Add ability to create custom user/permissions groups

This commit is contained in:
Michael Foster 2013-09-09 01:33:51 +10:00
parent 9a846d5ad5
commit eea4e42609
9 changed files with 93 additions and 54 deletions

View File

@ -1162,18 +1162,28 @@
* ====================
*/
// Probably best not to change these:
if (!defined('JANITOR')) {
define('JANITOR', 0, true);
define('MOD', 1, true);
define('ADMIN', 2, true);
define('DISABLED', 3, true);
}
// Probably best not to change this unless you are smart enough to figure out what you're doing. If you
// decide to change it, remember that it is impossible to redefinite/overwrite groups; you may only add
// new ones.
$config['mod']['groups'] = array(
10 => 'Janitor',
20 => 'Mod',
30 => 'Admin',
// 98 => 'God',
99 => 'Disabled'
);
// If you add stuff to the above, you'll need to call this function immediately after.
define_groups();
// Example: Adding a new permissions group.
// $config['mod']['groups'][0] = 'NearlyPowerless';
// define_groups();
// Capcode permissions.
$config['mod']['capcode'] = array(
// JANITOR => array('Janitor'),
MOD => array('Mod'),
MOD => array('Mod'),
ADMIN => true
);
@ -1312,18 +1322,14 @@
$config['mod']['edit_config'] = ADMIN;
// Config editor permissions
$config['mod']['config'] = array(
JANITOR => false,
MOD => false,
ADMIN => false,
DISABLED => false,
);
$config['mod']['config'] = array();
// Disable the following configuration variables from being changed via ?/config. The following default
// banned variables are considered somewhat dangerous.
$config['mod']['config'][DISABLED] = array(
'mod>config',
'mod>config_editor_php',
'mod>groups',
'convert_args',
'db>password',
);

View File

@ -265,6 +265,15 @@ function verbose_error_handler($errno, $errstr, $errfile, $errline) {
));
}
function define_groups() {
global $config;
foreach ($config['mod']['groups'] as $group_value => $group_name)
defined($group_name) or define($group_name, $group_value, true);
ksort($config['mod']['groups']);
}
function create_antibot($board, $thread = null) {
require_once dirname(__FILE__) . '/anti-bot.php';

View File

@ -3,7 +3,7 @@
function permission_to_edit_config_var($varname) {
global $config, $mod;
if (is_array($config['mod']['config'][DISABLED])) {
if (isset($config['mod']['config'][DISABLED])) {
foreach ($config['mod']['config'][DISABLED] as $disabled_var_name) {
$disabled_var_name = explode('>', $disabled_var_name);
if (count($disabled_var_name) == 1)
@ -14,10 +14,11 @@ function permission_to_edit_config_var($varname) {
}
$allow_only = false;
// for ($perm = (int)$mod['type']; $perm >= JANITOR; $perm --) {
for ($perm = JANITOR; $perm <= (int)$mod['type']; $perm ++) {
foreach ($config['mod']['groups'] as $perm => $perm_name) {
if ($perm > $mod['type'])
break;
$allow_only = false;
if (is_array($config['mod']['config'][$perm])) {
if (isset($config['mod']['config'][$perm]) && is_array($config['mod']['config'][$perm])) {
foreach ($config['mod']['config'][$perm] as $perm_var_name) {
if ($perm_var_name == '!') {
$allow_only = true;
@ -92,7 +93,7 @@ function config_vars() {
continue; // This is just an alias.
if (!preg_match('/^array|\[\]|function/', $var['default']) && !preg_match('/^Example: /', trim(implode(' ', $var['comment'])))) {
$syntax_error = true;
$temp = eval('$syntax_error = false;return ' . $var['default'] . ';');
$temp = eval('$syntax_error = false;return @' . $var['default'] . ';');
if ($syntax_error && $temp === false) {
error('Error parsing config.php (line ' . $line_no . ')!', null, $var);
} elseif (!isset($temp)) {

View File

@ -1674,11 +1674,39 @@ function mod_user_promote($uid, $action) {
if (!hasPermission($config['mod']['promoteusers']))
error($config['error']['noaccess']);
$query = prepare("UPDATE ``mods`` SET `type` = `type` " . ($action == 'promote' ? "+1 WHERE `type` < " . (int)ADMIN : "-1 WHERE `type` > " . (int)JANITOR) . " AND `id` = :id");
$query = prepare("SELECT `type`, `username` FROM ``mods`` WHERE `id` = :id");
$query->bindValue(':id', $uid);
$query->execute() or error(db_error($query));
modLog(($action == 'promote' ? 'Promoted' : 'Demoted') . " user #{$uid}");
if (!$mod = $query->fetch(PDO::FETCH_ASSOC))
error($config['error']['404']);
$new_group = false;
$groups = $config['mod']['groups'];
if ($action == 'demote')
$groups = array_reverse($groups, true);
foreach ($groups as $group_value => $group_name) {
if ($action == 'promote' && $group_value > $mod['type']) {
$new_group = $group_value;
break;
} elseif ($action == 'demote' && $group_value < $mod['type']) {
$new_group = $group_value;
break;
}
}
if ($new_group === false || $new_group == DISABLED)
error(_('Impossible to promote/demote user.'));
$query = prepare("UPDATE ``mods`` SET `type` = :group_value WHERE `id` = :id");
$query->bindValue(':id', $uid);
$query->bindValue(':group_value', $new_group);
$query->execute() or error(db_error($query));
modLog(($action == 'promote' ? 'Promoted' : 'Demoted') . ' user "' .
utf8tohtml($mod['username']) . '" to ' . $config['mod']['groups'][$new_group]);
header('Location: ?/users', true, $config['redirect_http']);
}
@ -2069,14 +2097,8 @@ function mod_config($board_config = false) {
$config_append .= ' = ';
if (@$var['permissions'] && in_array($value, array(JANITOR, MOD, ADMIN, DISABLED))) {
$perm_array = array(
JANITOR => 'JANITOR',
MOD => 'MOD',
ADMIN => 'ADMIN',
DISABLED => 'DISABLED'
);
$config_append .= $perm_array[$value];
if (@$var['permissions'] && isset($config['mod']['groups'][$value])) {
$config_append .= $config['mod']['groups'][$value];
} else {
$config_append .= var_export($value, true);
}

View File

@ -1,7 +1,7 @@
<?php
// Installation/upgrade file
define('VERSION', 'v0.9.6-dev-19');
define('VERSION', 'v0.9.6-dev-20');
require 'inc/functions.php';
@ -407,6 +407,11 @@ if (file_exists($config['has_installed'])) {
KEY `filehash` (`filehash`),
KEY `time` (`time`)
) ENGINE=MyISAM DEFAULT CHARSET=ascii COLLATE=ascii_bin AUTO_INCREMENT=1 ;") or error(db_error());
case 'v0.9.6-dev-19':
query("UPDATE ``mods`` SET `type` = 10 WHERE `type` = 0") or error(db_error());
query("UPDATE ``mods`` SET `type` = 20 WHERE `type` = 1") or error(db_error());
query("UPDATE ``mods`` SET `type` = 30 WHERE `type` = 2") or error(db_error());
query("ALTER TABLE ``mods`` CHANGE `type` `type` smallint(1) NOT NULL") or error(db_error());
case false:
// Update version number
file_write($config['has_installed'], VERSION);

View File

@ -131,7 +131,7 @@ CREATE TABLE IF NOT EXISTS `mods` (
`username` varchar(30) NOT NULL,
`password` char(64) CHARACTER SET ascii NOT NULL COMMENT 'SHA256',
`salt` char(32) CHARACTER SET ascii NOT NULL,
`type` smallint(1) NOT NULL COMMENT '0: janitor, 1: mod, 2: admin',
`type` smallint(2) NOT NULL,
`boards` text CHARACTER SET utf8 NOT NULL,
PRIMARY KEY (`id`),
UNIQUE KEY `id` (`id`,`username`)
@ -142,7 +142,7 @@ CREATE TABLE IF NOT EXISTS `mods` (
--
INSERT INTO `mods` VALUES
(1, 'admin', 'cedad442efeef7112fed0f50b011b2b9bf83f6898082f995f69dd7865ca19fb7', '4a44c6c55df862ae901b413feecb0d49', 2, '*');
(1, 'admin', 'cedad442efeef7112fed0f50b011b2b9bf83f6898082f995f69dd7865ca19fb7', '4a44c6c55df862ae901b413feecb0d49', 20, '*');
-- --------------------------------------------------------

View File

@ -42,10 +42,11 @@
<input name="{{ name }}" type="text" value="{{ var.value|e }}">
{% elseif var.permissions %}
<select name="{{ name }}">
<option value="{{ constant('JANITOR') }}"{% if var.value == constant('JANITOR')%} selected{% endif %}>JANITOR</option>
<option value="{{ constant('MOD') }}"{% if var.value == constant('MOD')%} selected{% endif %}>MOD</option>
<option value="{{ constant('ADMIN') }}"{% if var.value == constant('ADMIN')%} selected{% endif %}>ADMIN</option>
<option value="{{ constant('DISABLED') }}"{% if var.value == constant('DISABLED')%} selected{% endif %}>DISABLED</option>
{% for group_value, group_name in config.mod.groups %}
<option value="{{ group_value }}"{% if var.value == group_value %} selected{% endif %}>
{{ group_name }}
</option>
{% endfor %}
</select>
{% elseif var.type == 'integer' %}
<input name="{{ name }}" type="number" value="{{ var.value|e }}">

View File

@ -28,21 +28,15 @@
</tr>
{% if new %}
<tr>
<th>{% trans 'Class' %}</th>
<th>{% trans 'Group' %}</th>
<td>
<ul style="padding:5px 8px;list-style:none">
<li>
<input type="radio" name="type" id="janitor" value="{{ constant('JANITOR') }}">
<label for="janitor">{% trans 'Janitor' %}</label>
</li>
<li>
<input type="radio" name="type" id="mod" value="{{ constant('MOD') }}" checked>
<label for="mod">{% trans 'Mod' %}</label>
</li>
<li>
<input type="radio" name="type" id="admin" value="{{ constant('Admin') }}">
<label for="admin">{% trans 'Admin' %}</label>
</li>
{% for group_value, group_name in config.mod.groups if group_name != 'Disabled' %}
<li>
<input type="radio" name="type" id="group_{{ group_name }}" value="{{ group_value }}">
<label for="group_{{ group_name }}">{% trans group_name %}</label>
</li>
{% endfor %}
</ul>
</td>
</tr>

View File

@ -15,9 +15,10 @@
<td><small>{{ user.id }}</small></td>
<td>{{ user.username|e }}</td>
<td>
{% if user.type == constant('JANITOR') %}{% trans 'Janitor' %}
{% elseif user.type == constant('MOD') %}{% trans 'Mod' %}
{% elseif user.type == constant('ADMIN') %}{% trans 'Admin' %}
{% if config.mod.groups[user.type] %}
{{ config.mod.groups[user.type] }}
{% else %}
<em>{% trans 'Unknown' %}</em> ({{ user.type }})
{% endif %}
</td>
<td>
@ -46,10 +47,10 @@
</td>
{% endif %}
<td>
{% if mod|hasPermission(config.mod.promoteusers) and user.type < constant('ADMIN') %}
{% if mod|hasPermission(config.mod.promoteusers) and user.type < constant(config.mod.groups[0:-1]|last) %}
<a style="float:left;text-decoration:none" href="?/users/{{ user.id }}/promote" title="{% trans 'Promote' %}">&#9650;</a>
{% endif %}
{% if mod|hasPermission(config.mod.promoteusers) and user.type > constant('JANITOR') %}
{% if mod|hasPermission(config.mod.promoteusers) and user.type > constant(config.mod.groups|first) %}
<a style="float:left;text-decoration:none" href="?/users/{{ user.id }}/demote" title="{% trans 'Demote' %}">&#9660;</a>
{% endif %}
{% if mod|hasPermission(config.mod.modlog) %}