r887: Removing all the annoying calls to intval() in place of ISSO's cleaning framework

[bugdar.git] / admin / permission.php

<?php
/*=====================================================================*\
|| ###################################################################
|| # Bugdar [#]version[#]
|| # Copyright ©2002-[#]year[#] Iris Studios, Inc.
|| #
|| # This program is free software; you can redistribute it and/or modify
|| # it under the terms of the GNU General Public License as published by
|| # the Free Software Foundation; version [#]gpl[#] of the License.
|| #
|| # This program is distributed in the hope that it will be useful, but
|| # WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|| # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
|| # more details.
|| #
|| # You should have received a copy of the GNU General Public License along
|| # with this program; if not, write to the Free Software Foundation, Inc.,
|| # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
|| ###################################################################
\*=====================================================================*/

require_once('./global.php');
require_once('./includes/functions_datastore.php');

if (!can_perform('canadmingroups'))
{
        admin_login();
}

// ###################################################################
// define permissions as groups

$permissions = array(
        $lang->string('General Permissions') => array(
                'canviewbugs' => $lang->string('Can View Bugs'),
                'canviewhidden' => $lang->string('Can View Hidden Bugs and Comments'),
                'cansubscribe' => $lang->string('Can Subscribe to Bugs'),
        ),
        
        $lang->string('Posting/Submitting Permissions') => array(
                'canvote' => $lang->string('Can Vote on Polls'),
                'cansubmitbugs' => $lang->string('Can Submit Bugs'),
                'canpostcomments' => $lang->string('Can Post Comments'),
                'cangetattach' => $lang->string('Can View Attachments'),
                'canputattach' => $lang->string('Can Upload/Edit Own Attachments'),
                'caneditattach' => $lang->string('Can Manage All Attachments')
        ),
        
        $lang->string('Moderation/Managment Permissions') => array(
                'caneditown' => $lang->string('Can Edit Own Bugs'),
                'caneditother' => $lang->string('Can Edit Others\' Bugs'),
                'caneditownreply' => $lang->string('Can Edit Own Comments'),
                'caneditotherreply' => $lang->string('Can Edit Others\' Comments'),
                'canassign' => $lang->string('Can Assign Bugs'),
                'canchangestatus' => $lang->string('Can Change Status')
        )
);

// ###################################################################

if (empty($_REQUEST['do']))
{
        $_REQUEST['do'] = 'modify';
}

// ###################################################################

if ($_REQUEST['do'] == 'kill')
{
        $bugsys->input_clean('usergroupid', TYPE_UINT);
        $db->query("DELETE FROM " . TABLE_PREFIX . "permission WHERE usergroupid = " . $bugsys->in['usergroupid'] . " AND productid = " . $bugsys->input_clean('productid', TYPE_UINT));
        
        build_permissions();
        
        $admin->redirect('permission.php?do=modify&usergroupid=' . $bugsys->in['usergroupid']);
}

// ###################################################################

if ($_REQUEST['do'] == 'delete')
{
        $admin->page_confirm($lang->string('Are you sure you want to revert this permission mask?'), 'permission.php?do=kill&amp;usergroupid=' . $bugsys->input_clean('usergroupid', TYPE_UINT) . '&amp;productid=' . $bugsys->input_clean('productid', TYPE_UINT));
}

// ###################################################################

if ($_REQUEST['do'] == 'edit')
{
        $bugsys->input_clean_array(array(
                'usergroupid'   => TYPE_UINT,
                'productid'             => TYPE_UINT
        ));
        $perm = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "permission WHERE usergroupid = " . $bugsys->in['usergroupid'] . " AND productid = " . $bugsys->in['productid']);
        $usergroup = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "usergroup WHERE usergroupid = " . $bugsys->in['usergroupid']);
        $product = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "product WHERE productid = " . $bugsys->in['productid']);
        
        if (!$usergroup OR !$product)
        {
                $admin->error($lang->getlex('error_invalid_id'));
        }
        
        $admin->page_start($lang->string('Edit Permissions'));
        
        $admin->form_start('permission.php', 'update');
        $admin->form_hidden_field('usergroupid', $usergroup['usergroupid']);
        $admin->form_hidden_field('productid', $product['productid']);
        
        // determine the value to work off of
        if ($perm)
        {
                $mask = $perm['mask'];
        }
        else
        {
                $mask = $usergroup['permissions'];
        }
        
        // Permission
        $admin->table_start();
        $admin->table_head(sprintf($lang->string('Permissions: %1$s - %2$s'), $usergroup['title'], $product['title']), 2, 'usergroups_permissions_details');
        
        foreach ($permissions AS $group => $settings)
        {
                $admin->row_span($group, 'thead', 'center');
                foreach ($settings AS $setting => $name)
                {
                        $admin->row_yesno($name, "perm[$setting]", ($mask & $_PERMISSION["$setting"]));
                }
        }

        $admin->row_submit();
        $admin->table_end();
        $admin->form_end();
        $admin->page_end();
}

// ###################################################################

if ($_POST['do'] == 'update')
{
        $bugsys->input_clean_array(array(
                'perm'                  => TYPE_UINT,
                'usergroupid'   => TYPE_UINT,
                'productid'             => TYPE_UINT
        ));
        foreach ($bugsys->in['perm'] AS $permtitle => $binaryswitch)
        {
                $permissionvalue += $_PERMISSION["$permtitle"] * $binaryswitch;
        }
        
        $db->query("
                REPLACE INTO " . TABLE_PREFIX . "permission
                        (usergroupid, productid, mask)
                VALUES
                        (" . $bugsys->in['usergroupid'] . ",
                        " . $bugsys->in['productid'] . ",
                        $permissionvalue
                )"
        );
        
        build_permissions();
        
        $admin->redirect('permission.php?do=modify&usergroupid=' . $bugsys->in['usergroupid']);
}

// ###################################################################

if ($_REQUEST['do'] == 'modify')
{
        $admin->page_start($lang->string('Permission Manager'));
        
        $admin->table_start();
        $admin->table_head($lang->string('Permission Manager'), 2, 'usergroups_permissions');
        
        $groups = $db->query("SELECT * FROM " . TABLE_PREFIX . "usergroup ORDER BY usergroupid ASC");
        while ($group = $db->fetch_array($groups))
        {
                $usergroups["$group[usergroupid]"] = $group;
        }
        $db->free_result($groups);
        
        foreach ($usergroups AS $group)
        {
                $admin->row_text($group['title'], ($bugsys->in['usergroupid'] != $group['usergroupid'] ? "<a href=\"permission.php?do=modify&amp;usergroupid=$group[usergroupid]\">[" . $lang->string('Expand') . "]</a>" : ''), 'top', 2, 'alt3');
                
                if ($bugsys->in['usergroupid'] == $group['usergroupid'])
                {
                        $permissions_fetch = $db->query("SELECT * FROM " . TABLE_PREFIX . "permission WHERE usergroupid = $group[usergroupid]");
                        while ($permission = $db->fetch_array($permissions_fetch))
                        {
                                $permissions["$permission[productid]"] = $permission['mask'];
                        }
                        
                        $products_fetch = $db->query("SELECT * FROM " . TABLE_PREFIX . "product WHERE !componentmother ORDER BY displayorder ASC");
                        while ($product = $db->fetch_array($products_fetch))
                        {
                                $groupid = $group['usergroupid'];
                                $prodid = $product['productid'];
                                
                                if (!isset($permissions["$product[productid]"]))
                                {
                                        $statuslink = $lang->string('Inherited From Usergroup Settings: ');
                                        $statuslink .= "<a href=\"permission.php?do=edit&amp;usergroupid=$groupid&amp;productid=$prodid\">[" . $lang->string('Customize') . ']</a>';
                                }
                                else
                                {
                                        $statuslink = $lang->string('Customized: ');
                                        $statuslink .= "<a href=\"permission.php?do=edit&amp;usergroupid=$groupid&amp;productid=$prodid\">[" . $lang->string('Edit') . ']</a>';
                                        $statuslink .= " <a href=\"permission.php?do=delete&amp;usergroupid=$groupid&amp;productid=$prodid\">[" . $lang->string('Revert') . ']</a>';
                                }
                                
                                $admin->row_text($product['title'], $statuslink);
                        }
                }
        }
        
        $admin->table_end();
        
        $admin->page_end();
}

/*=====================================================================*\
|| ###################################################################
|| # $HeadURL$
|| # $Id$
|| ###################################################################
\*=====================================================================*/
?>