Merge pull request #6549 from marc1706/ticket/15325

[ticket/15325] Do not show non-local permissions for local data
phpbb · May 8, 2024 · eb12d38 · eb12d38
2 parents 9aec694 + 76ab838
commit eb12d38
Show file tree

Hide file tree

Showing 4 changed files with 36 additions and 8 deletions.
diff --git a/phpBB/includes/acp/auth.php b/phpBB/includes/acp/auth.php
@@ -95,7 +95,7 @@ function get_mask($mode, $user_id = false, $group_id = false, $forum_id = false,
 			}
 			else
 			{
-				$hold_ary = ($group_id !== false) ? $this->acl_group_raw_data($group_id, $auth_option . '%', ($scope == 'global') ? 0 : false) : $this->$acl_user_function($user_id, $auth_option . '%', ($scope == 'global') ? 0 : false);
+				$hold_ary = ($group_id !== false) ? $this->acl_group_raw_data($group_id, $auth_option . '%') : $this->$acl_user_function($user_id, $auth_option . '%', ($scope == 'global') ? 0 : false);
 			}
 		}
 

diff --git a/phpBB/language/en/acp/permissions_phpbb.php b/phpBB/language/en/acp/permissions_phpbb.php
@@ -159,9 +159,9 @@
 	'ACL_M_MERGE'	=> 'Can merge topics',
 
 	'ACL_M_INFO'		=> 'Can view post details',
-	'ACL_M_WARN'		=> 'Can issue warnings<br /><em>This setting is only assigned globally. It is not forum based.</em>', // This moderator setting is only global (and not local)
-	'ACL_M_PM_REPORT'	=> 'Can close and delete reports of private messages<br /><em>This setting is only assigned globally. It is not forum based.</em>', // This moderator setting is only global (and not local)
-	'ACL_M_BAN'			=> 'Can manage bans<br /><em>This setting is only assigned globally. It is not forum based.</em>', // This moderator setting is only global (and not local)
+	'ACL_M_WARN'		=> 'Can issue warnings',
+	'ACL_M_PM_REPORT'	=> 'Can close and delete reports of private messages',
+	'ACL_M_BAN'			=> 'Can manage bans',
 ));
 
 // Admin Permissions

diff --git a/phpBB/phpbb/auth/auth.php b/phpBB/phpbb/auth/auth.php
@@ -776,6 +776,7 @@ function acl_group_raw_data($group_id = false, $opts = false, $forum_id = false)
 
 		$sql_group = ($group_id !== false) ? ((!is_array($group_id)) ? 'group_id = ' . (int) $group_id : $db->sql_in_set('group_id', array_map('intval', $group_id))) : '';
 		$sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? 'AND a.forum_id = ' . (int) $forum_id : 'AND ' . $db->sql_in_set('a.forum_id', array_map('intval', $forum_id))) : '';
+		$sql_is_local = $forum_id !== false ? 'AND ao.is_local <> 0' : '';
 
 		$sql_opts = '';
 		$hold_ary = $sql_ary = array();
@@ -787,19 +788,21 @@ function acl_group_raw_data($group_id = false, $opts = false, $forum_id = false)
 
 		// Grab group settings - non-role specific...
 		$sql_ary[] = 'SELECT a.group_id, a.forum_id, a.auth_setting, a.auth_option_id, ao.auth_option
-			FROM ' . ACL_GROUPS_TABLE . ' a, ' . ACL_OPTIONS_TABLE . ' ao
+			FROM ' . ACL_GROUPS_TABLE . ' a, ' . ACL_OPTIONS_TABLE . " ao
 			WHERE a.auth_role_id = 0
-				AND a.auth_option_id = ao.auth_option_id ' .
+				AND a.auth_option_id = ao.auth_option_id
+				$sql_is_local " .
 				(($sql_group) ? 'AND a.' . $sql_group : '') . "
 				$sql_forum
 				$sql_opts
 			ORDER BY a.forum_id, ao.auth_option";
 
 		// Now grab group settings - role specific...
 		$sql_ary[] = 'SELECT a.group_id, a.forum_id, r.auth_setting, r.auth_option_id, ao.auth_option
-			FROM ' . ACL_GROUPS_TABLE . ' a, ' . ACL_ROLES_DATA_TABLE . ' r, ' . ACL_OPTIONS_TABLE . ' ao
+			FROM ' . ACL_GROUPS_TABLE . ' a, ' . ACL_ROLES_DATA_TABLE . ' r, ' . ACL_OPTIONS_TABLE . " ao
 			WHERE a.auth_role_id = r.role_id
-				AND r.auth_option_id = ao.auth_option_id ' .
+				$sql_is_local
+				AND r.auth_option_id = ao.auth_option_id " .
 				(($sql_group) ? 'AND a.' . $sql_group : '') . "
 				$sql_forum
 				$sql_opts

diff --git a/tests/functional/acp_permissions_test.php b/tests/functional/acp_permissions_test.php
@@ -124,4 +124,29 @@ public function test_change_permission($description, $permission_type, $permissi
 		$auth->acl($user_data);
 		$this->assertEquals(0, $auth->acl_get($permission));
 	}
+
+	public function test_forum_permissions_misc()
+	{
+		// Open forum moderators permissions page
+		$crawler = self::request('GET', "adm/index.php?i=acp_permissions&icat=16&mode=setting_mod_local&sid=" . $this->sid);
+
+		// Select "Your first forum"
+		$form = $crawler->filter('#select_victim')->form(['forum_id' => [2]]);
+		$crawler = self::submit($form);
+
+		// Select "Global moderators"
+		$form = $crawler->filter('#add_groups')->form(['group_id' => [4]]);
+		$crawler = self::submit($form);
+
+		// Check that global permissions are not displayed
+		$this->add_lang('acp/permissions_phpbb');
+		$page_text = $crawler->text();
+		$this->assertNotContainsLang('ACL_M_BAN', $page_text);
+		$this->assertNotContainsLang('ACL_M_PM_REPORT', $page_text);
+		$this->assertNotContainsLang('ACL_M_WARN', $page_text);
+
+		// Check that other permissions exist
+		$this->assertContainsLang('ACL_M_EDIT', $page_text);
+		$this->assertContainsLang('ACL_M_MOVE', $page_text);
+	}
 }