From eea4e42609e319b38f14bca9f31cc3327ffaf175 Mon Sep 17 00:00:00 2001 From: Michael Foster Date: Mon, 9 Sep 2013 01:33:51 +1000 Subject: [PATCH] Add ability to create custom user/permissions groups --- inc/config.php | 34 ++++++++++++++++++-------------- inc/functions.php | 9 +++++++++ inc/mod/config-editor.php | 11 ++++++----- inc/mod/pages.php | 42 ++++++++++++++++++++++++++++++---------- install.php | 7 ++++++- install.sql | 4 ++-- templates/mod/config-editor.html | 9 +++++---- templates/mod/user.html | 20 +++++++------------ templates/mod/users.html | 11 ++++++----- 9 files changed, 93 insertions(+), 54 deletions(-) diff --git a/inc/config.php b/inc/config.php index 84222009..897c8a42 100644 --- a/inc/config.php +++ b/inc/config.php @@ -1162,18 +1162,28 @@ * ==================== */ - // Probably best not to change these: - if (!defined('JANITOR')) { - define('JANITOR', 0, true); - define('MOD', 1, true); - define('ADMIN', 2, true); - define('DISABLED', 3, true); - } + // Probably best not to change this unless you are smart enough to figure out what you're doing. If you + // decide to change it, remember that it is impossible to redefinite/overwrite groups; you may only add + // new ones. + $config['mod']['groups'] = array( + 10 => 'Janitor', + 20 => 'Mod', + 30 => 'Admin', + // 98 => 'God', + 99 => 'Disabled' + ); + + // If you add stuff to the above, you'll need to call this function immediately after. + define_groups(); + + // Example: Adding a new permissions group. + // $config['mod']['groups'][0] = 'NearlyPowerless'; + // define_groups(); // Capcode permissions. $config['mod']['capcode'] = array( // JANITOR => array('Janitor'), - MOD => array('Mod'), + MOD => array('Mod'), ADMIN => true ); @@ -1312,18 +1322,14 @@ $config['mod']['edit_config'] = ADMIN; // Config editor permissions - $config['mod']['config'] = array( - JANITOR => false, - MOD => false, - ADMIN => false, - DISABLED => false, - ); + $config['mod']['config'] = array(); // Disable the following configuration variables from being changed via ?/config. The following default // banned variables are considered somewhat dangerous. $config['mod']['config'][DISABLED] = array( 'mod>config', 'mod>config_editor_php', + 'mod>groups', 'convert_args', 'db>password', ); diff --git a/inc/functions.php b/inc/functions.php index 819a935b..e5e33449 100644 --- a/inc/functions.php +++ b/inc/functions.php @@ -265,6 +265,15 @@ function verbose_error_handler($errno, $errstr, $errfile, $errline) { )); } +function define_groups() { + global $config; + + foreach ($config['mod']['groups'] as $group_value => $group_name) + defined($group_name) or define($group_name, $group_value, true); + + ksort($config['mod']['groups']); +} + function create_antibot($board, $thread = null) { require_once dirname(__FILE__) . '/anti-bot.php'; diff --git a/inc/mod/config-editor.php b/inc/mod/config-editor.php index 3f15ebe5..4493fd2b 100644 --- a/inc/mod/config-editor.php +++ b/inc/mod/config-editor.php @@ -3,7 +3,7 @@ function permission_to_edit_config_var($varname) { global $config, $mod; - if (is_array($config['mod']['config'][DISABLED])) { + if (isset($config['mod']['config'][DISABLED])) { foreach ($config['mod']['config'][DISABLED] as $disabled_var_name) { $disabled_var_name = explode('>', $disabled_var_name); if (count($disabled_var_name) == 1) @@ -14,10 +14,11 @@ function permission_to_edit_config_var($varname) { } $allow_only = false; - // for ($perm = (int)$mod['type']; $perm >= JANITOR; $perm --) { - for ($perm = JANITOR; $perm <= (int)$mod['type']; $perm ++) { + foreach ($config['mod']['groups'] as $perm => $perm_name) { + if ($perm > $mod['type']) + break; $allow_only = false; - if (is_array($config['mod']['config'][$perm])) { + if (isset($config['mod']['config'][$perm]) && is_array($config['mod']['config'][$perm])) { foreach ($config['mod']['config'][$perm] as $perm_var_name) { if ($perm_var_name == '!') { $allow_only = true; @@ -92,7 +93,7 @@ function config_vars() { continue; // This is just an alias. if (!preg_match('/^array|\[\]|function/', $var['default']) && !preg_match('/^Example: /', trim(implode(' ', $var['comment'])))) { $syntax_error = true; - $temp = eval('$syntax_error = false;return ' . $var['default'] . ';'); + $temp = eval('$syntax_error = false;return @' . $var['default'] . ';'); if ($syntax_error && $temp === false) { error('Error parsing config.php (line ' . $line_no . ')!', null, $var); } elseif (!isset($temp)) { diff --git a/inc/mod/pages.php b/inc/mod/pages.php index 5e45cdae..af8f7466 100644 --- a/inc/mod/pages.php +++ b/inc/mod/pages.php @@ -1674,11 +1674,39 @@ function mod_user_promote($uid, $action) { if (!hasPermission($config['mod']['promoteusers'])) error($config['error']['noaccess']); - $query = prepare("UPDATE ``mods`` SET `type` = `type` " . ($action == 'promote' ? "+1 WHERE `type` < " . (int)ADMIN : "-1 WHERE `type` > " . (int)JANITOR) . " AND `id` = :id"); + $query = prepare("SELECT `type`, `username` FROM ``mods`` WHERE `id` = :id"); $query->bindValue(':id', $uid); $query->execute() or error(db_error($query)); - modLog(($action == 'promote' ? 'Promoted' : 'Demoted') . " user #{$uid}"); + if (!$mod = $query->fetch(PDO::FETCH_ASSOC)) + error($config['error']['404']); + + $new_group = false; + + $groups = $config['mod']['groups']; + if ($action == 'demote') + $groups = array_reverse($groups, true); + + foreach ($groups as $group_value => $group_name) { + if ($action == 'promote' && $group_value > $mod['type']) { + $new_group = $group_value; + break; + } elseif ($action == 'demote' && $group_value < $mod['type']) { + $new_group = $group_value; + break; + } + } + + if ($new_group === false || $new_group == DISABLED) + error(_('Impossible to promote/demote user.')); + + $query = prepare("UPDATE ``mods`` SET `type` = :group_value WHERE `id` = :id"); + $query->bindValue(':id', $uid); + $query->bindValue(':group_value', $new_group); + $query->execute() or error(db_error($query)); + + modLog(($action == 'promote' ? 'Promoted' : 'Demoted') . ' user "' . + utf8tohtml($mod['username']) . '" to ' . $config['mod']['groups'][$new_group]); header('Location: ?/users', true, $config['redirect_http']); } @@ -2069,14 +2097,8 @@ function mod_config($board_config = false) { $config_append .= ' = '; - if (@$var['permissions'] && in_array($value, array(JANITOR, MOD, ADMIN, DISABLED))) { - $perm_array = array( - JANITOR => 'JANITOR', - MOD => 'MOD', - ADMIN => 'ADMIN', - DISABLED => 'DISABLED' - ); - $config_append .= $perm_array[$value]; + if (@$var['permissions'] && isset($config['mod']['groups'][$value])) { + $config_append .= $config['mod']['groups'][$value]; } else { $config_append .= var_export($value, true); } diff --git a/install.php b/install.php index 45244b90..639a90c9 100644 --- a/install.php +++ b/install.php @@ -1,7 +1,7 @@ {% elseif var.permissions %} {% elseif var.type == 'integer' %} diff --git a/templates/mod/user.html b/templates/mod/user.html index 1bb297af..89240824 100644 --- a/templates/mod/user.html +++ b/templates/mod/user.html @@ -28,21 +28,15 @@ {% if new %} - {% trans 'Class' %} + {% trans 'Group' %} diff --git a/templates/mod/users.html b/templates/mod/users.html index fbd43b32..984c48e1 100644 --- a/templates/mod/users.html +++ b/templates/mod/users.html @@ -15,9 +15,10 @@ {{ user.id }} {{ user.username|e }} - {% if user.type == constant('JANITOR') %}{% trans 'Janitor' %} - {% elseif user.type == constant('MOD') %}{% trans 'Mod' %} - {% elseif user.type == constant('ADMIN') %}{% trans 'Admin' %} + {% if config.mod.groups[user.type] %} + {{ config.mod.groups[user.type] }} + {% else %} + {% trans 'Unknown' %} ({{ user.type }}) {% endif %} @@ -46,10 +47,10 @@ {% endif %} - {% if mod|hasPermission(config.mod.promoteusers) and user.type < constant('ADMIN') %} + {% if mod|hasPermission(config.mod.promoteusers) and user.type < constant(config.mod.groups[0:-1]|last) %} {% endif %} - {% if mod|hasPermission(config.mod.promoteusers) and user.type > constant('JANITOR') %} + {% if mod|hasPermission(config.mod.promoteusers) and user.type > constant(config.mod.groups|first) %} {% endif %} {% if mod|hasPermission(config.mod.modlog) %}