TOTAL_ACCESS_FUNCTIONS) { $fn = TOTAL_ACCESS_FUNCTIONS; } // deny guests if (!$u_id) { force_login(); } // invalid groupid: default to group-search masthead if ($g <= 0) { printhtmlheader('Security'); printmasthead ('Security','masthead_group_search'); print (''); die (); } // security check $editable = $userinfo["sa"]; if ($g > 0) { $r = query ("select * from groups where groupid=" . $g . ";"); $g_info = mysql_fetch_array($r, MYSQL_ASSOC) or die ("Error accessing database for group id=" . $g); if (!$editable) { $editable = is_allowed (ACCESS_ADMIN); } } if (!$editable) { include "accessdenied.php"; } $minspecialid = 0; // 'minimum special id'; i.e. // -2 if all browsers are ok for this function // -1 if all directory members are ok for this function if ($fn == ACCESS_FORUM_NEWTOPIC) { $minspecialid = -2; } else if ($fn == ACCESS_FORUM_POST) { $minspecialid = -2; } else if ($fn == ACCESS_FORUM_VIEW) { $minspecialid = -2; } else if ($fn == ACCESS_SPAM) { $minspecialid = -1; } // ADD USERGROUP // - uses $g2 variable, set by masthead_group2_search below // - if $g2 is -1, adding "all directory members"; // - if $g2 is -2, adding "all internet browsers"; if ($g2 > 0) { // ensure no duplicates $r = query ('select groupname from groups,access where groupid=usergroupid and usergroupid=' . $g2 . ' and functiongroupid=' . $g . ' and functionid=' . $fn . ';'); if ($info = mysql_fetch_array($r, MYSQL_ASSOC)) { noteerror ('"' . crunchtext($info["groupname"]) . '" already has access to this function.'); } else if (query('insert into access set usergroupid=' . $g2 . ', functiongroupid=' . $g . ', functionid=' . $fn . ', accesslevel=1;')) { $change_report = 'Permission successfully granted.'; } else { noteerror ('Could not grant permission.'); } } else if (($g2 < 0) and ($g2 >= $minspecialid)) { $info["-1"] = "Directory members"; $info["-2"] = "Internet browsers"; $r = query ('select * from access where usergroupid=' . $g2 . ' and functiongroupid=' . $g . ' and functionid=' . $fn . ';'); if ($info = mysql_fetch_array($r, MYSQL_ASSOC)) { noteerror ('"' . crunchtext($info[$g2]) . '" already have access to this function.'); } else if (query('insert into access set usergroupid=' . $g2 . ', functiongroupid=' . $g . ', functionid=' . $fn . ', accesslevel=1;')) { $change_report = 'Permission successfully granted.'; } else { noteerror ('Could not grant permission.'); } } // DELETE PERMISSION $usergroupcount = 0; while (isset($_POST["edit_usergroup_id_" . ++$usergroupcount])) { // get information $usergroupid = $_POST["edit_usergroup_id_" . $usergroupcount]; $usergroupdelete = $_POST["edit_usergroup_delete_" . $usergroupcount]; // delete usergroup if ($usergroupdelete) { $q = 'delete from access where usergroupid=' . $usergroupid . ' and functiongroupid=' . $g . ' and functionid=' . $fn . ';'; if (query ($q)) { $change_report = 'Information updated.'; } else { noteerror ('Could not remove permission.'); } } } // ============================================================================================= // ----- BEGIN VISIBLE PAGE ----- // ============================================================================================= function masthead_permission_edit () { global $g, $BGCOLOUR_LIGHT, $BGCOLOUR_DARK; masthead_group_search('g,fn'); if ($g) { print ''; print ''; print ' Edit group | '; print 'Browse group | '; print 'Browse forums | '; print ""; } } printhtmlheader ('Security: ' . crunchtext($g_info["groupname"])); printmasthead ('Security','masthead_permission_edit'); printeditfeedback (); print '

' . crunchtext($g_info["groupname"]) . "

\n"; // select function $fnnames[ACCESS_ADMIN] = 'General Administration'; $fnnames[ACCESS_FORUM_MODERATE] = 'Forum Moderation'; $fnnames[ACCESS_FORUM_NEWTOPIC] = 'Forum Topic Creation'; $fnnames[ACCESS_FORUM_POST] = 'Forum Posting'; $fnnames[ACCESS_FORUM_VIEW] = 'Forum Viewing'; $fnnames[ACCESS_DATAENTRY] = 'Data Entry'; $fnnames[ACCESS_SPAM] = 'Spam'; print '

Selected Function: ' . $fnnames[$fn] . '

'; formstart(); print 'Change selected function: '; $_POST["g"] = $g; formhiddeninput("g"); $_POST["fn"] = $fn; formpopupinput ('fn', $fnnames); formend(); if ($fn > 0) { // add usergroup print "

Grant " . $fnnames[$fn] . " Privileges

\n"; print '' . "\n"; if ($minspecialid <= -2) { $g2 = -2; $extraurl = append_url_vars_pg ("fn,g2"); print ''; } if ($minspecialid <= -1) { $g2 = -1; $extraurl = append_url_vars_pg ("fn,g2"); print ''; } print "

'; print ''; print 'Grant to all Internet browsers.'; print '

'; print ''; print 'Grant to all directory members.'; print '

Or...

\n"; print '' . "\n"; masthead_group2_search('g,fn'); print "

\n"; // REMOVE ACCESS PRIVILEGES FORM print "

Remove " . $fnnames[$fn] . " Privileges

\n"; $usergroupcount = 0; // step 1: compile list of groups with access // check for special permissions $q = 'select * from access where functiongroupid=' . $g; $q .= ' and functionid=' . $fn; $q .= ' and usergroupid<0;'; $r = query ($q) or die ('Error accessing access table with:

' . $q); if (mysql_num_rows($r)) { while ($info = mysql_fetch_array($r, MYSQL_ASSOC)) { if ($info["usergroupid"] == -1) { $info["groupname"] = 'Directory members'; } else if ($info["usergroupid"] == -2) { $info["groupname"] = 'Internet browsers'; } $grouplist[] = $info; } } // get specific usergroups $q = 'select * from groups'; $q .= ' left join access on usergroupid=groupid'; $q .= ' where functiongroupid=' . $g; $q .= ' and functionid=' . $fn; $q .= ' order by groupname;'; $r = query ($q) or die ('Error accessing access table with:

' . $q); if (mysql_num_rows($r)) { while ($info = mysql_fetch_array($r, MYSQL_ASSOC)) { $grouplist[] = $info; } } $usergroupcount = 0; function displayusergroup ($usergroup) { global $usergroupcount; // install relevant data into POST variable $usergroupformid="edit_usergroup_id_" . ++$usergroupcount; $_POST[$usergroupformid] = $usergroup["usergroupid"]; $usergroupformdelete="edit_usergroup_delete_" . $usergroupcount; $_POST[$usergroupformdelete] = false; print ''; formhiddeninput ($usergroupformid); formcheckboxinput ($usergroupformdelete); if ($usergroup["usergroupid"] > 0) { print crunchtext($usergroup["groupname"]); } else if ($usergroup["usergroupid"] == -1) { print "Directory members"; } else if ($usergroup["usergroupid"] == -2) { print "All Internet browsers"; } print "\n"; } if (count($grouplist)) { formstart(); $_POST["g"] = $g; formhiddeninput ("g"); $_POST["fn"] = $fn; formhiddeninput ("fn"); print "\n"; while (list($key,$usergroup) = each($grouplist)) { displayusergroup($usergroup); } print "
\n

"; formend(); } else { print "No " . $fnnames[$fn] . " privileges have been granted for this group."; } } ?>

Notes:

Access privileges are granted to groups, not individuals. ACCESS_ADMIN) { ?>
Members with General Administration privileges for a group have automatic access to every function.
Members of administration groups defined on this page will be allowed to:
- edit basic group information,
- create, add or remove group members,
- create, add or remove subgroups, and
- add, edit or remove discussion forums.
Members of forum moderation groups defined on this page will be allowed to edit or delete any topic or message posted to one of this group's forums.
This permission automatically includes full forum participation privileges.
Members of groups selected on this page will be allowed to create new topics on this group's forums.
This permission automatically includes the ability to view and post messages.
Members of groups selected on this page will be allowed to post messages on existing topics on this group's forums.
This permission automatically includes the ability to view messages.
Members of groups selected on this page will be allowed to read the contents of this group's forums.
Members of groups selected on this page will be allowed to edit group information and change group membership.
Members of groups selected on this page will be allowed to send bulk emails to all members of this group.