From bdc2a4a3fa2c72ce0fcecc18260b070ee1624fb2 Mon Sep 17 00:00:00 2001 From: David Anderson Date: Sat, 3 Aug 2024 00:24:22 -0700 Subject: [PATCH] web: fix user permissions admin - only admins (which actually includes ADMIN, DEV, and SCIENTIST) can administer user permissions (not, e.g. moderators) - Add a link to the user-permissions admin page on the home page of admins (there were previously no links to it) - modernize the code of the admin page; replace _mysql_query() stuff --- html/inc/db.inc | 8 ++-- html/inc/user.inc | 4 ++ html/user/user_permissions.php | 88 ++++++++++++++++------------------ 3 files changed, 47 insertions(+), 53 deletions(-) diff --git a/html/inc/db.inc b/html/inc/db.inc index 0238e80475..aec1d50c35 100644 --- a/html/inc/db.inc +++ b/html/inc/db.inc @@ -18,11 +18,9 @@ require_once("../inc/util_basic.inc"); -// database-related functions. -// Presentation code (HTML) shouldn't be here - -// DEPRECATED; use boinc_db.inc instead. -// TODO: replace calls to these functions +// functions for doing arbitrary SQL queries, including joins. +// When possible, use the classes in boinc_db.inc instead. +// Lots of old code uses these functions, e.g. in ops/ // use mysqli if available, // but let projects not use it if they want diff --git a/html/inc/user.inc b/html/inc/user.inc index e3f5a41224..94042204fb 100644 --- a/html/inc/user.inc +++ b/html/inc/user.inc @@ -495,6 +495,10 @@ function show_community_private($user) { } else { row2(tra("Friends"), '---'); } + + if (is_admin($user)) { + row2('Special users', 'Manage'); + } } // show summary of dynamic and static info (public) diff --git a/html/user/user_permissions.php b/html/user/user_permissions.php index cd3e9fa404..b86bb60eba 100644 --- a/html/user/user_permissions.php +++ b/html/user/user_permissions.php @@ -25,88 +25,80 @@ function user_permissions_form() { page_head('Manage user privileges'); start_table('table-striped'); - row1("Current special users", 99); - echo "User"; + $x = ['User']; for ($i=0; $i" . $special_user_bitfield[$i] . "\n"; + $x[] = $special_user_bitfield[$i]; } - echo " "; + $x[] = ''; + row_heading_array($x); - $result = _mysql_query( - "SELECT prefs.userid, prefs.special_user, user.id, user.name - FROM forum_preferences as prefs, user - WHERE CONVERT(special_user, DECIMAL) > 0 and prefs.userid=user.id" - ); - while ($foo = _mysql_fetch_object($result)) { - echo " - $foo->name ($foo->id) -
- userid\"> - "; + $prefs = BoincForumPrefs::enum('CONVERT(special_user, DECIMAL) > 0'); + foreach ($prefs as $pref) { + $user = BoincUser::lookup_id($pref->userid); + echo ''; + echo sprintf( + '', + $pref->userid + ); + $x = ["$user->name ($user->id)"]; for ($j=0; $jspecial_user, $j, 1); + $bit = substr($pref->special_user, $j, 1); $c = ($bit == 1)?"checked":""; - echo " - - - "; + $x[] = sprintf( + '', + $j, $c + ); } - echo ""; - echo "\n"; + $x[] = ''; + row_array($x); + echo "\n"; } - echo " - -
- Add User ID: - "; - + echo ''; + $x = ['Add User ID: ']; for ($j=0; $j - - - "; + $x[] = sprintf( + '', + $j + ); } - echo " - - - - - "; + $x[] = ""; + row_array($x); + echo "\n"; end_table(); - page_tail(); } -function user_permissions_action() { +function user_permissions_action($user_id) { $bitset = ''; + $user = BoincUser::lookup_id($user_id); + if (!$user) error_page('no user'); + BoincForumPrefs::lookup($user); for ($i=0; $i setting $i"; } else { $bitset .= '0'; } } - $userid = post_int("userid"); - - $query = "UPDATE forum_preferences SET special_user='$bitset' WHERE userid=$userid"; - _mysql_query($query); + $user->prefs->update("special_user='$bitset'"); Header("Location: user_permissions.php"); } $user = get_logged_in_user(); BoincForumPrefs::lookup($user); -if (!is_moderator($user, null)) { +if (!is_admin($user)) { error_page("no access"); } -if (post_int("userid", true)) { - user_permissions_action(); +$user_id = post_int("userid", true); +if ($user_id) { + user_permissions_action($user_id); } else { user_permissions_form(); }