3 * FusionForge permissions
5 * Copyright 1999-2001, VA Linux Systems, Inc.
6 * Copyright 2002-2004, GForge, LLC
7 * Copyright 2009, Roland Mas
9 * This file is part of FusionForge.
11 * FusionForge is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published
13 * by the Free Software Foundation; either version 2 of the License,
14 * or (at your option) any later version.
16 * FusionForge is distributed in the hope that it will be useful, but
17 * WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
19 * General Public License for more details.
21 * You should have received a copy of the GNU General Public License
22 * along with FusionForge; if not, write to the Free Software
23 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
27 require_once $gfcommon.'include/Error.class.php';
29 $PERMISSION_OBJ=array();
32 * permission_get_object() - Get permission objects
34 * permission_get_object is useful so you can pool Permission objects/save database queries
35 * You should always use this instead of instantiating the object directly
37 * @param object The Group in question
38 * @param object The User needing Permission
39 * @return a Permission or false on failure
42 function &permission_get_object(&$_Group, &$_User) {
43 //create a common set of Permission objects
44 //saves a little wear on the database
46 global $PERMISSION_OBJ;
48 if (is_object($_Group)) {
49 $group_id = $_Group->getID();
54 if (is_object($_User)) {
55 $user_id = $_User->getID();
57 //invalid object, probably from user not being logged in
61 if (!isset($PERMISSION_OBJ["_".$group_id."_".$user_id])) {
62 $PERMISSION_OBJ["_".$group_id."_".$user_id]= new Permission($_Group, $_User);
64 return $PERMISSION_OBJ["_".$group_id."_".$user_id];
67 class Permission extends Error {
69 * Associative array of data from db.
71 * @var array $data_array.
90 * Whether the user is an admin/super user of this project.
92 * @var bool $is_admin.
97 * Whether the user is an admin/super user of the entire site.
99 * @var bool $is_site_admin.
104 * Constructor for this object.
106 * @param object Group Object required.
107 * @param object User Object required.
110 function Permission (&$_Group, &$_User) {
111 if (!$_Group || !is_object($_Group)) {
112 $this->setError('No Valid Group Object');
115 if ($_Group->isError()) {
116 $this->setError('Permission: '.$_Group->getErrorMessage());
119 $this->Group =& $_Group;
121 if (!$_User || !is_object($_User)) {
122 $this->setError('No Valid User Object');
125 if ($_User->isError()) {
126 $this->setError('Permission: '.$_User->getErrorMessage());
129 $this->User =& $_User;
131 if (!$this->fetchData()) {
139 * fetchData - fetch the data for this Permission from the database.
141 * @return boolean success.
144 function fetchData() {
145 $res = db_query_params ('SELECT * FROM user_group WHERE user_id=$1 AND group_id=$2',
146 array ($this->User->getID(),
147 $this->Group->getID())) ;
148 if (!$res || db_numrows($res) < 1) {
149 $this->setError('Permission: User Not Found');
151 if ($this->setUpSuperUser()) {
155 $this->data_array = db_fetch_array($res);
156 if (trim($this->data_array['admin_flags']) == 'A') {
157 $this->is_admin=true;
159 $this->setUpSuperUser();
161 db_free_result($res);
167 * setUpSuperUser - check to see if this User is a site super-user.
169 * @return boolean is_super_user.
172 function setUpSuperUser() {
174 // see if they are a site super-user
175 // if not a member of this group
177 if ($this->isSuperUser()) {
179 $this->is_admin = true;
187 * getUser - get the User object this Permission is associated with.
189 * @return object The User object.
191 function &getUser() {
196 * getGroup - get the Group object this Permission is associated with.
198 * @return the Group object.
200 function &getGroup() {
205 * isSuperUser - whether the current user has site admin privilege.
207 * @return boolean is_super_user.
209 function isSuperUser() {
210 if (isset($this->is_site_admin)) {
211 return $this->is_site_admin;
214 $res = db_query_params ('SELECT count(*) AS count FROM user_group WHERE user_id=$1 AND group_id=1 AND admin_flags=$2',
215 array ($this->User->getID(),
217 $row_count = db_fetch_array($res);
218 $this->is_site_admin = $res && $row_count['count'] > 0;
219 db_free_result($res);
221 return $this->is_site_admin;
225 * isForumAdmin - whether the current user has form admin perms.
227 * @return boolean is_forum_admin.
229 function isForumAdmin() {
230 return $this->isMember('forum_flags',2);
234 * isDocEditor - whether the current user has form doc editor perms.
236 * @return boolean is_doc_editor.
238 function isDocEditor() {
239 return $this->isMember('doc_flags',1);
243 * isReleaseTechnician - whether the current user has FRS admin perms.
245 * @return boolean is_release_technician.
247 function isReleaseTechnician() {
248 return $this->isMember('release_flags',1);
252 * isArtifactAdmin - whether the current user has artifact admin perms.
254 * @return boolean is_artifact_admin.
256 function isArtifactAdmin() {
257 return $this->isMember('artifact_flags',2);
261 * isPMAdmin - whether the current user has Tasks admin perms.
263 * @return boolean is_projman_admin.
265 function isPMAdmin() {
266 return $this->isMember('project_flags',2);
270 * isMember - Simple test to see if the current user is a member of this project.
272 * Can optionally pass in vars to test other permissions.
274 * @param string The field to check.
275 * @param int The value that $field should have.
276 * @return boolean is_member.
278 function isMember($field='user_id',$value='-1') {
279 if ($this->isAdmin()) {
280 //admins are tested first so that super-users can return true
281 //and admins of a project should always have full privileges
285 $arr =& $this->getPermData();
286 if ($arr[$field] >= $value) {
295 * isAdmin - User is an admin of the project or admin of the entire site.
297 * @return boolean is_admin.
300 return $this->is_admin;
304 * getPermData - returns the assocative array from the db.
306 * @return array The array of data.
309 function &getPermData() {
310 return $this->data_array;
314 * isCVSReader - checks the cvs_flags field in user_group table.
316 * @return boolean cvs_flags
318 function isCVSReader() {
319 return $this->isMember('cvs_flags',0);
323 * isCVSWriter - checks if the user has CVS write access.
325 * @return boolean cvs_flags
327 function isCVSWriter() {
328 return $this->isMember('cvs_flags',1);
334 // c-file-style: "bsd"