Changeset 217

Timestamp:

08/12/2005 11:30:40 PM (18 years ago)

Author:

mdawaffe

Message:

And one diff to rule them and in its largeness bind them. First caps interation: Fixes #124. UNSTABLE.

Location:

trunk

Files:

• bb-admin/admin-header.php (modified) (1 diff)
• bb-admin/bb-do-counts.php (modified) (3 diffs)
• bb-admin/delete-post.php (modified) (2 diffs)
• bb-admin/delete-topic.php (modified) (2 diffs)
• bb-admin/rewrite-rules.php (modified) (1 diff)
• bb-admin/sticky.php (modified) (2 diffs)
• bb-admin/tag-counts.php (deleted)
• bb-admin/tag-destroy.php (modified) (1 diff)
• bb-admin/tag-merge.php (modified) (1 diff)
• bb-admin/tag-rename.php (modified) (1 diff)
• bb-admin/topic-move.php (modified) (2 diffs)
• bb-admin/topic-toggle.php (modified) (2 diffs)
• bb-admin/view-ip.php (modified) (1 diff)
• bb-edit.php (modified) (1 diff)
• bb-includes/default-filters.php (modified) (1 diff)
• bb-includes/functions.php (modified) (19 diffs)
• bb-includes/registration-functions.php (modified) (1 diff)
• bb-includes/template-functions.php (modified) (18 diffs)
• bb-settings.php (modified) (3 diffs)
• bb-templates/profile-edit.php (modified) (3 diffs)
• edit.php (modified) (1 diff)
• favorites.php (modified) (2 diffs)
• index.php (modified) (1 diff)
• profile-edit.php (modified) (3 diffs)
• profile.php (modified) (1 diff)
• topic.php (modified) (1 diff)
• view.php (modified) (1 diff)

trunk/bb-admin/admin-header.php

@@ -2 +2 @@
 require('../bb-config.php');
 
-if ( $current_user->user_type < 2 ) {
+if ( !$current_user ) {
     header('Location: ' . bb_get_option('uri') );
     exit();

trunk/bb-admin/bb-do-counts.php

@@ -1 @@
-<?php
+<?php // ?zap_tags=1 to delete tags with 0 tag_count
 
 require('../bb-config.php');
 header('Content-type: text/plain');
 
-if( $current_user->user_type >= 5 ) :
+if( current_user_can('recount') ) :
 
 if ( $topics = $bbdb->get_col("SELECT topic_id, COUNT(post_id) FROM $bbdb->posts WHERE post_status = '0' GROUP BY topic_id") ) :
@@ -19 +19 @@
         $bbdb->query("UPDATE $bbdb->topics SET tag_count = '{$counts[$t]}' WHERE topic_id = $i");
     endforeach;
-    unset($topics, $t, $i, $counts);
+    $not_tagged = array_diff($bbdb->get_col("SELECT topic_id FROM $bbdb->topics"), $tags);
+    foreach ( $not_tagged as $i )
+        $bbdb->query("UPDATE $bbdb->topics SET tag_count = 0 WHERE topic_id = $i");
+    unset($topics, $t, $i, $counts, $not_tagged);
 endif;
 
@@ -50 +53 @@
         $bbdb->query("UPDATE $bbdb->tags SET tag_count = '{$counts[$t]}' WHERE tag_id = $i");
     endforeach;
-    unset($tags, $t, $i, $counts);
+    $not_tagged = array_diff($bbdb->get_col("SELECT tag_id FROM $bbdb->tags"), $tags);
+    foreach ( $not_tagged as $i )
+        $bbdb->query("UPDATE $bbdb->tags SET tag_count = 0 WHERE tag_id = $i");
+    unset($tags, $t, $i, $counts, $not_tagged);
 else :
     $bbdb->query("UPDATE $bbdb->tags SET tag_count = 0");
 endif;
 
+if ( 1 == $_GET['zap_tags'] )
+    $bbdb->query("DELETE FROM $bbdb->tags WHERE tag_count = 0")
 endif;
 

trunk/bb-admin/delete-post.php

@@ -2 +2 @@
 require('admin-header.php');
 
-if ( 0 < $current_user->user_type && 'deleted' == $_GET['view'] ) {
+if ( !current_user_can('edit_posts') {
+    header('Location: ' . bb_get_option('uri') );
+    exit();
+}
+
+if ( current_user_can('edit_deleted') && 'deleted' == $_GET['view'] ) {
     bb_add_filter('get_topic_where', 'no_where');
     bb_add_filter('bb_delete_post', 'topics_replied_on_undelete_post');
@@ -12 +17 @@
 if ( !$post )
     die('There is a problem with that post, pardner.');
+
+if ( $post->poster_id != $current_user->ID && !current_user_can('edit_others_posts') {
+    header('Location: ' . bb_get_option('uri') );
+    exit();
+}
 
 bb_delete_post( $post_id );

trunk/bb-admin/delete-topic.php

@@ -2 +2 @@
 require('admin-header.php');
 
-if ( 0 < $current_user->user_type && 'deleted' == $_GET['view'] ) {
+if ( !current_user_can('edit_topics') ) {
+    header('Location: ' . bb_get_option('uri') );
+    exit();
+}
+
+if ( current_user_can('edit_deleted') && 'deleted' == $_GET['view'] ) {
     bb_add_filter('get_topic_where', 'no_where');
     bb_add_filter('get_thread_post_ids_where', 'no_where');
@@ -12 +17 @@
 if ( !$topic )
     die('There is a problem with that topic, pardner.');
+
+if ( $topic->poster != $current_user->ID && !current_user_can('edit_others_topics') ) {
+    header('Location: ' . bb_get_option('uri') );
+    exit();
+}
 
 bb_delete_topic( $topic->topic_id );

trunk/bb-admin/rewrite-rules.php

@@ -3 +3 @@
 
 header('Content-type: text/plain');
+
+if ( !current_user_can('manage_options') ) {
+    header('Location: ' . bb_get_option('uri') );
+    exit();
+}
 
 ?>

trunk/bb-admin/sticky.php

@@ -1 +1 @@
 <?php
 require('admin-header.php');
+
+if ( !current_user_can('edit_topics') ) {
+    header('Location: ' . bb_get_option('uri') );
+    exit();
+}
 
 $topic_id = (int) $_GET['id'];
@@ -7 +12 @@
 if ( !$topic )
     die('There is a problem with that topic, pardner.');
+
+if ( $topic->poster != $current_user->ID && !current_user_can('edit_others_topics') ) {
+    header('Location: ' . bb_get_option('uri') );
+    exit();
+}
 
 if ( topic_is_sticky( $topic_id ) )

trunk/bb-admin/tag-destroy.php

@@ -4 +4 @@
 nocache_headers();
 
-if ( $current_user->user_type < 2 )
-    die('You need to be logged in as a developer to destroy a tag.');
+if ( !current_user_can('manage_tags') )
+    die('You are not allowed to manage tags.');
 
 $tag_id = (int) $_POST['id' ];

trunk/bb-admin/tag-merge.php

@@ -4 +4 @@
 nocache_headers();
 
-if ( $current_user->user_type < 2 )
-    die('You need to be logged in as a developer to merge tags.');
+if ( !current_user_can('manage_tags') )
+    die('You are not allowed to manage tags.');
 
 $old_id = (int) $_POST['id' ];

trunk/bb-admin/tag-rename.php

@@ -4 +4 @@
 nocache_headers();
 
-if ( $current_user->user_type < 2 )
-    die('You need to be logged in as a developer to rename a tag.');
+if ( !current_user_can('manage_tags') )
+    die('You are not allowed to manage tags.');
 
 $tag_id = (int) $_POST['id' ];

trunk/bb-admin/topic-move.php

@@ -1 +1 @@
 <?php
 require_once('admin-header.php');
+
+if ( !current_user_can('edit_topics') ) {
+    header('Location: ' . bb_get_option('uri') );
+    exit();
+}
 
 $topic_id = $_REQUEST['topic_id'];
@@ -14 +19 @@
     die('Your topic or forum caused all manner of confusion');
 
+if ( $topic->poster != $current_user_ID && !current_user_can('edit_others_topics') ) {
+    header('Location: ' . bb_get_option('uri') );
+    exit();
+}
+
 bb_move_topic( $topic_id, $forum_id );
 

trunk/bb-admin/topic-toggle.php

@@ -1 +1 @@
 <?php
 require('admin-header.php');
+
+if ( !current_user_can('edit_topics') ) {
+    header('Location: ' . bb_get_option('uri') );
+    exit();
+}
 
 $topic_id = (int) $_GET['id'];
@@ -7 +12 @@
 if ( !$topic )
     die('There is a problem with that topic, pardner.');
+
+if ( $topic->poster != $current_user->ID && !current_user_can('edit_others_topics') ) {
+    header('Location: ' . bb_get_option('uri') );
+    exit();
+}
 
 if ( topic_is_open( $topic_id ) )

trunk/bb-admin/view-ip.php

@@ -1 +1 @@
 <?php
 require('admin-header.php');
+
+if ( !current_user_can('view_by_ip') ) {
+    header('Location: ' . bb_get_option('uri') );
+    exit();
+}
 
 $ip = preg_replace('/[^0-9\.]/', '', $_GET['ip']);

trunk/bb-edit.php

@@ -4 +4 @@
 nocache_headers();
 
-if ( 0 < $current_user->user_type && 'deleted' == $_GET['view'] ) {
+if ( current_user_can('edit_deleted') && 'deleted' == $_GET['view'] ) {
     bb_add_filter('bb_is_first_where', 'no_where');
 }

trunk/bb-includes/default-filters.php

@@ -31 +31 @@
 
 bb_add_filter('get_user_link', 'bb_fix_link');
-bb_add_filter('get_user_type_label', 'bb_label_user_type');
 
 bb_add_filter('post_time', 'bb_offset_time');

trunk/bb-includes/functions.php

@@ -399 +399 @@
     $pass = user_sanitize( $_COOKIE[ $bb->passcookie ] );
     $current_user = $bbdb->get_row("SELECT * FROM $bbdb->users WHERE user_login = '$user' AND MD5( user_pass ) = '$pass'");
-    if ( $current_user->user_status === '0' )
-        return bb_append_meta( $current_user, 'user' );
-    elseif ( $current_user && $current_user->user_status % 2 == 0 )
+    if ( $current_user->user_status === '0' ) {
+        bb_append_meta( $current_user, 'user' );
+        return new BB_User($current_user->ID);
+    } elseif ( $current_user && $current_user->user_status % 2 == 0 )
         bb_append_meta( $current_user, 'user' );
     else
@@ -498 +499 @@
 function update_user_status( $user_id, $status = 0 ) {
     global $bbdb, $current_user;
-    $user = bb_get_user( $user_id );
+    $user = new BB_User( $user_id );
     $status = (int) $status;
-    if ( $user->ID != $current_user->ID && can_admin( $user->ID ) )
+    if ( $user->ID != $current_user->ID && current_user_can('edit_users') ) {
         $bbdb->query("UPDATE $bbdb->users SET user_status = $status WHERE ID = $user->ID");
+        switch ( $status ) :
+        case 0 :
+            $user->set_role('member');
+            break;
+        case 1 :
+            $user->set_role('blocked');
+            break;
+        case 2 :
+            $user->set_role('inactive');
+            break;
+        endswitch;
+    }
     return;
 }
@@ -529 +542 @@
 
     $meta_key = preg_replace('|[^a-z0-9_]|i', '', $meta_key);
-    if ( 'user' == $type && 'user_type' == $meta_key )
-        $meta_key = $table_prefix . 'user_type';
+    if ( 'user' == $type && 'capabilities' == $meta_key )
+        $meta_key = $table_prefix . 'capabilities';
 
     $meta_tuple = compact('type_id', 'meta_key', 'meta_value', 'type');
@@ -561 +574 @@
         (topic_title, topic_poster, topic_poster_name, topic_last_poster, topic_last_poster_name, topic_start_time, topic_time, forum_id)
         VALUES
-        ('$title', $current_user->ID, '$current_user->user_login', $current_user->ID, '$current_user->user_login', '$now', '$now', $forum)");
+        ('$title', $current_user->ID, '$current_user->data->user_login', $current_user->ID, '$current_user->data->user_login', '$now', '$now', $forum)");
         $topic_id = $bbdb->insert_id;
         if ( !empty( $tags ) )
@@ -630 +643 @@
     $now   = bb_current_time('mysql');
     $uid   = $current_user->ID;
-    $uname = $current_user->user_login;
+    $uname = $current_user->data->user_login;
     $ip    = addslashes( $_SERVER['REMOTE_ADDR'] );
 
@@ -650 +663 @@
         $post_ids = get_thread_post_ids( $tid );
         if ( !in_array($uid, array_slice($post_ids['poster'], 0, -1)) )
-            update_usermeta( $uid, $table_prefix . 'topics_replied', $current_user->topics_replied + 1 );
+            update_usermeta( $uid, $table_prefix . 'topics_replied', $current_user->data->topics_replied + 1 );
         bb_do_action('bb_new_post', $post_id);
         return $post_id;
@@ -752 +765 @@
 
 function bb_update_post( $post, $post_id ) {
-    global $bbdb, $current_user;
+    global $bbdb;
     $post  = bb_apply_filters('pre_post', $post);
     $post_id   = (int) $post_id;
@@ -798 +811 @@
     global $current_user;
     if ( !$admin_id ) :
-        if ( $current_user ) : $admin_id = (int) $current_user->ID;
+        if ( $current_user ) : $admin =& $current_user;
         else : return false;
         endif;
+    else :
+        $admin = new BB_User( $admin_id );
     endif;
-    if ( !$admin = bb_get_user( $admin_id ) )
+    if ( !$admin )
         return false;
     if ( !$user  = bb_get_user( $user_id  ) )
@@ -810 +825 @@
         return true;
 
-    if ( $user->user_type < $admin->user_type && $admin->user_type != 0 )
+    if ( $admin->has_cap('edit_others_posts') )
         return true;
-    else
-        return false;
+
+    return false;
 }
 
@@ -819 +834 @@
     global $current_user;
     if ( !$admin_id ) :
-        if ( $current_user ) : $admin_id = (int) $current_user->ID;
+        if ( $current_user ) : $admin =& $current_user;
         else : return false;
         endif;
+    else :
+        $admin = new BB_User( $admin_id );
     endif;
-    if ( !$admin = bb_get_user( $admin_id ) )
+    if ( !$admin )
         return false;
     if ( !$user  = bb_get_user( $user_id  ) )
         return false;
 
-    if ( 5 == $admin->user_type || $admin_id == $user_id )
+    if ( $admin_id == $user_id )
         return true;
 
+    if ( $admin->has_cap('edit_users') )
+        return true;
+
     return false;
-}
-
-function can_delete( $user_id, $admin_id = 0) {
-    global $bbdb, $current_user;
-    if ( !$admin_id )
-        $admin_id = $current_user->ID;
-    $admin = bb_get_user( $admin_id );
-    $user  = bb_get_user( $user_id  );
-
-    if ( $user->user_type < $admin->user_type && $admin->user_type != 0 )
-        return true;
-    else
-        return false;
 }
 
 function can_edit_post( $post_id, $user_id = 0 ) {
     global $bbdb, $current_user;
-    if ( empty($current_user) )
-        return false;
     if ( !$user_id )
-        $user_id = $current_user->ID;
-    $user = bb_get_user( $user_id );
+        $user =& $current_user;
+    else
+        $user = new BB_User( $user_id );
     $post = get_post( $post_id );
-    $post_author = bb_get_user ( $post->poster_id );
-
-    if ( $user->user_type > 1 )
-        return true;
-
-    if ( $user->user_type > $post_author->user_type )
-        return true;
-    
-    if ( $user->ID != $post_author->ID )
-        return false;
-
-    if ( ! topic_is_open( $post->topic_id ) )
-        return false;
-
-    $post_time  = strtotime( $post->post_time );
-    $curr_time  = time();
-    $time_limit = bb_get_option('edit_lock') * 60;
-    if ( ($curr_time - $post_time) > $time_limit )
-        return false;
-    else
-        return true;
+    $topic = get_topic( $post->topic_id );
+
+    if ( !$user )
+        return false;
+
+    if ( !topic_is_open( $post->topic_id ) )
+        if ( !$user->has_cap('edit_topics') || ( $topic->poster != $user->ID && !$user->has_cap('edit_others_topics') ) )
+            return false;
+
+    if ( !$user->has_cap('edit_posts') )
+        return false;
+
+    if ( !$user->has_cap('ignore_edit_lock') ) :
+        $post_time  = strtotime( $post->post_time );
+        $curr_time  = time();
+        $time_limit = bb_get_option('edit_lock') * 60;
+        if ( ($curr_time - $post_time) > $time_limit )
+            return false;
+    endif;
+
+    if ( $post->poster_id != $user->ID && !$user->has_cap('edit_others_posts') )
+        return false;
+
+    return true;
 }
 
 function can_edit_topic( $topic_id, $user_id = 0 ) {
     global $current_user;
-    if ( empty($current_user) )
-        return false;
-    if ( ! $user_id )
-        $user_id = $current_user->ID;
-    $user = bb_get_user( $user_id );
+    if ( !$user_id )
+        $user =& $current_user;
+    else
+        $user = new BB_User( $user_id );
     $topic = get_topic( $topic_id );
-    $topic_poster = bb_get_user( $topic->topic_poster );
-
-    if ( $user->user_type > 1)
-        return true;
-
-    if ( $user->user_type > $topic_poster->user_type )
-        return true;
-
-    if ( $user->ID != $topic_poster->ID )
-        return false;
-    
-    if ( ! topic_is_open( $topic_id ) )
+
+    if ( !$user )
+        return false;
+
+    if ( !$user->has_cap('edit_topics') )
+        return false;
+
+    if ( $topic->poster != $user->ID && $user->has_cap('edit_others_topics') )
         return false;
 
@@ -985 +989 @@
 function add_topic_tag( $topic_id, $tag ) {
     global $bbdb, $current_user;
-    if ( !topic_is_open($topic_id) && $current_user->user_type < 1 )
+    $topic_id = (int) $topic_id;
+    if ( !$topic = get_topic( $topic_id ) )
+        return false;
+    if ( !topic_is_open( $topic_id ) )
+        if ( !current_user_can('edit_topics') || ( $topic->poster != $user->ID && !current_user_can('edit_others_topics') ) )
+            return false;
+    if ( !current_user_can('edit_tags') )
         return false;
     if ( !$tag_id = create_tag( $tag ) )
         return false;
+
     $now    = bb_current_time('mysql');
     if ( $user_already = $bbdb->get_var("SELECT user_id FROM $bbdb->tagged WHERE tag_id = '$tag_id' AND topic_id='$topic_id'") )
@@ -1036 +1047 @@
 function rename_tag( $tag_id, $tag ) {
     global $bbdb, $current_user;
-    if ( $current_user->user_type < 2 )
+    if ( !current_user_can('manage_tags') )
         return false;
     $raw_tag = $tag;
@@ -1055 +1066 @@
 function remove_topic_tag( $tag_id, $user_id, $topic_id ) {
     global $bbdb, $current_user;
+    $tag_id = (int) $tag_id;
+    $user_id = (int) $user_id;
+    $topic_id = (int) $topic_id;
     $tagged = serialize( array('tag_id' => $tag_id, 'user_id' => $user_id, 'topic_id' => $topic_id) );
-
-    $user = bb_get_user($user_id);
-
-    if ( $current_user->user_type < 1 && ( !topic_is_open($topic_id) || $current_user->ID != $user_id ) )
-        return false;
-    
+    if ( !$topic = get_topic( $topic_id ) )
+        return false;
+    if ( !topic_is_open( $post->topic_id ) )
+        if ( !current_user_can('edit_topics') || ( $topic->poster != $user->ID && !current_user_can('edit_others_topics') ) )
+            return false;
+    if ( !current_user_can('edit_tags') )
+        return false;
+    if ( $user_id != $current_user->ID && !current_user_can('edit_others_tags') )
+        return false;
+
     bb_do_action('bb_tag_removed', $tagged);
 
@@ -1080 +1098 @@
 function merge_tags( $old_id, $new_id ) {
     global $bbdb, $current_user;
-    if ( $current_user->user_type < 2)
+    if ( !current_user_can('manage_tags') )
         return false;
     if ( $old_id == $new_id )
@@ -1112 +1130 @@
 function destroy_tag( $tag_id ) {
     global $bbdb, $current_user;
-    if ( $current_user->user_type < 2 ) // hmm... 1 can remove, but need 2 to destroy?
+    if ( current_user_can('manage_tags') ) 
         return false;
 
@@ -1378 +1396 @@
     global $current_user, $user_id, $profile_menu, $profile_hooks;
     // Menu item name
-    // The minimum type the user needs to access the item (-1 to allow non logged in access)
-    // What other users can see this users tab
+    // The capability required for own user to view the tab ('' to allow non logged in access)
+    // The capability required for other users to view the tab ('' to allow non logged in access)
     // The URL of the item's file
-    $profile_menu[0] = array(__('Edit'), 0, 5, 'profile-edit.php');
-    $profile_menu[5] = array(__('Favorites'), 0, 2, 'favorites.php');
+    $profile_menu[0] = array(__('Edit'), 'edit_profile', 'edit_users', 'profile-edit.php');
+    $profile_menu[5] = array(__('Favorites'), 'edit_favorites', 'edit_others_favorites', 'favorites.php');
 
     // Create list of page plugin hook names the current user can access
@@ -1393 +1411 @@
 }
 
-function add_profile_tab($tab_title, $access_level, $other_level, $file) {
+function add_profile_tab($tab_title, $users_cap, $others_cap, $file) {
     global $profile_menu, $profile_hooks, $current_user, $user_id;
 
-    $profile_tab = array($tab_title, $access_level, $other_level, $file);
+    $profile_tab = array($tab_title, $users_cap, $others_cap, $file);
     $profile_menu[] = $profile_tab;
     if ( can_access_tab( $profile_tab, $current_user->ID, $user_id ) )
@@ -1403 +1421 @@
 
 function can_access_tab( $profile_tab, $viewer_id, $owner_id ) {
+    global $current_user;
     $viewer_id = (int) $viewer_id;
     $owner_id = (int) $owner_id;
-    $viewer = bb_get_user( $viewer_id );
-    $owner = bb_get_user( $owner_id );
-    // Is your user_type high enough?
-    $can_access = ( ( $viewer && $profile_tab[1] <= (int) $viewer->user_type ) || $profile_tab[1] < 0 );
-    // But does it let your kind in?
-    if ( $viewer_id != $owner_id )
-        $can_access = $can_access && ( ( $viewer && $profile_tab[2] <= (int) $viewer->user_type ) || $profile_tab[2] < 0 );
-    return $can_access;
+    if ( $viewer_id == $current_user->ID )
+        $viewer =& $current_user;
+    else
+        $viewer = new BB_User( $viewer_id );
+
+    if ( $owner_id == $viewer_id ) {
+        if ( '' === $profile_tab[1] )
+            return true;
+        else
+            return $viewer->has_cap($profile_tab[1]);
+    } else {
+        if ( '' === $profile_tab[2] )
+            return true;
+        else
+            return $viewer->has_cap($profile_tab[2]);
+    }
 }
 
@@ -1435 +1462 @@
     if ( !isset($views) || !$cache )
         $views = array('no-replies' => __('Topics with no replies'), 'untagged' => __('Topics with no tags'), 'unresolved' => __('Unresolved topics'));
-    if ( 0 < $current_user->user_type )
+    if ( current_user_can('browse_deleted') )
         $views['deleted'] = __('Deleted Topics');
     return bb_apply_filters('bb_views', $views);

trunk/bb-includes/registration-functions.php

@@ -31 +31 @@
 
     if ( defined( 'BB_INSTALLING' ) ) {
-        update_usermeta( $user_id, $table_prefix . 'user_type', 5 );
+        update_usermeta( $user_id, $table_prefix . 'capabilities', array('administrator' => true) );
         bb_do_action('bb_new_user', $user_id);
         return $password;
     } else {        
-        update_usermeta( $user_id, $table_prefix . 'user_type', 0 );
+        update_usermeta( $user_id, $table_prefix . 'capabilities', array('memeber' => true) );
         bb_send_pass( $user_id, $password );
         bb_do_action('bb_new_user', $user_id);

trunk/bb-includes/template-functions.php

@@ -17 +17 @@
     $list .= "\n\t<li" . ( ( $self ) ? '' : ' class="current"' ) . '><a href="' . get_user_profile_link( $user_id ) . '">' . __('Profile') . '</a></li>';
     foreach ($profile_menu as $item) {
-        // 0 = name, 1 = user_type, 2 = others, 3 = file
+        // 0 = name, 1 = users cap, 2 = others cap, 3 = file
         $class = '';
         if ( $item[3] == $self ) {
@@ -29 +29 @@
     if ( $current_user ) :
         $list .= "\n\t<li class='last'><a href='" . bb_get_option('uri') . 'bb-login.php?logout' . "' title='" . __('Log out of this account') . "'>";
-        $list .=    __('Logout') . ' (' . $current_user->user_login . ')</a></li>';
+        $list .=    __('Logout') . ' (' . get_user_name( $current_user->ID ) . ')</a></li>';
     else:
         $list .=  "\n\t<li class='last'><a href='" . bb_get_option('uri') . "bb-login.php'>" . __('Login') . '</a></li>';
@@ -40 +40 @@
     global $current_user, $bb;
     if ($current_user) {
-        echo "<p>Welcome, $current_user->user_login! <a href='" . get_user_profile_link( $current_user->ID) . "'>View your profile &raquo;</a> 
+        echo '<p>Welcome, ' . get_user_name( $current_user->ID ) . "! <a href='" . get_user_profile_link( $current_user->ID ) . "'>View your profile &raquo;</a> 
         <small>(<a href='" . bb_get_option('uri') . "bb-login.php?logout'>Logout</a>)</small></p>";
     } else {
@@ -422 +422 @@
 function topic_delete_link() {
     global $current_user, $topic;
-
-    if ( 1 > $current_user->user_type )
-        return;
+    if ( !current_user_can('edit_topics') )
+        return;
+    if ( $topic->poster != $current_user->ID && !current_user_can('edit_others_topics') )
+        return;
+
     if ( 0 == $topic->topic_status )
         echo "<a href='" . bb_get_option('uri') . 'bb-admin/delete-topic.php?id=' . get_topic_id() . "' onclick=\"return confirm('Are you sure you wanna delete that?')\">Delete entire topic</a>";
@@ -432 +434 @@
 
 function topic_close_link() {
-    global $current_user;
-    if ( 0 < $current_user->user_type ) {
-        if ( topic_is_open( get_topic_id() ) )
-            $text = 'Close topic';
-        else
-            $text = 'Open topic';
-        echo "<a href='" . bb_get_option('uri') . 'bb-admin/topic-toggle.php?id=' . get_topic_id() . "'>$text</a>";
-    }
+    global $current_user, $topic;
+    if ( !current_user_can('edit_topics') )
+        return;
+    if ( $topic->poster != $current_user->ID && !current_user_can('edit_others_topics') )
+        return;
+
+    if ( topic_is_open( get_topic_id() ) )
+        $text = 'Close topic';
+    else
+        $text = 'Open topic';
+    echo "<a href='" . bb_get_option('uri') . 'bb-admin/topic-toggle.php?id=' . get_topic_id() . "'>$text</a>";
 }
 
 function topic_sticky_link() {
-    global $current_user;
-    if ( 0 < $current_user->user_type ) {
-        if ( topic_is_sticky( get_topic_id() ) )
-            $text = 'Unstick topic';
-        else
-            $text = 'Stick topic';
-        echo "<a href='" . bb_get_option('uri') . 'bb-admin/sticky.php?id=' . get_topic_id() . "'>$text</a>";
-    }
+    global $current_user, $topic;
+    if ( !current_user_can('edit_topics') )
+        return;
+    if ( $topic->poster != $current_user->ID && !current_user_can('edit_others_topics') )
+        return;
+
+    if ( topic_is_sticky( get_topic_id() ) )
+        $text = 'Unstick topic';
+    else
+        $text = 'Stick topic';
+    echo "<a href='" . bb_get_option('uri') . 'bb-admin/sticky.php?id=' . get_topic_id() . "'>$text</a>";
 }
 
 function topic_show_all_link() {
     global $current_user;
-    if ( 1 > $current_user->user_type )
+    if ( !current_user_can('browse_deleted') )
         return;
     if ( 'deleted' == $_GET['view'] )
@@ -465 +473 @@
 function topic_move_dropdown() {
     global $current_user, $forum_id, $topic;
-    if ( 0 < $current_user->user_type ) :
-        $forum_id = $topic->forum_id;
-        echo '<form id="topic-move" method="post" action="' . bb_get_option('uri') . 'bb-admin/topic-move.php"><div>' . "\n\t";
-        echo '<input type="hidden" name="topic_id" value="' . get_topic_id() . '" />' . "\n\t";
-        echo '<label for="forum_id">Move this topic to the selected forum: ';
-        forum_dropdown();
-        echo "</label>\n\t";
-        echo "<input type='submit' name='Submit' value='Move' />\n</div></form>";
-    endif;
+    if ( !current_user_can('edit_topics') )
+        return;
+    if ( $topic->poster != $current_user->ID && !current_user_can('edit_others_topics') )
+        return;
+    $forum_id = $topic->forum_id;
+    echo '<form id="topic-move" method="post" action="' . bb_get_option('uri') . 'bb-admin/topic-move.php"><div>' . "\n\t";
+    echo '<input type="hidden" name="topic_id" value="' . get_topic_id() . '" />' . "\n\t";
+    echo '<label for="forum_id">Move this topic to the selected forum: ';
+    forum_dropdown();
+    echo "</label>\n\t";
+    echo "<input type='submit' name='Submit' value='Move' />\n</div></form>";
 }
 
@@ -548 +558 @@
 
 function post_edit_link() {
-    global $current_user, $post;
+    global $post;
 
     if ( can_edit_post( $post->post_id ) )
@@ -556 +566 @@
 function post_delete_link() {
     global $current_user, $post;
-
-    if ( 1 > $current_user->user_type )
-        return;
+    if ( !current_user_can('edit_posts') )
+        return;
+    if ( $post->poster_id != $current_user->ID && !current_user_can('edit_others_posts') )
+        return;
+
     if ( 0 == $post->post_status )
         echo "<a href='" . bb_get_option('uri') . 'bb-admin/delete-post.php?id=' . get_post_id() . "' onclick=\"return confirm('Are you sure you wanna delete that?')\">Delete</a>";
@@ -621 +633 @@
 }
 
-function bb_label_user_type( $type ) {
-    switch ($type) :
-        case 0 :
-            return __('Member');
-            break;
-        case 1 :
-            return __('Moderator');
-            break;
-        case 2 :
-            return __('Developer');
-            break;
-        case 5 :
-            return __('Admin');
-            break;
-    endswitch;
-}
-
 function get_user_type_label( $type ) {
-    return bb_apply_filters('get_user_type_label', $type );
+    global $bb_roles;
+    if ( $bb_roles->is_role( $type ) )
+        return $bb_roles->role_names[$type];
 }
 
@@ -647 +644 @@
 
 function get_user_type ( $id ) {
-    global $bbdb;
+    global $bbdb, $current_user;
     $user = bb_get_user( $id );
+
     if ( $user->user_status == 2 )
         return __('Inactive');
@@ -654 +652 @@
         if ( !empty( $user->title ) )
             return $user->title;
-        return get_user_type_label( $user->user_type );
+        $caps = array_keys($user->capabilities);
+        return get_user_type_label( $caps[0] ); //Just support one role for now.
     else :
         return __('Unregistered');
@@ -664 +663 @@
 }
 
+function get_user_name( $id ) {
+    $user = bb_get_user( $id );
+    return $user->user_login;
+}
+
 function profile_pages() {
     global $user, $page;
@@ -672 +676 @@
 function topic_tags () {
     global $tags, $tag, $topic_tag_cache, $user_tags, $other_tags, $current_user;
-    if ( is_array( $tags ) || $current_user )
+    if ( is_array( $tags ) || current_user_can('edit_tags') )
         include( BBPATH . '/bb-templates/topic-tags.php');
 }
@@ -730 +734 @@
 function tag_form() {
     global $topic, $current_user;
-    if ( !$current_user || $current_user->user_type < 1 && !topic_is_open($topic->topic_id) )
-        return false;
-    else
-        include( BBPATH . '/bb-templates/tag-form.php');
+    if ( !current_user_can('edit_tags') )
+        return false;
+    if ( !topic_is_open($topic->topic_id) )
+        if ( !current_user_can('edit_topics') || ( $topic->poster != $current_user->ID && !current_user_can('edit_others_topics') ) )
+            return false;
+
+    include( BBPATH . '/bb-templates/tag-form.php');
 }
 
 function tag_rename_form() {
     global $tag, $current_user;
-    if ( $current_user->user_type < 2 )
+    if ( !current_user_can('manage_tags') )
         return false;
     $tag_rename_form  = '<form id="tag-rename" method="post" action="' . bb_get_option('uri') . 'bb-admin/tag-rename.php">' . "\n";
@@ -749 +756 @@
 function tag_merge_form() {
     global $tag, $current_user;
-    if ( $current_user->user_type < 2 )
+    if ( !current_user_can('manage_tags') )
         return false;
     $tag_merge_form  = '<form id="tag-merge" method="post" action="' . bb_get_option('uri') . 'bb-admin/tag-merge.php">' . "\n";
@@ -761 +768 @@
 function tag_destroy_form() {
     global $tag, $current_user;
-    if ( $current_user->user_type < 2 )
+    if ( !current_user_can('manage_tags') )
         return false;
     $tag_destroy_form  = '<form id="tag-destroy" method="post" action="' . bb_get_option('uri') . 'bb-admin/tag-destroy.php">' . "\n";
@@ -771 +778 @@
 
 function tag_remove_link( $tag_id = 0, $user_id = 0, $topic_id = 0 ) {
-    global $tag, $current_user;
-    if ( $current_user->user_type < 1 && ( !topic_is_open($tag->topic_id) || $current_user->ID != $tag->user_id ) )
-        return false;
+    global $tag, $current_user, $topic;
+    if ( !current_user_can('edit_tags') )
+        return false;
+    if ( !topic_is_open($topic->topic_id) )
+        if ( !current_user_can('edit_topics') || ( $topic->poster != $current_user->ID && !current_user_can('edit_others_topics') ) )
+            return false;
+    if ( $tag->user_id != $current_user->ID && !current_user_can('edit_others_tags') )
+        return false;
+
     echo '[<a href="' . bb_get_option('uri') . 'tag-remove.php?tag=' . $tag->tag_id . '&#038;user=' . $tag->user_id . '&#038;topic=' . $tag->topic_id . '" onclick="return confirm(\'Are you sure you want to remove the \\\'' . bb_specialchars( $tag->raw_tag ) . '\\\' tag?\')" title="Remove this tag">x</a>]';
 }
@@ -832 +845 @@
 function user_favorites_link($add = 'Add to Favorites', $rem = 'Remove from Favorites') {
     global $topic, $current_user;
-    if ( $favs = explode(',', $current_user->favorites) )
+    if ( $favs = explode(',', $current_user->data->favorites) )
         if ( in_array($topic->topic_id, $favs) ) :
             $favs = array('fav' => '0', 'topic_id' => $topic->topic_id);

trunk/bb-settings.php

@@ -39 +39 @@
 require( BBPATH . 'bb-includes/formatting-functions.php');
 require( BBPATH . 'bb-includes/template-functions.php');
+require( BBPATH . 'bb-includes/capabilities.php');
 require( BBPATH . 'bb-includes/default-filters.php');
 
@@ -50 +51 @@
 $bbdb->tagged    = $table_prefix . 'tagged';
 
-$plugins = glob( BBPATH . 'bb-plugins/*.php');
-if ( $plugins ) : foreach ( $plugins as $plugin ) :
-    require($plugin);
-endforeach; endif;
-
 if ( defined('CUSTOM_USER_TABLE') )
     $bbdb->users = CUSTOM_USER_TABLE;
 if ( defined('CUSTOM_USER_META_TABLE') )
     $bbdb->usermeta = CUSTOM_USER_META_TABLE;
-
 
 define('BBHASH', md5($table_prefix) );
@@ -79 +74 @@
 $_SERVER = bb_global_sanitize($_SERVER);
 
+$plugins = glob( BBPATH . 'bb-plugins/*.php');
+if ( $plugins ) : foreach ( $plugins as $plugin ) :
+    require($plugin);
+endforeach; endif;
+bb_do_action('bb_plugins_loaded', '');
+
+$bb_roles = new BB_Roles();
+bb_do_action('bb_got_roles', '');
+
 function bb_shutdown_action_hook() {
     bb_do_action('bb_shutdown', '');

trunk/bb-templates/profile-edit.php

@@ -26 +26 @@
 <?php endif; ?>
 </fieldset>
-
-<?php if ( $current_user->user_type >= 5 ) : $required = false; ?>
+<?php if ( current_user_can('edit_users') ) : $required = false; ?>
 <fieldset>
 <legend>Administration</legend>
@@ -33 +32 @@
 <tr>
   <th scope="row">User Type:</th>
-  <td><select name="user_type">
-<?php $t = 0; while ( $t < 6 ) : if ( '' != get_user_type_label($t) ) : ?>
-       <option value="<?php echo $t; ?>"<?php if ( $t == $user->user_type ) echo ' selected="selected"'; ?>><?php user_type_label($t); ?></option>
-<?php endif; $t++; endwhile; ?>
+  <td><select name="role">
+<?php foreach( $bb_roles->role_names as $r => $n ) : if ( 'keymaster' != $r || current_user_can('keep_gate') ) : ?>
+       <option value="<?php echo $r; ?>"<?php if ( array_key_exists($r, $user->capabilities) ) echo ' selected="selected"'; ?>><?php echo $n; ?></option>
+<?php endif; endforeach; ?>
       </select>
   </td>
@@ -64 +63 @@
 <?php endif; ?>
 <p><sup>**</sup>Deletion attributes all content to Anonymous and cannot be easily undone.  Deactivation maintains proper attribution and can be easily changed.</p>
+<p>User types Inactive and Blocked have no practical difference at the moment.  Both can log in and view content.</p>
 </fieldset>
 <?php endif; ?>

trunk/edit.php

@@ -2 +2 @@
 require('bb-config.php');
 
-if ( 0 < $current_user->user_type && 'deleted' == $_GET['view'] ) {
+if ( current_user_can('edit_deleted') && 'deleted' == $_GET['view'] ) {
     bb_add_filter('bb_is_first_where', 'no_where');
 }

trunk/favorites.php

@@ -11 +11 @@
 
     if ( $fav ) {
-        $fav = $current_user->favorites ? explode(',', $current_user->favorites) : array();
+        $fav = $current_user->data->favorites ? explode(',', $current_user->data->favorites) : array();
         if ( ! in_array( $topic_id, $fav ) ) {
             $fav[] = $topic_id;
@@ -18 +18 @@
         }
     } else {
-        $fav = explode(',', $current_user->favorites);
+        $fav = explode(',', $current_user->data->favorites);
         if ( is_int( $pos = array_search($topic_id, $fav) ) ) {
             array_splice($fav, $pos, 1);

trunk/index.php

@@ -13 +13 @@
 bb_do_action( 'bb_index.php', '' );
 
+var_dump($current_user);
+
 if (file_exists( BBPATH . 'my-templates/front-page.php' ))
     require( BBPATH . 'my-templates/front-page.php' );

trunk/profile-edit.php

@@ -17 +17 @@
 
 $profile_info_keys = get_profile_info_keys();
-if ( $current_user->user_type >= 5 )
+if ( current_user_can('edit_users') )
     $profile_admin_keys = get_profile_admin_keys();
 $updated = false;
@@ -39 +39 @@
     endforeach;
 
-    if ( $current_user->user_type >=5 ):
-        $user_type = bb_specialchars( $_POST['user_type'], 1 );
+    if ( current_user_can('edit_users') ):
+        $role = bb_specialchars( $_POST['role'], 1 );
         foreach ( $profile_admin_keys as $key => $label ) :
             $$key = bb_specialchars( $_POST[$key], 1 );
@@ -64 +64 @@
         endif;
 
-        if ( $current_user->user_type >= 5 ) :
-            if ( $user_type != $user->user_type && $user_type < 6 )
-                update_usermeta( $user->ID, 'user_type', $user_type );
+        if ( current_user_can('edit_users') ) :
+            if ( !in_array($role, $user->capabilities) && array_key_exists($role, $bb_roles->roles) ) {
+                $user_obj = new BB_User( $user->ID );
+                $user_obj->set_role($role); // Only support one role for now
+            }
             if ( $user_status != $user->user_status && $user_status < 3 )
                 update_user_status( $user->ID, $user_status );

trunk/profile.php

@@ -13 +13 @@
 
 bb_repermalink(); // The magic happens here.
-
 $user = bb_get_user( $user_id );
-
+var_dump($user);
 if ( !$user )
     die('User not found.');

trunk/topic.php

@@ -4 +4 @@
 $topic_id = $page = 0;
 
-if ( 0 < $current_user->user_type && 'deleted' == $_GET['view'] ) {
+if ( current_user_can('browse_deleted') && 'deleted' == $_GET['view'] ) {
     bb_add_filter('get_topic_where', 'no_where');
     bb_add_filter('get_thread_where', 'no_where');

trunk/view.php

@@ -23 +23 @@
     break;
 case 'deleted' :
-    if ( 1 > $current_user->user_type )
+    if ( !current_user_can('browse_deleted') )
         die("Now how'd you get here?  And what did you think you'd being doing?"); //This should never happen.
     bb_add_filter( 'get_latest_topics_where', 'deleted_topics' );