3 * FusionForge permissions
5 * Copyright 1999-2001, VA Linux Systems, Inc.
6 * Copyright 2002-2004, GForge, LLC
7 * Copyright 2009, Roland Mas
8 * Copyright 2011, Franck Villaume - Capgemini
10 * This file is part of FusionForge. FusionForge is free software;
11 * you can redistribute it and/or modify it under the terms of the
12 * GNU General Public License as published by the Free Software
13 * Foundation; either version 2 of the Licence, or (at your option)
16 * FusionForge is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
21 * You should have received a copy of the GNU General Public License along
22 * with FusionForge; if not, write to the Free Software Foundation, Inc.,
23 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
26 require_once $gfcommon.'include/Error.class.php';
28 $PERMISSION_OBJ=array();
31 * permission_get_object() - Get permission objects
33 * permission_get_object is useful so you can pool Permission objects/save database queries
34 * You should always use this instead of instantiating the object directly
36 * @param object The Group in question
37 * @param object The User needing Permission
38 * @return a Permission or false on failure
41 function &permission_get_object(&$_Group, &$_User = NULL) {
42 //create a common set of Permission objects
43 //saves a little wear on the database
45 global $PERMISSION_OBJ;
47 if (is_object($_Group)) {
48 $group_id = $_Group->getID();
53 if (!isset($PERMISSION_OBJ[$group_id])) {
54 $PERMISSION_OBJ[$group_id]= new Permission($_Group);
56 return $PERMISSION_OBJ[$group_id];
59 class Permission extends Error {
61 * Associative array of data from db.
63 * @var array $data_array.
75 * ID of the Group object
82 * Whether the user is an admin/super user of this project.
84 * @var bool $is_admin.
89 * Whether the user is an admin/super user of the entire site.
91 * @var bool $is_site_admin.
96 * Constructor for this object.
98 * @param object Group Object required.
99 * @param object User Object required.
102 function Permission (&$_Group) {
103 if (!$_Group || !is_object($_Group)) {
104 $this->setError('No Valid Group Object');
107 if ($_Group->isError()) {
108 $this->setError('Permission: '.$_Group->getErrorMessage());
111 $this->Group =& $_Group;
112 $this->group_id = $this->Group->getID() ;
116 * isSuperUser - whether the current user has site admin privilege.
118 * @return boolean is_super_user.
120 function isSuperUser() {
121 return forge_check_global_perm ('forge_admin') ;
125 * isForumAdmin - whether the current user has form admin perms.
127 * @return boolean is_forum_admin.
129 function isForumAdmin() {
130 return forge_check_perm ('forum_admin', $this->group_id) ;
134 * isDocEditor - whether the current user has form doc editor perms.
136 * @return boolean is_doc_editor.
138 function isDocEditor() {
139 return forge_check_perm('docman', $this->group_id, 'approve');
143 * isDocAdmin - whether the current user has form doc admin perms.
145 * @return boolean is_doc_admin.
147 function isDocAdmin() {
148 return forge_check_perm('docman', $this->group_id, 'admin');
152 * isReleaseTechnician - whether the current user has FRS admin perms.
154 * @return boolean is_release_technician.
156 function isReleaseTechnician() {
157 return forge_check_perm ('frs', $this->group_id, 'write') ;
161 * isArtifactAdmin - whether the current user has artifact admin perms.
163 * @return boolean is_artifact_admin.
165 function isArtifactAdmin() {
166 return forge_check_perm ('tracker_admin', $this->group_id) ;
170 * isPMAdmin - whether the current user has Tasks admin perms.
172 * @return boolean is_projman_admin.
174 function isPMAdmin() {
175 return forge_check_perm ('pm_admin', $this->group_id) ;
179 * isAdmin - User is an admin of the project or admin of the entire site.
181 * @return boolean is_admin.
184 return forge_check_perm ('project_admin', $this->group_id) ;
188 * isCVSReader - checks the cvs_flags field in user_group table.
190 * @return boolean cvs_flags
192 function isCVSReader() {
193 return forge_check_perm ('scm', $this->group_id, 'read') ;
197 * isCVSWriter - checks if the user has CVS write access.
199 * @return boolean cvs_flags
201 function isCVSWriter() {
202 return forge_check_perm ('scm', $this->group_id, 'write') ;
206 * isMember - Simple test to see if the current user is a member of this project.
208 * @return boolean is_member.
210 function isMember() {
211 if ($this->isAdmin()) {
212 //admins are tested first so that super-users can return true
213 //and admins of a project should always have full privileges
217 $engine = RBACEngine::getInstance() ;
219 $roles = $engine->getAvailableRoles () ;
220 foreach ($roles as $role) {
221 $hp = $role->getHomeProject () ;
223 && $hp->getID() == $this->group_id) {
233 // c-file-style: "bsd"