[geeklog-cvs] geeklog: Added new permission 'group.assign', now required to be...
geeklog-cvs at lists.geeklog.net
geeklog-cvs at lists.geeklog.net
Sat Feb 21 17:03:35 EST 2009
details: http://project.geeklog.net/cgi-bin/hgweb.cgi/rev/10dfb994ef83
changeset: 6793:10dfb994ef83
user: Dirk Haun <dirk at haun-online.de>
date: Sat Feb 21 22:58:23 2009 +0100
description:
Added new permission 'group.assign', now required to be able to assign a user to a group (feature request #0000190)
diffstat:
7 files changed, 64 insertions(+), 37 deletions(-)
public_html/admin/install/lib-upgrade.php | 2 -
public_html/admin/user.php | 48 ++++++++++++++---------------
public_html/docs/history | 3 +
sql/mssql_tableanddata.php | 2 +
sql/mysql_tableanddata.php | 2 +
sql/updates/mssql_1.5.2_to_1.6.0.php | 22 +++++++++----
sql/updates/mysql_1.5.2_to_1.6.0.php | 22 +++++++++----
diffs (254 lines):
diff -r b4dc97200076 -r 10dfb994ef83 public_html/admin/install/lib-upgrade.php
--- a/public_html/admin/install/lib-upgrade.php Sat Feb 21 22:41:54 2009 +0100
+++ b/public_html/admin/install/lib-upgrade.php Sat Feb 21 22:58:23 2009 +0100
@@ -464,7 +464,7 @@
INST_updateDB($_SQL);
update_ConfValues();
- upgrade_addPluginPermissions();
+ upgrade_addNewPermissions();
upgrade_addIsoFormat();
$current_gl_version = '1.6.0';
diff -r b4dc97200076 -r 10dfb994ef83 public_html/admin/user.php
--- a/public_html/admin/user.php Sat Feb 21 22:41:54 2009 +0100
+++ b/public_html/admin/user.php Sat Feb 21 22:58:23 2009 +0100
@@ -246,7 +246,7 @@
}
}
- if (SEC_hasRights('group.edit')) {
+ if (SEC_hasRights('group.assign')) {
$user_templates->set_var('lang_securitygroups',
$LANG_ACCESS['securitygroups']);
$user_templates->set_var('lang_groupinstructions',
@@ -543,23 +543,23 @@
$userChanged = true;
}
- // if groups is -1 then this user isn't allowed to change any groups so ignore
- if (is_array ($groups) && SEC_inGroup ('Group Admin')) {
- if (!SEC_inGroup ('Root')) {
- $rootgrp = DB_getItem ($_TABLES['groups'], 'grp_id',
- "grp_name = 'Root'");
- if (in_array ($rootgrp, $groups)) {
- COM_accessLog ("User {$_USER['username']} ({$_USER['uid']}) just tried to give Root permissions to user $username.");
- echo COM_refresh ($_CONF['site_admin_url'] . '/index.php');
+ // check that the user is allowed to change group assignments
+ if (is_array($groups) && SEC_hasRights('group.assign')) {
+ if (! SEC_inGroup('Root')) {
+ $rootgrp = DB_getItem($_TABLES['groups'], 'grp_id',
+ "grp_name = 'Root'");
+ if (in_array($rootgrp, $groups)) {
+ COM_accessLog("User {$_USER['username']} ({$_USER['uid']}) just tried to give Root permissions to user $username.");
+ echo COM_refresh($_CONF['site_admin_url'] . '/index.php');
exit;
}
}
// make sure the Remote Users group is in $groups
- if (SEC_inGroup ('Remote Users', $uid)) {
- $remUsers = DB_getItem ($_TABLES['groups'], 'grp_id',
- "grp_name = 'Remote Users'");
- if (!in_array ($remUsers, $groups)) {
+ if (SEC_inGroup('Remote Users', $uid)) {
+ $remUsers = DB_getItem($_TABLES['groups'], 'grp_id',
+ "grp_name = 'Remote Users'");
+ if (! in_array($remUsers, $groups)) {
$groups[] = $remUsers;
}
}
@@ -569,31 +569,31 @@
}
// remove user from all groups that the User Admin is a member of
- $UserAdminGroups = SEC_getUserGroups ();
+ $UserAdminGroups = SEC_getUserGroups();
$whereGroup = 'ug_main_grp_id IN ('
. implode (',', $UserAdminGroups) . ')';
DB_query("DELETE FROM {$_TABLES['group_assignments']} WHERE (ug_uid = $uid) AND " . $whereGroup);
// make sure to add user to All Users and Logged-in Users groups
- $allUsers = DB_getItem ($_TABLES['groups'], 'grp_id',
- "grp_name = 'All Users'");
- if (!in_array ($allUsers, $groups)) {
+ $allUsers = DB_getItem($_TABLES['groups'], 'grp_id',
+ "grp_name = 'All Users'");
+ if (! in_array($allUsers, $groups)) {
$groups[] = $allUsers;
}
- $logUsers = DB_getItem ($_TABLES['groups'], 'grp_id',
- "grp_name = 'Logged-in Users'");
- if (!in_array ($logUsers, $groups)) {
+ $logUsers = DB_getItem($_TABLES['groups'], 'grp_id',
+ "grp_name = 'Logged-in Users'");
+ if (! in_array($logUsers, $groups)) {
$groups[] = $logUsers;
}
foreach ($groups as $userGroup) {
- if (in_array ($userGroup, $UserAdminGroups)) {
+ if (in_array($userGroup, $UserAdminGroups)) {
if ($_USER_VERBOSE) {
- COM_errorLog ("adding group_assignment " . $userGroup
- . " for $username", 1);
+ COM_errorLog("adding group_assignment " . $userGroup
+ . " for $username", 1);
}
$sql = "INSERT INTO {$_TABLES['group_assignments']} (ug_main_grp_id, ug_uid) VALUES ($userGroup, $uid)";
- DB_query ($sql);
+ DB_query($sql);
}
}
}
diff -r b4dc97200076 -r 10dfb994ef83 public_html/docs/history
--- a/public_html/docs/history Sat Feb 21 22:41:54 2009 +0100
+++ b/public_html/docs/history Sat Feb 21 22:58:23 2009 +0100
@@ -11,6 +11,9 @@
+ (TBD) Comment moderation and editable comments, by Jared Wenerd
Other changes:
+- Added new permission 'group.assign', now required to be able to assign a user
+ to a group. Part of the Group Admin (not User Admin) permissions by default
+ (feature request #0000190) [Dirk]
- Raised minimum required PHP version to PHP 4.3.0 and removed all workarounds
that ensured compatibility with PHP 4.1.0 [Dirk]
- Added a filename mask config option for the names of the database backups
diff -r b4dc97200076 -r 10dfb994ef83 sql/mssql_tableanddata.php
--- a/sql/mssql_tableanddata.php Sat Feb 21 22:41:54 2009 +0100
+++ b/sql/mssql_tableanddata.php Sat Feb 21 22:58:23 2009 +0100
@@ -1180,6 +1180,7 @@
$_SQL[] = "INSERT INTO {$_TABLES['access']} (acc_ft_id, acc_grp_id) VALUES (16,4)";
$_SQL[] = "INSERT INTO {$_TABLES['access']} (acc_ft_id, acc_grp_id) VALUES (17,10)";
$_SQL[] = "INSERT INTO {$_TABLES['access']} (acc_ft_id, acc_grp_id) VALUES (18,10)";
+$_SQL[] = "INSERT INTO {$_TABLES['access']} (acc_ft_id, acc_grp_id) VALUES (19,11)";
$_SQL[] = "
set identity_insert {$_TABLES['blocks']} on;
@@ -1263,6 +1264,7 @@
INSERT INTO {$_TABLES['features']} (ft_id, ft_name, ft_descr, ft_gl_core) VALUES (16,'block.delete','Ability to delete a block',1)
INSERT INTO {$_TABLES['features']} (ft_id, ft_name, ft_descr, ft_gl_core) VALUES (17,'plugin.install','Can install/uninstall plugins',1)
INSERT INTO {$_TABLES['features']} (ft_id, ft_name, ft_descr, ft_gl_core) VALUES (18,'plugin.upload','Can upload new plugins',1)
+INSERT INTO {$_TABLES['features']} (ft_id, ft_name, ft_descr, ft_gl_core) VALUES (19,'group.assign','Ability to assign users to groups',1)
set identity_insert {$_TABLES['features']} off
";
diff -r b4dc97200076 -r 10dfb994ef83 sql/mysql_tableanddata.php
--- a/sql/mysql_tableanddata.php Sat Feb 21 22:41:54 2009 +0100
+++ b/sql/mysql_tableanddata.php Sat Feb 21 22:58:23 2009 +0100
@@ -508,6 +508,7 @@
$_DATA[] = "INSERT INTO {$_TABLES['access']} (acc_ft_id, acc_grp_id) VALUES (16,4) ";
$_DATA[] = "INSERT INTO {$_TABLES['access']} (acc_ft_id, acc_grp_id) VALUES (17,10) ";
$_DATA[] = "INSERT INTO {$_TABLES['access']} (acc_ft_id, acc_grp_id) VALUES (18,10) ";
+$_DATA[] = "INSERT INTO {$_TABLES['access']} (acc_ft_id, acc_grp_id) VALUES (19,11) ";
$_DATA[] = "INSERT INTO {$_TABLES['blocks']} (bid, is_enabled, name, type, title, tid, blockorder, content, rdfurl, rdfupdated, onleft, phpblockfn, group_id, owner_id, perm_owner, perm_group, perm_members, perm_anon) VALUES (1,1,'user_block','gldefault','User Functions','all',2,'','','0000-00-00 00:00:00',1,'',4,2,3,3,2,2) ";
$_DATA[] = "INSERT INTO {$_TABLES['blocks']} (bid, is_enabled, name, type, title, tid, blockorder, content, rdfurl, rdfupdated, onleft, phpblockfn, group_id, owner_id, perm_owner, perm_group, perm_members, perm_anon) VALUES (2,1,'admin_block','gldefault','Admins Only','all',1,'','','0000-00-00 00:00:00',1,'',4,2,3,3,2,2) ";
@@ -575,6 +576,7 @@
$_DATA[] = "INSERT INTO {$_TABLES['features']} (ft_id, ft_name, ft_descr, ft_gl_core) VALUES (16,'block.delete','Ability to delete a block',1) ";
$_DATA[] = "INSERT INTO {$_TABLES['features']} (ft_id, ft_name, ft_descr, ft_gl_core) VALUES (17,'plugin.install','Can install/uninstall plugins',1) ";
$_DATA[] = "INSERT INTO {$_TABLES['features']} (ft_id, ft_name, ft_descr, ft_gl_core) VALUES (18,'plugin.upload','Can upload new plugins',1) ";
+$_DATA[] = "INSERT INTO {$_TABLES['features']} (ft_id, ft_name, ft_descr, ft_gl_core) VALUES (19,'group.assign','Ability to assign users to groups',1) ";
$_DATA[] = "INSERT INTO {$_TABLES['frontpagecodes']} (code, name) VALUES (0,'Show Only in Topic') ";
$_DATA[] = "INSERT INTO {$_TABLES['frontpagecodes']} (code, name) VALUES (1,'Show on Front Page') ";
diff -r b4dc97200076 -r 10dfb994ef83 sql/updates/mssql_1.5.2_to_1.6.0.php
--- a/sql/updates/mssql_1.5.2_to_1.6.0.php Sat Feb 21 22:41:54 2009 +0100
+++ b/sql/updates/mssql_1.5.2_to_1.6.0.php Sat Feb 21 22:58:23 2009 +0100
@@ -7,6 +7,7 @@
$_SQL[] = "INSERT INTO {$_TABLES['features']} (ft_name, ft_descr, ft_gl_core) VALUES ('plugin.install','Can install/uninstall plugins',1)";
$_SQL[] = "INSERT INTO {$_TABLES['features']} (ft_name, ft_descr, ft_gl_core) VALUES ('plugin.upload','Can upload new plugins',1)";
$_SQL[] = "UPDATE {$_TABLES['features']} SET ft_descr = 'Can change plugin status' WHERE ft_name = 'plugin.edit'";
+$_SQL[] = "INSERT INTO {$_TABLES['features']} (ft_name, ft_descr, ft_gl_core) VALUES ('group.assign','Ability to assign users to groups',1)";
/**
* Add new config options
@@ -55,10 +56,10 @@
}
/**
- * Add new plugin-related permissions to Plugin Admin group
+ * Add new permissions
*
*/
-function upgrade_addPluginPermissions()
+function upgrade_addNewPermissions()
{
global $_TABLES;
@@ -66,12 +67,21 @@
"ft_name = 'plugin.install'");
$upload_id = DB_getItem($_TABLES['features'], 'ft_id',
"ft_name = 'plugin.upload'");
- $grp_id = DB_getItem($_TABLES['groups'], 'grp_id',
+ $plg_id = DB_getItem($_TABLES['groups'], 'grp_id',
"grp_name = 'Plugin Admin'");
- if (($grp_id > 0) && ($install_id > 0) && ($upload_id > 0)) {
- DB_query("INSERT INTO {$_TABLES['access']} (acc_ft_id, acc_grp_id) VALUES ($install_id, $grp_id)");
- DB_query("INSERT INTO {$_TABLES['access']} (acc_ft_id, acc_grp_id) VALUES ($upload_id, $grp_id)");
+ if (($plg_id > 0) && ($install_id > 0) && ($upload_id > 0)) {
+ DB_query("INSERT INTO {$_TABLES['access']} (acc_ft_id, acc_grp_id) VALUES ($install_id, $plg_id)");
+ DB_query("INSERT INTO {$_TABLES['access']} (acc_ft_id, acc_grp_id) VALUES ($upload_id, $plg_id)");
+ }
+
+ $assign_id = DB_getItem($_TABLES['features'], 'ft_id',
+ "ft_name = 'group.assign'");
+ $grp_id = DB_getItem($_TABLES['groups'], 'grp_id',
+ "grp_name = 'Group Admin'");
+
+ if (($grp_id > 0) && ($assign_id > 0)) {
+ DB_query("INSERT INTO {$_TABLES['access']} (acc_ft_id, acc_grp_id) VALUES ($assign_id, $grp_id)");
}
}
diff -r b4dc97200076 -r 10dfb994ef83 sql/updates/mysql_1.5.2_to_1.6.0.php
--- a/sql/updates/mysql_1.5.2_to_1.6.0.php Sat Feb 21 22:41:54 2009 +0100
+++ b/sql/updates/mysql_1.5.2_to_1.6.0.php Sat Feb 21 22:58:23 2009 +0100
@@ -8,6 +8,7 @@
$_SQL[] = "INSERT INTO {$_TABLES['features']} (ft_name, ft_descr, ft_gl_core) VALUES ('plugin.install','Can install/uninstall plugins',1)";
$_SQL[] = "INSERT INTO {$_TABLES['features']} (ft_name, ft_descr, ft_gl_core) VALUES ('plugin.upload','Can upload new plugins',1)";
$_SQL[] = "UPDATE {$_TABLES['features']} SET ft_descr = 'Can change plugin status' WHERE ft_name = 'plugin.edit'";
+$_SQL[] = "INSERT INTO {$_TABLES['features']} (ft_name, ft_descr, ft_gl_core) VALUES ('group.assign','Ability to assign users to groups',1)";
/**
* Add new config options
@@ -56,10 +57,10 @@
}
/**
- * Add new plugin-related permissions to Plugin Admin group
+ * Add new permissions
*
*/
-function upgrade_addPluginPermissions()
+function upgrade_addNewPermissions()
{
global $_TABLES;
@@ -67,12 +68,21 @@
"ft_name = 'plugin.install'");
$upload_id = DB_getItem($_TABLES['features'], 'ft_id',
"ft_name = 'plugin.upload'");
- $grp_id = DB_getItem($_TABLES['groups'], 'grp_id',
+ $plg_id = DB_getItem($_TABLES['groups'], 'grp_id',
"grp_name = 'Plugin Admin'");
- if (($grp_id > 0) && ($install_id > 0) && ($upload_id > 0)) {
- DB_query("INSERT INTO {$_TABLES['access']} (acc_ft_id, acc_grp_id) VALUES ($install_id, $grp_id)");
- DB_query("INSERT INTO {$_TABLES['access']} (acc_ft_id, acc_grp_id) VALUES ($upload_id, $grp_id)");
+ if (($plg_id > 0) && ($install_id > 0) && ($upload_id > 0)) {
+ DB_query("INSERT INTO {$_TABLES['access']} (acc_ft_id, acc_grp_id) VALUES ($install_id, $plg_id)");
+ DB_query("INSERT INTO {$_TABLES['access']} (acc_ft_id, acc_grp_id) VALUES ($upload_id, $plg_id)");
+ }
+
+ $assign_id = DB_getItem($_TABLES['features'], 'ft_id',
+ "ft_name = 'group.assign'");
+ $grp_id = DB_getItem($_TABLES['groups'], 'grp_id',
+ "grp_name = 'Group Admin'");
+
+ if (($grp_id > 0) && ($assign_id > 0)) {
+ DB_query("INSERT INTO {$_TABLES['access']} (acc_ft_id, acc_grp_id) VALUES ($assign_id, $grp_id)");
}
}
More information about the geeklog-cvs
mailing list