5 * Copyright 2004, GForge, LLC
7 * This file is part of FusionForge.
9 * FusionForge is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published
11 * by the Free Software Foundation; either version 2 of the License,
12 * or (at your option) any later version.
14 * FusionForge is distributed in the hope that it will be useful, but
15 * WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 * General Public License for more details.
19 * You should have received a copy of the GNU General Public License
20 * along with FusionForge; if not, write to the Free Software
21 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
25 require_once $gfcommon.'include/rbac_texts.php' ;
27 class Role extends Error {
33 var $role_values=array(
34 'projectadmin'=>array('0','A'),
35 'frs'=>array('0','1'),
36 'scm'=>array('-1','0','1'),
37 'docman'=>array('0','1'),
38 'forumadmin'=>array('0','2'),
39 'forum'=>array('-1','0','1','2'),
40 'trackeradmin'=>array('0','2'),
41 'tracker'=>array('-1','0','1','2','3'),
42 'pmadmin'=>array('0','2'),
43 'pm'=>array('-1','0','1','2','3'),
44 'webcal'=>array('0','1','2'));
47 'Admin'=>array( 'projectadmin'=>'A', 'frs'=>'1', 'scm'=>'1', 'docman'=>'1', 'forumadmin'=>'2', 'forum'=>'2', 'trackeradmin'=>'2', 'tracker'=>'2', 'pmadmin'=>'2', 'pm'=>'2', 'webcal'=>'1' ),
48 'Senior Developer'=>array( 'projectadmin'=>'0', 'frs'=>'1', 'scm'=>'1', 'docman'=>'1', 'forumadmin'=>'2', 'forum'=>'2', 'trackeradmin'=>'2', 'tracker'=>'2', 'pmadmin'=>'2', 'pm'=>'2', 'webcal'=>'2' ),
49 'Junior Developer'=>array( 'projectadmin'=>'0', 'frs'=>'0', 'scm'=>'1', 'docman'=>'0', 'forumadmin'=>'0', 'forum'=>'1', 'trackeradmin'=>'0', 'tracker'=>'1', 'pmadmin'=>'0', 'pm'=>'1', 'webcal'=>'2' ),
50 'Doc Writer'=>array( 'projectadmin'=>'0', 'frs'=>'0', 'scm'=>'0', 'docman'=>'1', 'forumadmin'=>'0', 'forum'=>'1', 'trackeradmin'=>'0', 'tracker'=>'0', 'pmadmin'=>'0', 'pm'=>'0' , 'webcal'=>'2'),
51 'Support Tech'=>array( 'projectadmin'=>'0', 'frs'=>'0', 'scm'=>'0', 'docman'=>'1', 'forumadmin'=>'0', 'forum'=>'1', 'trackeradmin'=>'0', 'tracker'=>'2', 'pmadmin'=>'0', 'pm'=>'0' , 'webcal'=>'2')
55 * Role($group,$id) - CONSTRUCTOR.
57 * @param object The Group object.
58 * @param int The role_id.
60 function Role ($Group,$role_id=false) {
62 if (!$Group || !is_object($Group) || $Group->isError()) {
63 $this->setError('Role::'.$Group->getErrorMessage());
66 $this->Group =& $Group;
68 //setting up an empty object
69 //probably going to call create()
72 return $this->fetchData($role_id);
76 * getID - get the ID of this role.
78 * @return integer The ID Number.
81 return $this->data_array['role_id'];
85 * getName - get the name of this role.
87 * @return string The name of this role.
90 return $this->data_array['role_name'];
94 * create - create a new role in the database.
96 * @param string The name of the role.
97 * @param array A multi-dimensional array of data in this format: $data['section_name']['ref_id']=$val
98 * @return integer The id on success or false on failure.
100 function create($role_name,$data) {
101 $perm =& $this->Group->getPermission( session_get_user() );
102 if (!$perm || !is_object($perm) || $perm->isError() || !$perm->isAdmin()) {
103 $this->setPermissionDeniedError();
108 $sql="INSERT INTO role (group_id,role_name)
109 VALUES ('".$this->Group->getID()."','".htmlspecialchars($role_name)."')";
113 $this->setError('create::'.db_error());
117 $role_id=db_insertid($res,'role','role_id');
119 $this->setError('create::db_insertid::'.db_error());
124 $arr1 = array_keys($data);
125 for ($i=0; $i<count($arr1); $i++) {
126 // array_values($Report->adjust_days)
127 $arr2 = array_keys($data[$arr1[$i]]);
128 for ($j=0; $j<count($arr2); $j++) {
129 $usection_name=$arr1[$i];
131 $uvalue=$data[$arr1[$i]][$arr2[$j]];
138 $sql="INSERT INTO role_setting (role_id,section_name,ref_id,value)
139 values ('$role_id','$usection_name', '$uref_id','$uvalue')";
143 $this->setError('create::insertsetting::'.db_error());
153 function createDefault($name) {
154 //echo '<html><body><pre>';
156 //print_r($this->defaults);
157 $arr =& $this->defaults[$name];
158 $keys = array_keys($arr);
165 for ($i=0; $i<count($keys); $i++) {
167 if ($keys[$i] == 'forum') {
168 $res=db_query("SELECT group_forum_id
169 FROM forum_group_list
170 WHERE group_id='".$this->Group->getID()."'");
172 $this->setError('Error: Forum'.db_error());
175 for ($j=0; $j<db_numrows($res); $j++) {
176 $data[$keys[$i]][db_result($res,$j,'group_forum_id')]= $arr[$keys[$i]];
178 } elseif ($keys[$i] == 'pm') {
179 $res=db_query("SELECT group_project_id
180 FROM project_group_list
181 WHERE group_id='".$this->Group->getID()."'");
183 $this->setError('Error: TaskMgr'.db_error());
186 for ($j=0; $j<db_numrows($res); $j++) {
187 $data[$keys[$i]][db_result($res,$j,'group_project_id')]= $arr[$keys[$i]];
189 } elseif ($keys[$i] == 'tracker') {
190 $res=db_query("SELECT group_artifact_id
191 FROM artifact_group_list
192 WHERE group_id='".$this->Group->getID()."'");
194 $this->setError('Error: Tracker'.db_error());
197 for ($j=0; $j<db_numrows($res); $j++) {
198 $data[$keys[$i]][db_result($res,$j,'group_artifact_id')]= $arr[$keys[$i]];
201 $data[$keys[$i]][0]= $arr[$keys[$i]];
207 return $this->create($name,$data);
211 * fetchData - May need to refresh database fields.
213 * If an update occurred and you need to access the updated info.
215 * @return boolean success;
217 function fetchData($role_id) {
218 unset($this->data_array);
219 unset($this->setting_array);
220 $res=db_query("SELECT * FROM role WHERE role_id='$role_id'");
221 if (!$res || db_numrows($res) < 1) {
222 $this->setError('Role::fetchData()::'.db_error());
225 $this->data_array =& db_fetch_array($res);
226 $res=db_query("SELECT * FROM role_setting WHERE role_id='$role_id'");
228 $this->setError('Role::fetchData()::'.db_error());
231 $this->setting_array=array();
232 while ($arr =& db_fetch_array($res)) {
233 $this->setting_array[$arr['section_name']][$arr['ref_id']] = $arr['value'];
239 * &getRoleVals - get all the values and language text strings for this section.
241 * @return array Assoc array of values for this section.
243 function &getRoleVals($section) {
244 global $role_vals, $rbac_permission_names;
247 // Optimization - save array so it is only built once per page view
249 if (!isset($role_vals[$section])) {
251 for ($i=0; $i<count($this->role_values[$section]); $i++) {
253 // Build an associative array of these key values + localized description
255 $role_vals[$section][$this->role_values[$section][$i]]=$rbac_permission_names["$section".$this->role_values[$section][$i]];
258 return $role_vals[$section];
262 * getVal - get a value out of the array of settings for this role.
264 * @param string The name of the role.
265 * @param integer The ref_id (ex: group_artifact_id, group_forum_id) for this item.
266 * @return integer The value of this item.
268 function getVal($section,$ref_id) {
269 global $role_default_array;
273 return $this->setting_array[$section][$ref_id];
277 * update - update a new in the database.
279 * @param string The name of the role.
280 * @param array A multi-dimensional array of data in this format: $data['section_name']['ref_id']=$val
281 * @return boolean True on success or false on failure.
283 function update($role_name,$data) {
286 // Cannot update role_id=1
288 if ($this->getID() == 1) {
289 $this->setError('Cannot Update Default Role');
292 $perm =& $this->Group->getPermission( session_get_user() );
293 if (!$perm || !is_object($perm) || $perm->isError() || !$perm->isAdmin()) {
294 $this->setPermissionDeniedError();
300 if ($this->getName() != stripslashes($role_name)) {
302 SET role_name='".htmlspecialchars($role_name)."'
303 WHERE group_id='".$this->Group->getID()."'
304 AND role_id='".$this->getID()."'";
307 if (!$res || db_affected_rows($res) < 1) {
308 $this->setError('update::name::'.db_error());
313 ////$data['section_name']['ref_id']=$val
314 $arr1 = array_keys($data);
315 for ($i=0; $i<count($arr1); $i++) {
316 // array_values($Report->adjust_days)
317 $arr2 = array_keys($data[$arr1[$i]]);
318 for ($j=0; $j<count($arr2); $j++) {
319 $usection_name=$arr1[$i];
321 $uvalue=$data[$usection_name][$uref_id];
329 // See if this setting changed. If so, then update it
331 // if ($this->getVal($usection_name,$uref_id) != $uvalue) {
332 $sql="UPDATE role_setting
334 WHERE role_id='".$this->getID()."'
335 AND section_name='$usection_name'
336 AND ref_id='$uref_id'";
339 if (!$res || db_affected_rows($res) < 1) {
340 $sql="INSERT INTO role_setting (role_id,section_name,ref_id,value)
341 values ('".$this->getID()."','$usection_name', '$uref_id','$uvalue')";
345 $this->setError('update::rolesettinginsert::'.db_error());
350 if ($usection_name == 'frs') {
351 $update_usergroup=true;
352 } elseif ($usection_name == 'scm') {
353 //$update_usergroup=true;
355 //iterate all users with this role
356 $res=db_query("SELECT user_id
358 WHERE role_id='".$this->getID()."'");
359 for ($z=0; $z<db_numrows($res); $z++) {
361 //TODO - Shell should be separate flag
362 // If user acquired admin access to CVS,
363 // one to be given normal shell on CVS machine,
364 // else - restricted.
366 $cvs_flags=$data['scm'][0];
367 $sql="UPDATE user_group
368 SET cvs_flags=".$cvs_flags."
369 WHERE user_id=".db_result($res,$z,'user_id')." AND role_id=".$this->getID();
370 //echo '<h1>'.$data['scm'][0].'::'.$sql.'</h1>';
371 $res2=db_query($sql);
373 $this->setError('update::scm::'.db_error());
377 // I have doubt the following is usefull
378 // This is probably buggy if used
380 if (!$SYS->sysUserSetAttribute($user_id,"debGforgeCvsShell","/bin/bash")) {
381 $this->setError($SYS->getErrorMessage());
386 if (!$SYS->sysUserSetAttribute($user_id,"debGforgeCvsShell","/bin/cvssh")) {
387 $this->setError($SYS->getErrorMessage());
394 // If user acquired at least commit access to CVS,
395 // one to be promoted to CVS group, else, demoted.
398 if (!$SYS->sysGroupAddUser($this->Group->getID(),db_result($res,$z,'user_id'),1)) {
399 $this->setError($SYS->getErrorMessage());
404 if (!$SYS->sysGroupRemoveUser($this->Group->getID(),db_result($res,$z,'user_id'),1)) {
405 $this->setError($SYS->getErrorMessage());
413 } elseif ($usection_name == 'docman') {
414 $update_usergroup=true;
415 } elseif ($usection_name == 'forumadmin') {
416 $update_usergroup=true;
417 } elseif ($usection_name == 'trackeradmin') {
418 $update_usergroup=true;
419 } elseif ($usection_name == 'projectadmin') {
420 $update_usergroup=true;
421 } elseif ($usection_name == 'pmadmin') {
422 $update_usergroup=true;
427 // if ($update_usergroup) {
428 $sql="UPDATE user_group
430 admin_flags='".$data['projectadmin'][0]."',
431 forum_flags='".$data['forumadmin'][0]."',
432 project_flags='".$data['pmadmin'][0]."',
433 doc_flags='".$data['docman'][0]."',
434 cvs_flags='".$data['scm'][0]."',
435 release_flags='".$data['frs'][0]."',
436 artifact_flags='".$data['trackeradmin'][0]."'
437 WHERE role_id='".$this->getID()."'";
441 $this->setError('update::usergroup::'.db_error());
448 $this->fetchData($this->getID());
452 function setUser($user_id) {
454 $perm =& $this->Group->getPermission( session_get_user() );
455 if (!$perm || !is_object($perm) || $perm->isError() || !$perm->isAdmin()) {
456 $this->setPermissionDeniedError();
463 // See if role is actually changing
465 $res=db_query("SELECT role_id FROM user_group
466 WHERE user_id='$user_id'
467 AND group_id='".$this->Group->getID()."'");
468 $old_roleid=db_result($res,0,0);
469 if ($this->getID() == $old_roleid) {
474 // Get the old role so we can compare new values to old
476 $oldrole= new Role($this->Group,$old_roleid);
477 if (!$oldrole || !is_object($oldrole) || $oldrole->isError()) {
478 $this->setError($oldrole->getErrorMessage());
484 // Iterate each setting to see if it's changing
485 // If not, no sense updating it
487 $arr1 = array_keys($this->setting_array);
488 for ($i=0; $i<count($arr1); $i++) {
489 // array_values($Report->adjust_days)
490 $arr2 = array_keys($this->setting_array[$arr1[$i]]);
491 for ($j=0; $j<count($arr2); $j++) {
492 $usection_name=$arr1[$i];
494 $uvalue=$this->setting_array[$usection_name][$uref_id];
502 // See if this setting changed. If so, then update it
504 // if (($this->getVal($usection_name,$uref_id) != $oldrole->getVal($usection_name,$uref_id)) || ($old_roleid == 1)) {
505 if ($usection_name == 'frs') {
506 $update_usergroup=true;
507 } elseif ($usection_name == 'scm') {
508 //TODO - Shell should be separate flag
509 // If user acquired admin access to CVS,
510 // one to be given normal shell on CVS machine,
511 // else - restricted.
513 $cvs_flags=$this->getVal('scm',0);
514 $sql="UPDATE user_group
515 SET cvs_flags=".$cvs_flags."
516 WHERE user_id=".$user_id."
517 AND group_id='".$this->Group->getID()."'";
518 //echo '<h1>'.$cvs_flags.'::'.$sql.'</h1>';
519 $res2=db_query($sql);
521 $this->setError('update::scm::'.db_error());
525 // I have doubt the following is usefull
526 // This is probably buggy if used
528 if (!$SYS->sysUserSetAttribute($user_id,"debGforgeCvsShell","/bin/bash")) {
529 $this->setError($SYS->getErrorMessage());
534 if (!$SYS->sysUserSetAttribute($user_id,"debGforgeCvsShell","/bin/cvssh")) {
535 $this->setError($SYS->getErrorMessage());
542 // If user acquired at least commit access to CVS,
543 // one to be promoted to CVS group, else, demoted.
544 // When we add the user we also check he has a shell as a group member
545 // When we remove we only check for SCM (cvs_only=1)
548 //echo "<h3>Role::setUser SYS->sysGroupAddUser(".$this->Group->getID().",$user_id,1)</h3>";
549 if (!$SYS->sysGroupAddUser($this->Group->getID(),$user_id,0)) {
550 $this->setError($SYS->getErrorMessage());
555 //echo "<h3>Role::setUser SYS->sysGroupRemoveUser(".$this->Group->getID().",$user_id,1)</h3>";
556 if (!$SYS->sysGroupRemoveUser($this->Group->getID(),$user_id,1)) {
557 $this->setError($SYS->getErrorMessage());
563 } elseif ($usection_name == 'docman') {
564 $update_usergroup=true;
565 } elseif ($usection_name == 'forumadmin') {
566 $update_usergroup=true;
567 } elseif ($usection_name == 'trackeradmin') {
568 $update_usergroup=true;
569 } elseif ($usection_name == 'projectadmin') {
570 $update_usergroup=true;
571 } elseif ($usection_name == 'pmadmin') {
572 $update_usergroup=true;
577 // if ($update_usergroup) {
578 $sql="UPDATE user_group
580 admin_flags='".$this->getVal('projectadmin',0)."',
581 forum_flags='".$this->getVal('forumadmin',0)."',
582 project_flags='".$this->getVal('pmadmin',0)."',
583 doc_flags='".$this->getVal('docman',0)."',
584 cvs_flags='".$this->getVal('scm',0)."',
585 release_flags='".$this->getVal('frs',0)."',
586 artifact_flags='".$this->getVal('trackeradmin',0)."',
587 role_id='".$this->getID()."'
589 user_id='".$user_id."'
590 AND group_id='".$this->Group->getID()."'";
594 $this->setError('update::usergroup::'.db_error());
609 // c-file-style: "bsd"