admin/permission.php

   1 <?php
   2 /*=====================================================================*\
   3 || ###################################################################
   4 || # Bugdar [#]version[#]
   5 || # Copyright ©2002-[#]year[#] Iris Studios, Inc.
   6 || #
   7 || # This program is free software; you can redistribute it and/or modify
   8 || # it under the terms of the GNU General Public License as published by
   9 || # the Free Software Foundation; version [#]gpl[#] of the License.
  10 || #
  11 || # This program is distributed in the hope that it will be useful, but
  12 || # WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  13 || # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
  14 || # more details.
  15 || #
  16 || # You should have received a copy of the GNU General Public License along
  17 || # with this program; if not, write to the Free Software Foundation, Inc.,
  18 || # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
  19 || ###################################################################
  20 \*=====================================================================*/
  21
  22 // #*# look at an API for permission.php
  23
  24 require_once('./global.php');
  25 require_once('./includes/functions_datastore.php');
  26
  27 NavLinks::usersPages();
  28 $navigator->set_focus('tab', 'users', null);
  29 $navigator->set_focus('link', 'users-pages-permissions', 'users-pages');
  30
  31 if (!can_perform('canadmingroups'))
  32 {
  33         admin_login();
  34 }
  35
  36 // ###################################################################
  37 // define permissions as groups
  38
  39 $permissions = array(
  40         $lang->string('General Permissions') => array(
  41                 'canviewbugs' => $lang->string('Can View Bugs'),
  42                 'canviewhidden' => $lang->string('Can View Hidden Bugs and Comments'),
  43                 'cansubscribe' => $lang->string('Can Subscribe to Bugs'),
  44         ),
  45
  46         $lang->string('Posting/Submitting Permissions') => array(
  47                 'canvote' => $lang->string('Can Vote on Polls'),
  48                 'cansubmitbugs' => $lang->string('Can Submit Bugs'),
  49                 'canpostcomments' => $lang->string('Can Post Comments'),
  50                 'cangetattach' => $lang->string('Can View Attachments'),
  51                 'canputattach' => $lang->string('Can Upload/Edit Own Attachments'),
  52                 'caneditattach' => $lang->string('Can Manage All Attachments')
  53         ),
  54
  55         $lang->string('Moderation/Managment Permissions') => array(
  56                 'caneditown' => $lang->string('Can Edit Own Bugs'),
  57                 'caneditother' => $lang->string('Can Edit Others\' Bugs'),
  58                 'caneditownreply' => $lang->string('Can Edit Own Comments'),
  59                 'caneditotherreply' => $lang->string('Can Edit Others\' Comments'),
  60                 'canassign' => $lang->string('Can Assign Bugs'),
  61                 'canchangestatus' => $lang->string('Can Change Status'),
  62                 'candeletedata' => $lang->string('Can Delete Bugs and Comments')
  63         )
  64 );
  65
  66 // ###################################################################
  67
  68 if (empty($_REQUEST['do']))
  69 {
  70         $_REQUEST['do'] = 'modify';
  71 }
  72
  73 // ###################################################################
  74
  75 if ($_REQUEST['do'] == 'kill')
  76 {
  77         $bugsys->input_clean('usergroupid', TYPE_UINT);
  78         $db->query("DELETE FROM " . TABLE_PREFIX . "permission WHERE usergroupid = " . $bugsys->in['usergroupid'] . " AND productid = " . $bugsys->input_clean('productid', TYPE_UINT));
  79
  80         build_permissions();
  81
  82         $admin->redirect('permission.php?do=modify&usergroupid=' . $bugsys->in['usergroupid']);
  83 }
  84
  85 // ###################################################################
  86
  87 if ($_REQUEST['do'] == 'delete')
  88 {
  89         $admin->page_confirm($lang->string('Are you sure you want to revert this permission mask?'), 'permission.php?do=kill&amp;usergroupid=' . $bugsys->input_clean('usergroupid', TYPE_UINT) . '&amp;productid=' . $bugsys->input_clean('productid', TYPE_UINT));
  90 }
  91
  92 // ###################################################################
  93
  94 if ($_REQUEST['do'] == 'edit')
  95 {
  96         $bugsys->input_clean_array(array(
  97                 'usergroupid'   => TYPE_UINT,
  98                 'productid'             => TYPE_UINT
  99         ));
 100         $perm = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "permission WHERE usergroupid = " . $bugsys->in['usergroupid'] . " AND productid = " . $bugsys->in['productid']);
 101         $usergroup = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "usergroup WHERE usergroupid = " . $bugsys->in['usergroupid']);
 102         $product = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "product WHERE productid = " . $bugsys->in['productid']);
 103
 104         if (!$usergroup OR !$product)
 105         {
 106                 $admin->error($lang->getlex('error_invalid_id'));
 107         }
 108
 109         $admin->page_start($lang->string('Edit Permissions'));
 110
 111         $admin->form_start('permission.php', 'update');
 112         $admin->form_hidden_field('usergroupid', $usergroup['usergroupid']);
 113         $admin->form_hidden_field('productid', $product['productid']);
 114
 115         // determine the value to work off of
 116         if ($perm)
 117         {
 118                 $mask = $perm['mask'];
 119         }
 120         else
 121         {
 122                 $mask = $usergroup['permissions'];
 123         }
 124
 125         // Permission
 126         $admin->table_start();
 127         $admin->table_head(sprintf($lang->string('Permissions: %1$s - %2$s'), $usergroup['title'], $product['title']));
 128
 129         foreach ($permissions AS $group => $settings)
 130         {
 131                 $admin->row_span($group, 'thead', 'center');
 132                 foreach ($settings AS $setting => $name)
 133                 {
 134                         $admin->row_yesno($name, "perm[$setting]", ($mask & $bugsys->permissions["$setting"]));
 135                 }
 136         }
 137
 138         $admin->row_submit();
 139         $admin->table_end();
 140         $admin->form_end();
 141         $admin->page_end();
 142 }
 143
 144 // ###################################################################
 145
 146 if ($_POST['do'] == 'update')
 147 {
 148         $bugsys->input_clean_array(array(
 149                 'perm'                  => TYPE_UINT,
 150                 'usergroupid'   => TYPE_UINT,
 151                 'productid'             => TYPE_UINT
 152         ));
 153         foreach ($bugsys->in['perm'] AS $permtitle => $binaryswitch)
 154         {
 155                 $permissionvalue += $bugsys->permissions["$permtitle"] * $binaryswitch;
 156         }
 157
 158         $db->query("
 159                 REPLACE INTO " . TABLE_PREFIX . "permission
 160                         (usergroupid, productid, mask)
 161                 VALUES
 162                         (" . $bugsys->in['usergroupid'] . ",
 163                         " . $bugsys->in['productid'] . ",
 164                         $permissionvalue
 165                 )"
 166         );
 167
 168         build_permissions();
 169
 170         $admin->redirect('permission.php?do=modify&usergroupid=' . $bugsys->in['usergroupid']);
 171 }
 172
 173 // ###################################################################
 174
 175 if ($_REQUEST['do'] == 'modify')
 176 {
 177         $admin->page_start($lang->string('Permission Manager'));
 178
 179         $admin->table_start();
 180         $admin->table_head($lang->string('Permission Manager'));
 181
 182         $groups = $db->query("SELECT * FROM " . TABLE_PREFIX . "usergroup ORDER BY usergroupid ASC");
 183         while ($group = $db->fetch_array($groups))
 184         {
 185                 $usergroups["$group[usergroupid]"] = $group;
 186         }
 187         $db->free_result($groups);
 188
 189         foreach ($usergroups AS $group)
 190         {
 191                 $admin->row_text($group['title'], ($bugsys->in['usergroupid'] != $group['usergroupid'] ? "<a href=\"permission.php?do=modify&amp;usergroupid=$group[usergroupid]\">[" . $lang->string('Expand') . "]</a>" : ''), 'top', 2, 'alt3');
 192
 193                 if ($bugsys->in['usergroupid'] == $group['usergroupid'])
 194                 {
 195                         $permissions_fetch = $db->query("SELECT * FROM " . TABLE_PREFIX . "permission WHERE usergroupid = $group[usergroupid]");
 196                         while ($permission = $db->fetch_array($permissions_fetch))
 197                         {
 198                                 $permissions["$permission[productid]"] = $permission['mask'];
 199                         }
 200
 201                         $products_fetch = $db->query("SELECT * FROM " . TABLE_PREFIX . "product WHERE !componentmother ORDER BY displayorder ASC");
 202                         while ($product = $db->fetch_array($products_fetch))
 203                         {
 204                                 $groupid = $group['usergroupid'];
 205                                 $prodid = $product['productid'];
 206
 207                                 if (!isset($permissions["$product[productid]"]))
 208                                 {
 209                                         $statuslink = $lang->string('Inherited From Usergroup Settings: ');
 210                                         $statuslink .= "<a href=\"permission.php?do=edit&amp;usergroupid=$groupid&amp;productid=$prodid\">[" . $lang->string('Customize') . ']</a>';
 211                                 }
 212                                 else
 213                                 {
 214                                         $statuslink = $lang->string('Customized: ');
 215                                         $statuslink .= "<a href=\"permission.php?do=edit&amp;usergroupid=$groupid&amp;productid=$prodid\">[" . $lang->string('Edit') . ']</a>';
 216                                         $statuslink .= " <a href=\"permission.php?do=delete&amp;usergroupid=$groupid&amp;productid=$prodid\">[" . $lang->string('Revert') . ']</a>';
 217                                 }
 218
 219                                 $admin->row_text($product['title'], $statuslink);
 220                         }
 221                 }
 222         }
 223
 224         $admin->table_end();
 225
 226         $admin->page_end();
 227 }
 228
 229 /*=====================================================================*\
 230 || ###################################################################
 231 || # $HeadURL$
 232 || # $Id$
 233 || ###################################################################
 234 \*=====================================================================*/
 235 ?>