38443-vm/includes/permissions.php

<?php

class Permissions {
    const VIEW_CHANNEL = 1;
    const SEND_MESSAGES = 2;
    const MANAGE_MESSAGES = 4;
    const MANAGE_CHANNELS = 8;
    const MANAGE_SERVER = 16;
    const ADMINISTRATOR = 32;

    public static function hasPermission($user_id, $server_id, $permission) {
        $stmt = db()->prepare("SELECT is_admin FROM users WHERE id = ?");
        $stmt->execute([$user_id]);
        $user = $stmt->fetch();
        if ($user && $user['is_admin']) return true;

        $stmt = db()->prepare("SELECT owner_id FROM servers WHERE id = ?");
        $stmt->execute([$server_id]);
        $server = $stmt->fetch();
        if ($server && $server['owner_id'] == $user_id) return true;

        $stmt = db()->prepare("
            SELECT SUM(r.permissions) as total_perms 
            FROM roles r
            JOIN user_roles ur ON r.id = ur.role_id
            WHERE ur.user_id = ? AND r.server_id = ?
        ");
        $stmt->execute([$user_id, $server_id]);
        $row = $stmt->fetch();
        $perms = (int)($row['total_perms'] ?? 0);

        if ($perms & self::ADMINISTRATOR) return true;
        return ($perms & $permission) === $permission;
    }

    public static function canViewChannel($user_id, $channel_id) {
        $stmt = db()->prepare("SELECT server_id FROM channels WHERE id = ?");
        $stmt->execute([$channel_id]);
        $c = $stmt->fetch();
        if (!$c) return false;
        $server_id = $c['server_id'];

        // Check if owner or admin
        if (self::hasPermission($user_id, $server_id, self::ADMINISTRATOR)) return true;

        // Fetch overrides for all roles the user has in this server
        $stmt = db()->prepare("
            SELECT cp.allow_permissions, cp.deny_permissions 
            FROM channel_permissions cp 
            JOIN user_roles ur ON cp.role_id = ur.role_id 
            WHERE ur.user_id = ? AND cp.channel_id = ?
        ");
        $stmt->execute([$user_id, $channel_id]);
        $overrides = $stmt->fetchAll();

        // Check @everyone override specifically (even if user has no roles assigned)
        $stmt = db()->prepare("SELECT id FROM roles WHERE server_id = ? AND (name = '@everyone' OR name = 'Everyone') LIMIT 1");
        $stmt->execute([$server_id]);
        $everyone_role = $stmt->fetch();
        if ($everyone_role) {
            $stmt = db()->prepare("SELECT allow_permissions, deny_permissions FROM channel_permissions WHERE channel_id = ? AND role_id = ?");
            $stmt->execute([$channel_id, $everyone_role['id']]);
            $eo = $stmt->fetch();
            if ($eo) {
                $overrides[] = $eo;
            }
        }

        if (empty($overrides)) {
            return true; // Default to yes
        }

        $allow = false;
        $deny = false;
        foreach($overrides as $o) {
            if ($o['allow_permissions'] & self::VIEW_CHANNEL) $allow = true;
            if ($o['deny_permissions'] & self::VIEW_CHANNEL) $deny = true;
        }

        if ($allow) return true;
        if ($deny) return false;

        return true; // Default to yes
    }

    public static function canSendInChannel($user_id, $channel_id) {
        $stmt = db()->prepare("SELECT server_id FROM channels WHERE id = ?");
        $stmt->execute([$channel_id]);
        $c = $stmt->fetch();
        if (!$c) return false;
        $server_id = $c['server_id'];

        // Check if owner or admin
        if (self::hasPermission($user_id, $server_id, self::ADMINISTRATOR)) return true;

        // Check overrides
        $stmt = db()->prepare("
            SELECT cp.allow_permissions, cp.deny_permissions 
            FROM channel_permissions cp 
            JOIN user_roles ur ON cp.role_id = ur.role_id 
            WHERE ur.user_id = ? AND cp.channel_id = ?
        ");
        $stmt->execute([$user_id, $channel_id]);
        $overrides = $stmt->fetchAll();

        // Check @everyone override
        $stmt = db()->prepare("SELECT id FROM roles WHERE server_id = ? AND (name = '@everyone' OR name = 'Everyone') LIMIT 1");
        $stmt->execute([$server_id]);
        $everyone_role = $stmt->fetch();
        if ($everyone_role) {
            $stmt = db()->prepare("SELECT allow_permissions, deny_permissions FROM channel_permissions WHERE channel_id = ? AND role_id = ?");
            $stmt->execute([$channel_id, $everyone_role['id']]);
            $eo = $stmt->fetch();
            if ($eo) {
                $overrides[] = $eo;
            }
        }

        $allow = false;
        $deny = false;
        foreach($overrides as $o) {
            if ($o['allow_permissions'] & self::SEND_MESSAGES) $allow = true;
            if ($o['deny_permissions'] & self::SEND_MESSAGES) $deny = true;
        }

        if ($allow) return true;
        if ($deny) return false;

        return self::hasPermission($user_id, $server_id, self::SEND_MESSAGES);
    }
}