diff --git a/assets/less/manage/classes/permissions.less b/assets/less/manage/classes/permissions.less
new file mode 100644
index 00000000..05d63e31
--- /dev/null
+++ b/assets/less/manage/classes/permissions.less
@@ -0,0 +1,54 @@
+.permissions {
+ display: flex;
+ flex-direction: column;
+ margin-bottom: 4px;
+
+ &__line {
+ display: flex;
+ font-size: 1.1em;
+ line-height: 1.4em;
+
+ &--header {
+ font-size: 1.2em;
+ line-height: 1.5em;
+ border-bottom: 1px solid #333;
+ padding-bottom: 1px;
+
+ &:not(:first-child) {
+ margin-top: 4px;
+ }
+ }
+ }
+
+ &__title {
+ flex: 1 1 auto;
+ padding: 4px;
+ }
+
+ &__input {
+ cursor: pointer;
+ }
+
+ &__choice {
+ width: 100px;
+ text-align: center;
+ padding: 4px;
+
+ &--radio {
+ cursor: pointer;
+ border-left: 1px solid #333;
+ }
+
+ &--yes:hover {
+ background-color: #0a0;
+ }
+
+ &--no:hover {
+ background-color: #a00;
+ }
+
+ &--never:hover {
+ background-color: #400;
+ }
+ }
+}
diff --git a/assets/less/manage/main.less b/assets/less/manage/main.less
index a46c181c..348b303c 100644
--- a/assets/less/manage/main.less
+++ b/assets/less/manage/main.less
@@ -30,6 +30,7 @@ body {
@import "classes/pagination";
@import "classes/user-listing";
+@import "classes/permissions";
@import "classes/changelog-change";
@import "classes/changelog-tags";
diff --git a/database/2018_07_08_212121_initial_permissions_table.php b/database/2018_07_08_212121_initial_permissions_table.php
new file mode 100644
index 00000000..1b2eab8f
--- /dev/null
+++ b/database/2018_07_08_212121_initial_permissions_table.php
@@ -0,0 +1,39 @@
+exec("
+ CREATE TABLE `msz_permissions` (
+ `user_id` INT(10) UNSIGNED NULL DEFAULT NULL,
+ `role_id` INT(10) UNSIGNED NULL DEFAULT NULL,
+ `user_perms_allow` INT(10) UNSIGNED NOT NULL DEFAULT '0',
+ `user_perms_deny` INT(10) UNSIGNED NOT NULL DEFAULT '0',
+ `changelog_perms_allow` INT(10) UNSIGNED NOT NULL DEFAULT '0',
+ `changelog_perms_deny` INT(10) UNSIGNED NOT NULL DEFAULT '0',
+ `news_perms_allow` INT(10) UNSIGNED NOT NULL DEFAULT '0',
+ `news_perms_deny` INT(10) UNSIGNED NOT NULL DEFAULT '0',
+ UNIQUE INDEX `user_id` (`user_id`),
+ UNIQUE INDEX `role_id` (`role_id`),
+ CONSTRAINT `role_id_foreign`
+ FOREIGN KEY (`role_id`)
+ REFERENCES `msz_roles` (`role_id`)
+ ON UPDATE CASCADE
+ ON DELETE CASCADE,
+ CONSTRAINT `user_id_foreign`
+ FOREIGN KEY (`user_id`)
+ REFERENCES `msz_users` (`user_id`)
+ ON UPDATE CASCADE
+ ON DELETE CASCADE
+ )
+ ");
+}
+
+function migrate_down(PDO $conn): void
+{
+ $conn->exec('DROP TABLE `msz_permissions`');
+}
diff --git a/misuzu.php b/misuzu.php
index 45139bb3..b5fd5532 100644
--- a/misuzu.php
+++ b/misuzu.php
@@ -7,6 +7,7 @@ require_once __DIR__ . '/vendor/autoload.php';
require_once __DIR__ . '/src/changelog.php';
require_once __DIR__ . '/src/colour.php';
require_once __DIR__ . '/src/manage.php';
+require_once __DIR__ . '/src/news.php';
require_once __DIR__ . '/src/perms.php';
require_once __DIR__ . '/src/zalgo.php';
require_once __DIR__ . '/src/Forum/forum.php';
@@ -82,7 +83,7 @@ if (PHP_SAPI !== 'cli') {
}
$inManageMode = starts_with($_SERVER['REQUEST_URI'], '/manage');
- $hasManageAccess = perms_check(perms_get_user(MSZ_PERMS_USER, $app->getUserId()), MSZ_PERM_MANAGE);
+ $hasManageAccess = perms_check(perms_get_user(MSZ_PERMS_USER, $app->getUserId()), MSZ_USER_PERM_CAN_MANAGE);
$tpl->var('has_manage_access', $hasManageAccess);
if ($inManageMode) {
diff --git a/public/manage/changelog.php b/public/manage/changelog.php
index 1e201ce7..1f1ef6c3 100644
--- a/public/manage/changelog.php
+++ b/public/manage/changelog.php
@@ -12,7 +12,7 @@ $queryOffset = (int)($_GET['o'] ?? 0);
switch ($_GET['v'] ?? null) {
case 'changes':
- if (!perms_check($changelogPerms, MSZ_CHANGELOG_MANAGE_CHANGES)) {
+ if (!perms_check($changelogPerms, MSZ_CHANGELOG_PERM_MANAGE_CHANGES)) {
echo render_error(403);
break;
}
@@ -67,7 +67,7 @@ switch ($_GET['v'] ?? null) {
break;
case 'change':
- if (!perms_check($changelogPerms, MSZ_CHANGELOG_MANAGE_CHANGES)) {
+ if (!perms_check($changelogPerms, MSZ_CHANGELOG_PERM_MANAGE_CHANGES)) {
echo render_error(403);
break;
}
@@ -191,7 +191,7 @@ switch ($_GET['v'] ?? null) {
break;
case 'tags':
- if (!perms_check($changelogPerms, MSZ_CHANGELOG_MANAGE_TAGS)) {
+ if (!perms_check($changelogPerms, MSZ_CHANGELOG_PERM_MANAGE_TAGS)) {
echo render_error(403);
break;
}
@@ -228,7 +228,7 @@ switch ($_GET['v'] ?? null) {
break;
case 'tag':
- if (!perms_check($changelogPerms, MSZ_CHANGELOG_MANAGE_TAGS)) {
+ if (!perms_check($changelogPerms, MSZ_CHANGELOG_PERM_MANAGE_TAGS)) {
echo render_error(403);
break;
}
@@ -289,7 +289,7 @@ switch ($_GET['v'] ?? null) {
break;
case 'actions':
- if (!perms_check($changelogPerms, MSZ_CHANGELOG_MANAGE_ACTIONS)) {
+ if (!perms_check($changelogPerms, MSZ_CHANGELOG_PERM_MANAGE_ACTIONS)) {
echo render_error(403);
break;
}
@@ -326,7 +326,7 @@ switch ($_GET['v'] ?? null) {
break;
case 'action':
- if (!perms_check($changelogPerms, MSZ_CHANGELOG_MANAGE_ACTIONS)) {
+ if (!perms_check($changelogPerms, MSZ_CHANGELOG_PERM_MANAGE_ACTIONS)) {
echo render_error(403);
break;
}
diff --git a/public/manage/users.php b/public/manage/users.php
index b153c3f6..992ba6bd 100644
--- a/public/manage/users.php
+++ b/public/manage/users.php
@@ -4,16 +4,22 @@ use Misuzu\Database;
require_once __DIR__ . '/../../misuzu.php';
$db = Database::connection();
-$templating = $app->getTemplating();
+$tpl = $app->getTemplating();
$userPerms = perms_get_user(MSZ_PERMS_USER, $app->getUserId());
$isPostRequest = $_SERVER['REQUEST_METHOD'] === 'POST';
$queryQffset = (int)($_GET['o'] ?? 0);
+$tpl->vars([
+ 'can_manage_users' => $canManageUsers = perms_check($userPerms, MSZ_USER_PERM_MANAGE_USERS),
+ 'can_manage_roles' => $canManageRoles = perms_check($userPerms, MSZ_USER_PERM_MANAGE_ROLES),
+ 'can_manage_perms' => $canManagePerms = perms_check($userPerms, MSZ_USER_PERM_MANAGE_PERMS),
+]);
+
switch ($_GET['v'] ?? null) {
case 'listing':
- if (!perms_check($userPerms, MSZ_PERM_MANAGE_USERS)) {
+ if (!$canManageUsers && !$canManagePerms) {
echo render_error(403);
break;
}
@@ -38,17 +44,17 @@ switch ($_GET['v'] ?? null) {
$getManageUsers->bindValue('take', $usersTake);
$manageUsers = $getManageUsers->execute() ? $getManageUsers->fetchAll() : [];
- $templating->vars([
+ $tpl->vars([
'manage_users' => $manageUsers,
'manage_users_count' => $manageUsersCount,
'manage_users_range' => $usersTake,
'manage_users_offset' => $queryQffset,
]);
- echo $templating->render('@manage.users.listing');
+ echo $tpl->render('@manage.users.listing');
break;
case 'view':
- if (!perms_check($userPerms, MSZ_PERM_MANAGE_USERS)) {
+ if (!$canManageUsers && !$canManagePerms) {
echo render_error(403);
break;
}
@@ -104,22 +110,62 @@ switch ($_GET['v'] ?? null) {
$getAvailableRoles->bindValue('user_id', $manageUser['user_id']);
$availableRoles = $getAvailableRoles->execute() ? $getAvailableRoles->fetchAll() : [];
+ if ($canManagePerms) {
+ $tpl->var('permissions', $permissions = manage_perms_list(perms_get_user_raw($userId)));
+ }
+
if ($isPostRequest) {
if (!tmp_csrf_verify($_POST['csrf'] ?? '')) {
echo 'csrf err';
break;
}
- if (isset($_POST['avatar'])) {
- switch ($_POST['avatar']['mode'] ?? '') {
- case 'delete':
- user_avatar_delete($manageUser['user_id']);
- break;
+ if (!empty($_POST['user']) && is_array($_POST['user'])
+ && user_validate_username($_POST['user']['username']) === ''
+ && user_validate_email($_POST['user']['email']) === '') {
+ $updateUserDetails = $db->prepare('
+ UPDATE `msz_users`
+ SET `username` = :username,
+ `email` = LOWER(:email),
+ `user_title` = :title
+ WHERE `user_id` = :user_id
+ ');
+ $updateUserDetails->bindValue('username', $_POST['user']['username']);
+ $updateUserDetails->bindValue('email', $_POST['user']['email']);
+ $updateUserDetails->bindValue(
+ 'title',
+ strlen($_POST['user']['title'])
+ ? $_POST['user']['title']
+ : null
+ );
+ $updateUserDetails->bindValue('user_id', $userId);
+ $updateUserDetails->execute();
+ }
- case 'upload':
- user_avatar_set_from_path($manageUser['user_id'], $_FILES['avatar']['tmp_name']['file']);
- break;
- }
+ if (!empty($_POST['avatar']) && !empty($_POST['avatar']['delete'])) {
+ user_avatar_delete($manageUser['user_id']);
+ } elseif (!empty($_FILES['avatar'])) {
+ user_avatar_set_from_path($manageUser['user_id'], $_FILES['avatar']['tmp_name']['file']);
+ }
+
+ if (!empty($_POST['password'])
+ && is_array($_POST['password'])
+ && !empty($_POST['password']['new'])
+ && !empty($_POST['password']['confirm'])
+ && user_validate_password($_POST['password']['new']) === ''
+ && $_POST['password']['new'] === $_POST['password']['confirm']) {
+ $updatePassword = $db->prepare('
+ UPDATE `msz_users`
+ SET `password` = :password
+ WHERE `user_id` = :user_id
+ ');
+ $updatePassword->bindValue('password', user_password_hash($_POST['password']['new']));
+ $updatePassword->bindValue('user_id', $userId);
+ $updatePassword->execute();
+ }
+
+ if (!empty($_POST['profile']) && is_array($_POST['profile'])) {
+ user_profile_fields_set($userId, $_POST['profile']);
}
if (isset($_POST['add_role'])) {
@@ -140,26 +186,55 @@ switch ($_GET['v'] ?? null) {
}
}
+ if (!empty($permissions) && !empty($_POST['perms']) && is_array($_POST['perms'])) {
+ $perms = manage_perms_apply($permissions, $_POST['perms']);
+
+ if ($perms !== null) {
+ $permKeys = array_keys($perms);
+ $setPermissions = $db->prepare('
+ REPLACE INTO `msz_permissions`
+ (`role_id`, `user_id`, `' . implode('`, `', $permKeys) . '`)
+ VALUES
+ (NULL, :user_id, :' . implode(', :', $permKeys) . ')
+ ');
+ $setPermissions->bindValue('user_id', $userId);
+
+ foreach ($perms as $key => $value) {
+ $setPermissions->bindValue($key, $value);
+ }
+
+ $setPermissions->execute();
+ } else {
+ $deletePermissions = $db->prepare('
+ DELETE FROM `msz_permissions`
+ WHERE `role_id` IS NULL
+ AND `user_id` = :user_id
+ ');
+ $deletePermissions->bindValue('user_id', $userId);
+ $deletePermissions->execute();
+ }
+ }
+
header("Location: ?v=view&u={$manageUser['user_id']}");
break;
}
- $templating->vars([
+ $tpl->vars([
'available_roles' => $availableRoles,
'has_roles' => $hasRoles,
'view_user' => $manageUser,
+ 'profile_fields' => user_profile_fields_get(),
]);
- echo $templating->render('@manage.users.view');
+ echo $tpl->render('@manage.users.view');
break;
case 'roles':
- if (!perms_check($userPerms, MSZ_PERM_MANAGE_ROLES)) {
+ if (!$canManageRoles && !$canManagePerms) {
echo render_error(403);
break;
}
$rolesTake = 10;
-
$manageRolesCount = $db->query('
SELECT COUNT(`role_id`)
FROM `msz_roles`
@@ -180,23 +255,27 @@ switch ($_GET['v'] ?? null) {
$getManageRoles->bindValue('take', $rolesTake);
$manageRoles = $getManageRoles->execute() ? $getManageRoles->fetchAll() : [];
- $templating->vars([
+ $tpl->vars([
'manage_roles' => $manageRoles,
'manage_roles_count' => $manageRolesCount,
'manage_roles_range' => $rolesTake,
'manage_roles_offset' => $queryQffset,
]);
- echo $templating->render('@manage.users.roles');
+ echo $tpl->render('@manage.users.roles');
break;
case 'role':
- if (!perms_check($userPerms, MSZ_PERM_MANAGE_ROLES)) {
+ if (!$canManageRoles && !$canManagePerms) {
echo render_error(403);
break;
}
$roleId = $_GET['r'] ?? null;
+ if ($canManagePerms) {
+ $tpl->var('permissions', $permissions = manage_perms_list(perms_get_role_raw($roleId)));
+ }
+
if ($isPostRequest) {
if (!tmp_csrf_verify($_POST['csrf'] ?? '')) {
echo 'csrf err';
@@ -243,28 +322,53 @@ switch ($_GET['v'] ?? null) {
}
}
- $roleDescription = $_POST['role']['description'] ?? '';
+ $roleDescription = $_POST['role']['description'] ?? null;
+ $roleTitle = $_POST['role']['title'] ?? null;
- if (strlen($roleDescription) > 1000) {
- echo 'description is too long';
- break;
+ if ($roleDescription !== null) {
+ $rdLength = strlen($roleDescription);
+
+ if ($rdLength < 1) {
+ $roleDescription = null;
+ } elseif ($rdLength > 1000) {
+ echo 'description is too long';
+ break;
+ }
+ }
+
+ if ($roleTitle !== null) {
+ $rtLength = strlen($roleTitle);
+
+ if ($rtLength < 1) {
+ $roleTitle = null;
+ } elseif ($rtLength > 64) {
+ echo 'title is too long';
+ break;
+ }
}
if ($roleId < 1) {
$updateRole = $db->prepare('
INSERT INTO `msz_roles`
- (`role_name`, `role_hierarchy`, `role_secret`, `role_colour`, `role_description`, `created_at`)
+ (
+ `role_name`, `role_hierarchy`, `role_secret`, `role_colour`,
+ `role_description`, `created_at`, `role_title`
+ )
VALUES
- (:role_name, :role_hierarchy, :role_secret, :role_colour, :role_description, NOW())
+ (
+ :role_name, :role_hierarchy, :role_secret, :role_colour,
+ :role_description, NOW(), :role_title
+ )
');
} else {
$updateRole = $db->prepare('
- UPDATE `msz_roles` SET
- `role_name` = :role_name,
- `role_hierarchy` = :role_hierarchy,
- `role_secret` = :role_secret,
- `role_colour` = :role_colour,
- `role_description` = :role_description
+ UPDATE `msz_roles`
+ SET `role_name` = :role_name,
+ `role_hierarchy` = :role_hierarchy,
+ `role_secret` = :role_secret,
+ `role_colour` = :role_colour,
+ `role_description` = :role_description,
+ `role_title` = :role_title
WHERE `role_id` = :role_id
');
$updateRole->bindValue('role_id', $roleId);
@@ -275,12 +379,42 @@ switch ($_GET['v'] ?? null) {
$updateRole->bindValue('role_secret', $roleSecret ? 1 : 0);
$updateRole->bindValue('role_colour', $roleColour);
$updateRole->bindValue('role_description', $roleDescription);
+ $updateRole->bindValue('role_title', $roleTitle);
$updateRole->execute();
if ($roleId < 1) {
$roleId = (int)$db->lastInsertId();
}
+ if (!empty($permissions) && !empty($_POST['perms']) && is_array($_POST['perms'])) {
+ $perms = manage_perms_apply($permissions, $_POST['perms']);
+
+ if ($perms !== null) {
+ $permKeys = array_keys($perms);
+ $setPermissions = $db->prepare('
+ REPLACE INTO `msz_permissions`
+ (`role_id`, `user_id`, `' . implode('`, `', $permKeys) . '`)
+ VALUES
+ (:role_id, NULL, :' . implode(', :', $permKeys) . ')
+ ');
+ $setPermissions->bindValue('role_id', $roleId);
+
+ foreach ($perms as $key => $value) {
+ $setPermissions->bindValue($key, $value);
+ }
+
+ $setPermissions->execute();
+ } else {
+ $deletePermissions = $db->prepare('
+ DELETE FROM `msz_permissions`
+ WHERE `role_id` = :role_id
+ AND `user_id` IS NULL
+ ');
+ $deletePermissions->bindValue('role_id', $roleId);
+ $deletePermissions->execute();
+ }
+ }
+
header("Location: ?v=role&r={$roleId}");
break;
}
@@ -304,9 +438,9 @@ switch ($_GET['v'] ?? null) {
break;
}
- $templating->vars(['edit_role' => $editRole]);
+ $tpl->vars(['edit_role' => $editRole]);
}
- echo $templating->render('@manage.users.roles_create');
+ echo $tpl->render('@manage.users.roles_create');
break;
}
diff --git a/public/settings.php b/public/settings.php
index 4d03407a..e5e83dd6 100644
--- a/public/settings.php
+++ b/public/settings.php
@@ -15,11 +15,11 @@ $userPerms = perms_get_user(MSZ_PERMS_USER, $app->getUserId());
$settingsModes = [
'account' => [
'title' => 'Account',
- 'allow' => perms_check($userPerms, MSZ_PERM_EDIT_PROFILE),
+ 'allow' => perms_check($userPerms, MSZ_USER_PERM_EDIT_PROFILE),
],
'avatar' => [
'title' => 'Avatar',
- 'allow' => perms_check($userPerms, MSZ_PERM_CHANGE_AVATAR),
+ 'allow' => perms_check($userPerms, MSZ_USER_PERM_CHANGE_AVATAR),
],
'sessions' => [
'title' => 'Sessions',
diff --git a/src/Users/user.php b/src/Users/user.php
index b6ff5917..822c1c7f 100644
--- a/src/Users/user.php
+++ b/src/Users/user.php
@@ -3,16 +3,16 @@ use Misuzu\Application;
use Misuzu\Database;
use Misuzu\IO\File;
-define('MSZ_PERM_EDIT_PROFILE', 1);
-define('MSZ_PERM_CHANGE_AVATAR', 1 << 1);
+define('MSZ_USER_PERM_EDIT_PROFILE', 1);
+define('MSZ_USER_PERM_CHANGE_AVATAR', 1 << 1);
-define('MSZ_PERM_MANAGE', 1 << 20);
-define('MSZ_PERM_MANAGE_USERS', 1 << 21);
-define('MSZ_PERM_MANAGE_ROLES', 1 << 22);
-define('MSZ_PERM_MANAGE_PERMS', 1 << 23);
-define('MSZ_PERM_MANAGE_REPORTS', 1 << 24);
-define('MSZ_PERM_MANAGE_RESTRICTIONS', 1 << 25);
-define('MSZ_PERM_MANAGE_BLACKLISTS', 1 << 26);
+define('MSZ_USER_PERM_CAN_MANAGE', 1 << 19);
+define('MSZ_USER_PERM_MANAGE_USERS', 1 << 20);
+define('MSZ_USER_PERM_MANAGE_ROLES', 1 << 21);
+define('MSZ_USER_PERM_MANAGE_PERMS', 1 << 22);
+define('MSZ_USER_PERM_MANAGE_REPORTS', 1 << 23);
+define('MSZ_USER_PERM_MANAGE_RESTRICTIONS', 1 << 24);
+define('MSZ_USER_PERM_MANAGE_BLACKLISTS', 1 << 25);
define('MSZ_USERS_PASSWORD_HASH_ALGO', PASSWORD_ARGON2I);
diff --git a/src/changelog.php b/src/changelog.php
index 64a47900..c27e57a1 100644
--- a/src/changelog.php
+++ b/src/changelog.php
@@ -1,9 +1,12 @@
'/manage/index.php?v=settings',
];
- $canUsers = perms_check($userPerms, MSZ_PERM_MANAGE_USERS);
- $canRoles = perms_check($userPerms, MSZ_PERM_MANAGE_ROLES);
- $canPerms = perms_check($userPerms, MSZ_PERM_MANAGE_PERMS);
- $canReports = perms_check($userPerms, MSZ_PERM_MANAGE_REPORTS);
- $canRestricts = perms_check($userPerms, MSZ_PERM_MANAGE_RESTRICTIONS);
- $canBlacklists = perms_check($userPerms, MSZ_PERM_MANAGE_BLACKLISTS);
+ $canUsers = perms_check($userPerms, MSZ_USER_PERM_MANAGE_USERS);
+ $canRoles = perms_check($userPerms, MSZ_USER_PERM_MANAGE_ROLES);
+ $canPerms = perms_check($userPerms, MSZ_USER_PERM_MANAGE_PERMS);
+ $canReports = perms_check($userPerms, MSZ_USER_PERM_MANAGE_REPORTS);
+ $canRestricts = perms_check($userPerms, MSZ_USER_PERM_MANAGE_RESTRICTIONS);
+ $canBlacklists = perms_check($userPerms, MSZ_USER_PERM_MANAGE_BLACKLISTS);
if ($canUsers || $canRoles || $canPerms
|| $canReports || $canRestricts || $canBlacklists) {
$menu['Users'] = [];
- if ($canUsers) {
+ if ($canUsers || $canPerms) {
$menu['Users']['Listing'] = '/manage/users.php?v=listing';
}
if ($canRoles || $canPerms) {
- $menu['Users'][] = '_';
-
- if ($canRoles) {
- $menu['Users']['Roles'] = '/manage/users.php?v=roles';
- }
-
- if ($canPerms) {
- $menu['Users']['Permissions'] = '/manage/users.php?v=permissions';
- }
+ $menu['Users']['Roles'] = '/manage/users.php?v=roles';
}
if ($canReports || $canRestricts || $canBlacklists) {
@@ -69,9 +61,9 @@ function manage_get_menu(int $userId): array
'Settings' => '/manage/forums.php?v=settings',
];*/
- $canChanges = perms_check($changelogPerms, MSZ_CHANGELOG_MANAGE_CHANGES);
- $canChangeTags = perms_check($changelogPerms, MSZ_CHANGELOG_MANAGE_TAGS);
- $canChangeActions = perms_check($changelogPerms, MSZ_CHANGELOG_MANAGE_ACTIONS);
+ $canChanges = perms_check($changelogPerms, MSZ_CHANGELOG_PERM_MANAGE_CHANGES);
+ $canChangeTags = perms_check($changelogPerms, MSZ_CHANGELOG_PERM_MANAGE_TAGS);
+ $canChangeActions = perms_check($changelogPerms, MSZ_CHANGELOG_PERM_MANAGE_ACTIONS);
if ($canChanges || $canChangeTags || $canChangeActions) {
$menu['Changelog'] = [];
@@ -91,3 +83,291 @@ function manage_get_menu(int $userId): array
return $menu;
}
+
+function manage_perms_value(int $perm, int $allow, int $deny): string
+{
+ if (perms_check($deny, $perm)) {
+ return 'never';
+ }
+
+ if (perms_check($allow, $perm)) {
+ return 'yes';
+ }
+
+ return 'no';
+}
+
+function manage_perms_apply(array $list, array $post): ?array
+{
+ $perms = perms_create();
+
+ foreach ($list as $section) {
+ if (empty($post[$section['section']])
+ || !is_array($post[$section['section']])) {
+ continue;
+ }
+
+ $allowKey = perms_get_key($section['section'], 'allow');
+ $denyKey = perms_get_key($section['section'], 'deny');
+
+ foreach ($section['perms'] as $perm) {
+ if (empty($post[$section['section']][$perm['section']])) {
+ continue;
+ }
+
+ switch ($post[$section['section']][$perm['section']]) {
+ case 'yes':
+ $perms[$allowKey] |= $perm['perm'];
+ $perms[$denyKey] &= ~$perm['perm'];
+ break;
+
+ case 'never':
+ $perms[$allowKey] &= ~$perm['perm'];
+ $perms[$denyKey] |= $perm['perm'];
+ break;
+
+ case 'no':
+ default:
+ $perms[$allowKey] &= ~$perm['perm'];
+ $perms[$denyKey] &= ~$perm['perm'];
+ break;
+ }
+ }
+ }
+
+ $returnNothing = 0;
+
+ foreach ($perms as $perm) {
+ $returnNothing |= $perm;
+ }
+
+ if ($returnNothing === 0) {
+ return null;
+ }
+
+ return $perms;
+}
+
+function manage_perms_list(array $rawPerms): array
+{
+ return [
+ [
+ 'section' => 'user',
+ 'title' => 'User',
+ 'perms' => [
+ [
+ 'section' => 'edit-profile',
+ 'title' => 'Can edit own profile.',
+ 'perm' => MSZ_USER_PERM_EDIT_PROFILE,
+ 'value' => manage_perms_value(
+ MSZ_USER_PERM_EDIT_PROFILE,
+ $rawPerms['user_perms_allow'],
+ $rawPerms['user_perms_deny']
+ ),
+ ],
+ [
+ 'section' => 'change-avatar',
+ 'title' => 'Can change own avatar.',
+ 'perm' => MSZ_USER_PERM_CHANGE_AVATAR,
+ 'value' => manage_perms_value(
+ MSZ_USER_PERM_CHANGE_AVATAR,
+ $rawPerms['user_perms_allow'],
+ $rawPerms['user_perms_deny']
+ ),
+ ],
+ [
+ 'section' => 'can-manage',
+ 'title' => 'Can access the management panel.',
+ 'perm' => MSZ_USER_PERM_CAN_MANAGE,
+ 'value' => manage_perms_value(
+ MSZ_USER_PERM_CAN_MANAGE,
+ $rawPerms['user_perms_allow'],
+ $rawPerms['user_perms_deny']
+ ),
+ ],
+ [
+ 'section' => 'manage-users',
+ 'title' => 'Can manage other users.',
+ 'perm' => MSZ_USER_PERM_MANAGE_USERS,
+ 'value' => manage_perms_value(
+ MSZ_USER_PERM_MANAGE_USERS,
+ $rawPerms['user_perms_allow'],
+ $rawPerms['user_perms_deny']
+ ),
+ ],
+ [
+ 'section' => 'manage-roles',
+ 'title' => 'Can manage roles.',
+ 'perm' => MSZ_USER_PERM_MANAGE_ROLES,
+ 'value' => manage_perms_value(
+ MSZ_USER_PERM_MANAGE_ROLES,
+ $rawPerms['user_perms_allow'],
+ $rawPerms['user_perms_deny']
+ ),
+ ],
+ [
+ 'section' => 'manage-perms',
+ 'title' => 'Can manage permissions.',
+ 'perm' => MSZ_USER_PERM_MANAGE_PERMS,
+ 'value' => manage_perms_value(
+ MSZ_USER_PERM_MANAGE_PERMS,
+ $rawPerms['user_perms_allow'],
+ $rawPerms['user_perms_deny']
+ ),
+ ],
+ [
+ 'section' => 'manage-reports',
+ 'title' => 'Can handle reports.',
+ 'perm' => MSZ_USER_PERM_MANAGE_REPORTS,
+ 'value' => manage_perms_value(
+ MSZ_USER_PERM_MANAGE_REPORTS,
+ $rawPerms['user_perms_allow'],
+ $rawPerms['user_perms_deny']
+ ),
+ ],
+ [
+ 'section' => 'manage-restrictions',
+ 'title' => 'Can manage restrictions.',
+ 'perm' => MSZ_USER_PERM_MANAGE_RESTRICTIONS,
+ 'value' => manage_perms_value(
+ MSZ_USER_PERM_MANAGE_RESTRICTIONS,
+ $rawPerms['user_perms_allow'],
+ $rawPerms['user_perms_deny']
+ ),
+ ],
+ [
+ 'section' => 'manage-blacklistings',
+ 'title' => 'Can manage blacklistings.',
+ 'perm' => MSZ_USER_PERM_MANAGE_BLACKLISTS,
+ 'value' => manage_perms_value(
+ MSZ_USER_PERM_MANAGE_BLACKLISTS,
+ $rawPerms['user_perms_allow'],
+ $rawPerms['user_perms_deny']
+ ),
+ ],
+ ],
+ ],
+ [
+ 'section' => 'news',
+ 'title' => 'News',
+ 'perms' => [
+ [
+ 'section' => 'manage-posts',
+ 'title' => 'Can manage posts.',
+ 'perm' => MSZ_NEWS_PERM_MANAGE_POSTS,
+ 'value' => manage_perms_value(
+ MSZ_NEWS_PERM_MANAGE_POSTS,
+ $rawPerms['news_perms_allow'],
+ $rawPerms['news_perms_deny']
+ ),
+ ],
+ [
+ 'section' => 'manage-cats',
+ 'title' => 'Can manage catagories.',
+ 'perm' => MSZ_NEWS_PERM_MANAGE_CATEGORIES,
+ 'value' => manage_perms_value(
+ MSZ_NEWS_PERM_MANAGE_CATEGORIES,
+ $rawPerms['news_perms_allow'],
+ $rawPerms['news_perms_deny']
+ ),
+ ],
+ [
+ 'section' => 'comments-delete',
+ 'title' => 'Can delete comments from others.',
+ 'perm' => MSZ_NEWS_PERM_DELETE_COMMENTS,
+ 'value' => manage_perms_value(
+ MSZ_NEWS_PERM_DELETE_COMMENTS,
+ $rawPerms['news_perms_allow'],
+ $rawPerms['news_perms_deny']
+ ),
+ ],
+ [
+ 'section' => 'comments-edit',
+ 'title' => 'Can edit comments from others.',
+ 'perm' => MSZ_NEWS_PERM_EDIT_COMMENTS,
+ 'value' => manage_perms_value(
+ MSZ_NEWS_PERM_EDIT_COMMENTS,
+ $rawPerms['news_perms_allow'],
+ $rawPerms['news_perms_deny']
+ ),
+ ],
+ [
+ 'section' => 'comments-pin',
+ 'title' => 'Can pin comments.',
+ 'perm' => MSZ_NEWS_PERM_PIN_COMMENTS,
+ 'value' => manage_perms_value(
+ MSZ_NEWS_PERM_PIN_COMMENTS,
+ $rawPerms['news_perms_allow'],
+ $rawPerms['news_perms_deny']
+ ),
+ ],
+ ],
+ ],
+ [
+ 'section' => 'changelog',
+ 'title' => 'Changelog',
+ 'perms' => [
+ [
+ 'section' => 'manage-changes',
+ 'title' => 'Can manage changes.',
+ 'perm' => MSZ_CHANGELOG_PERM_MANAGE_CHANGES,
+ 'value' => manage_perms_value(
+ MSZ_CHANGELOG_PERM_MANAGE_CHANGES,
+ $rawPerms['changelog_perms_allow'],
+ $rawPerms['changelog_perms_deny']
+ ),
+ ],
+ [
+ 'section' => 'manage-tags',
+ 'title' => 'Can manage tags.',
+ 'perm' => MSZ_CHANGELOG_PERM_MANAGE_TAGS,
+ 'value' => manage_perms_value(
+ MSZ_CHANGELOG_PERM_MANAGE_TAGS,
+ $rawPerms['changelog_perms_allow'],
+ $rawPerms['changelog_perms_deny']
+ ),
+ ],
+ [
+ 'section' => 'manage-actions',
+ 'title' => 'Can manage action types.',
+ 'perm' => MSZ_CHANGELOG_PERM_MANAGE_ACTIONS,
+ 'value' => manage_perms_value(
+ MSZ_CHANGELOG_PERM_MANAGE_ACTIONS,
+ $rawPerms['changelog_perms_allow'],
+ $rawPerms['changelog_perms_deny']
+ ),
+ ],
+ [
+ 'section' => 'comments-delete',
+ 'title' => 'Can delete comments from others.',
+ 'perm' => MSZ_CHANGELOG_PERM_DELETE_COMMENTS,
+ 'value' => manage_perms_value(
+ MSZ_CHANGELOG_PERM_DELETE_COMMENTS,
+ $rawPerms['changelog_perms_allow'],
+ $rawPerms['changelog_perms_deny']
+ ),
+ ],
+ [
+ 'section' => 'comments-edit',
+ 'title' => 'Can edit comments from others.',
+ 'perm' => MSZ_CHANGELOG_PERM_EDIT_COMMENTS,
+ 'value' => manage_perms_value(
+ MSZ_CHANGELOG_PERM_EDIT_COMMENTS,
+ $rawPerms['changelog_perms_allow'],
+ $rawPerms['changelog_perms_deny']
+ ),
+ ],
+ [
+ 'section' => 'comments-pin',
+ 'title' => 'Can pin comments.',
+ 'perm' => MSZ_CHANGELOG_PERM_PIN_COMMENTS,
+ 'value' => manage_perms_value(
+ MSZ_CHANGELOG_PERM_PIN_COMMENTS,
+ $rawPerms['changelog_perms_allow'],
+ $rawPerms['changelog_perms_deny']
+ ),
+ ],
+ ],
+ ],
+ ];
+}
diff --git a/src/news.php b/src/news.php
new file mode 100644
index 00000000..a3526e43
--- /dev/null
+++ b/src/news.php
@@ -0,0 +1,6 @@
+execute() ? (int)$getPerms->fetchColumn() : 0);
}
+function perms_get_user_raw(int $user): array
+{
+ $emptyPerms = perms_create();
+
+ if ($user < 1) {
+ return $emptyPerms;
+ }
+
+ $getPerms = Database::connection()->prepare('
+ SELECT
+ `' . implode('`, `', perms_get_keys()) . '`
+ FROM `msz_permissions`
+ WHERE `user_id` = :user_id
+ AND `role_id` IS NULL
+ ');
+ $getPerms->bindValue('user_id', $user);
+
+ if (!$getPerms->execute()) {
+ return $emptyPerms;
+ }
+
+ $perms = $getPerms->fetch(PDO::FETCH_ASSOC);
+
+ if (!$perms) {
+ return $emptyPerms;
+ }
+
+ return $perms;
+}
+
+function perms_get_role_raw(int $role): array
+{
+ $emptyPerms = perms_create();
+
+ if ($role < 1) {
+ return $emptyPerms;
+ }
+
+ $getPerms = Database::connection()->prepare("
+ SELECT
+ `' . implode('`, `', perms_get_keys()) . '`
+ FROM `msz_permissions`
+ WHERE `user_id` IS NULL
+ AND `role_id` = :role_id
+ ");
+ $getPerms->bindValue('role_id', $role);
+
+ if (!$getPerms->execute()) {
+ return $emptyPerms;
+ }
+
+ $perms = $getPerms->fetch(PDO::FETCH_ASSOC);
+
+ if (!$perms) {
+ return $emptyPerms;
+ }
+
+ return $perms;
+}
+
function perms_check(int $perms, int $perm): bool
{
return ($perms & $perm) > 0;
diff --git a/views/manage/macros.twig b/views/manage/macros.twig
index 454eadea..2b2990f8 100644
--- a/views/manage/macros.twig
+++ b/views/manage/macros.twig
@@ -91,3 +91,53 @@
{% endif %}
{% endmacro %}
+
+{% macro permissions_table(permissions) %}
+
+ {% for perms in permissions %}
+
+
+ {% for perm in perms.perms %}
+
+ {% endfor %}
+ {% endfor %}
+
{% for role in manage_roles %}
diff --git a/views/manage/users/roles_create.twig b/views/manage/users/roles_create.twig
index 3acc60b6..12813b4d 100644
--- a/views/manage/users/roles_create.twig
+++ b/views/manage/users/roles_create.twig
@@ -1,4 +1,5 @@
{% extends '@manage/users/master.twig' %}
+{% from '@manage/macros.twig' import permissions_table %}
{% block content %}
+
+
Colour
+
-
-
+ {% if can_manage_perms %}
+
+
Permissions
+ {{ permissions_table(permissions) }}
+ {% endif %}
+
+
+
{% endblock %}
diff --git a/views/manage/users/view.twig b/views/manage/users/view.twig
index c95b7ff6..243e78e1 100644
--- a/views/manage/users/view.twig
+++ b/views/manage/users/view.twig
@@ -1,229 +1,183 @@
{% extends '@manage/users/master.twig' %}
+{% from '@manage/macros.twig' import permissions_table %}
{% block content %}
-
-
- Viewing {{ view_user.username }} ({{ view_user.user_id }})
-
+ {% if can_manage_users %}
+