function qa_permit_check($opt)
{
if (qa_opt($opt) == QA_PERMIT_POINTS) {
return qa_get_logged_in_points() >= qa_opt($opt . '_points');
}
return !qa_permit_value_error(qa_opt($opt), qa_get_logged_in_userid(), qa_get_logged_in_level(), qa_get_logged_in_flags());
}
/**
* Test logic of permissions function.
* User level values: QA_USER_LEVEL_* in app/users.php [BASIC..SUPER]
* Permission values: QA_PERMIT_* in app/options.php [ALL..SUPERS]
* User flag values: QA_USER_FLAGS_* in app/users.php
*/
public function test__qa_permit_value_error()
{
// set options cache to bypass database
global $qa_options_cache;
$qa_options_cache['confirm_user_emails'] = '1';
$qa_options_cache['moderate_users'] = '0';
$userFlags = QA_USER_FLAGS_EMAIL_CONFIRMED;
$blockedFlags = QA_USER_FLAGS_EMAIL_CONFIRMED | QA_USER_FLAGS_USER_BLOCKED;
// Admin trying to do Super stuff
$error = qa_permit_value_error(QA_PERMIT_SUPERS, 1, QA_USER_LEVEL_ADMIN, $userFlags);
$this->assertSame('level', $error);
// Admin trying to do Admin stuff
$error = qa_permit_value_error(QA_PERMIT_ADMINS, 1, QA_USER_LEVEL_ADMIN, $userFlags);
$this->assertSame(false, $error);
// Admin trying to do Editor stuff
$error = qa_permit_value_error(QA_PERMIT_EDITORS, 1, QA_USER_LEVEL_ADMIN, $userFlags);
$this->assertSame(false, $error);
// Expert trying to do Moderator stuff
$error = qa_permit_value_error(QA_PERMIT_MODERATORS, 1, QA_USER_LEVEL_EXPERT, $userFlags);
$this->assertSame('level', $error);
// Unconfirmed User trying to do Confirmed stuff
$error = qa_permit_value_error(QA_PERMIT_CONFIRMED, 1, QA_USER_LEVEL_BASIC, 0);
$this->assertSame('confirm', $error);
// Blocked User trying to do anything
$error = qa_permit_value_error(QA_PERMIT_ALL, 1, QA_USER_LEVEL_BASIC, $blockedFlags);
$this->assertSame('userblock', $error);
// Logged Out User trying to do User stuff
$error = qa_permit_value_error(QA_PERMIT_USERS, null, null, 0);
$this->assertSame('login', $error);
// Logged Out User trying to do Moderator stuff
$error = qa_permit_value_error(QA_PERMIT_MODERATORS, null, null, 0);
$this->assertSame('login', $error);
}
function qa_page_q_post_rules($post, $parentpost = null, $siblingposts = null, $childposts = null)
{
$rules = qa_page_q_post_rules_base($post, $parentpost, $siblingposts, $childposts);
qa_db_query_sub('CREATE TABLE IF NOT EXISTS ^postmeta (
meta_id bigint(20) unsigned NOT NULL AUTO_INCREMENT,
post_id bigint(20) unsigned NOT NULL,
meta_key varchar(255) DEFAULT \'\',
meta_value longtext,
PRIMARY KEY (meta_id),
KEY post_id (post_id),
KEY meta_key (meta_key)
) ENGINE=MyISAM DEFAULT CHARSET=utf8');
$expert = qa_db_read_one_value(qa_db_query_sub("SELECT meta_value FROM ^postmeta WHERE meta_key='is_expert_question' AND post_id=#", $post['postid']), true);
if ($expert) {
if (!qa_permit_value_error(qa_opt('expert_question_roles'), qa_get_logged_in_userid(), qa_get_logged_in_level(), qa_get_logged_in_flags())) {
$is_expert = true;
}
$users = qa_opt('expert_question_users');
$users = explode("\n", $users);
$handle = qa_get_logged_in_handle();
foreach ($users as $idx => $user) {
if ($user == $handle) {
$is_expert = true;
break;
}
if (strpos($user, '=')) {
$user = explode('=', $user);
if ($user[0] == $handle) {
$catnames = explode(',', $user[1]);
$cats = qa_db_read_all_values(qa_db_query_sub('SELECT categoryid FROM ^categories WHERE title IN ($)', $catnames));
$is_expert = $cats;
}
}
}
if (isset($is_expert) && !$rules['viewable']) {
// experts that aren't allowed to change hidden questions
if (is_array($is_expert)) {
$in_cats = qa_db_read_one_value(qa_db_query_sub("SELECT COUNT(postid) FROM ^posts WHERE categoryid IN (#) AND postid=#", $is_expert, $post['postid']), true);
if ($in_cats) {
$rules['viewable'] = true;
}
} else {
$rules['viewable'] = true;
}
}
$rules['reshowable'] = false;
$rules['answerbutton'] = true;
$rules['commentbutton'] = true;
$rules['commentable'] = true;
}
return $rules;
}
function is_expert_user()
{
if (!qa_permit_value_error(qa_opt('expert_question_roles'), qa_get_logged_in_userid(), qa_get_logged_in_level(), qa_get_logged_in_flags())) {
return true;
}
$users = qa_opt('expert_question_users');
$users = explode("\n", $users);
$handle = qa_get_logged_in_handle();
foreach ($users as $idx => $user) {
if ($user == $handle) {
return true;
}
if (strpos($user, '=')) {
$user = explode('=', $user);
if ($user[0] == $handle) {
$catnames = explode(',', $user[1]);
$cats = qa_db_read_all_values(qa_db_query_sub('SELECT categoryid FROM ^categories WHERE title IN ($)', $catnames));
return $cats;
}
}
}
return false;
}
function qa_permit_error($permitoption, $userid, $userlevel, $userflags, $userpoints = null)
{
if (qa_to_override(__FUNCTION__)) {
$args = func_get_args();
return qa_call_override(__FUNCTION__, $args);
}
$permit = isset($permitoption) ? qa_opt($permitoption) : QA_PERMIT_ALL;
if (isset($userid) && ($permit == QA_PERMIT_POINTS || $permit == QA_PERMIT_POINTS_CONFIRMED || $permit == QA_PERMIT_APPROVED_POINTS)) {
// deal with points threshold by converting as appropriate
if (!isset($userpoints) && $userid == qa_get_logged_in_userid()) {
$userpoints = qa_get_logged_in_points();
}
// allow late retrieval of points (to avoid unnecessary DB query when using external users)
if ($userpoints >= qa_opt($permitoption . '_points')) {
$permit = $permit == QA_PERMIT_APPROVED_POINTS ? QA_PERMIT_APPROVED : ($permit == QA_PERMIT_POINTS_CONFIRMED ? QA_PERMIT_CONFIRMED : QA_PERMIT_USERS);
} else {
$permit = QA_PERMIT_EXPERTS;
}
// otherwise show a generic message so they're not tempted to collect points just for this
}
return qa_permit_value_error($permit, $userid, $userlevel, $userflags);
}
$slugs = array_slice($requestparts, 1);
} elseif (strlen($requestparts[0])) {
$slugs = $requestparts;
} else {
$slugs = array();
}
$countslugs = count($slugs);
// Get list of questions, other bits of information that might be useful
$userid = qa_get_logged_in_userid();
list($questions1, $questions2, $categories, $categoryid, $custompage) = qa_db_select_with_pending(qa_db_qs_selectspec($userid, 'created', 0, $slugs, null, false, false, qa_opt_if_loaded('page_size_activity')), qa_db_recent_a_qs_selectspec($userid, 0, $slugs), qa_db_category_nav_selectspec($slugs, false, false, true), $countslugs ? qa_db_slugs_to_category_id_selectspec($slugs) : null, $countslugs == 1 && !$explicitqa ? qa_db_page_full_selectspec($slugs[0], false) : null);
// First, if this matches a custom page, return immediately with that page's content
if (isset($custompage) && !($custompage['flags'] & QA_PAGE_FLAGS_EXTERNAL)) {
qa_set_template('custom-' . $custompage['pageid']);
$qa_content = qa_content_prepare();
$level = qa_get_logged_in_level();
if (!qa_permit_value_error($custompage['permit'], $userid, $level, qa_get_logged_in_flags()) || !isset($custompage['permit'])) {
$qa_content['title'] = qa_html($custompage['heading']);
$qa_content['custom'] = $custompage['content'];
if ($level >= QA_USER_LEVEL_ADMIN) {
$qa_content['navigation']['sub'] = array('admin/pages' => array('label' => qa_lang('admin/edit_custom_page'), 'url' => qa_path_html('admin/pages', array('edit' => $custompage['pageid']))));
}
} else {
$qa_content['error'] = qa_lang_html('users/no_permission');
}
return $qa_content;
}
// Then, see if we should redirect because the 'qa' page is the same as the home page
if ($explicitqa && !qa_is_http_post() && !qa_has_custom_home()) {
qa_redirect(qa_category_path_request($categories, $categoryid), $_GET);
}
// Then, if there's a slug that matches no category, check page modules provided by plugins
require_once QA_INCLUDE_DIR . 'qa-db-selects.php';
require_once QA_INCLUDE_DIR . 'qa-app-format.php';
require_once QA_INCLUDE_DIR . 'qa-app-limits.php';
require_once QA_INCLUDE_DIR . 'qa-app-updates.php';
// $handle, $userhtml are already set by qa-page-user.php - also $userid if using external user integration
// Redirect to 'My Account' page if button clicked
if (qa_clicked('doaccount')) {
qa_redirect('account');
}
// Find the user profile and questions and answers for this handle
$loginuserid = qa_get_logged_in_userid();
$identifier = QA_FINAL_EXTERNAL_USERS ? $userid : $handle;
list($useraccount, $userprofile, $userfields, $usermessages, $userpoints, $userlevels, $navcategories, $userrank) = qa_db_select_with_pending(QA_FINAL_EXTERNAL_USERS ? null : qa_db_user_account_selectspec($handle, false), QA_FINAL_EXTERNAL_USERS ? null : qa_db_user_profile_selectspec($handle, false), QA_FINAL_EXTERNAL_USERS ? null : qa_db_userfields_selectspec(), QA_FINAL_EXTERNAL_USERS ? null : qa_db_recent_messages_selectspec(null, null, $handle, false, qa_opt_if_loaded('page_size_wall')), qa_db_user_points_selectspec($identifier), qa_db_user_levels_selectspec($identifier, QA_FINAL_EXTERNAL_USERS, true), qa_db_category_nav_selectspec(null, true), qa_db_user_rank_selectspec($identifier));
if (!QA_FINAL_EXTERNAL_USERS) {
foreach ($userfields as $index => $userfield) {
if (isset($userfield['permit']) && qa_permit_value_error($userfield['permit'], $loginuserid, qa_get_logged_in_level(), qa_get_logged_in_flags())) {
unset($userfields[$index]);
}
}
}
// don't pay attention to user fields we're not allowed to view
// Check the user exists and work out what can and can't be set (if not using single sign-on)
$errors = array();
$loginlevel = qa_get_logged_in_level();
if (!QA_FINAL_EXTERNAL_USERS) {
// if we're using integrated user management, we can know and show more
require_once QA_INCLUDE_DIR . 'qa-app-messages.php';
if (!is_array($userpoints) && !is_array($useraccount)) {
return include QA_INCLUDE_DIR . 'qa-page-not-found.php';
}
$userid = $useraccount['userid'];
function qa_navigation_add_page(&$navigation, $page)
{
if (!qa_permit_value_error($page['permit'], qa_get_logged_in_userid(), qa_get_logged_in_level(), qa_get_logged_in_flags()) || !isset($page['permit'])) {
$url = qa_custom_page_url($page);
$navigation[$page['flags'] & QA_PAGE_FLAGS_EXTERNAL ? 'custom-' . $page['pageid'] : $page['tags'] . '$'] = array('url' => qa_html($url), 'label' => qa_html($page['title']), 'opposite' => $page['nav'] == 'O', 'target' => $page['flags'] & QA_PAGE_FLAGS_NEW_WINDOW ? '_blank' : null, 'selected' => $page['flags'] & QA_PAGE_FLAGS_EXTERNAL && ($url == qa_path(qa_request()) || $url == qa_self_html()));
}
}
