1 | <?php |
||
2 | /* |
||
3 | * You may not change or alter any portion of this comment or credits |
||
4 | * of supporting developers from this source code or any supporting source code |
||
5 | * which is considered copyrighted (c) material of the original comment or credit authors. |
||
6 | * |
||
7 | * This program is distributed in the hope that it will be useful, |
||
8 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
||
9 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
||
10 | */ |
||
11 | |||
12 | /** |
||
13 | * @copyright XOOPS Project https://xoops.org/ |
||
14 | * @license GNU GPL 2.0 or later (https://www.gnu.org/licenses/gpl-2.0.html) |
||
15 | * @package |
||
16 | * @since |
||
17 | * @author XOOPS Development Team, Kazumi Ono (AKA onokazu) |
||
18 | */ |
||
19 | /** @var XoopsUser $xoopsUser */ |
||
20 | include_once dirname(dirname(dirname(__DIR__))) . '/include/cp_header.php'; |
||
21 | $modid = isset($_POST['modid']) ? (int)$_POST['modid'] : 0; |
||
22 | |||
23 | // we don't want system module permissions to be changed here |
||
24 | if ($modid <= 1 || !is_object($xoopsUser) || !$xoopsUser->isAdmin($modid)) { |
||
25 | redirect_header(XOOPS_URL . '/index.php', 1, _NOPERM); |
||
26 | } |
||
27 | /** @var XoopsModuleHandler $module_handler */ |
||
28 | $module_handler = xoops_getHandler('module'); |
||
29 | /** @var \XoopsModule $module */ |
||
30 | $module = $module_handler->get($modid); |
||
31 | if (!is_object($module) || !$module->getVar('isactive')) { |
||
32 | redirect_header(XOOPS_URL . '/admin.php', 1, _MODULENOEXIST); |
||
33 | } |
||
34 | |||
35 | $msg = array(); |
||
36 | |||
37 | /** @var XoopsMemberHandler $member_handler */ |
||
38 | $member_handler = xoops_getHandler('member'); |
||
39 | $group_list = $member_handler->getGroupList(); |
||
40 | |||
41 | if (is_array($_POST['perms']) && !empty($_POST['perms'])) { |
||
42 | /** @var XoopsGroupPermHandler $gperm_handler */ |
||
43 | $gperm_handler = xoops_getHandler('groupperm'); |
||
44 | foreach ($_POST['perms'] as $perm_name => $perm_data) { |
||
45 | if ($GLOBALS['xoopsSecurity']->check(true, false, $perm_name) && false !== $gperm_handler->deleteByModule($modid, $perm_name)) { |
||
46 | foreach ($perm_data['groups'] as $group_id => $item_ids) { |
||
47 | foreach ($item_ids as $item_id => $selected) { |
||
48 | if ($selected == 1) { |
||
49 | // make sure that all parent ids are selected as well |
||
50 | if ($perm_data['parents'][$item_id] !== '') { |
||
51 | $parent_ids = explode(':', $perm_data['parents'][$item_id]); |
||
52 | foreach ($parent_ids as $pid) { |
||
53 | // if ($pid != 0 && !in_array($pid, array_keys($item_ids))) { |
||
54 | if ($pid != 0 && !array_key_exists($pid, $item_ids)) { |
||
55 | // one of the parent items were not selected, so skip this item |
||
56 | $msg[] = sprintf(_MD_AM_PERMADDNG, '<strong>' . $perm_name . '</strong>', '<strong>' . $perm_data['itemname'][$item_id] . '</strong>', '<strong>' . $group_list[$group_id] . '</strong>') . ' (' . _MD_AM_PERMADDNGP . ')'; |
||
57 | continue 2; |
||
58 | } |
||
59 | } |
||
60 | } |
||
61 | /** @var XoopsGroupPerm $gperm */ |
||
62 | $gperm = $gperm_handler->create(); |
||
63 | $gperm->setVar('gperm_groupid', $group_id); |
||
64 | $gperm->setVar('gperm_name', $perm_name); |
||
65 | $gperm->setVar('gperm_modid', $modid); |
||
66 | $gperm->setVar('gperm_itemid', $item_id); |
||
67 | if (!$gperm_handler->insert($gperm)) { |
||
68 | $msg[] = sprintf(_MD_AM_PERMADDNG, '<strong>' . $perm_name . '</strong>', '<strong>' . $perm_data['itemname'][$item_id] . '</strong>', '<strong>' . $group_list[$group_id] . '</strong>'); |
||
69 | } else { |
||
70 | $msg[] = sprintf(_MD_AM_PERMADDOK, '<strong>' . $perm_name . '</strong>', '<strong>' . $perm_data['itemname'][$item_id] . '</strong>', '<strong>' . $group_list[$group_id] . '</strong>'); |
||
71 | } |
||
72 | unset($gperm); |
||
73 | } |
||
74 | } |
||
75 | } |
||
76 | } else { |
||
77 | $msg[] = sprintf(_MD_AM_PERMRESETNG, $module->getVar('name') . '(' . $perm_name . ')'); |
||
78 | } |
||
79 | } |
||
80 | } |
||
81 | |||
82 | $backlink = xoops_getenv('HTTP_REFERER'); |
||
83 | if ($module->getVar('hasadmin')) { |
||
84 | $adminindex = isset($_POST['redirect_url']) ? $_POST['redirect_url'] : $module->getInfo('adminindex'); |
||
85 | if ($adminindex) { |
||
86 | $backlink = XOOPS_URL . '/modules/' . $module->getVar('dirname') . '/' . $adminindex; |
||
0 ignored issues
–
show
Bug
introduced
by
![]() |
|||
87 | } |
||
88 | } |
||
89 | $backlink = $backlink ?: XOOPS_URL . '/admin.php'; |
||
90 | |||
91 | redirect_header($backlink, 2, implode('<br>', $msg)); |
||
92 |