misuzu/public-legacy/manage/users/role.php

<?php
namespace Misuzu;

use RuntimeException;
use Index\Colour\Colour;
use Index\Colour\ColourRGB;

if(!$msz->isLoggedIn() || !perms_check_user(MSZ_PERMS_USER, $msz->getActiveUser()->getId(), MSZ_PERM_USER_MANAGE_ROLES)) {
    echo render_error(403);
    return;
}

$users = $msz->getUsers();
$roles = $msz->getRoles();

if(filter_has_var(INPUT_GET, 'r')) {
    $roleId = (string)filter_input(INPUT_GET, 'r', FILTER_SANITIZE_NUMBER_INT);

    try {
        $isNew = false;
        $roleInfo = $roles->getRole($roleId);
    } catch(RuntimeException $ex) {
        echo render_error(404);
        return;
    }
} else $isNew = true;

$currentUser = $msz->getActiveUser();
$canEditPerms = perms_check_user(MSZ_PERMS_USER, $currentUser->getId(), MSZ_PERM_USER_MANAGE_PERMS);

if($canEditPerms)
    $permissions = manage_perms_list(perms_get_role_raw($roleId ?? 0));

while($_SERVER['REQUEST_METHOD'] === 'POST' && CSRF::validateRequest()) {
    $userRank = $users->getUserRank($currentUser);

    if(!$isNew && !$currentUser->isSuperUser() && $roleInfo->getRank() >= $userRank) {
        echo 'You aren\'t allowed to edit this role.';
        break;
    }

    $roleName = (string)filter_input(INPUT_POST, 'ur_name');
    $roleHide = !empty($_POST['ur_hidden']);
    $roleLeavable = !empty($_POST['ur_leavable']);
    $roleRank = (int)filter_input(INPUT_POST, 'ur_rank', FILTER_SANITIZE_NUMBER_INT);
    $roleTitle = (string)filter_input(INPUT_POST, 'ur_title');
    $roleDesc = (string)filter_input(INPUT_POST, 'ur_desc');
    $colourInherit = !empty($_POST['ur_col_inherit']);
    $colourRed = (int)filter_input(INPUT_POST, 'ur_col_red', FILTER_SANITIZE_NUMBER_INT);
    $colourGreen = (int)filter_input(INPUT_POST, 'ur_col_green', FILTER_SANITIZE_NUMBER_INT);
    $colourBlue = (int)filter_input(INPUT_POST, 'ur_col_blue', FILTER_SANITIZE_NUMBER_INT);

    Template::set([
        'role_ur_name' => $roleName,
        'role_ur_hidden' => $roleHide,
        'role_ur_leavable' => $roleLeavable,
        'role_ur_rank' => $roleRank,
        'role_ur_title' => $roleTitle,
        'role_ur_desc' => $roleDesc,
        'role_ur_col_inherit' => $colourInherit,
        'role_ur_col_red' => $colourRed,
        'role_ur_col_green' => $colourGreen,
        'role_ur_col_blue' => $colourBlue,
    ]);

    if(!$currentUser->isSuperUser() && $roleRank >= $userRank) {
        echo 'You aren\'t allowed to make a role with equal rank to your own.';
        break;
    }

    $roleNameLength = mb_strlen($roleName);
    if($roleNameLength < 1 || $roleNameLength > 100) {
        echo 'Provided role name is either too long or too short.';
        break;
    }

    if($roleRank < 1 || $roleRank > 100) {
        echo 'Role rank may not be less than 1 or more than 100.';
        break;
    }

    $roleColour = $colourInherit
        ? Colour::none()
        : new ColourRGB($colourRed, $colourGreen, $colourBlue);

    if(mb_strlen($roleDesc) > 1000) {
        echo 'Description may not be longer than 1000 characters.';
        break;
    }

    if(mb_strlen($roleTitle) > 64) {
        echo 'Role title may not be longer than 64 characters.';
        break;
    }

    if($isNew) {
        $roleInfo = $roles->createRole($roleName, $roleRank, $roleColour, $roleTitle, $roleDesc, $roleHide, $roleLeavable);
    } else {
        if($roleName === $roleInfo->getName())
            $roleName = null;
        if($roleHide === $roleInfo->isHidden())
            $roleHide = null;
        if($roleLeavable === $roleInfo->isLeavable())
            $roleLeavable = null;
        if($roleRank === $roleInfo->getRank())
            $roleRank = null;
        if($roleTitle === $roleInfo->getTitle())
            $roleTitle = null;
        if($roleDesc === $roleInfo->getDescription())
            $roleDesc = null;
        // local genius did not implement colour comparison
        if((string)$roleColour === (string)$roleInfo->getColour())
            $roleColour = null;

        $roles->updateRole($roleInfo, $roleName, $roleRank, $roleColour, $roleTitle, $roleDesc, $roleHide, $roleLeavable);
    }

    $msz->createAuditLog(
        $isNew ? 'ROLE_CREATE' : 'ROLE_UPDATE',
        [$roleInfo->getId()]
    );

    if(!empty($permissions) && !empty($_POST['perms']) && is_array($_POST['perms'])) {
        $perms = manage_perms_apply($permissions, $_POST['perms']);

        if($perms !== null) {
            $permKeys = array_keys($perms);
            $setPermissions = DB::prepare('
                REPLACE INTO `msz_permissions` (`role_id`, `user_id`, `' . implode('`, `', $permKeys) . '`)
                VALUES (:role_id, NULL, :' . implode(', :', $permKeys) . ')
            ');
            $setPermissions->bind('role_id', $roleInfo->getId());

            foreach($perms as $key => $value) {
                $setPermissions->bind($key, $value);
            }

            $setPermissions->execute();
        } else {
            $deletePermissions = DB::prepare('DELETE FROM `msz_permissions` WHERE `role_id` = :role_id AND `user_id` IS NULL');
            $deletePermissions->bind('role_id', $roleInfo->getId());
            $deletePermissions->execute();
        }
    }

    url_redirect('manage-role', ['role' => $roleInfo->getId()]);
    return;
}

Template::render('manage.users.role', [
    'role_new' => $isNew,
    'role_info' => $roleInfo ?? null,
    'can_manage_perms' => $canEditPerms,
    'permissions' => $permissions ?? [],
]);
Imported into new repository. 2022-09-13 13:14:49 +00:00			`<?php`
			`namespace Misuzu;`

Normalised custom exception usage in user classes. Also updated the Index library to include the MediaType fix. 2023-07-22 15:02:41 +00:00			`use RuntimeException;`
Replaced Misuzu Colour library with the Index ones. 2023-01-02 23:48:04 +00:00			`use Index\Colour\Colour;`
			`use Index\Colour\ColourRGB;`
Imported into new repository. 2022-09-13 13:14:49 +00:00
Rewrote the user information class. This one took multiple days and it pretty invasive into the core of Misuzu so issue might (will) arise, there's also some features that have gone temporarily missing in the mean time and some inefficiencies introduced that will be fixed again at a later time. The old class isn't gone entirely because I still have to figure out what I'm gonna do about validation, but for the most part this knocks out one of the "layers of backwards compatibility", as I've been referring to it, and is moving us closer to a future where Flashii actually gets real updates. If you run into anything that's broken and you're inhibited from reporting it through the forum, do it through chat or mail me at flashii-issues@flash.moe. 2023-08-02 22:12:47 +00:00			`if(!$msz->isLoggedIn() \|\| !perms_check_user(MSZ_PERMS_USER, $msz->getActiveUser()->getId(), MSZ_PERM_USER_MANAGE_ROLES)) {`
Imported into new repository. 2022-09-13 13:14:49 +00:00			`echo render_error(403);`
			`return;`
			`}`

Rewrote the user information class. This one took multiple days and it pretty invasive into the core of Misuzu so issue might (will) arise, there's also some features that have gone temporarily missing in the mean time and some inefficiencies introduced that will be fixed again at a later time. The old class isn't gone entirely because I still have to figure out what I'm gonna do about validation, but for the most part this knocks out one of the "layers of backwards compatibility", as I've been referring to it, and is moving us closer to a future where Flashii actually gets real updates. If you run into anything that's broken and you're inhibited from reporting it through the forum, do it through chat or mail me at flashii-issues@flash.moe. 2023-08-02 22:12:47 +00:00			`$users = $msz->getUsers();`
Rewrote user role handling. 2023-07-27 23:26:05 +00:00			`$roles = $msz->getRoles();`

			`if(filter_has_var(INPUT_GET, 'r')) {`
			`$roleId = (string)filter_input(INPUT_GET, 'r', FILTER_SANITIZE_NUMBER_INT);`
Imported into new repository. 2022-09-13 13:14:49 +00:00
			`try {`
Rewrote user role handling. 2023-07-27 23:26:05 +00:00			`$isNew = false;`
			`$roleInfo = $roles->getRole($roleId);`
Normalised custom exception usage in user classes. Also updated the Index library to include the MediaType fix. 2023-07-22 15:02:41 +00:00			`} catch(RuntimeException $ex) {`
Imported into new repository. 2022-09-13 13:14:49 +00:00			`echo render_error(404);`
			`return;`
			`}`
Rewrote user role handling. 2023-07-27 23:26:05 +00:00			`} else $isNew = true;`
Imported into new repository. 2022-09-13 13:14:49 +00:00
Rewrote the user information class. This one took multiple days and it pretty invasive into the core of Misuzu so issue might (will) arise, there's also some features that have gone temporarily missing in the mean time and some inefficiencies introduced that will be fixed again at a later time. The old class isn't gone entirely because I still have to figure out what I'm gonna do about validation, but for the most part this knocks out one of the "layers of backwards compatibility", as I've been referring to it, and is moving us closer to a future where Flashii actually gets real updates. If you run into anything that's broken and you're inhibited from reporting it through the forum, do it through chat or mail me at flashii-issues@flash.moe. 2023-08-02 22:12:47 +00:00			`$currentUser = $msz->getActiveUser();`
			`$canEditPerms = perms_check_user(MSZ_PERMS_USER, $currentUser->getId(), MSZ_PERM_USER_MANAGE_PERMS);`
Imported into new repository. 2022-09-13 13:14:49 +00:00
			`if($canEditPerms)`
			`$permissions = manage_perms_list(perms_get_role_raw($roleId ?? 0));`

Rewrote user role handling. 2023-07-27 23:26:05 +00:00			`while($_SERVER['REQUEST_METHOD'] === 'POST' && CSRF::validateRequest()) {`
Rewrote the user information class. This one took multiple days and it pretty invasive into the core of Misuzu so issue might (will) arise, there's also some features that have gone temporarily missing in the mean time and some inefficiencies introduced that will be fixed again at a later time. The old class isn't gone entirely because I still have to figure out what I'm gonna do about validation, but for the most part this knocks out one of the "layers of backwards compatibility", as I've been referring to it, and is moving us closer to a future where Flashii actually gets real updates. If you run into anything that's broken and you're inhibited from reporting it through the forum, do it through chat or mail me at flashii-issues@flash.moe. 2023-08-02 22:12:47 +00:00			`$userRank = $users->getUserRank($currentUser);`

			`if(!$isNew && !$currentUser->isSuperUser() && $roleInfo->getRank() >= $userRank) {`
Rewrote user role handling. 2023-07-27 23:26:05 +00:00			`echo 'You aren\'t allowed to edit this role.';`
			`break;`
Imported into new repository. 2022-09-13 13:14:49 +00:00			`}`

Rewrote user role handling. 2023-07-27 23:26:05 +00:00			`$roleName = (string)filter_input(INPUT_POST, 'ur_name');`
			`$roleHide = !empty($_POST['ur_hidden']);`
			`$roleLeavable = !empty($_POST['ur_leavable']);`
			`$roleRank = (int)filter_input(INPUT_POST, 'ur_rank', FILTER_SANITIZE_NUMBER_INT);`
			`$roleTitle = (string)filter_input(INPUT_POST, 'ur_title');`
			`$roleDesc = (string)filter_input(INPUT_POST, 'ur_desc');`
			`$colourInherit = !empty($_POST['ur_col_inherit']);`
			`$colourRed = (int)filter_input(INPUT_POST, 'ur_col_red', FILTER_SANITIZE_NUMBER_INT);`
			`$colourGreen = (int)filter_input(INPUT_POST, 'ur_col_green', FILTER_SANITIZE_NUMBER_INT);`
			`$colourBlue = (int)filter_input(INPUT_POST, 'ur_col_blue', FILTER_SANITIZE_NUMBER_INT);`

			`Template::set([`
			`'role_ur_name' => $roleName,`
			`'role_ur_hidden' => $roleHide,`
			`'role_ur_leavable' => $roleLeavable,`
			`'role_ur_rank' => $roleRank,`
			`'role_ur_title' => $roleTitle,`
			`'role_ur_desc' => $roleDesc,`
			`'role_ur_col_inherit' => $colourInherit,`
			`'role_ur_col_red' => $colourRed,`
			`'role_ur_col_green' => $colourGreen,`
			`'role_ur_col_blue' => $colourBlue,`
			`]);`

Rewrote the user information class. This one took multiple days and it pretty invasive into the core of Misuzu so issue might (will) arise, there's also some features that have gone temporarily missing in the mean time and some inefficiencies introduced that will be fixed again at a later time. The old class isn't gone entirely because I still have to figure out what I'm gonna do about validation, but for the most part this knocks out one of the "layers of backwards compatibility", as I've been referring to it, and is moving us closer to a future where Flashii actually gets real updates. If you run into anything that's broken and you're inhibited from reporting it through the forum, do it through chat or mail me at flashii-issues@flash.moe. 2023-08-02 22:12:47 +00:00			`if(!$currentUser->isSuperUser() && $roleRank >= $userRank) {`
Rewrote user role handling. 2023-07-27 23:26:05 +00:00			`echo 'You aren\'t allowed to make a role with equal rank to your own.';`
			`break;`
Imported into new repository. 2022-09-13 13:14:49 +00:00			`}`

Rewrote user role handling. 2023-07-27 23:26:05 +00:00			`$roleNameLength = mb_strlen($roleName);`
			`if($roleNameLength < 1 \|\| $roleNameLength > 100) {`
			`echo 'Provided role name is either too long or too short.';`
			`break;`
Imported into new repository. 2022-09-13 13:14:49 +00:00			`}`

Rewrote user role handling. 2023-07-27 23:26:05 +00:00			`if($roleRank < 1 \|\| $roleRank > 100) {`
			`echo 'Role rank may not be less than 1 or more than 100.';`
			`break;`
Imported into new repository. 2022-09-13 13:14:49 +00:00			`}`

Rewrote user role handling. 2023-07-27 23:26:05 +00:00			`$roleColour = $colourInherit`
			`? Colour::none()`
			`: new ColourRGB($colourRed, $colourGreen, $colourBlue);`
Imported into new repository. 2022-09-13 13:14:49 +00:00
Rewrote user role handling. 2023-07-27 23:26:05 +00:00			`if(mb_strlen($roleDesc) > 1000) {`
			`echo 'Description may not be longer than 1000 characters.';`
			`break;`
Imported into new repository. 2022-09-13 13:14:49 +00:00			`}`

Rewrote user role handling. 2023-07-27 23:26:05 +00:00			`if(mb_strlen($roleTitle) > 64) {`
			`echo 'Role title may not be longer than 64 characters.';`
			`break;`
Imported into new repository. 2022-09-13 13:14:49 +00:00			`}`

Rewrote user role handling. 2023-07-27 23:26:05 +00:00			`if($isNew) {`
			`$roleInfo = $roles->createRole($roleName, $roleRank, $roleColour, $roleTitle, $roleDesc, $roleHide, $roleLeavable);`
			`} else {`
			`if($roleName === $roleInfo->getName())`
			`$roleName = null;`
			`if($roleHide === $roleInfo->isHidden())`
			`$roleHide = null;`
			`if($roleLeavable === $roleInfo->isLeavable())`
			`$roleLeavable = null;`
			`if($roleRank === $roleInfo->getRank())`
			`$roleRank = null;`
			`if($roleTitle === $roleInfo->getTitle())`
			`$roleTitle = null;`
			`if($roleDesc === $roleInfo->getDescription())`
			`$roleDesc = null;`
			`// local genius did not implement colour comparison`
			`if((string)$roleColour === (string)$roleInfo->getColour())`
			`$roleColour = null;`

			`$roles->updateRole($roleInfo, $roleName, $roleRank, $roleColour, $roleTitle, $roleDesc, $roleHide, $roleLeavable);`
			`}`
Imported into new repository. 2022-09-13 13:14:49 +00:00
Rewrote user role handling. 2023-07-27 23:26:05 +00:00			`$msz->createAuditLog(`
			`$isNew ? 'ROLE_CREATE' : 'ROLE_UPDATE',`
			`[$roleInfo->getId()]`
			`);`
Imported into new repository. 2022-09-13 13:14:49 +00:00
			`if(!empty($permissions) && !empty($_POST['perms']) && is_array($_POST['perms'])) {`
			`$perms = manage_perms_apply($permissions, $_POST['perms']);`

			`if($perms !== null) {`
			`$permKeys = array_keys($perms);`
			`$setPermissions = DB::prepare('`
Rewrote user role handling. 2023-07-27 23:26:05 +00:00			REPLACE INTO `msz_permissions` (`role_id`, `user_id`, `' . implode('`, `', $permKeys) . '`)
			`VALUES (:role_id, NULL, :' . implode(', :', $permKeys) . ')`
Imported into new repository. 2022-09-13 13:14:49 +00:00			`');`
			`$setPermissions->bind('role_id', $roleInfo->getId());`

			`foreach($perms as $key => $value) {`
			`$setPermissions->bind($key, $value);`
			`}`

			`$setPermissions->execute();`
			`} else {`
Rewrote user role handling. 2023-07-27 23:26:05 +00:00			$deletePermissions = DB::prepare('DELETE FROM `msz_permissions` WHERE `role_id` = :role_id AND `user_id` IS NULL');
Imported into new repository. 2022-09-13 13:14:49 +00:00			`$deletePermissions->bind('role_id', $roleInfo->getId());`
			`$deletePermissions->execute();`
			`}`
			`}`

			`url_redirect('manage-role', ['role' => $roleInfo->getId()]);`
			`return;`
			`}`

			`Template::render('manage.users.role', [`
Rewrote user role handling. 2023-07-27 23:26:05 +00:00			`'role_new' => $isNew,`
Imported into new repository. 2022-09-13 13:14:49 +00:00			`'role_info' => $roleInfo ?? null,`
			`'can_manage_perms' => $canEditPerms,`
			`'permissions' => $permissions ?? [],`
			`]);`