Verzeichnisstruktur phpBB-3.1.0
- Veröffentlicht
- 27.10.2014
So funktioniert es
|
Auf das letzte Element klicken. Dies geht jeweils ein Schritt zurück |
Auf das Icon klicken, dies öffnet das Verzeichnis. Nochmal klicken schließt das Verzeichnis. |
|
(Beispiel Datei-Icons)
|
Auf das Icon klicken um den Quellcode anzuzeigen |
permission.php
001 <?php
002 /**
003 *
004 * This file is part of the phpBB Forum Software package.
005 *
006 * @copyright (c) phpBB Limited <https://www.phpbb.com>
007 * @license GNU General Public License, version 2 (GPL-2.0)
008 *
009 * For full copyright and license information, please see
010 * the docs/CREDITS.txt file.
011 *
012 */
013
014 namespace phpbb\db\migration\tool;
015
016 /**
017 * Migration permission management tool
018 */
019 class permission implements \phpbb\db\migration\tool\tool_interface
020 {
021 /** @var \phpbb\auth\auth */
022 protected $auth;
023
024 /** @var \phpbb\cache\service */
025 protected $cache;
026
027 /** @var \phpbb\db\driver\driver_interface */
028 protected $db;
029
030 /** @var string */
031 protected $phpbb_root_path;
032
033 /** @var string */
034 protected $php_ext;
035
036 /**
037 * Constructor
038 *
039 * @param \phpbb\db\driver\driver_interface $db
040 * @param \phpbb\cache\service $cache
041 * @param \phpbb\auth\auth $auth
042 * @param string $phpbb_root_path
043 * @param string $php_ext
044 */
045 public function __construct(\phpbb\db\driver\driver_interface $db, \phpbb\cache\service $cache, \phpbb\auth\auth $auth, $phpbb_root_path, $php_ext)
046 {
047 $this->db = $db;
048 $this->cache = $cache;
049 $this->auth = $auth;
050 $this->phpbb_root_path = $phpbb_root_path;
051 $this->php_ext = $php_ext;
052 }
053
054 /**
055 * {@inheritdoc}
056 */
057 public function get_name()
058 {
059 return 'permission';
060 }
061
062 /**
063 * Permission Exists
064 *
065 * Check if a permission (auth) setting exists
066 *
067 * @param string $auth_option The name of the permission (auth) option
068 * @param bool $global True for checking a global permission setting,
069 * False for a local permission setting
070 * @return bool true if it exists, false if not
071 */
072 public function exists($auth_option, $global = true)
073 {
074 if ($global)
075 {
076 $type_sql = ' AND is_global = 1';
077 }
078 else
079 {
080 $type_sql = ' AND is_local = 1';
081 }
082
083 $sql = 'SELECT auth_option_id
084 FROM ' . ACL_OPTIONS_TABLE . "
085 WHERE auth_option = '" . $this->db->sql_escape($auth_option) . "'"
086 . $type_sql;
087 $result = $this->db->sql_query($sql);
088
089 $row = $this->db->sql_fetchrow($result);
090 $this->db->sql_freeresult($result);
091
092 if ($row)
093 {
094 return true;
095 }
096
097 return false;
098 }
099
100 /**
101 * Permission Add
102 *
103 * Add a permission (auth) option
104 *
105 * @param string $auth_option The name of the permission (auth) option
106 * @param bool $global True for checking a global permission setting,
107 * False for a local permission setting
108 * @param int|false $copy_from If set, contains the id of the permission from which to copy the new one.
109 * @return null
110 */
111 public function add($auth_option, $global = true, $copy_from = false)
112 {
113 if ($this->exists($auth_option, $global))
114 {
115 return;
116 }
117
118 // We've added permissions, so set to true to notify the user.
119 $this->permissions_added = true;
120
121 if (!class_exists('auth_admin'))
122 {
123 include($this->phpbb_root_path . 'includes/acp/auth.' . $this->php_ext);
124 }
125 $auth_admin = new \auth_admin();
126
127 // We have to add a check to see if the !$global (if global, local, and if local, global) permission already exists. If it does, acl_add_option currently has a bug which would break the ACL system, so we are having a work-around here.
128 if ($this->exists($auth_option, !$global))
129 {
130 $sql_ary = array(
131 'is_global' => 1,
132 'is_local' => 1,
133 );
134 $sql = 'UPDATE ' . ACL_OPTIONS_TABLE . '
135 SET ' . $this->db->sql_build_array('UPDATE', $sql_ary) . "
136 WHERE auth_option = '" . $this->db->sql_escape($auth_option) . "'";
137 $this->db->sql_query($sql);
138 }
139 else
140 {
141 if ($global)
142 {
143 $auth_admin->acl_add_option(array('global' => array($auth_option)));
144 }
145 else
146 {
147 $auth_admin->acl_add_option(array('local' => array($auth_option)));
148 }
149 }
150
151 // The permission has been added, now we can copy it if needed
152 if ($copy_from && isset($auth_admin->acl_options['id'][$copy_from]))
153 {
154 $old_id = $auth_admin->acl_options['id'][$copy_from];
155 $new_id = $auth_admin->acl_options['id'][$auth_option];
156
157 $tables = array(ACL_GROUPS_TABLE, ACL_ROLES_DATA_TABLE, ACL_USERS_TABLE);
158
159 foreach ($tables as $table)
160 {
161 $sql = 'SELECT *
162 FROM ' . $table . '
163 WHERE auth_option_id = ' . $old_id;
164 $result = $this->db->sql_query($sql);
165
166 $sql_ary = array();
167 while ($row = $this->db->sql_fetchrow($result))
168 {
169 $row['auth_option_id'] = $new_id;
170 $sql_ary[] = $row;
171 }
172 $this->db->sql_freeresult($result);
173
174 if (!empty($sql_ary))
175 {
176 $this->db->sql_multi_insert($table, $sql_ary);
177 }
178 }
179
180 $auth_admin->acl_clear_prefetch();
181 }
182 }
183
184 /**
185 * Permission Remove
186 *
187 * Remove a permission (auth) option
188 *
189 * @param string $auth_option The name of the permission (auth) option
190 * @param bool $global True for checking a global permission setting,
191 * False for a local permission setting
192 * @return null
193 */
194 public function remove($auth_option, $global = true)
195 {
196 if (!$this->exists($auth_option, $global))
197 {
198 return;
199 }
200
201 if ($global)
202 {
203 $type_sql = ' AND is_global = 1';
204 }
205 else
206 {
207 $type_sql = ' AND is_local = 1';
208 }
209 $sql = 'SELECT auth_option_id, is_global, is_local
210 FROM ' . ACL_OPTIONS_TABLE . "
211 WHERE auth_option = '" . $this->db->sql_escape($auth_option) . "'" .
212 $type_sql;
213 $result = $this->db->sql_query($sql);
214 $row = $this->db->sql_fetchrow($result);
215 $this->db->sql_freeresult($result);
216
217 $id = (int) $row['auth_option_id'];
218
219 // If it is a local and global permission, do not remove the row! :P
220 if ($row['is_global'] && $row['is_local'])
221 {
222 $sql = 'UPDATE ' . ACL_OPTIONS_TABLE . '
223 SET ' . (($global) ? 'is_global = 0' : 'is_local = 0') . '
224 WHERE auth_option_id = ' . $id;
225 $this->db->sql_query($sql);
226 }
227 else
228 {
229 // Delete time
230 $tables = array(ACL_GROUPS_TABLE, ACL_ROLES_DATA_TABLE, ACL_USERS_TABLE, ACL_OPTIONS_TABLE);
231 foreach ($tables as $table)
232 {
233 $this->db->sql_query('DELETE FROM ' . $table . '
234 WHERE auth_option_id = ' . $id);
235 }
236 }
237
238 // Purge the auth cache
239 $this->cache->destroy('_acl_options');
240 $this->auth->acl_clear_prefetch();
241 }
242
243 /**
244 * Add a new permission role
245 *
246 * @param string $role_name The new role name
247 * @param string $role_type The type (u_, m_, a_)
248 * @param string $role_description Description of the new role
249 *
250 * @return null
251 */
252 public function role_add($role_name, $role_type, $role_description = '')
253 {
254 $sql = 'SELECT role_id
255 FROM ' . ACL_ROLES_TABLE . "
256 WHERE role_name = '" . $this->db->sql_escape($role_name) . "'";
257 $this->db->sql_query($sql);
258 $role_id = (int) $this->db->sql_fetchfield('role_id');
259
260 if ($role_id)
261 {
262 return;
263 }
264
265 $sql = 'SELECT MAX(role_order) AS max_role_order
266 FROM ' . ACL_ROLES_TABLE . "
267 WHERE role_type = '" . $this->db->sql_escape($role_type) . "'";
268 $this->db->sql_query($sql);
269 $role_order = (int) $this->db->sql_fetchfield('max_role_order');
270 $role_order = (!$role_order) ? 1 : $role_order + 1;
271
272 $sql_ary = array(
273 'role_name' => $role_name,
274 'role_description' => $role_description,
275 'role_type' => $role_type,
276 'role_order' => $role_order,
277 );
278
279 $sql = 'INSERT INTO ' . ACL_ROLES_TABLE . ' ' . $this->db->sql_build_array('INSERT', $sql_ary);
280 $this->db->sql_query($sql);
281 }
282
283 /**
284 * Update the name on a permission role
285 *
286 * @param string $old_role_name The old role name
287 * @param string $new_role_name The new role name
288 * @return null
289 * @throws \phpbb\db\migration\exception
290 */
291 public function role_update($old_role_name, $new_role_name)
292 {
293 $sql = 'SELECT role_id
294 FROM ' . ACL_ROLES_TABLE . "
295 WHERE role_name = '" . $this->db->sql_escape($old_role_name) . "'";
296 $this->db->sql_query($sql);
297 $role_id = (int) $this->db->sql_fetchfield('role_id');
298
299 if (!$role_id)
300 {
301 throw new \phpbb\db\migration\exception('ROLE_NOT_EXIST', $old_role_name);
302 }
303
304 $sql = 'UPDATE ' . ACL_ROLES_TABLE . "
305 SET role_name = '" . $this->db->sql_escape($new_role_name) . "'
306 WHERE role_name = '" . $this->db->sql_escape($old_role_name) . "'";
307 $this->db->sql_query($sql);
308 }
309
310 /**
311 * Remove a permission role
312 *
313 * @param string $role_name The role name to remove
314 * @return null
315 */
316 public function role_remove($role_name)
317 {
318 $sql = 'SELECT role_id
319 FROM ' . ACL_ROLES_TABLE . "
320 WHERE role_name = '" . $this->db->sql_escape($role_name) . "'";
321 $this->db->sql_query($sql);
322 $role_id = (int) $this->db->sql_fetchfield('role_id');
323
324 if (!$role_id)
325 {
326 return;
327 }
328
329 $sql = 'DELETE FROM ' . ACL_ROLES_DATA_TABLE . '
330 WHERE role_id = ' . $role_id;
331 $this->db->sql_query($sql);
332
333 $sql = 'DELETE FROM ' . ACL_ROLES_TABLE . '
334 WHERE role_id = ' . $role_id;
335 $this->db->sql_query($sql);
336
337 $this->auth->acl_clear_prefetch();
338 }
339
340 /**
341 * Permission Set
342 *
343 * Allows you to set permissions for a certain group/role
344 *
345 * @param string $name The name of the role/group
346 * @param string|array $auth_option The auth_option or array of
347 * auth_options you would like to set
348 * @param string $type The type (role|group)
349 * @param bool $has_permission True if you want to give them permission,
350 * false if you want to deny them permission
351 * @return null
352 * @throws \phpbb\db\migration\exception
353 */
354 public function permission_set($name, $auth_option, $type = 'role', $has_permission = true)
355 {
356 if (!is_array($auth_option))
357 {
358 $auth_option = array($auth_option);
359 }
360
361 $new_auth = array();
362 $sql = 'SELECT auth_option_id
363 FROM ' . ACL_OPTIONS_TABLE . '
364 WHERE ' . $this->db->sql_in_set('auth_option', $auth_option);
365 $result = $this->db->sql_query($sql);
366 while ($row = $this->db->sql_fetchrow($result))
367 {
368 $new_auth[] = (int) $row['auth_option_id'];
369 }
370 $this->db->sql_freeresult($result);
371
372 if (empty($new_auth))
373 {
374 return;
375 }
376
377 $current_auth = array();
378
379 $type = (string) $type; // Prevent PHP bug.
380
381 switch ($type)
382 {
383 case 'role':
384 $sql = 'SELECT role_id
385 FROM ' . ACL_ROLES_TABLE . "
386 WHERE role_name = '" . $this->db->sql_escape($name) . "'";
387 $this->db->sql_query($sql);
388 $role_id = (int) $this->db->sql_fetchfield('role_id');
389
390 if (!$role_id)
391 {
392 throw new \phpbb\db\migration\exception('ROLE_NOT_EXIST', $name);
393 }
394
395 $sql = 'SELECT auth_option_id, auth_setting
396 FROM ' . ACL_ROLES_DATA_TABLE . '
397 WHERE role_id = ' . $role_id;
398 $result = $this->db->sql_query($sql);
399 while ($row = $this->db->sql_fetchrow($result))
400 {
401 $current_auth[$row['auth_option_id']] = $row['auth_setting'];
402 }
403 $this->db->sql_freeresult($result);
404 break;
405
406 case 'group':
407 $sql = 'SELECT group_id
408 FROM ' . GROUPS_TABLE . "
409 WHERE group_name = '" . $this->db->sql_escape($name) . "'";
410 $this->db->sql_query($sql);
411 $group_id = (int) $this->db->sql_fetchfield('group_id');
412
413 if (!$group_id)
414 {
415 throw new \phpbb\db\migration\exception('GROUP_NOT_EXIST', $name);
416 }
417
418 // If the group has a role set for them we will add the requested permissions to that role.
419 $sql = 'SELECT auth_role_id
420 FROM ' . ACL_GROUPS_TABLE . '
421 WHERE group_id = ' . $group_id . '
422 AND auth_role_id <> 0
423 AND forum_id = 0';
424 $this->db->sql_query($sql);
425 $role_id = (int) $this->db->sql_fetchfield('auth_role_id');
426 if ($role_id)
427 {
428 $sql = 'SELECT role_name
429 FROM ' . ACL_ROLES_TABLE . '
430 WHERE role_id = ' . $role_id;
431 $this->db->sql_query($sql);
432 $role_name = $this->db->sql_fetchfield('role_name');
433
434 return $this->permission_set($role_name, $auth_option, 'role', $has_permission);
435 }
436
437 $sql = 'SELECT auth_option_id, auth_setting
438 FROM ' . ACL_GROUPS_TABLE . '
439 WHERE group_id = ' . $group_id;
440 $result = $this->db->sql_query($sql);
441 while ($row = $this->db->sql_fetchrow($result))
442 {
443 $current_auth[$row['auth_option_id']] = $row['auth_setting'];
444 }
445 $this->db->sql_freeresult($result);
446 break;
447 }
448
449 $sql_ary = array();
450 switch ($type)
451 {
452 case 'role':
453 foreach ($new_auth as $auth_option_id)
454 {
455 if (!isset($current_auth[$auth_option_id]))
456 {
457 $sql_ary[] = array(
458 'role_id' => $role_id,
459 'auth_option_id' => $auth_option_id,
460 'auth_setting' => $has_permission,
461 );
462 }
463 }
464
465 $this->db->sql_multi_insert(ACL_ROLES_DATA_TABLE, $sql_ary);
466 break;
467
468 case 'group':
469 foreach ($new_auth as $auth_option_id)
470 {
471 if (!isset($current_auth[$auth_option_id]))
472 {
473 $sql_ary[] = array(
474 'group_id' => $group_id,
475 'auth_option_id' => $auth_option_id,
476 'auth_setting' => $has_permission,
477 );
478 }
479 }
480
481 $this->db->sql_multi_insert(ACL_GROUPS_TABLE, $sql_ary);
482 break;
483 }
484
485 $this->auth->acl_clear_prefetch();
486 }
487
488 /**
489 * Permission Unset
490 *
491 * Allows you to unset (remove) permissions for a certain group/role
492 *
493 * @param string $name The name of the role/group
494 * @param string|array $auth_option The auth_option or array of
495 * auth_options you would like to set
496 * @param string $type The type (role|group)
497 * @return null
498 * @throws \phpbb\db\migration\exception
499 */
500 public function permission_unset($name, $auth_option, $type = 'role')
501 {
502 if (!is_array($auth_option))
503 {
504 $auth_option = array($auth_option);
505 }
506
507 $to_remove = array();
508 $sql = 'SELECT auth_option_id
509 FROM ' . ACL_OPTIONS_TABLE . '
510 WHERE ' . $this->db->sql_in_set('auth_option', $auth_option);
511 $result = $this->db->sql_query($sql);
512 while ($row = $this->db->sql_fetchrow($result))
513 {
514 $to_remove[] = (int) $row['auth_option_id'];
515 }
516 $this->db->sql_freeresult($result);
517
518 if (empty($to_remove))
519 {
520 return;
521 }
522
523 $type = (string) $type; // Prevent PHP bug.
524
525 switch ($type)
526 {
527 case 'role':
528 $sql = 'SELECT role_id
529 FROM ' . ACL_ROLES_TABLE . "
530 WHERE role_name = '" . $this->db->sql_escape($name) . "'";
531 $this->db->sql_query($sql);
532 $role_id = (int) $this->db->sql_fetchfield('role_id');
533
534 if (!$role_id)
535 {
536 throw new \phpbb\db\migration\exception('ROLE_NOT_EXIST', $name);
537 }
538
539 $sql = 'DELETE FROM ' . ACL_ROLES_DATA_TABLE . '
540 WHERE ' . $this->db->sql_in_set('auth_option_id', $to_remove);
541 $this->db->sql_query($sql);
542 break;
543
544 case 'group':
545 $sql = 'SELECT group_id
546 FROM ' . GROUPS_TABLE . "
547 WHERE group_name = '" . $this->db->sql_escape($name) . "'";
548 $this->db->sql_query($sql);
549 $group_id = (int) $this->db->sql_fetchfield('group_id');
550
551 if (!$group_id)
552 {
553 throw new \phpbb\db\migration\exception('GROUP_NOT_EXIST', $name);
554 }
555
556 // If the group has a role set for them we will remove the requested permissions from that role.
557 $sql = 'SELECT auth_role_id
558 FROM ' . ACL_GROUPS_TABLE . '
559 WHERE group_id = ' . $group_id . '
560 AND auth_role_id <> 0';
561 $this->db->sql_query($sql);
562 $role_id = (int) $this->db->sql_fetchfield('auth_role_id');
563 if ($role_id)
564 {
565 $sql = 'SELECT role_name
566 FROM ' . ACL_ROLES_TABLE . '
567 WHERE role_id = ' . $role_id;
568 $this->db->sql_query($sql);
569 $role_name = $this->db->sql_fetchfield('role_name');
570
571 return $this->permission_unset($role_name, $auth_option, 'role');
572 }
573
574 $sql = 'DELETE FROM ' . ACL_GROUPS_TABLE . '
575 WHERE ' . $this->db->sql_in_set('auth_option_id', $to_remove);
576 $this->db->sql_query($sql);
577 break;
578 }
579
580 $this->auth->acl_clear_prefetch();
581 }
582
583 /**
584 * {@inheritdoc}
585 */
586 public function reverse()
587 {
588 $arguments = func_get_args();
589 $original_call = array_shift($arguments);
590
591 $call = false;
592 switch ($original_call)
593 {
594 case 'add':
595 $call = 'remove';
596 break;
597
598 case 'remove':
599 $call = 'add';
600 break;
601
602 case 'permission_set':
603 $call = 'permission_unset';
604 break;
605
606 case 'permission_unset':
607 $call = 'permission_set';
608 break;
609
610 case 'role_add':
611 $call = 'role_remove';
612 break;
613
614 case 'role_remove':
615 $call = 'role_add';
616 break;
617
618 case 'role_update':
619 // Set to the original value if the current value is what we compared to originally
620 $arguments = array(
621 $arguments[1],
622 $arguments[0],
623 );
624 break;
625 }
626
627 if ($call)
628 {
629 return call_user_func_array(array(&$this, $call), $arguments);
630 }
631 }
632 }
633