz->getAuthInfo()->getPerms('global')->check(Perm::G_CONFIG_MANAGE)) {
|
||||
echo render_error(403);
|
||||
return;
|
||||
}
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
<?php
|
||||
namespace Misuzu;
|
||||
|
||||
if(!$msz->isLoggedIn() || !perms_check_user(MSZ_PERMS_NEWS, $msz->getActiveUser()->getId(), MSZ_PERM_NEWS_MANAGE_CATEGORIES)) {
|
||||
if(!$msz->getAuthInfo()->getPerms('global')->check(Perm::G_NEWS_CATEGORIES_MANAGE)) {
|
||||
echo render_error(403);
|
||||
return;
|
||||
}
|
||||
|
|
|
@ -3,7 +3,7 @@ namespace Misuzu;
|
|||
|
||||
use RuntimeException;
|
||||
|
||||
if(!$msz->isLoggedIn() || !perms_check_user(MSZ_PERMS_NEWS, $msz->getActiveUser()->getId(), MSZ_PERM_NEWS_MANAGE_CATEGORIES)) {
|
||||
if(!$msz->getAuthInfo()->getPerms('global')->check(Perm::G_NEWS_CATEGORIES_MANAGE)) {
|
||||
echo render_error(403);
|
||||
return;
|
||||
}
|
||||
|
|
|
@ -3,7 +3,7 @@ namespace Misuzu;
|
|||
|
||||
use RuntimeException;
|
||||
|
||||
if(!$msz->isLoggedIn() || !perms_check_user(MSZ_PERMS_NEWS, $msz->getActiveUser()->getId(), MSZ_PERM_NEWS_MANAGE_POSTS)) {
|
||||
if(!$msz->getAuthInfo()->getPerms('global')->check(Perm::G_NEWS_POSTS_MANAGE)) {
|
||||
echo render_error(403);
|
||||
return;
|
||||
}
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
<?php
|
||||
namespace Misuzu;
|
||||
|
||||
if(!$msz->isLoggedIn() || !perms_check_user(MSZ_PERMS_NEWS, $msz->getActiveUser()->getId(), MSZ_PERM_NEWS_MANAGE_POSTS)) {
|
||||
if(!$msz->getAuthInfo()->getPerms('global')->check(Perm::G_NEWS_POSTS_MANAGE)) {
|
||||
echo render_error(403);
|
||||
return;
|
||||
}
|
||||
|
|
|
@ -5,7 +5,7 @@ use DateTimeInterface;
|
|||
use RuntimeException;
|
||||
use Index\DateTime;
|
||||
|
||||
if(!$msz->isLoggedIn() || !perms_check_user(MSZ_PERMS_USER, $msz->getActiveUser()->getId(), MSZ_PERM_USER_MANAGE_BANS)) {
|
||||
if(!$msz->getAuthInfo()->getPerms('user')->check(Perm::U_BANS_MANAGE)) {
|
||||
echo render_error(403);
|
||||
return;
|
||||
}
|
||||
|
|
|
@ -3,7 +3,7 @@ namespace Misuzu;
|
|||
|
||||
use RuntimeException;
|
||||
|
||||
if(!$msz->isLoggedIn() || !perms_check_user(MSZ_PERMS_USER, $msz->getActiveUser()->getId(), MSZ_PERM_USER_MANAGE_BANS)) {
|
||||
if(!$msz->getAuthInfo()->getPerms('user')->check(Perm::U_BANS_MANAGE)) {
|
||||
echo render_error(403);
|
||||
return;
|
||||
}
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
<?php
|
||||
namespace Misuzu;
|
||||
|
||||
if(!$msz->isLoggedIn() || !perms_check_user(MSZ_PERMS_USER, $msz->getActiveUser()->getId(), MSZ_PERM_USER_MANAGE_USERS)) {
|
||||
if(!$msz->getAuthInfo()->getPerms('user')->check(Perm::U_USERS_MANAGE)) {
|
||||
echo render_error(403);
|
||||
return;
|
||||
}
|
||||
|
|
|
@ -3,7 +3,7 @@ namespace Misuzu;
|
|||
|
||||
use RuntimeException;
|
||||
|
||||
if(!$msz->isLoggedIn() || !perms_check_user(MSZ_PERMS_USER, $msz->getActiveUser()->getId(), MSZ_PERM_USER_MANAGE_NOTES)) {
|
||||
if(!$msz->getAuthInfo()->getPerms('user')->check(Perm::U_NOTES_MANAGE)) {
|
||||
echo render_error(403);
|
||||
return;
|
||||
}
|
||||
|
|
|
@ -3,7 +3,7 @@ namespace Misuzu;
|
|||
|
||||
use RuntimeException;
|
||||
|
||||
if(!$msz->isLoggedIn() || !perms_check_user(MSZ_PERMS_USER, $msz->getActiveUser()->getId(), MSZ_PERM_USER_MANAGE_NOTES)) {
|
||||
if(!$msz->getAuthInfo()->getPerms('user')->check(Perm::U_NOTES_MANAGE)) {
|
||||
echo render_error(403);
|
||||
return;
|
||||
}
|
||||
|
|
|
@ -4,14 +4,17 @@ namespace Misuzu;
|
|||
use RuntimeException;
|
||||
use Index\Colour\Colour;
|
||||
use Index\Colour\ColourRGB;
|
||||
use Misuzu\Perm;
|
||||
|
||||
if(!$msz->isLoggedIn() || !perms_check_user(MSZ_PERMS_USER, $msz->getActiveUser()->getId(), MSZ_PERM_USER_MANAGE_ROLES)) {
|
||||
$viewerPerms = $msz->getAuthInfo()->getPerms('user');
|
||||
if(!$viewerPerms->check(Perm::U_ROLES_MANAGE)) {
|
||||
echo render_error(403);
|
||||
return;
|
||||
}
|
||||
|
||||
$users = $msz->getUsers();
|
||||
$roles = $msz->getRoles();
|
||||
$perms = $msz->getPerms();
|
||||
|
||||
if(filter_has_var(INPUT_GET, 'r')) {
|
||||
$roleId = (string)filter_input(INPUT_GET, 'r', FILTER_SANITIZE_NUMBER_INT);
|
||||
|
@ -26,10 +29,10 @@ if(filter_has_var(INPUT_GET, 'r')) {
|
|||
} else $isNew = true;
|
||||
|
||||
$currentUser = $msz->getActiveUser();
|
||||
$canEditPerms = perms_check_user(MSZ_PERMS_USER, $currentUser->getId(), MSZ_PERM_USER_MANAGE_PERMS);
|
||||
$canEditPerms = $viewerPerms->check(Perm::U_PERMS_MANAGE);
|
||||
|
||||
if($canEditPerms)
|
||||
$permissions = manage_perms_list(perms_get_role_raw($roleId ?? 0));
|
||||
$permsInfos = $perms->getPermissionInfo(roleInfo: $roleInfo, categoryNames: Perm::INFO_FOR_ROLE);
|
||||
$permsLists = Perm::createList(Perm::LISTS_FOR_ROLE);
|
||||
|
||||
while($_SERVER['REQUEST_METHOD'] === 'POST' && CSRF::validateRequest()) {
|
||||
$userRank = $users->getUserRank($currentUser);
|
||||
|
@ -120,27 +123,16 @@ while($_SERVER['REQUEST_METHOD'] === 'POST' && CSRF::validateRequest()) {
|
|||
[$roleInfo->getId()]
|
||||
);
|
||||
|
||||
if(!empty($permissions) && !empty($_POST['perms']) && is_array($_POST['perms'])) {
|
||||
$perms = manage_perms_apply($permissions, $_POST['perms']);
|
||||
if($canEditPerms && filter_has_var(INPUT_POST, 'perms')) {
|
||||
$permsApply = Perm::convertSubmission(
|
||||
filter_input(INPUT_POST, 'perms', FILTER_DEFAULT, FILTER_REQUIRE_ARRAY),
|
||||
Perm::INFO_FOR_ROLE
|
||||
);
|
||||
|
||||
if($perms !== null) {
|
||||
$permKeys = array_keys($perms);
|
||||
$setPermissions = DB::prepare('
|
||||
REPLACE INTO `msz_permissions` (`role_id`, `user_id`, `' . implode('`, `', $permKeys) . '`)
|
||||
VALUES (:role_id, NULL, :' . implode(', :', $permKeys) . ')
|
||||
');
|
||||
$setPermissions->bind('role_id', $roleInfo->getId());
|
||||
foreach($permsApply as $categoryName => $values)
|
||||
$perms->setPermissions($categoryName, $values['allow'], $values['deny'], roleInfo: $roleInfo);
|
||||
|
||||
foreach($perms as $key => $value) {
|
||||
$setPermissions->bind($key, $value);
|
||||
}
|
||||
|
||||
$setPermissions->execute();
|
||||
} else {
|
||||
$deletePermissions = DB::prepare('DELETE FROM `msz_permissions` WHERE `role_id` = :role_id AND `user_id` IS NULL');
|
||||
$deletePermissions->bind('role_id', $roleInfo->getId());
|
||||
$deletePermissions->execute();
|
||||
}
|
||||
$msz->getConfig()->setBoolean('perms.needsRecalc', true);
|
||||
}
|
||||
|
||||
url_redirect('manage-role', ['role' => $roleInfo->getId()]);
|
||||
|
@ -150,6 +142,7 @@ while($_SERVER['REQUEST_METHOD'] === 'POST' && CSRF::validateRequest()) {
|
|||
Template::render('manage.users.role', [
|
||||
'role_new' => $isNew,
|
||||
'role_info' => $roleInfo ?? null,
|
||||
'can_manage_perms' => $canEditPerms,
|
||||
'permissions' => $permissions ?? [],
|
||||
'can_edit_perms' => $canEditPerms,
|
||||
'perms_lists' => $permsLists,
|
||||
'perms_infos' => $permsInfos,
|
||||
]);
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
<?php
|
||||
namespace Misuzu;
|
||||
|
||||
if(!$msz->isLoggedIn() || !perms_check_user(MSZ_PERMS_USER, $msz->getActiveUser()->getId(), MSZ_PERM_USER_MANAGE_ROLES)) {
|
||||
if(!$msz->getAuthInfo()->getPerms('user')->check(Perm::U_ROLES_MANAGE)) {
|
||||
echo render_error(403);
|
||||
return;
|
||||
}
|
||||
|
|
|
@ -3,9 +3,11 @@ namespace Misuzu;
|
|||
|
||||
use RuntimeException;
|
||||
use Index\Colour\Colour;
|
||||
use Misuzu\Perm;
|
||||
use Misuzu\Auth\AuthTokenCookie;
|
||||
use Misuzu\Users\User;
|
||||
|
||||
$viewerPerms = $msz->getAuthInfo()->getPerms('user');
|
||||
if(!$msz->isLoggedIn()) {
|
||||
echo render_error(403);
|
||||
return;
|
||||
|
@ -13,15 +15,16 @@ if(!$msz->isLoggedIn()) {
|
|||
|
||||
$users = $msz->getUsers();
|
||||
$roles = $msz->getRoles();
|
||||
$perms = $msz->getPerms();
|
||||
|
||||
$currentUser = $msz->getActiveUser();
|
||||
|
||||
$canManageUsers = perms_check_user(MSZ_PERMS_USER, $currentUser->getId(), MSZ_PERM_USER_MANAGE_USERS);
|
||||
$canManagePerms = perms_check_user(MSZ_PERMS_USER, $currentUser->getId(), MSZ_PERM_USER_MANAGE_PERMS);
|
||||
$canManageNotes = perms_check_user(MSZ_PERMS_USER, $currentUser->getId(), MSZ_PERM_USER_MANAGE_NOTES);
|
||||
$canManageWarnings = perms_check_user(MSZ_PERMS_USER, $currentUser->getId(), MSZ_PERM_USER_MANAGE_WARNINGS);
|
||||
$canManageBans = perms_check_user(MSZ_PERMS_USER, $currentUser->getId(), MSZ_PERM_USER_MANAGE_BANS);
|
||||
$canImpersonate = perms_check_user(MSZ_PERMS_USER, $currentUser->getId(), MSZ_PERM_USER_IMPERSONATE);
|
||||
$canManageUsers = $viewerPerms->check(Perm::U_USERS_MANAGE);
|
||||
$canManagePerms = $viewerPerms->check(Perm::U_PERMS_MANAGE);
|
||||
$canManageNotes = $viewerPerms->check(Perm::U_NOTES_MANAGE);
|
||||
$canManageWarnings = $viewerPerms->check(Perm::U_WARNINGS_MANAGE);
|
||||
$canManageBans = $viewerPerms->check(Perm::U_BANS_MANAGE);
|
||||
$canImpersonate = $viewerPerms->check(Perm::U_CAN_IMPERSONATE);
|
||||
$canSendTestMail = $currentUser->isSuperUser();
|
||||
$hasAccess = $canManageUsers || $canManageNotes || $canManageWarnings || $canManageBans;
|
||||
|
||||
|
@ -45,7 +48,9 @@ $userRank = $users->getUserRank($userInfo);
|
|||
|
||||
$canEdit = $canManageUsers && ($currentUser->isSuperUser() || (string)$currentUser->getId() === $userInfo->getId() || $currentUserRank > $userRank);
|
||||
$canEditPerms = $canEdit && $canManagePerms;
|
||||
$permissions = $canEditPerms ? manage_perms_list(perms_get_user_raw($userId)) : [];
|
||||
|
||||
$permsInfos = $perms->getPermissionInfo(userInfo: $userInfo, categoryNames: Perm::INFO_FOR_USER);
|
||||
$permsLists = Perm::createList(Perm::LISTS_FOR_USER);
|
||||
|
||||
if(CSRF::validateRequest() && $canEdit) {
|
||||
if(!empty($_POST['impersonate_user'])) {
|
||||
|
@ -136,11 +141,14 @@ if(CSRF::validateRequest() && $canEdit) {
|
|||
|
||||
if(!empty($addRoles))
|
||||
$users->addRoles($userInfo, $addRoles);
|
||||
|
||||
if(!empty($addRoles) || !empty($removeRoles))
|
||||
$msz->getConfig()->setBoolean('perms.needsRecalc', true);
|
||||
}
|
||||
|
||||
if(!empty($_POST['user']) && is_array($_POST['user'])) {
|
||||
$setCountry = (string)($_POST['user']['country'] ?? '');
|
||||
$setTitle = (string)($_POST['user']['title'] ?? '');
|
||||
$setCountry = (string)($_POST['user']['country'] ?? '');
|
||||
$setTitle = (string)($_POST['user']['title'] ?? '');
|
||||
|
||||
$displayRole = (string)($_POST['user']['display_role'] ?? 0);
|
||||
if(!$users->hasRole($userInfo, $displayRole))
|
||||
|
@ -193,19 +201,16 @@ if(CSRF::validateRequest() && $canEdit) {
|
|||
}
|
||||
}
|
||||
|
||||
if($canEditPerms && !empty($_POST['perms']) && is_array($_POST['perms'])) {
|
||||
$perms = manage_perms_apply($permissions, $_POST['perms']);
|
||||
if($canEditPerms && filter_has_var(INPUT_POST, 'perms')) {
|
||||
$permsApply = Perm::convertSubmission(
|
||||
filter_input(INPUT_POST, 'perms', FILTER_DEFAULT, FILTER_REQUIRE_ARRAY),
|
||||
Perm::INFO_FOR_USER
|
||||
);
|
||||
|
||||
if($perms !== null) {
|
||||
if(!perms_set_user_raw($userId, $perms))
|
||||
$notices[] = 'Failed to update permissions.';
|
||||
} else {
|
||||
if(!perms_delete_user($userId))
|
||||
$notices[] = 'Failed to remove permissions.';
|
||||
}
|
||||
foreach($permsApply as $categoryName => $values)
|
||||
$perms->setPermissions($categoryName, $values['allow'], $values['deny'], userInfo: $userInfo);
|
||||
|
||||
// this smells, make it refresh/apply in a non-retarded way
|
||||
$permissions = manage_perms_list(perms_get_user_raw($userId));
|
||||
$msz->getConfig()->setBoolean('perms.needsRecalc', true);
|
||||
}
|
||||
|
||||
url_redirect('manage-user', ['user' => $userInfo->getId()]);
|
||||
|
@ -227,5 +232,6 @@ Template::render('manage.users.user', [
|
|||
'can_manage_bans' => $canManageBans,
|
||||
'can_impersonate' => $canImpersonate,
|
||||
'can_send_test_mail' => $canSendTestMail,
|
||||
'permissions' => $permissions ?? [],
|
||||
'perms_lists' => $permsLists,
|
||||
'perms_infos' => $permsInfos,
|
||||
]);
|
||||
|
|
|
@ -3,7 +3,7 @@ namespace Misuzu;
|
|||
|
||||
use RuntimeException;
|
||||
|
||||
if(!$msz->isLoggedIn() || !perms_check_user(MSZ_PERMS_USER, $msz->getActiveUser()->getId(), MSZ_PERM_USER_MANAGE_WARNINGS)) {
|
||||
if(!$msz->getAuthInfo()->getPerms('user')->check(Perm::U_WARNINGS_MANAGE)) {
|
||||
echo render_error(403);
|
||||
return;
|
||||
}
|
||||
|
|
|
@ -3,7 +3,7 @@ namespace Misuzu;
|
|||
|
||||
use RuntimeException;
|
||||
|
||||
if(!$msz->isLoggedIn() || !perms_check_user(MSZ_PERMS_USER, $msz->getActiveUser()->getId(), MSZ_PERM_USER_MANAGE_WARNINGS)) {
|
||||
if(!$msz->getAuthInfo()->getPerms('user')->check(Perm::U_WARNINGS_MANAGE)) {
|
||||
echo render_error(403);
|
||||
return;
|
||||
}
|
||||
|
|
|
@ -67,8 +67,6 @@ if(empty($orderDir)) {
|
|||
return;
|
||||
}
|
||||
|
||||
$canManageUsers = perms_check_user(MSZ_PERMS_USER, $msz->getActiveUser()->getId(), MSZ_PERM_USER_MANAGE_USERS);
|
||||
|
||||
if($roleId === null) {
|
||||
$roleInfo = $roles->getDefaultRole();
|
||||
} else {
|
||||
|
@ -80,6 +78,7 @@ if($roleId === null) {
|
|||
}
|
||||
}
|
||||
|
||||
$canManageUsers = $msz->getAuthInfo()->getPerms('user')->check(Perm::U_USERS_MANAGE);
|
||||
$deleted = $canManageUsers ? null : false;
|
||||
|
||||
$rolesAll = $roles->getRoles(hidden: false);
|
||||
|
|
|
@ -65,15 +65,15 @@ $notices = [];
|
|||
$userRank = $users->getUserRank($userInfo);
|
||||
$viewerRank = $viewingAsGuest ? 0 : $users->getUserRank($viewerInfo);
|
||||
|
||||
$viewerPerms = $msz->getAuthInfo()->getPerms('user');
|
||||
|
||||
$activeBanInfo = $msz->tryGetActiveBan($userInfo);
|
||||
$isBanned = $activeBanInfo !== null;
|
||||
$profileFields = $msz->getProfileFields();
|
||||
$viewingOwnProfile = (string)$viewerId === $userInfo->getId();
|
||||