flashii/misuzu
1
1
Fork 0
Code Issues 1 Pull requests Releases 140 Activity
misuzu/src/perms.php
flash 34bd71600a Removed manage.php.
2023-08-28 13:45:36 +00:00

730 lines
24 KiB
PHP
Raw Blame History

<?php
define('MSZ_PERMS_ALLOW', 'allow');
define('MSZ_PERMS_DENY', 'deny');
define('MSZ_PERMS_GENERAL', 'general');
define('MSZ_PERM_GENERAL_CAN_MANAGE', 0x00000001);
define('MSZ_PERM_GENERAL_VIEW_LOGS', 0x00000002);
define('MSZ_PERM_GENERAL_MANAGE_EMOTES', 0x00000004);
define('MSZ_PERM_GENERAL_MANAGE_CONFIG', 0x00000008);
//define('MSZ_PERM_GENERAL_IS_TESTER', 0x00000010); Has been unused for a while
//define('MSZ_PERM_GENERAL_MANAGE_BLACKLIST', 0x00000020); Blacklist has been removed for now to reduce overhead and because it was broken(?)
//define('MSZ_PERM_GENERAL_MANAGE_TWITTER', 0x00000040); Twitter integration has been removed
define('MSZ_PERMS_USER', 'user');
define('MSZ_PERM_USER_EDIT_PROFILE', 0x00000001);
define('MSZ_PERM_USER_CHANGE_AVATAR', 0x00000002);
define('MSZ_PERM_USER_CHANGE_BACKGROUND', 0x00000004);
define('MSZ_PERM_USER_EDIT_ABOUT', 0x00000008);
define('MSZ_PERM_USER_EDIT_BIRTHDATE', 0x00000010);
define('MSZ_PERM_USER_EDIT_SIGNATURE', 0x00000020);
define('MSZ_PERM_USER_MANAGE_USERS', 0x00100000);
define('MSZ_PERM_USER_MANAGE_ROLES', 0x00200000);
define('MSZ_PERM_USER_MANAGE_PERMS', 0x00400000);
define('MSZ_PERM_USER_MANAGE_REPORTS', 0x00800000);
define('MSZ_PERM_USER_MANAGE_WARNINGS', 0x01000000);
//define('MSZ_PERM_USER_MANAGE_BLACKLISTS', 0x02000000); // Replaced with MSZ_PERM_GENERAL_MANAGE_BLACKLIST
define('MSZ_PERM_USER_MANAGE_NOTES', 0x04000000);
define('MSZ_PERM_USER_MANAGE_BANS', 0x08000000);
define('MSZ_PERM_USER_IMPERSONATE', 0x10000000);
define('MSZ_PERMS_CHANGELOG', 'changelog');
define('MSZ_PERM_CHANGELOG_MANAGE_CHANGES', 0x00000001);
define('MSZ_PERM_CHANGELOG_MANAGE_TAGS', 0x00000002);
//define('MSZ_PERM_CHANGELOG_MANAGE_ACTIONS', 0x00000004); Deprecated, actions are hardcoded now
define('MSZ_PERMS_NEWS', 'news');
define('MSZ_PERM_NEWS_MANAGE_POSTS', 0x00000001);
define('MSZ_PERM_NEWS_MANAGE_CATEGORIES', 0x00000002);
define('MSZ_PERMS_FORUM', 'forum');
define('MSZ_PERM_FORUM_MANAGE_FORUMS', 0x00000001);
define('MSZ_PERM_FORUM_VIEW_LEADERBOARD', 0x00000002);
define('MSZ_PERM_FORUM_TOPIC_REDIRS', 0x00000004);
define('MSZ_PERMS_COMMENTS', 'comments');
define('MSZ_PERM_COMMENTS_CREATE', 0x00000001);
//define('MSZ_PERM_COMMENTS_EDIT_OWN', 0x00000002);
//define('MSZ_PERM_COMMENTS_EDIT_ANY', 0x00000004);
define('MSZ_PERM_COMMENTS_DELETE_OWN', 0x00000008);
define('MSZ_PERM_COMMENTS_DELETE_ANY', 0x00000010);
define('MSZ_PERM_COMMENTS_PIN', 0x00000020);
define('MSZ_PERM_COMMENTS_LOCK', 0x00000040);
define('MSZ_PERM_COMMENTS_VOTE', 0x00000080);
define('MSZ_PERM_MODES', [
MSZ_PERMS_GENERAL, MSZ_PERMS_USER, MSZ_PERMS_CHANGELOG,
MSZ_PERMS_NEWS, MSZ_PERMS_FORUM, MSZ_PERMS_COMMENTS,
]);
define('MSZ_FORUM_PERMS_GENERAL', 'forum');
define('MSZ_FORUM_PERM_LIST_FORUM', 0x00000001); // can see stats, but will get error when trying to view
define('MSZ_FORUM_PERM_VIEW_FORUM', 0x00000002);
define('MSZ_FORUM_PERM_CREATE_TOPIC', 0x00000400);
//define('MSZ_FORUM_PERM_DELETE_TOPIC', 0x00000800); // use MSZ_FORUM_PERM_DELETE_ANY_POST instead
define('MSZ_FORUM_PERM_MOVE_TOPIC', 0x00001000);
define('MSZ_FORUM_PERM_LOCK_TOPIC', 0x00002000);
define('MSZ_FORUM_PERM_STICKY_TOPIC', 0x00004000);
define('MSZ_FORUM_PERM_ANNOUNCE_TOPIC', 0x00008000);
define('MSZ_FORUM_PERM_GLOBAL_ANNOUNCE_TOPIC', 0x00010000);
define('MSZ_FORUM_PERM_BUMP_TOPIC', 0x00020000);
//define('MSZ_FORUM_PERM_PRIORITY_VOTE', 0x00040000); // feature postponed, perhaps reuse if it makes sense to
define('MSZ_FORUM_PERM_CREATE_POST', 0x00100000);
define('MSZ_FORUM_PERM_EDIT_POST', 0x00200000);
define('MSZ_FORUM_PERM_EDIT_ANY_POST', 0x00400000);
define('MSZ_FORUM_PERM_DELETE_POST', 0x00800000);
define('MSZ_FORUM_PERM_DELETE_ANY_POST', 0x01000000);
define('MSZ_FORUM_PERM_MODES', [
MSZ_FORUM_PERMS_GENERAL,
]);
function perms_get_keys(array $modes = MSZ_PERM_MODES): array {
$perms = [];
foreach($modes as $mode) {
$perms[] = perms_get_key($mode, MSZ_PERMS_ALLOW);
$perms[] = perms_get_key($mode, MSZ_PERMS_DENY);
}
return $perms;
}
function perms_create(array $modes = MSZ_PERM_MODES): array {
return array_fill_keys(perms_get_keys($modes), 0);
}
function perms_get_key(string $prefix, string $suffix): string {
return $prefix . '_perms_' . $suffix;
}
function perms_get_select(array $modes = MSZ_PERM_MODES, string $allow = MSZ_PERMS_ALLOW, string $deny = MSZ_PERMS_DENY): string {
$select = '';
foreach($modes as $mode) {
$select .= sprintf(
'(BIT_OR(`%1$s_perms_%2$s`) &~ BIT_OR(`%1$s_perms_%3$s`)) AS `%1$s`,',
$mode, $allow, $deny
);
}
$select = substr($select, 0, -1);
return $select;
}
function perms_get_blank(array $modes = MSZ_PERM_MODES): array {
return array_fill_keys($modes, 0);
}
function perms_get_user(int|string $user): array {
if(is_string($user))
$user = (int)$user;
if($user < 1)
return perms_get_blank();
static $memo = [];
if(array_key_exists($user, $memo)) {
return $memo[$user];
}
$getPerms = \Misuzu\DB::prepare(sprintf(
'
SELECT %s
FROM `msz_permissions`
WHERE (`user_id` = :user_id_1 AND `role_id` IS NULL)
OR (
`user_id` IS NULL
AND `role_id` IN (
SELECT `role_id`
FROM `msz_users_roles`
WHERE `user_id` = :user_id_2
)
)
',
perms_get_select()
));
$getPerms->bind('user_id_1', $user);
$getPerms->bind('user_id_2', $user);
return $memo[$user] = $getPerms->fetch();
}
function perms_delete_user(int|string $user): bool {
if(is_string($user))
$user = (int)$user;
if($user < 1)
return false;
$deletePermissions = \Misuzu\DB::prepare('
DELETE FROM `msz_permissions`
WHERE `role_id` IS NULL
AND `user_id` = :user_id
');
$deletePermissions->bind('user_id', $user);
return $deletePermissions->execute();
}
function perms_get_role(int $role): array {
if($role < 1) {
return perms_get_blank();
}
static $memo = [];
if(array_key_exists($role, $memo)) {
return $memo[$role];
}
$getPerms = \Misuzu\DB::prepare(sprintf(
'
SELECT %s
FROM `msz_permissions`
WHERE `role_id` = :role_id
AND `user_id` IS NULL
',
perms_get_select()
));
$getPerms->bind('role_id', $role);
return $memo[$role] = $getPerms->fetch();
}
function perms_get_user_raw(int|string $user): array {
if(is_string($user))
$user = (int)$user;
if($user < 1)
return perms_create();
$getPerms = \Misuzu\DB::prepare(sprintf('
SELECT `%s`
FROM `msz_permissions`
WHERE `user_id` = :user_id
AND `role_id` IS NULL
', implode('`, `', perms_get_keys())));
$getPerms->bind('user_id', $user);
$perms = $getPerms->fetch();
if(empty($perms)) {
return perms_create();
}
return $perms;
}
function perms_set_user_raw(int|string $user, array $perms): bool {
if(is_string($user))
$user = (int)$user;
if($user < 1)
return false;
$realPerms = perms_create();
$permKeys = array_keys($realPerms);
foreach($permKeys as $perm) {
$realPerms[$perm] = (int)($perms[$perm] ?? 0);
}
$setPermissions = \Misuzu\DB::prepare(sprintf(
'
REPLACE INTO `msz_permissions`
(`role_id`, `user_id`, `%s`)
VALUES
(NULL, :user_id, :%s)
',
implode('`, `', $permKeys),
implode(', :', $permKeys)
));
$setPermissions->bind('user_id', $user);
foreach($realPerms as $key => $value) {
$setPermissions->bind($key, $value);
}
return $setPermissions->execute();
}
function perms_get_role_raw(int $role): array {
if($role < 1) {
return perms_create();
}
$getPerms = \Misuzu\DB::prepare(sprintf('
SELECT `%s`
FROM `msz_permissions`
WHERE `user_id` IS NULL
AND `role_id` = :role_id
', implode('`, `', perms_get_keys())));
$getPerms->bind('role_id', $role);
$perms = $getPerms->fetch();
if(empty($perms)) {
return perms_create();
}
return $perms;
}
function perms_check(?int $perms, ?int $perm, bool $strict = false): bool {
$and = ($perms ?? 0) & ($perm ?? 0);
return $strict ? $and === $perm : $and > 0;
}
function perms_check_user(string $prefix, int|string|null $userId, int $perm, bool $strict = false): bool {
if(is_string($userId))
$userId = (int)$userId;
return $userId > 0 && perms_check(perms_get_user($userId)[$prefix] ?? 0, $perm, $strict);
}
function perms_check_bulk(int $perms, array $set, bool $strict = false): array {
foreach($set as $key => $perm) {
$set[$key] = perms_check($perms, $perm, $strict);
}
return $set;
}
function perms_check_user_bulk(string $prefix, int|string|null $userId, array $set, bool $strict = false): array {
$perms = perms_get_user($userId)[$prefix] ?? 0;
return perms_check_bulk($perms, $set, $strict);
}
function perms_for_comments(string|int $userId): array {
return perms_check_user_bulk(MSZ_PERMS_COMMENTS, $userId, [
'can_comment' => MSZ_PERM_COMMENTS_CREATE,
'can_delete' => MSZ_PERM_COMMENTS_DELETE_OWN | MSZ_PERM_COMMENTS_DELETE_ANY,
'can_delete_any' => MSZ_PERM_COMMENTS_DELETE_ANY,
'can_pin' => MSZ_PERM_COMMENTS_PIN,
'can_lock' => MSZ_PERM_COMMENTS_LOCK,
'can_vote' => MSZ_PERM_COMMENTS_VOTE,
]);
}
function forum_get_parent_id(int $forumId): int {
if($forumId < 1)
return 0;
static $memoized = [];
if(array_key_exists($forumId, $memoized))
return $memoized[$forumId];
$getParent = \Misuzu\DB::prepare('
SELECT `forum_parent`
FROM `msz_forum_categories`
WHERE `forum_id` = :forum_id
');
$getParent->bind('forum_id', $forumId);
return (int)$getParent->fetchColumn();
}
function forum_perms_get_user(?int $forum, int $user): array {
$perms = perms_get_blank(MSZ_FORUM_PERM_MODES);
if($user < 0 || $forum < 0)
return $perms;
static $memo = [];
$memoId = "{$forum}-{$user}";
if(array_key_exists($memoId, $memo))
return $memo[$memoId];
if($forum > 0)
$perms = forum_perms_get_user(
forum_get_parent_id($forum),
$user
);
$getPerms = \Misuzu\DB::prepare(sprintf(
'
SELECT %s
FROM `msz_forum_permissions`
WHERE (`forum_id` = :forum_id OR `forum_id` IS NULL)
AND (
(`user_id` IS NULL AND `role_id` IS NULL)
OR (`user_id` = :user_id_1 AND `role_id` IS NULL)
OR (
`user_id` IS NULL
AND `role_id` IN (
SELECT `role_id`
FROM `msz_users_roles`
WHERE `user_id` = :user_id_2
)
)
)
',
perms_get_select(MSZ_FORUM_PERM_MODES)
));
$getPerms->bind('forum_id', $forum);
$getPerms->bind('user_id_1', $user);
$getPerms->bind('user_id_2', $user);
$userPerms = $getPerms->fetch();
foreach($perms as $key => $value)
$perms[$key] |= $userPerms[$key] ?? 0;
return $memo[$memoId] = $perms;
}
function forum_perms_check_user(
string $prefix,
?int $forumId,
?int $userId,
int $perm,
bool $strict = false
): bool {
return perms_check(forum_perms_get_user($forumId, $userId)[$prefix] ?? 0, $perm, $strict);
}
define('MSZ_MANAGE_PERM_YES', 'yes');
define('MSZ_MANAGE_PERM_NO', 'no');
define('MSZ_MANAGE_PERM_NEVER', 'never');
function manage_perms_value(int $perm, int $allow, int $deny): string {
if(perms_check($deny, $perm))
return MSZ_MANAGE_PERM_NEVER;
if(perms_check($allow, $perm))
return MSZ_MANAGE_PERM_YES;
return MSZ_MANAGE_PERM_NO;
}
function manage_perms_apply(array $list, array $post, ?array $raw = null): ?array {
$perms = $raw !== null ? $raw : perms_create();
foreach($list as $section) {
if(empty($post[$section['section']]) || !is_array($post[$section['section']]))
continue;
$allowKey = perms_get_key($section['section'], MSZ_PERMS_ALLOW);
$denyKey = perms_get_key($section['section'], MSZ_PERMS_DENY);
foreach($section['perms'] as $perm) {
if(empty($post[$section['section']][$perm['section']]['value']))
continue;
$perm['perm'] = (int)$perm['perm']; // makes phpstan happy
switch($post[$section['section']][$perm['section']]['value']) {
case MSZ_MANAGE_PERM_YES:
$perms[$allowKey] |= $perm['perm'];
$perms[$denyKey] &= ~$perm['perm'];
break;
case MSZ_MANAGE_PERM_NEVER:
$perms[$allowKey] &= ~$perm['perm'];
$perms[$denyKey] |= $perm['perm'];
break;
case MSZ_MANAGE_PERM_NO:
default:
$perms[$allowKey] &= ~$perm['perm'];
$perms[$denyKey] &= ~$perm['perm'];
break;
}
}
}
$returnNothing = 0;
foreach($perms as $perm)
$returnNothing |= $perm;
return $returnNothing === 0 ? null : $perms;
}
function manage_perms_calculate(array $rawPerms, array $perms): array {
for($i = 0; $i < count($perms); $i++) {
$section = $perms[$i]['section'];
$allowKey = perms_get_key($section, MSZ_PERMS_ALLOW);
$denyKey = perms_get_key($section, MSZ_PERMS_DENY);
for($j = 0; $j < count($perms[$i]['perms']); $j++) {
$permission = $perms[$i]['perms'][$j]['perm'];
$perms[$i]['perms'][$j]['value'] = manage_perms_value($permission, $rawPerms[$allowKey], $rawPerms[$denyKey]);
}
}
return $perms;
}
function manage_perms_list(array $rawPerms): array {
return manage_perms_calculate($rawPerms, [
[
'section' => MSZ_PERMS_GENERAL,
'title' => 'General',
'perms' => [
[
'section' => 'can-manage',
'title' => 'Can access the management panel.',
'perm' => MSZ_PERM_GENERAL_CAN_MANAGE,
],
[
'section' => 'view-logs',
'title' => 'Can view audit logs.',
'perm' => MSZ_PERM_GENERAL_VIEW_LOGS,
],
[
'section' => 'manage-emotes',
'title' => 'Can manage emoticons.',
'perm' => MSZ_PERM_GENERAL_MANAGE_EMOTES,
],
[
'section' => 'manage-settings',
'title' => 'Can manage general Misuzu settings.',
'perm' => MSZ_PERM_GENERAL_MANAGE_CONFIG,
],
],
],
[
'section' => MSZ_PERMS_USER,
'title' => 'User',
'perms' => [
[
'section' => 'edit-profile',
'title' => 'Can edit own profile.',
'perm' => MSZ_PERM_USER_EDIT_PROFILE,
],
[
'section' => 'change-avatar',
'title' => 'Can change own avatar.',
'perm' => MSZ_PERM_USER_CHANGE_AVATAR,
],
[
'section' => 'change-background',
'title' => 'Can change own background.',
'perm' => MSZ_PERM_USER_CHANGE_BACKGROUND,
],
[
'section' => 'edit-about',
'title' => 'Can change own about section.',
'perm' => MSZ_PERM_USER_EDIT_ABOUT,
],
[
'section' => 'edit-birthdate',
'title' => 'Can change own birthdate.',
'perm' => MSZ_PERM_USER_EDIT_BIRTHDATE,
],
[
'section' => 'edit-signature',
'title' => 'Can change own signature.',
'perm' => MSZ_PERM_USER_EDIT_SIGNATURE,
],
[
'section' => 'manage-users',
'title' => 'Can manage other users.',
'perm' => MSZ_PERM_USER_MANAGE_USERS,
],
[
'section' => 'manage-roles',
'title' => 'Can manage roles.',
'perm' => MSZ_PERM_USER_MANAGE_ROLES,
],
[
'section' => 'manage-perms',
'title' => 'Can manage permissions.',
'perm' => MSZ_PERM_USER_MANAGE_PERMS,
],
[
'section' => 'manage-reports',
'title' => 'Can handle reports.',
'perm' => MSZ_PERM_USER_MANAGE_REPORTS,
],
[
'section' => 'manage-notes',
'title' => 'Can manage user notes.',
'perm' => MSZ_PERM_USER_MANAGE_NOTES,
],
[
'section' => 'manage-warnings',
'title' => 'Can manage user warnings.',
'perm' => MSZ_PERM_USER_MANAGE_WARNINGS,
],
[
'section' => 'manage-bans',
'title' => 'Can manage user bans.',
'perm' => MSZ_PERM_USER_MANAGE_BANS,
],
[
'section' => 'impersonate',
'title' => 'Can impersonate select users.',
'perm' => MSZ_PERM_USER_IMPERSONATE,
],
],
],
[
'section' => MSZ_PERMS_NEWS,
'title' => 'News',
'perms' => [
[
'section' => 'manage-posts',
'title' => 'Can manage posts.',
'perm' => MSZ_PERM_NEWS_MANAGE_POSTS,
],
[
'section' => 'manage-cats',
'title' => 'Can manage catagories.',
'perm' => MSZ_PERM_NEWS_MANAGE_CATEGORIES,
],
],
],
[
'section' => MSZ_PERMS_FORUM,
'title' => 'Forum',
'perms' => [
[
'section' => 'manage-forums',
'title' => 'Can manage forum sections.',
'perm' => MSZ_PERM_FORUM_MANAGE_FORUMS,
],
[
'section' => 'view-leaderboard',
'title' => 'Can view the forum leaderboard live.',
'perm' => MSZ_PERM_FORUM_VIEW_LEADERBOARD,
],
[
'section' => 'topic-redirs',
'title' => 'Can create redirects for deleted topics.',
'perm' => MSZ_PERM_FORUM_TOPIC_REDIRS,
],
],
],
[
'section' => MSZ_PERMS_COMMENTS,
'title' => 'Comments',
'perms' => [
[
'section' => 'create',
'title' => 'Can post comments.',
'perm' => MSZ_PERM_COMMENTS_CREATE,
],
[
'section' => 'delete-own',
'title' => 'Can delete own comments.',
'perm' => MSZ_PERM_COMMENTS_DELETE_OWN,
],
[
'section' => 'delete-any',
'title' => 'Can delete anyone\'s comments.',
'perm' => MSZ_PERM_COMMENTS_DELETE_ANY,
],
[
'section' => 'pin',
'title' => 'Can pin comments.',
'perm' => MSZ_PERM_COMMENTS_PIN,
],
[
'section' => 'lock',
'title' => 'Can lock comment threads.',
'perm' => MSZ_PERM_COMMENTS_LOCK,
],
[
'section' => 'vote',
'title' => 'Can like or dislike comments.',
'perm' => MSZ_PERM_COMMENTS_VOTE,
],
],
],
[
'section' => MSZ_PERMS_CHANGELOG,
'title' => 'Changelog',
'perms' => [
[
'section' => 'manage-changes',
'title' => 'Can manage changes.',
'perm' => MSZ_PERM_CHANGELOG_MANAGE_CHANGES,
],
[
'section' => 'manage-tags',
'title' => 'Can manage tags.',
'perm' => MSZ_PERM_CHANGELOG_MANAGE_TAGS,
],
],
],
]);
}
function manage_forum_perms_list(array $rawPerms): array {
return manage_perms_calculate($rawPerms, [
[
'section' => MSZ_FORUM_PERMS_GENERAL,
'title' => 'Forum',
'perms' => [
[
'section' => 'can-list',
'title' => 'Can see the forum listed, but not access it.',
'perm' => MSZ_FORUM_PERM_LIST_FORUM,
],
[
'section' => 'can-view',
'title' => 'Can view and access the forum.',
'perm' => MSZ_FORUM_PERM_VIEW_FORUM,
],
[
'section' => 'can-create-topic',
'title' => 'Can create topics.',
'perm' => MSZ_FORUM_PERM_CREATE_TOPIC,
],
[
'section' => 'can-move-topic',
'title' => 'Can move topics between forums.',
'perm' => MSZ_FORUM_PERM_MOVE_TOPIC,
],
[
'section' => 'can-lock-topic',
'title' => 'Can lock topics.',
'perm' => MSZ_FORUM_PERM_LOCK_TOPIC,
],
[
'section' => 'can-sticky-topic',
'title' => 'Can make topics sticky.',
'perm' => MSZ_FORUM_PERM_STICKY_TOPIC,
],
[
'section' => 'can-announce-topic',
'title' => 'Can make topics announcements.',
'perm' => MSZ_FORUM_PERM_ANNOUNCE_TOPIC,
],
[
'section' => 'can-global-announce-topic',
'title' => 'Can make topics global announcements.',
'perm' => MSZ_FORUM_PERM_GLOBAL_ANNOUNCE_TOPIC,
],
[
'section' => 'can-bump-topic',
'title' => 'Can bump topics without posting a reply.',
'perm' => MSZ_FORUM_PERM_BUMP_TOPIC,
],
[
'section' => 'can-create-post',
'title' => 'Can make posts (reply only, if create topic is disallowed).',
'perm' => MSZ_FORUM_PERM_CREATE_POST,
],
[
'section' => 'can-edit-post',
'title' => 'Can edit their own posts.',
'perm' => MSZ_FORUM_PERM_EDIT_POST,
],
[
'section' => 'can-edit-any-post',
'title' => 'Can edit any posts.',
'perm' => MSZ_FORUM_PERM_EDIT_ANY_POST,
],
[
'section' => 'can-delete-post',
'title' => 'Can delete own posts.',
'perm' => MSZ_FORUM_PERM_DELETE_POST,
],
[
'section' => 'can-delete-any-post',
'title' => 'Can delete any posts.',
'perm' => MSZ_FORUM_PERM_DELETE_ANY_POST,
],
],
],
]);
}
Reference in a new issue View git blame Copy permalink