Merge pull request #684 from Sama34/wip-435

WIP #435 Moderation Tools Permissions
mybb · Jun 24, 2014 · 8df0fbd · 8df0fbd
2 parents 8643bba + 401c5a6
commit 8df0fbd
Show file tree

Hide file tree

Showing 9 changed files with 281 additions and 13 deletions.
diff --git a/admin/modules/config/mod_tools.php b/admin/modules/config/mod_tools.php
diff --git a/forumdisplay.php b/forumdisplay.php
@@ -1272,14 +1272,29 @@
 	{
 		if(is_moderator($fid, "canusecustomtools") && $has_modtools == true)
 		{
+			$gids = explode(',', $mybb->user['additionalgroups']);
+			$gids[] = $mybb->user['usergroup'];
+			$gids = array_filter(array_unique($gids));
+
+			$gidswhere = '';
 			switch($db->type)
 			{
 				case "pgsql":
 				case "sqlite":
-					$query = $db->simple_select("modtools", 'tid, name', "(','||forums||',' LIKE '%,$fid,%' OR ','||forums||',' LIKE '%,-1,%' OR forums='') AND type = 't'");
+					foreach($gids as $gid)
+					{
+						$gid = (int)$gid;
+						$gidswhere .= " OR ','||groups||',' LIKE '%,{$gid},%'";
+					}
+					$query = $db->simple_select("modtools", 'tid, name', "(','||forums||',' LIKE '%,$fid,%' OR ','||forums||',' LIKE '%,-1,%' OR forums='') AND (groups=''{$gidswhere}) AND type = 't'");
 					break;
 				default:
-					$query = $db->simple_select("modtools", 'tid, name', "(CONCAT(',',forums,',') LIKE '%,$fid,%' OR CONCAT(',',forums,',') LIKE '%,-1,%' OR forums='') AND type = 't'");
+					foreach($gids as $gid)
+					{
+						$gid = (int)$gid;
+						$gidswhere .= " OR CONCAT(',',groups,',') LIKE '%,{$gid},%'";
+					}
+					$query = $db->simple_select("modtools", 'tid, name', "(CONCAT(',',forums,',') LIKE '%,$fid,%' OR CONCAT(',',forums,',') LIKE '%,-1,%' OR forums='') AND (groups=''{$gidswhere}) AND type = 't'");
 			}
 
 			while($tool = $db->fetch_array($query))

diff --git a/inc/languages/english/admin/config_mod_tools.lang.php b/inc/languages/english/admin/config_mod_tools.lang.php
@@ -41,6 +41,7 @@
 $l['general_options'] = "General Options";
 $l['short_description'] = "Short Description";
 $l['available_in_forums'] = "Available in forums";
+$l['available_to_groups'] = "Available to groups";
 $l['save_thread_tool'] = "Save Thread Tool";
 
 $l['title'] = "Title";
@@ -124,5 +125,6 @@
 $l['error_missing_title'] = "Please enter a name for this tool.";
 $l['error_missing_description'] = "Please enter a short description for this tool.";
 $l['error_no_forums_selected'] = "Please select the forums in which this tool will be available.";
+$l['error_no_groups_selected'] = "Please select the groups to which this tool will be available.";
 $l['error_forum_is_category'] = "You can't pick a category-type forum as a destination forum.";
 ?>
diff --git a/install/resources/mysql_db_tables.php b/install/resources/mysql_db_tables.php
@@ -471,6 +471,7 @@
 	name varchar(200) NOT NULL,
 	description text NOT NULL,
 	forums text NOT NULL,
+	groups text NOT NULL,
 	type char(1) NOT NULL default '',
 	postoptions text NOT NULL,
 	threadoptions text NOT NULL,

diff --git a/install/resources/pgsql_db_tables.php b/install/resources/pgsql_db_tables.php
@@ -454,6 +454,7 @@
 	name varchar(200) NOT NULL,
 	description text NOT NULL default '',
 	forums text NOT NULL default '',
+	groups text NOT NULL default '',
 	type char(1) NOT NULL default '',
 	postoptions text NOT NULL default '',
 	threadoptions text NOT NULL default '',

diff --git a/install/resources/sqlite_db_tables.php b/install/resources/sqlite_db_tables.php
@@ -421,6 +421,7 @@
 	name varchar(200) NOT NULL default '',
 	description TEXT NOT NULL,
 	forums TEXT NOT NULL,
+	groups TEXT NOT NULL,
 	type char(1) NOT NULL default '',
 	postoptions TEXT NOT NULL,
 	threadoptions TEXT NOT NULL

diff --git a/install/resources/upgrade29.php b/install/resources/upgrade29.php
@@ -21,4 +21,4 @@
 @set_time_limit(0);
 
 /* Nothing to do for 1.6.13 */
-?>
+?>
diff --git a/moderation.php b/moderation.php
@@ -2673,6 +2673,11 @@
 			// Verify incoming POST request
 			verify_post_check($mybb->get_input('my_post_key'));
 
+
+			if(!empty($tool['groups']) && !is_member($tool['groups']))
+			{
+				error_no_permission();
+			}
 			if($tool['type'] == 't' && $mybb->get_input('modtype') == 'inlinethread')
 			{
 				if($mybb->get_input('inlinetype') == 'search')

diff --git a/showthread.php b/showthread.php
@@ -1192,14 +1192,29 @@
 
 		if(is_moderator($forum['fid'], "canusecustomtools") && (!empty($forum_stats[-1]['modtools']) || !empty($forum_stats[$forum['fid']]['modtools'])))
 		{
+			$gids = explode(',', $mybb->user['additionalgroups']);
+			$gids[] = $mybb->user['usergroup'];
+			$gids = array_filter(array_unique($gids));
+
+			$gidswhere = '';
 			switch($db->type)
 			{
 				case "pgsql":
 				case "sqlite":
-					$query = $db->simple_select("modtools", "tid, name, type", "','||forums||',' LIKE '%,$fid,%' OR ','||forums||',' LIKE '%,-1,%' OR forums=''");
+					foreach($gids as $gid)
+					{
+						$gid = (int)$gid;
+						$gidswhere .= " OR ','||groups||',' LIKE '%,{$gid},%'";
+					}
+					$query = $db->simple_select("modtools", "tid, name, type", "(','||forums||',' LIKE '%,$fid,%' OR ','||forums||',' LIKE '%,-1,%' OR forums='') AND (groups=''{$gidswhere})");
 					break;
 				default:
-					$query = $db->simple_select("modtools", "tid, name, type", "CONCAT(',',forums,',') LIKE '%,$fid,%' OR CONCAT(',',forums,',') LIKE '%,-1,%' OR forums=''");
+					foreach($gids as $gid)
+					{
+						$gid = (int)$gid;
+						$gidswhere .= " OR CONCAT(',',groups,',') LIKE '%,{$gid},%'";
+					}
+					$query = $db->simple_select("modtools", "tid, name, type", "(CONCAT(',',forums,',') LIKE '%,$fid,%' OR CONCAT(',',forums,',') LIKE '%,-1,%' OR forums='') AND (groups=''{$gidswhere})");
 			}
 
 			while($tool = $db->fetch_array($query))