https://src.bluestatic.org / bugdar.git / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
r533: - Permission check cleanup
[bugdar.git] / admin / usergroup.php
1 <?php
2 /*=====================================================================*\
3 || ################################################################### ||
4 || # BugStrike [#]version[#]
5 || # --------------------------------------------------------------- # ||
6 || # Copyright ©2002-[#]year[#] by Iris Studios, Inc. All Rights Reserved. # ||
7 || # This file may not be reproduced in any way without permission. # ||
8 || # --------------------------------------------------------------- # ||
9 || # User License Agreement at http://www.iris-studios.com/license/ # ||
10 || ################################################################### ||
11 \*=====================================================================*/
12
13 require_once('./global.php');
14 require_once('./includes/functions_datastore.php');
15
16 if (!can_perform('canadmingroups'))
17 {
18 admin_login();
19 }
20
21 // ###################################################################
22 // define permissions as groups
23
24 $permissions = array(
25 $lang->string('General Permissions') => array(
26 'canviewbugs' => $lang->string('Can View Bugs'),
27 'canviewhidden' => $lang->string('Can View Hidden Bugs and Comments'),
28 'cansearch' => $lang->string('Can Search Bugs'),
29 'cansubscribe' => $lang->string('Can Subscribe to Bugs'),
30 'canbeassignedto' => $lang->string('Can Be Assigned Bugs')
31 ),
32
33 $lang->string('Posting/Submitting Permissions') => array(
34 'canvote' => $lang->string('Can Vote on Polls'),
35 'cansubmitbugs' => $lang->string('Can Submit Bugs'),
36 'canpostcomments' => $lang->string('Can Post Comments'),
37 'cangetattach' => $lang->string('Can View Attachments'),
38 'canputattach' => $lang->string('Can Upload/Edit Own Attachments'),
39 'caneditattach' => $lang->string('Can Manage All Attachments')
40 ),
41
42 $lang->string('Moderation/Managment Permissions') => array(
43 'caneditown' => $lang->string('Can Edit Own Bugs'),
44 'caneditother' => $lang->string('Can Edit Others\' Bugs'),
45 'caneditownreply' => $lang->string('Can Edit Own Comments'),
46 'caneditotherreply' => $lang->string('Can Edit Others\' Comments'),
47 'canassign' => $lang->string('Can Assign Bugs'),
48 'canchangestatus' => $lang->string('Can Change Status')
49 ),
50
51 $lang->string('Administrator Permissions') => array(
52 'canadminpanel' => $lang->string('Can Access Control Panel'),
53 'canadminbugs' => $lang->string('Can Administer Bug Reports'),
54 'canadminfields' => $lang->string('Can Administer Additional Bug Fields'),
55 'canadminversions' => $lang->string('Can Administer Products / Components / Versions'),
56 'canadminusers' => $lang->string('Can Administer Users'),
57 'canadmingroups' => $lang->string('Can Administer Usergroups'),
58 'canadmintools' => $lang->string('Can Administer Settings / Maintenance Tools')
59 )
60 );
61
62 // ###################################################################
63
64 if (empty($_REQUEST['do']))
65 {
66 $_REQUEST['do'] = 'modify';
67 }
68
69 // ###################################################################
70
71 if ($_REQUEST['do'] == 'kill')
72 {
73 if ($bugsys->in['usergroupid'] < 7)
74 {
75 $admin->error($lang->string('You can\'t delete a default usergroup.'));
76 }
77
78 $db->query("DELETE FROM " . TABLE_PREFIX . "usergroup WHERE usergroupid = " . intval($bugsys->in['usergroupid']));
79 $db->query("UPDATE " . TABLE_PREFIX . "user SET usergroupid = 2 WHERE usergroupid = " . intval($bugsys->in['usergroupid']));
80
81 build_usergroups();
82 build_assignedto();
83
84 $admin->redirect('usergroup.php?do=modify');
85 }
86
87 // ###################################################################
88
89 if ($_REQUEST['do'] == 'delete')
90 {
91 if ($bugsys->in['usergroupid'] < 7)
92 {
93 $admin->error($lang->string('You can\'t delete a default usergroup.'));
94 }
95
96 $admin->page_confirm($lang->string('Are you sure you want to delete this usergroup? All users in this group will be set back to the default registered usergroup (id: 2).'), 'usergroup.php?do=kill&amp;usergroupid=' . intval($bugsys->in['usergroupid']));
97 }
98
99 // ###################################################################
100
101 if ($_REQUEST['do'] == 'add' OR $_REQUEST['do'] == 'edit')
102 {
103 $add = (($_REQUEST['do'] == 'add') ? true : false);
104 $edit = (($_REQUEST['do'] == 'edit') ? true : false);
105
106 $admin->page_start(($add ? $lang->string('New Usergroup') : $lang->string('Edit Usergroup')));
107
108 $admin->form_start('usergroup.php', ($add ? 'insert' : 'update'));
109
110 if ($edit)
111 {
112 $usergroup = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "usergroup WHERE usergroupid = " . intval($bugsys->in['usergroupid']));
113 if (!is_array($usergroup))
114 {
115 $admin->error($lang->getlex('error_invalid_id'));
116 }
117
118 $admin->form_hidden_field('usergroupid', $usergroup['usergroupid']);
119 }
120 else
121 {
122 $usergroup['permissions'] = 319;
123 }
124
125 // Details
126 $admin->table_start();
127 $admin->table_head($lang->string('Usergroup Details'));
128 $admin->row_input($lang->string('Usergroup Title'), 'title', $bugsys->sanitize($usergroup['title']));
129 $admin->row_input($lang->string('Display Title<div><dfn>This is the title that others will be able to see when comments are posted.</dfn></div>'), 'displaytitle', $bugsys->sanitize($usergroup['displaytitle']));
130 $admin->row_input($lang->string('Opening Tag Markup<div><dfn>Place all open HTML tags here that will be wrapped around the username.</dfn></div>'), 'opentag', $bugsys->sanitize($usergroup['opentag']));
131 $admin->row_input($lang->string('Closing Tag Markup<div><dfn>Place all closed HTML tags that will close any open HTML tags entered above.</dfn></div>'), 'closetag', $bugsys->sanitize($usergroup['closetag']));
132 $admin->table_end();
133
134 // Permission
135 $admin->table_start();
136
137 $admin->table_head($lang->string('Permission Settings'));
138
139 foreach ($permissions AS $group => $settings)
140 {
141 $admin->row_span($group, 'thead', 'center');
142 foreach ($settings AS $setting => $name)
143 {
144 $admin->row_yesno($name, "perm[$setting]", ($usergroup['permissions'] & $_PERMISSION["$setting"]));
145 }
146 }
147
148 $admin->table_end();
149
150 // custom field permissions
151 $admin->table_start();
152 $admin->table_head($lang->string('Custom Field Permissions'));
153
154 if ($edit)
155 {
156 $perms = $db->query("SELECT fieldid, mask FROM " . TABLE_PREFIX . "bugfieldpermission WHERE usergroupid = $usergroup[usergroupid]");
157 while ($perm = $db->fetch_array($perms))
158 {
159 $permissions["$perm[fieldid]"] = $perm['mask'];
160 }
161 }
162
163 $fields = $db->query("SELECT fieldid, name FROM " . TABLE_PREFIX . "bugfield ORDER BY fieldid");
164 while ($field = $db->fetch_array($fields))
165 {
166 unset($listitem);
167 $admin->list_item($lang->string('No Permission'), 0, $permissions["$field[fieldid]"] == 0);
168 $admin->list_item($lang->string('Can View Field'), 1, $permissions["$field[fieldid]"] == 1);
169 $admin->list_item($lang->string('Can View, Edit Field'), 2, $permissions["$field[fieldid]"] == 2);
170 $admin->row_list($field['name'], "custom[$field[fieldid]]");
171 }
172
173 $admin->table_end();
174
175 // Submit
176 $admin->table_start();
177 $admin->row_submit();
178 $admin->table_end();
179
180 $admin->form_end();
181
182 $admin->page_end();
183 }
184
185 // ###################################################################
186
187 if ($_POST['do'] == 'insert')
188 {
189 foreach ($_POST['perm'] AS $permtitle => $binaryswitch)
190 {
191 $permissionvalue += $_PERMISSION["$permtitle"] * $binaryswitch;
192 }
193
194 $db->query("
195 INSERT INTO " . TABLE_PREFIX . "usergroup
196 (title, displaytitle, opentag, closetag, permissions)
197 VALUES
198 ('" . $bugsys->in['title'] . "', '" . $bugsys->in['displaytitle'] . "',
199 '" . $bugsys->in['opentag'] . "', '" . $bugsys->in['closetag'] . "',
200 $permissionvalue
201 )"
202 );
203
204 $ugroupid = $db->insert_id();
205
206 build_usergroups();
207
208 foreach ($_POST['custom'] AS $fieldid => $mask)
209 {
210 $values[] = "$ugroupid, " . intval($fieldid) . ", " . intval($mask);
211 }
212
213 $db->query("
214 INSERT INTO " . TABLE_PREFIX . "bugfieldpermission
215 (usergroupid, fieldid, mask)
216 VALUES
217 (" . implode("\n\t\t\t", $values) . "
218 )"
219 );
220
221 $admin->redirect('usergroup.php?do=modify');
222 }
223
224 // ###################################################################
225
226 if ($_POST['do'] == 'update')
227 {
228 foreach ($_POST['perm'] AS $permtitle => $binaryswitch)
229 {
230 $permissionvalue += $_PERMISSION["$permtitle"] * $binaryswitch;
231 }
232
233 $db->query("
234 UPDATE " . TABLE_PREFIX . "usergroup
235 SET title = '" . $bugsys->in['title'] . "',
236 displaytitle = '" . $bugsys->in['displaytitle'] . "',
237 opentag = '" . $bugsys->unsanitize($bugsys->in['opentag']) . "',
238 closetag = '" . $bugsys->unsanitize($bugsys->in['closetag']) . "',
239 permissions = $permissionvalue
240 WHERE usergroupid = " . intval($bugsys->in['usergroupid'])
241 );
242
243 build_usergroups();
244 build_assignedto();
245
246 $ugroupid = intval($bugsys->in['usergroupid']);
247 foreach ($_POST['custom'] AS $fieldid => $mask)
248 {
249 $values[] = "$ugroupid, " . intval($fieldid) . ", " . intval($mask);
250 }
251
252 $db->query("
253 REPLACE INTO " . TABLE_PREFIX . "bugfieldpermission
254 (usergroupid, fieldid, mask)
255 VALUES
256 (" . implode("),\n\t\t\t(", $values) . ")"
257 );
258
259
260 $admin->redirect('usergroup.php?do=modify');
261 }
262
263 // ###################################################################
264
265 if ($_REQUEST['do'] == 'modify')
266 {
267 $admin->page_start($lang->string('Usergroup Manager'));
268
269 $admin->form_start('usergroup.php', 'null');
270 $admin->table_start();
271 $admin->table_head($lang->string('Usergroup Manager'), 3);
272
273 $groups = $db->query("SELECT * FROM " . TABLE_PREFIX . "usergroup ORDER BY usergroupid ASC");
274 while ($group = $db->fetch_array($groups))
275 {
276 $usergroups["$group[usergroupid]"] = $group;
277 }
278 $db->free_result($groups);
279
280 $groups = $db->query("
281 SELECT COUNT(user.userid) AS total, user.usergroupid
282 FROM " . TABLE_PREFIX . "user AS user
283 LEFT JOIN " . TABLE_PREFIX . "usergroup AS usergroup USING (usergroupid)
284 GROUP BY usergroup.usergroupid
285 ORDER BY usergroup.usergroupid"
286 );
287 while ($group = $db->fetch_array($groups))
288 {
289 $usergroups["$group[usergroupid]"]['total'] = $group['total'];
290 }
291
292 $admin->table_column_head(array($lang->string('Usergroup'), $lang->string('Number of Users'), $lang->string('Action')));
293 foreach ($usergroups AS $group)
294 {
295 $admin->row_multi_item(array("<a href=\"usergroup.php?do=edit&amp;usergroupid=$group[usergroupid]\">$group[title]</a>" => 'l', ((!$group['total']) ? '-' : $group['total']) => 'c', "<a href=\"usergroup.php?do=edit&amp;usergroupid=$group[usergroupid]\">[" . $lang->string('Edit') . "]</a>" . (($group['usergroupid'] > 6) ? "<a href=\"usergroup.php?do=delete&amp;usergroupid=$group[usergroupid]\">[" . $lang->string('Delete') . "]</a>" : '') => 'c'));
296 }
297
298 $admin->row_span('<a href="usergroup.php?do=add">[' . $lang->string('Add New Usergroup') . ']</a>', 'tfoot', 'center', 3);
299 $admin->table_end();
300 $admin->form_end();
301
302 $admin->page_end();
303 }
304
305 /*=====================================================================*\
306 || ###################################################################
307 || # $HeadURL$
308 || # $Id$
309 || ###################################################################
310 \*=====================================================================*/
311 ?>
Open-source PHP-MySQL bug tracking system that has customizable CSS/XHTML templates, email notifications, Atom syndication, internationalization support, and a very simple setup.