384 lines
12 KiB
PHP
384 lines
12 KiB
PHP
<?php
|
|
define('MSZ_PERMS_ALLOW', 'allow');
|
|
define('MSZ_PERMS_DENY', 'deny');
|
|
|
|
define('MSZ_PERMS_GENERAL', 'general');
|
|
define('MSZ_PERM_GENERAL_CAN_MANAGE', 0x00000001);
|
|
define('MSZ_PERM_GENERAL_VIEW_LOGS', 0x00000002);
|
|
define('MSZ_PERM_GENERAL_MANAGE_EMOTES', 0x00000004);
|
|
define('MSZ_PERM_GENERAL_MANAGE_CONFIG', 0x00000008);
|
|
//define('MSZ_PERM_GENERAL_IS_TESTER', 0x00000010); Has been unused for a while
|
|
//define('MSZ_PERM_GENERAL_MANAGE_BLACKLIST', 0x00000020); Blacklist has been removed for now to reduce overhead and because it was broken(?)
|
|
//define('MSZ_PERM_GENERAL_MANAGE_TWITTER', 0x00000040); Twitter integration has been removed
|
|
|
|
define('MSZ_PERMS_USER', 'user');
|
|
define('MSZ_PERM_USER_EDIT_PROFILE', 0x00000001);
|
|
define('MSZ_PERM_USER_CHANGE_AVATAR', 0x00000002);
|
|
define('MSZ_PERM_USER_CHANGE_BACKGROUND', 0x00000004);
|
|
define('MSZ_PERM_USER_EDIT_ABOUT', 0x00000008);
|
|
define('MSZ_PERM_USER_EDIT_BIRTHDATE', 0x00000010);
|
|
define('MSZ_PERM_USER_EDIT_SIGNATURE', 0x00000020);
|
|
define('MSZ_PERM_USER_MANAGE_USERS', 0x00100000);
|
|
define('MSZ_PERM_USER_MANAGE_ROLES', 0x00200000);
|
|
define('MSZ_PERM_USER_MANAGE_PERMS', 0x00400000);
|
|
define('MSZ_PERM_USER_MANAGE_REPORTS', 0x00800000);
|
|
define('MSZ_PERM_USER_MANAGE_WARNINGS', 0x01000000);
|
|
//define('MSZ_PERM_USER_MANAGE_BLACKLISTS', 0x02000000); // Replaced with MSZ_PERM_GENERAL_MANAGE_BLACKLIST
|
|
define('MSZ_PERM_USER_MANAGE_NOTES', 0x04000000);
|
|
define('MSZ_PERM_USER_MANAGE_BANS', 0x08000000);
|
|
define('MSZ_PERM_USER_IMPERSONATE', 0x10000000);
|
|
|
|
define('MSZ_PERMS_CHANGELOG', 'changelog');
|
|
define('MSZ_PERM_CHANGELOG_MANAGE_CHANGES', 0x00000001);
|
|
define('MSZ_PERM_CHANGELOG_MANAGE_TAGS', 0x00000002);
|
|
//define('MSZ_PERM_CHANGELOG_MANAGE_ACTIONS', 0x00000004); Deprecated, actions are hardcoded now
|
|
|
|
define('MSZ_PERMS_NEWS', 'news');
|
|
define('MSZ_PERM_NEWS_MANAGE_POSTS', 0x00000001);
|
|
define('MSZ_PERM_NEWS_MANAGE_CATEGORIES', 0x00000002);
|
|
|
|
define('MSZ_PERMS_FORUM', 'forum');
|
|
define('MSZ_PERM_FORUM_MANAGE_FORUMS', 0x00000001);
|
|
define('MSZ_PERM_FORUM_VIEW_LEADERBOARD', 0x00000002);
|
|
define('MSZ_PERM_FORUM_TOPIC_REDIRS', 0x00000004);
|
|
|
|
define('MSZ_PERMS_COMMENTS', 'comments');
|
|
define('MSZ_PERM_COMMENTS_CREATE', 0x00000001);
|
|
//define('MSZ_PERM_COMMENTS_EDIT_OWN', 0x00000002);
|
|
//define('MSZ_PERM_COMMENTS_EDIT_ANY', 0x00000004);
|
|
define('MSZ_PERM_COMMENTS_DELETE_OWN', 0x00000008);
|
|
define('MSZ_PERM_COMMENTS_DELETE_ANY', 0x00000010);
|
|
define('MSZ_PERM_COMMENTS_PIN', 0x00000020);
|
|
define('MSZ_PERM_COMMENTS_LOCK', 0x00000040);
|
|
define('MSZ_PERM_COMMENTS_VOTE', 0x00000080);
|
|
|
|
define('MSZ_PERM_MODES', [
|
|
MSZ_PERMS_GENERAL, MSZ_PERMS_USER, MSZ_PERMS_CHANGELOG,
|
|
MSZ_PERMS_NEWS, MSZ_PERMS_FORUM, MSZ_PERMS_COMMENTS,
|
|
]);
|
|
|
|
define('MSZ_FORUM_PERMS_GENERAL', 'forum');
|
|
|
|
define('MSZ_FORUM_PERM_LIST_FORUM', 0x00000001); // can see stats, but will get error when trying to view
|
|
define('MSZ_FORUM_PERM_VIEW_FORUM', 0x00000002);
|
|
|
|
define('MSZ_FORUM_PERM_CREATE_TOPIC', 0x00000400);
|
|
//define('MSZ_FORUM_PERM_DELETE_TOPIC', 0x00000800); // use MSZ_FORUM_PERM_DELETE_ANY_POST instead
|
|
define('MSZ_FORUM_PERM_MOVE_TOPIC', 0x00001000);
|
|
define('MSZ_FORUM_PERM_LOCK_TOPIC', 0x00002000);
|
|
define('MSZ_FORUM_PERM_STICKY_TOPIC', 0x00004000);
|
|
define('MSZ_FORUM_PERM_ANNOUNCE_TOPIC', 0x00008000);
|
|
define('MSZ_FORUM_PERM_GLOBAL_ANNOUNCE_TOPIC', 0x00010000);
|
|
define('MSZ_FORUM_PERM_BUMP_TOPIC', 0x00020000);
|
|
//define('MSZ_FORUM_PERM_PRIORITY_VOTE', 0x00040000); // feature postponed, perhaps reuse if it makes sense to
|
|
|
|
define('MSZ_FORUM_PERM_CREATE_POST', 0x00100000);
|
|
define('MSZ_FORUM_PERM_EDIT_POST', 0x00200000);
|
|
define('MSZ_FORUM_PERM_EDIT_ANY_POST', 0x00400000);
|
|
define('MSZ_FORUM_PERM_DELETE_POST', 0x00800000);
|
|
define('MSZ_FORUM_PERM_DELETE_ANY_POST', 0x01000000);
|
|
|
|
define('MSZ_FORUM_PERM_MODES', [
|
|
MSZ_FORUM_PERMS_GENERAL,
|
|
]);
|
|
|
|
function perms_get_keys(array $modes = MSZ_PERM_MODES): array {
|
|
$perms = [];
|
|
|
|
foreach($modes as $mode) {
|
|
$perms[] = perms_get_key($mode, MSZ_PERMS_ALLOW);
|
|
$perms[] = perms_get_key($mode, MSZ_PERMS_DENY);
|
|
}
|
|
|
|
return $perms;
|
|
}
|
|
|
|
function perms_create(array $modes = MSZ_PERM_MODES): array {
|
|
return array_fill_keys(perms_get_keys($modes), 0);
|
|
}
|
|
|
|
function perms_get_key(string $prefix, string $suffix): string {
|
|
return $prefix . '_perms_' . $suffix;
|
|
}
|
|
|
|
function perms_get_select(array $modes = MSZ_PERM_MODES, string $allow = MSZ_PERMS_ALLOW, string $deny = MSZ_PERMS_DENY): string {
|
|
$select = '';
|
|
|
|
foreach($modes as $mode) {
|
|
$select .= sprintf(
|
|
'(BIT_OR(`%1$s_perms_%2$s`) &~ BIT_OR(`%1$s_perms_%3$s`)) AS `%1$s`,',
|
|
$mode, $allow, $deny
|
|
);
|
|
}
|
|
|
|
$select = substr($select, 0, -1);
|
|
|
|
return $select;
|
|
}
|
|
|
|
function perms_get_blank(array $modes = MSZ_PERM_MODES): array {
|
|
return array_fill_keys($modes, 0);
|
|
}
|
|
|
|
function perms_get_user(int|string $user): array {
|
|
if(is_string($user))
|
|
$user = (int)$user;
|
|
if($user < 1)
|
|
return perms_get_blank();
|
|
|
|
static $memo = [];
|
|
|
|
if(array_key_exists($user, $memo)) {
|
|
return $memo[$user];
|
|
}
|
|
|
|
$getPerms = \Misuzu\DB::prepare(sprintf(
|
|
'
|
|
SELECT %s
|
|
FROM `msz_permissions`
|
|
WHERE (`user_id` = :user_id_1 AND `role_id` IS NULL)
|
|
OR (
|
|
`user_id` IS NULL
|
|
AND `role_id` IN (
|
|
SELECT `role_id`
|
|
FROM `msz_users_roles`
|
|
WHERE `user_id` = :user_id_2
|
|
)
|
|
)
|
|
',
|
|
perms_get_select()
|
|
));
|
|
$getPerms->bind('user_id_1', $user);
|
|
$getPerms->bind('user_id_2', $user);
|
|
|
|
return $memo[$user] = $getPerms->fetch();
|
|
}
|
|
|
|
function perms_delete_user(int|string $user): bool {
|
|
if(is_string($user))
|
|
$user = (int)$user;
|
|
if($user < 1)
|
|
return false;
|
|
|
|
$deletePermissions = \Misuzu\DB::prepare('
|
|
DELETE FROM `msz_permissions`
|
|
WHERE `role_id` IS NULL
|
|
AND `user_id` = :user_id
|
|
');
|
|
$deletePermissions->bind('user_id', $user);
|
|
return $deletePermissions->execute();
|
|
}
|
|
|
|
function perms_get_role(int $role): array {
|
|
if($role < 1) {
|
|
return perms_get_blank();
|
|
}
|
|
|
|
static $memo = [];
|
|
|
|
if(array_key_exists($role, $memo)) {
|
|
return $memo[$role];
|
|
}
|
|
|
|
$getPerms = \Misuzu\DB::prepare(sprintf(
|
|
'
|
|
SELECT %s
|
|
FROM `msz_permissions`
|
|
WHERE `role_id` = :role_id
|
|
AND `user_id` IS NULL
|
|
',
|
|
perms_get_select()
|
|
));
|
|
$getPerms->bind('role_id', $role);
|
|
|
|
return $memo[$role] = $getPerms->fetch();
|
|
}
|
|
|
|
function perms_get_user_raw(int|string $user): array {
|
|
if(is_string($user))
|
|
$user = (int)$user;
|
|
if($user < 1)
|
|
return perms_create();
|
|
|
|
$getPerms = \Misuzu\DB::prepare(sprintf('
|
|
SELECT `%s`
|
|
FROM `msz_permissions`
|
|
WHERE `user_id` = :user_id
|
|
AND `role_id` IS NULL
|
|
', implode('`, `', perms_get_keys())));
|
|
$getPerms->bind('user_id', $user);
|
|
$perms = $getPerms->fetch();
|
|
|
|
if(empty($perms)) {
|
|
return perms_create();
|
|
}
|
|
|
|
return $perms;
|
|
}
|
|
|
|
function perms_set_user_raw(int|string $user, array $perms): bool {
|
|
if(is_string($user))
|
|
$user = (int)$user;
|
|
if($user < 1)
|
|
return false;
|
|
|
|
$realPerms = perms_create();
|
|
$permKeys = array_keys($realPerms);
|
|
|
|
foreach($permKeys as $perm) {
|
|
$realPerms[$perm] = (int)($perms[$perm] ?? 0);
|
|
}
|
|
|
|
$setPermissions = \Misuzu\DB::prepare(sprintf(
|
|
'
|
|
REPLACE INTO `msz_permissions`
|
|
(`role_id`, `user_id`, `%s`)
|
|
VALUES
|
|
(NULL, :user_id, :%s)
|
|
',
|
|
implode('`, `', $permKeys),
|
|
implode(', :', $permKeys)
|
|
));
|
|
$setPermissions->bind('user_id', $user);
|
|
|
|
foreach($realPerms as $key => $value) {
|
|
$setPermissions->bind($key, $value);
|
|
}
|
|
|
|
return $setPermissions->execute();
|
|
}
|
|
|
|
function perms_get_role_raw(int $role): array {
|
|
if($role < 1) {
|
|
return perms_create();
|
|
}
|
|
|
|
$getPerms = \Misuzu\DB::prepare(sprintf('
|
|
SELECT `%s`
|
|
FROM `msz_permissions`
|
|
WHERE `user_id` IS NULL
|
|
AND `role_id` = :role_id
|
|
', implode('`, `', perms_get_keys())));
|
|
$getPerms->bind('role_id', $role);
|
|
$perms = $getPerms->fetch();
|
|
|
|
if(empty($perms)) {
|
|
return perms_create();
|
|
}
|
|
|
|
return $perms;
|
|
}
|
|
|
|
function perms_check(?int $perms, ?int $perm, bool $strict = false): bool {
|
|
$and = ($perms ?? 0) & ($perm ?? 0);
|
|
return $strict ? $and === $perm : $and > 0;
|
|
}
|
|
|
|
function perms_check_user(string $prefix, int|string|null $userId, int $perm, bool $strict = false): bool {
|
|
if(is_string($userId))
|
|
$userId = (int)$userId;
|
|
return $userId > 0 && perms_check(perms_get_user($userId)[$prefix] ?? 0, $perm, $strict);
|
|
}
|
|
|
|
function perms_check_bulk(int $perms, array $set, bool $strict = false): array {
|
|
foreach($set as $key => $perm) {
|
|
$set[$key] = perms_check($perms, $perm, $strict);
|
|
}
|
|
|
|
return $set;
|
|
}
|
|
|
|
function perms_check_user_bulk(string $prefix, int|string|null $userId, array $set, bool $strict = false): array {
|
|
$perms = perms_get_user($userId)[$prefix] ?? 0;
|
|
return perms_check_bulk($perms, $set, $strict);
|
|
}
|
|
|
|
function perms_for_comments(string|int $userId): array {
|
|
return perms_check_user_bulk(MSZ_PERMS_COMMENTS, $userId, [
|
|
'can_comment' => MSZ_PERM_COMMENTS_CREATE,
|
|
'can_delete' => MSZ_PERM_COMMENTS_DELETE_OWN | MSZ_PERM_COMMENTS_DELETE_ANY,
|
|
'can_delete_any' => MSZ_PERM_COMMENTS_DELETE_ANY,
|
|
'can_pin' => MSZ_PERM_COMMENTS_PIN,
|
|
'can_lock' => MSZ_PERM_COMMENTS_LOCK,
|
|
'can_vote' => MSZ_PERM_COMMENTS_VOTE,
|
|
]);
|
|
}
|
|
|
|
function forum_get_parent_id(int $forumId): int {
|
|
if($forumId < 1)
|
|
return 0;
|
|
|
|
static $memoized = [];
|
|
|
|
if(array_key_exists($forumId, $memoized))
|
|
return $memoized[$forumId];
|
|
|
|
$getParent = \Misuzu\DB::prepare('
|
|
SELECT `forum_parent`
|
|
FROM `msz_forum_categories`
|
|
WHERE `forum_id` = :forum_id
|
|
');
|
|
$getParent->bind('forum_id', $forumId);
|
|
|
|
return (int)$getParent->fetchColumn();
|
|
}
|
|
|
|
function forum_perms_get_user(?int $forum, int $user): array {
|
|
$perms = perms_get_blank(MSZ_FORUM_PERM_MODES);
|
|
|
|
if($user < 0 || $forum < 0)
|
|
return $perms;
|
|
|
|
static $memo = [];
|
|
$memoId = "{$forum}-{$user}";
|
|
|
|
if(array_key_exists($memoId, $memo))
|
|
return $memo[$memoId];
|
|
|
|
if($forum > 0)
|
|
$perms = forum_perms_get_user(
|
|
forum_get_parent_id($forum),
|
|
$user
|
|
);
|
|
|
|
$getPerms = \Misuzu\DB::prepare(sprintf(
|
|
'
|
|
SELECT %s
|
|
FROM `msz_forum_permissions`
|
|
WHERE (`forum_id` = :forum_id OR `forum_id` IS NULL)
|
|
AND (
|
|
(`user_id` IS NULL AND `role_id` IS NULL)
|
|
OR (`user_id` = :user_id_1 AND `role_id` IS NULL)
|
|
OR (
|
|
`user_id` IS NULL
|
|
AND `role_id` IN (
|
|
SELECT `role_id`
|
|
FROM `msz_users_roles`
|
|
WHERE `user_id` = :user_id_2
|
|
)
|
|
)
|
|
)
|
|
',
|
|
perms_get_select(MSZ_FORUM_PERM_MODES)
|
|
));
|
|
$getPerms->bind('forum_id', $forum);
|
|
$getPerms->bind('user_id_1', $user);
|
|
$getPerms->bind('user_id_2', $user);
|
|
|
|
$userPerms = $getPerms->fetch();
|
|
foreach($perms as $key => $value)
|
|
$perms[$key] |= $userPerms[$key] ?? 0;
|
|
|
|
return $memo[$memoId] = $perms;
|
|
}
|
|
|
|
function forum_perms_check_user(
|
|
string $prefix,
|
|
?int $forumId,
|
|
?int $userId,
|
|
int $perm,
|
|
bool $strict = false
|
|
): bool {
|
|
return perms_check(forum_perms_get_user($forumId, $userId)[$prefix] ?? 0, $perm, $strict);
|
|
}
|