155 lines
5.3 KiB
PHP
155 lines
5.3 KiB
PHP
<?php
|
|
namespace Misuzu;
|
|
|
|
use RuntimeException;
|
|
use Index\Colour\Colour;
|
|
use Index\Colour\ColourRGB;
|
|
use Misuzu\Users\User;
|
|
|
|
if(!User::hasCurrent() || !perms_check_user(MSZ_PERMS_USER, User::getCurrent()->getId(), MSZ_PERM_USER_MANAGE_ROLES)) {
|
|
echo render_error(403);
|
|
return;
|
|
}
|
|
|
|
$roles = $msz->getRoles();
|
|
|
|
if(filter_has_var(INPUT_GET, 'r')) {
|
|
$roleId = (string)filter_input(INPUT_GET, 'r', FILTER_SANITIZE_NUMBER_INT);
|
|
|
|
try {
|
|
$isNew = false;
|
|
$roleInfo = $roles->getRole($roleId);
|
|
} catch(RuntimeException $ex) {
|
|
echo render_error(404);
|
|
return;
|
|
}
|
|
} else $isNew = true;
|
|
|
|
$currentUser = User::getCurrent();
|
|
$currentUserId = $currentUser->getId();
|
|
$canEditPerms = perms_check_user(MSZ_PERMS_USER, $currentUserId, MSZ_PERM_USER_MANAGE_PERMS);
|
|
|
|
if($canEditPerms)
|
|
$permissions = manage_perms_list(perms_get_role_raw($roleId ?? 0));
|
|
|
|
while($_SERVER['REQUEST_METHOD'] === 'POST' && CSRF::validateRequest()) {
|
|
if(!$isNew && !$currentUser->isSuper() && $roleInfo->getRank() >= $currentUser->getRank()) {
|
|
echo 'You aren\'t allowed to edit this role.';
|
|
break;
|
|
}
|
|
|
|
$roleName = (string)filter_input(INPUT_POST, 'ur_name');
|
|
$roleHide = !empty($_POST['ur_hidden']);
|
|
$roleLeavable = !empty($_POST['ur_leavable']);
|
|
$roleRank = (int)filter_input(INPUT_POST, 'ur_rank', FILTER_SANITIZE_NUMBER_INT);
|
|
$roleTitle = (string)filter_input(INPUT_POST, 'ur_title');
|
|
$roleDesc = (string)filter_input(INPUT_POST, 'ur_desc');
|
|
$colourInherit = !empty($_POST['ur_col_inherit']);
|
|
$colourRed = (int)filter_input(INPUT_POST, 'ur_col_red', FILTER_SANITIZE_NUMBER_INT);
|
|
$colourGreen = (int)filter_input(INPUT_POST, 'ur_col_green', FILTER_SANITIZE_NUMBER_INT);
|
|
$colourBlue = (int)filter_input(INPUT_POST, 'ur_col_blue', FILTER_SANITIZE_NUMBER_INT);
|
|
|
|
Template::set([
|
|
'role_ur_name' => $roleName,
|
|
'role_ur_hidden' => $roleHide,
|
|
'role_ur_leavable' => $roleLeavable,
|
|
'role_ur_rank' => $roleRank,
|
|
'role_ur_title' => $roleTitle,
|
|
'role_ur_desc' => $roleDesc,
|
|
'role_ur_col_inherit' => $colourInherit,
|
|
'role_ur_col_red' => $colourRed,
|
|
'role_ur_col_green' => $colourGreen,
|
|
'role_ur_col_blue' => $colourBlue,
|
|
]);
|
|
|
|
if(!$currentUser->isSuper() && $roleRank >= $currentUser->getRank()) {
|
|
echo 'You aren\'t allowed to make a role with equal rank to your own.';
|
|
break;
|
|
}
|
|
|
|
$roleNameLength = mb_strlen($roleName);
|
|
if($roleNameLength < 1 || $roleNameLength > 100) {
|
|
echo 'Provided role name is either too long or too short.';
|
|
break;
|
|
}
|
|
|
|
if($roleRank < 1 || $roleRank > 100) {
|
|
echo 'Role rank may not be less than 1 or more than 100.';
|
|
break;
|
|
}
|
|
|
|
$roleColour = $colourInherit
|
|
? Colour::none()
|
|
: new ColourRGB($colourRed, $colourGreen, $colourBlue);
|
|
|
|
if(mb_strlen($roleDesc) > 1000) {
|
|
echo 'Description may not be longer than 1000 characters.';
|
|
break;
|
|
}
|
|
|
|
if(mb_strlen($roleTitle) > 64) {
|
|
echo 'Role title may not be longer than 64 characters.';
|
|
break;
|
|
}
|
|
|
|
if($isNew) {
|
|
$roleInfo = $roles->createRole($roleName, $roleRank, $roleColour, $roleTitle, $roleDesc, $roleHide, $roleLeavable);
|
|
} else {
|
|
if($roleName === $roleInfo->getName())
|
|
$roleName = null;
|
|
if($roleHide === $roleInfo->isHidden())
|
|
$roleHide = null;
|
|
if($roleLeavable === $roleInfo->isLeavable())
|
|
$roleLeavable = null;
|
|
if($roleRank === $roleInfo->getRank())
|
|
$roleRank = null;
|
|
if($roleTitle === $roleInfo->getTitle())
|
|
$roleTitle = null;
|
|
if($roleDesc === $roleInfo->getDescription())
|
|
$roleDesc = null;
|
|
// local genius did not implement colour comparison
|
|
if((string)$roleColour === (string)$roleInfo->getColour())
|
|
$roleColour = null;
|
|
|
|
$roles->updateRole($roleInfo, $roleName, $roleRank, $roleColour, $roleTitle, $roleDesc, $roleHide, $roleLeavable);
|
|
}
|
|
|
|
$msz->createAuditLog(
|
|
$isNew ? 'ROLE_CREATE' : 'ROLE_UPDATE',
|
|
[$roleInfo->getId()]
|
|
);
|
|
|
|
if(!empty($permissions) && !empty($_POST['perms']) && is_array($_POST['perms'])) {
|
|
$perms = manage_perms_apply($permissions, $_POST['perms']);
|
|
|
|
if($perms !== null) {
|
|
$permKeys = array_keys($perms);
|
|
$setPermissions = DB::prepare('
|
|
REPLACE INTO `msz_permissions` (`role_id`, `user_id`, `' . implode('`, `', $permKeys) . '`)
|
|
VALUES (:role_id, NULL, :' . implode(', :', $permKeys) . ')
|
|
');
|
|
$setPermissions->bind('role_id', $roleInfo->getId());
|
|
|
|
foreach($perms as $key => $value) {
|
|
$setPermissions->bind($key, $value);
|
|
}
|
|
|
|
$setPermissions->execute();
|
|
} else {
|
|
$deletePermissions = DB::prepare('DELETE FROM `msz_permissions` WHERE `role_id` = :role_id AND `user_id` IS NULL');
|
|
$deletePermissions->bind('role_id', $roleInfo->getId());
|
|
$deletePermissions->execute();
|
|
}
|
|
}
|
|
|
|
url_redirect('manage-role', ['role' => $roleInfo->getId()]);
|
|
return;
|
|
}
|
|
|
|
Template::render('manage.users.role', [
|
|
'role_new' => $isNew,
|
|
'role_info' => $roleInfo ?? null,
|
|
'can_manage_perms' => $canEditPerms,
|
|
'permissions' => $permissions ?? [],
|
|
]);
|