array('function_to_call', 'permission_needed'), $subActions = array( 'board' => array('PermissionByBoard', 'manage_permissions'), 'index' => array('PermissionIndex', 'manage_permissions'), 'modify' => array('ModifyMembergroup', 'manage_permissions'), 'modify2' => array('ModifyMembergroup2', 'manage_permissions'), 'quick' => array('SetQuickGroups', 'manage_permissions'), 'quickboard' => array('SetQuickBoards', 'manage_permissions'), 'settings' => array('GeneralPermissionSettings', 'admin_forum'), 'switch' => array('SwitchBoard', 'manage_permissions'), ); $_REQUEST['sa'] = isset($_REQUEST['sa']) && isset($subActions[$_REQUEST['sa']]) ? $_REQUEST['sa'] : (allowedTo('manage_permissions') ? 'index' : 'settings'); isAllowedTo($subActions[$_REQUEST['sa']][1]); // Create the tabs for the template. $context['admin_tabs'] = array( 'title' => $txt['permissions_title'], 'help' => 'permissions', 'description' => '', 'tabs' => array(), ); if (allowedTo('manage_permissions')) { $context['admin_tabs']['tabs']['index'] = array( 'title' => $txt['permissions_groups'], 'description' => $txt['permission_by_membergroup_desc'], 'href' => $scripturl . '?action=permissions', 'is_selected' => in_array($_REQUEST['sa'], array('modify', 'index')) && empty($_REQUEST['boardid']), ); $context['admin_tabs']['tabs']['board_permissions'] = array( 'title' => $txt['permissions_boards'], 'description' => $txt['permission_by_board_desc'], 'href' => $scripturl . '?action=permissions;sa=board', 'is_selected' => in_array($_REQUEST['sa'], array('board', 'switch')) || (in_array($_REQUEST['sa'], array('modify', 'index')) && !empty($_REQUEST['boardid'])), 'is_last' => !allowedTo('admin_forum'), ); } if (allowedTo('admin_forum')) $context['admin_tabs']['tabs']['settings'] = array( 'title' => $txt['settings'], 'description' => $txt['permission_settings_desc'], 'href' => $scripturl . '?action=permissions;sa=settings', 'is_selected' => $_REQUEST['sa'] == 'settings', 'is_last' => true, ); $subActions[$_REQUEST['sa']][0](); } function PermissionIndex() { global $db_prefix, $txt, $scripturl, $context, $settings, $modSettings; $context['page_title'] = $txt['permissions_title']; // Load all the permissions. We'll need them in the template. loadAllPermissions(); // Determine the number of ungrouped members. $request = db_query(" SELECT COUNT(*) FROM {$db_prefix}members WHERE ID_GROUP = 0", __FILE__, __LINE__); list ($num_members) = mysql_fetch_row($request); mysql_free_result($request); // Fill the context variable with 'Guests' and 'Regular Members'. $context['groups'] = array( -1 => array( 'id' => -1, 'name' => $txt['membergroups_guests'], 'num_members' => $txt['membergroups_guests_na'], 'allow_delete' => false, 'allow_modify' => true, 'can_search' => false, 'href' => '', 'link' => '', 'is_post_group' => false, 'color' => '', 'stars' => '', 'num_permissions' => array( 'allowed' => 0, // Can't deny guest permissions! 'denied' => '(' . $txt['permissions_none'] . ')' ), 'access' => false ), 0 => array( 'id' => 0, 'name' => $txt['membergroups_members'], 'num_members' => $num_members, 'allow_delete' => false, 'allow_modify' => true, 'can_search' => true, 'href' => $scripturl . '?action=viewmembers;sa=query;params=' . base64_encode('ID_GROUP = 0'), 'is_post_group' => false, 'color' => '', 'stars' => '', 'num_permissions' => array( 'allowed' => 0, 'denied' => 0 ), 'access' => false ), ); $postGroups = array(); $normalGroups = array(); // Query the database defined membergroups. $query = db_query(" SELECT ID_GROUP, groupName, minPosts, onlineColor, stars FROM {$db_prefix}membergroups" . (empty($modSettings['permission_enable_postgroups']) ? " WHERE minPosts = -1" : '') . " ORDER BY minPosts, IF(ID_GROUP < 4, ID_GROUP, 4), groupName", __FILE__, __LINE__); while ($row = mysql_fetch_assoc($query)) { $row['stars'] = explode('#', $row['stars']); $context['groups'][$row['ID_GROUP']] = array( 'id' => $row['ID_GROUP'], 'name' => $row['groupName'], 'num_members' => $row['ID_GROUP'] != 3 ? 0 : $txt['membergroups_guests_na'], 'allow_delete' => $row['ID_GROUP'] > 4, 'allow_modify' => $row['ID_GROUP'] > 1, 'can_search' => $row['ID_GROUP'] != 3, 'href' => $scripturl . '?action=viewmembers;sa=query;params=' . base64_encode($row['minPosts'] == -1 ? "ID_GROUP = $row[ID_GROUP] OR FIND_IN_SET($row[ID_GROUP], additionalGroups)" : "ID_POST_GROUP = $row[ID_GROUP]"), 'is_post_group' => $row['minPosts'] != -1, 'color' => empty($row['onlineColor']) ? '' : $row['onlineColor'], 'stars' => !empty($row['stars'][0]) && !empty($row['stars'][1]) ? str_repeat('*', $row['stars'][0]) : '', 'num_permissions' => array( 'allowed' => $row['ID_GROUP'] == 1 ? '(' . $txt['permissions_all'] . ')' : 0, 'denied' => $row['ID_GROUP'] == 1 ? '(' . $txt['permissions_none'] . ')' : 0 ), 'access' => false, ); if ($row['minPosts'] == -1) $normalGroups[$row['ID_GROUP']] = $row['ID_GROUP']; else $postGroups[$row['ID_GROUP']] = $row['ID_GROUP']; } mysql_free_result($query); // Get the number of members in this post group. if (!empty($postGroups)) { $query = db_query(" SELECT ID_POST_GROUP AS ID_GROUP, COUNT(*) AS num_members FROM {$db_prefix}members WHERE ID_POST_GROUP IN (" . implode(', ', $postGroups) . ") GROUP BY ID_POST_GROUP", __FILE__, __LINE__); while ($row = mysql_fetch_assoc($query)) $context['groups'][$row['ID_GROUP']]['num_members'] += $row['num_members']; mysql_free_result($query); } if (!empty($normalGroups)) { // First, the easy one! $query = db_query(" SELECT ID_GROUP, COUNT(*) AS num_members FROM {$db_prefix}members WHERE ID_GROUP IN (" . implode(', ', $normalGroups) . ") GROUP BY ID_GROUP", __FILE__, __LINE__); while ($row = mysql_fetch_assoc($query)) $context['groups'][$row['ID_GROUP']]['num_members'] += $row['num_members']; mysql_free_result($query); // This one is slower, but it's okay... careful not to count twice! $query = db_query(" SELECT mg.ID_GROUP, COUNT(*) AS num_members FROM ({$db_prefix}membergroups AS mg, {$db_prefix}members AS mem) WHERE mg.ID_GROUP IN (" . implode(', ', $normalGroups) . ") AND mem.additionalGroups != '' AND mem.ID_GROUP != mg.ID_GROUP AND FIND_IN_SET(mg.ID_GROUP, mem.additionalGroups) GROUP BY mg.ID_GROUP", __FILE__, __LINE__); while ($row = mysql_fetch_assoc($query)) $context['groups'][$row['ID_GROUP']]['num_members'] += $row['num_members']; mysql_free_result($query); } foreach ($context['groups'] as $id => $data) { if ($data['href'] != '') $context['groups'][$id]['link'] = '' . $data['num_members'] . ''; } /* // !!! Why is this here and commented out? $board_groups = array(); foreach ($context['groups'] as $group) if ($group['allow_modify']) $board_groups[$group['id']] = array( 'id' => &$group['id'], 'name' => &$group['name'], 'num_permissions' => array( 'allowed' => 0, 'denied' => 0 ), ); */ if (empty($_REQUEST['boardid'])) { $request = db_query(" SELECT ID_GROUP, COUNT(*) AS numPermissions, addDeny FROM {$db_prefix}permissions GROUP BY ID_GROUP, addDeny", __FILE__, __LINE__); while ($row = mysql_fetch_assoc($request)) if (isset($context['groups'][(int) $row['ID_GROUP']]) && (!empty($row['addDeny']) || $row['ID_GROUP'] != -1)) $context['groups'][(int) $row['ID_GROUP']]['num_permissions'][empty($row['addDeny']) ? 'denied' : 'allowed'] = $row['numPermissions']; mysql_free_result($request); $request = db_query(" SELECT ID_BOARD, ID_GROUP, COUNT(*) AS numPermissions, addDeny FROM {$db_prefix}board_permissions GROUP BY ID_BOARD, ID_GROUP, addDeny", __FILE__, __LINE__); while ($row = mysql_fetch_assoc($request)) { if ($row['ID_BOARD'] == 0) { if (isset($context['groups'][(int) $row['ID_GROUP']]) && (!empty($row['addDeny']) || $row['ID_GROUP'] != -1)) $context['groups'][(int) $row['ID_GROUP']]['num_permissions'][empty($row['addDeny']) ? 'denied' : 'allowed'] += $row['numPermissions']; } elseif (isset($context['boards'][$row['ID_BOARD']]) && isset($context['boards'][$row['ID_BOARD']]['groups'][(int) $row['ID_GROUP']]) && (!empty($row['addDeny']) || $row['ID_GROUP'] != -1)) $context['boards'][$row['ID_BOARD']]['groups'][(int) $row['ID_GROUP']]['num_permissions'][empty($row['addDeny']) ? 'denied' : 'allowed'] = $row['numPermissions']; } mysql_free_result($request); } else { $_REQUEST['boardid'] = (int) $_REQUEST['boardid']; $request = db_query(" SELECT ID_BOARD, ID_GROUP, COUNT(*) AS numPermissions, addDeny FROM {$db_prefix}board_permissions WHERE ID_BOARD = $_REQUEST[boardid] GROUP BY ID_BOARD, ID_GROUP, addDeny", __FILE__, __LINE__); while ($row = mysql_fetch_assoc($request)) { if (isset($context['groups'][(int) $row['ID_GROUP']]) && (!empty($row['addDeny']) || $row['ID_GROUP'] != -1)) $context['groups'][(int) $row['ID_GROUP']]['num_permissions'][empty($row['addDeny']) ? 'denied' : 'allowed'] += $row['numPermissions']; } mysql_free_result($request); $context['board'] = array( 'id' => $_REQUEST['boardid'] ); // Load all the boards that we can set permissions off... $request = db_query(" SELECT ID_BOARD, name FROM {$db_prefix}boards WHERE ID_BOARD != $_REQUEST[boardid] AND permission_mode = 1", __FILE__, __LINE__); $context['boards'] = array(); while ($row = mysql_fetch_assoc($request)) $context['copy_boards'][] = array( 'id' => $row['ID_BOARD'], 'name' => $row['name'] ); mysql_free_result($request); $request = db_query(" SELECT name, memberGroups FROM {$db_prefix}boards WHERE ID_BOARD = $_REQUEST[boardid] LIMIT 1", __FILE__, __LINE__); list ($context['board']['name'], $groups) = mysql_fetch_row($request); mysql_free_result($request); $groups = explode(',', $groups); foreach ($groups as $group) { if ($group !== '' && isset($context['groups'][(int) $group])) $context['groups'][(int) $group]['access'] = true; } } // Load the proper template. $context['sub_template'] = 'permission_index'; } function PermissionByBoard() { global $context, $db_prefix, $modSettings, $txt; $context['page_title'] = $txt['permissions_boards']; // Changing the permission mode of a board? if (isset($_REQUEST['mode']) && !empty($_REQUEST['boardid']) && empty($modSettings['permission_enable_by_board'])) { checkSession('get'); db_query(" UPDATE {$db_prefix}boards SET permission_mode = " . (int) $_REQUEST['mode'] . " WHERE ID_BOARD = " . (int) $_REQUEST['boardid'] . " LIMIT 1", __FILE__, __LINE__); } $request = db_query(" SELECT b.ID_BOARD, b.name, COUNT(mods.ID_MEMBER) AS moderators, b.memberGroups, b.permission_mode, b.childLevel FROM {$db_prefix}boards AS b LEFT JOIN {$db_prefix}categories AS c ON (c.ID_CAT = b.ID_CAT) LEFT JOIN {$db_prefix}moderators AS mods ON (mods.ID_BOARD = b.ID_BOARD) GROUP BY ID_BOARD ORDER BY boardOrder", __FILE__, __LINE__); $context['boards'] = array(); while ($row = mysql_fetch_assoc($request)) { $row['memberGroups'] = explode(',', $row['memberGroups']); $context['boards'][$row['ID_BOARD']] = array( 'id' => $row['ID_BOARD'], 'child_level' => $row['childLevel'], 'name' => $row['name'], 'num_moderators' => $row['moderators'], 'public' => in_array(0, $row['memberGroups']) || in_array(-1, $row['memberGroups']), 'membergroups' => $row['memberGroups'], 'use_local_permissions' => !empty($modSettings['permission_enable_by_board']) && $row['permission_mode'] == 1, 'permission_mode' => empty($modSettings['permission_enable_by_board']) ? (empty($row['permission_mode']) ? 'normal' : ($row['permission_mode'] == 2 ? 'no_polls' : ($row['permission_mode'] == 3 ? 'reply_only' : 'read_only'))) : 'normal', // 'groups' => $board_groups ); } mysql_free_result($request); $context['sub_template'] = 'by_board'; } function SetQuickGroups() { global $db_prefix, $context; checkSession(); loadIllegalPermissions(); // Make sure only one of the quick options was selected. if ((!empty($_POST['predefined']) && ((isset($_POST['copy_from']) && $_POST['copy_from'] != 'empty') || !empty($_POST['permissions']))) || (!empty($_POST['copy_from']) && $_POST['copy_from'] != 'empty' && !empty($_POST['permissions']))) fatal_lang_error('permissions_only_one_option', false); if (empty($_POST['group']) || !is_array($_POST['group'])) $_POST['group'] = array(); // Only accept numeric values for selected membergroups. foreach ($_POST['group'] as $id => $group_id) $_POST['group'][$id] = (int) $group_id; $_POST['group'] = array_unique($_POST['group']); if (empty($_REQUEST['boardid'])) $_REQUEST['boardid'] = 0; else $_REQUEST['boardid'] = (int) $_REQUEST['boardid']; if (isset($_POST['access'])) { foreach ($_POST['access'] as $k => $v) $_POST['access'][$k] = (int) $v; $access = implode(',', $_POST['access']); } else $access = ''; db_query(" UPDATE {$db_prefix}boards SET memberGroups = '$access' WHERE ID_BOARD = $_REQUEST[boardid] LIMIT 1", __FILE__, __LINE__); // No groups where selected. if (empty($_POST['group'])) redirectexit('action=permissions;boardid=' . $_REQUEST['boardid']); // Set a predefined permission profile. if (!empty($_POST['predefined'])) { // Make sure it's a predefined permission set we expect. if (!in_array($_POST['predefined'], array('restrict', 'standard', 'moderator', 'maintenance'))) redirectexit('action=permissions;boardid=' . $_REQUEST['boardid']); foreach ($_POST['group'] as $group_id) { if (!empty($_REQUEST['boardid'])) setPermissionLevel($_POST['predefined'], $group_id, $_REQUEST['boardid']); else setPermissionLevel($_POST['predefined'], $group_id); } } // Set the permissions of the selected groups to that of their permissions in a different board. elseif (isset($_POST['from_board']) && $_POST['from_board'] != 'empty') { // Just checking the input. if (!is_numeric($_POST['from_board'])) redirectexit('action=permissions;boardid=' . $_REQUEST['boardid']); // Fetch all the board permissions for these groups. $request = db_query(" SELECT ID_GROUP, permission, addDeny FROM {$db_prefix}board_permissions WHERE ID_BOARD = $_POST[from_board] AND ID_GROUP IN (" . implode(',', $_POST['group']) . ")", __FILE__, __LINE__); $target_perms = array(); while ($row = mysql_fetch_assoc($request)) $target_perms[] = "('$row[permission]', $row[ID_GROUP], $_REQUEST[boardid], $row[addDeny])"; mysql_free_result($request); // Delete the previous global board permissions... db_query(" DELETE FROM {$db_prefix}board_permissions WHERE ID_GROUP IN (" . implode(', ', $_POST['group']) . ") AND ID_BOARD = $_REQUEST[boardid]", __FILE__, __LINE__); // And insert the copied permissions. if (!empty($target_perms)) { db_query(" INSERT IGNORE INTO {$db_prefix}board_permissions (permission, ID_GROUP, ID_BOARD, addDeny) VALUES " . implode(',', $target_perms), __FILE__, __LINE__); } } // Set a permission profile based on the permissions of a selected group. elseif ($_POST['copy_from'] != 'empty') { // Just checking the input. if (!is_numeric($_POST['copy_from'])) redirectexit('action=permissions;boardid=' . $_REQUEST['boardid']); // Make sure the group we're copying to is never included. $_POST['group'] = array_diff($_POST['group'], array($_POST['copy_from'])); // No groups left? Too bad. if (empty($_POST['group'])) redirectexit('action=permissions;boardid=' . $_REQUEST['boardid']); if (empty($_REQUEST['boardid'])) { // Retrieve current permissions of group. $request = db_query(" SELECT permission, addDeny FROM {$db_prefix}permissions WHERE ID_GROUP = $_POST[copy_from]", __FILE__, __LINE__); $target_perm = array(); while ($row = mysql_fetch_assoc($request)) $target_perm[$row['permission']] = $row['addDeny']; mysql_free_result($request); $insert_string = ''; foreach ($_POST['group'] as $group_id) foreach ($target_perm as $perm => $addDeny) { // No dodgy permissions please! if (!empty($context['illegal_permissions']) && in_array($perm, $context['illegal_permissions'])) continue; $insert_string .= "('$perm', $group_id, $addDeny),"; } // Delete the previous permissions... db_query(" DELETE FROM {$db_prefix}permissions WHERE ID_GROUP IN (" . implode(', ', $_POST['group']) . ")" . (empty($context['illegal_permissions']) ? '' : " AND permission NOT IN ('" . implode("', '", $context['illegal_permissions']) . "')"), __FILE__, __LINE__); if (!empty($insert_string)) { // Cut off the last comma. $insert_string = substr($insert_string, 0, -1); // ..and insert the new ones. db_query(" INSERT IGNORE INTO {$db_prefix}permissions (permission, ID_GROUP, addDeny) VALUES $insert_string", __FILE__, __LINE__); } } // Now do the same for the board permissions. $request = db_query(" SELECT permission, addDeny FROM {$db_prefix}board_permissions WHERE ID_GROUP = $_POST[copy_from] AND ID_BOARD = $_REQUEST[boardid]", __FILE__, __LINE__); $target_perm = array(); while ($row = mysql_fetch_assoc($request)) $target_perm[$row['permission']] = $row['addDeny']; mysql_free_result($request); $insert_string = ''; foreach ($_POST['group'] as $group_id) foreach ($target_perm as $perm => $addDeny) $insert_string .= "('$perm', $group_id, $_REQUEST[boardid], $addDeny),"; // Delete the previous global board permissions... db_query(" DELETE FROM {$db_prefix}board_permissions WHERE ID_GROUP IN (" . implode(', ', $_POST['group']) . ") AND ID_BOARD = $_REQUEST[boardid]", __FILE__, __LINE__); // And insert the copied permissions. if (!empty($insert_string)) { $insert_string = substr($insert_string, 0, -1); db_query(" INSERT IGNORE INTO {$db_prefix}board_permissions (permission, ID_GROUP, ID_BOARD, addDeny) VALUES $insert_string", __FILE__, __LINE__); } } // Set or unset a certain permission for the selected groups. elseif (!empty($_POST['permissions'])) { // Unpack two variables that were transported. list ($permissionType, $permission) = explode('/', $_POST['permissions']); // Check whether our input is within expected range. if (!in_array($_POST['add_remove'], array('add', 'clear', 'deny')) || !in_array($permissionType, array('membergroup', 'board'))) redirectexit('action=permissions;boardid=' . $_REQUEST['boardid']); if ($_POST['add_remove'] == 'clear') { if ($permissionType == 'membergroup') db_query(" DELETE FROM {$db_prefix}permissions WHERE ID_GROUP IN (" . implode(', ', $_POST['group']) . ") AND permission = '$permission'" . (empty($context['illegal_permissions']) ? '' : " AND permission NOT IN ('" . implode("', '", $context['illegal_permissions']) . "')"), __FILE__, __LINE__); else db_query(" DELETE FROM {$db_prefix}board_permissions WHERE ID_GROUP IN (" . implode(', ', $_POST['group']) . ") AND ID_BOARD = $_REQUEST[boardid] AND permission = '$permission'", __FILE__, __LINE__); } // Add a permission (either 'set' or 'deny'). else { $addDeny = $_POST['add_remove'] == 'add' ? '1' : '0'; if ($permissionType == 'membergroup' && (empty($context['illegal_permissions']) || !in_array($permission, $context['illegal_permissions']))) db_query(" REPLACE INTO {$db_prefix}permissions (permission, ID_GROUP, addDeny) VALUES ('$permission', " . implode(", $addDeny), ('$permission', ", $_POST['group']) . ", $addDeny)", __FILE__, __LINE__); // Board permissions go into the other table. elseif ($permissionType != 'membergroup') db_query(" REPLACE INTO {$db_prefix}board_permissions (permission, ID_GROUP, ID_BOARD, addDeny) VALUES ('$permission', " . implode(", $_REQUEST[boardid], $addDeny), ('$permission', ", $_POST['group']) . ", $_REQUEST[boardid], $addDeny)", __FILE__, __LINE__); } } // Don't allow guests to have certain permissions. db_query(" DELETE FROM {$db_prefix}permissions WHERE ID_GROUP = -1 AND (permission = 'manage_membergroups' OR permission = 'manage_permissions' OR permission = 'admin_forum')", __FILE__, __LINE__); redirectexit('action=permissions;boardid=' . $_REQUEST['boardid']); } // Switch a board from local to global permissions or v.v. function SwitchBoard() { global $db_prefix, $modSettings; // A board cannot be switched when local permissions are disabled. if (empty($modSettings['permission_enable_by_board'])) redirectexit('action=permissions'); // Security above all. checkSession('get'); validateSession(); $_GET['boardid'] = (int) $_GET['boardid']; // Make sure the board exists and can be switched to $_GET['to']. $request = db_query(" SELECT ID_BOARD FROM {$db_prefix}boards WHERE ID_BOARD = $_GET[boardid] AND permission_mode = " . ($_GET['to'] == 'local' ? '0' : '1') . " LIMIT 1", __FILE__, __LINE__); if (mysql_num_rows($request) != 1) { if ($_GET['to'] == 'local') PermissionIndex(); else redirectexit('action=permissions'); return; } mysql_free_result($request); // Copy the global permissions to the specific board. if ($_GET['to'] == 'local') { $request = db_query(" SELECT ID_GROUP, permission, addDeny FROM {$db_prefix}board_permissions WHERE ID_BOARD = 0", __FILE__, __LINE__); $insertRows = array(); while ($row = mysql_fetch_assoc($request)) $insertRows[] = "($row[ID_GROUP], $_GET[boardid], '$row[permission]', $row[addDeny])"; mysql_free_result($request); // Reset the current local permissions. db_query(" DELETE FROM {$db_prefix}board_permissions WHERE ID_BOARD = $_GET[boardid]", __FILE__, __LINE__); if (!empty($insertRows)) db_query(" INSERT INTO {$db_prefix}board_permissions (ID_GROUP, ID_BOARD, permission, addDeny) VALUES " . implode(", ", $insertRows), __FILE__, __LINE__); } // Switch back to inherited permissions (delete all local permissions). else db_query(" DELETE FROM {$db_prefix}board_permissions WHERE ID_BOARD = $_GET[boardid]", __FILE__, __LINE__); // Update the board setting. db_query(" UPDATE {$db_prefix}boards SET permission_mode = " . ($_GET['to'] == 'local' ? '1' : '0') . " WHERE ID_BOARD = $_GET[boardid] LIMIT 1", __FILE__, __LINE__); if ($_GET['to'] == 'local') PermissionByBoard(); else redirectexit('action=permissions;sa=board'); } function ModifyMembergroup() { global $db_prefix, $context, $txt, $modSettings; // It's not likely you'd end up here with this setting disabled. if ((empty($modSettings['permission_enable_by_board']) && !empty($_REQUEST['boardid'])) || $_GET['group'] == 1) redirectexit('action=permissions'); $context['group']['id'] = (int) $_GET['group']; loadAllPermissions(); if ($context['group']['id'] > 0) { $result = db_query(" SELECT groupName FROM {$db_prefix}membergroups WHERE ID_GROUP = {$context['group']['id']} LIMIT 1", __FILE__, __LINE__); list ($context['group']['name']) = mysql_fetch_row($result); mysql_free_result($result); } elseif ($context['group']['id'] == -1) $context['group']['name'] = &$txt['membergroups_guests']; else $context['group']['name'] = &$txt['membergroups_members']; $context['board']['id'] = empty($_GET['boardid']) ? 0 : (int) $_GET['boardid']; $context['local'] = !empty($_GET['boardid']); if ($context['local']) { $request = db_query(" SELECT name FROM {$db_prefix}boards WHERE ID_BOARD = {$context['board']['id']} AND permission_mode = 1", __FILE__, __LINE__); // Either the board was not found or the permissions are set to global. if (mysql_num_rows($request) == 0) fatal_lang_error('smf232', false); list ($context['board']['name']) = mysql_fetch_row($request); mysql_free_result($request); } // Fetch the current permissions. $permissions = array( 'membergroup' => array('allowed' => array(), 'denied' => array()), 'board' => array('allowed' => array(), 'denied' => array()) ); if ($context['group']['id'] != 3 && !$context['local']) { $result = db_query(" SELECT permission, addDeny FROM {$db_prefix}permissions WHERE ID_GROUP = $_GET[group]", __FILE__, __LINE__); while ($row = mysql_fetch_assoc($result)) $permissions['membergroup'][empty($row['addDeny']) ? 'denied' : 'allowed'][] = $row['permission']; mysql_free_result($result); $context['permissions']['membergroup']['show'] = true; } else $context['permissions']['membergroup']['show'] = false; // Fetch current board permissions. $result = db_query(" SELECT permission, addDeny FROM {$db_prefix}board_permissions WHERE ID_GROUP = {$context['group']['id']} AND ID_BOARD = {$context['board']['id']}", __FILE__, __LINE__); while ($row = mysql_fetch_assoc($result)) $permissions['board'][empty($row['addDeny']) ? 'denied' : 'allowed'][] = $row['permission']; mysql_free_result($result); $context['permissions']['board']['show'] = true; // Loop through each permission and set whether it's checked. foreach ($context['permissions'] as $permissionType => $tmp) { foreach ($tmp['columns'] as $position => $permissionGroups) { foreach ($permissionGroups as $permissionGroup => $permissionArray) { foreach ($permissionArray['permissions'] as $perm) { // Create a shortcut for the current permission. $curPerm = &$context['permissions'][$permissionType]['columns'][$position][$permissionGroup]['permissions'][$perm['id']]; if ($perm['has_own_any']) { $curPerm['any']['select'] = in_array($perm['id'] . '_any', $permissions[$permissionType]['allowed']) ? 'on' : (in_array($perm['id'] . '_any', $permissions[$permissionType]['denied']) ? 'denied' : 'off'); $curPerm['own']['select'] = in_array($perm['id'] . '_own', $permissions[$permissionType]['allowed']) ? 'on' : (in_array($perm['id'] . '_own', $permissions[$permissionType]['denied']) ? 'denied' : 'off'); } else $curPerm['select'] = in_array($perm['id'], $permissions[$permissionType]['denied']) ? 'denied' : (in_array($perm['id'], $permissions[$permissionType]['allowed']) ? 'on' : 'off'); } } } } $context['sub_template'] = 'modify_group'; $context['page_title'] = $txt['permissions_modify_group']; } function ModifyMembergroup2() { global $db_prefix, $modSettings, $context; // Never do this if there are no local permissions to be set. if (empty($modSettings['permission_enable_by_board']) && !empty($_REQUEST['boardid'])) redirectexit('action=permissions'); checkSession(); loadIllegalPermissions(); $_GET['group'] = (int) $_GET['group']; $_GET['boardid'] = (int) $_GET['boardid']; $givePerms = array('membergroup' => array(), 'board' => array()); // Prepare all permissions that were set or denied for addition to the DB. if (isset($_POST['perm']) && is_array($_POST['perm'])) { foreach ($_POST['perm'] as $perm_type => $perm_array) { if (is_array($perm_array)) { foreach ($perm_array as $permission => $value) if ($value == 'on' || $value == 'deny') { // Don't allow people to escalate themselves! if (!empty($context['illegal_permissions']) && in_array($permission, $context['illegal_permissions'])) continue; $givePerms[$perm_type][] = "$permission', " . ($value == 'deny' ? '0' : '1'); } } } } // Insert the general permissions. if ($_GET['group'] != 3 && empty($_GET['boardid'])) { db_query(" DELETE FROM {$db_prefix}permissions WHERE ID_GROUP = $_GET[group]" . (empty($context['illegal_permissions']) ? '' : " AND permission NOT IN ('" . implode("', '", $context['illegal_permissions']) . "')"), __FILE__, __LINE__); if (!empty($givePerms['membergroup'])) db_query(" INSERT IGNORE INTO {$db_prefix}permissions (ID_GROUP, permission, addDeny) VALUES ($_GET[group], '" . implode("), ($_GET[group], '", $givePerms['membergroup']) . ")", __FILE__, __LINE__); } // Insert the boardpermissions. db_query(" DELETE FROM {$db_prefix}board_permissions WHERE ID_GROUP = $_GET[group] AND ID_BOARD = $_GET[boardid]", __FILE__, __LINE__); if (!empty($givePerms['board'])) db_query(" INSERT IGNORE INTO {$db_prefix}board_permissions (ID_GROUP, ID_BOARD, permission, addDeny) VALUES ($_GET[group], $_GET[boardid], '" . implode("), ($_GET[group], $_GET[boardid], '", $givePerms['board']) . ")", __FILE__, __LINE__); redirectexit('action=permissions;boardid=' . $_GET['boardid']); } // Screen for modifying general permission settings. function GeneralPermissionSettings() { global $context, $db_prefix, $modSettings, $sourcedir, $txt; $context['page_title'] = $txt['permission_settings_title']; if (!empty($_POST['save_settings'])) { checkSession(); // If the by-board setting has been disabled, remove local permissions. if (!empty($modSettings['permission_enable_by_board']) && empty($_POST['permission_enable_by_board'])) { db_query(" UPDATE {$db_prefix}boards SET permission_mode = 0", __FILE__, __LINE__); db_query(" DELETE FROM {$db_prefix}board_permissions WHERE ID_BOARD != 0", __FILE__, __LINE__); } // If the by-board setting is enabled, convert to local permissions. elseif (empty($modSettings['permission_enable_by_board']) && !empty($_POST['permission_enable_by_board'])) { // Fetch the existing global board permissions. $request = db_query(" SELECT permission, ID_GROUP, addDeny FROM {$db_prefix}board_permissions WHERE ID_BOARD = 0", __FILE__, __LINE__); $perm = array(); while ($row = mysql_fetch_assoc($request)) $perm[$row['ID_GROUP']][$row['addDeny']][] = $row['permission']; mysql_free_result($request); // Cycle through all boards with restrictions. $request = db_query(" SELECT ID_BOARD, permission_mode FROM {$db_prefix}boards AS b WHERE permission_mode > 1", __FILE__, __LINE__); $insertRows = array(); $boards = array(); while ($row = mysql_fetch_assoc($request)) { $boards[] = $row['ID_BOARD']; foreach ($perm as $ID_GROUP => $perm_array) { if (!in_array('moderate_board', $perm_array[1])) { if ($row['permission_mode'] == 4) $perm_array[1] = array_diff($perm_array[1], array('post_reply_own', 'post_reply_any')); if ($row['permission_mode'] >= 3) $perm_array[1] = array_diff($perm_array[1], array('post_new')); if ($row['permission_mode'] >= 2) $perm_array[1] = array_diff($perm_array[1], array('poll_post')); } foreach ($perm_array as $deny => $permissions) foreach ($permissions as $permission) $insertRows[] = "('$permission', $row[ID_BOARD], $ID_GROUP, $deny)"; } } mysql_free_result($request); if (!empty($insertRows)) db_query(" INSERT INTO {$db_prefix}board_permissions (permission, ID_BOARD, ID_GROUP, addDeny) VALUES " . implode(', ', $insertRows), __FILE__, __LINE__); if (!empty($boards)) db_query(" UPDATE {$db_prefix}boards SET permission_mode = 1 WHERE ID_BOARD IN (" . implode(', ', $boards) . ')', __FILE__, __LINE__); } updateSettings(array( 'permission_enable_deny' => empty($_POST['permission_enable_deny']) ? '0' : '1', 'permission_enable_postgroups' => empty($_POST['permission_enable_postgroups']) ? '0' : '1', 'permission_enable_by_board' => empty($_POST['permission_enable_by_board']) ? '0' : '1', )); // Clear all deny permissions...if we want that. if (empty($modSettings['permission_enable_deny'])) { db_query(" DELETE FROM {$db_prefix}permissions WHERE addDeny = 0", __FILE__, __LINE__); db_query(" DELETE FROM {$db_prefix}board_permissions WHERE addDeny = 0", __FILE__, __LINE__); } // Make sure there are no postgroup based permissions left. if (empty($modSettings['permission_enable_postgroups'])) { // Get a list of postgroups. $post_groups = array(); $request = db_query(" SELECT ID_GROUP FROM {$db_prefix}membergroups WHERE minPosts != -1", __FILE__, __LINE__); while ($row = mysql_fetch_assoc($request)) $post_groups[] = $row['ID_GROUP']; mysql_free_result($request); // Remove'em. db_query(" DELETE FROM {$db_prefix}permissions WHERE ID_GROUP IN (" . implode(', ', $post_groups) . ')', __FILE__, __LINE__); db_query(" DELETE FROM {$db_prefix}board_permissions WHERE ID_GROUP IN (" . implode(', ', $post_groups) . ')', __FILE__, __LINE__); } save_inline_permissions(array('manage_permissions')); } init_inline_permissions(array('manage_permissions'), array(-1)); $context['sub_template'] = 'general_permission_settings'; } // Set the permission level for a specific board, group, or group for a board. function setPermissionLevel($level, $group, $board = 'null') { global $db_prefix, $context; loadIllegalPermissions(); // Levels by group... restrict, standard, moderator, maintenance. $groupLevels = array( 'board' => array('inherit' => array()), 'group' => array('inherit' => array()) ); // Levels by board... standard, publish, free. $boardLevels = array('inherit' => array()); // Restrictive - ie. guests. $groupLevels['global']['restrict'] = array( 'search_posts', 'calendar_view', 'view_stats', 'who_view', 'profile_view_own', 'profile_identity_own', ); $groupLevels['board']['restrict'] = array( 'poll_view', 'post_new', 'post_reply_own', 'post_reply_any', 'delete_own', 'modify_own', 'mark_any_notify', 'mark_notify', 'report_any', 'send_topic', ); // Standard - ie. members. They can do anything Restrictive can. $groupLevels['global']['standard'] = array_merge($groupLevels['global']['restrict'], array( 'view_mlist', 'karma_edit', 'pm_read', 'pm_send', 'profile_view_any', 'profile_extra_own', 'profile_server_avatar', 'profile_upload_avatar', 'profile_remote_avatar', 'profile_remove_own', )); $groupLevels['board']['standard'] = array_merge($groupLevels['board']['restrict'], array( 'poll_vote', 'poll_edit_own', 'poll_post', 'poll_add_own', 'post_attachment', 'lock_own', 'remove_own', 'view_attachments', )); // Moderator - ie. moderators :P. They can do what standard can, and more. $groupLevels['global']['moderator'] = array_merge($groupLevels['global']['standard'], array( 'calendar_post', 'calendar_edit_own', )); $groupLevels['board']['moderator'] = array_merge($groupLevels['board']['standard'], array( 'make_sticky', 'poll_edit_any', 'delete_any', 'modify_any', 'lock_any', 'remove_any', 'move_any', 'merge_any', 'split_any', 'poll_lock_any', 'poll_remove_any', 'poll_add_any', )); // Maintenance - wannabe admins. They can do almost everything. $groupLevels['global']['maintenance'] = array_merge($groupLevels['global']['moderator'], array( 'manage_attachments', 'manage_smileys', 'manage_boards', 'moderate_forum', 'manage_membergroups', 'manage_bans', 'admin_forum', 'manage_permissions', 'edit_news', 'calendar_edit_any', 'profile_identity_any', 'profile_extra_any', 'profile_title_any', )); $groupLevels['board']['maintenance'] = array_merge($groupLevels['board']['moderator'], array( )); // Standard - nothing above the group permissions. (this SHOULD be empty.) $boardLevels['standard'] = array( ); // Locked - just that, you can't post here. $boardLevels['locked'] = array( 'poll_view', 'mark_notify', 'report_any', 'send_topic', 'view_attachments', ); // Publisher - just a little more... $boardLevels['publish'] = array_merge($boardLevels['locked'], array( 'post_new', 'post_reply_own', 'post_reply_any', 'delete_own', 'modify_own', 'mark_any_notify', 'delete_replies', 'modify_replies', 'poll_vote', 'poll_edit_own', 'poll_post', 'poll_add_own', 'poll_remove_own', 'post_attachment', 'lock_own', 'remove_own', )); // Free for All - Scary. Just scary. $boardLevels['free'] = array_merge($boardLevels['publish'], array( 'poll_lock_any', 'poll_edit_any', 'poll_add_any', 'poll_remove_any', 'make_sticky', 'lock_any', 'remove_any', 'delete_any', 'split_any', 'merge_any', 'modify_any', )); // Make sure we're not granting someone too many permissions! foreach ($groupLevels['global'][$level] as $k => $permission) if (!empty($context['illegal_permissions']) && in_array($permission, $context['illegal_permissions'])) unset($groupLevels['global'][$level][$k]); // Setting group permissions. if ($board === 'null' && $group !== 'null') { $group = (int) $group; if (empty($groupLevels['global'][$level])) return; db_query(" DELETE FROM {$db_prefix}permissions WHERE ID_GROUP = $group" . (empty($context['illegal_permissions']) ? '' : " AND permission NOT IN ('" . implode("', '", $context['illegal_permissions']) . "')"), __FILE__, __LINE__); db_query(" DELETE FROM {$db_prefix}board_permissions WHERE ID_GROUP = $group AND ID_BOARD = 0", __FILE__, __LINE__); db_query(" INSERT INTO {$db_prefix}permissions (ID_GROUP, permission) VALUES ($group, '" . implode("'), ($group, '", $groupLevels['global'][$level]) . "')", __FILE__, __LINE__); db_query(" INSERT INTO {$db_prefix}board_permissions (ID_BOARD, ID_GROUP, permission) VALUES (0, $group, '" . implode("'), (0, $group, '", $groupLevels['board'][$level]) . "')", __FILE__, __LINE__); } // Setting board permissions for a specific group. elseif ($board !== 'null' && $group !== 'null') { $group = (int) $group; $board = (int) $board; if (!empty($groupLevels['global'][$level])) { db_query(" DELETE FROM {$db_prefix}board_permissions WHERE ID_GROUP = $group AND ID_BOARD = $board", __FILE__, __LINE__); } if (!empty($groupLevels['board'][$level])) { db_query(" INSERT INTO {$db_prefix}board_permissions (ID_BOARD, ID_GROUP, permission) VALUES ($board, $group, '" . implode("'), ($board, $group, '", $groupLevels['board'][$level]) . "')", __FILE__, __LINE__); } } // Setting board permissions for all groups. elseif ($board !== 'null' && $group === 'null') { $board = (int) $board; db_query(" DELETE FROM {$db_prefix}board_permissions WHERE ID_BOARD = $board", __FILE__, __LINE__); if (empty($boardLevels[$level])) return; // Get all the groups... $query = db_query(" SELECT ID_GROUP FROM {$db_prefix}membergroups WHERE ID_GROUP > 3 ORDER BY minPosts, IF(ID_GROUP < 4, ID_GROUP, 4), groupName", __FILE__, __LINE__); while ($row = mysql_fetch_row($query)) { $group = $row[0]; db_query(" INSERT INTO {$db_prefix}board_permissions (ID_BOARD, ID_GROUP, permission) VALUES ($board, $group, '" . implode("'), ($board, $group, '", $boardLevels[$level]) . "')", __FILE__, __LINE__); } mysql_free_result($query); // Add permissions for ungrouped members. db_query(" INSERT INTO {$db_prefix}board_permissions (ID_BOARD, ID_GROUP, permission) VALUES ($board, 0, '" . implode("'), ($board, 0, '", $boardLevels[$level]) . "')", __FILE__, __LINE__); } // $board and $group are both null! else fatal_lang_error(1, false); } function loadAllPermissions() { global $context, $txt; /* The format of this list is as follows: 'permission_group' => array( 'permissions_inside' => has_multiple_options, ), It should be noted that if the permission_group starts with $ it is not treated as a permission. However, if it does not start with $, it is treated as a normal permission. $txt['permissionname_' . $permission] is used for the names of permissions. $txt['permissiongroup_' . $group] is used for names of groups that start with $. $txt['permissionhelp_' . $permission] is used for extended information. $txt['permissionicon_' . $permission_or_group] is used for the icons, if it exists. */ $permissionList = array( 'membergroup' => array( 'general' => array( 'view_stats' => false, 'view_mlist' => false, 'who_view' => false, 'search_posts' => false, 'karma_edit' => false, ), 'pm' => array( 'pm_read' => false, 'pm_send' => false, ), 'calendar' => array( 'calendar_view' => false, 'calendar_post' => false, 'calendar_edit' => true, ), 'maintenance' => array( 'admin_forum' => false, 'manage_boards' => false, 'manage_attachments' => false, 'manage_smileys' => false, 'edit_news' => false, ), 'member_admin' => array( 'moderate_forum' => false, 'manage_membergroups' => false, 'manage_permissions' => false, 'manage_bans' => false, 'send_mail' => false, ), 'profile' => array( 'profile_view' => true, 'profile_identity' => true, 'profile_extra' => true, 'profile_title' => true, 'profile_remove' => true, 'profile_server_avatar' => false, 'profile_upload_avatar' => false, 'profile_remote_avatar' => false, ) ), 'board' => array( 'general_board' => array( 'moderate_board' => false, ), 'topic' => array( 'post_new' => false, 'merge_any' => false, 'split_any' => false, 'send_topic' => false, 'make_sticky' => false, 'move' => true, 'lock' => true, 'remove' => true, 'post_reply' => true, 'modify_replies' => false, 'delete_replies' => false, 'announce_topic' => false, ), 'post' => array( 'delete' => true, 'modify' => true, 'report_any' => false, ), 'poll' => array( 'poll_view' => false, 'poll_vote' => false, 'poll_post' => false, 'poll_add' => true, 'poll_edit' => true, 'poll_lock' => true, 'poll_remove' => true, ), 'notification' => array( 'mark_any_notify' => false, 'mark_notify' => false, ), 'attachment' => array( 'view_attachments' => false, 'post_attachment' => false, ) ) ); // This is just a helpful array of permissions guests... cannot have. $non_guest_permissions = array( 'karma_edit', 'pm_read', 'pm_send', 'profile_identity', 'profile_extra', 'profile_title', 'profile_remove', 'profile_server_avatar', 'profile_upload_avatar', 'profile_remote_avatar', 'poll_vote', 'mark_any_notify', 'mark_notify', 'admin_forum', 'manage_boards', 'manage_attachments', 'manage_smileys', 'edit_news', 'moderate_forum', 'manage_membergroups', 'manage_permissions', 'manage_bans', 'send_mail', ); // All permission groups that will be shown in the left column. $leftPermissionGroups = array( 'general', 'calendar', 'maintenance', 'member_admin', 'general_board', 'topic', 'post', ); $context['permissions'] = array(); foreach ($permissionList as $permissionType => $permissionGroups) { $context['permissions'][$permissionType] = array( 'id' => $permissionType, 'columns' => array( 'left' => array(), 'right' => array() ) ); foreach ($permissionGroups as $permissionGroup => $permissionArray) { $position = in_array($permissionGroup, $leftPermissionGroups) ? 'left' : 'right'; $context['permissions'][$permissionType]['columns'][$position][$permissionGroup] = array( 'type' => $permissionType, 'id' => $permissionGroup, 'name' => &$txt['permissiongroup_' . $permissionGroup], 'icon' => isset($txt['permissionicon_' . $permissionGroup]) ? $txt['permissionicon_' . $permissionGroup] : $txt['permissionicon'], 'help' => isset($txt['permissionhelp_' . $permissionGroup]) ? $txt['permissionhelp_' . $permissionGroup] : '', 'permissions' => array() ); foreach ($permissionArray as $perm => $has_own_any) { if (isset($context['group']['id']) && $context['group']['id'] == -1 && in_array($perm, $non_guest_permissions)) continue; $context['permissions'][$permissionType]['columns'][$position][$permissionGroup]['permissions'][$perm] = array( 'id' => $perm, 'name' => &$txt['permissionname_' . $perm], 'show_help' => isset($txt['permissionhelp_' . $perm]), 'has_own_any' => $has_own_any, 'own' => array( 'id' => $perm . '_own', 'name' => $has_own_any ? $txt['permissionname_' . $perm . '_own'] : '' ), 'any' => array( 'id' => $perm . '_any', 'name' => $has_own_any ? $txt['permissionname_' . $perm . '_any'] : '' ) ); } if (empty($context['permissions'][$permissionType]['columns'][$position][$permissionGroup]['permissions'])) unset($context['permissions'][$permissionType]['columns'][$position][$permissionGroup]); } } } // Initialize a form with inline permissions. function init_inline_permissions($permissions, $excluded_groups = array()) { global $context, $db_prefix, $txt, $modSettings; loadLanguage('ManagePermissions'); loadTemplate('ManagePermissions'); $context['can_change_permissions'] = allowedTo('manage_permissions'); // Nothing to initialize here. if (!$context['can_change_permissions']) return; // Load the permission settings for guests foreach ($permissions as $permission) $context[$permission] = array( -1 => array( 'id' => -1, 'name' => $txt['membergroups_guests'], 'is_postgroup' => false, 'status' => 'off', ), 0 => array( 'id' => 0, 'name' => $txt['membergroups_members'], 'is_postgroup' => false, 'status' => 'off', ), ); $request = db_query(" SELECT ID_GROUP, IF(addDeny = 0, 'deny', 'on') AS status, permission FROM {$db_prefix}permissions WHERE ID_GROUP IN (-1, 0) AND permission IN ('" . implode("', '", $permissions) . "')", __FILE__, __LINE__); while ($row = mysql_fetch_assoc($request)) $context[$row['permission']][$row['ID_GROUP']]['status'] = $row['status']; mysql_free_result($request); $request = db_query(" SELECT mg.ID_GROUP, mg.groupName, mg.minPosts, IFNULL(p.addDeny, -1) AS status, p.permission FROM {$db_prefix}membergroups AS mg LEFT JOIN {$db_prefix}permissions AS p ON (p.ID_GROUP = mg.ID_GROUP AND p.permission IN ('" . implode("', '", $permissions) . "')) WHERE mg.ID_GROUP NOT IN (1, 3)" . (empty($modSettings['permission_enable_postgroups']) ? " AND mg.minPosts = -1" : '') . " ORDER BY mg.minPosts, IF(mg.ID_GROUP < 4, mg.ID_GROUP, 4), mg.groupName", __FILE__, __LINE__); while ($row = mysql_fetch_assoc($request)) { // Initialize each permission as being 'off' until proven otherwise. foreach ($permissions as $permission) if (!isset($context[$permission][$row['ID_GROUP']])) $context[$permission][$row['ID_GROUP']] = array( 'id' => $row['ID_GROUP'], 'name' => $row['groupName'], 'is_postgroup' => $row['minPosts'] != -1, 'status' => 'off', ); $context[$row['permission']][$row['ID_GROUP']]['status'] = empty($row['status']) ? 'deny' : ($row['status'] == 1 ? 'on' : 'off'); } mysql_free_result($request); // Some permissions cannot be given to certain groups. Remove the groups. foreach ($excluded_groups as $group) { foreach ($permissions as $permission) { if (isset($context[$permission][$group])) unset($context[$permission][$group]); } } } // Show a collapsible box to set a specific permission. function theme_inline_permissions($permission) { global $context; $context['current_permission'] = $permission; $context['member_groups'] = $context[$permission]; template_inline_permissions(); } // Save the permissions of a form containing inline permissions. function save_inline_permissions($permissions) { global $context, $db_prefix; // No permissions? Not a great deal to do here. if (!allowedTo('manage_permissions')) return; // Check they can't do certain things. loadIllegalPermissions(); $insertRows = ''; foreach ($permissions as $permission) { if (!isset($_POST[$permission])) continue; foreach ($_POST[$permission] as $ID_GROUP => $value) { if (in_array($value, array('on', 'deny')) && (empty($context['illegal_permissions']) || !in_array($permission, $context['illegal_permissions']))) $insertRows .= ', (' . (int) $ID_GROUP . ", '$permission', " . ($value == 'on' ? '1' : '0') . ')'; } } // Remove the old permissions... db_query(" DELETE FROM {$db_prefix}permissions WHERE permission IN ('" . implode("', '", $permissions) . "')" . (empty($context['illegal_permissions']) ? '' : " AND permission NOT IN ('" . implode("', '", $context['illegal_permissions']) . "')"), __FILE__, __LINE__); // ...and replace them with new ones. if ($insertRows != '') db_query(" INSERT INTO {$db_prefix}permissions (ID_GROUP, permission, addDeny) VALUES " . substr($insertRows, 2), __FILE__, __LINE__); } // Load permissions someone cannot grant. function loadIllegalPermissions() { global $context; $context['illegal_permissions'] = array(); if (!allowedTo('admin_forum')) $context['illegal_permissions'][] = 'admin_forum'; if (!allowedTo('manage_membergroups')) $context['illegal_permissions'][] = 'manage_membergroups'; if (!allowedTo('manage_permissions')) $context['illegal_permissions'][] = 'manage_permissions'; } ?>