منتدى استراحات زايد - Admin CP One way to implement more granular admin/moderator ACP permissions

Here is how I might implement granular admin permissions. You make someone an admin, then you grant or deny access for each separate script and grant or deny access for each separate "do" branch in the script. You check for permissions right in /admincp/global.php instead of trying to do so in each script. So your permissions array might look something like this:

PHP Code:

$vbulletin->userinfo->adminperms = array(
'accessmask' => array(
'edit' => false,
'update' => false,
'quickedit' => false,
'doquickedit' => false,
'resetforum' => false,
'resetall' => false,
'doresetall' => false,
'modify' => false,
),
'admincalendar' => array(
'addcustom' => false,
'doaddcustom' => false,
'killcustom' => false,
'add' => false,
'edit' => false,
'add' => false,
'deletecustom' => false,
'update' => false,
'modify' => false,
'doorder' => false,
'remove' => false,
'kill' => false,
'addmod' => false,
'editmod' => false,
'updatemod' => false,
'removemod' => false,
'killmod' => false,
'modifyholiday' => false,
'updateholiday' => false,
'saveholiday' => false,
'removeholiday' => false,
'doremoveholiday' => false,
),
'admininfraction' => array(
'editlevel' => false,
'updatelevel' => false,
'removelevel' => false,
'killlevel' => false,
'modify' => false,
'killinfraction' => false,
'deleteinfraction' => false,
'doreverse' => false,
'reverse' => false,
'details' => false,
'list' => false,
'list' => false,
'dolist' => false,
'list' => false,
'dolist' => false,
'editgroup' => false,
'updategroup' => false,
'removegroup' => false,
'killgroup' => false,
'editbangroup' => false,
'updatebangroup' => false,
'removebangroup' => false,
'killbangroup' => false,
),
'adminlog' => array(
'viewlogfile' => false,
'logfiles' => false,
'view' => false,
'prunelog' => false,
'doprunelog' => false,
'choose' => false,
),
'adminpermissions' => array(
'update' => false,
'update' => false,
'edit' => false,
'modify' => false,
),
'adminreputation' => array(
'add' => false,
'edit' => false,
'update' => false,
'remove' => false,
'kill' => false,
'updateminimums' => false,
'list' => false,
'dolist' => false,
'dolist' => false,
'editreputation' => false,
'doeditreputation' => false,
'killreputation' => false,
'deletereputation' => false,
'modify' => false,
),
'album' => array(
'storage' => false,
'switchtype' => false,
'do_dbfs' => false,
'do_fsdirectthumb' => false,
'do_fsmove' => false,
'domovepictures' => false,
'finalize' => false,
'confirmfsremove' => false,
'confirmfiledataremove' => false,
'rebuildthumbs' => false,
'thumb' => false,
),
'announcement' => array(
'add' => false,
'edit' => false,
'add' => false,
'update' => false,
'remove' => false,
'kill' => false,
'modify' => false,
),
'attachment' => array(
'storage' => false,
'switchtype' => false,
'doswitchtype' => false,
'domoveattachment' => false,
'confirmfileremove' => false,
'confirmattachmentremove' => false,
'search' => false,
'search' => false,
'edit' => false,
'doedit' => false,
'delete' => false,
'dodelete' => false,
'massdelete' => false,
'domassdelete' => false,
'stats' => false,
'intro' => false,
'types' => false,
'updatetype' => false,
'doupdatetype' => false,
'removetype' => false,
'killtype' => false,
),
'attachmentpermission' => array(
'edit' => false,
'doupdate' => false,
'modify' => false,
'quickset' => false,
),
'avatar' => array(
'storage' => false,
'switchtype' => false,
'doswitchtype' => false,
'domoveavatar' => false,
),
'backup' => array(
'csvtable' => false,
'sqltable' => false,
'csvtable' => false,
'sqltable' => false,
'choose' => false,
'sqlfile' => false,
),
'bbcode' => array(
'add' => false,
'insert' => false,
'edit' => false,
'doupdate' => false,
'remove' => false,
'kill' => false,
'test' => false,
'previewbbcode' => false,
'modify' => false,
),
'bookmarksite' => array(
'socialbookmarks_setpost' => false,
'kill' => false,
'delete' => false,
'update' => false,
'add' => false,
'edit' => false,
'edit' => false,
'quickupdate' => false,
'modify' => false,
),
'calendarpermission' => array(
'edit' => false,
'doupdate' => false,
'modify' => false,
),
'cronadmin' => array(
'updateenabled' => false,
'runcron' => false,
'edit' => false,
'update' => false,
'remove' => false,
'kill' => false,
'switchactive' => false,
'modify' => false,
),
'cronlog' => array(
'view' => false,
'prunelog' => false,
'doprunelog' => false,
'choose' => false,
),
'css' => array(
'edit' => false,
'edit' => false,
'doedit' => false,
'update' => false,
'update' => false,
'edit' => false,
'doedit' => false,
'showdefault' => false,
'stylevar-colors' => false,
'modify' => false,
'moo' => false,
),
'diagnostic' => array(
'doupload' => false,
'domail' => false,
'dosysinfo' => false,
'doversion' => false,
'payments' => false,
'server_modules' => false,
'list' => false,
),
'directory_category' => array(
'remove' => false,
'delete' => false,
'insert' => false,
'update' => false,
'update' => false,
'add' => false,
'edit' => false,
'edit' => false,
'modify' => false,
),
'directory_copy_of_thread' => array(
'dovotes' => false,
'votes' => false,
'taginsert' => false,
'tagkill' => false,
'tags' => false,
'pruneuser' => false,
'pruneusersel' => false,
'dopruneuser' => false,
'prune' => false,
'move' => false,
'dothreads' => false,
'dothreadsall' => false,
'dothreadssel' => false,
'dothreadsselfinish' => false,
'removepoll' => false,
'doremovepoll' => false,
'killpoll' => false,
'dospecificunsubscribe' => false,
'domassunsubscribe' => false,
'confirmunsubscribe' => false,
'killsubscription' => false,
'unsubscribe' => false,
),
'directory_misc' => array(
'filechecksums' => false,
),
'directory_website' => array(
'remove' => false,
'delete' => false,
'insert' => false,
'update' => false,
'update' => false,
'add' => false,
'edit' => false,
'edit' => false,
'modify' => false,
),
'email' => array(
'dosendmail' => false,
'makelist' => false,
'dosendmail' => false,
'makelist' => false,
'donext' => false,
'start' => false,
'genlist' => false,
'start' => false,
),
'faq' => array(
'kill' => false,
'delete' => false,
'update' => false,
'insert' => false,
'edit' => false,
'add' => false,
'edit' => false,
'updateorder' => false,
'modify' => false,
),
'forum' => array(
'add' => false,
'edit' => false,
'add' => false,
'edit' => false,
'update' => false,
'remove' => false,
'kill' => false,
'doorder' => false,
'modify' => false,
'podcast' => false,
'updatepodcast' => false,
),
'forumpermission' => array(
'edit' => false,
'doupdate' => false,
'duplicate' => false,
'doduplicate_group' => false,
'doduplicate_forum' => false,
'quickedit' => false,
'doquickedit' => false,
'quickforum' => false,
'doquickforum' => false,
'quickset' => false,
'modify' => false,
),
'global' => array(
),
'help' => array(
'download' => false,
'doimport' => false,
'files' => false,
'answer' => false,
'edit' => false,
'doedit' => false,
'delete' => false,
'dodelete' => false,
'manage' => false,
),
'image' => array(
'updatepermissions' => false,
'editpermissions' => false,
'killcategory' => false,
'removecategory' => false,
'insertcategory' => false,
'addcategory' => false,
'updatecategory' => false,
'editcategory' => false,
'docategorydisplayorder' => false,
'doupload' => false,
'upload' => false,
'kill' => false,
'remove' => false,
'doinsertmultiple' => false,
'insertmultiple' => false,
'insert' => false,
'add' => false,
'update' => false,
'edit' => false,
'displayorder' => false,
'viewimages' => false,
'modify' => false,
),
'index' => array(
'cplogout' => false,
'notes' => false,
'head' => false,
'navprefs' => false,
'buildbitfields' => false,
'buildnavprefs' => false,
'savenavprefs' => false,
'nav' => false,
'frames' => false,
'home' => false,
'phpinfo' => false,
'handlemessage' => false,
),
'language' => array(
'download' => false,
'update' => false,
'upload' => false,
'files' => false,
'rebuild' => false,
'setdefault' => false,
'view' => false,
'kill' => false,
'delete' => false,
'insert' => false,
'add' => false,
'update_settings' => false,
'edit_settings' => false,
'edit' => false,
'modify' => false,
),
'misc' => array(
'rebuildstyles' => false,
'rebuildstyles' => false,
'emptyindex' => false,
'doemptyindex' => false,
'buildpostindex' => false,
'updateposts' => false,
'updateuser' => false,
'updateusernames' => false,
'updateforum' => false,
'updatethread' => false,
'updatesimilar' => false,
'rebuildreputation' => false,
'rebuildthumbs' => false,
'rebuildavatars' => false,
'rebuildadminavatars' => false,
'rebuildsgicons' => false,
'rebuildalbumupdates' => false,
'buildpostcache' => false,
'truncatesigcache' => false,
'removedupe' => false,
'lostusers' => false,
'buildstats' => false,
'removeorphanthreads' => false,
'removeorphanposts' => false,
'survey' => false,
'chooser' => false,
),
'moderator' => array(
'add' => false,
'edit' => false,
'editglobal' => false,
'editglobal' => false,
'add' => false,
'edit' => false,
'add' => false,
'update' => false,
'remove' => false,
'kill' => false,
'showlist' => false,
'showmods' => false,
'removeall' => false,
'killall' => false,
),
'modlog' => array(
'view' => false,
'prunelog' => false,
'doprunelog' => false,
'choose' => false,
),
'newsproxy' => array(
),
'notice' => array(
'remove' => false,
'delete' => false,
'update' => false,
'edit' => false,
'add' => false,
'quickupdate' => false,
'modify' => false,
),
'options' => array(
'options' => false,
'download' => false,
'backup' => false,
'validate' => false,
'doimport' => false,
'files' => false,
'killgroup' => false,
'removegroup' => false,
'insertgroup' => false,
'updategroup' => false,
'editgroup' => false,
'addgroup' => false,
'editgroup' => false,
'editgroup' => false,
'killsetting' => false,
'removesetting' => false,
'insertsetting' => false,
'updatesetting' => false,
'editsetting' => false,
'addsetting' => false,
'editsetting' => false,
'editsetting' => false,
'dooptions' => false,
'options' => false,
'backuprestore' => false,
'searchtype' => false,
'dosearchtype' => false,
),
'passwordcheck' => array(
'reset' => false,
'resetnext' => false,
'check' => false,
),
'phrase' => array(
'quickref' => false,
'completeorphans' => false,
'manageorphans' => false,
'findorphans' => false,
'findupdates' => false,
'dosearch' => false,
'search' => false,
'doreplace' => false,
'replace' => false,
'kill' => false,
'update' => false,
'insert' => false,
'add' => false,
'edit' => false,
'add' => false,
'edit' => false,
'delete' => false,
'delete' => false,
'modify' => false,
),
'plugin' => array(
'files' => false,
'doimport' => false,
'download' => false,
'updateactive' => false,
'kill' => false,
'delete' => false,
'update' => false,
'edit' => false,
'add' => false,
'add' => false,
'modify' => false,
'product' => false,
'productversioncheck' => false,
'productdisable' => false,
'productenable' => false,
'productdisable' => false,
'productdisable' => false,
'productadd' => false,
'productedit' => false,
'productsave' => false,
'productdependency' => false,
'productcode' => false,
'productkill' => false,
'productdelete' => false,
'productimport' => false,
'productexport' => false,
),
'prefix' => array(
'duplicate' => false,
'doduplicate' => false,
'permissions' => false,
'savepermissions' => false,
'killprefix' => false,
'deleteprefix' => false,
'insertprefix' => false,
'addprefix' => false,
'editprefix' => false,
'killset' => false,
'deleteset' => false,
'insertset' => false,
'addset' => false,
'editset' => false,
'displayorder' => false,
'list' => false,
),
'profilefield' => array(
'deletecat' => false,
'removecat' => false,
'updatecat' => false,
'addcat' => false,
'editcat' => false,
'editcat' => false,
'displayordercats' => false,
'modifycats' => false,
'displayorder' => false,
'update' => false,
'add' => false,
'edit' => false,
'add' => false,
'add' => false,
'add' => false,
'edit' => false,
'renamecheckbox' => false,
'dorenamecheckbox' => false,
'deletecheckbox' => false,
'dodeletecheckbox' => false,
'addcheckbox' => false,
'movecheckbox' => false,
'modifycheckbox' => false,
'remove' => false,
'kill' => false,
'modify' => false,
),
'queries' => array(
'doquery' => false,
'modify' => false,
),
'ranks' => array(
'insert' => false,
'edit' => false,
'add' => false,
'edit' => false,
'doupdate' => false,
'remove' => false,
'kill' => false,
'modify' => false,
),
'repair' => array(
'dorepair' => false,
'list' => false,
'fixunique' => false,
),
'replacement' => array(
'kill' => false,
'remove' => false,
'update' => false,
'edit' => false,
'insert' => false,
'add' => false,
'modify' => false,
),
'resources' => array(
'index' => false,
'view' => false,
'viewuser' => false,
),
'rssposter' => array(
'updatestatus' => false,
'kill' => false,
'delete' => false,
'update' => false,
'preview' => false,
'edit' => false,
'modify' => false,
),
'socialgroups' => array(
'search' => false,
'groupsby' => false,
'dosearch' => false,
'delete' => false,
'kill' => false,
'updatecategory' => false,
'editcategory' => false,
'killcategory' => false,
'deletecategory' => false,
'categories' => false,
),
'socialgroup_icon' => array(
'storage' => false,
'switchtype' => false,
'doswitchtype' => false,
'domoveicon' => false,
),
'spamcheck' => array(
'signatures' => false,
'homepages' => false,
'recentblogposts' => false,
),
'stats' => array(
'index' => false,
'top' => false,
'top' => false,
),
'subscriptionpermission' => array(
'edit' => false,
'doupdate' => false,
'modify' => false,
),
'subscriptions' => array(
'add' => false,
'edit' => false,
'add' => false,
'add' => false,
'update' => false,
'remove' => false,
'kill' => false,
'find' => false,
'status' => false,
'adjust' => false,
'modify' => false,
'doorder' => false,
'apirem' => false,
'apikill' => false,
'apiedit' => false,
'apiadd' => false,
'apiadd' => false,
'apiedit' => false,
'apiadd' => false,
'apiupdate' => false,
'api' => false,
'transdetails' => false,
'transactions' => false,
),
'template' => array(
'updatetemplate' => false,
'inserttemplate' => false,
'createfiles' => false,
'files' => false,
'findupdates' => false,
'download' => false,
'upload' => false,
'files' => false,
'replace' => false,
'search' => false,
'insertstyle' => false,
'addstyle' => false,
'updatestyle' => false,
'editstyle' => false,
'killstyle' => false,
'deletestyle' => false,
'dorevertall' => false,
'revertall' => false,
'history' => false,
'viewversion' => false,
'historysubmit' => false,
'dodelete' => false,
'docompare' => false,
'inserttemplate' => false,
'add' => false,
'updatetemplate' => false,
'edit' => false,
'kill' => false,
'delete' => false,
'view' => false,
'dodisplayorder' => false,
'modify' => false,
'rebuild' => false,
'createfiles' => false,
'colorconverter' => false,
),
'thread' => array(
'dovotes' => false,
'votes' => false,
'taginsert' => false,
'tags' => false,
'tagclear' => false,
'tagkill' => false,
'tagmerge' => false,
'tagdomerge' => false,
'tagkill' => false,
'tagmerge' => false,
'tagdomerge' => false,
'taginsert' => false,
'tagclear' => false,
'tagmerge' => false,
'tagdomerge' => false,
'tagdomerge' => false,
'tagkill' => false,
'tagmerge' => false,
'tags' => false,
'pruneuser' => false,
'pruneusersel' => false,
'dopruneuser' => false,
'prune' => false,
'move' => false,
'pruneedit' => false,
'doposthistories' => false,
'dothreads' => false,
'dopostedithistoriesall' => false,
'dothreadsall' => false,
'dothreadssel' => false,
'dothreadsselfinish' => false,
'removepoll' => false,
'doremovepoll' => false,
'killpoll' => false,
'dospecificunsubscribe' => false,
'domassunsubscribe' => false,
'confirmunsubscribe' => false,
'killsubscription' => false,
'unsubscribe' => false,
),
'user' => array(
'find' => false,
'emailpassword' => false,
'remove' => false,
'kill' => false,
'edit' => false,
'add' => false,
'update' => false,
'editaccess' => false,
'updateaccess' => false,
'modify' => false,
'find2' => false,
'moderate' => false,
'domoderate' => false,
'prune_updateposts' => false,
'dopruneusers' => false,
'pruneusers' => false,
'prune' => false,
'changehistory' => false,
),
'usergroup' => array(
'add' => false,
'edit' => false,
'add' => false,
'add' => false,
'add' => false,
'add' => false,
'update' => false,
'remove' => false,
'kill' => false,
'killleader' => false,
'removeleader' => false,
'insertleader' => false,
'addleader' => false,
'modify' => false,
'modifypromotion' => false,
'updatepromotion' => false,
'doupdatepromotion' => false,
'removepromotion' => false,
'killpromotion' => false,
'processjoinrequests' => false,
'viewjoinrequests' => false,
),
'useroverview' => array(
'choose' => false,
'overview' => false,
),
'usertitle' => array(
'add' => false,
'insert' => false,
'edit' => false,
'doupdate' => false,
'remove' => false,
'kill' => false,
'modify' => false,
),
'usertools' => array(
'removesubs' => false,
'killsubs' => false,
'removepms' => false,
'killpms' => false,
'removesentpms' => false,
'killsentpms' => false,
'removesentvms' => false,
'killsentvms' => false,
'merge' => false,
'domerge' => false,
'reallydomerge' => false,
'profilepic' => false,
'updateprofilepic' => false,
'sigpic' => false,
'updatesigpic' => false,
'avatar' => false,
'updateavatar' => false,
'pmfolderstats' => false,
'pmstats' => false,
'pmuserstats' => false,
'doips' => false,
'gethost' => false,
'referrers' => false,
'showreferrers' => false,
'showreferrals' => false,
'usercss' => false,
'updateusercss' => false,
'updateusercss' => false,
'usercss' => false,
),
'verify' => array(
'intro' => false,
'modifyquestion' => false,
'updatequestion' => false,
'modifyanswer' => false,
'updateanswer' => false,
'removeanswer' => false,
'killanswer' => false,
'removequestion' => false,
'killquestion' => false,
'updateoptions' => false,
),
);

You set individual do branches of scripts to "true" as needed and check for permission near the top of admincp/global.php (A THIS_SCRIPT constant would have to be added to all admin scripts):

PHP Code:

if (!$vbulletin->userinfo->adminperms[THIS_SCRIPT][$_REQUEST['do']])
{
print_cp_no_permission();
}

However it is implemented, I'd like to see more granular admin permissions in the future.