As I posted before in this thread - the above function does not return results of forums a user cannot "view", if the forum is using default permissions from it's parent forum.
Our board uses only forum default permissions, inherited from it's parent forum - we rely on usergroup permissions, and this does us absolutely fine.
The other night, I really really needed to make sure I could restrict some queries from returning data that comes from forums any certain usergroup cannot view, so I made the following function - it's a little sloppy in places, but it's not that bad - the main thing is, it works :
PHP Code:
function getForumPermissions($usergroupID) {
global $DB_site;
$forumCatPerm_result = $DB_site->query("SELECT forumid FROM forumpermission WHERE canview=0 AND usergroupid=$usergroupID");
if (!$num_rows = $DB_site->num_rows($forumCatPerm_result) <=0) {
$arrayIndex = 0;
while ($row = $DB_site->fetch_array($forumCatPerm_result, MYSQL_ASSOC)) {
$forumCatPerm_array[$arrayIndex++] = $row[forumid];
}
}
if (isset($forumCatPerm_array)) {
$forumsCannotView_result = $DB_site->query("SELECT forumid,parentlist FROM forum WHERE active=1");
if (!$num_rows = $DB_site->num_rows($forumsCannotView_result) <=0) {
$arrayIndex = 0;
while ($row = $DB_site->fetch_array($forumsCannotView_result, MYSQL_ASSOC)) {
$forumParentList_temp = explode(',', $row[parentlist]);
if ($forumParentList_temp[1] != -1) {
if (in_array($forumParentList_temp[1], $forumCatPerm_array)) {
$forumsCannotView_array[$arrayIndex++] = $forumParentList_temp[0];
}
}
}
}
return $forumsCannotView_strList = implode(",", $forumCatPerm_array) . "," . implode(",", $forumsCannotView_array);
} else {
return $forumsCannotView_strList = "";
}
}
.... it's tested, and works.... it checks the 'forumpermission' table, and takes the forumid of parent forums (category forums) that have usergroup permissions set, and then queries the forum table, making a list of forums in that category, that the usergroup cannot view.
As an example, we can take the last 12 posts made, from forums that only the viewers usergroup has 'canview' access to :
PHP Code:
$forumsCannotView_strList = getForumPermissions($bbuserinfo[usergroupid]);
$whereClause = ($forumsCannotView_strList != "") ? ("(forumid NOT IN ($forumsCannotView_strList)) AND") : ("");
$latest_discussions_num = 12;
if ($forumsCannotView_strList != "") {
$latestThreads_result = $DB_site->query("SELECT threadid,title,lastpost,postusername,lastposter
FROM thread WHERE $whereClause visible=1 AND open=1
ORDER BY lastpost DESC
LIMIT $latest_discussions_num");
} else {
$latestThreads_result = $DB_site->query("SELECT threadid,title,lastpost,postusername,lastposter
FROM thread WHERE visible=1 AND open=1
ORDER BY lastpost DESC
LIMIT $latest_discussions_num");
}
if (!$num_rows = $DB_site->num_rows($latestThreads_result) <=0) {
while ($row = $DB_site->fetch_array($latestThreads_result, MYSQL_ASSOC)) {
$threadTitle = "<a href=\"{forumsRoot}/showthread.php?s=$session[sessionhash]&threadid=$row[threadid]\" target=\"_blank\" class=\"smallLinks\">$row[title]</a>";
$threadStarter = $row[postusername];
$lastPoster = $row[lastposter];
$timezoneoffsetstamp = $bbuserinfo[timezoneoffset] * 3600;
$timeDate = date("$dateformat @ $timeformat", $row[lastpost] + $timezoneoffsetstamp);
echo "$threadTitle | $threadStarter | $lastPoster | $timeDate";
}
}
... basically, if the function returns an empty string, there are not restrictions, and the 2nd query is actioned, which returns all forums... obviously, if there are restrictions, then the restricted forums get filtered out of the query.
I find this very handy for some of our non-vB pages.... and I post it simply in-case sombody likes the concept.
More Information