Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

[ticket/10537] Remove unnecessary permissions #505

Closed
wants to merge 23 commits into from

7 participants

David King Joas Schilling Nils Adermann Don't Add Me To Your Organization a.k.a The Travis Bot Andreas Fischer Oleg Pudeyev Nathan Guse
David King
Collaborator

http://tracker.phpbb.com/browse/PHPBB3-10537

See RFC for permissions suggested for removal.

(BTW, I closed the old pull request because I screwed up the commits and such trying to squash them into one.)

phpBB/develop/add_permissions.php
... ...
@@ -5,7 +5,7 @@
5 5
 //
6 6
 // FILENAME  : add_permissions.php
7 7
 // STARTED   : Sat Nov 06, 2004
8  
-// COPYRIGHT : © 2004 phpBB Group
  8
+// COPYRIGHT : � 2004 phpBB Group
2
David King Collaborator

For the record, I did not make this change. Probably something screwy with my editor. Can we just switch it to (c) instead of the copyright symbol like it is in other files?

Joas Schilling Collaborator

Maybe its because of UTF8?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
phpBB/viewforum.php
... ...
@@ -209,7 +209,7 @@
209 209
 	'is_watching'	=> false,
210 210
 );
211 211
 
212  
-if (($config['email_enable'] || $config['jab_enable']) && $config['allow_forum_notify'] && $forum_data['forum_type'] == FORUM_POST && ($auth->acl_get('f_subscribe', $forum_id) || $user->data['user_id'] == ANONYMOUS))
  212
+if (($config['email_enable'] || $config['jab_enable']) && $config['allow_forum_notify'] && $forum_data['forum_type'] == FORUM_POST && $user->data['user_id'] == ANONYMOUS)
3
David King Collaborator

Just to clarify, I was unsure of the intended logic. Previously, it was checking that the user either: 1) had auth or 2) was a guest. Now it just checks if the user is a guest. Is this correct?

David King Collaborator
imkingdavid added a note

I still don't understand what is intended here. Can someone double check this before this gets merged?

Nils Adermann Owner
naderman added a note

As per IRC: the anonymous check should be removed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
phpBB/develop/add_permissions.php
... ...
@@ -5,7 +5,7 @@
5 5
 //
6 6
 // FILENAME  : add_permissions.php
7 7
 // STARTED   : Sat Nov 06, 2004
8  
-// COPYRIGHT : © 2004 phpBB Group
  8
+// COPYRIGHT : © 2004 phpBB Group
4
David King Collaborator

Why is there an A character there now... it's not in the commit imkingdavid@00255d0 as far as I can tell

Nils Adermann Owner
naderman added a note

Think this is just caused by the diff engine on github assuming ISO-8859-1

Oleg Pudeyev
p added a note

We worked this out somewhere - I believe the old version was iso-8859-1 and the new version is utf-8, github decides to render the file in 8859-1 which produces this result.

David King Collaborator
imkingdavid added a note

This issue becomes nonexistent if I merge in develop because the copyright symbol was replaced, iirc, with (c) for consistency across develop/ files.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
David King
Collaborator

I still don't understand the way the logic should be in viewforum.php (see the comment I made there). Can someone else take a look?

Joas Schilling nickvergessen commented on the diff
phpBB/includes/ucp/ucp_pm_compose.php
... ...
@@ -1078,8 +1073,8 @@ function compose_pm($id, $mode, $action, $user_folders = array())
1078 1073
 		'S_SIGNATURE_CHECKED'	=> ($sig_checked) ? ' checked="checked"' : '',
1079 1074
 		'S_LINKS_ALLOWED'		=> $url_status,
1080 1075
 		'S_MAGIC_URL_CHECKED'	=> ($urls_checked) ? ' checked="checked"' : '',
1081  
-		'S_SAVE_ALLOWED'		=> ($auth->acl_get('u_savedrafts') && $action != 'edit') ? true : false,
1082  
-		'S_HAS_DRAFTS'			=> ($auth->acl_get('u_savedrafts') && $drafts),
  1076
+		'S_SAVE_ALLOWED'		=> (($auth->acl_get('u_sendpm') || $auth->acl_get('u_pm_reply')) && $action != 'edit') ? true : false,
7
Joas Schilling Collaborator

Do we still have a setting to turn off the draft stuff?

David King Collaborator

I don't see a setting to enable/disable drafts, neither in the ACP or in the code itself.

The draft mode within the UCP does/did not implement the permission that is being removed, so ultimately, a user without permission to use drafts can still access that area of the UCP. In fact, a user that has a saved draft and has Never set for the savedraft permission, can still access it but when he tries to load a draft, it just opens an empty posting page.

So really, the only part of the draft system that can be disabled even with the permission is saving drafts. There is not a global on/off permission or a global on/off setting.

IMO, we should remove this permission and implement a board setting to allow admin to global disable drafts if they really need to.

Joas Schilling Collaborator

IMO, we should remove this permission and implement a board setting to allow admin to global disable drafts if they really need to.

Which is exactly what I wanted to point out ;) It should be possible to disable them.

David King Collaborator

However, that would be a separate RFC, I think. This RFC is only for removing permissions, not adding settings.

Joas Schilling Collaborator

But this RFC removes the "control" setting of this feature :P

Nils Adermann Owner
naderman added a note

Don't see a point for that setting. Let's just remove the permission.

Nathan Guse Collaborator

I would prefer a separate PR for enabling/disabling drafts as a whole if we decide it is necessary (I do not think it is myself).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Joas Schilling
Collaborator

You should add an article to the wiki with a table what is removed or replaced by what...

Nils Adermann
Owner

I agree with nickvergessen, that this needs an article on the wiki - will merge when that is created.

David King
Collaborator

To note, here is a wiki page listing the removed permissions. It is also linked from the 3.1 overview page.
http://wiki.phpbb.com/Permissions_Removed_in_3.1

Don't Add Me To Your Organization a.k.a The Travis Bot

This pull request fails (merged abe3001b into e045a80).

Don't Add Me To Your Organization a.k.a The Travis Bot

This pull request fails (merged 6917296f into e045a80).

Don't Add Me To Your Organization a.k.a The Travis Bot

This pull request fails (merged b12e0d83 into e045a80).

Don't Add Me To Your Organization a.k.a The Travis Bot

This pull request passes (merged 0b32e33e into e045a80).

Don't Add Me To Your Organization a.k.a The Travis Bot

This pull request passes (merged c1be6aa4 into d866624).

Don't Add Me To Your Organization a.k.a The Travis Bot

This pull request passes (merged 2466d4f0 into d866624).

phpBB/install/database_update.php
... ...
@@ -2666,6 +2666,32 @@ function change_database_data(&$no_updates, $version)
2666 2666
 				$db_tools->sql_column_remove(USERS_TABLE, 'user_dst');
2667 2667
 			}
2668 2668
 
  2669
+			// Remove unnecessary permissions
4
Andreas Fischer Collaborator
bantu added a note

The auth class or auth management class should have a method for dropping permissions.

This part here should then look like
foreach ('u_pm_delete' ... 'a_jabber' as $perm) { $auth->drop_permission($perm); }

David King Collaborator

Neither class has one. This is how it is done in UMIL.

Andreas Fischer Collaborator
bantu added a note

Then you should add one.

Oleg Pudeyev
p added a note

Should take a list of permissions for efficiency reasons.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Andreas Fischer
Collaborator

Patch looks incomplete. Check recent file.php and functions_download.php changes.

phpBB/install/database_update.php
((9 lines not shown))
  2674
+					'u_pm_printpm',
  2675
+					'f_print',
  2676
+					'f_subscribe',
  2677
+					'u_pm_emailpm',
  2678
+					'u_pm_forward',
  2679
+					'u_pm_download',
  2680
+					'u_savedrafts',
  2681
+					'a_jabber',
  2682
+				));
  2683
+			$result = $db->sql_query($sql);
  2684
+			while ($row = $db->sql_query($sql))
  2685
+			{
  2686
+				$auth_option_id = (int) $row['auth_option_id'];
  2687
+				foreach (array(ACL_GROUPS_TABLE, ACL_ROLES_DATA_TABLE, ACL_USERS_TABLE, ACL_OPTIONS_TABLE) as $table)
  2688
+				{
  2689
+					$db->sql_query("DELETE FROM $table WHERE auth_option_id = $auth_option_id");
1
Oleg Pudeyev
p added a note

Use sql_in_set and a single delete per table.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Oleg Pudeyev
p commented

I think I support this now. Please merge/rebase on develop and

Patch looks incomplete. Check recent file.php and functions_download.php changes.

David King
Collaborator

I did not see any further use of u_pm_download in file.php, and the one occurrence in includes/functions_download.php has been changed to fall back on u_download.

All that is left to do is rebase onto develop.

David King
Collaborator

@p This has been rebased onto develop

phpBB/install/database_update.php
((12 lines not shown))
  2851
+					'u_pm_emailpm',
  2852
+					'u_pm_forward',
  2853
+					'u_pm_download',
  2854
+					'u_savedrafts',
  2855
+					'a_jabber',
  2856
+				));
  2857
+			$result = $db->sql_query($sql);
  2858
+			$option_ids = array();
  2859
+			while ($row = $db->sql_query($sql))
  2860
+			{
  2861
+				$option_ids[] = (int) $row['auth_option_id'];
  2862
+			}
  2863
+
  2864
+			foreach (array(ACL_GROUPS_TABLE, ACL_ROLES_DATA_TABLE, ACL_USERS_TABLE, ACL_OPTIONS_TABLE) as $table)
  2865
+			{
  2866
+				$db->sql_query("DELETE FROM $table WHERE " . $db->sql_in_set('auth_option_id', $option_ids));
1
Andreas Fischer Collaborator
bantu added a note

Query formatting + use the _sql() function.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Oleg Pudeyev
p commented

Extract a function to delete permissions like #985?

phpBB/install/database_update.php
... ...
@@ -882,6 +882,48 @@ function _add_permission(auth_admin $auth_admin, dbal $db, $permission_name, $is
882 882
 	return true;
883 883
 }
884 884
 
  885
+/**
  886
+* Remove the specified permissions
  887
+*
  888
+* @param array $permissions Permission names (e.g. u_sendpm)
  889
+* @param bool $errored Whether an SQL error has occured (used by _sql())
  890
+* @param array $error_ary Array of SQL errors (used by _sql())
  891
+* @param dbal $db Database object
  892
+* @param phpbb_cache_service $cache Cache object
  893
+* @param phpbb_auth $auth Auth object
  894
+* @return null
  895
+*/
  896
+function _remove_permissions(array $permissions, &$errored, &$error_ary, dbal $db, phpbb_cache_service $cache, phpbb_auth $auth)
1
Oleg Pudeyev
p added a note

The order of arguments should be consistent with _add_permissions as much as possible.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Oleg Pudeyev
p commented

Due to #908 merge please rebase and apply the equivalent of p@1a1ae1b.

added some commits
David King [ticket/10537] Removed u_pm_delete permission
PHPBB3-10537
060e601
David King [ticket/10537] Removed f_print permission
PHPBB3-10537
1325826
David King [ticket/10537] Removed u_pm_printpm permission
PHPBB3-10537
c6919e1
David King [ticket/10537] Removed f_subscribe permission
PHPBB3-10537
e7312d3
David King [ticket/10537] Removed unused u_pm_emailpm permission
PHPBB3-10537
9e5b741
David King [ticket/10537] Somehow permissions got added back; now removed again
PHPBB3-10537
a216a58
David King [ticket/10537] Removed u_pm_forward, merged with u_sendpm
PHPBB3-10537
a52be97
David King [ticket/10537] Removed u_pm_download, some places merged with u_download
PHPBB3-10537
67e1447
David King [ticket/10537] Removed u_savedrafts, using f_post/f_reply, u_sendpm/u…
…_pm_reply

PHPBB3-10537
2666e7f
David King [ticket/10537] Removed a_jabber, merged with a_server
PHPBB3-10537
1bfb962
David King [ticket/10537] Forgot a language entry
PHPBB3-10537
a8f7412
David King [ticket/10537] Removed faulty anonymous check from changed logic
PHPBB3-10537
39fec3a
David King [ticket/10537] Fall back on u_download after removing u_pm_download
PHPBB3-10537
876b1d4
David King [ticket/10537] Fixed improper conditional after removing u_pm_download
PHPBB3-10537
887cb3c
David King [ticket/10537] Removed unused language entry
PHPBB3-10537
b2ddee2
David King [ticket/10537] Fixed syntax error caused by typo: $auth->acl-get. Oops.
PHPBB3-10537
aced135
David King [ticket/10537] Remove the permissions upon update
PHPBB3-10537
1c699cd
David King [ticket/10537] Use sql_in_set() once per table in database_update.php
PHPBB3-10537
3df43e0
David King [ticket/10537] Remove usage of u_pm_download, fallback to u_download
PHPBB3-10537
5d9cdeb
David King [ticket/10537] Move permission deletion to a function
PHPBB3-10537
4e32571
David King [ticket/10537] Fix _remove_permissions() function
PHPBB3-10537
9f46db9
David King [ticket/10537] Use consistent argument order
PHPBB3-10537
74c7b39
David King [ticket/10537] Use proper type hinting since phpbb_db_driver merge
PHPBB3-10537
3eae6ba
David King
Collaborator

@p Done

Oleg Pudeyev
p commented

Database updated a new QI board.

Gave admin never for u_sendpm.

Going to manage pm drafts (http://localqi//boards/x34/ucp.php?i=ucp_pm&mode=drafts) - shows:

Here you can view, edit and delete your saved drafts.

No drafts saved.

(normal ui). I would expect this to be prohibited.

It seems that pre-patch behavior is the same.

David King
Collaborator

It seems that pre-patch behavior is the same.
Then that should go in a separate ticket/PR.

Oleg Pudeyev
p commented

Were the changes made in this PR tested?

David King
Collaborator

I tested that the permissions were removed. I have not yet tested that all functionality still works (I will need to go through to each thing that was changed and ensure that it still works as intended, which may take a while).

Oleg Pudeyev
p commented

That's kind of important?

Are you saying none of the changes outside of db updater/schema have been tested?

Oleg Pudeyev
p commented

It seems that pre-patch behavior is the same.

This is supposed to be discovered during testing, and if you do not intend to fix it in the PR being submitted a ticket should be created and linked to from the PR.

David King
Collaborator

Are you saying none of the changes outside of db updater/schema have been tested?

Not none; I tested some of it a while back (though I cannot remember specifically which parts). I just haven't had a chance to test it all recently. With exams done I should have plenty of time.

Nathan Guse EXreaction commented on the diff
phpBB/language/en/ucp.php
@@ -313,7 +313,6 @@
313 313
 	'NO_AUTHOR'						=> 'No author defined for this message',
314 314
 	'NO_AVATAR_CATEGORY'			=> 'None',
315 315
 
316  
-	'NO_AUTH_DELETE_MESSAGE'		=> 'You are not authorised to delete private messages.',
317 316
 	'NO_AUTH_EDIT_MESSAGE'			=> 'You are not authorised to edit private messages.',
318 317
 	'NO_AUTH_FORWARD_MESSAGE'		=> 'You are not authorised to forward private messages.',
1
Nathan Guse Collaborator

Is this error still used with u_pm_forward removed?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Nathan Guse
Collaborator

Code looks good to me, I will test this now.

Nathan Guse
Collaborator

The permissions for the email friend button on viewtopic is not the same as the actual page. As a guest I can see the button, but clicking it gives me: "You are not permitted to send email to this user."

Where is the u_pm_reply permission? This permission does not exist (at least not on the version of develop this is based on). Was this added in a a different PR?

Would you mind rebasing this on develop? Merging causes conflicts.

Nathan Guse
Collaborator
David King
Collaborator

Because the codebase has changed significantly since i started, i'm going to close this and start over.

David King imkingdavid closed this
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Showing 23 unique commits by 1 author.

Dec 14, 2012
David King [ticket/10537] Removed u_pm_delete permission
PHPBB3-10537
060e601
David King [ticket/10537] Removed f_print permission
PHPBB3-10537
1325826
David King [ticket/10537] Removed u_pm_printpm permission
PHPBB3-10537
c6919e1
David King [ticket/10537] Removed f_subscribe permission
PHPBB3-10537
e7312d3
David King [ticket/10537] Removed unused u_pm_emailpm permission
PHPBB3-10537
9e5b741
David King [ticket/10537] Somehow permissions got added back; now removed again
PHPBB3-10537
a216a58
David King [ticket/10537] Removed u_pm_forward, merged with u_sendpm
PHPBB3-10537
a52be97
David King [ticket/10537] Removed u_pm_download, some places merged with u_download
PHPBB3-10537
67e1447
David King [ticket/10537] Removed u_savedrafts, using f_post/f_reply, u_sendpm/u…
…_pm_reply

PHPBB3-10537
2666e7f
David King [ticket/10537] Removed a_jabber, merged with a_server
PHPBB3-10537
1bfb962
David King [ticket/10537] Forgot a language entry
PHPBB3-10537
a8f7412
David King [ticket/10537] Removed faulty anonymous check from changed logic
PHPBB3-10537
39fec3a
David King [ticket/10537] Fall back on u_download after removing u_pm_download
PHPBB3-10537
876b1d4
David King [ticket/10537] Fixed improper conditional after removing u_pm_download
PHPBB3-10537
887cb3c
David King [ticket/10537] Removed unused language entry
PHPBB3-10537
b2ddee2
David King [ticket/10537] Fixed syntax error caused by typo: $auth->acl-get. Oops.
PHPBB3-10537
aced135
David King [ticket/10537] Remove the permissions upon update
PHPBB3-10537
1c699cd
David King [ticket/10537] Use sql_in_set() once per table in database_update.php
PHPBB3-10537
3df43e0
David King [ticket/10537] Remove usage of u_pm_download, fallback to u_download
PHPBB3-10537
5d9cdeb
David King [ticket/10537] Move permission deletion to a function
PHPBB3-10537
4e32571
David King [ticket/10537] Fix _remove_permissions() function
PHPBB3-10537
9f46db9
David King [ticket/10537] Use consistent argument order
PHPBB3-10537
74c7b39
David King [ticket/10537] Use proper type hinting since phpbb_db_driver merge
PHPBB3-10537
3eae6ba
This page is out of date. Refresh to see the latest.
8  phpBB/develop/add_permissions.php
@@ -71,12 +71,10 @@
71 71
 	'f_sigs'	=> array(1, 0),
72 72
 	'f_search'	=> array(1, 0),
73 73
 	'f_email'	=> array(1, 0),
74  
-	'f_print'	=> array(1, 0),
75 74
 	'f_ignoreflood'	=> array(1, 0),
76 75
 	'f_postcount'	=> array(1, 0),
77 76
 	'f_noapprove'=> array(1, 0),
78 77
 	'f_report'	=> array(1, 0),
79  
-	'f_subscribe'	=> array(1, 0),
80 78
 );
81 79
 
82 80
 $m_permissions = array(
@@ -147,19 +145,13 @@
147 145
 	'u_chgpasswd'	=> array(0, 1),
148 146
 	'u_chgcensors'	=> array(0, 1),
149 147
 	'u_search'		=> array(0, 1),
150  
-	'u_savedrafts'	=> array(0, 1),
151 148
 	'u_download'	=> array(0, 1),
152 149
 	'u_attach'		=> array(0, 1),
153 150
 	'u_sig'			=> array(0, 1),
154 151
 	'u_pm_attach'	=> array(0, 1),
155 152
 	'u_pm_bbcode'	=> array(0, 1),
156 153
 	'u_pm_smilies'	=> array(0, 1),
157  
-	'u_pm_download'	=> array(0, 1),
158 154
 	'u_pm_edit'		=> array(0, 1),
159  
-	'u_pm_printpm'	=> array(0, 1),
160  
-	'u_pm_emailpm'	=> array(0, 1),
161  
-	'u_pm_forward'	=> array(0, 1),
162  
-	'u_pm_delete'	=> array(0, 1),
163 155
 	'u_pm_img'		=> array(0, 1),
164 156
 	'u_pm_flash'	=> array(0, 1),
165 157
 );
2  phpBB/download/file.php
@@ -234,7 +234,7 @@
234 234
 		// We allow admins having attachment permissions to see orphan attachments...
235 235
 		$own_attachment = ($auth->acl_get('a_attach') || $attachment['poster_id'] == $user->data['user_id']) ? true : false;
236 236
 
237  
-		if (!$own_attachment || ($attachment['in_message'] && !$auth->acl_get('u_pm_download')) || (!$attachment['in_message'] && !$auth->acl_get('u_download')))
  237
+		if (!$own_attachment || !$auth->acl_get('u_download'))
238 238
 		{
239 239
 			send_status_line(404, 'Not Found');
240 240
 			trigger_error('ERROR_NO_ATTACHMENT');
2  phpBB/includes/acp/info/acp_jabber.php
@@ -19,7 +19,7 @@ function module()
19 19
 			'title'		=> 'ACP_JABBER_SETTINGS',
20 20
 			'version'	=> '1.0.0',
21 21
 			'modes'		=> array(
22  
-				'settings'		=> array('title' => 'ACP_JABBER_SETTINGS', 'auth' => 'acl_a_jabber', 'cat' => array('ACP_CLIENT_COMMUNICATION')),
  22
+				'settings'		=> array('title' => 'ACP_JABBER_SETTINGS', 'auth' => 'acl_a_server', 'cat' => array('ACP_CLIENT_COMMUNICATION')),
23 23
 			),
24 24
 		);
25 25
 	}
2  phpBB/includes/functions_download.php
@@ -660,7 +660,7 @@ function phpbb_download_handle_forum_auth($db, $auth, $topic_id)
660 660
 */
661 661
 function phpbb_download_handle_pm_auth($db, $auth, $user_id, $msg_id)
662 662
 {
663  
-	if (!$auth->acl_get('u_pm_download'))
  663
+	if (!$auth->acl_get('u_download'))
664 664
 	{
665 665
 		send_status_line(403, 'Forbidden');
666 666
 		trigger_error('SORRY_AUTH_VIEW_ATTACH');
5  phpBB/includes/functions_privmsgs.php
@@ -940,11 +940,6 @@ function handle_mark_actions($user_id, $mark_action)
940 940
 
941 941
 			global $auth;
942 942
 
943  
-			if (!$auth->acl_get('u_pm_delete'))
944  
-			{
945  
-				trigger_error('NO_AUTH_DELETE_MESSAGE');
946  
-			}
947  
-
948 943
 			if (confirm_box(true))
949 944
 			{
950 945
 				delete_pm($user_id, $msg_ids, $cur_folder_id);
2  phpBB/includes/mcp/mcp_pm_reports.php
@@ -123,7 +123,7 @@ function main($id, $mode)
123 123
 				$message = bbcode_nl2br($message);
124 124
 				$message = smiley_text($message);
125 125
 
126  
-				if ($pm_info['message_attachment'] && $auth->acl_get('u_pm_download'))
  126
+				if ($pm_info['message_attachment'] && $auth->acl_get('u_download'))
127 127
 				{
128 128
 					$sql = 'SELECT *
129 129
 						FROM ' . ATTACHMENTS_TABLE . '
17  phpBB/includes/ucp/ucp_pm_compose.php
@@ -191,11 +191,6 @@ function compose_pm($id, $mode, $action, $user_folders = array())
191 191
 		break;
192 192
 
193 193
 		case 'delete':
194  
-			if (!$auth->acl_get('u_pm_delete'))
195  
-			{
196  
-				trigger_error('NO_AUTH_DELETE_MESSAGE');
197  
-			}
198  
-
199 194
 			if (!$msg_id)
200 195
 			{
201 196
 				trigger_error('NO_MESSAGE');
@@ -216,7 +211,7 @@ function compose_pm($id, $mode, $action, $user_folders = array())
216 211
 		break;
217 212
 	}
218 213
 
219  
-	if ($action == 'forward' && (!$config['forward_pm'] || !$auth->acl_get('u_pm_forward')))
  214
+	if ($action == 'forward' && (!$config['forward_pm'] || !$auth->acl_get('u_sendpm')))
220 215
 	{
221 216
 		trigger_error('NO_AUTH_FORWARD_MESSAGE');
222 217
 	}
@@ -514,7 +509,7 @@ function compose_pm($id, $mode, $action, $user_folders = array())
514 509
 	$enable_magic_url = $drafts = false;
515 510
 
516 511
 	// User own some drafts?
517  
-	if ($auth->acl_get('u_savedrafts') && $action != 'delete')
  512
+	if (($auth->acl_get('u_sendpm') || $auth->acl_get('u_pm_reply')) && $action != 'delete')
518 513
 	{
519 514
 		$sql = 'SELECT draft_id
520 515
 			FROM ' . DRAFTS_TABLE . '
@@ -544,7 +539,7 @@ function compose_pm($id, $mode, $action, $user_folders = array())
544 539
 	$url_status		= ($config['allow_post_links']) ? true : false;
545 540
 
546 541
 	// Save Draft
547  
-	if ($save && $auth->acl_get('u_savedrafts'))
  542
+	if ($save && ($auth->acl_get('u_sendpm') || $auth->acl_get('u_pm_reply')))
548 543
 	{
549 544
 		$subject = utf8_normalize_nfc(request_var('subject', '', true));
550 545
 		$subject = (!$subject && $action != 'post') ? $user->lang['NEW_MESSAGE'] : $subject;
@@ -607,7 +602,7 @@ function compose_pm($id, $mode, $action, $user_folders = array())
607 602
 	}
608 603
 
609 604
 	// Load Draft
610  
-	if ($draft_id && $auth->acl_get('u_savedrafts'))
  605
+	if ($draft_id && ($auth->acl_get('u_sendpm') || $auth->acl_get('u_pm_reply')))
611 606
 	{
612 607
 		$sql = 'SELECT draft_subject, draft_message
613 608
 			FROM ' . DRAFTS_TABLE . "
@@ -1078,8 +1073,8 @@ function compose_pm($id, $mode, $action, $user_folders = array())
1078 1073
 		'S_SIGNATURE_CHECKED'	=> ($sig_checked) ? ' checked="checked"' : '',
1079 1074
 		'S_LINKS_ALLOWED'		=> $url_status,
1080 1075
 		'S_MAGIC_URL_CHECKED'	=> ($urls_checked) ? ' checked="checked"' : '',
1081  
-		'S_SAVE_ALLOWED'		=> ($auth->acl_get('u_savedrafts') && $action != 'edit') ? true : false,
1082  
-		'S_HAS_DRAFTS'			=> ($auth->acl_get('u_savedrafts') && $drafts),
  1076
+		'S_SAVE_ALLOWED'		=> (($auth->acl_get('u_sendpm') || $auth->acl_get('u_pm_reply')) && $action != 'edit') ? true : false,
  1077
+		'S_HAS_DRAFTS'			=> (($auth->acl_get('u_sendpm') || $auth->acl_get('u_pm_reply')) && $drafts),
1083 1078
 		'S_FORM_ENCTYPE'		=> $form_enctype,
1084 1079
 
1085 1080
 		'S_BBCODE_IMG'			=> $img_status,
8  phpBB/includes/ucp/ucp_pm_viewfolder.php
@@ -64,12 +64,6 @@ function view_folder($id, $mode, $folder_id, $folder)
64 64
 
65 65
 		$mark_options = array('mark_important', 'delete_marked');
66 66
 
67  
-		// Minimise edits
68  
-		if (!$auth->acl_get('u_pm_delete') && $key = array_search('delete_marked', $mark_options))
69  
-		{
70  
-			unset($mark_options[$key]);
71  
-		}
72  
-
73 67
 		$s_mark_options = '';
74 68
 		foreach ($mark_options as $mark_option)
75 69
 		{
@@ -166,7 +160,7 @@ function view_folder($id, $mode, $folder_id, $folder)
166 160
 					'FOLDER_IMG'		=> $user->img($folder_img, $folder_alt),
167 161
 					'FOLDER_IMG_STYLE'	=> $folder_img,
168 162
 					'PM_IMG'			=> ($row_indicator) ? $user->img('pm_' . $row_indicator, '') : '',
169  
-					'ATTACH_ICON_IMG'	=> ($auth->acl_get('u_pm_download') && $row['message_attachment'] && $config['allow_pm_attach']) ? $user->img('icon_topic_attach', $user->lang['TOTAL_ATTACHMENTS']) : '',
  163
+					'ATTACH_ICON_IMG'	=> ($auth->acl_get('u_download') && $row['message_attachment'] && $config['allow_pm_attach']) ? $user->img('icon_topic_attach', $user->lang['TOTAL_ATTACHMENTS']) : '',
170 164
 
171 165
 					'S_PM_UNREAD'		=> ($row['pm_unread']) ? true : false,
172 166
 					'S_PM_DELETED'		=> ($row['pm_deleted']) ? true : false,
8  phpBB/includes/ucp/ucp_pm_viewmessage.php
@@ -108,7 +108,7 @@ function view_message($id, $mode, $folder_id, $msg_id, $folder, $message_row)
108 108
 
109 109
 	if ($message_row['message_attachment'] && $config['allow_pm_attach'])
110 110
 	{
111  
-		if ($auth->acl_get('u_pm_download'))
  111
+		if ($auth->acl_get('u_download'))
112 112
 		{
113 113
 			$sql = 'SELECT *
114 114
 				FROM ' . ATTACHMENTS_TABLE . "
@@ -244,7 +244,7 @@ function view_message($id, $mode, $folder_id, $msg_id, $folder, $message_row)
244 244
 		'U_MSN'			=> ($user_info['user_msnm'] && $auth->acl_get('u_sendim')) ? append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=contact&action=msnm&u=' . $author_id) : '',
245 245
 		'U_JABBER'		=> ($user_info['user_jabber'] && $auth->acl_get('u_sendim')) ? append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=contact&action=jabber&u=' . $author_id) : '',
246 246
 
247  
-		'U_DELETE'			=> ($auth->acl_get('u_pm_delete')) ? "$url&mode=compose&action=delete&f=$folder_id&p=" . $message_row['msg_id'] : '',
  247
+		'U_DELETE'			=> "$url&mode=compose&action=delete&f=$folder_id&p=" . $message_row['msg_id'],
248 248
 		'U_EMAIL'			=> $user_info['email'],
249 249
 		'U_REPORT'			=> ($config['allow_pm_report']) ? append_sid("{$phpbb_root_path}report.$phpEx", "pm=" . $message_row['msg_id']) : '',
250 250
 		'U_QUOTE'			=> ($auth->acl_get('u_sendpm') && $author_id != ANONYMOUS) ? "$url&mode=compose&action=quote&f=$folder_id&p=" . $message_row['msg_id'] : '',
@@ -265,8 +265,8 @@ function view_message($id, $mode, $folder_id, $msg_id, $folder, $message_row)
265 265
 		'S_BBCODE_ALLOWED'	=> ($bbcode_status) ? 1 : 0,
266 266
 		'S_CUSTOM_FIELDS'	=> (!empty($cp_row['row'])) ? true : false,
267 267
 
268  
-		'U_PRINT_PM'		=> ($config['print_pm'] && $auth->acl_get('u_pm_printpm')) ? "$url&f=$folder_id&p=" . $message_row['msg_id'] . "&view=print" : '',
269  
-		'U_FORWARD_PM'		=> ($config['forward_pm'] && $auth->acl_get('u_sendpm') && $auth->acl_get('u_pm_forward')) ? "$url&mode=compose&action=forward&f=$folder_id&p=" . $message_row['msg_id'] : '',
  268
+		'U_PRINT_PM'		=> $config['print_pm'] ? "$url&f=$folder_id&p=" . $message_row['msg_id'] . "&view=print" : '',
  269
+		'U_FORWARD_PM'		=> ($config['forward_pm'] && $auth->acl_get('u_sendpm')) ? "$url&mode=compose&action=forward&f=$folder_id&p=" . $message_row['msg_id'] : '',
270 270
 	);
271 271
 
272 272
 	/**
2  phpBB/install/convertors/functions_phpbb20.php
@@ -641,7 +641,7 @@ function phpbb_convert_authentication($mode)
641 641
 	$auth_map = array(
642 642
 		'auth_view'			=> array('f_', 'f_list'),
643 643
 		'auth_read'			=> array('f_read', 'f_search'),
644  
-		'auth_post'			=> array('f_post', 'f_bbcode', 'f_smilies', 'f_img', 'f_sigs', 'f_postcount', 'f_report', 'f_subscribe', 'f_print', 'f_email'),
  644
+		'auth_post'			=> array('f_post', 'f_bbcode', 'f_smilies', 'f_img', 'f_sigs', 'f_postcount', 'f_report', 'f_email'),
645 645
 		'auth_reply'		=> 'f_reply',
646 646
 		'auth_edit'			=> 'f_edit',
647 647
 		'auth_delete'		=> 'f_delete',
55  phpBB/install/database_update.php
@@ -881,6 +881,48 @@ function _add_permission(auth_admin $auth_admin, phpbb_db_driver $db, $permissio
881 881
 	return true;
882 882
 }
883 883
 
  884
+/**
  885
+* Remove the specified permissions
  886
+*
  887
+* @param phpbb_auth $auth Auth object
  888
+* @param phpbb_db_driver $db Database object
  889
+* @param phpbb_cache_service $cache Cache object
  890
+* @param array $permissions Permission names (e.g. u_sendpm)
  891
+* @param bool $errored Whether an SQL error has occured (used by _sql())
  892
+* @param array $error_ary Array of SQL errors (used by _sql())
  893
+* @return null
  894
+*/
  895
+function _remove_permissions(phpbb_auth $auth, phpbb_db_driver $db, phpbb_cache_service $cache, array $permissions, &$errored, &$error_ary)
  896
+{
  897
+	// Remove unnecessary permissions
  898
+	$sql = 'SELECT auth_option_id 
  899
+		FROM ' . ACL_OPTIONS_TABLE. '
  900
+		WHERE ' . $db->sql_in_set('auth_option', $permissions);
  901
+	$result = $db->sql_query($sql);
  902
+	$option_ids = array();
  903
+	while ($row = $db->sql_fetchrow($result))
  904
+	{
  905
+		$option_ids[] = (int) $row['auth_option_id'];
  906
+	}
  907
+
  908
+	// If we cannot find the options, they must have already been deleted
  909
+	// so we stop here
  910
+	if (empty($option_ids))
  911
+	{
  912
+		return;
  913
+	}
  914
+
  915
+	foreach (array(ACL_GROUPS_TABLE, ACL_ROLES_DATA_TABLE, ACL_USERS_TABLE, ACL_OPTIONS_TABLE) as $table)
  916
+	{
  917
+		_sql("DELETE FROM $table
  918
+			WHERE " . $db->sql_in_set('auth_option_id', $option_ids), $errored, $error_ary);
  919
+	}
  920
+
  921
+	$db->sql_freeresult($result);
  922
+	$cache->destroy('_acl_options');
  923
+	$auth->acl_clear_prefetch();
  924
+}
  925
+
884 926
 /****************************************************************************
885 927
 * ADD YOUR DATABASE SCHEMA CHANGES HERE										*
886 928
 *****************************************************************************/
@@ -1210,7 +1252,7 @@ function database_update_info()
1210 1252
 *****************************************************************************/
1211 1253
 function change_database_data(&$no_updates, $version)
1212 1254
 {
1213  
-	global $db, $errored, $error_ary, $config, $phpbb_root_path, $phpEx, $db_tools;
  1255
+	global $db, $errored, $error_ary, $config, $phpbb_root_path, $phpEx, $db_tools, $cache, $auth;
1214 1256
 
1215 1257
 	$update_helpers = new phpbb_update_helpers();
1216 1258
 
@@ -2933,6 +2975,17 @@ function change_database_data(&$no_updates, $version)
2933 2975
 
2934 2976
 			$no_updates = false;
2935 2977
 
  2978
+			_remove_permissions($auth, $db, $cache, array(
  2979
+				'u_pm_delete',
  2980
+				'u_pm_printpm',
  2981
+				'f_print',
  2982
+				'f_subscribe',
  2983
+				'u_pm_emailpm',
  2984
+				'u_pm_forward',
  2985
+				'u_pm_download',
  2986
+				'u_savedrafts',
  2987
+				'a_jabber',
  2988
+			), $errored, $error_ary);
2936 2989
 		break;
2937 2990
 	}
2938 2991
 }
21  phpBB/install/schemas/schema_data.sql
@@ -304,7 +304,6 @@ INSERT INTO phpbb_acl_options (auth_option, is_local) VALUES ('f_noapprove', 1);
304 304
 INSERT INTO phpbb_acl_options (auth_option, is_local) VALUES ('f_poll', 1);
305 305
 INSERT INTO phpbb_acl_options (auth_option, is_local) VALUES ('f_post', 1);
306 306
 INSERT INTO phpbb_acl_options (auth_option, is_local) VALUES ('f_postcount', 1);
307  
-INSERT INTO phpbb_acl_options (auth_option, is_local) VALUES ('f_print', 1);
308 307
 INSERT INTO phpbb_acl_options (auth_option, is_local) VALUES ('f_read', 1);
309 308
 INSERT INTO phpbb_acl_options (auth_option, is_local) VALUES ('f_reply', 1);
310 309
 INSERT INTO phpbb_acl_options (auth_option, is_local) VALUES ('f_report', 1);
@@ -312,7 +311,6 @@ INSERT INTO phpbb_acl_options (auth_option, is_local) VALUES ('f_search', 1);
312 311
 INSERT INTO phpbb_acl_options (auth_option, is_local) VALUES ('f_sigs', 1);
313 312
 INSERT INTO phpbb_acl_options (auth_option, is_local) VALUES ('f_smilies', 1);
314 313
 INSERT INTO phpbb_acl_options (auth_option, is_local) VALUES ('f_sticky', 1);
315  
-INSERT INTO phpbb_acl_options (auth_option, is_local) VALUES ('f_subscribe', 1);
316 314
 INSERT INTO phpbb_acl_options (auth_option, is_local) VALUES ('f_user_lock', 1);
317 315
 INSERT INTO phpbb_acl_options (auth_option, is_local) VALUES ('f_vote', 1);
318 316
 INSERT INTO phpbb_acl_options (auth_option, is_local) VALUES ('f_votechg', 1);
@@ -356,7 +354,6 @@ INSERT INTO phpbb_acl_options (auth_option, is_global) VALUES ('a_group', 1);
356 354
 INSERT INTO phpbb_acl_options (auth_option, is_global) VALUES ('a_groupadd', 1);
357 355
 INSERT INTO phpbb_acl_options (auth_option, is_global) VALUES ('a_groupdel', 1);
358 356
 INSERT INTO phpbb_acl_options (auth_option, is_global) VALUES ('a_icons', 1);
359  
-INSERT INTO phpbb_acl_options (auth_option, is_global) VALUES ('a_jabber', 1);
360 357
 INSERT INTO phpbb_acl_options (auth_option, is_global) VALUES ('a_language', 1);
361 358
 INSERT INTO phpbb_acl_options (auth_option, is_global) VALUES ('a_mauth', 1);
362 359
 INSERT INTO phpbb_acl_options (auth_option, is_global) VALUES ('a_modules', 1);
@@ -395,17 +392,11 @@ INSERT INTO phpbb_acl_options (auth_option, is_global) VALUES ('u_masspm', 1);
395 392
 INSERT INTO phpbb_acl_options (auth_option, is_global) VALUES ('u_masspm_group', 1);
396 393
 INSERT INTO phpbb_acl_options (auth_option, is_global) VALUES ('u_pm_attach', 1);
397 394
 INSERT INTO phpbb_acl_options (auth_option, is_global) VALUES ('u_pm_bbcode', 1);
398  
-INSERT INTO phpbb_acl_options (auth_option, is_global) VALUES ('u_pm_delete', 1);
399  
-INSERT INTO phpbb_acl_options (auth_option, is_global) VALUES ('u_pm_download', 1);
400 395
 INSERT INTO phpbb_acl_options (auth_option, is_global) VALUES ('u_pm_edit', 1);
401  
-INSERT INTO phpbb_acl_options (auth_option, is_global) VALUES ('u_pm_emailpm', 1);
402 396
 INSERT INTO phpbb_acl_options (auth_option, is_global) VALUES ('u_pm_flash', 1);
403  
-INSERT INTO phpbb_acl_options (auth_option, is_global) VALUES ('u_pm_forward', 1);
404 397
 INSERT INTO phpbb_acl_options (auth_option, is_global) VALUES ('u_pm_img', 1);
405  
-INSERT INTO phpbb_acl_options (auth_option, is_global) VALUES ('u_pm_printpm', 1);
406 398
 INSERT INTO phpbb_acl_options (auth_option, is_global) VALUES ('u_pm_smilies', 1);
407 399
 INSERT INTO phpbb_acl_options (auth_option, is_global) VALUES ('u_readpm', 1);
408  
-INSERT INTO phpbb_acl_options (auth_option, is_global) VALUES ('u_savedrafts', 1);
409 400
 INSERT INTO phpbb_acl_options (auth_option, is_global) VALUES ('u_search', 1);
410 401
 INSERT INTO phpbb_acl_options (auth_option, is_global) VALUES ('u_sendemail', 1);
411 402
 INSERT INTO phpbb_acl_options (auth_option, is_global) VALUES ('u_sendim', 1);
@@ -480,7 +471,7 @@ INSERT INTO phpbb_ranks (rank_title, rank_min, rank_special, rank_image) VALUES
480 471
 # -- Roles data
481 472
 
482 473
 # Standard Admin (a_)
483  
-INSERT INTO phpbb_acl_roles_data (role_id, auth_option_id, auth_setting) SELECT 1, auth_option_id, 1 FROM phpbb_acl_options WHERE auth_option LIKE 'a_%' AND auth_option NOT IN ('a_switchperm', 'a_jabber', 'a_phpinfo', 'a_server', 'a_backup', 'a_styles', 'a_clearlogs', 'a_modules', 'a_language', 'a_email', 'a_bots', 'a_search', 'a_aauth', 'a_roles');
  474
+INSERT INTO phpbb_acl_roles_data (role_id, auth_option_id, auth_setting) SELECT 1, auth_option_id, 1 FROM phpbb_acl_options WHERE auth_option LIKE 'a_%' AND auth_option NOT IN ('a_switchperm', 'a_phpinfo', 'a_server', 'a_backup', 'a_styles', 'a_clearlogs', 'a_modules', 'a_language', 'a_email', 'a_bots', 'a_search', 'a_aauth', 'a_roles');
484 475
 
485 476
 # Forum admin (a_)
486 477
 INSERT INTO phpbb_acl_roles_data (role_id, auth_option_id, auth_setting) SELECT 2, auth_option_id, 1 FROM phpbb_acl_options WHERE auth_option LIKE 'a_%' AND auth_option IN ('a_', 'a_authgroups', 'a_authusers', 'a_fauth', 'a_forum', 'a_forumadd', 'a_forumdel', 'a_mauth', 'a_prune', 'a_uauth', 'a_viewauth', 'a_viewlogs');
@@ -495,17 +486,17 @@ INSERT INTO phpbb_acl_roles_data (role_id, auth_option_id, auth_setting) SELECT
495 486
 INSERT INTO phpbb_acl_roles_data (role_id, auth_option_id, auth_setting) SELECT 5, auth_option_id, 1 FROM phpbb_acl_options WHERE auth_option LIKE 'u_%';
496 487
 
497 488
 # Standard Features (u_)
498  
-INSERT INTO phpbb_acl_roles_data (role_id, auth_option_id, auth_setting) SELECT 6, auth_option_id, 1 FROM phpbb_acl_options WHERE auth_option LIKE 'u_%' AND auth_option NOT IN ('u_viewonline', 'u_chggrp', 'u_chgname', 'u_ignoreflood', 'u_pm_flash', 'u_pm_forward');
  489
+INSERT INTO phpbb_acl_roles_data (role_id, auth_option_id, auth_setting) SELECT 6, auth_option_id, 1 FROM phpbb_acl_options WHERE auth_option LIKE 'u_%' AND auth_option NOT IN ('u_viewonline', 'u_chggrp', 'u_chgname', 'u_ignoreflood', 'u_pm_flash');
499 490
 
500 491
 # Limited Features (u_)
501  
-INSERT INTO phpbb_acl_roles_data (role_id, auth_option_id, auth_setting) SELECT 7, auth_option_id, 1 FROM phpbb_acl_options WHERE auth_option LIKE 'u_%' AND auth_option NOT IN ('u_attach', 'u_viewonline', 'u_chggrp', 'u_chgname', 'u_ignoreflood', 'u_pm_attach', 'u_pm_emailpm', 'u_pm_flash', 'u_savedrafts', 'u_search', 'u_sendemail', 'u_sendim', 'u_masspm', 'u_masspm_group');
  492
+INSERT INTO phpbb_acl_roles_data (role_id, auth_option_id, auth_setting) SELECT 7, auth_option_id, 1 FROM phpbb_acl_options WHERE auth_option LIKE 'u_%' AND auth_option NOT IN ('u_attach', 'u_viewonline', 'u_chggrp', 'u_chgname', 'u_ignoreflood', 'u_pm_attach', 'u_pm_flash', 'u_search', 'u_sendemail', 'u_sendim', 'u_masspm', 'u_masspm_group');
502 493
 
503 494
 # No Private Messages (u_)
504 495
 INSERT INTO phpbb_acl_roles_data (role_id, auth_option_id, auth_setting) SELECT 8, auth_option_id, 1 FROM phpbb_acl_options WHERE auth_option LIKE 'u_%' AND auth_option IN ('u_', 'u_chgavatar', 'u_chgcensors', 'u_chgemail', 'u_chgpasswd', 'u_download', 'u_hideonline', 'u_sig', 'u_viewprofile');
505 496
 INSERT INTO phpbb_acl_roles_data (role_id, auth_option_id, auth_setting) SELECT 8, auth_option_id, 0 FROM phpbb_acl_options WHERE auth_option LIKE 'u_%' AND auth_option IN ('u_readpm', 'u_sendpm', 'u_masspm', 'u_masspm_group');
506 497
 
507 498
 # No Avatar (u_)
508  
-INSERT INTO phpbb_acl_roles_data (role_id, auth_option_id, auth_setting) SELECT 9, auth_option_id, 1 FROM phpbb_acl_options WHERE auth_option LIKE 'u_%' AND auth_option NOT IN ('u_attach', 'u_chgavatar', 'u_viewonline', 'u_chggrp', 'u_chgname', 'u_ignoreflood', 'u_pm_attach', 'u_pm_emailpm', 'u_pm_flash', 'u_savedrafts', 'u_search', 'u_sendemail', 'u_sendim', 'u_masspm', 'u_masspm_group');
  499
+INSERT INTO phpbb_acl_roles_data (role_id, auth_option_id, auth_setting) SELECT 9, auth_option_id, 1 FROM phpbb_acl_options WHERE auth_option LIKE 'u_%' AND auth_option NOT IN ('u_attach', 'u_chgavatar', 'u_viewonline', 'u_chggrp', 'u_chgname', 'u_ignoreflood', 'u_pm_attach', 'u_pm_flash', 'u_search', 'u_sendemail', 'u_sendim', 'u_masspm', 'u_masspm_group');
509 500
 INSERT INTO phpbb_acl_roles_data (role_id, auth_option_id, auth_setting) SELECT 9, auth_option_id, 0 FROM phpbb_acl_options WHERE auth_option LIKE 'u_%' AND auth_option IN ('u_chgavatar');
510 501
 
511 502
 # Full Moderator (m_)
@@ -530,13 +521,13 @@ INSERT INTO phpbb_acl_roles_data (role_id, auth_option_id, auth_setting) SELECT
530 521
 INSERT INTO phpbb_acl_roles_data (role_id, auth_option_id, auth_setting) SELECT 16, auth_option_id, 0 FROM phpbb_acl_options WHERE auth_option = 'f_';
531 522
 
532 523
 # Read Only Access (f_)
533  
-INSERT INTO phpbb_acl_roles_data (role_id, auth_option_id, auth_setting) SELECT 17, auth_option_id, 1 FROM phpbb_acl_options WHERE auth_option LIKE 'f_%' AND auth_option IN ('f_', 'f_download', 'f_list', 'f_read', 'f_search', 'f_subscribe', 'f_print');
  524
+INSERT INTO phpbb_acl_roles_data (role_id, auth_option_id, auth_setting) SELECT 17, auth_option_id, 1 FROM phpbb_acl_options WHERE auth_option LIKE 'f_%' AND auth_option IN ('f_', 'f_download', 'f_list', 'f_read', 'f_search');
534 525
 
535 526
 # Limited Access (f_)
536 527
 INSERT INTO phpbb_acl_roles_data (role_id, auth_option_id, auth_setting) SELECT 18, auth_option_id, 1 FROM phpbb_acl_options WHERE auth_option LIKE 'f_%' AND auth_option NOT IN ('f_announce', 'f_attach', 'f_bump', 'f_delete', 'f_flash', 'f_icons', 'f_ignoreflood', 'f_poll', 'f_sticky', 'f_user_lock', 'f_votechg');
537 528
 
538 529
 # Bot Access (f_)
539  
-INSERT INTO phpbb_acl_roles_data (role_id, auth_option_id, auth_setting) SELECT 19, auth_option_id, 1 FROM phpbb_acl_options WHERE auth_option LIKE 'f_%' AND auth_option IN ('f_', 'f_download', 'f_list', 'f_read', 'f_print');
  530
+INSERT INTO phpbb_acl_roles_data (role_id, auth_option_id, auth_setting) SELECT 19, auth_option_id, 1 FROM phpbb_acl_options WHERE auth_option LIKE 'f_%' AND auth_option IN ('f_', 'f_download', 'f_list', 'f_read');
540 531
 
541 532
 # On Moderation Queue (f_)
542 533
 INSERT INTO phpbb_acl_roles_data (role_id, auth_option_id, auth_setting) SELECT 20, auth_option_id, 1 FROM phpbb_acl_options WHERE auth_option LIKE 'f_%' AND auth_option NOT IN ('f_announce', 'f_bump', 'f_delete', 'f_flash', 'f_icons', 'f_ignoreflood', 'f_poll', 'f_sticky', 'f_user_lock', 'f_votechg', 'f_noapprove');
9  phpBB/language/en/acp/permissions_phpbb.php
@@ -106,7 +106,6 @@
106 106
 
107 107
 	'acl_u_attach'		=> array('lang' => 'Can attach files', 'cat' => 'post'),
108 108
 	'acl_u_download'	=> array('lang' => 'Can download files', 'cat' => 'post'),
109  
-	'acl_u_savedrafts'	=> array('lang' => 'Can save drafts', 'cat' => 'post'),
110 109
 	'acl_u_chgcensors'	=> array('lang' => 'Can disable word censors', 'cat' => 'post'),
111 110
 	'acl_u_sig'			=> array('lang' => 'Can use signature', 'cat' => 'post'),
112 111
 
@@ -115,12 +114,7 @@
115 114
 	'acl_u_masspm_group'=> array('lang' => 'Can send messages to groups', 'cat' => 'pm'),
116 115
 	'acl_u_readpm'		=> array('lang' => 'Can read private messages', 'cat' => 'pm'),
117 116
 	'acl_u_pm_edit'		=> array('lang' => 'Can edit own private messages', 'cat' => 'pm'),
118  
-	'acl_u_pm_delete'	=> array('lang' => 'Can remove private messages from own folder', 'cat' => 'pm'),
119  
-	'acl_u_pm_forward'	=> array('lang' => 'Can forward private messages', 'cat' => 'pm'),
120  
-	'acl_u_pm_emailpm'	=> array('lang' => 'Can email private messages', 'cat' => 'pm'),
121  
-	'acl_u_pm_printpm'	=> array('lang' => 'Can print private messages', 'cat' => 'pm'),
122 117
 	'acl_u_pm_attach'	=> array('lang' => 'Can attach files in private messages', 'cat' => 'pm'),
123  
-	'acl_u_pm_download'	=> array('lang' => 'Can download files in private messages', 'cat' => 'pm'),
124 118
 	'acl_u_pm_bbcode'	=> array('lang' => 'Can use BBCode in private messages', 'cat' => 'pm'),
125 119
 	'acl_u_pm_smilies'	=> array('lang' => 'Can use smilies in private messages', 'cat' => 'pm'),
126 120
 	'acl_u_pm_img'		=> array('lang' => 'Can use [img] BBCode tag in private messages', 'cat' => 'pm'),
@@ -139,8 +133,6 @@
139 133
 	'acl_f_list'		=> array('lang' => 'Can see forum', 'cat' => 'actions'),
140 134
 	'acl_f_read'		=> array('lang' => 'Can read forum', 'cat' => 'actions'),	
141 135
 	'acl_f_search'		=> array('lang' => 'Can search the forum', 'cat' => 'actions'),
142  
-	'acl_f_subscribe'	=> array('lang' => 'Can subscribe forum', 'cat' => 'actions'),
143  
-	'acl_f_print'		=> array('lang' => 'Can print topics', 'cat' => 'actions'),	
144 136
 	'acl_f_email'		=> array('lang' => 'Can email topics', 'cat' => 'actions'),	
145 137
 	'acl_f_bump'		=> array('lang' => 'Can bump topics', 'cat' => 'actions'),
146 138
 	'acl_f_user_lock'	=> array('lang' => 'Can lock own topics', 'cat' => 'actions'),
@@ -192,7 +184,6 @@
192 184
 $lang = array_merge($lang, array(
193 185
 	'acl_a_board'		=> array('lang' => 'Can alter board settings/check for updates', 'cat' => 'settings'),
194 186
 	'acl_a_server'		=> array('lang' => 'Can alter server/communication settings', 'cat' => 'settings'),
195  
-	'acl_a_jabber'		=> array('lang' => 'Can alter Jabber settings', 'cat' => 'settings'),
196 187
 	'acl_a_phpinfo'		=> array('lang' => 'Can view php settings', 'cat' => 'settings'),
197 188
 
198 189
 	'acl_a_forum'		=> array('lang' => 'Can manage forums', 'cat' => 'forums'),
1  phpBB/language/en/ucp.php
@@ -313,7 +313,6 @@
313 313
 	'NO_AUTHOR'						=> 'No author defined for this message',
314 314
 	'NO_AVATAR_CATEGORY'			=> 'None',
315 315
 
316  
-	'NO_AUTH_DELETE_MESSAGE'		=> 'You are not authorised to delete private messages.',
317 316
 	'NO_AUTH_EDIT_MESSAGE'			=> 'You are not authorised to edit private messages.',
318 317
 	'NO_AUTH_FORWARD_MESSAGE'		=> 'You are not authorised to forward private messages.',
319 318
 	'NO_AUTH_GROUP_MESSAGE'			=> 'You are not authorised to send private messages to groups.',
10  phpBB/posting.php
@@ -481,7 +481,7 @@
481 481
 $post_data['enable_magic_url'] = $post_data['drafts'] = false;
482 482
 
483 483
 // User own some drafts?
484  
-if ($user->data['is_registered'] && $auth->acl_get('u_savedrafts') && ($mode == 'reply' || $mode == 'post' || $mode == 'quote'))
  484
+if ($user->data['is_registered'] && ($auth->acl_get('f_post', $forum_id) || $auth->acl_get('f_reply', $forum_id)) && ($mode == 'reply' || $mode == 'post' || $mode == 'quote'))
485 485
 {
486 486
 	$sql = 'SELECT draft_id
487 487
 		FROM ' . DRAFTS_TABLE . '
@@ -527,7 +527,7 @@
527 527
 $quote_status	= true;
528 528
 
529 529
 // Save Draft
530  
-if ($save && $user->data['is_registered'] && $auth->acl_get('u_savedrafts') && ($mode == 'reply' || $mode == 'post' || $mode == 'quote'))
  530
+if ($save && $user->data['is_registered'] && ($auth->acl_get('f_post', $forum_id) || $auth->acl_get('f_reply', $forum_id)) && ($mode == 'reply' || $mode == 'post' || $mode == 'quote'))
531 531
 {
532 532
 	$subject = utf8_normalize_nfc(request_var('subject', '', true));
533 533
 	$subject = (!$subject && $mode != 'post') ? $post_data['topic_title'] : $subject;
@@ -630,7 +630,7 @@
630 630
 }
631 631
 
632 632
 // Load requested Draft
633  
-if ($draft_id && ($mode == 'reply' || $mode == 'quote' || $mode == 'post') && $user->data['is_registered'] && $auth->acl_get('u_savedrafts'))
  633
+if ($draft_id && ($mode == 'reply' || $mode == 'quote' || $mode == 'post') && $user->data['is_registered'] && ($auth->acl_get('f_post', $forum_id) || $auth->acl_get('f_reply', $forum_id)))
634 634
 {
635 635
 	$sql = 'SELECT draft_subject, draft_message
636 636
 		FROM ' . DRAFTS_TABLE . "
@@ -1439,8 +1439,8 @@
1439 1439
 	'S_LINKS_ALLOWED'			=> $url_status,
1440 1440
 	'S_MAGIC_URL_CHECKED'		=> ($urls_checked) ? ' checked="checked"' : '',
1441 1441
 	'S_TYPE_TOGGLE'				=> $topic_type_toggle,
1442  
-	'S_SAVE_ALLOWED'			=> ($auth->acl_get('u_savedrafts') && $user->data['is_registered'] && $mode != 'edit') ? true : false,
1443  
-	'S_HAS_DRAFTS'				=> ($auth->acl_get('u_savedrafts') && $user->data['is_registered'] && $post_data['drafts']) ? true : false,
  1442
+	'S_SAVE_ALLOWED'			=> (($auth->acl_get('f_post', $forum_id) || $auth->acl_get('f_reply', $forum_id)) && $user->data['is_registered'] && $mode != 'edit') ? true : false,
  1443
+	'S_HAS_DRAFTS'				=> (($auth->acl_get('f_post', $forum_id) || $auth->acl_get('f_reply', $forum_id)) && $user->data['is_registered'] && $post_data['drafts']) ? true : false,
1444 1444
 	'S_FORM_ENCTYPE'			=> $form_enctype,
1445 1445
 
1446 1446
 	'S_BBCODE_IMG'			=> $img_status,
2  phpBB/viewforum.php
@@ -214,7 +214,7 @@
214 214
 	'is_watching'	=> false,
215 215
 );
216 216
 
217  
-if (($config['email_enable'] || $config['jab_enable']) && $config['allow_forum_notify'] && $forum_data['forum_type'] == FORUM_POST && ($auth->acl_get('f_subscribe', $forum_id) || $user->data['user_id'] == ANONYMOUS))
  217
+if (($config['email_enable'] || $config['jab_enable']) && $config['allow_forum_notify'] && $forum_data['forum_type'] == FORUM_POST)
218 218
 {
219 219
 	$notify_status = (isset($forum_data['notify_status'])) ? $forum_data['notify_status'] : NULL;
220 220
 	watch_topic_forum('forum', $s_watching_forum, $user->data['user_id'], $forum_id, 0, $notify_status, $start, $forum_data['forum_name']);
4  phpBB/viewtopic.php
@@ -461,7 +461,7 @@
461 461
 	watch_topic_forum('topic', $s_watching_topic, $user->data['user_id'], $forum_id, $topic_id, $notify_status, $start, $topic_data['topic_title']);
462 462
 
463 463
 	// Reset forum notification if forum notify is set
464  
-	if ($config['allow_forum_notify'] && $auth->acl_get('f_subscribe', $forum_id))
  464
+	if ($config['allow_forum_notify'])
465 465
 	{
466 466
 		$s_watching_forum = $s_watching_topic;
467 467
 		watch_topic_forum('forum', $s_watching_forum, $user->data['user_id'], $forum_id, 0);
@@ -648,7 +648,7 @@
648 648
 	'U_VIEW_FORUM' 			=> append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $forum_id),
649 649
 	'U_VIEW_OLDER_TOPIC'	=> append_sid("{$phpbb_root_path}viewtopic.$phpEx", "f=$forum_id&t=$topic_id&view=previous"),
650 650
 	'U_VIEW_NEWER_TOPIC'	=> append_sid("{$phpbb_root_path}viewtopic.$phpEx", "f=$forum_id&t=$topic_id&view=next"),
651  
-	'U_PRINT_TOPIC'			=> ($auth->acl_get('f_print', $forum_id)) ? $viewtopic_url . '&view=print' : '',
  651
+	'U_PRINT_TOPIC'			=> $viewtopic_url . '&view=print',
652 652
 	'U_EMAIL_TOPIC'			=> ($auth->acl_get('f_email', $forum_id) && $config['email_enable']) ? append_sid("{$phpbb_root_path}memberlist.$phpEx", "mode=email&t=$topic_id") : '',
653 653
 
654 654
 	'U_WATCH_TOPIC'			=> $s_watching_topic['link'],
Commit_comment_tip

Tip: You can add notes to lines in a file. Hover to the left of a line to make a note

Something went wrong with that request. Please try again.