flashii/misuzu
flashii/misuzu
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Some permissions stuff.

Browse source
This commit is contained in:
flash 2018-07-10 23:24:00 +02:00
parent 5878a4c16c
commit 845061e679
10 changed files with 235 additions and 95 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

30
database/2018_07_10_212820_added_general_and_forum_perms.php Normal file
View file

@ -0,0 +1,30 @@
<?php
namespace Misuzu\DatabaseMigrations\AddedGeneralAndForumPerms;
use PDO;
function migrate_up(PDO $conn): void
{
$conn->exec("
ALTER TABLE `msz_permissions`
ADD COLUMN `general_perms_allow` INT(10) UNSIGNED NOT NULL DEFAULT '0' AFTER `role_id`,
ADD COLUMN `general_perms_deny` INT(10) UNSIGNED NOT NULL DEFAULT '0' AFTER `general_perms_allow`,
ADD COLUMN `forum_perms_allow` INT(10) UNSIGNED NOT NULL DEFAULT '0' AFTER `news_perms_deny`,
ADD COLUMN `forum_perms_deny` INT(10) UNSIGNED NOT NULL DEFAULT '0' AFTER `forum_perms_allow`,
ADD COLUMN `comments_perms_allow` INT(10) UNSIGNED NOT NULL DEFAULT '0' AFTER `forum_perms_deny`,
ADD COLUMN `comments_perms_deny` INT(10) UNSIGNED NOT NULL DEFAULT '0' AFTER `comments_perms_allow`;
");
}
function migrate_down(PDO $conn): void
{
$conn->exec('
ALTER TABLE `msz_permissions`
DROP COLUMN `general_perms_allow`,
DROP COLUMN `general_perms_deny`,
DROP COLUMN `forum_perms_allow`,
DROP COLUMN `forum_perms_deny,
DROP COLUMN `forum_perms_allow`,
DROP COLUMN `forum_perms_deny`;
');
}

4
misuzu.php
View file

@ -6,6 +6,8 @@ date_default_timezone_set('UTC');
require_once __DIR__ . '/vendor/autoload.php'; require_once __DIR__ . '/vendor/autoload.php';
require_once __DIR__ . '/src/changelog.php'; require_once __DIR__ . '/src/changelog.php';
require_once __DIR__ . '/src/colour.php'; require_once __DIR__ . '/src/colour.php';
require_once __DIR__ . '/src/comments.php';
require_once __DIR__ . '/src/general.php';
require_once __DIR__ . '/src/git.php'; require_once __DIR__ . '/src/git.php';
require_once __DIR__ . '/src/manage.php'; require_once __DIR__ . '/src/manage.php';
require_once __DIR__ . '/src/news.php'; require_once __DIR__ . '/src/news.php';
@ -84,7 +86,7 @@ if (PHP_SAPI !== 'cli') {
} }
$inManageMode = starts_with($_SERVER['REQUEST_URI'], '/manage'); $inManageMode = starts_with($_SERVER['REQUEST_URI'], '/manage');
$hasManageAccess = perms_check(perms_get_user(MSZ_PERMS_USER, $app->getUserId()), MSZ_USER_PERM_CAN_MANAGE); $hasManageAccess = perms_check(perms_get_user(MSZ_PERMS_GENERAL, $app->getUserId()), MSZ_GENERAL_PERM_CAN_MANAGE);
$tpl->var('has_manage_access', $hasManageAccess); $tpl->var('has_manage_access', $hasManageAccess);
if ($inManageMode) { if ($inManageMode) {

2
src/Forum/forum.php
View file

@ -1,6 +1,8 @@
<?php <?php
use Misuzu\Database; use Misuzu\Database;
define('MSZ_FORUM_PERM_MANAGE_FORUMS', 1);
define('MSZ_FORUM_TYPE_DISCUSSION', 0); define('MSZ_FORUM_TYPE_DISCUSSION', 0);
define('MSZ_FORUM_TYPE_CATEGORY', 1); define('MSZ_FORUM_TYPE_CATEGORY', 1);
define('MSZ_FORUM_TYPE_LINK', 2); define('MSZ_FORUM_TYPE_LINK', 2);

1
src/Users/user.php
View file

@ -6,7 +6,6 @@ use Misuzu\IO\File;
define('MSZ_USER_PERM_EDIT_PROFILE', 1); define('MSZ_USER_PERM_EDIT_PROFILE', 1);
define('MSZ_USER_PERM_CHANGE_AVATAR', 1 << 1); define('MSZ_USER_PERM_CHANGE_AVATAR', 1 << 1);
define('MSZ_USER_PERM_CAN_MANAGE', 1 << 19);
define('MSZ_USER_PERM_MANAGE_USERS', 1 << 20); define('MSZ_USER_PERM_MANAGE_USERS', 1 << 20);
define('MSZ_USER_PERM_MANAGE_ROLES', 1 << 21); define('MSZ_USER_PERM_MANAGE_ROLES', 1 << 21);
define('MSZ_USER_PERM_MANAGE_PERMS', 1 << 22); define('MSZ_USER_PERM_MANAGE_PERMS', 1 << 22);

3
src/changelog.php
View file

@ -4,9 +4,6 @@ use Misuzu\Database;
define('MSZ_CHANGELOG_PERM_MANAGE_CHANGES', 1); define('MSZ_CHANGELOG_PERM_MANAGE_CHANGES', 1);
define('MSZ_CHANGELOG_PERM_MANAGE_TAGS', 1 << 1); define('MSZ_CHANGELOG_PERM_MANAGE_TAGS', 1 << 1);
define('MSZ_CHANGELOG_PERM_MANAGE_ACTIONS', 1 << 2); define('MSZ_CHANGELOG_PERM_MANAGE_ACTIONS', 1 << 2);
define('MSZ_CHANGELOG_PERM_DELETE_COMMENTS', 1 << 3);
define('MSZ_CHANGELOG_PERM_EDIT_COMMENTS', 1 << 4);
define('MSZ_CHANGELOG_PERM_PIN_COMMENTS', 1 << 5);
function changelog_action_add(string $name, ?int $colour = null, ?string $class = null): int function changelog_action_add(string $name, ?int $colour = null, ?string $class = null): int
{ {

7
src/comments.php Normal file
View file

@ -0,0 +1,7 @@
<?php
define('MSZ_COMMENTS_PERM_CREATE', 1);
define('MSZ_COMMENTS_PERM_EDIT_OWN', 1 << 1);
define('MSZ_COMMENTS_PERM_EDIT_ANY', 1 << 2);
define('MSZ_COMMENTS_PERM_DELETE_OWN', 1 << 3);
define('MSZ_COMMENTS_PERM_DELETE_ANY', 1 << 4);
define('MSZ_COMMENTS_PERM_PIN', 1 << 5);

5
src/general.php Normal file
View file

@ -0,0 +1,5 @@
<?php
define('MSZ_GENERAL_PERM_CAN_MANAGE', 1);
define('MSZ_GENERAL_PERM_VIEW_LOGS', 1 << 1);
define('MSZ_GENERAL_PERM_MANAGE_EMOTICONS', 1 << 2);
define('MSZ_GENERAL_PERM_MANAGE_SETTINGS', 1 << 3);

269
src/manage.php
View file

@ -1,82 +1,121 @@
<?php <?php
function manage_get_menu(int $userId): array function manage_get_menu(int $userId): array
{ {
$userPerms = perms_get_user(MSZ_PERMS_USER, $userId); $perms = [];
if (!perms_check($userPerms, MSZ_USER_PERM_CAN_MANAGE)) { foreach (MSZ_PERM_MODES as $mode) {
return []; $perms[$mode] = perms_get_user($mode, $userId);
} }
$changelogPerms = perms_get_user(MSZ_PERMS_CHANGELOG, $userId); if (!perms_check($perms['general'], MSZ_GENERAL_PERM_CAN_MANAGE)) {
return [];
}
$menu = []; $menu = [];
$menu['General'] = [ $menu['General'] = [
'Overview' => '/manage/index.php?v=overview', 'Overview' => '/manage/index.php?v=overview',
'Logs' => '/manage/index.php?v=logs',
'_',
'Emoticons' => '/manage/index.php?v=emoticons',
'Settings' => '/manage/index.php?v=settings',
]; ];
$canUsers = perms_check($userPerms, MSZ_USER_PERM_MANAGE_USERS); if (perms_check($perms['general'], MSZ_GENERAL_PERM_VIEW_LOGS)) {
$canRoles = perms_check($userPerms, MSZ_USER_PERM_MANAGE_ROLES); $menu['General']['Logs'] = '/manage/index.php?v=logs';
$canPerms = perms_check($userPerms, MSZ_USER_PERM_MANAGE_PERMS); }
$canReports = perms_check($userPerms, MSZ_USER_PERM_MANAGE_REPORTS);
$canRestricts = perms_check($userPerms, MSZ_USER_PERM_MANAGE_RESTRICTIONS);
$canBlacklists = perms_check($userPerms, MSZ_USER_PERM_MANAGE_BLACKLISTS);
if ($canUsers || $canRoles || $canPerms if (perms_check(
|| $canReports || $canRestricts || $canBlacklists) { $perms['general'],
MSZ_GENERAL_PERM_MANAGE_EMOTICONS | MSZ_GENERAL_PERM_MANAGE_SETTINGS
)) {
$menu['General'][] = '_';
if (perms_check($perms['general'], MSZ_GENERAL_PERM_MANAGE_EMOTICONS)) {
$menu['General']['Emoticons'] = '/manage/users.php?v=emoticons';
}
if (perms_check($perms['general'], MSZ_GENERAL_PERM_MANAGE_SETTINGS)) {
$menu['General']['Settings'] = '/manage/users.php?v=settings';
}
}
$canUserManage = MSZ_USER_PERM_MANAGE_USERS | MSZ_USER_PERM_MANAGE_ROLES
| MSZ_USER_PERM_MANAGE_PERMS | MSZ_USER_PERM_MANAGE_REPORTS
| MSZ_USER_PERM_MANAGE_RESTRICTIONS | MSZ_USER_PERM_MANAGE_BLACKLISTS;
if (perms_check($perms['user'], $canUserManage)) {
$menu['Users'] = []; $menu['Users'] = [];
if ($canUsers || $canPerms) { if (perms_check($perms['user'], MSZ_USER_PERM_MANAGE_USERS | MSZ_USER_PERM_MANAGE_PERMS)) {
$menu['Users']['Listing'] = '/manage/users.php?v=listing'; $menu['Users']['Listing'] = '/manage/users.php?v=listing';
} }
if ($canRoles || $canPerms) { if (perms_check($perms['user'], MSZ_USER_PERM_MANAGE_ROLES | MSZ_USER_PERM_MANAGE_PERMS)) {
$menu['Users']['Roles'] = '/manage/users.php?v=roles'; $menu['Users']['Roles'] = '/manage/users.php?v=roles';
} }
if ($canReports || $canRestricts || $canBlacklists) { if (perms_check(
$perms['user'],
MSZ_USER_PERM_MANAGE_REPORTS | MSZ_USER_PERM_MANAGE_RESTRICTIONS | MSZ_USER_PERM_MANAGE_BLACKLISTS
)) {
$menu['Users'][] = '_'; $menu['Users'][] = '_';
if ($canReports) { if (perms_check($perms['user'], MSZ_USER_PERM_MANAGE_REPORTS)) {
$menu['Users']['Reports'] = '/manage/users.php?v=reports'; $menu['Users']['Reports'] = '/manage/users.php?v=reports';
} }
if ($canRestricts) { if (perms_check($perms['user'], MSZ_USER_PERM_MANAGE_RESTRICTIONS)) {
$menu['Users']['Restrictions'] = '/manage/users.php?v=restrictions'; $menu['Users']['Restrictions'] = '/manage/users.php?v=restrictions';
} }
if ($canBlacklists) { if (perms_check($perms['user'], MSZ_USER_PERM_MANAGE_BLACKLISTS)) {
$menu['Users']['Blacklisting'] = '/manage/users.php?v=blacklisting'; $menu['Users']['Blacklisting'] = '/manage/users.php?v=blacklisting';
} }
} }
} }
$canNewsManage = MSZ_NEWS_PERM_MANAGE_POSTS | MSZ_NEWS_PERM_MANAGE_CATEGORIES;
if (perms_check($perms['news'], $canNewsManage)) {
$menu['News'] = [];
if (perms_check($perms['news'], MSZ_NEWS_PERM_MANAGE_POSTS)) {
$menu['News']['Posts'] = '/manage/news.php?v=posts';
}
if (perms_check($perms['news'], MSZ_NEWS_PERM_MANAGE_CATEGORIES)) {
$menu['News']['Categories'] = '/manage/news.php?v=categories';
}
}
$canForumManage = MSZ_FORUM_PERM_MANAGE_FORUMS;
if (perms_check($perms['forum'], $canForumManage)) {
$menu['Forums'] = [];
if (perms_check($perms['forum'], MSZ_FORUM_PERM_MANAGE_FORUMS)) {
$menu['Forums']['Listing'] = '/manage/forums.php?v=listing';
}
}
/*$menu['Forum'] = [ /*$menu['Forum'] = [
'Listing' => '/manage/forums.php?v=listing', 'Listing' => '/manage/forums.php?v=listing',
'Permisisons' => '/manage/forums.php?v=permissions', 'Permisisons' => '/manage/forums.php?v=permissions',
'Settings' => '/manage/forums.php?v=settings', 'Settings' => '/manage/forums.php?v=settings',
];*/ ];*/
$canChanges = perms_check($changelogPerms, MSZ_CHANGELOG_PERM_MANAGE_CHANGES); $canChangelogManage = MSZ_CHANGELOG_PERM_MANAGE_CHANGES | MSZ_CHANGELOG_PERM_MANAGE_TAGS
$canChangeTags = perms_check($changelogPerms, MSZ_CHANGELOG_PERM_MANAGE_TAGS); | MSZ_CHANGELOG_PERM_MANAGE_ACTIONS;
$canChangeActions = perms_check($changelogPerms, MSZ_CHANGELOG_PERM_MANAGE_ACTIONS);
if ($canChanges || $canChangeTags || $canChangeActions) { if (perms_check($perms['changelog'], $canChangelogManage)) {
$menu['Changelog'] = []; $menu['Changelog'] = [];
if ($canChanges) { if (perms_check($perms['changelog'], MSZ_CHANGELOG_PERM_MANAGE_CHANGES)) {
$menu['Changelog']['Changes'] = '/manage/changelog.php?v=changes'; $menu['Changelog']['Changes'] = '/manage/changelog.php?v=changes';
} }
if ($canChangeTags) { if (perms_check($perms['changelog'], MSZ_CHANGELOG_PERM_MANAGE_TAGS)) {
$menu['Changelog']['Tags'] = '/manage/changelog.php?v=tags'; $menu['Changelog']['Tags'] = '/manage/changelog.php?v=tags';
} }
if ($canChangeActions) { if (perms_check($perms['changelog'], MSZ_CHANGELOG_PERM_MANAGE_ACTIONS)) {
$menu['Changelog']['Actions'] = '/manage/changelog.php?v=actions'; $menu['Changelog']['Actions'] = '/manage/changelog.php?v=actions';
} }
} }
@ -151,6 +190,52 @@ function manage_perms_apply(array $list, array $post): ?array
function manage_perms_list(array $rawPerms): array function manage_perms_list(array $rawPerms): array
{ {
return [ return [
[
'section' => 'general',
'title' => 'General',
'perms' => [
[
'section' => 'can-manage',
'title' => 'Can access the management panel.',
'perm' => MSZ_GENERAL_PERM_CAN_MANAGE,
'value' => manage_perms_value(
MSZ_GENERAL_PERM_CAN_MANAGE,
$rawPerms['general_perms_allow'],
$rawPerms['general_perms_deny']
),
],
[
'section' => 'view-logs',
'title' => 'Can view audit logs.',
'perm' => MSZ_GENERAL_PERM_VIEW_LOGS,
'value' => manage_perms_value(
MSZ_GENERAL_PERM_VIEW_LOGS,
$rawPerms['general_perms_allow'],
$rawPerms['general_perms_deny']
)
],
[
'section' => 'manage-emotes',
'title' => 'Can manage emoticons.',
'perm' => MSZ_GENERAL_PERM_MANAGE_EMOTICONS,
'value' => manage_perms_value(
MSZ_GENERAL_PERM_MANAGE_EMOTICONS,
$rawPerms['general_perms_allow'],
$rawPerms['general_perms_deny']
)
],
[
'section' => 'manage-settings',
'title' => 'Can manage general Misuzu settings.',
'perm' => MSZ_GENERAL_PERM_MANAGE_SETTINGS,
'value' => manage_perms_value(
MSZ_GENERAL_PERM_MANAGE_SETTINGS,
$rawPerms['general_perms_allow'],
$rawPerms['general_perms_deny']
)
],
],
],
[ [
'section' => 'user', 'section' => 'user',
'title' => 'User', 'title' => 'User',
@ -175,16 +260,6 @@ function manage_perms_list(array $rawPerms): array
$rawPerms['user_perms_deny'] $rawPerms['user_perms_deny']
), ),
], ],
[
'section' => 'can-manage',
'title' => 'Can access the management panel.',
'perm' => MSZ_USER_PERM_CAN_MANAGE,
'value' => manage_perms_value(
MSZ_USER_PERM_CAN_MANAGE,
$rawPerms['user_perms_allow'],
$rawPerms['user_perms_deny']
),
],
[ [
'section' => 'manage-users', 'section' => 'manage-users',
'title' => 'Can manage other users.', 'title' => 'Can manage other users.',
@ -271,34 +346,86 @@ function manage_perms_list(array $rawPerms): array
$rawPerms['news_perms_deny'] $rawPerms['news_perms_deny']
), ),
], ],
],
],
[ [
'section' => 'comments-delete', 'section' => 'forum',
'title' => 'Can delete comments from others.', 'title' => 'Forum',
'perm' => MSZ_NEWS_PERM_DELETE_COMMENTS, 'perms' => [
[
'section' => 'manage-forums',
'title' => 'Can manage forum sections.',
'perm' => MSZ_FORUM_PERM_MANAGE_FORUMS,
'value' => manage_perms_value( 'value' => manage_perms_value(
MSZ_NEWS_PERM_DELETE_COMMENTS, MSZ_FORUM_PERM_MANAGE_FORUMS,
$rawPerms['news_perms_allow'], $rawPerms['forum_perms_allow'],
$rawPerms['news_perms_deny'] $rawPerms['forum_perms_deny']
)
],
],
],
[
'section' => 'comments',
'title' => 'Comments',
'perms' => [
[
'section' => 'create',
'title' => 'Can post comments.',
'perm' => MSZ_COMMENTS_PERM_CREATE,
'value' => manage_perms_value(
MSZ_COMMENTS_PERM_CREATE,
$rawPerms['comments_perms_allow'],
$rawPerms['comments_perms_deny']
), ),
], ],
[ [
'section' => 'comments-edit', 'section' => 'edit-own',
'title' => 'Can edit comments from others.', 'title' => 'Can edit own comments.',
'perm' => MSZ_NEWS_PERM_EDIT_COMMENTS, 'perm' => MSZ_COMMENTS_PERM_EDIT_OWN,
'value' => manage_perms_value( 'value' => manage_perms_value(
MSZ_NEWS_PERM_EDIT_COMMENTS, MSZ_COMMENTS_PERM_EDIT_OWN,
$rawPerms['news_perms_allow'], $rawPerms['comments_perms_allow'],
$rawPerms['news_perms_deny'] $rawPerms['comments_perms_deny']
), ),
], ],
[ [
'section' => 'comments-pin', 'section' => 'edit-any',
'title' => 'Can edit anyone\'s comments.',
'perm' => MSZ_COMMENTS_PERM_EDIT_ANY,
'value' => manage_perms_value(
MSZ_COMMENTS_PERM_EDIT_ANY,
$rawPerms['comments_perms_allow'],
$rawPerms['comments_perms_deny']
),
],
[
'section' => 'delete-own',
'title' => 'Can delete own comments.',
'perm' => MSZ_COMMENTS_PERM_DELETE_OWN,
'value' => manage_perms_value(
MSZ_COMMENTS_PERM_DELETE_OWN,
$rawPerms['comments_perms_allow'],
$rawPerms['comments_perms_deny']
),
],
[
'section' => 'delete-any',
'title' => 'Can delete anyone\'s comments.',
'perm' => MSZ_COMMENTS_PERM_DELETE_ANY,
'value' => manage_perms_value(
MSZ_COMMENTS_PERM_DELETE_ANY,
$rawPerms['comments_perms_allow'],
$rawPerms['comments_perms_deny']
),
],
[
'section' => 'pin',
'title' => 'Can pin comments.', 'title' => 'Can pin comments.',
'perm' => MSZ_NEWS_PERM_PIN_COMMENTS, 'perm' => MSZ_COMMENTS_PERM_PIN,
'value' => manage_perms_value( 'value' => manage_perms_value(
MSZ_NEWS_PERM_PIN_COMMENTS, MSZ_COMMENTS_PERM_PIN,
$rawPerms['news_perms_allow'], $rawPerms['comments_perms_allow'],
$rawPerms['news_perms_deny'] $rawPerms['comments_perms_deny']
), ),
], ],
], ],
@ -337,36 +464,6 @@ function manage_perms_list(array $rawPerms): array
$rawPerms['changelog_perms_deny'] $rawPerms['changelog_perms_deny']
), ),
], ],
[
'section' => 'comments-delete',
'title' => 'Can delete comments from others.',
'perm' => MSZ_CHANGELOG_PERM_DELETE_COMMENTS,
'value' => manage_perms_value(
MSZ_CHANGELOG_PERM_DELETE_COMMENTS,
$rawPerms['changelog_perms_allow'],
$rawPerms['changelog_perms_deny']
),
],
[
'section' => 'comments-edit',
'title' => 'Can edit comments from others.',
'perm' => MSZ_CHANGELOG_PERM_EDIT_COMMENTS,
'value' => manage_perms_value(
MSZ_CHANGELOG_PERM_EDIT_COMMENTS,
$rawPerms['changelog_perms_allow'],
$rawPerms['changelog_perms_deny']
),
],
[
'section' => 'comments-pin',
'title' => 'Can pin comments.',
'perm' => MSZ_CHANGELOG_PERM_PIN_COMMENTS,
'value' => manage_perms_value(
MSZ_CHANGELOG_PERM_PIN_COMMENTS,
$rawPerms['changelog_perms_allow'],
$rawPerms['changelog_perms_deny']
),
],
], ],
], ],
]; ];

3
src/news.php
View file

@ -1,6 +1,3 @@
<?php <?php
define('MSZ_NEWS_PERM_MANAGE_POSTS', 1); define('MSZ_NEWS_PERM_MANAGE_POSTS', 1);
define('MSZ_NEWS_PERM_MANAGE_CATEGORIES', 1 << 1); define('MSZ_NEWS_PERM_MANAGE_CATEGORIES', 1 << 1);
define('MSZ_NEWS_PERM_DELETE_COMMENTS', 1 << 2);
define('MSZ_NEWS_PERM_EDIT_COMMENTS', 1 << 3);
define('MSZ_NEWS_PERM_PIN_COMMENTS', 1 << 4);

6
src/perms.php
View file

@ -1,12 +1,16 @@
<?php <?php
use Misuzu\Database; use Misuzu\Database;
define('MSZ_PERMS_GENERAL', 'general');
define('MSZ_PERMS_USER', 'user'); define('MSZ_PERMS_USER', 'user');
define('MSZ_PERMS_CHANGELOG', 'changelog'); define('MSZ_PERMS_CHANGELOG', 'changelog');
define('MSZ_PERMS_NEWS', 'news'); define('MSZ_PERMS_NEWS', 'news');
define('MSZ_PERMS_FORUM', 'forum');
define('MSZ_PERMS_COMMENTS', 'comments');
define('MSZ_PERM_MODES', [ define('MSZ_PERM_MODES', [
MSZ_PERMS_USER, MSZ_PERMS_CHANGELOG, MSZ_PERMS_NEWS MSZ_PERMS_GENERAL, MSZ_PERMS_USER, MSZ_PERMS_CHANGELOG,
MSZ_PERMS_NEWS, MSZ_PERMS_FORUM, MSZ_PERMS_COMMENTS,
]); ]);
define('MSZ_PERMS_ALLOW', 'allow'); define('MSZ_PERMS_ALLOW', 'allow');