5 * Copyright 2004 (c) GForge LLC
8 * @author Tim Perdue tim@gforge.org
11 * This file is part of GForge.
13 * GForge is free software; you can redistribute it and/or modify
14 * it under the terms of the GNU General Public License as published by
15 * the Free Software Foundation; either version 2 of the License, or
16 * (at your option) any later version.
18 * GForge is distributed in the hope that it will be useful,
19 * but WITHOUT ANY WARRANTY; without even the implied warranty of
20 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21 * GNU General Public License for more details.
23 * You should have received a copy of the GNU General Public License
24 * along with GForge; if not, write to the Free Software
25 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
29 require_once ('common/include/rbac_texts.php') ;
31 class Role extends Error {
37 var $role_values=array(
38 'projectadmin'=>array('0','A'),
39 'frs'=>array('0','1'),
40 'scm'=>array('-1','0','1'),
41 'docman'=>array('0','1'),
42 'forumadmin'=>array('0','2'),
43 'forum'=>array('-1','0','1','2'),
44 'trackeradmin'=>array('0','2'),
45 'tracker'=>array('-1','0','1','2','3'),
46 'pmadmin'=>array('0','2'),
47 'pm'=>array('-1','0','1','2','3'),
48 'webcal'=>array('0','1','2'));
51 'Admin'=>array( 'projectadmin'=>'A', 'frs'=>'1', 'scm'=>'1', 'docman'=>'1', 'forumadmin'=>'2', 'forum'=>'2', 'trackeradmin'=>'2', 'tracker'=>'2', 'pmadmin'=>'2', 'pm'=>'2', 'webcal'=>'1' ),
52 'Senior Developer'=>array( 'projectadmin'=>'0', 'frs'=>'1', 'scm'=>'1', 'docman'=>'1', 'forumadmin'=>'2', 'forum'=>'2', 'trackeradmin'=>'2', 'tracker'=>'2', 'pmadmin'=>'2', 'pm'=>'2', 'webcal'=>'2' ),
53 'Junior Developer'=>array( 'projectadmin'=>'0', 'frs'=>'0', 'scm'=>'1', 'docman'=>'0', 'forumadmin'=>'0', 'forum'=>'1', 'trackeradmin'=>'0', 'tracker'=>'1', 'pmadmin'=>'0', 'pm'=>'1', 'webcal'=>'2' ),
54 'Doc Writer'=>array( 'projectadmin'=>'0', 'frs'=>'0', 'scm'=>'0', 'docman'=>'1', 'forumadmin'=>'0', 'forum'=>'1', 'trackeradmin'=>'0', 'tracker'=>'0', 'pmadmin'=>'0', 'pm'=>'0' , 'webcal'=>'2'),
55 'Support Tech'=>array( 'projectadmin'=>'0', 'frs'=>'0', 'scm'=>'0', 'docman'=>'1', 'forumadmin'=>'0', 'forum'=>'1', 'trackeradmin'=>'0', 'tracker'=>'2', 'pmadmin'=>'0', 'pm'=>'0' , 'webcal'=>'2')
59 * Role($group,$id) - CONSTRUCTOR.
61 * @param object The Group object.
62 * @param int The role_id.
64 function Role ($Group,$role_id=false) {
66 if (!$Group || !is_object($Group) || $Group->isError()) {
67 $this->setError('Role::'.$Group->getErrorMessage());
70 $this->Group =& $Group;
72 //setting up an empty object
73 //probably going to call create()
76 return $this->fetchData($role_id);
80 * getID - get the ID of this role.
82 * @return integer The ID Number.
85 return $this->data_array['role_id'];
89 * getName - get the name of this role.
91 * @return string The name of this role.
94 return $this->data_array['role_name'];
98 * create - create a new role in the database.
100 * @param string The name of the role.
101 * @param array A multi-dimensional array of data in this format: $data['section_name']['ref_id']=$val
102 * @return integer The id on success or false on failure.
104 function create($role_name,$data) {
105 $perm =& $this->Group->getPermission( session_get_user() );
106 if (!$perm || !is_object($perm) || $perm->isError() || !$perm->isAdmin()) {
107 $this->setPermissionDeniedError();
112 $sql="INSERT INTO role (group_id,role_name)
113 VALUES ('".$this->Group->getID()."','".htmlspecialchars($role_name)."')";
117 $this->setError('create::'.db_error());
121 $role_id=db_insertid($res,'role','role_id');
123 $this->setError('create::db_insertid::'.db_error());
128 $arr1 = array_keys($data);
129 for ($i=0; $i<count($arr1); $i++) {
130 // array_values($Report->adjust_days)
131 $arr2 = array_keys($data[$arr1[$i]]);
132 for ($j=0; $j<count($arr2); $j++) {
133 $usection_name=$arr1[$i];
135 $uvalue=$data[$arr1[$i]][$arr2[$j]];
142 $sql="INSERT INTO role_setting (role_id,section_name,ref_id,value)
143 values ('$role_id','$usection_name', '$uref_id','$uvalue')";
147 $this->setError('create::insertsetting::'.db_error());
157 function createDefault($name) {
158 //echo '<html><body><pre>';
160 //print_r($this->defaults);
161 $arr =& $this->defaults[$name];
162 $keys = array_keys($arr);
169 for ($i=0; $i<count($keys); $i++) {
171 if ($keys[$i] == 'forum') {
172 $res=db_query("SELECT group_forum_id
173 FROM forum_group_list
174 WHERE group_id='".$this->Group->getID()."'");
176 $this->setError('Error: Forum'.db_error());
179 for ($j=0; $j<db_numrows($res); $j++) {
180 $data[$keys[$i]][db_result($res,$j,'group_forum_id')]= $arr[$keys[$i]];
182 } elseif ($keys[$i] == 'pm') {
183 $res=db_query("SELECT group_project_id
184 FROM project_group_list
185 WHERE group_id='".$this->Group->getID()."'");
187 $this->setError('Error: TaskMgr'.db_error());
190 for ($j=0; $j<db_numrows($res); $j++) {
191 $data[$keys[$i]][db_result($res,$j,'group_project_id')]= $arr[$keys[$i]];
193 } elseif ($keys[$i] == 'tracker') {
194 $res=db_query("SELECT group_artifact_id
195 FROM artifact_group_list
196 WHERE group_id='".$this->Group->getID()."'");
198 $this->setError('Error: Tracker'.db_error());
201 for ($j=0; $j<db_numrows($res); $j++) {
202 $data[$keys[$i]][db_result($res,$j,'group_artifact_id')]= $arr[$keys[$i]];
205 $data[$keys[$i]][0]= $arr[$keys[$i]];
211 return $this->create($name,$data);
215 * fetchData - May need to refresh database fields.
217 * If an update occurred and you need to access the updated info.
219 * @return boolean success;
221 function fetchData($role_id) {
222 unset($this->data_array);
223 unset($this->setting_array);
224 $res=db_query("SELECT * FROM role WHERE role_id='$role_id'");
225 if (!$res || db_numrows($res) < 1) {
226 $this->setError('Role::fetchData()::'.db_error());
229 $this->data_array =& db_fetch_array($res);
230 $res=db_query("SELECT * FROM role_setting WHERE role_id='$role_id'");
232 $this->setError('Role::fetchData()::'.db_error());
235 $this->setting_array=array();
236 while ($arr =& db_fetch_array($res)) {
237 $this->setting_array[$arr['section_name']][$arr['ref_id']] = $arr['value'];
243 * &getRoleVals - get all the values and language text strings for this section.
245 * @return array Assoc array of values for this section.
247 function &getRoleVals($section) {
251 // Optimization - save array so it is only built once per page view
253 if (!isset($role_vals[$section])) {
255 for ($i=0; $i<count($this->role_values[$section]); $i++) {
257 // Build an associative array of these key values + localized description
259 $role_vals[$section][$this->role_values[$section][$i]]=$rbac_permission_names["$section".$this->role_values[$section][$i]];
262 return $role_vals[$section];
266 * getVal - get a value out of the array of settings for this role.
268 * @param string The name of the role.
269 * @param integer The ref_id (ex: group_artifact_id, group_forum_id) for this item.
270 * @return integer The value of this item.
272 function getVal($section,$ref_id) {
273 global $role_default_array;
277 return $this->setting_array[$section][$ref_id];
281 * update - update a new in the database.
283 * @param string The name of the role.
284 * @param array A multi-dimensional array of data in this format: $data['section_name']['ref_id']=$val
285 * @return boolean True on success or false on failure.
287 function update($role_name,$data) {
290 // Cannot update role_id=1
292 if ($this->getID() == 1) {
293 $this->setError('Cannot Update Default Role');
296 $perm =& $this->Group->getPermission( session_get_user() );
297 if (!$perm || !is_object($perm) || $perm->isError() || !$perm->isAdmin()) {
298 $this->setPermissionDeniedError();
304 if ($this->getName() != stripslashes($role_name)) {
306 SET role_name='".htmlspecialchars($role_name)."'
307 WHERE group_id='".$this->Group->getID()."'
308 AND role_id='".$this->getID()."'";
311 if (!$res || db_affected_rows($res) < 1) {
312 $this->setError('update::name::'.db_error());
317 ////$data['section_name']['ref_id']=$val
318 $arr1 = array_keys($data);
319 for ($i=0; $i<count($arr1); $i++) {
320 // array_values($Report->adjust_days)
321 $arr2 = array_keys($data[$arr1[$i]]);
322 for ($j=0; $j<count($arr2); $j++) {
323 $usection_name=$arr1[$i];
325 $uvalue=$data[$usection_name][$uref_id];
333 // See if this setting changed. If so, then update it
335 // if ($this->getVal($usection_name,$uref_id) != $uvalue) {
336 $sql="UPDATE role_setting
338 WHERE role_id='".$this->getID()."'
339 AND section_name='$usection_name'
340 AND ref_id='$uref_id'";
343 if (!$res || db_affected_rows($res) < 1) {
344 $sql="INSERT INTO role_setting (role_id,section_name,ref_id,value)
345 values ('".$this->getID()."','$usection_name', '$uref_id','$uvalue')";
349 $this->setError('update::rolesettinginsert::'.db_error());
354 if ($usection_name == 'frs') {
355 $update_usergroup=true;
356 } elseif ($usection_name == 'scm') {
357 //$update_usergroup=true;
359 //iterate all users with this role
360 $res=db_query("SELECT user_id
362 WHERE role_id='".$this->getID()."'");
363 for ($z=0; $z<db_numrows($res); $z++) {
365 //TODO - Shell should be separate flag
366 // If user acquired admin access to CVS,
367 // one to be given normal shell on CVS machine,
368 // else - restricted.
370 $cvs_flags=$data['scm'][0];
371 $sql="UPDATE user_group
372 SET cvs_flags=".$cvs_flags."
373 WHERE user_id=".db_result($res,$z,'user_id')." AND role_id=".$this->getID();
374 //echo '<h1>'.$data['scm'][0].'::'.$sql.'</h1>';
375 $res2=db_query($sql);
377 $this->setError('update::scm::'.db_error());
381 // I have doubt the following is usefull
382 // This is probably buggy if used
384 if (!$SYS->sysUserSetAttribute($user_id,"debGforgeCvsShell","/bin/bash")) {
385 $this->setError($SYS->getErrorMessage());
390 if (!$SYS->sysUserSetAttribute($user_id,"debGforgeCvsShell","/bin/cvssh")) {
391 $this->setError($SYS->getErrorMessage());
398 // If user acquired at least commit access to CVS,
399 // one to be promoted to CVS group, else, demoted.
402 if (!$SYS->sysGroupAddUser($this->Group->getID(),db_result($res,$z,'user_id'),1)) {
403 $this->setError($SYS->getErrorMessage());
408 if (!$SYS->sysGroupRemoveUser($this->Group->getID(),db_result($res,$z,'user_id'),1)) {
409 $this->setError($SYS->getErrorMessage());
417 } elseif ($usection_name == 'docman') {
418 $update_usergroup=true;
419 } elseif ($usection_name == 'forumadmin') {
420 $update_usergroup=true;
421 } elseif ($usection_name == 'trackeradmin') {
422 $update_usergroup=true;
423 } elseif ($usection_name == 'projectadmin') {
424 $update_usergroup=true;
425 } elseif ($usection_name == 'pmadmin') {
426 $update_usergroup=true;
431 // if ($update_usergroup) {
432 $sql="UPDATE user_group
434 admin_flags='".$data['projectadmin'][0]."',
435 forum_flags='".$data['forumadmin'][0]."',
436 project_flags='".$data['pmadmin'][0]."',
437 doc_flags='".$data['docman'][0]."',
438 cvs_flags='".$data['scm'][0]."',
439 release_flags='".$data['frs'][0]."',
440 artifact_flags='".$data['trackeradmin'][0]."'
441 WHERE role_id='".$this->getID()."'";
445 $this->setError('update::usergroup::'.db_error());
452 $this->fetchData($this->getID());
456 function setUser($user_id) {
458 $perm =& $this->Group->getPermission( session_get_user() );
459 if (!$perm || !is_object($perm) || $perm->isError() || !$perm->isAdmin()) {
460 $this->setPermissionDeniedError();
467 // See if role is actually changing
469 $res=db_query("SELECT role_id FROM user_group
470 WHERE user_id='$user_id'
471 AND group_id='".$this->Group->getID()."'");
472 $old_roleid=db_result($res,0,0);
473 if ($this->getID() == $old_roleid) {
478 // Get the old role so we can compare new values to old
480 $oldrole= new Role($this->Group,$old_roleid);
481 if (!$oldrole || !is_object($oldrole) || $oldrole->isError()) {
482 $this->setError($oldrole->getErrorMessage());
488 // Iterate each setting to see if it's changing
489 // If not, no sense updating it
491 $arr1 = array_keys($this->setting_array);
492 for ($i=0; $i<count($arr1); $i++) {
493 // array_values($Report->adjust_days)
494 $arr2 = array_keys($this->setting_array[$arr1[$i]]);
495 for ($j=0; $j<count($arr2); $j++) {
496 $usection_name=$arr1[$i];
498 $uvalue=$this->setting_array[$usection_name][$uref_id];
506 // See if this setting changed. If so, then update it
508 // if (($this->getVal($usection_name,$uref_id) != $oldrole->getVal($usection_name,$uref_id)) || ($old_roleid == 1)) {
509 if ($usection_name == 'frs') {
510 $update_usergroup=true;
511 } elseif ($usection_name == 'scm') {
512 //TODO - Shell should be separate flag
513 // If user acquired admin access to CVS,
514 // one to be given normal shell on CVS machine,
515 // else - restricted.
517 $cvs_flags=$this->getVal('scm',0);
518 $sql="UPDATE user_group
519 SET cvs_flags=".$cvs_flags."
520 WHERE user_id=".$user_id."
521 AND group_id='".$this->Group->getID()."'";
522 //echo '<h1>'.$cvs_flags.'::'.$sql.'</h1>';
523 $res2=db_query($sql);
525 $this->setError('update::scm::'.db_error());
529 // I have doubt the following is usefull
530 // This is probably buggy if used
532 if (!$SYS->sysUserSetAttribute($user_id,"debGforgeCvsShell","/bin/bash")) {
533 $this->setError($SYS->getErrorMessage());
538 if (!$SYS->sysUserSetAttribute($user_id,"debGforgeCvsShell","/bin/cvssh")) {
539 $this->setError($SYS->getErrorMessage());
546 // If user acquired at least commit access to CVS,
547 // one to be promoted to CVS group, else, demoted.
548 // When we add the user we also check he has a shell as a group member
549 // When we remove we only check for SCM (cvs_only=1)
552 //echo "<h3>Role::setUser SYS->sysGroupAddUser(".$this->Group->getID().",$user_id,1)</h3>";
553 if (!$SYS->sysGroupAddUser($this->Group->getID(),$user_id,0)) {
554 $this->setError($SYS->getErrorMessage());
559 //echo "<h3>Role::setUser SYS->sysGroupRemoveUser(".$this->Group->getID().",$user_id,1)</h3>";
560 if (!$SYS->sysGroupRemoveUser($this->Group->getID(),$user_id,1)) {
561 $this->setError($SYS->getErrorMessage());
567 } elseif ($usection_name == 'docman') {
568 $update_usergroup=true;
569 } elseif ($usection_name == 'forumadmin') {
570 $update_usergroup=true;
571 } elseif ($usection_name == 'trackeradmin') {
572 $update_usergroup=true;
573 } elseif ($usection_name == 'projectadmin') {
574 $update_usergroup=true;
575 } elseif ($usection_name == 'pmadmin') {
576 $update_usergroup=true;
581 // if ($update_usergroup) {
582 $sql="UPDATE user_group
584 admin_flags='".$this->getVal('projectadmin',0)."',
585 forum_flags='".$this->getVal('forumadmin',0)."',
586 project_flags='".$this->getVal('pmadmin',0)."',
587 doc_flags='".$this->getVal('docman',0)."',
588 cvs_flags='".$this->getVal('scm',0)."',
589 release_flags='".$this->getVal('frs',0)."',
590 artifact_flags='".$this->getVal('trackeradmin',0)."',
591 role_id='".$this->getID()."'
593 user_id='".$user_id."'
594 AND group_id='".$this->Group->getID()."'";
598 $this->setError('update::usergroup::'.db_error());
613 // c-file-style: "bsd"