File Sources/ManagePermissions.php

   1:    2:    3:    4:    5:    6:    7:    8:    9:   10:   11:   12:   13:   14:   15:   16:   17:   18:   19:   20:   21:   22:   23:   24:   25:   26:   27:   28:   29:   30:   31:   32:   33:   34:   35:   36:   37:   38:   39:   40:   41:   42:   43:   44:   45:   46:   47:   48:   49:   50:   51:   52:   53:   54:   55:   56:   57:   58:   59:   60:   61:   62:   63:   64:   65:   66:   67:   68:   69:   70:   71:   72:   73:   74:   75:   76:   77:   78:   79:   80:   81:   82:   83:   84:   85:   86:   87:   88:   89:   90:   91:   92:   93:   94:   95:   96:   97:   98:   99:  100:  101:  102:  103:  104:  105:  106:  107:  108:  109:  110:  111:  112:  113:  114:  115:  116:  117:  118:  119:  120:  121:  122:  123:  124:  125:  126:  127:  128:  129:  130:  131:  132:  133:  134:  135:  136:  137:  138:  139:  140:  141:  142:  143:  144:  145:  146:  147:  148:  149:  150:  151:  152:  153:  154:  155:  156:  157:  158:  159:  160:  161:  162:  163:  164:  165:  166:  167:  168:  169:  170:  171:  172:  173:  174:  175:  176:  177:  178:  179:  180:  181:  182:  183:  184:  185:  186:  187:  188:  189:  190:  191:  192:  193:  194:  195:  196:  197:  198:  199:  200:  201:  202:  203:  204:  205:  206:  207:  208:  209:  210:  211:  212:  213:  214:  215:  216:  217:  218:  219:  220:  221:  222:  223:  224:  225:  226:  227:  228:  229:  230:  231:  232:  233:  234:  235:  236:  237:  238:  239:  240:  241:  242:  243:  244:  245:  246:  247:  248:  249:  250:  251:  252:  253:  254:  255:  256:  257:  258:  259:  260:  261:  262:  263:  264:  265:  266:  267:  268:  269:  270:  271:  272:  273:  274:  275:  276:  277:  278:  279:  280:  281:  282:  283:  284:  285:  286:  287:  288:  289:  290:  291:  292:  293:  294:  295:  296:  297:  298:  299:  300:  301:  302:  303:  304:  305:  306:  307:  308:  309:  310:  311:  312:  313:  314:  315:  316:  317:  318:  319:  320:  321:  322:  323:  324:  325:  326:  327:  328:  329:  330:  331:  332:  333:  334:  335:  336:  337:  338:  339:  340:  341:  342:  343:  344:  345:  346:  347:  348:  349:  350:  351:  352:  353:  354:  355:  356:  357:  358:  359:  360:  361:  362:  363:  364:  365:  366:  367:  368:  369:  370:  371:  372:  373:  374:  375:  376:  377:  378:  379:  380:  381:  382:  383:  384:  385:  386:  387:  388:  389:  390:  391:  392:  393:  394:  395:  396:  397:  398:  399:  400:  401:  402:  403:  404:  405:  406:  407:  408:  409:  410:  411:  412:  413:  414:  415:  416:  417:  418:  419:  420:  421:  422:  423:  424:  425:  426:  427:  428:  429:  430:  431:  432:  433:  434:  435:  436:  437:  438:  439:  440:  441:  442:  443:  444:  445:  446:  447:  448:  449:  450:  451:  452:  453:  454:  455:  456:  457:  458:  459:  460:  461:  462:  463:  464:  465:  466:  467:  468:  469:  470:  471:  472:  473:  474:  475:  476:  477:  478:  479:  480:  481:  482:  483:  484:  485:  486:  487:  488:  489:  490:  491:  492:  493:  494:  495:  496:  497:  498:  499:  500:  501:  502:  503:  504:  505:  506:  507:  508:  509:  510:  511:  512:  513:  514:  515:  516:  517:  518:  519:  520:  521:  522:  523:  524:  525:  526:  527:  528:  529:  530:  531:  532:  533:  534:  535:  536:  537:  538:  539:  540:  541:  542:  543:  544:  545:  546:  547:  548:  549:  550:  551:  552:  553:  554:  555:  556:  557:  558:  559:  560:  561:  562:  563:  564:  565:  566:  567:  568:  569:  570:  571:  572:  573:  574:  575:  576:  577:  578:  579:  580:  581:  582:  583:  584:  585:  586:  587:  588:  589:  590:  591:  592:  593:  594:  595:  596:  597:  598:  599:  600:  601:  602:  603:  604:  605:  606:  607:  608:  609:  610:  611:  612:  613:  614:  615:  616:  617:  618:  619:  620:  621:  622:  623:  624:  625:  626:  627:  628:  629:  630:  631:  632:  633:  634:  635:  636:  637:  638:  639:  640:  641:  642:  643:  644:  645:  646:  647:  648:  649:  650:  651:  652:  653:  654:  655:  656:  657:  658:  659:  660:  661:  662:  663:  664:  665:  666:  667:  668:  669:  670:  671:  672:  673:  674:  675:  676:  677:  678:  679:  680:  681:  682:  683:  684:  685:  686:  687:  688:  689:  690:  691:  692:  693:  694:  695:  696:  697:  698:  699:  700:  701:  702:  703:  704:  705:  706:  707:  708:  709:  710:  711:  712:  713:  714:  715:  716:  717:  718:  719:  720:  721:  722:  723:  724:  725:  726:  727:  728:  729:  730:  731:  732:  733:  734:  735:  736:  737:  738:  739:  740:  741:  742:  743:  744:  745:  746:  747:  748:  749:  750:  751:  752:  753:  754:  755:  756:  757:  758:  759:  760:  761:  762:  763:  764:  765:  766:  767:  768:  769:  770:  771:  772:  773:  774:  775:  776:  777:  778:  779:  780:  781:  782:  783:  784:  785:  786:  787:  788:  789:  790:  791:  792:  793:  794:  795:  796:  797:  798:  799:  800:  801:  802:  803:  804:  805:  806:  807:  808:  809:  810:  811:  812:  813:  814:  815:  816:  817:  818:  819:  820:  821:  822:  823:  824:  825:  826:  827:  828:  829:  830:  831:  832:  833:  834:  835:  836:  837:  838:  839:  840:  841:  842:  843:  844:  845:  846:  847:  848:  849:  850:  851:  852:  853:  854:  855:  856:  857:  858:  859:  860:  861:  862:  863:  864:  865:  866:  867:  868:  869:  870:  871:  872:  873:  874:  875:  876:  877:  878:  879:  880:  881:  882:  883:  884:  885:  886:  887:  888:  889:  890:  891:  892:  893:  894:  895:  896:  897:  898:  899:  900:  901:  902:  903:  904:  905:  906:  907:  908:  909:  910:  911:  912:  913:  914:  915:  916:  917:  918:  919:  920:  921:  922:  923:  924:  925:  926:  927:  928:  929:  930:  931:  932:  933:  934:  935:  936:  937:  938:  939:  940:  941:  942:  943:  944:  945:  946:  947:  948:  949:  950:  951:  952:  953:  954:  955:  956:  957:  958:  959:  960:  961:  962:  963:  964:  965:  966:  967:  968:  969:  970:  971:  972:  973:  974:  975:  976:  977:  978:  979:  980:  981:  982:  983:  984:  985:  986:  987:  988:  989:  990:  991:  992:  993:  994:  995:  996:  997:  998:  999: 1000: 1001: 1002: 1003: 1004: 1005: 1006: 1007: 1008: 1009: 1010: 1011: 1012: 1013: 1014: 1015: 1016: 1017: 1018: 1019: 1020: 1021: 1022: 1023: 1024: 1025: 1026: 1027: 1028: 1029: 1030: 1031: 1032: 1033: 1034: 1035: 1036: 1037: 1038: 1039: 1040: 1041: 1042: 1043: 1044: 1045: 1046: 1047: 1048: 1049: 1050: 1051: 1052: 1053: 1054: 1055: 1056: 1057: 1058: 1059: 1060: 1061: 1062: 1063: 1064: 1065: 1066: 1067: 1068: 1069: 1070: 1071: 1072: 1073: 1074: 1075: 1076: 1077: 1078: 1079: 1080: 1081: 1082: 1083: 1084: 1085: 1086: 1087: 1088: 1089: 1090: 1091: 1092: 1093: 1094: 1095: 1096: 1097: 1098: 1099: 1100: 1101: 1102: 1103: 1104: 1105: 1106: 1107: 1108: 1109: 1110: 1111: 1112: 1113: 1114: 1115: 1116: 1117: 1118: 1119: 1120: 1121: 1122: 1123: 1124: 1125: 1126: 1127: 1128: 1129: 1130: 1131: 1132: 1133: 1134: 1135: 1136: 1137: 1138: 1139: 1140: 1141: 1142: 1143: 1144: 1145: 1146: 1147: 1148: 1149: 1150: 1151: 1152: 1153: 1154: 1155: 1156: 1157: 1158: 1159: 1160: 1161: 1162: 1163: 1164: 1165: 1166: 1167: 1168: 1169: 1170: 1171: 1172: 1173: 1174: 1175: 1176: 1177: 1178: 1179: 1180: 1181: 1182: 1183: 1184: 1185: 1186: 1187: 1188: 1189: 1190: 1191: 1192: 1193: 1194: 1195: 1196: 1197: 1198: 1199: 1200: 1201: 1202: 1203: 1204: 1205: 1206: 1207: 1208: 1209: 1210: 1211: 1212: 1213: 1214: 1215: 1216: 1217: 1218: 1219: 1220: 1221: 1222: 1223: 1224: 1225: 1226: 1227: 1228: 1229: 1230: 1231: 1232: 1233: 1234: 1235: 1236: 1237: 1238: 1239: 1240: 1241: 1242: 1243: 1244: 1245: 1246: 1247: 1248: 1249: 1250: 1251: 1252: 1253: 1254: 1255: 1256: 1257: 1258: 1259: 1260: 1261: 1262: 1263: 1264: 1265: 1266: 1267: 1268: 1269: 1270: 1271: 1272: 1273: 1274: 1275: 1276: 1277: 1278: 1279: 1280: 1281: 1282: 1283: 1284: 1285: 1286: 1287: 1288: 1289: 1290: 1291: 1292: 1293: 1294: 1295: 1296: 1297: 1298: 1299: 1300: 1301: 1302: 1303: 1304: 1305: 1306: 1307: 1308: 1309: 1310: 1311: 1312: 1313: 1314: 1315: 1316: 1317: 1318: 1319: 1320: 1321: 1322: 1323: 1324: 1325: 1326: 1327: 1328: 1329: 1330: 1331: 1332: 1333: 1334: 1335: 1336: 1337: 1338: 1339: 1340: 1341: 1342: 1343: 1344: 1345: 1346: 1347: 1348: 1349: 1350: 1351: 1352: 1353: 1354: 1355: 1356: 1357: 1358: 1359: 1360: 1361: 1362: 1363: 1364: 1365: 1366: 1367: 1368: 1369: 1370: 1371: 1372: 1373: 1374: 1375: 1376: 1377: 1378: 1379: 1380: 1381: 1382: 1383: 1384: 1385: 1386: 1387: 1388: 1389: 1390: 1391: 1392: 1393: 1394: 1395: 1396: 1397: 1398: 1399: 1400: 1401: 1402: 1403: 1404: 1405: 1406: 1407: 1408: 1409: 1410: 1411: 1412: 1413: 1414: 1415: 1416: 1417: 1418: 1419: 1420: 1421: 1422: 1423: 1424: 1425: 1426: 1427: 1428: 1429: 1430: 1431: 1432: 1433: 1434: 1435: 1436: 1437: 1438: 1439: 1440: 1441: 1442: 1443: 1444: 1445: 1446: 1447: 1448: 1449: 1450: 1451: 1452: 1453: 1454: 1455: 1456: 1457: 1458: 1459: 1460: 1461: 1462: 1463: 1464: 1465: 1466: 1467: 1468: 1469: 1470: 1471: 1472: 1473: 1474: 1475: 1476: 1477: 1478: 1479: 1480: 1481: 1482: 1483: 1484: 1485: 1486: 1487: 1488: 1489: 1490: 1491: 1492: 1493: 1494: 1495: 1496: 1497: 1498: 1499: 1500: 1501: 1502: 1503: 1504: 1505: 1506: 1507: 1508: 1509: 1510: 1511: 1512: 1513: 1514: 1515: 1516: 1517: 1518: 1519: 1520: 1521: 1522: 1523: 1524: 1525: 1526: 1527: 1528: 1529: 1530: 1531: 1532: 1533: 1534: 1535: 1536: 1537: 1538: 1539: 1540: 1541: 1542: 1543: 1544: 1545: 1546: 1547: 1548: 1549: 1550: 1551: 1552: 1553: 1554: 1555: 1556: 1557: 1558: 1559: 1560: 1561: 1562: 1563: 1564: 1565: 1566: 1567: 1568: 1569: 1570: 1571: 1572: 1573: 1574: 1575: 1576: 1577: 1578: 1579: 1580: 1581: 1582: 1583: 1584: 1585: 1586: 1587: 1588: 1589: 1590: 1591: 1592: 1593: 1594: 1595: 1596: 1597: 1598: 1599: 1600: 1601: 1602: 1603: 1604: 1605: 1606: 1607: 1608: 1609: 1610: 1611: 1612: 1613: 1614: 1615: 1616: 1617: 1618: 1619: 1620: 1621: 1622: 1623: 1624: 1625: 1626: 1627: 1628: 1629: 1630: 1631: 1632: 1633: 1634: 1635: 1636: 1637: 1638: 1639: 1640: 1641: 1642: 1643: 1644: 1645: 1646: 1647: 1648: 1649: 1650: 1651: 1652: 1653: 1654: 1655: 1656: 1657: 1658: 1659: 1660: 1661: 1662: 1663: 1664: 1665: 1666: 1667: 1668: 1669: 1670: 1671: 1672: 1673: 1674: 1675: 1676: 1677: 1678: 1679: 1680: 1681: 1682: 1683: 1684: 1685: 1686: 1687: 1688: 1689: 1690: 1691: 1692: 1693: 1694: 1695: 1696: 1697: 1698: 1699: 1700: 1701: 1702: 1703: 1704: 1705: 1706: 1707: 1708: 1709: 1710: 1711: 1712: 1713: 1714: 1715: 1716: 1717: 1718: 1719: 1720: 1721: 1722: 1723: 1724: 1725: 1726: 1727: 1728: 1729: 1730: 1731: 1732: 1733: 1734: 1735: 1736: 1737: 1738: 1739: 1740: 1741: 1742: 1743: 1744: 1745: 1746: 1747: 1748: 1749: 1750: 1751: 1752: 1753: 1754: 1755: 1756: 1757: 1758: 1759: 1760: 1761: 1762: 1763: 1764: 1765: 1766: 1767: 1768: 1769: 1770: 1771: 1772: 1773: 1774: 1775: 1776: 1777: 1778: 1779: 1780: 1781: 1782: 1783: 1784: 1785: 1786: 1787: 1788: 1789: 1790: 1791: 1792: 1793: 1794: 1795: 1796: 1797: 1798: 1799: 1800: 1801: 1802: 1803: 1804: 1805: 1806: 1807: 1808: 1809: 1810: 1811: 1812: 1813: 1814: 1815: 1816: 1817: 1818: 1819: 1820: 1821: 1822: 1823: 1824: 1825: 1826: 1827: 1828: 1829: 1830: 1831: 1832: 1833: 1834: 1835: 1836: 1837: 1838: 1839: 1840: 1841: 1842: 1843: 1844: 1845: 1846: 1847: 1848: 1849: 1850: 1851: 1852: 1853: 1854: 1855: 1856: 1857: 1858: 1859: 1860: 1861: 1862: 1863: 1864: 1865: 1866: 1867: 1868: 1869: 1870: 1871: 1872: 1873: 1874: 1875: 1876: 1877: 1878: 1879: 1880: 1881: 1882: 1883: 1884: 1885: 1886: 1887: 1888: 1889: 1890: 1891: 1892: 1893: 1894: 1895: 1896: 1897: 1898: 1899: 1900: 1901: 1902: 1903: 1904: 1905: 1906: 1907: 1908: 1909: 1910: 1911: 1912: 1913: 1914: 1915: 1916: 1917: 1918: 1919: 1920: 1921: 1922: 1923: 1924: 1925: 1926: 1927: 1928: 1929: 1930: 1931: 1932: 1933: 1934: 1935: 1936: 1937: 1938: 1939: 1940: 1941: 1942: 1943: 1944: 1945: 1946: 1947: 1948: 1949: 1950: 1951: 1952: 1953: 1954: 1955: 1956: 1957: 1958: 1959: 1960: 1961: 1962: 1963: 1964: 1965: 1966: 1967: 1968: 1969: 1970: 1971: 1972: 1973: 1974: 1975: 1976: 1977: 1978: 1979: 1980: 1981: 1982: 1983: 1984: 1985: 1986: 1987: 1988: 1989: 1990: 1991: 1992: 1993: 1994: 1995: 1996: 1997: 1998: 1999: 2000: 2001: 2002: 2003: 2004: 2005: 2006: 2007: 2008: 2009: 2010: 2011: 2012: 2013: 2014: 2015: 2016: 2017: 2018: 2019: 2020: 2021: 2022: 2023: 2024: 2025: 2026: 2027: 2028: 2029: 2030: 2031: 2032: 2033: 2034: 2035: 2036: 2037: 2038: 2039: 2040: 2041: 2042: 2043: 2044: 2045: 2046: 2047: 2048: 2049: 2050: 2051: 2052: 2053: 2054: 2055: 2056: 2057: 2058: 2059: 2060: 2061: 2062: 2063: 2064: 2065: 2066: 2067: 2068: 2069: 2070: 2071: 2072: 2073: 2074: 2075: 2076: 2077: 2078: 2079: 2080: 2081: 2082: 2083: 2084: 2085: 2086: 2087: 2088: 2089: 2090: 2091: 2092: 2093: 2094: 2095: 2096: 2097: 2098: 2099: 2100: 2101: 2102: 2103: 2104: 2105: 2106: 2107: 2108: 2109: 2110: 2111: 2112: 2113: 2114: 2115: 2116: 2117: 2118: 2119: 2120: 2121: 2122: 2123: 2124: 2125: 2126: 2127: 2128: 2129: 2130: 2131: 2132: 2133: 2134: 2135: 2136: 2137: 2138: 2139: 2140: 2141: 2142: 2143: 2144: 2145: 2146: 2147: 2148: 2149: 2150: 2151: 2152: 2153: 2154: 2155: 2156: 2157: 2158: 2159: 2160: 2161: 2162: 2163: 2164: 2165: 2166: 2167: 2168: 2169: 2170: 2171: 2172: 2173: 2174: 2175: 2176: 2177: 2178: 2179: 2180: 2181: 2182: 2183: 2184: 2185: 2186: 2187: 2188: 2189: 2190: 2191: 2192: 2193: 2194: 2195: 2196: 2197: 2198: 2199: 2200: 2201: 2202: 2203: 2204: 2205: 2206: 2207: 2208: 2209: 2210: 2211: 2212: 2213: 2214: 2215: 2216: 2217: 2218: 2219: 2220: 2221: 2222: 2223: 2224: 2225: 2226: 2227: 2228: 2229: 2230: 2231: 2232: 2233: 2234: 2235: 2236: 2237: 2238: 2239: 2240: 2241: 2242: 2243: 2244: 2245: 2246: 2247: 2248: 2249: 2250: 2251: 2252: 2253: 2254: 2255: 2256: 2257: 2258: 2259: 2260: 2261: 2262: 2263: 2264: 2265: 2266: 2267: 2268: 2269: 2270: 2271: 2272: 2273: 2274: 2275: 2276: 2277: 2278: 2279: 2280: 2281: 2282: 2283: 2284: 2285: 2286: 2287: 2288: 2289: 2290: 2291: 2292: 2293: 2294: 2295: 2296: 2297: 2298: 2299: 2300: 2301: 2302: 2303: 2304: 2305: 2306: 2307: 2308: 2309: 2310: 2311: 2312: 2313: 2314: 2315: 2316: 2317: 2318: 2319: 2320: 2321: 2322: 2323: 2324: 2325: 2326: 2327: 2328: 2329: 2330: 2331: 2332: 2333: 2334: 2335: 2336: 2337: 2338: 2339: 2340: 2341: 2342: 2343: 2344: 2345: 2346: 2347: 2348: 2349: 2350: 2351: 2352: 2353: 2354: 2355: 2356: 2357: 2358: 2359: 2360: 2361: 2362: 2363: 2364: 2365: 2366: 2367: 2368: 2369: 2370: 2371: 2372: 2373: 2374: 2375: 2376: 2377: 2378: 2379: 2380: 2381: 2382: 2383: 2384: 2385: 2386: 2387: 2388: 2389: 2390: 2391: 2392: 2393: 2394: 2395: 2396: 2397: 2398: 2399: 2400: 2401: 2402: 2403: 2404: 2405: 2406: 2407: 2408: 2409: 2410: 2411: 2412: 2413: 2414: 2415: 2416: 2417: 2418: 2419: 2420: 2421: 2422: 2423: 2424: 2425: 2426: 2427: 2428: 2429: 2430: 2431: 2432: 2433: 2434: 2435: 2436: 2437: 2438: 2439: 2440: 2441: 2442: 2443: 2444: 2445: 2446: 2447: 2448: 2449: 2450: 2451: 2452: 2453: 2454: 2455: 2456: 2457: 2458: 2459: 2460: 2461: 2462: 2463: 2464: 2465: 2466: 2467: 2468: 2469: 2470: 2471: 2472: 2473: 2474: 2475: 2476: 2477: 2478: 2479: 2480: 2481: 2482: 2483: 2484: 2485: 2486: 2487: 2488: 2489: 2490: 2491: 2492: 2493: 2494: 2495: 2496: 2497: 2498: 2499: 2500: 2501: 2502: 2503: 2504: 2505: 2506: 2507: 2508: 2509: 2510: 2511: 2512: 2513: 2514: 2515: 2516: 2517: 2518: 2519: 2520: 2521: 2522: 2523: 2524: 2525: 2526: 2527: 2528: 2529: 2530: 2531: 2532: 2533: 2534: 2535: 2536: 2537: 2538: 2539: 2540: 2541: 2542: 2543: 2544: 2545: 2546: 2547: 2548: 2549: 2550: 2551: 2552: 2553: 2554: 2555: 2556: 2557: 2558: 2559: 2560: 2561: 2562: 2563: 2564: 2565: 2566: 2567: 2568: 2569: 2570: 2571: 2572: 2573: 2574: 2575: 2576: 2577: 2578: 2579: 2580: 2581: 2582: 2583: 2584: 2585: 2586: 2587: 2588: 2589: 2590: 2591: 2592: 2593: 2594: 2595: 2596: 2597: 2598: 2599: 2600: 2601: 2602: 2603: 2604: 2605: 2606: 2607: 2608: 2609: 2610: 2611: 2612: 2613: 2614: 2615: 2616: 2617: 2618: 2619: 2620: 2621: 2622: 2623: 2624: 2625: 2626: 2627: 2628: 2629: 2630: 2631: 2632: 2633: 2634: 2635: 2636: 2637: 2638: 2639: 2640:

<?php

/**
 * ManagePermissions handles all possible permission stuff.
 *
 * Simple Machines Forum (SMF)
 *
 * @package SMF
 * @author Simple Machines https://www.simplemachines.org
 * @copyright 2020 Simple Machines and individual contributors
 * @license https://www.simplemachines.org/about/smf/license.php BSD
 *
 * @version 2.1 RC2
 */

if (!defined('SMF'))
    die('No direct access...');

/**
 * Dispatches to the right function based on the given subaction.
 * Checks the permissions, based on the sub-action.
 * Called by ?action=managepermissions.
 *
 * @uses ManagePermissions language file.
 */

function ModifyPermissions()
{
    global $txt, $context;

    loadLanguage('ManagePermissions+ManageMembers');
    loadTemplate('ManagePermissions');

    // Format: 'sub-action' => array('function_to_call', 'permission_needed'),
    $subActions = array(
        'board' => array('PermissionByBoard', 'manage_permissions'),
        'index' => array('PermissionIndex', 'manage_permissions'),
        'modify' => array('ModifyMembergroup', 'manage_permissions'),
        'modify2' => array('ModifyMembergroup2', 'manage_permissions'),
        'quick' => array('SetQuickGroups', 'manage_permissions'),
        'quickboard' => array('SetQuickBoards', 'manage_permissions'),
        'postmod' => array('ModifyPostModeration', 'manage_permissions'),
        'profiles' => array('EditPermissionProfiles', 'manage_permissions'),
        'settings' => array('GeneralPermissionSettings', 'admin_forum'),
    );

    $_REQUEST['sa'] = isset($_REQUEST['sa']) && isset($subActions[$_REQUEST['sa']]) && empty($subActions[$_REQUEST['sa']]['disabled']) ? $_REQUEST['sa'] : (allowedTo('manage_permissions') ? 'index' : 'settings');
    isAllowedTo($subActions[$_REQUEST['sa']][1]);

    // Create the tabs for the template.
    $context[$context['admin_menu_name']]['tab_data'] = array(
        'title' => $txt['permissions_title'],
        'help' => 'permissions',
        'description' => '',
        'tabs' => array(
            'index' => array(
                'description' => $txt['permissions_groups'],
            ),
            'board' => array(
                'description' => $txt['permission_by_board_desc'],
            ),
            'profiles' => array(
                'description' => $txt['permissions_profiles_desc'],
            ),
            'postmod' => array(
                'description' => $txt['permissions_post_moderation_desc'],
            ),
            'settings' => array(
                'description' => $txt['permission_settings_desc'],
            ),
        ),
    );

    call_integration_hook('integrate_manage_permissions', array(&$subActions));

    call_helper($subActions[$_REQUEST['sa']][0]);
}

/**
 * Sets up the permissions by membergroup index page.
 * Called by ?action=managepermissions
 * Creates an array of all the groups with the number of members and permissions.
 *
 * @uses ManagePermissions language file.
 * @uses ManagePermissions template file.
 * @uses ManageBoards template, permission_index sub-template.
 */
function PermissionIndex()
{
    global $txt, $scripturl, $context, $settings, $modSettings, $smcFunc;

    $context['page_title'] = $txt['permissions_title'];

    // Load all the permissions. We'll need them in the template.
    loadAllPermissions();

    // Also load profiles, we may want to reset.
    loadPermissionProfiles();

    // Are we going to show the advanced options?
    $context['show_advanced_options'] = empty($context['admin_preferences']['app']);

    // Determine the number of ungrouped members.
    $request = $smcFunc['db_query']('', '
        SELECT COUNT(*)
        FROM {db_prefix}members
        WHERE id_group = {int:regular_group}',
        array(
            'regular_group' => 0,
        )
    );
    list ($num_members) = $smcFunc['db_fetch_row']($request);
    $smcFunc['db_free_result']($request);

    // Fill the context variable with 'Guests' and 'Regular Members'.
    $context['groups'] = array(
        -1 => array(
            'id' => -1,
            'name' => $txt['membergroups_guests'],
            'num_members' => $txt['membergroups_guests_na'],
            'allow_delete' => false,
            'allow_modify' => true,
            'can_search' => false,
            'href' => '',
            'link' => '',
            'help' => 'membergroup_guests',
            'is_post_group' => false,
            'color' => '',
            'icons' => '',
            'children' => array(),
            'num_permissions' => array(
                'allowed' => 0,
                // Can't deny guest permissions!
                'denied' => '(' . $txt['permissions_none'] . ')'
            ),
            'access' => false
        ),
        0 => array(
            'id' => 0,
            'name' => $txt['membergroups_members'],
            'num_members' => $num_members,
            'allow_delete' => false,
            'allow_modify' => true,
            'can_search' => false,
            'href' => $scripturl . '?action=moderate;area=viewgroups;sa=members;group=0',
            'help' => 'membergroup_regular_members',
            'is_post_group' => false,
            'color' => '',
            'icons' => '',
            'children' => array(),
            'num_permissions' => array(
                'allowed' => 0,
                'denied' => 0
            ),
            'access' => false
        ),
    );

    $postGroups = array();
    $normalGroups = array();

    // Query the database defined membergroups.
    $query = $smcFunc['db_query']('', '
        SELECT id_group, id_parent, group_name, min_posts, online_color, icons
        FROM {db_prefix}membergroups' . (empty($modSettings['permission_enable_postgroups']) ? '
        WHERE min_posts = {int:min_posts}' : '') . '
        ORDER BY id_parent = {int:not_inherited} DESC, min_posts, CASE WHEN id_group < {int:newbie_group} THEN id_group ELSE 4 END, group_name',
        array(
            'min_posts' => -1,
            'not_inherited' => -2,
            'newbie_group' => 4,
        )
    );
    while ($row = $smcFunc['db_fetch_assoc']($query))
    {
        // If it's inherited, just add it as a child.
        if ($row['id_parent'] != -2)
        {
            if (isset($context['groups'][$row['id_parent']]))
                $context['groups'][$row['id_parent']]['children'][$row['id_group']] = $row['group_name'];
            continue;
        }

        $row['icons'] = explode('#', $row['icons']);
        $context['groups'][$row['id_group']] = array(
            'id' => $row['id_group'],
            'name' => $row['group_name'],
            'num_members' => $row['id_group'] != 3 ? 0 : $txt['membergroups_guests_na'],
            'allow_delete' => $row['id_group'] > 4,
            'allow_modify' => $row['id_group'] > 1,
            'can_search' => $row['id_group'] != 3,
            'href' => $scripturl . '?action=moderate;area=viewgroups;sa=members;group=' . $row['id_group'],
            'help' => $row['id_group'] == 1 ? 'membergroup_administrator' : ($row['id_group'] == 3 ? 'membergroup_moderator' : ''),
            'is_post_group' => $row['min_posts'] != -1,
            'color' => empty($row['online_color']) ? '' : $row['online_color'],
            'icons' => !empty($row['icons'][0]) && !empty($row['icons'][1]) ? str_repeat('<img src="' . $settings['images_url'] . '/' . $row['icons'][1] . '" alt="*">', $row['icons'][0]) : '',
            'children' => array(),
            'num_permissions' => array(
                'allowed' => $row['id_group'] == 1 ? '(' . $txt['permissions_all'] . ')' : 0,
                'denied' => $row['id_group'] == 1 ? '(' . $txt['permissions_none'] . ')' : 0
            ),
            'access' => false,
        );

        if ($row['min_posts'] == -1)
            $normalGroups[$row['id_group']] = $row['id_group'];
        else
            $postGroups[$row['id_group']] = $row['id_group'];
    }
    $smcFunc['db_free_result']($query);

    // Get the number of members in this post group.
    if (!empty($postGroups))
    {
        $query = $smcFunc['db_query']('', '
            SELECT id_post_group AS id_group, COUNT(*) AS num_members
            FROM {db_prefix}members
            WHERE id_post_group IN ({array_int:post_group_list})
            GROUP BY id_post_group',
            array(
                'post_group_list' => $postGroups,
            )
        );
        while ($row = $smcFunc['db_fetch_assoc']($query))
            $context['groups'][$row['id_group']]['num_members'] += $row['num_members'];
        $smcFunc['db_free_result']($query);
    }

    if (!empty($normalGroups))
    {
        // First, the easy one!
        $query = $smcFunc['db_query']('', '
            SELECT id_group, COUNT(*) AS num_members
            FROM {db_prefix}members
            WHERE id_group IN ({array_int:normal_group_list})
            GROUP BY id_group',
            array(
                'normal_group_list' => $normalGroups,
            )
        );
        while ($row = $smcFunc['db_fetch_assoc']($query))
            $context['groups'][$row['id_group']]['num_members'] += $row['num_members'];
        $smcFunc['db_free_result']($query);

        // This one is slower, but it's okay... careful not to count twice!
        $query = $smcFunc['db_query']('', '
            SELECT mg.id_group, COUNT(*) AS num_members
            FROM {db_prefix}membergroups AS mg
                INNER JOIN {db_prefix}members AS mem ON (mem.additional_groups != {string:blank_string}
                    AND mem.id_group != mg.id_group
                    AND FIND_IN_SET(mg.id_group, mem.additional_groups) != 0)
            WHERE mg.id_group IN ({array_int:normal_group_list})
            GROUP BY mg.id_group',
            array(
                'normal_group_list' => $normalGroups,
                'blank_string' => '',
            )
        );
        while ($row = $smcFunc['db_fetch_assoc']($query))
            $context['groups'][$row['id_group']]['num_members'] += $row['num_members'];
        $smcFunc['db_free_result']($query);
    }

    foreach ($context['groups'] as $id => $data)
    {
        if ($data['href'] != '')
            $context['groups'][$id]['link'] = '<a href="' . $data['href'] . '">' . $data['num_members'] . '</a>';
    }

    if (empty($_REQUEST['pid']))
    {
        $request = $smcFunc['db_query']('', '
            SELECT id_group, COUNT(*) AS num_permissions, add_deny
            FROM {db_prefix}permissions
            ' . (empty($context['hidden_permissions']) ? '' : ' WHERE permission NOT IN ({array_string:hidden_permissions})') . '
            GROUP BY id_group, add_deny',
            array(
                'hidden_permissions' => !empty($context['hidden_permissions']) ? $context['hidden_permissions'] : array(),
            )
        );
        while ($row = $smcFunc['db_fetch_assoc']($request))
            if (isset($context['groups'][(int) $row['id_group']]) && (!empty($row['add_deny']) || $row['id_group'] != -1))
                $context['groups'][(int) $row['id_group']]['num_permissions'][empty($row['add_deny']) ? 'denied' : 'allowed'] = $row['num_permissions'];
        $smcFunc['db_free_result']($request);

        // Get the "default" profile permissions too.
        $request = $smcFunc['db_query']('', '
            SELECT id_profile, id_group, COUNT(*) AS num_permissions, add_deny
            FROM {db_prefix}board_permissions
            WHERE id_profile = {int:default_profile}
            ' . (empty($context['hidden_permissions']) ? '' : ' AND permission NOT IN ({array_string:hidden_permissions})') . '
            GROUP BY id_profile, id_group, add_deny',
            array(
                'default_profile' => 1,
                'hidden_permissions' => !empty($context['hidden_permissions']) ? $context['hidden_permissions'] : array(),
            )
        );
        while ($row = $smcFunc['db_fetch_assoc']($request))
        {
            if (isset($context['groups'][(int) $row['id_group']]) && (!empty($row['add_deny']) || $row['id_group'] != -1))
                $context['groups'][(int) $row['id_group']]['num_permissions'][empty($row['add_deny']) ? 'denied' : 'allowed'] += $row['num_permissions'];
        }
        $smcFunc['db_free_result']($request);
    }
    else
    {
        $_REQUEST['pid'] = (int) $_REQUEST['pid'];

        if (!isset($context['profiles'][$_REQUEST['pid']]))
            fatal_lang_error('no_access', false);

        // Change the selected tab to better reflect that this really is a board profile.
        $context[$context['admin_menu_name']]['current_subsection'] = 'profiles';

        $request = $smcFunc['db_query']('', '
            SELECT id_profile, id_group, COUNT(*) AS num_permissions, add_deny
            FROM {db_prefix}board_permissions
            WHERE id_profile = {int:current_profile}
            GROUP BY id_profile, id_group, add_deny',
            array(
                'current_profile' => $_REQUEST['pid'],
            )
        );
        while ($row = $smcFunc['db_fetch_assoc']($request))
        {
            if (isset($context['groups'][(int) $row['id_group']]) && (!empty($row['add_deny']) || $row['id_group'] != -1))
                $context['groups'][(int) $row['id_group']]['num_permissions'][empty($row['add_deny']) ? 'denied' : 'allowed'] += $row['num_permissions'];
        }
        $smcFunc['db_free_result']($request);

        $context['profile'] = array(
            'id' => $_REQUEST['pid'],
            'name' => $context['profiles'][$_REQUEST['pid']]['name'],
        );
    }

    // We can modify any permission set apart from the read only, reply only and no polls ones as they are redefined.
    $context['can_modify'] = empty($_REQUEST['pid']) || $_REQUEST['pid'] == 1 || $_REQUEST['pid'] > 4;

    // Load the proper template.
    $context['sub_template'] = 'permission_index';
    createToken('admin-mpq');
}

/**
 * Handle permissions by board... more or less. :P
 */
function PermissionByBoard()
{
    global $context, $txt, $smcFunc, $sourcedir, $cat_tree, $boardList, $boards;

    $context['page_title'] = $txt['permissions_boards'];
    $context['edit_all'] = isset($_GET['edit']);

    // Saving?
    if (!empty($_POST['save_changes']) && !empty($_POST['boardprofile']))
    {
        checkSession('request');
        validateToken('admin-mpb');

        $changes = array();
        foreach ($_POST['boardprofile'] as $pBoard => $profile)
        {
            $changes[(int) $profile][] = (int) $pBoard;
        }

        if (!empty($changes))
        {
            foreach ($changes as $profile => $boards)
                $smcFunc['db_query']('', '
                    UPDATE {db_prefix}boards
                    SET id_profile = {int:current_profile}
                    WHERE id_board IN ({array_int:board_list})',
                    array(
                        'board_list' => $boards,
                        'current_profile' => $profile,
                    )
                );
        }

        $context['edit_all'] = false;
    }

    // Load all permission profiles.
    loadPermissionProfiles();

    // Get the board tree.
    require_once($sourcedir . '/Subs-Boards.php');

    getBoardTree();

    // Build the list of the boards.
    $context['categories'] = array();
    foreach ($cat_tree as $catid => $tree)
    {
        $context['categories'][$catid] = array(
            'name' => &$tree['node']['name'],
            'id' => &$tree['node']['id'],
            'boards' => array()
        );
        foreach ($boardList[$catid] as $boardid)
        {
            if (!isset($context['profiles'][$boards[$boardid]['profile']]))
                $boards[$boardid]['profile'] = 1;

            $context['categories'][$catid]['boards'][$boardid] = array(
                'id' => &$boards[$boardid]['id'],
                'name' => &$boards[$boardid]['name'],
                'description' => &$boards[$boardid]['description'],
                'child_level' => &$boards[$boardid]['level'],
                'profile' => &$boards[$boardid]['profile'],
                'profile_name' => $context['profiles'][$boards[$boardid]['profile']]['name'],
            );
        }
    }

    $context['sub_template'] = 'by_board';
    createToken('admin-mpb');
}

/**
 * Handles permission modification actions from the upper part of the
 * permission manager index.
 */
function SetQuickGroups()
{
    global $context, $smcFunc;

    checkSession();
    validateToken('admin-mpq', 'quick');

    loadIllegalPermissions();
    loadIllegalGuestPermissions();
    loadIllegalBBCHtmlGroups();

    // Make sure only one of the quick options was selected.
    if ((!empty($_POST['predefined']) && ((isset($_POST['copy_from']) && $_POST['copy_from'] != 'empty') || !empty($_POST['permissions']))) || (!empty($_POST['copy_from']) && $_POST['copy_from'] != 'empty' && !empty($_POST['permissions'])))
        fatal_lang_error('permissions_only_one_option', false);

    if (empty($_POST['group']) || !is_array($_POST['group']))
        $_POST['group'] = array();

    // Only accept numeric values for selected membergroups.
    foreach ($_POST['group'] as $id => $group_id)
        $_POST['group'][$id] = (int) $group_id;
    $_POST['group'] = array_unique($_POST['group']);

    if (empty($_REQUEST['pid']))
        $_REQUEST['pid'] = 0;
    else
        $_REQUEST['pid'] = (int) $_REQUEST['pid'];

    // Fix up the old global to the new default!
    $bid = max(1, $_REQUEST['pid']);

    // No modifying the predefined profiles.
    if ($_REQUEST['pid'] > 1 && $_REQUEST['pid'] < 5)
        fatal_lang_error('no_access', false);

    // Clear out any cached authority.
    updateSettings(array('settings_updated' => time()));

    // No groups were selected.
    if (empty($_POST['group']))
        redirectexit('action=admin;area=permissions;pid=' . $_REQUEST['pid']);

    // Set a predefined permission profile.
    if (!empty($_POST['predefined']))
    {
        // Make sure it's a predefined permission set we expect.
        if (!in_array($_POST['predefined'], array('restrict', 'standard', 'moderator', 'maintenance')))
            redirectexit('action=admin;area=permissions;pid=' . $_REQUEST['pid']);

        foreach ($_POST['group'] as $group_id)
        {
            if (!empty($_REQUEST['pid']))
                setPermissionLevel($_POST['predefined'], $group_id, $_REQUEST['pid']);
            else
                setPermissionLevel($_POST['predefined'], $group_id);
        }
    }
    // Set a permission profile based on the permissions of a selected group.
    elseif ($_POST['copy_from'] != 'empty')
    {
        // Just checking the input.
        if (!is_numeric($_POST['copy_from']))
            redirectexit('action=admin;area=permissions;pid=' . $_REQUEST['pid']);

        // Make sure the group we're copying to is never included.
        $_POST['group'] = array_diff($_POST['group'], array($_POST['copy_from']));

        // No groups left? Too bad.
        if (empty($_POST['group']))
            redirectexit('action=admin;area=permissions;pid=' . $_REQUEST['pid']);

        if (empty($_REQUEST['pid']))
        {
            // Retrieve current permissions of group.
            $request = $smcFunc['db_query']('', '
                SELECT permission, add_deny
                FROM {db_prefix}permissions
                WHERE id_group = {int:copy_from}',
                array(
                    'copy_from' => $_POST['copy_from'],
                )
            );
            $target_perm = array();
            while ($row = $smcFunc['db_fetch_assoc']($request))
                $target_perm[$row['permission']] = $row['add_deny'];
            $smcFunc['db_free_result']($request);

            $inserts = array();
            foreach ($_POST['group'] as $group_id)
                foreach ($target_perm as $perm => $add_deny)
                {
                    // No dodgy permissions please!
                    if (!empty($context['illegal_permissions']) && in_array($perm, $context['illegal_permissions']))
                        continue;
                    if (isset($context['permissions_excluded'][$perm]) && in_array($group_id, $context['permissions_excluded'][$perm]))
                        continue;

                    if ($group_id != 1 && $group_id != 3)
                        $inserts[] = array($perm, $group_id, $add_deny);
                }

            // Delete the previous permissions...
            $smcFunc['db_query']('', '
                DELETE FROM {db_prefix}permissions
                WHERE id_group IN ({array_int:group_list})
                    ' . (empty($context['illegal_permissions']) ? '' : ' AND permission NOT IN ({array_string:illegal_permissions})'),
                array(
                    'group_list' => $_POST['group'],
                    'illegal_permissions' => !empty($context['illegal_permissions']) ? $context['illegal_permissions'] : array(),
                )
            );

            if (!empty($inserts))
            {
                // ..and insert the new ones.
                $smcFunc['db_insert']('',
                    '{db_prefix}permissions',
                    array(
                        'permission' => 'string', 'id_group' => 'int', 'add_deny' => 'int',
                    ),
                    $inserts,
                    array('permission', 'id_group')
                );
            }
        }

        // Now do the same for the board permissions.
        $request = $smcFunc['db_query']('', '
            SELECT permission, add_deny
            FROM {db_prefix}board_permissions
            WHERE id_group = {int:copy_from}
                AND id_profile = {int:current_profile}',
            array(
                'copy_from' => $_POST['copy_from'],
                'current_profile' => $bid,
            )
        );
        $target_perm = array();
        while ($row = $smcFunc['db_fetch_assoc']($request))
            $target_perm[$row['permission']] = $row['add_deny'];
        $smcFunc['db_free_result']($request);

        $inserts = array();
        foreach ($_POST['group'] as $group_id)
            foreach ($target_perm as $perm => $add_deny)
            {
                // Are these for guests?
                if ($group_id == -1 && in_array($perm, $context['non_guest_permissions']))
                    continue;

                $inserts[] = array($perm, $group_id, $bid, $add_deny);
            }

        // Delete the previous global board permissions...
        $smcFunc['db_query']('', '
            DELETE FROM {db_prefix}board_permissions
            WHERE id_group IN ({array_int:current_group_list})
                AND id_profile = {int:current_profile}',
            array(
                'current_group_list' => $_POST['group'],
                'current_profile' => $bid,
            )
        );

        // And insert the copied permissions.
        if (!empty($inserts))
        {
            // ..and insert the new ones.
            $smcFunc['db_insert']('',
                '{db_prefix}board_permissions',
                array('permission' => 'string', 'id_group' => 'int', 'id_profile' => 'int', 'add_deny' => 'int'),
                $inserts,
                array('permission', 'id_group', 'id_profile')
            );
        }

        // Update any children out there!
        updateChildPermissions($_POST['group'], $_REQUEST['pid']);
    }
    // Set or unset a certain permission for the selected groups.
    elseif (!empty($_POST['permissions']))
    {
        // Unpack two variables that were transported.
        list ($permissionType, $permission) = explode('/', $_POST['permissions']);

        // Check whether our input is within expected range.
        if (!in_array($_POST['add_remove'], array('add', 'clear', 'deny')) || !in_array($permissionType, array('membergroup', 'board')))
            redirectexit('action=admin;area=permissions;pid=' . $_REQUEST['pid']);

        if ($_POST['add_remove'] == 'clear')
        {
            if ($permissionType == 'membergroup')
            {
                $smcFunc['db_query']('', '
                    DELETE FROM {db_prefix}permissions
                    WHERE id_group IN ({array_int:current_group_list})
                        AND permission = {string:current_permission}
                        ' . (empty($context['illegal_permissions']) ? '' : ' AND permission NOT IN ({array_string:illegal_permissions})'),
                    array(
                        'current_group_list' => $_POST['group'],
                        'current_permission' => $permission,
                        'illegal_permissions' => !empty($context['illegal_permissions']) ? $context['illegal_permissions'] : array(),
                    )
                );

                // Did these changes make anyone lose eligibility for the bbc_html permission?
                $bbc_html_groups = array_diff($_POST['group'], $context['permissions_excluded']['bbc_html']);
                if (!empty($bbc_html_groups))
                    removeIllegalBBCHtmlPermission(true);
            }
            else
                $smcFunc['db_query']('', '
                    DELETE FROM {db_prefix}board_permissions
                    WHERE id_group IN ({array_int:current_group_list})
                        AND id_profile = {int:current_profile}
                        AND permission = {string:current_permission}',
                    array(
                        'current_group_list' => $_POST['group'],
                        'current_profile' => $bid,
                        'current_permission' => $permission,
                    )
                );
        }
        // Add a permission (either 'set' or 'deny').
        else
        {
            $add_deny = $_POST['add_remove'] == 'add' ? '1' : '0';
            $permChange = array();
            foreach ($_POST['group'] as $groupID)
            {
                if (isset($context['permissions_excluded'][$permission]) && in_array($groupID, $context['permissions_excluded'][$permission]))
                    continue;

                if ($permissionType == 'membergroup' && $groupID != 1 && $groupID != 3 && (empty($context['illegal_permissions']) || !in_array($permission, $context['illegal_permissions'])))
                    $permChange[] = array($permission, $groupID, $add_deny);
                elseif ($permissionType != 'membergroup')
                    $permChange[] = array($permission, $groupID, $bid, $add_deny);
            }

            if (!empty($permChange))
            {
                if ($permissionType == 'membergroup')
                    $smcFunc['db_insert']('replace',
                        '{db_prefix}permissions',
                        array('permission' => 'string', 'id_group' => 'int', 'add_deny' => 'int'),
                        $permChange,
                        array('permission', 'id_group')
                    );
                // Board permissions go into the other table.
                else
                    $smcFunc['db_insert']('replace',
                        '{db_prefix}board_permissions',
                        array('permission' => 'string', 'id_group' => 'int', 'id_profile' => 'int', 'add_deny' => 'int'),
                        $permChange,
                        array('permission', 'id_group', 'id_profile')
                    );
            }
        }

        // Another child update!
        updateChildPermissions($_POST['group'], $_REQUEST['pid']);
    }

    updateBoardManagers();

    redirectexit('action=admin;area=permissions;pid=' . $_REQUEST['pid']);
}

/**
 * Initializes the necessary to modify a membergroup's permissions.
 */
function ModifyMembergroup()
{
    global $context, $txt, $smcFunc, $modSettings;

    if (!isset($_GET['group']))
        fatal_lang_error('no_access', false);

    $context['group']['id'] = (int) $_GET['group'];

    // It's not likely you'd end up here with this setting disabled.
    if ($_GET['group'] == 1)
        redirectexit('action=admin;area=permissions');

    loadAllPermissions();
    loadPermissionProfiles();
    $context['hidden_perms'] = array();

    if ($context['group']['id'] > 0)
    {
        $result = $smcFunc['db_query']('', '
            SELECT group_name, id_parent
            FROM {db_prefix}membergroups
            WHERE id_group = {int:current_group}
            LIMIT 1',
            array(
                'current_group' => $context['group']['id'],
            )
        );
        list ($context['group']['name'], $parent) = $smcFunc['db_fetch_row']($result);
        $smcFunc['db_free_result']($result);

        // Cannot edit an inherited group!
        if ($parent != -2)
            fatal_lang_error('cannot_edit_permissions_inherited');
    }
    elseif ($context['group']['id'] == -1)
        $context['group']['name'] = $txt['membergroups_guests'];
    else
        $context['group']['name'] = $txt['membergroups_members'];

    $context['profile']['id'] = empty($_GET['pid']) ? 0 : (int) $_GET['pid'];

    // If this is a moderator and they are editing "no profile" then we only do boards.
    if ($context['group']['id'] == 3 && empty($context['profile']['id']))
    {
        // For sanity just check they have no general permissions.
        $smcFunc['db_query']('', '
            DELETE FROM {db_prefix}permissions
            WHERE id_group = {int:moderator_group}',
            array(
                'moderator_group' => 3,
            )
        );

        $context['profile']['id'] = 1;
    }

    $context['permission_type'] = empty($context['profile']['id']) ? 'membergroup' : 'board';
    $context['profile']['can_modify'] = !$context['profile']['id'] || $context['profiles'][$context['profile']['id']]['can_modify'];

    // Set up things a little nicer for board related stuff...
    if ($context['permission_type'] == 'board')
    {
        $context['profile']['name'] = $context['profiles'][$context['profile']['id']]['name'];
        $context[$context['admin_menu_name']]['current_subsection'] = 'profiles';
    }

    // Fetch the current permissions.
    $permissions = array(
        'membergroup' => array('allowed' => array(), 'denied' => array()),
        'board' => array('allowed' => array(), 'denied' => array())
    );

    // General permissions?
    if ($context['permission_type'] == 'membergroup')
    {
        $result = $smcFunc['db_query']('', '
            SELECT permission, add_deny
            FROM {db_prefix}permissions
            WHERE id_group = {int:current_group}',
            array(
                'current_group' => $_GET['group'],
            )
        );
        while ($row = $smcFunc['db_fetch_assoc']($result))
            $permissions['membergroup'][empty($row['add_deny']) ? 'denied' : 'allowed'][] = $row['permission'];
        $smcFunc['db_free_result']($result);
    }

    // Fetch current board permissions...
    $result = $smcFunc['db_query']('', '
        SELECT permission, add_deny
        FROM {db_prefix}board_permissions
        WHERE id_group = {int:current_group}
            AND id_profile = {int:current_profile}',
        array(
            'current_group' => $context['group']['id'],
            'current_profile' => $context['permission_type'] == 'membergroup' ? 1 : $context['profile']['id'],
        )
    );
    while ($row = $smcFunc['db_fetch_assoc']($result))
        $permissions['board'][empty($row['add_deny']) ? 'denied' : 'allowed'][] = $row['permission'];
    $smcFunc['db_free_result']($result);

    // Loop through each permission and set whether it's checked.
    foreach ($context['permissions'] as $permissionType => $tmp)
    {
        foreach ($tmp['columns'] as $position => $permissionGroups)
        {
            foreach ($permissionGroups as $permissionGroup => $permissionArray)
            {
                foreach ($permissionArray['permissions'] as $perm)
                {
                    // Create a shortcut for the current permission.
                    $curPerm = &$context['permissions'][$permissionType]['columns'][$position][$permissionGroup]['permissions'][$perm['id']];

                    if ($perm['has_own_any'])
                    {
                        $curPerm['any']['select'] = in_array($perm['id'] . '_any', $permissions[$permissionType]['allowed']) ? 'on' : (in_array($perm['id'] . '_any', $permissions[$permissionType]['denied']) ? 'deny' : 'off');
                        $curPerm['own']['select'] = in_array($perm['id'] . '_own', $permissions[$permissionType]['allowed']) ? 'on' : (in_array($perm['id'] . '_own', $permissions[$permissionType]['denied']) ? 'deny' : 'off');
                    }
                    else
                        $curPerm['select'] = in_array($perm['id'], $permissions[$permissionType]['denied']) ? 'deny' : (in_array($perm['id'], $permissions[$permissionType]['allowed']) ? 'on' : 'off');

                    // Keep the last value if it's hidden.
                    if ($perm['hidden'] || $permissionArray['hidden'])
                    {
                        if ($perm['has_own_any'])
                        {
                            $context['hidden_perms'][] = array(
                                $permissionType,
                                $perm['own']['id'],
                                $curPerm['own']['select'] == 'deny' && !empty($modSettings['permission_enable_deny']) ? 'deny' : $curPerm['own']['select'],
                            );
                            $context['hidden_perms'][] = array(
                                $permissionType,
                                $perm['any']['id'],
                                $curPerm['any']['select'] == 'deny' && !empty($modSettings['permission_enable_deny']) ? 'deny' : $curPerm['any']['select'],
                            );
                        }
                        else
                            $context['hidden_perms'][] = array(
                                $permissionType,
                                $perm['id'],
                                $curPerm['select'] == 'deny' && !empty($modSettings['permission_enable_deny']) ? 'deny' : $curPerm['select'],
                            );
                    }
                }
            }
        }
    }
    $context['sub_template'] = 'modify_group';
    $context['page_title'] = $txt['permissions_modify_group'];

    createToken('admin-mp');
}

/**
 * This function actually saves modifications to a membergroup's board permissions.
 */
function ModifyMembergroup2()
{
    global $smcFunc, $context;

    checkSession();
    validateToken('admin-mp');

    loadIllegalPermissions();

    $_GET['group'] = (int) $_GET['group'];
    $_GET['pid'] = (int) $_GET['pid'];

    // Cannot modify predefined profiles.
    if ($_GET['pid'] > 1 && $_GET['pid'] < 5)
        fatal_lang_error('no_access', false);

    // Verify this isn't inherited.
    if ($_GET['group'] == -1 || $_GET['group'] == 0)
        $parent = -2;
    else
    {
        $result = $smcFunc['db_query']('', '
            SELECT id_parent
            FROM {db_prefix}membergroups
            WHERE id_group = {int:current_group}
            LIMIT 1',
            array(
                'current_group' => $_GET['group'],
            )
        );
        list ($parent) = $smcFunc['db_fetch_row']($result);
        $smcFunc['db_free_result']($result);
    }

    if ($parent != -2)
        fatal_lang_error('cannot_edit_permissions_inherited');

    $givePerms = array('membergroup' => array(), 'board' => array());

    // Guest group, we need illegal, guest permissions.
    if ($_GET['group'] == -1)
    {
        loadIllegalGuestPermissions();
        $context['illegal_permissions'] = array_merge($context['illegal_permissions'], $context['non_guest_permissions']);
    }

    // Prepare all permissions that were set or denied for addition to the DB.
    if (isset($_POST['perm']) && is_array($_POST['perm']))
    {
        foreach ($_POST['perm'] as $perm_type => $perm_array)
        {
            if (is_array($perm_array))
            {
                foreach ($perm_array as $permission => $value)
                    if ($value == 'on' || $value == 'deny')
                    {
                        // Don't allow people to escalate themselves!
                        if (!empty($context['illegal_permissions']) && in_array($permission, $context['illegal_permissions']))
                            continue;

                        $givePerms[$perm_type][] = array($_GET['group'], $permission, $value == 'deny' ? 0 : 1);
                    }
            }
        }
    }

    // Insert the general permissions.
    if ($_GET['group'] != 3 && empty($_GET['pid']))
    {
        $smcFunc['db_query']('', '
            DELETE FROM {db_prefix}permissions
            WHERE id_group = {int:current_group}
            ' . (empty($context['illegal_permissions']) ? '' : ' AND permission NOT IN ({array_string:illegal_permissions})'),
            array(
                'current_group' => $_GET['group'],
                'illegal_permissions' => !empty($context['illegal_permissions']) ? $context['illegal_permissions'] : array(),
            )
        );

        if (!empty($givePerms['membergroup']))
        {
            $smcFunc['db_insert']('replace',
                '{db_prefix}permissions',
                array('id_group' => 'int', 'permission' => 'string', 'add_deny' => 'int'),
                $givePerms['membergroup'],
                array('id_group', 'permission')
            );
        }
    }

    // Insert the boardpermissions.
    $profileid = max(1, $_GET['pid']);
    $smcFunc['db_query']('', '
        DELETE FROM {db_prefix}board_permissions
        WHERE id_group = {int:current_group}
            AND id_profile = {int:current_profile}',
        array(
            'current_group' => $_GET['group'],
            'current_profile' => $profileid,
        )
    );
    if (!empty($givePerms['board']))
    {
        foreach ($givePerms['board'] as $k => $v)
            $givePerms['board'][$k][] = $profileid;

        $smcFunc['db_insert']('replace',
            '{db_prefix}board_permissions',
            array('id_group' => 'int', 'permission' => 'string', 'add_deny' => 'int', 'id_profile' => 'int'),
            $givePerms['board'],
            array('id_group', 'permission', 'id_profile')
        );
    }

    // Update any inherited permissions as required.
    updateChildPermissions($_GET['group'], $_GET['pid']);

    removeIllegalBBCHtmlPermission();

    // Make sure $modSettings['board_manager_groups'] is up to date.
    if (!in_array('manage_boards', $context['illegal_permissions']))
        updateBoardManagers();

    // Clear cached privs.
    updateSettings(array('settings_updated' => time()));

    redirectexit('action=admin;area=permissions;pid=' . $_GET['pid']);
}

/**
 * A screen to set some general settings for permissions.
 *
 * @param bool $return_config Whether to return the $config_vars array (used for admin search)
 * @return void|array Returns nothing or returns the config_vars array if $return_config is true
 */
function GeneralPermissionSettings($return_config = false)
{
    global $context, $modSettings, $sourcedir, $txt, $scripturl, $smcFunc;

    // All the setting variables
    $config_vars = array(
        array('title', 'settings'),
        // Inline permissions.
        array('permissions', 'manage_permissions'),
        '',

        // A few useful settings
        array('check', 'permission_enable_deny', 0, $txt['permission_settings_enable_deny'], 'help' => 'permissions_deny'),
        array('check', 'permission_enable_postgroups', 0, $txt['permission_settings_enable_postgroups'], 'help' => 'permissions_postgroups'),
    );

    call_integration_hook('integrate_modify_permission_settings', array(&$config_vars));

    if ($return_config)
        return $config_vars;

    $context['page_title'] = $txt['permission_settings_title'];
    $context['sub_template'] = 'show_settings';

    // Needed for the inline permission functions, and the settings template.
    require_once($sourcedir . '/ManageServer.php');

    $context['post_url'] = $scripturl . '?action=admin;area=permissions;save;sa=settings';

    // Saving the settings?
    if (isset($_GET['save']))
    {
        checkSession();
        call_integration_hook('integrate_save_permission_settings');
        saveDBSettings($config_vars);

        // Clear all deny permissions...if we want that.
        if (empty($modSettings['permission_enable_deny']))
        {
            $smcFunc['db_query']('', '
                DELETE FROM {db_prefix}permissions
                WHERE add_deny = {int:denied}',
                array(
                    'denied' => 0,
                )
            );
            $smcFunc['db_query']('', '
                DELETE FROM {db_prefix}board_permissions
                WHERE add_deny = {int:denied}',
                array(
                    'denied' => 0,
                )
            );
        }

        // Make sure there are no postgroup based permissions left.
        if (empty($modSettings['permission_enable_postgroups']))
        {
            // Get a list of postgroups.
            $post_groups = array();
            $request = $smcFunc['db_query']('', '
                SELECT id_group
                FROM {db_prefix}membergroups
                WHERE min_posts != {int:min_posts}',
                array(
                    'min_posts' => -1,
                )
            );
            while ($row = $smcFunc['db_fetch_assoc']($request))
                $post_groups[] = $row['id_group'];
            $smcFunc['db_free_result']($request);

            // Remove'em.
            $smcFunc['db_query']('', '
                DELETE FROM {db_prefix}permissions
                WHERE id_group IN ({array_int:post_group_list})',
                array(
                    'post_group_list' => $post_groups,
                )
            );
            $smcFunc['db_query']('', '
                DELETE FROM {db_prefix}board_permissions
                WHERE id_group IN ({array_int:post_group_list})',
                array(
                    'post_group_list' => $post_groups,
                )
            );
            $smcFunc['db_query']('', '
                UPDATE {db_prefix}membergroups
                SET id_parent = {int:not_inherited}
                WHERE id_parent IN ({array_int:post_group_list})',
                array(
                    'post_group_list' => $post_groups,
                    'not_inherited' => -2,
                )
            );
        }

        $_SESSION['adm-save'] = true;
        redirectexit('action=admin;area=permissions;sa=settings');
    }

    // We need this for the in-line permissions
    createToken('admin-mp');

    prepareDBSettingContext($config_vars);
}

/**
 * Set the permission level for a specific profile, group, or group for a profile.
 *
 * @internal
 *
 * @param string $level The level ('restrict', 'standard', etc.)
 * @param int $group The group to set the permission for
 * @param string|int $profile The ID of the permissions profile or 'null' if we're setting it for a group
 */
function setPermissionLevel($level, $group, $profile = 'null')
{
    global $smcFunc, $context;

    loadIllegalPermissions();
    loadIllegalGuestPermissions();
    loadIllegalBBCHtmlGroups();

    // Levels by group... restrict, standard, moderator, maintenance.
    $groupLevels = array(
        'board' => array('inherit' => array()),
        'group' => array('inherit' => array())
    );
    // Levels by board... standard, publish, free.
    $boardLevels = array('inherit' => array());

    // Restrictive - ie. guests.
    $groupLevels['global']['restrict'] = array(
        'search_posts',
        'calendar_view',
        'view_stats',
        'who_view',
        'profile_identity_own',
    );
    $groupLevels['board']['restrict'] = array(
        'poll_view',
        'post_new',
        'post_reply_own',
        'post_reply_any',
        'delete_own',
        'modify_own',
        'report_any',
    );

    // Standard - ie. members.  They can do anything Restrictive can.
    $groupLevels['global']['standard'] = array_merge($groupLevels['global']['restrict'], array(
        'view_mlist',
        'likes_like',
        'mention',
        'pm_read',
        'pm_send',
        'profile_view',
        'profile_extra_own',
        'profile_signature_own',
        'profile_forum_own',
        'profile_website_own',
        'profile_password_own',
        'profile_server_avatar',
        'profile_displayed_name',
        'profile_upload_avatar',
        'profile_remote_avatar',
        'profile_remove_own',
        'report_user',
    ));
    $groupLevels['board']['standard'] = array_merge($groupLevels['board']['restrict'], array(
        'poll_vote',
        'poll_edit_own',
        'poll_post',
        'poll_add_own',
        'post_attachment',
        'lock_own',
        'remove_own',
        'view_attachments',
    ));

    // Moderator - ie. moderators :P.  They can do what standard can, and more.
    $groupLevels['global']['moderator'] = array_merge($groupLevels['global']['standard'], array(
        'calendar_post',
        'calendar_edit_own',
        'access_mod_center',
        'issue_warning',
    ));
    $groupLevels['board']['moderator'] = array_merge($groupLevels['board']['standard'], array(
        'make_sticky',
        'poll_edit_any',
        'delete_any',
        'modify_any',
        'lock_any',
        'remove_any',
        'move_any',
        'merge_any',
        'split_any',
        'poll_lock_any',
        'poll_remove_any',
        'poll_add_any',
        'approve_posts',
    ));

    // Maintenance - wannabe admins.  They can do almost everything.
    $groupLevels['global']['maintenance'] = array_merge($groupLevels['global']['moderator'], array(
        'manage_attachments',
        'manage_smileys',
        'manage_boards',
        'moderate_forum',
        'manage_membergroups',
        'manage_bans',
        'admin_forum',
        'bbc_html',
        'manage_permissions',
        'edit_news',
        'calendar_edit_any',
        'profile_identity_any',
        'profile_extra_any',
        'profile_signature_any',
        'profile_website_any',
        'profile_displayed_name_any',
        'profile_password_any',
        'profile_title_any',
    ));
    $groupLevels['board']['maintenance'] = array_merge($groupLevels['board']['moderator'], array(
    ));

    // Standard - nothing above the group permissions. (this SHOULD be empty.)
    $boardLevels['standard'] = array(
    );

    // Locked - just that, you can't post here.
    $boardLevels['locked'] = array(
        'poll_view',
        'report_any',
        'view_attachments',
    );

    // Publisher - just a little more...
    $boardLevels['publish'] = array_merge($boardLevels['locked'], array(
        'post_new',
        'post_reply_own',
        'post_reply_any',
        'delete_own',
        'modify_own',
        'delete_replies',
        'modify_replies',
        'poll_vote',
        'poll_edit_own',
        'poll_post',
        'poll_add_own',
        'poll_remove_own',
        'post_attachment',
        'lock_own',
        'remove_own',
    ));

    // Free for All - Scary.  Just scary.
    $boardLevels['free'] = array_merge($boardLevels['publish'], array(
        'poll_lock_any',
        'poll_edit_any',
        'poll_add_any',
        'poll_remove_any',
        'make_sticky',
        'lock_any',
        'remove_any',
        'delete_any',
        'split_any',
        'merge_any',
        'modify_any',
        'approve_posts',
    ));

    call_integration_hook('integrate_load_permission_levels', array(&$groupLevels, &$boardLevels));

    // Make sure we're not granting someone too many permissions!
    foreach ($groupLevels['global'][$level] as $k => $permission)
    {
        if (!empty($context['illegal_permissions']) && in_array($permission, $context['illegal_permissions']))
            unset($groupLevels['global'][$level][$k]);

        if (isset($context['permissions_excluded'][$permission]) && in_array($group, $context['permissions_excluded'][$permission]))
            unset($groupLevels['global'][$level][$k]);
    }
    foreach ($groupLevels['board'][$level] as $k => $permission)
        if (isset($context['permissions_excluded'][$permission]) && in_array($group, $context['permissions_excluded'][$permission]))
            unset($groupLevels['board'][$level][$k]);

    // Reset all cached permissions.
    updateSettings(array('settings_updated' => time()));

    // Setting group permissions.
    if ($profile === 'null' && $group !== 'null')
    {
        $group = (int) $group;

        if (empty($groupLevels['global'][$level]))
            return;

        $smcFunc['db_query']('', '
            DELETE FROM {db_prefix}permissions
            WHERE id_group = {int:current_group}
            ' . (empty($context['illegal_permissions']) ? '' : ' AND permission NOT IN ({array_string:illegal_permissions})'),
            array(
                'current_group' => $group,
                'illegal_permissions' => !empty($context['illegal_permissions']) ? $context['illegal_permissions'] : array(),
            )
        );
        $smcFunc['db_query']('', '
            DELETE FROM {db_prefix}board_permissions
            WHERE id_group = {int:current_group}
                AND id_profile = {int:default_profile}',
            array(
                'current_group' => $group,
                'default_profile' => 1,
            )
        );

        $groupInserts = array();
        foreach ($groupLevels['global'][$level] as $permission)
            $groupInserts[] = array($group, $permission);

        $smcFunc['db_insert']('insert',
            '{db_prefix}permissions',
            array('id_group' => 'int', 'permission' => 'string'),
            $groupInserts,
            array('id_group')
        );

        $boardInserts = array();
        foreach ($groupLevels['board'][$level] as $permission)
            $boardInserts[] = array(1, $group, $permission);

        $smcFunc['db_insert']('insert',
            '{db_prefix}board_permissions',
            array('id_profile' => 'int', 'id_group' => 'int', 'permission' => 'string'),
            $boardInserts,
            array('id_profile', 'id_group')
        );

        removeIllegalBBCHtmlPermission();
    }
    // Setting profile permissions for a specific group.
    elseif ($profile !== 'null' && $group !== 'null' && ($profile == 1 || $profile > 4))
    {
        $group = (int) $group;
        $profile = (int) $profile;

        if (!empty($groupLevels['global'][$level]))
        {
            $smcFunc['db_query']('', '
                DELETE FROM {db_prefix}board_permissions
                WHERE id_group = {int:current_group}
                    AND id_profile = {int:current_profile}',
                array(
                    'current_group' => $group,
                    'current_profile' => $profile,
                )
            );
        }

        if (!empty($groupLevels['board'][$level]))
        {
            $boardInserts = array();
            foreach ($groupLevels['board'][$level] as $permission)
                $boardInserts[] = array($profile, $group, $permission);

            $smcFunc['db_insert']('insert',
                '{db_prefix}board_permissions',
                array('id_profile' => 'int', 'id_group' => 'int', 'permission' => 'string'),
                $boardInserts,
                array('id_profile', 'id_group')
            );
        }
    }
    // Setting profile permissions for all groups.
    elseif ($profile !== 'null' && $group === 'null' && ($profile == 1 || $profile > 4))
    {
        $profile = (int) $profile;

        $smcFunc['db_query']('', '
            DELETE FROM {db_prefix}board_permissions
            WHERE id_profile = {int:current_profile}',
            array(
                'current_profile' => $profile,
            )
        );

        if (empty($boardLevels[$level]))
            return;

        // Get all the groups...
        $query = $smcFunc['db_query']('', '
            SELECT id_group
            FROM {db_prefix}membergroups
            WHERE id_group > {int:moderator_group}
            ORDER BY min_posts, CASE WHEN id_group < {int:newbie_group} THEN id_group ELSE 4 END, group_name',
            array(
                'moderator_group' => 3,
                'newbie_group' => 4,
            )
        );
        while ($row = $smcFunc['db_fetch_row']($query))
        {
            $group = $row[0];

            $boardInserts = array();
            foreach ($boardLevels[$level] as $permission)
                $boardInserts[] = array($profile, $group, $permission);

            $smcFunc['db_insert']('insert',
                '{db_prefix}board_permissions',
                array('id_profile' => 'int', 'id_group' => 'int', 'permission' => 'string'),
                $boardInserts,
                array('id_profile', 'id_group')
            );
        }
        $smcFunc['db_free_result']($query);

        // Add permissions for ungrouped members.
        $boardInserts = array();
        foreach ($boardLevels[$level] as $permission)
            $boardInserts[] = array($profile, 0, $permission);

        $smcFunc['db_insert']('insert',
            '{db_prefix}board_permissions',
            array('id_profile' => 'int', 'id_group' => 'int', 'permission' => 'string'),
            $boardInserts,
            array('id_profile', 'id_group')
        );
    }
    // $profile and $group are both null!
    else
        fatal_lang_error('no_access', false);

    // Make sure $modSettings['board_manager_groups'] is up to date.
    if (!in_array('manage_boards', $context['illegal_permissions']))
        updateBoardManagers();
}

/**
 * Load permissions into $context['permissions'].
 *
 * @internal
 */
function loadAllPermissions()
{
    global $context, $txt, $modSettings;

    // List of all the groups dependant on the currently selected view - for the order so it looks pretty, yea?
    // Note to Mod authors - you don't need to stick your permission group here if you don't mind SMF sticking it the last group of the page.
    $permissionGroups = array(
        'membergroup' => array(
            'general',
            'pm',
            'calendar',
            'maintenance',
            'member_admin',
            'profile',
            'likes',
            'mentions',
            'bbc',
        ),
        'board' => array(
            'general_board',
            'topic',
            'post',
            'poll',
            'notification',
            'attachment',
        ),
    );

    /*   The format of this list is as follows:
        'membergroup' => array(
            'permissions_inside' => array(has_multiple_options, view_group),
        ),
        'board' => array(
            'permissions_inside' => array(has_multiple_options, view_group),
        );
    */
    $permissionList = array(
        'membergroup' => array(
            'view_stats' => array(false, 'general'),
            'view_mlist' => array(false, 'general'),
            'who_view' => array(false, 'general'),
            'search_posts' => array(false, 'general'),
            'pm_read' => array(false, 'pm'),
            'pm_send' => array(false, 'pm'),
            'pm_draft' => array(false, 'pm'),
            'calendar_view' => array(false, 'calendar'),
            'calendar_post' => array(false, 'calendar'),
            'calendar_edit' => array(true, 'calendar'),
            'admin_forum' => array(false, 'maintenance'),
            'manage_boards' => array(false, 'maintenance'),
            'manage_attachments' => array(false, 'maintenance'),
            'manage_smileys' => array(false, 'maintenance'),
            'edit_news' => array(false, 'maintenance'),
            'access_mod_center' => array(false, 'maintenance'),
            'moderate_forum' => array(false, 'member_admin'),
            'manage_membergroups' => array(false, 'member_admin'),
            'manage_permissions' => array(false, 'member_admin'),
            'manage_bans' => array(false, 'member_admin'),
            'send_mail' => array(false, 'member_admin'),
            'issue_warning' => array(false, 'member_admin'),
            'profile_view' => array(false, 'profile'),
            'profile_forum' => array(true, 'profile'),
            'profile_extra' => array(true, 'profile'),
            'profile_signature' => array(true, 'profile'),
            'profile_website' => array(true, 'profile'),
            'profile_title' => array(true, 'profile'),
            'profile_blurb' => array(true, 'profile'),
            'profile_server_avatar' => array(false, 'profile'),
            'profile_upload_avatar' => array(false, 'profile'),
            'profile_remote_avatar' => array(false, 'profile'),
            'report_user' => array(false, 'profile'),
            'profile_identity' => array(true, 'profile_account'),
            'profile_displayed_name' => array(true, 'profile_account'),
            'profile_password' => array(true, 'profile_account'),
            'profile_remove' => array(true, 'profile_account'),
            'view_warning' => array(true, 'profile_account'),
            'likes_like' => array(false, 'likes'),
            'mention' => array(false, 'mentions'),
        ),
        'board' => array(
            'moderate_board' => array(false, 'general_board'),
            'approve_posts' => array(false, 'general_board'),
            'post_new' => array(false, 'topic'),
            'post_unapproved_topics' => array(false, 'topic'),
            'post_unapproved_replies' => array(true, 'topic'),
            'post_reply' => array(true, 'topic'),
            'post_draft' => array(false, 'topic'),
            'merge_any' => array(false, 'topic'),
            'split_any' => array(false, 'topic'),
            'make_sticky' => array(false, 'topic'),
            'move' => array(true, 'topic', 'moderate'),
            'lock' => array(true, 'topic', 'moderate'),
            'remove' => array(true, 'topic', 'modify'),
            'modify_replies' => array(false, 'topic'),
            'delete_replies' => array(false, 'topic'),
            'announce_topic' => array(false, 'topic'),
            'delete' => array(true, 'post'),
            'modify' => array(true, 'post'),
            'report_any' => array(false, 'post'),
            'poll_view' => array(false, 'poll'),
            'poll_vote' => array(false, 'poll'),
            'poll_post' => array(false, 'poll'),
            'poll_add' => array(true, 'poll'),
            'poll_edit' => array(true, 'poll'),
            'poll_lock' => array(true, 'poll'),
            'poll_remove' => array(true, 'poll'),
            'view_attachments' => array(false, 'attachment'),
            'post_unapproved_attachments' => array(false, 'attachment'),
            'post_attachment' => array(false, 'attachment'),
        ),
    );

    // In case a mod screwed things up...
    if (!in_array('html', $context['restricted_bbc']))
        $context['restricted_bbc'][] = 'html';

    // Add the permissions for the restricted BBCodes
    foreach ($context['restricted_bbc'] as $bbc)
    {
        $permissionList['membergroup']['bbc_' . $bbc] = array(false, 'bbc');
        $txt['permissionname_bbc_' . $bbc] = sprintf($txt['permissionname_bbc'], $bbc);
    }

    // All permission groups that will be shown in the left column on classic view.
    $leftPermissionGroups = array(
        'general',
        'calendar',
        'maintenance',
        'member_admin',
        'topic',
        'post',
    );

    // We need to know what permissions we can't give to guests.
    loadIllegalGuestPermissions();

    // We also need to know which groups can't be given the bbc_html permission.
    loadIllegalBBCHtmlGroups();

    // Some permissions are hidden if features are off.
    $hiddenPermissions = array();
    $relabelPermissions = array(); // Permissions to apply a different label to.
    if (empty($modSettings['cal_enabled']))
    {
        $hiddenPermissions[] = 'calendar_view';
        $hiddenPermissions[] = 'calendar_post';
        $hiddenPermissions[] = 'calendar_edit';
    }
    if ($modSettings['warning_settings'][0] == 0)
    {
        $hiddenPermissions[] = 'issue_warning';
        $hiddenPermissions[] = 'view_warning';
    }

    // Post moderation?
    if (!$modSettings['postmod_active'])
    {
        $hiddenPermissions[] = 'approve_posts';
        $hiddenPermissions[] = 'post_unapproved_topics';
        $hiddenPermissions[] = 'post_unapproved_replies';
        $hiddenPermissions[] = 'post_unapproved_attachments';
    }
    // If post moderation is enabled, these are named differently...
    else
    {
        // Relabel the topics permissions
        $relabelPermissions['post_new'] = 'auto_approve_topics';

        // Relabel the reply permissions
        $relabelPermissions['post_reply'] = 'auto_approve_replies';

        // Relabel the attachment permissions
        $relabelPermissions['post_attachment'] = 'auto_approve_attachments';
    }

    // Are attachments enabled?
    if (empty($modSettings['attachmentEnable']))
    {
        $hiddenPermissions[] = 'manage_attachments';
        $hiddenPermissions[] = 'view_attachments';
        $hiddenPermissions[] = 'post_unapproved_attachments';
        $hiddenPermissions[] = 'post_attachment';
    }

    // Hide Likes/Mentions permissions...
    if (empty($modSettings['enable_likes']))
    {
        $hiddenPermissions[] = 'likes_like';
    }
    if (empty($modSettings['enable_mentions']))
    {
        $hiddenPermissions[] = 'mention';
    }

    // Provide a practical way to modify permissions.
    call_integration_hook('integrate_load_permissions', array(&$permissionGroups, &$permissionList, &$leftPermissionGroups, &$hiddenPermissions, &$relabelPermissions));

    $permissionList['membergroup']['bbc_cowsay'] = array(false, 'bbc');
    $hiddenPermissions[] = 'bbc_cowsay';
    $txt['permissionname_bbc_cowsay'] = sprintf($txt['permissionname_bbc'], 'cowsay');

    $context['permissions'] = array();
    $context['hidden_permissions'] = array();
    foreach ($permissionList as $permissionType => $permissionList)
    {
        $context['permissions'][$permissionType] = array(
            'id' => $permissionType,
            'columns' => array()
        );
        foreach ($permissionList as $permission => $permissionArray)
        {
            // If this permission shouldn't be given to certain groups (e.g. guests), don't.
            if (isset($context['group']['id']) && isset($context['permissions_excluded'][$permission]) && in_array($context['group']['id'], $context['permissions_excluded'][$permission]))
                continue;

            // What groups will this permission be in?
            $own_group = $permissionArray[1];

            // First, Do these groups actually exist - if not add them.
            if (!isset($permissionGroups[$permissionType][$own_group]))
                $permissionGroups[$permissionType][$own_group] = true;

            // What column should this be located into?
            $position = !in_array($own_group, $leftPermissionGroups) ? 1 : 0;

            // If the groups have not yet been created be sure to create them.
            $bothGroups = array('own' => $own_group);

            foreach ($bothGroups as $group)
                if (!isset($context['permissions'][$permissionType]['columns'][$position][$group]))
                    $context['permissions'][$permissionType]['columns'][$position][$group] = array(
                        'type' => $permissionType,
                        'id' => $group,
                        'name' => $txt['permissiongroup_' . $group],
                        'icon' => isset($txt['permissionicon_' . $group]) ? $txt['permissionicon_' . $group] : $txt['permissionicon'],
                        'help' => isset($txt['permissionhelp_' . $group]) ? $txt['permissionhelp_' . $group] : '',
                        'hidden' => false,
                        'permissions' => array()
                    );

            $context['permissions'][$permissionType]['columns'][$position][$own_group]['permissions'][$permission] = array(
                'id' => $permission,
                'name' => !isset($relabelPermissions[$permission]) ? $txt['permissionname_' . $permission] : $txt[$relabelPermissions[$permission]],
                'show_help' => isset($txt['permissionhelp_' . $permission]),
                'note' => isset($txt['permissionnote_' . $permission]) ? $txt['permissionnote_' . $permission] : '',
                'has_own_any' => $permissionArray[0],
                'own' => array(
                    'id' => $permission . '_own',
                    'name' => $permissionArray[0] ? $txt['permissionname_' . $permission . '_own'] : ''
                ),
                'any' => array(
                    'id' => $permission . '_any',
                    'name' => $permissionArray[0] ? $txt['permissionname_' . $permission . '_any'] : ''
                ),
                'hidden' => in_array($permission, $hiddenPermissions),
            );

            if (in_array($permission, $hiddenPermissions))
            {
                if ($permissionArray[0])
                {
                    $context['hidden_permissions'][] = $permission . '_own';
                    $context['hidden_permissions'][] = $permission . '_any';
                }
                else
                    $context['hidden_permissions'][] = $permission;
            }
        }
        ksort($context['permissions'][$permissionType]['columns']);

        // Check we don't leave any empty groups - and mark hidden ones as such.
        foreach ($context['permissions'][$permissionType]['columns'] as $column => $groups)
            foreach ($groups as $id => $group)
            {
                if (empty($group['permissions']))
                    unset($context['permissions'][$permissionType]['columns'][$column][$id]);
                else
                {
                    $foundNonHidden = false;
                    foreach ($group['permissions'] as $permission)
                        if (empty($permission['hidden']))
                            $foundNonHidden = true;
                    if (!$foundNonHidden)
                        $context['permissions'][$permissionType]['columns'][$column][$id]['hidden'] = true;
                }
            }
    }
}

/**
 * Initialize a form with inline permissions settings.
 * It loads a context variable for each permission.
 * This function is used by several settings screens to set specific permissions.
 *
 * To exclude groups from the form for a given permission, add the group IDs as
 * an array to $context['excluded_permissions'][$permission]. For backwards
 * compatibility, it is also possible to pass group IDs in via the
 * $excluded_groups parameter, which will exclude the groups from the forms for
 * all of the permissions passed in via $permissions.
 *
 * @internal
 *
 * @param array $permissions The permissions to display inline
 * @param array $excluded_groups The IDs of one or more groups to exclude
 *
 * @uses ManagePermissions language
 * @uses ManagePermissions template.
 */
function init_inline_permissions($permissions, $excluded_groups = array())
{
    global $context, $txt, $modSettings, $smcFunc;

    loadLanguage('ManagePermissions');
    loadTemplate('ManagePermissions');
    $context['can_change_permissions'] = allowedTo('manage_permissions');

    // Nothing to initialize here.
    if (!$context['can_change_permissions'])
        return;

    // Load the permission settings for guests
    foreach ($permissions as $permission)
        $context[$permission] = array(
            -1 => array(
                'id' => -1,
                'name' => $txt['membergroups_guests'],
                'is_postgroup' => false,
                'status' => 'off',
            ),
            0 => array(
                'id' => 0,
                'name' => $txt['membergroups_members'],
                'is_postgroup' => false,
                'status' => 'off',
            ),
        );

    $request = $smcFunc['db_query']('', '
        SELECT id_group, CASE WHEN add_deny = {int:denied} THEN {string:deny} ELSE {string:on} END AS status, permission
        FROM {db_prefix}permissions
        WHERE id_group IN (-1, 0)
            AND permission IN ({array_string:permissions})',
        array(
            'denied' => 0,
            'permissions' => $permissions,
            'deny' => 'deny',
            'on' => 'on',
        )
    );
    while ($row = $smcFunc['db_fetch_assoc']($request))
        $context[$row['permission']][$row['id_group']]['status'] = $row['status'];
    $smcFunc['db_free_result']($request);

    $request = $smcFunc['db_query']('', '
        SELECT mg.id_group, mg.group_name, mg.min_posts, COALESCE(p.add_deny, -1) AS status, p.permission
        FROM {db_prefix}membergroups AS mg
            LEFT JOIN {db_prefix}permissions AS p ON (p.id_group = mg.id_group AND p.permission IN ({array_string:permissions}))
        WHERE mg.id_group NOT IN (1, 3)
            AND mg.id_parent = {int:not_inherited}' . (empty($modSettings['permission_enable_postgroups']) ? '
            AND mg.min_posts = {int:min_posts}' : '') . '
        ORDER BY mg.min_posts, CASE WHEN mg.id_group < {int:newbie_group} THEN mg.id_group ELSE 4 END, mg.group_name',
        array(
            'not_inherited' => -2,
            'min_posts' => -1,
            'newbie_group' => 4,
            'permissions' => $permissions,
        )
    );
    while ($row = $smcFunc['db_fetch_assoc']($request))
    {
        // Initialize each permission as being 'off' until proven otherwise.
        foreach ($permissions as $permission)
            if (!isset($context[$permission][$row['id_group']]))
                $context[$permission][$row['id_group']] = array(
                    'id' => $row['id_group'],
                    'name' => $row['group_name'],
                    'is_postgroup' => $row['min_posts'] != -1,
                    'status' => 'off',
                );

        $context[$row['permission']][$row['id_group']]['status'] = empty($row['status']) ? 'deny' : ($row['status'] == 1 ? 'on' : 'off');
    }
    $smcFunc['db_free_result']($request);

    // Make sure we honor the "illegal guest permissions"
    loadIllegalGuestPermissions();

    // Only special people can have this permission
    if (in_array('bbc_html', $permissions))
        loadIllegalBBCHtmlGroups();

    // Are any of these permissions that guests can't have?
    $non_guest_perms = array_intersect(str_replace(array('_any', '_own'), '', $permissions), $context['non_guest_permissions']);
    foreach ($non_guest_perms as $permission)
    {
        if (!isset($context['permissions_excluded'][$permission]) || !in_array(-1, $context['permissions_excluded'][$permission]))
            $context['permissions_excluded'][$permission][] = -1;
    }

    // Any explicitly excluded groups for this call?
    if (!empty($excluded_groups))
    {
        // Make sure this is an array of integers
        $excluded_groups = array_filter((array) $excluded_groups, function ($v)
            {
                return is_int($v) || is_string($v) && (string) intval($v) === $v;
            });

        foreach ($permissions as $permission)
            $context['permissions_excluded'][$permission] = array_unique(array_merge($context['permissions_excluded'][$permission], $excluded_groups));
    }

    // Some permissions cannot be given to certain groups. Remove the groups.
    foreach ($permissions as $permission)
    {
        if (!isset($context['permissions_excluded'][$permission]))
            continue;

        foreach ($context['permissions_excluded'][$permission] as $group)
        {
            if (isset($context[$permission][$group]))
                unset($context[$permission][$group]);
        }

        // There's no point showing a form with nobody in it
        if (empty($context[$permission]))
            unset($context['config_vars'][$permission], $context[$permission]);
    }

    // Create the token for the separate inline permission verification.
    createToken('admin-mp');
}

/**
 * Show a collapsible box to set a specific permission.
 * The function is called by templates to show a list of permissions settings.
 * Calls the template function template_inline_permissions().
 *
 * @param string $permission The permission to display inline
 */
function theme_inline_permissions($permission)
{
    global $context;

    $context['current_permission'] = $permission;
    $context['member_groups'] = $context[$permission];

    template_inline_permissions();
}

/**
 * Save the permissions of a form containing inline permissions.
 *
 * @internal
 *
 * @param array $permissions The permissions to save
 */
function save_inline_permissions($permissions)
{
    global $context, $smcFunc;

    // No permissions? Not a great deal to do here.
    if (!allowedTo('manage_permissions'))
        return;

    // Almighty session check, verify our ways.
    checkSession();
    validateToken('admin-mp');

    // Check they can't do certain things.
    loadIllegalPermissions();
    if (in_array('bbc_html', $permissions))
        loadIllegalBBCHtmlGroups();

    $insertRows = array();
    foreach ($permissions as $permission)
    {
        if (!isset($_POST[$permission]))
            continue;

        foreach ($_POST[$permission] as $id_group => $value)
        {
            if ($value == 'on' && !empty($context['excluded_permissions'][$permission]) && in_array($id_group, $context['excluded_permissions'][$permission]))
                continue;

            if (in_array($value, array('on', 'deny')) && (empty($context['illegal_permissions']) || !in_array($permission, $context['illegal_permissions'])))
                $insertRows[] = array((int) $id_group, $permission, $value == 'on' ? 1 : 0);
        }
    }

    // Remove the old permissions...
    $smcFunc['db_query']('', '
        DELETE FROM {db_prefix}permissions
        WHERE permission IN ({array_string:permissions})
            ' . (empty($context['illegal_permissions']) ? '' : ' AND permission NOT IN ({array_string:illegal_permissions})'),
        array(
            'illegal_permissions' => !empty($context['illegal_permissions']) ? $context['illegal_permissions'] : array(),
            'permissions' => $permissions,
        )
    );

    // ...and replace them with new ones.
    if (!empty($insertRows))
        $smcFunc['db_insert']('insert',
            '{db_prefix}permissions',
            array('id_group' => 'int', 'permission' => 'string', 'add_deny' => 'int'),
            $insertRows,
            array('id_group', 'permission')
        );

    // Do a full child update.
    updateChildPermissions(array(), -1);

    // Make sure $modSettings['board_manager_groups'] is up to date.
    if (!in_array('manage_boards', $context['illegal_permissions']))
        updateBoardManagers();

    updateSettings(array('settings_updated' => time()));
}

/**
 * Load permissions profiles.
 */
function loadPermissionProfiles()
{
    global $context, $txt, $smcFunc;

    $request = $smcFunc['db_query']('', '
        SELECT id_profile, profile_name
        FROM {db_prefix}permission_profiles
        ORDER BY id_profile',
        array(
        )
    );
    $context['profiles'] = array();
    while ($row = $smcFunc['db_fetch_assoc']($request))
    {
        // Format the label nicely.
        if (isset($txt['permissions_profile_' . $row['profile_name']]))
            $name = $txt['permissions_profile_' . $row['profile_name']];
        else
            $name = $row['profile_name'];

        $context['profiles'][$row['id_profile']] = array(
            'id' => $row['id_profile'],
            'name' => $name,
            'can_modify' => $row['id_profile'] == 1 || $row['id_profile'] > 4,
            'unformatted_name' => $row['profile_name'],
        );
    }
    $smcFunc['db_free_result']($request);
}

/**
 * Add/Edit/Delete profiles.
 */
function EditPermissionProfiles()
{
    global $context, $txt, $smcFunc;

    // Setup the template, first for fun.
    $context['page_title'] = $txt['permissions_profile_edit'];
    $context['sub_template'] = 'edit_profiles';

    // If we're creating a new one do it first.
    if (isset($_POST['create']) && trim($_POST['profile_name']) != '')
    {
        checkSession();
        validateToken('admin-mpp');

        $_POST['copy_from'] = (int) $_POST['copy_from'];
        $_POST['profile_name'] = $smcFunc['htmlspecialchars']($_POST['profile_name']);

        // Insert the profile itself.
        $profile_id = $smcFunc['db_insert']('',
            '{db_prefix}permission_profiles',
            array(
                'profile_name' => 'string',
            ),
            array(
                $_POST['profile_name'],
            ),
            array('id_profile'),
            1
        );

        // Load the permissions from the one it's being copied from.
        $request = $smcFunc['db_query']('', '
            SELECT id_group, permission, add_deny
            FROM {db_prefix}board_permissions
            WHERE id_profile = {int:copy_from}',
            array(
                'copy_from' => $_POST['copy_from'],
            )
        );
        $inserts = array();
        while ($row = $smcFunc['db_fetch_assoc']($request))
            $inserts[] = array($profile_id, $row['id_group'], $row['permission'], $row['add_deny']);
        $smcFunc['db_free_result']($request);

        if (!empty($inserts))
            $smcFunc['db_insert']('insert',
                '{db_prefix}board_permissions',
                array('id_profile' => 'int', 'id_group' => 'int', 'permission' => 'string', 'add_deny' => 'int'),
                $inserts,
                array('id_profile', 'id_group', 'permission')
            );
    }
    // Renaming?
    elseif (isset($_POST['rename']))
    {
        checkSession();
        validateToken('admin-mpp');

        // Just showing the boxes?
        if (!isset($_POST['rename_profile']))
            $context['show_rename_boxes'] = true;
        else
        {
            foreach ($_POST['rename_profile'] as $id => $value)
            {
                $value = $smcFunc['htmlspecialchars']($value);

                if (trim($value) != '' && $id > 4)
                    $smcFunc['db_query']('', '
                        UPDATE {db_prefix}permission_profiles
                        SET profile_name = {string:profile_name}
                        WHERE id_profile = {int:current_profile}',
                        array(
                            'current_profile' => (int) $id,
                            'profile_name' => $value,
                        )
                    );
            }
        }
    }
    // Deleting?
    elseif (isset($_POST['delete']) && !empty($_POST['delete_profile']))
    {
        checkSession();
        validateToken('admin-mpp');

        $profiles = array();
        foreach ($_POST['delete_profile'] as $profile)
            if ($profile > 4)
                $profiles[] = (int) $profile;

        // Verify it's not in use...
        $request = $smcFunc['db_query']('', '
            SELECT id_board
            FROM {db_prefix}boards
            WHERE id_profile IN ({array_int:profile_list})
            LIMIT 1',
            array(
                'profile_list' => $profiles,
            )
        );
        if ($smcFunc['db_num_rows']($request) != 0)
            fatal_lang_error('no_access', false);
        $smcFunc['db_free_result']($request);

        // Oh well, delete.
        $smcFunc['db_query']('', '
            DELETE FROM {db_prefix}permission_profiles
            WHERE id_profile IN ({array_int:profile_list})',
            array(
                'profile_list' => $profiles,
            )
        );
    }

    // Clearly, we'll need this!
    loadPermissionProfiles();

    // Work out what ones are in use.
    $request = $smcFunc['db_query']('', '
        SELECT id_profile, COUNT(id_board) AS board_count
        FROM {db_prefix}boards
        GROUP BY id_profile',
        array(
        )
    );
    while ($row = $smcFunc['db_fetch_assoc']($request))
        if (isset($context['profiles'][$row['id_profile']]))
        {
            $context['profiles'][$row['id_profile']]['in_use'] = true;
            $context['profiles'][$row['id_profile']]['boards'] = $row['board_count'];
            $context['profiles'][$row['id_profile']]['boards_text'] = $row['board_count'] > 1 ? sprintf($txt['permissions_profile_used_by_many'], $row['board_count']) : $txt['permissions_profile_used_by_' . ($row['board_count'] ? 'one' : 'none')];
        }
    $smcFunc['db_free_result']($request);

    // What can we do with these?
    $context['can_edit_something'] = false;
    foreach ($context['profiles'] as $id => $profile)
    {
        // Can't delete special ones.
        $context['profiles'][$id]['can_edit'] = isset($txt['permissions_profile_' . $profile['unformatted_name']]) ? false : true;
        if ($context['profiles'][$id]['can_edit'])
            $context['can_edit_something'] = true;

        // You can only delete it if you can edit it AND it's not in use.
        $context['profiles'][$id]['can_delete'] = $context['profiles'][$id]['can_edit'] && empty($profile['in_use']) ? true : false;
    }

    createToken('admin-mpp');
}

/**
 * This function updates the permissions of any groups based off this group.
 *
 * @param null|array $parents The parent groups
 * @param null|int $profile the ID of a permissions profile to update
 * @return void|false Returns nothing if successful or false if there are no child groups to update
 */
function updateChildPermissions($parents, $profile = null)
{
    global $smcFunc;

    // All the parent groups to sort out.
    if (!is_array($parents))
        $parents = array($parents);

    // Find all the children of this group.
    $request = $smcFunc['db_query']('', '
        SELECT id_parent, id_group
        FROM {db_prefix}membergroups
        WHERE id_parent != {int:not_inherited}
            ' . (empty($parents) ? '' : 'AND id_parent IN ({array_int:parent_list})'),
        array(
            'parent_list' => $parents,
            'not_inherited' => -2,
        )
    );
    $children = array();
    $parents = array();
    $child_groups = array();
    while ($row = $smcFunc['db_fetch_assoc']($request))
    {
        $children[$row['id_parent']][] = $row['id_group'];
        $child_groups[] = $row['id_group'];
        $parents[] = $row['id_parent'];
    }
    $smcFunc['db_free_result']($request);

    $parents = array_unique($parents);

    // Not a sausage, or a child?
    if (empty($children))
        return false;

    // First off, are we doing general permissions?
    if ($profile < 1 || $profile === null)
    {
        // Fetch all the parent permissions.
        $request = $smcFunc['db_query']('', '
            SELECT id_group, permission, add_deny
            FROM {db_prefix}permissions
            WHERE id_group IN ({array_int:parent_list})',
            array(
                'parent_list' => $parents,
            )
        );
        $permissions = array();
        while ($row = $smcFunc['db_fetch_assoc']($request))
            foreach ($children[$row['id_group']] as $child)
                $permissions[] = array($child, $row['permission'], $row['add_deny']);
        $smcFunc['db_free_result']($request);

        $smcFunc['db_query']('', '
            DELETE FROM {db_prefix}permissions
            WHERE id_group IN ({array_int:child_groups})',
            array(
                'child_groups' => $child_groups,
            )
        );

        // Finally insert.
        if (!empty($permissions))
        {
            $smcFunc['db_insert']('insert',
                '{db_prefix}permissions',
                array('id_group' => 'int', 'permission' => 'string', 'add_deny' => 'int'),
                $permissions,
                array('id_group', 'permission')
            );
        }
    }

    // Then, what about board profiles?
    if ($profile != -1)
    {
        $profileQuery = $profile === null ? '' : ' AND id_profile = {int:current_profile}';

        // Again, get all the parent permissions.
        $request = $smcFunc['db_query']('', '
            SELECT id_profile, id_group, permission, add_deny
            FROM {db_prefix}board_permissions
            WHERE id_group IN ({array_int:parent_groups})
                ' . $profileQuery,
            array(
                'parent_groups' => $parents,
                'current_profile' => $profile !== null && $profile ? $profile : 1,
            )
        );
        $permissions = array();
        while ($row = $smcFunc['db_fetch_assoc']($request))
            foreach ($children[$row['id_group']] as $child)
                $permissions[] = array($child, $row['id_profile'], $row['permission'], $row['add_deny']);
        $smcFunc['db_free_result']($request);

        $smcFunc['db_query']('', '
            DELETE FROM {db_prefix}board_permissions
            WHERE id_group IN ({array_int:child_groups})
                ' . $profileQuery,
            array(
                'child_groups' => $child_groups,
                'current_profile' => $profile !== null && $profile ? $profile : 1,
            )
        );

        // Do the insert.
        if (!empty($permissions))
        {
            $smcFunc['db_insert']('insert',
                '{db_prefix}board_permissions',
                array('id_group' => 'int', 'id_profile' => 'int', 'permission' => 'string', 'add_deny' => 'int'),
                $permissions,
                array('id_group', 'id_profile', 'permission')
            );
        }
    }
}

/**
 * Load permissions someone cannot grant.
 */
function loadIllegalPermissions()
{
    global $context;

    $context['illegal_permissions'] = array();
    if (!allowedTo('admin_forum'))
    {
        $context['illegal_permissions'][] = 'admin_forum';
        $context['illegal_permissions'][] = 'bbc_html';
    }
    if (!allowedTo('manage_membergroups'))
        $context['illegal_permissions'][] = 'manage_membergroups';
    if (!allowedTo('manage_permissions'))
        $context['illegal_permissions'][] = 'manage_permissions';

    call_integration_hook('integrate_load_illegal_permissions');
}

/**
 * Loads the permissions that can not be given to guests.
 * Stores the permissions in $context['non_guest_permissions'].
 * Also populates $context['permissions_excluded'] with the info.
 */
function loadIllegalGuestPermissions()
{
    global $context;

    $context['non_guest_permissions'] = array(
        'access_mod_center',
        'admin_forum',
        'announce_topic',
        'approve_posts',
        'bbc_html',
        'calendar_edit',
        'delete',
        'delete_replies',
        'edit_news',
        'issue_warning',
        'likes_like',
        'lock',
        'make_sticky',
        'manage_attachments',
        'manage_bans',
        'manage_boards',
        'manage_membergroups',
        'manage_permissions',
        'manage_smileys',
        'merge_any',
        'moderate_board',
        'moderate_forum',
        'modify',
        'modify_replies',
        'move',
        'pm_autosave_draft',
        'pm_draft',
        'pm_read',
        'pm_send',
        'poll_add',
        'poll_edit',
        'poll_lock',
        'poll_remove',
        'post_autosave_draft',
        'post_draft',
        'profile_blurb',
        'profile_displayed_name',
        'profile_extra',
        'profile_forum',
        'profile_identity',
        'profile_website',
        'profile_password',
        'profile_remove',
        'profile_remote_avatar',
        'profile_server_avatar',
        'profile_signature',
        'profile_title',
        'profile_upload_avatar',
        'profile_warning',
        'remove',
        'report_any',
        'report_user',
        'send_mail',
        'split_any',
    );

    call_integration_hook('integrate_load_illegal_guest_permissions');

    // Also add this info to $context['permissions_excluded'] to make life easier for everyone
    foreach ($context['non_guest_permissions'] as $permission)
    {
        if (empty($context['permissions_excluded'][$permission]) || !in_array($permission, $context['permissions_excluded'][$permission]))
            $context['permissions_excluded'][$permission][] = -1;
    }
}

/**
 * Loads a list of membergroups who cannot be granted the bbc_html permission.
 * Stores the groups in $context['permissions_excluded']['bbc_html'].
 */
function loadIllegalBBCHtmlGroups()
{
    global $context, $smcFunc;

    $context['permissions_excluded']['bbc_html'] = array(-1, 0);

    $request = $smcFunc['db_query']('', '
        SELECT id_group
        FROM {db_prefix}membergroups
        WHERE id_group != 1 AND id_group NOT IN (
            SELECT DISTINCT id_group
            FROM {db_prefix}permissions
            WHERE permission IN ({array_string:permissions})
                AND add_deny = {int:add}
        )',
        array(
            'permissions' => array('admin_forum', 'manage_membergroups', 'manage_permissions'),
            'add' => 1,
        )
    );
    while ($row = $smcFunc['db_fetch_assoc']($request))
        $context['permissions_excluded']['bbc_html'][] = $row['id_group'];
    $smcFunc['db_free_result']($request);

    $context['permissions_excluded']['bbc_html'] = array_unique($context['permissions_excluded']['bbc_html']);
}

/**
 * Removes the bbc_html permission from anyone who shouldn't have it
 *
 * @param bool $reload Before acting, refresh the list of membergroups who cannot be granted the bbc_html permission
 */
function removeIllegalBBCHtmlPermission($reload = false)
{
    global $context, $smcFunc;

    if (empty($context['permissions_excluded']['bbc_html']) || $reload)
        loadIllegalBBCHtmlGroups();

    $smcFunc['db_query']('', '
        DELETE FROM {db_prefix}permissions
        WHERE id_group IN ({array_int:current_group_list})
            AND permission = {string:current_permission}
            AND add_deny = {int:add}',
        array(
            'current_group_list' => $context['permissions_excluded']['bbc_html'],
            'current_permission' => 'bbc_html',
            'add' => 1,
        )
    );
}

/**
 * Makes sure $modSettings['board_manager_groups'] is up to date.
 */
function updateBoardManagers()
{
    global $sourcedir;

    require_once($sourcedir . '/Subs-Members.php');
    $board_managers = groupsAllowedTo('manage_boards', null);
    $board_managers = implode(',', $board_managers['allowed']);

    updateSettings(array('board_manager_groups' => $board_managers), true);
}

/**
 * Present a nice way of applying post moderation.
 */
function ModifyPostModeration()
{
    global $context, $txt, $smcFunc, $modSettings, $sourcedir;

    // Just in case.
    checkSession('get');

    $context['page_title'] = $txt['permissions_post_moderation'];
    $context['sub_template'] = 'postmod_permissions';
    $context['current_profile'] = isset($_REQUEST['pid']) ? (int) $_REQUEST['pid'] : 1;

    // Load all the permission profiles.
    loadPermissionProfiles();

    // Mappings, our key => array(can_do_moderated, can_do_all)
    $mappings = array(
        'new_topic' => array('post_new', 'post_unapproved_topics'),
        'replies_own' => array('post_reply_own', 'post_unapproved_replies_own'),
        'replies_any' => array('post_reply_any', 'post_unapproved_replies_any'),
        'attachment' => array('post_attachment', 'post_unapproved_attachments'),
    );

    call_integration_hook('integrate_post_moderation_mapping', array(&$mappings));

    // Start this with the guests/members.
    $context['profile_groups'] = array(
        -1 => array(
            'id' => -1,
            'name' => $txt['membergroups_guests'],
            'color' => '',
            'new_topic' => 'disallow',
            'replies_own' => 'disallow',
            'replies_any' => 'disallow',
            'attachment' => 'disallow',
            'children' => array(),
        ),
        0 => array(
            'id' => 0,
            'name' => $txt['membergroups_members'],
            'color' => '',
            'new_topic' => 'disallow',
            'replies_own' => 'disallow',
            'replies_any' => 'disallow',
            'attachment' => 'disallow',
            'children' => array(),
        ),
    );

    // Load the groups.
    $request = $smcFunc['db_query']('', '
        SELECT id_group, group_name, online_color, id_parent
        FROM {db_prefix}membergroups
        WHERE id_group != {int:admin_group}
            ' . (empty($modSettings['permission_enable_postgroups']) ? ' AND min_posts = {int:min_posts}' : '') . '
        ORDER BY id_parent ASC',
        array(
            'admin_group' => 1,
            'min_posts' => -1,
        )
    );
    while ($row = $smcFunc['db_fetch_assoc']($request))
    {
        if ($row['id_parent'] == -2)
        {
            $context['profile_groups'][$row['id_group']] = array(
                'id' => $row['id_group'],
                'name' => $row['group_name'],
                'color' => $row['online_color'],
                'new_topic' => 'disallow',
                'replies_own' => 'disallow',
                'replies_any' => 'disallow',
                'attachment' => 'disallow',
                'children' => array(),
            );
        }
        elseif (isset($context['profile_groups'][$row['id_parent']]))
            $context['profile_groups'][$row['id_parent']]['children'][] = $row['group_name'];
    }
    $smcFunc['db_free_result']($request);

    // What are the permissions we are querying?
    $all_permissions = array();
    foreach ($mappings as $perm_set)
        $all_permissions = array_merge($all_permissions, $perm_set);

    // If we're saving the changes then do just that - save them.
    if (!empty($_POST['save_changes']) && ($context['current_profile'] == 1 || $context['current_profile'] > 4))
    {
        validateToken('admin-mppm');

        // First, are we saving a new value for enabled post moderation?
        $new_setting = !empty($_POST['postmod_active']);
        if ($new_setting != $modSettings['postmod_active'])
        {
            if ($new_setting)
            {
                // Turning it on. This seems easy enough.
                updateSettings(array('postmod_active' => 1));
            }
            else
            {
                // Turning it off. Not so straightforward. We have to turn off warnings to moderation level, and make everything approved.
                updateSettings(array(
                    'postmod_active' => 0,
                    'warning_moderate' => 0,
                ));

                require_once($sourcedir . '/PostModeration.php');
                approveAllData();
            }
        }
        elseif ($modSettings['postmod_active'])
        {
            // We're not saving a new setting - and if it's still enabled we have more work to do.

            // Start by deleting all the permissions relevant.
            $smcFunc['db_query']('', '
                DELETE FROM {db_prefix}board_permissions
                WHERE id_profile = {int:current_profile}
                    AND permission IN ({array_string:permissions})
                    AND id_group IN ({array_int:profile_group_list})',
                array(
                    'profile_group_list' => array_keys($context['profile_groups']),
                    'current_profile' => $context['current_profile'],
                    'permissions' => $all_permissions,
                )
            );

            // Do it group by group.
            $new_permissions = array();
            foreach ($context['profile_groups'] as $id => $group)
            {
                foreach ($mappings as $index => $data)
                {
                    if (isset($_POST[$index][$group['id']]))
                    {
                        if ($_POST[$index][$group['id']] == 'allow')
                        {
                            // Give them both sets for fun.
                            $new_permissions[] = array($context['current_profile'], $group['id'], $data[0], 1);
                            $new_permissions[] = array($context['current_profile'], $group['id'], $data[1], 1);
                        }
                        elseif ($_POST[$index][$group['id']] == 'moderate')
                            $new_permissions[] = array($context['current_profile'], $group['id'], $data[1], 1);
                    }
                }
            }

            // Insert new permissions.
            if (!empty($new_permissions))
                $smcFunc['db_insert']('',
                    '{db_prefix}board_permissions',
                    array('id_profile' => 'int', 'id_group' => 'int', 'permission' => 'string', 'add_deny' => 'int'),
                    $new_permissions,
                    array('id_profile', 'id_group', 'permission')
                );
        }
    }

    // Now get all the permissions!
    $request = $smcFunc['db_query']('', '
        SELECT id_group, permission, add_deny
        FROM {db_prefix}board_permissions
        WHERE id_profile = {int:current_profile}
            AND permission IN ({array_string:permissions})
            AND id_group IN ({array_int:profile_group_list})',
        array(
            'profile_group_list' => array_keys($context['profile_groups']),
            'current_profile' => $context['current_profile'],
            'permissions' => $all_permissions,
        )
    );
    while ($row = $smcFunc['db_fetch_assoc']($request))
    {
        foreach ($mappings as $key => $data)
        {
            foreach ($data as $index => $perm)
            {
                if ($perm == $row['permission'])
                {
                    // Only bother if it's not denied.
                    if ($row['add_deny'])
                    {
                        // Full allowance?
                        if ($index == 0)
                            $context['profile_groups'][$row['id_group']][$key] = 'allow';
                        // Otherwise only bother with moderate if not on allow.
                        elseif ($context['profile_groups'][$row['id_group']][$key] != 'allow')
                            $context['profile_groups'][$row['id_group']][$key] = 'moderate';
                    }
                }
            }
        }
    }
    $smcFunc['db_free_result']($request);

    createToken('admin-mppm');
}

?>

Namespaces

Classes

Interfaces

Exceptions

Functions