$onbits = array();
$usergroupid = $userinfo['usergroupid'];
+ FetchUserPermissions($userinfo); // get the groups
+ $groups = $userinfo['groupids'];
+ $groups[] = $usergroupid;
- if ($bugsys->datastore['usergroup']["$usergroupid"]['permissions'] & $bugsys->permissions["$mask"] AND is_array($bugsys->datastore['product']))
+ // product-inspecific work
+ if (is_array($bugsys->datastore['product']))
{
- foreach ($bugsys->datastore['product'] AS $id => $product)
+ foreach ($groups AS $groupid)
{
- $onbits["$id"] = $id;
+ // we only need to do this so long as there's no onbits array because this isn't product specific
+ if (sizeof($onbits) == 0 AND $bugsys->datastore['usergroup']["$groupid"]['permissions'] & $bugsys->permissions["$mask"])
+ {
+ foreach ($bugsys->datastore['product'] AS $id => $product)
+ {
+ $onbits["$id"] = $id;
+ }
+ }
}
}
- if (is_array($bugsys->datastore['permission']["$usergroupid"]))
+ // bits set explicitly by products
+ $explicit = array();
+
+ // product specific work
+ foreach ($groups AS $groupid)
{
- foreach ($bugsys->datastore['permission']["$usergroupid"] AS $productid => $bit)
+ if (is_array($bugsys->datastore['permission']["$groupid"]))
{
- if ($bit & $bugsys->permissions["$mask"])
+ foreach ($bugsys->datastore['permission']["$groupid"] AS $productid => $bit)
{
- $onbits["$productid"] = $productid;
- }
- else
- {
- if ($onbits["$productid"])
+ if ($bit & $bugsys->permissions["$mask"])
+ {
+ $explicit["$productid"] = $productid;
+ $onbits["$productid"] = $productid;
+ }
+ else
{
- unset($onbits["$productid"]);
+ // only unset if the bit was set in the first place by blanket and not product-specific permissions
+ // if it was set by product permissions then the highest level takes precedence
+ if ($onbits["$productid"] AND !isset($explicit["$productid"]))
+ {
+ unset($onbits["$productid"]);
+ }
}
}
}
}
+ // SQL queries would become very unhappy if we didn't do this
if (sizeof($onbits) < 1)
{
$onbits = array(0);