3 * A base permissions class.
5 * Portions Copyright 1999-2001 (c) VA Linux Systems
6 * The rest Copyright 2002-2004 (c) GForge Team
11 * This file is part of GForge.
13 * GForge is free software; you can redistribute it and/or modify
14 * it under the terms of the GNU General Public License as published by
15 * the Free Software Foundation; either version 2 of the License, or
16 * (at your option) any later version.
18 * GForge is distributed in the hope that it will be useful,
19 * but WITHOUT ANY WARRANTY; without even the implied warranty of
20 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21 * GNU General Public License for more details.
23 * You should have received a copy of the GNU General Public License
24 * along with GForge; if not, write to the Free Software
25 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
28 require_once('common/include/Error.class.php');
30 $PERMISSION_OBJ=array();
33 * permission_get_object() - Get permission objects
35 * permission_get_object is useful so you can pool Permission objects/save database queries
36 * You should always use this instead of instantiating the object directly
38 * @param object The Group in question
39 * @param object The User needing Permission
40 * @return a Permission or false on failure
43 function &permission_get_object(&$_Group, &$_User) {
44 //create a common set of Permission objects
45 //saves a little wear on the database
47 global $PERMISSION_OBJ;
49 if (is_object($_Group)) {
50 $group_id = $_Group->getID();
55 if (is_object($_User)) {
56 $user_id = $_User->getID();
58 //invalid object, probably from user not being logged in
62 if (!isset($PERMISSION_OBJ["_".$group_id."_".$user_id])) {
63 $PERMISSION_OBJ["_".$group_id."_".$user_id]= new Permission($_Group, $_User);
65 return $PERMISSION_OBJ["_".$group_id."_".$user_id];
68 class Permission extends Error {
70 * Associative array of data from db.
72 * @var array $data_array.
91 * Whether the user is an admin/super user of this project.
93 * @var bool $is_admin.
98 * Whether the user is an admin/super user of the entire site.
100 * @var bool $is_site_admin.
105 * Constructor for this object.
107 * @param object Group Object required.
108 * @param object User Object required.
111 function Permission (&$_Group, &$_User) {
112 if (!$_Group || !is_object($_Group)) {
113 $this->setError('No Valid Group Object');
116 if ($_Group->isError()) {
117 $this->setError('Permission: '.$_Group->getErrorMessage());
120 $this->Group =& $_Group;
122 if (!$_User || !is_object($_User)) {
123 $this->setError('No Valid User Object');
126 if ($_User->isError()) {
127 $this->setError('Permission: '.$_User->getErrorMessage());
130 $this->User =& $_User;
132 if (!$this->fetchData()) {
140 * fetchData - fetch the data for this Permission from the database.
142 * @return boolean success.
145 function fetchData() {
146 $res=db_query("SELECT * FROM user_group
147 WHERE user_id='". $this->User->getID() ."'
148 AND group_id='". $this->Group->getID() ."'");
149 if (!$res || db_numrows($res) < 1) {
150 $this->setError('Permission: User Not Found');
152 if ($this->setUpSuperUser()) {
156 $this->data_array = db_fetch_array($res);
157 if (trim($this->data_array['admin_flags']) == 'A') {
158 $this->is_admin=true;
160 $this->setUpSuperUser();
162 db_free_result($res);
168 * setUpSuperUser - check to see if this User is a site super-user.
170 * @return boolean is_super_user.
173 function setUpSuperUser() {
175 // see if they are a site super-user
176 // if not a member of this group
178 if ($this->isSuperUser()) {
180 $this->is_admin = true;
188 * getUser - get the User object this Permission is associated with.
190 * @return object The User object.
192 function &getUser() {
197 * getGroup - get the Group object this Permission is associated with.
199 * @return the Group object.
201 function &getGroup() {
206 * isSuperUser - whether the current user has site admin privilege.
208 * @return boolean is_super_user.
210 function isSuperUser() {
211 if (isset($this->is_site_admin)) {
212 return $this->is_site_admin;
215 $res = db_query("SELECT count(*) AS count FROM user_group
216 WHERE user_id='". $this->User->getID() ."'
218 AND admin_flags='A'");
219 $row_count = db_fetch_array($res);
220 $this->is_site_admin = $res && $row_count['count'] > 0;
221 db_free_result($res);
223 return $this->is_site_admin;
227 * isForumAdmin - whether the current user has form admin perms.
229 * @return boolean is_forum_admin.
231 function isForumAdmin() {
232 return $this->isMember('forum_flags',2);
236 * isDocEditor - whether the current user has form doc editor perms.
238 * @return boolean is_doc_editor.
240 function isDocEditor() {
241 return $this->isMember('doc_flags',1);
245 * isReleaseTechnician - whether the current user has FRS admin perms.
247 * @return boolean is_release_technician.
249 function isReleaseTechnician() {
250 return $this->isMember('release_flags',1);
254 * isArtifactAdmin - whether the current user has artifact admin perms.
256 * @return boolean is_artifact_admin.
258 function isArtifactAdmin() {
259 return $this->isMember('artifact_flags',2);
263 * isPMAdmin - whether the current user has Task Manager admin perms.
265 * @return boolean is_projman_admin.
267 function isPMAdmin() {
268 return $this->isMember('project_flags',2);
272 * isMember - Simple test to see if the current user is a member of this project.
274 * Can optionally pass in vars to test other permissions.
276 * @param string The field to check.
277 * @param int The value that $field should have.
278 * @return boolean is_member.
280 function isMember($field='user_id',$value='-1') {
281 if ($this->isAdmin()) {
282 //admins are tested first so that super-users can return true
283 //and admins of a project should always have full privileges
287 $arr =& $this->getPermData();
288 if ($arr[$field] >= $value) {
297 * isAdmin - User is an admin of the project or admin of the entire site.
299 * @return boolean is_admin.
302 return $this->is_admin;
306 * getPermData - returns the assocative array from the db.
308 * @return array The array of data.
311 function &getPermData() {
312 return $this->data_array;
316 * isCVSReader - checks the cvs_flags field in user_group table.
318 * @return boolean cvs_flags
320 function isCVSReader() {
321 return $this->isMember('cvs_flags',0);
325 * isCVSWriter - checks if the user has CVS write access.
327 * @return boolean cvs_flags
329 function isCVSWriter() {
330 return $this->isMember('cvs_flags',1);