diff --git a/database/2018_12_28_173507_remove_override_flag.php b/database/2018_12_28_173507_remove_override_flag.php
new file mode 100644
index 00000000..412791d4
--- /dev/null
+++ b/database/2018_12_28_173507_remove_override_flag.php
@@ -0,0 +1,102 @@
+exec("
+ ALTER TABLE `msz_permissions`
+ DROP COLUMN `general_perms_override`,
+ DROP COLUMN `user_perms_override`,
+ DROP COLUMN `changelog_perms_override`,
+ DROP COLUMN `news_perms_override`,
+ DROP COLUMN `forum_perms_override`,
+ DROP COLUMN `comments_perms_override`;
+ ");
+
+ $conn->exec('DROP VIEW `msz_forum_permissions_view`');
+ $conn->exec("
+ CREATE VIEW `msz_forum_permissions_view` AS
+ WITH RECURSIVE permissions(user_id, role_id, forum_id, forum_perms_allow, forum_perms_deny) as (
+ SELECT
+ pp.`user_id`, pp.`role_id`,
+ pc.`forum_id`,
+ IFNULL(pp.`forum_perms_allow`, 0), IFNULL(pp.`forum_perms_deny`, 0)
+ FROM `msz_forum_categories` as pc
+ LEFT JOIN `msz_forum_permissions` as pp
+ ON pp.`forum_id` = pc.`forum_id`
+ GROUP BY `user_id`, `role_id`, `forum_id`
+ UNION ALL
+ SELECT
+ permissions.`user_id`, permissions.`role_id`,
+ cc.`forum_id`,
+ IFNULL(cp.`forum_perms_allow`, 0) | permissions.`forum_perms_allow`,
+ IFNULL(cp.`forum_perms_deny`, 0) | permissions.`forum_perms_deny`
+ FROM `msz_forum_categories` as cc
+ LEFT JOIN `msz_forum_permissions` as cp
+ ON cp.`forum_id` = cc.`forum_id`
+ INNER JOIN permissions
+ ON cc.`forum_parent` = permissions.`forum_id`
+ )
+ SELECT
+ `user_id`, `role_id`, `forum_id`,
+ (BIT_OR(`forum_perms_allow`) &~ BIT_OR(`forum_perms_deny`)) as `forum_perms`
+ FROM permissions
+ GROUP BY `user_id`, `role_id`, `forum_id`
+ ");
+
+ $conn->exec("
+ ALTER TABLE `msz_forum_permissions`
+ DROP COLUMN `forum_perms_override`;
+ ");
+}
+
+function migrate_down(PDO $conn): void
+{
+ $conn->exec("
+ ALTER TABLE `msz_forum_permissions`
+ ADD COLUMN `forum_perms_override` INT(10) UNSIGNED NOT NULL DEFAULT '0' AFTER `forum_perms_deny`;
+ ");
+
+ $conn->exec('DROP VIEW `msz_forum_permissions_view`');
+ $conn->exec("
+ CREATE VIEW `msz_forum_permissions_view` AS
+ WITH RECURSIVE permissions(user_id, role_id, forum_id, forum_perms_allow, forum_perms_deny) as (
+ SELECT
+ pp.`user_id`, pp.`role_id`,
+ pc.`forum_id`,
+ IFNULL(pp.`forum_perms_allow`, 0), IFNULL(pp.`forum_perms_deny`, 0)
+ FROM `msz_forum_categories` as pc
+ LEFT JOIN `msz_forum_permissions` as pp
+ ON pp.`forum_id` = pc.`forum_id`
+ GROUP BY `user_id`, `role_id`, `forum_id`
+ UNION ALL
+ SELECT
+ permissions.`user_id`, permissions.`role_id`,
+ cc.`forum_id`,
+ IFNULL(cp.`forum_perms_allow`, 0) | (permissions.`forum_perms_allow` &~ IFNULL(cp.`forum_perms_override`, 0)),
+ IFNULL(cp.`forum_perms_deny`, 0) | (permissions.`forum_perms_deny` &~ IFNULL(cp.`forum_perms_override`, 0))
+ FROM `msz_forum_categories` as cc
+ LEFT JOIN `msz_forum_permissions` as cp
+ ON cp.`forum_id` = cc.`forum_id`
+ INNER JOIN permissions
+ ON cc.`forum_parent` = permissions.`forum_id`
+ )
+ SELECT
+ `user_id`, `role_id`, `forum_id`,
+ (BIT_OR(`forum_perms_allow`) &~ BIT_OR(`forum_perms_deny`)) as `forum_perms`
+ FROM permissions
+ GROUP BY `user_id`, `role_id`, `forum_id`
+ ");
+
+ $conn->exec("
+ ALTER TABLE `msz_permissions`
+ ADD COLUMN `general_perms_override` INT(10) UNSIGNED NOT NULL DEFAULT '0' AFTER `general_perms_deny`,
+ ADD COLUMN `user_perms_override` INT(10) UNSIGNED NOT NULL DEFAULT '0' AFTER `user_perms_deny`,
+ ADD COLUMN `changelog_perms_override` INT(10) UNSIGNED NOT NULL DEFAULT '0' AFTER `changelog_perms_deny`,
+ ADD COLUMN `news_perms_override` INT(10) UNSIGNED NOT NULL DEFAULT '0' AFTER `news_perms_deny`,
+ ADD COLUMN `forum_perms_override` INT(10) UNSIGNED NOT NULL DEFAULT '0' AFTER `forum_perms_deny`,
+ ADD COLUMN `comments_perms_override` INT(10) UNSIGNED NOT NULL DEFAULT '0' AFTER `comments_perms_deny`;
+ ");
+}
diff --git a/src/manage.php b/src/manage.php
index 43a88666..03857df2 100644
--- a/src/manage.php
+++ b/src/manage.php
@@ -103,7 +103,6 @@ function manage_perms_apply(array $list, array $post): ?array
$allowKey = perms_get_key($section['section'], MSZ_PERMS_ALLOW);
$denyKey = perms_get_key($section['section'], MSZ_PERMS_DENY);
- $overrideKey = perms_get_key($section['section'], MSZ_PERMS_OVERRIDE);
foreach ($section['perms'] as $perm) {
if (empty($post[$section['section']][$perm['section']]['value'])) {
@@ -127,12 +126,6 @@ function manage_perms_apply(array $list, array $post): ?array
$perms[$denyKey] &= ~$perm['perm'];
break;
}
-
- if (!empty($post[$section['section']][$perm['section']]['override'])) {
- $perms[$overrideKey] |= $perm['perm'];
- } else {
- $perms[$overrideKey] &= ~$perm['perm'];
- }
}
}
@@ -155,11 +148,9 @@ function manage_perms_calculate(array $rawPerms, array $perms): array
$section = $perms[$i]['section'];
$allowKey = perms_get_key($section, MSZ_PERMS_ALLOW);
$denyKey = perms_get_key($section, MSZ_PERMS_DENY);
- $overrideKey = perms_get_key($section, MSZ_PERMS_OVERRIDE);
for ($j = 0; $j < count($perms[$i]['perms']); $j++) {
$permission = $perms[$i]['perms'][$j]['perm'];
- $perms[$i]['perms'][$j]['override'] = perms_check($rawPerms[$overrideKey], $permission);
$perms[$i]['perms'][$j]['value'] = manage_perms_value($permission, $rawPerms[$allowKey], $rawPerms[$denyKey]);
}
}
diff --git a/src/perms.php b/src/perms.php
index e5b66123..ab5300e8 100644
--- a/src/perms.php
+++ b/src/perms.php
@@ -13,10 +13,9 @@ define('MSZ_PERM_MODES', [
define('MSZ_PERMS_ALLOW', 'allow');
define('MSZ_PERMS_DENY', 'deny');
-define('MSZ_PERMS_OVERRIDE', 'override');
define('MSZ_PERM_SETS', [
- MSZ_PERMS_ALLOW, MSZ_PERMS_DENY, MSZ_PERMS_OVERRIDE,
+ MSZ_PERMS_ALLOW, MSZ_PERMS_DENY,
]);
function perms_get_keys(): array
@@ -56,38 +55,24 @@ function perms_get_user(string $prefix, int $user): int
$allowKey = perms_get_key($prefix, MSZ_PERMS_ALLOW);
$denyKey = perms_get_key($prefix, MSZ_PERMS_DENY);
- $overrideKey = perms_get_key($prefix, MSZ_PERMS_OVERRIDE);
$getPerms = db_prepare("
- SELECT BIT_OR(_pu.`{$allowKey}`) &~ BIT_OR(_pu.`{$denyKey}`) | (
- (
- SELECT BIT_OR(_pr.`{$allowKey}`) &~ BIT_OR(_pr.`{$denyKey}`) | (
- (
- SELECT BIT_OR(_pg.`{$allowKey}`) &~ BIT_OR(_pg.`{$denyKey}`)
- FROM `msz_permissions` as _pg
- WHERE _pg.`user_id` IS NULL
- AND _pg.`role_id` IS NULL
- ) &~ BIT_OR(_pr.`{$overrideKey}`)
+ SELECT :user_id AS `select_user`, (
+ SELECT BIT_OR(`{$allowKey}`) &~ BIT_OR(`{$denyKey}`)
+ FROM `msz_permissions`
+ WHERE (`user_id` = `select_user` AND `role_id` IS NULL)
+ OR (
+ `user_id` IS NULL
+ AND `role_id` IN (
+ SELECT `role_id`
+ FROM `msz_user_roles`
+ WHERE `user_id` = `select_user`
)
- FROM `msz_permissions` as _pr
- WHERE _pr.`user_id` IS NULL
- AND _pr.`role_id` IN (
- SELECT _prr.`role_id`
- FROM `msz_user_roles` as _pru
- LEFT JOIN `msz_roles` as _prr
- ON _prr.`role_id` = _pru.`role_id`
- WHERE _pru.`user_id` = :user_id_2
- ORDER BY _prr.`role_hierarchy`
- )
- ) &~ BIT_OR(_pu.`{$overrideKey}`)
+ )
)
- FROM `msz_permissions` as _pu
- WHERE _pu.`user_id` = :user_id_1
- AND _pu.`role_id` IS NULL
");
- $getPerms->bindValue('user_id_1', $user);
- $getPerms->bindValue('user_id_2', $user);
- return $getPerms->execute() ? (int)$getPerms->fetchColumn() : 0;
+ $getPerms->bindValue('user_id', $user);
+ return $getPerms->execute() ? (int)$getPerms->fetchColumn(1) : 0;
}
function perms_get_role(string $prefix, int $role): int
diff --git a/templates/manage/macros.twig b/templates/manage/macros.twig
index 61056578..2c33b640 100644
--- a/templates/manage/macros.twig
+++ b/templates/manage/macros.twig
@@ -14,9 +14,8 @@
{% endfor %}
{% endmacro %}
-{% macro permissions_table(permissions, display_override) %}
+{% macro permissions_table(permissions) %}
{% from '_layout/input.twig' import input_checkbox %}
- {% set display_override = display_override|default(false) %}
{% for perms in permissions %}
@@ -33,11 +32,6 @@
Never
- {% if display_override %}
-
- Override
-
- {% endif %}
{{ input_checkbox('perms[' ~ perms.section ~ '][' ~ perm.section ~ '][value]', '', perm.value == 'never', 'permissions__choice permissions__choice--radio permissions__choice--never', 'never', true) }}
- {% if display_override %}
-
- {{ input_checkbox('perms[' ~ perms.section ~ '][' ~ perm.section ~ '][override]', '', perm.override, 'permissions__choice permissions__choice--radio', 'never') }}
-
- {% endif %}
{% endfor %}
{% endfor %}