5 * Copyright 2004, GForge, LLC
6 * Copyright 2009, Roland Mas
8 * This file is part of FusionForge.
10 * FusionForge is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License as published
12 * by the Free Software Foundation; either version 2 of the License,
13 * or (at your option) any later version.
15 * FusionForge is distributed in the hope that it will be useful, but
16 * WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
18 * General Public License for more details.
20 * You should have received a copy of the GNU General Public License
21 * along with FusionForge; if not, write to the Free Software
22 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
26 require_once $gfcommon.'include/rbac_texts.php' ;
28 class Role extends Error {
34 var $role_values=array(
35 'projectadmin'=>array('0','A'),
36 'frs'=>array('0','1'),
37 'scm'=>array('-1','0','1'),
38 'docman'=>array('0','1'),
39 'forumadmin'=>array('0','2'),
40 'forum'=>array('-1','0','1','2'),
41 'trackeradmin'=>array('0','2'),
42 'tracker'=>array('-1','0','1','2','3'),
43 'pmadmin'=>array('0','2'),
44 'pm'=>array('-1','0','1','2','3'),
45 'webcal'=>array('0','1','2'));
48 'Admin'=>array( 'projectadmin'=>'A', 'frs'=>'1', 'scm'=>'1', 'docman'=>'1', 'forumadmin'=>'2', 'forum'=>'2', 'trackeradmin'=>'2', 'tracker'=>'2', 'pmadmin'=>'2', 'pm'=>'2', 'webcal'=>'1' ),
49 'Senior Developer'=>array( 'projectadmin'=>'0', 'frs'=>'1', 'scm'=>'1', 'docman'=>'1', 'forumadmin'=>'2', 'forum'=>'2', 'trackeradmin'=>'2', 'tracker'=>'2', 'pmadmin'=>'2', 'pm'=>'2', 'webcal'=>'2' ),
50 'Junior Developer'=>array( 'projectadmin'=>'0', 'frs'=>'0', 'scm'=>'1', 'docman'=>'0', 'forumadmin'=>'0', 'forum'=>'1', 'trackeradmin'=>'0', 'tracker'=>'1', 'pmadmin'=>'0', 'pm'=>'1', 'webcal'=>'2' ),
51 'Doc Writer'=>array( 'projectadmin'=>'0', 'frs'=>'0', 'scm'=>'0', 'docman'=>'1', 'forumadmin'=>'0', 'forum'=>'1', 'trackeradmin'=>'0', 'tracker'=>'0', 'pmadmin'=>'0', 'pm'=>'0' , 'webcal'=>'2'),
52 'Support Tech'=>array( 'projectadmin'=>'0', 'frs'=>'0', 'scm'=>'0', 'docman'=>'1', 'forumadmin'=>'0', 'forum'=>'1', 'trackeradmin'=>'0', 'tracker'=>'2', 'pmadmin'=>'0', 'pm'=>'0' , 'webcal'=>'2')
56 * Role($group,$id) - CONSTRUCTOR.
58 * @param object The Group object.
59 * @param int The role_id.
61 function Role ($Group,$role_id=false) {
63 if (!$Group || !is_object($Group) || $Group->isError()) {
64 $this->setError('Role::'.$Group->getErrorMessage());
67 $this->Group =& $Group;
69 $hook_params = array ();
70 $hook_params['role'] =& $this;
71 plugin_hook ("role_get", $hook_params);
75 //setting up an empty object
76 //probably going to call create()
79 return $this->fetchData($role_id);
83 * getID - get the ID of this role.
85 * @return integer The ID Number.
88 return $this->data_array['role_id'];
92 * getName - get the name of this role.
94 * @return string The name of this role.
97 return $this->data_array['role_name'];
101 * create - create a new role in the database.
103 * @param string The name of the role.
104 * @param array A multi-dimensional array of data in this format: $data['section_name']['ref_id']=$val
105 * @return integer The id on success or false on failure.
107 function create($role_name,$data) {
108 $perm =& $this->Group->getPermission( session_get_user() );
109 if (!$perm || !is_object($perm) || $perm->isError() || !$perm->isAdmin()) {
110 $this->setPermissionDeniedError();
115 $res = db_query_params ('INSERT INTO role (group_id, role_name) VALUES ($1, $2)',
116 array ($this->Group->getID(),
117 htmlspecialchars($role_name))) ;
119 $this->setError('create::'.db_error());
123 $role_id=db_insertid($res,'role','role_id');
125 $this->setError('create::db_insertid::'.db_error());
130 $arr1 = array_keys($data);
131 for ($i=0; $i<count($arr1); $i++) {
132 // array_values($Report->adjust_days)
133 $arr2 = array_keys($data[$arr1[$i]]);
134 for ($j=0; $j<count($arr2); $j++) {
135 $usection_name=$arr1[$i];
137 $uvalue=$data[$arr1[$i]][$arr2[$j]];
144 $res = db_query_params ('INSERT INTO role_setting (role_id,section_name,ref_id,value) VALUES ($1,$2,$3,$4)',
150 $this->setError('create::insertsetting::'.db_error());
160 function createDefault($name) {
161 //echo '<html><body><pre>';
163 //print_r($this->defaults);
164 $arr =& $this->defaults[$name];
165 $keys = array_keys($arr);
172 for ($i=0; $i<count($keys); $i++) {
174 if ($keys[$i] == 'forum') {
175 $res = db_query_params ('SELECT group_forum_id FROM forum_group_list WHERE group_id=$1',
176 array ($this->Group->getID())) ;
178 $this->setError('Error: Forum'.db_error());
181 for ($j=0; $j<db_numrows($res); $j++) {
182 $data[$keys[$i]][db_result($res,$j,'group_forum_id')]= $arr[$keys[$i]];
184 } elseif ($keys[$i] == 'pm') {
185 $res = db_query_params ('SELECT group_project_id FROM project_group_list WHERE group_id=$1',
186 array ($this->Group->getID())) ;
188 $this->setError('Error: TaskMgr'.db_error());
191 for ($j=0; $j<db_numrows($res); $j++) {
192 $data[$keys[$i]][db_result($res,$j,'group_project_id')]= $arr[$keys[$i]];
194 } elseif ($keys[$i] == 'tracker') {
195 $res = db_query_params ('SELECT group_artifact_id FROM artifact_group_list WHERE group_id=$1',
196 array ($this->Group->getID())) ;
198 $this->setError('Error: Tracker'.db_error());
201 for ($j=0; $j<db_numrows($res); $j++) {
202 $data[$keys[$i]][db_result($res,$j,'group_artifact_id')]= $arr[$keys[$i]];
205 $data[$keys[$i]][0]= $arr[$keys[$i]];
211 return $this->create($name,$data);
215 * fetchData - May need to refresh database fields.
217 * If an update occurred and you need to access the updated info.
219 * @return boolean success;
221 function fetchData($role_id) {
222 unset($this->data_array);
223 unset($this->setting_array);
224 $res = db_query_params ('SELECT * FROM role WHERE role_id=$1',
226 if (!$res || db_numrows($res) < 1) {
227 $this->setError('Role::fetchData()::'.db_error());
230 $this->data_array =& db_fetch_array($res);
231 $res = db_query_params ('SELECT * FROM role_setting WHERE role_id=$1',
234 $this->setError('Role::fetchData()::'.db_error());
237 $this->setting_array=array();
238 while ($arr =& db_fetch_array($res)) {
239 $this->setting_array[$arr['section_name']][$arr['ref_id']] = $arr['value'];
245 * &getRoleVals - get all the values and language text strings for this section.
247 * @return array Assoc array of values for this section.
249 function &getRoleVals($section) {
250 global $role_vals, $rbac_permission_names;
253 // Optimization - save array so it is only built once per page view
255 if (!isset($role_vals[$section])) {
257 for ($i=0; $i<count($this->role_values[$section]); $i++) {
259 // Build an associative array of these key values + localized description
261 $role_vals[$section][$this->role_values[$section][$i]]=$rbac_permission_names["$section".$this->role_values[$section][$i]];
264 return $role_vals[$section];
268 * getVal - get a value out of the array of settings for this role.
270 * @param string The name of the role.
271 * @param integer The ref_id (ex: group_artifact_id, group_forum_id) for this item.
272 * @return integer The value of this item.
274 function getVal($section,$ref_id) {
275 global $role_default_array;
279 return $this->setting_array[$section][$ref_id];
283 * update - update a new in the database.
285 * @param string The name of the role.
286 * @param array A multi-dimensional array of data in this format: $data['section_name']['ref_id']=$val
287 * @return boolean True on success or false on failure.
289 function update($role_name,$data) {
292 // Cannot update role_id=1
294 if ($this->getID() == 1) {
295 $this->setError('Cannot Update Default Role');
298 $perm =& $this->Group->getPermission( session_get_user() );
299 if (!$perm || !is_object($perm) || $perm->isError() || !$perm->isAdmin()) {
300 $this->setPermissionDeniedError();
306 if ($this->getName() != stripslashes($role_name)) {
307 $res = db_query_params ('UPDATE role SET role_name=$1 WHERE group_id=$2 AND role_id=$3',
308 array (htmlspecialchars($role_name),
309 $this->Group->getID(),
311 if (!$res || db_affected_rows($res) < 1) {
312 $this->setError('update::name::'.db_error());
317 ////$data['section_name']['ref_id']=$val
318 $arr1 = array_keys($data);
319 for ($i=0; $i<count($arr1); $i++) {
320 // array_values($Report->adjust_days)
321 $arr2 = array_keys($data[$arr1[$i]]);
322 for ($j=0; $j<count($arr2); $j++) {
323 $usection_name=$arr1[$i];
325 $uvalue=$data[$usection_name][$uref_id];
333 // See if this setting changed. If so, then update it
335 // if ($this->getVal($usection_name,$uref_id) != $uvalue) {
336 $res = db_query_params ('UPDATE role_setting SET value=$1 WHERE role_id=$2 AND section_name=$3 AND ref_id=$4',
341 if (!$res || db_affected_rows($res) < 1) {
342 $res = db_query_params ('INSERT INTO role_setting (role_id, section_name, ref_id, value) VALUES ($1, $2, $3, $4)',
343 array ($this->getID(),
348 $this->setError('update::rolesettinginsert::'.db_error());
353 if ($usection_name == 'frs') {
354 $update_usergroup=true;
355 } elseif ($usection_name == 'scm') {
356 //$update_usergroup=true;
358 //iterate all users with this role
359 $res = db_query_params ('SELECT user_id FROM user_group WHERE role_id=$1',
360 array ($this->getID())) ;
361 for ($z=0; $z<db_numrows($res); $z++) {
363 //TODO - Shell should be separate flag
364 // If user acquired admin access to CVS,
365 // one to be given normal shell on CVS machine,
366 // else - restricted.
368 $cvs_flags=$data['scm'][0];
369 $res2 = db_query_params ('UPDATE user_group SET cvs_flags=$1 WHERE user_id=$2',
371 db_result($res,$z,'user_id')));
373 $this->setError('update::scm::'.db_error());
377 // I have doubt the following is usefull
378 // This is probably buggy if used
380 if (!$SYS->sysUserSetAttribute($user_id,"debGforgeCvsShell","/bin/bash")) {
381 $this->setError($SYS->getErrorMessage());
386 if (!$SYS->sysUserSetAttribute($user_id,"debGforgeCvsShell","/bin/cvssh")) {
387 $this->setError($SYS->getErrorMessage());
394 // If user acquired at least commit access to CVS,
395 // one to be promoted to CVS group, else, demoted.
398 if (!$SYS->sysGroupAddUser($this->Group->getID(),db_result($res,$z,'user_id'),1)) {
399 $this->setError($SYS->getErrorMessage());
404 if (!$SYS->sysGroupRemoveUser($this->Group->getID(),db_result($res,$z,'user_id'),1)) {
405 $this->setError($SYS->getErrorMessage());
413 } elseif ($usection_name == 'docman') {
414 $update_usergroup=true;
415 } elseif ($usection_name == 'forumadmin') {
416 $update_usergroup=true;
417 } elseif ($usection_name == 'trackeradmin') {
418 $update_usergroup=true;
419 } elseif ($usection_name == 'projectadmin') {
420 $update_usergroup=true;
421 } elseif ($usection_name == 'pmadmin') {
422 $update_usergroup=true;
427 // if ($update_usergroup) {
428 $res = db_query_params ('UPDATE user_group
437 array ($data['projectadmin'][0],
438 $data['forumadmin'][0],
443 $data['trackeradmin'][0],
446 $this->setError('update::usergroup::'.db_error());
453 $hook_params = array ();
454 $hook_params['role'] =& $this;
455 $hook_params['role_id'] = $this->getID();
456 $hook_params['data'] = $data;
457 plugin_hook ("role_update", $hook_params);
461 $this->fetchData($this->getID());
465 function setUser($user_id) {
467 $perm =& $this->Group->getPermission( session_get_user() );
468 if (!$perm || !is_object($perm) || $perm->isError() || !$perm->isAdmin()) {
469 $this->setPermissionDeniedError();
476 // See if role is actually changing
478 $res = db_query_params ('SELECT role_id FROM user_group WHERE user_id=$1 AND group_id=$2',
480 $this->Group->getID())) ;
481 $old_roleid=db_result($res,0,0);
482 if ($this->getID() == $old_roleid) {
487 // Get the old role so we can compare new values to old
489 $oldrole= new Role($this->Group,$old_roleid);
490 if (!$oldrole || !is_object($oldrole) || $oldrole->isError()) {
491 $this->setError($oldrole->getErrorMessage());
497 // Iterate each setting to see if it's changing
498 // If not, no sense updating it
500 $arr1 = array_keys($this->setting_array);
501 for ($i=0; $i<count($arr1); $i++) {
502 // array_values($Report->adjust_days)
503 $arr2 = array_keys($this->setting_array[$arr1[$i]]);
504 for ($j=0; $j<count($arr2); $j++) {
505 $usection_name=$arr1[$i];
507 $uvalue=$this->setting_array[$usection_name][$uref_id];
515 // See if this setting changed. If so, then update it
517 // if (($this->getVal($usection_name,$uref_id) != $oldrole->getVal($usection_name,$uref_id)) || ($old_roleid == 1)) {
518 if ($usection_name == 'frs') {
519 $update_usergroup=true;
520 } elseif ($usection_name == 'scm') {
521 //TODO - Shell should be separate flag
522 // If user acquired admin access to CVS,
523 // one to be given normal shell on CVS machine,
524 // else - restricted.
526 $cvs_flags=$this->getVal('scm',0);
527 $res2 = db_query_params ('UPDATE user_group SET cvs_flags=$1 WHERE user_id=$2 AND group_id=$3',
530 $this->Group->getID())) ;
532 $this->setError('update::scm::'.db_error());
536 // I have doubt the following is usefull
537 // This is probably buggy if used
539 if (!$SYS->sysUserSetAttribute($user_id,"debGforgeCvsShell","/bin/bash")) {
540 $this->setError($SYS->getErrorMessage());
545 if (!$SYS->sysUserSetAttribute($user_id,"debGforgeCvsShell","/bin/cvssh")) {
546 $this->setError($SYS->getErrorMessage());
553 // If user acquired at least commit access to CVS,
554 // one to be promoted to CVS group, else, demoted.
555 // When we add the user we also check he has a shell as a group member
556 // When we remove we only check for SCM (cvs_only=1)
559 //echo "<h3>Role::setUser SYS->sysGroupAddUser(".$this->Group->getID().",$user_id,1)</h3>";
560 if (!$SYS->sysGroupAddUser($this->Group->getID(),$user_id,0)) {
561 $this->setError($SYS->getErrorMessage());
566 //echo "<h3>Role::setUser SYS->sysGroupRemoveUser(".$this->Group->getID().",$user_id,1)</h3>";
567 if (!$SYS->sysGroupRemoveUser($this->Group->getID(),$user_id,1)) {
568 $this->setError($SYS->getErrorMessage());
574 } elseif ($usection_name == 'docman') {
575 $update_usergroup=true;
576 } elseif ($usection_name == 'forumadmin') {
577 $update_usergroup=true;
578 } elseif ($usection_name == 'trackeradmin') {
579 $update_usergroup=true;
580 } elseif ($usection_name == 'projectadmin') {
581 $update_usergroup=true;
582 } elseif ($usection_name == 'pmadmin') {
583 $update_usergroup=true;
588 // if ($update_usergroup) {
589 $res = db_query_params ('UPDATE user_group
598 WHERE user_id=$9 AND group_id=10',
599 array ($this->getVal('projectadmin',0),
600 $this->getVal('forumadmin',0),
601 $this->getVal('pmadmin',0),
602 $this->getVal('docman',0),
603 $this->getVal('scm',0),
604 $this->getVal('frs',0),
605 $this->getVal('trackeradmin',0),
608 $this->Group->getID()));
610 $this->setError('update::usergroup::'.db_error());
617 $hook_params = array ();
618 $hook_params['role'] =& $this;
619 $hook_params['role_id'] = $this->getID();
620 $hook_params['user_id'] = $user_id;
621 plugin_hook ("role_setuser", $hook_params);
633 // c-file-style: "bsd"