Reverted addition of permission override flagset.
This commit is contained in:
parent
e14db1a133
commit
cbd4ae24e6
4 changed files with 117 additions and 50 deletions
102
database/2018_12_28_173507_remove_override_flag.php
Normal file
102
database/2018_12_28_173507_remove_override_flag.php
Normal file
|
|
@ -0,0 +1,102 @@
|
|||
<?php
|
||||
namespace Misuzu\DatabaseMigrations\RemoveOverrideFlag;
|
||||
|
||||
use PDO;
|
||||
|
||||
function migrate_up(PDO $conn): void
|
||||
{
|
||||
$conn->exec("
|
||||
ALTER TABLE `msz_permissions`
|
||||
DROP COLUMN `general_perms_override`,
|
||||
DROP COLUMN `user_perms_override`,
|
||||
DROP COLUMN `changelog_perms_override`,
|
||||
DROP COLUMN `news_perms_override`,
|
||||
DROP COLUMN `forum_perms_override`,
|
||||
DROP COLUMN `comments_perms_override`;
|
||||
");
|
||||
|
||||
$conn->exec('DROP VIEW `msz_forum_permissions_view`');
|
||||
$conn->exec("
|
||||
CREATE VIEW `msz_forum_permissions_view` AS
|
||||
WITH RECURSIVE permissions(user_id, role_id, forum_id, forum_perms_allow, forum_perms_deny) as (
|
||||
SELECT
|
||||
pp.`user_id`, pp.`role_id`,
|
||||
pc.`forum_id`,
|
||||
IFNULL(pp.`forum_perms_allow`, 0), IFNULL(pp.`forum_perms_deny`, 0)
|
||||
FROM `msz_forum_categories` as pc
|
||||
LEFT JOIN `msz_forum_permissions` as pp
|
||||
ON pp.`forum_id` = pc.`forum_id`
|
||||
GROUP BY `user_id`, `role_id`, `forum_id`
|
||||
UNION ALL
|
||||
SELECT
|
||||
permissions.`user_id`, permissions.`role_id`,
|
||||
cc.`forum_id`,
|
||||
IFNULL(cp.`forum_perms_allow`, 0) | permissions.`forum_perms_allow`,
|
||||
IFNULL(cp.`forum_perms_deny`, 0) | permissions.`forum_perms_deny`
|
||||
FROM `msz_forum_categories` as cc
|
||||
LEFT JOIN `msz_forum_permissions` as cp
|
||||
ON cp.`forum_id` = cc.`forum_id`
|
||||
INNER JOIN permissions
|
||||
ON cc.`forum_parent` = permissions.`forum_id`
|
||||
)
|
||||
SELECT
|
||||
`user_id`, `role_id`, `forum_id`,
|
||||
(BIT_OR(`forum_perms_allow`) &~ BIT_OR(`forum_perms_deny`)) as `forum_perms`
|
||||
FROM permissions
|
||||
GROUP BY `user_id`, `role_id`, `forum_id`
|
||||
");
|
||||
|
||||
$conn->exec("
|
||||
ALTER TABLE `msz_forum_permissions`
|
||||
DROP COLUMN `forum_perms_override`;
|
||||
");
|
||||
}
|
||||
|
||||
function migrate_down(PDO $conn): void
|
||||
{
|
||||
$conn->exec("
|
||||
ALTER TABLE `msz_forum_permissions`
|
||||
ADD COLUMN `forum_perms_override` INT(10) UNSIGNED NOT NULL DEFAULT '0' AFTER `forum_perms_deny`;
|
||||
");
|
||||
|
||||
$conn->exec('DROP VIEW `msz_forum_permissions_view`');
|
||||
$conn->exec("
|
||||
CREATE VIEW `msz_forum_permissions_view` AS
|
||||
WITH RECURSIVE permissions(user_id, role_id, forum_id, forum_perms_allow, forum_perms_deny) as (
|
||||
SELECT
|
||||
pp.`user_id`, pp.`role_id`,
|
||||
pc.`forum_id`,
|
||||
IFNULL(pp.`forum_perms_allow`, 0), IFNULL(pp.`forum_perms_deny`, 0)
|
||||
FROM `msz_forum_categories` as pc
|
||||
LEFT JOIN `msz_forum_permissions` as pp
|
||||
ON pp.`forum_id` = pc.`forum_id`
|
||||
GROUP BY `user_id`, `role_id`, `forum_id`
|
||||
UNION ALL
|
||||
SELECT
|
||||
permissions.`user_id`, permissions.`role_id`,
|
||||
cc.`forum_id`,
|
||||
IFNULL(cp.`forum_perms_allow`, 0) | (permissions.`forum_perms_allow` &~ IFNULL(cp.`forum_perms_override`, 0)),
|
||||
IFNULL(cp.`forum_perms_deny`, 0) | (permissions.`forum_perms_deny` &~ IFNULL(cp.`forum_perms_override`, 0))
|
||||
FROM `msz_forum_categories` as cc
|
||||
LEFT JOIN `msz_forum_permissions` as cp
|
||||
ON cp.`forum_id` = cc.`forum_id`
|
||||
INNER JOIN permissions
|
||||
ON cc.`forum_parent` = permissions.`forum_id`
|
||||
)
|
||||
SELECT
|
||||
`user_id`, `role_id`, `forum_id`,
|
||||
(BIT_OR(`forum_perms_allow`) &~ BIT_OR(`forum_perms_deny`)) as `forum_perms`
|
||||
FROM permissions
|
||||
GROUP BY `user_id`, `role_id`, `forum_id`
|
||||
");
|
||||
|
||||
$conn->exec("
|
||||
ALTER TABLE `msz_permissions`
|
||||
ADD COLUMN `general_perms_override` INT(10) UNSIGNED NOT NULL DEFAULT '0' AFTER `general_perms_deny`,
|
||||
ADD COLUMN `user_perms_override` INT(10) UNSIGNED NOT NULL DEFAULT '0' AFTER `user_perms_deny`,
|
||||
ADD COLUMN `changelog_perms_override` INT(10) UNSIGNED NOT NULL DEFAULT '0' AFTER `changelog_perms_deny`,
|
||||
ADD COLUMN `news_perms_override` INT(10) UNSIGNED NOT NULL DEFAULT '0' AFTER `news_perms_deny`,
|
||||
ADD COLUMN `forum_perms_override` INT(10) UNSIGNED NOT NULL DEFAULT '0' AFTER `forum_perms_deny`,
|
||||
ADD COLUMN `comments_perms_override` INT(10) UNSIGNED NOT NULL DEFAULT '0' AFTER `comments_perms_deny`;
|
||||
");
|
||||
}
|
||||
|
|
@ -103,7 +103,6 @@ function manage_perms_apply(array $list, array $post): ?array
|
|||
|
||||
$allowKey = perms_get_key($section['section'], MSZ_PERMS_ALLOW);
|
||||
$denyKey = perms_get_key($section['section'], MSZ_PERMS_DENY);
|
||||
$overrideKey = perms_get_key($section['section'], MSZ_PERMS_OVERRIDE);
|
||||
|
||||
foreach ($section['perms'] as $perm) {
|
||||
if (empty($post[$section['section']][$perm['section']]['value'])) {
|
||||
|
|
@ -127,12 +126,6 @@ function manage_perms_apply(array $list, array $post): ?array
|
|||
$perms[$denyKey] &= ~$perm['perm'];
|
||||
break;
|
||||
}
|
||||
|
||||
if (!empty($post[$section['section']][$perm['section']]['override'])) {
|
||||
$perms[$overrideKey] |= $perm['perm'];
|
||||
} else {
|
||||
$perms[$overrideKey] &= ~$perm['perm'];
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -155,11 +148,9 @@ function manage_perms_calculate(array $rawPerms, array $perms): array
|
|||
$section = $perms[$i]['section'];
|
||||
$allowKey = perms_get_key($section, MSZ_PERMS_ALLOW);
|
||||
$denyKey = perms_get_key($section, MSZ_PERMS_DENY);
|
||||
$overrideKey = perms_get_key($section, MSZ_PERMS_OVERRIDE);
|
||||
|
||||
for ($j = 0; $j < count($perms[$i]['perms']); $j++) {
|
||||
$permission = $perms[$i]['perms'][$j]['perm'];
|
||||
$perms[$i]['perms'][$j]['override'] = perms_check($rawPerms[$overrideKey], $permission);
|
||||
$perms[$i]['perms'][$j]['value'] = manage_perms_value($permission, $rawPerms[$allowKey], $rawPerms[$denyKey]);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -13,10 +13,9 @@ define('MSZ_PERM_MODES', [
|
|||
|
||||
define('MSZ_PERMS_ALLOW', 'allow');
|
||||
define('MSZ_PERMS_DENY', 'deny');
|
||||
define('MSZ_PERMS_OVERRIDE', 'override');
|
||||
|
||||
define('MSZ_PERM_SETS', [
|
||||
MSZ_PERMS_ALLOW, MSZ_PERMS_DENY, MSZ_PERMS_OVERRIDE,
|
||||
MSZ_PERMS_ALLOW, MSZ_PERMS_DENY,
|
||||
]);
|
||||
|
||||
function perms_get_keys(): array
|
||||
|
|
@ -56,38 +55,24 @@ function perms_get_user(string $prefix, int $user): int
|
|||
|
||||
$allowKey = perms_get_key($prefix, MSZ_PERMS_ALLOW);
|
||||
$denyKey = perms_get_key($prefix, MSZ_PERMS_DENY);
|
||||
$overrideKey = perms_get_key($prefix, MSZ_PERMS_OVERRIDE);
|
||||
|
||||
$getPerms = db_prepare("
|
||||
SELECT BIT_OR(_pu.`{$allowKey}`) &~ BIT_OR(_pu.`{$denyKey}`) | (
|
||||
(
|
||||
SELECT BIT_OR(_pr.`{$allowKey}`) &~ BIT_OR(_pr.`{$denyKey}`) | (
|
||||
(
|
||||
SELECT BIT_OR(_pg.`{$allowKey}`) &~ BIT_OR(_pg.`{$denyKey}`)
|
||||
FROM `msz_permissions` as _pg
|
||||
WHERE _pg.`user_id` IS NULL
|
||||
AND _pg.`role_id` IS NULL
|
||||
) &~ BIT_OR(_pr.`{$overrideKey}`)
|
||||
SELECT :user_id AS `select_user`, (
|
||||
SELECT BIT_OR(`{$allowKey}`) &~ BIT_OR(`{$denyKey}`)
|
||||
FROM `msz_permissions`
|
||||
WHERE (`user_id` = `select_user` AND `role_id` IS NULL)
|
||||
OR (
|
||||
`user_id` IS NULL
|
||||
AND `role_id` IN (
|
||||
SELECT `role_id`
|
||||
FROM `msz_user_roles`
|
||||
WHERE `user_id` = `select_user`
|
||||
)
|
||||
FROM `msz_permissions` as _pr
|
||||
WHERE _pr.`user_id` IS NULL
|
||||
AND _pr.`role_id` IN (
|
||||
SELECT _prr.`role_id`
|
||||
FROM `msz_user_roles` as _pru
|
||||
LEFT JOIN `msz_roles` as _prr
|
||||
ON _prr.`role_id` = _pru.`role_id`
|
||||
WHERE _pru.`user_id` = :user_id_2
|
||||
ORDER BY _prr.`role_hierarchy`
|
||||
)
|
||||
) &~ BIT_OR(_pu.`{$overrideKey}`)
|
||||
)
|
||||
)
|
||||
FROM `msz_permissions` as _pu
|
||||
WHERE _pu.`user_id` = :user_id_1
|
||||
AND _pu.`role_id` IS NULL
|
||||
");
|
||||
$getPerms->bindValue('user_id_1', $user);
|
||||
$getPerms->bindValue('user_id_2', $user);
|
||||
return $getPerms->execute() ? (int)$getPerms->fetchColumn() : 0;
|
||||
$getPerms->bindValue('user_id', $user);
|
||||
return $getPerms->execute() ? (int)$getPerms->fetchColumn(1) : 0;
|
||||
}
|
||||
|
||||
function perms_get_role(string $prefix, int $role): int
|
||||
|
|
|
|||
|
|
@ -14,9 +14,8 @@
|
|||
{% endfor %}
|
||||
{% endmacro %}
|
||||
|
||||
{% macro permissions_table(permissions, display_override) %}
|
||||
{% macro permissions_table(permissions) %}
|
||||
{% from '_layout/input.twig' import input_checkbox %}
|
||||
{% set display_override = display_override|default(false) %}
|
||||
|
||||
<div class="permissions">
|
||||
{% for perms in permissions %}
|
||||
|
|
@ -33,11 +32,6 @@
|
|||
<div class="permissions__choice">
|
||||
Never
|
||||
</div>
|
||||
{% if display_override %}
|
||||
<div class="permissions__choice">
|
||||
Override
|
||||
</div>
|
||||
{% endif %}
|
||||
</div>
|
||||
|
||||
{% for perm in perms.perms %}
|
||||
|
|
@ -54,11 +48,6 @@
|
|||
<div class="permissions__choice__wrapper">
|
||||
{{ input_checkbox('perms[' ~ perms.section ~ '][' ~ perm.section ~ '][value]', '', perm.value == 'never', 'permissions__choice permissions__choice--radio permissions__choice--never', 'never', true) }}
|
||||
</div>
|
||||
{% if display_override %}
|
||||
<div class="permissions__choice__wrapper">
|
||||
{{ input_checkbox('perms[' ~ perms.section ~ '][' ~ perm.section ~ '][override]', '', perm.override, 'permissions__choice permissions__choice--radio', 'never') }}
|
||||
</div>
|
||||
{% endif %}
|
||||
</div>
|
||||
{% endfor %}
|
||||
{% endfor %}
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue