3 * FusionForge permissions
5 * Copyright 1999-2001, VA Linux Systems, Inc.
6 * Copyright 2002-2004, GForge, LLC
7 * Copyright 2009, Roland Mas
8 * Copyright 2011, Franck Villaume - Capgemini
9 * Copyright 2014, Franck Villaume - TrivialDev
11 * This file is part of FusionForge. FusionForge is free software;
12 * you can redistribute it and/or modify it under the terms of the
13 * GNU General Public License as published by the Free Software
14 * Foundation; either version 2 of the Licence, or (at your option)
17 * FusionForge is distributed in the hope that it will be useful,
18 * but WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 * GNU General Public License for more details.
22 * You should have received a copy of the GNU General Public License along
23 * with FusionForge; if not, write to the Free Software Foundation, Inc.,
24 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
27 require_once $gfcommon.'include/FFError.class.php';
29 $PERMISSION_OBJ=array();
32 * permission_get_object() - Get permission objects
34 * permission_get_object is useful so you can pool Permission objects/save database queries
35 * You should always use this instead of instantiating the object directly
37 * @param object $_Group The Group in question
38 * @return object a Permission or false on failure
41 function &permission_get_object(&$_Group) {
42 //create a common set of Permission objects
43 //saves a little wear on the database
45 global $PERMISSION_OBJ;
47 if (is_object($_Group)) {
48 $group_id = $_Group->getID();
53 if (!isset($PERMISSION_OBJ[$group_id])) {
54 $PERMISSION_OBJ[$group_id]= new Permission($_Group);
56 return $PERMISSION_OBJ[$group_id];
59 class Permission extends FFError {
61 * Associative array of data from db.
63 * @var array $data_array.
75 * ID of the Group object
82 * Whether the user is an admin/super user of this project.
84 * @var bool $is_admin.
89 * Whether the user is an admin/super user of the entire site.
91 * @var bool $is_site_admin.
96 * @param object Group Object required.
98 function __construct (&$_Group) {
99 if (!$_Group || !is_object($_Group)) {
100 $this->setError(_('Invalid Project'));
103 if ($_Group->isError()) {
104 $this->setError('Permission: '.$_Group->getErrorMessage());
107 $this->Group =& $_Group;
108 $this->group_id = $this->Group->getID();
112 * isSuperUser - whether the current user has site admin privilege.
114 * @return boolean is_super_user.
116 function isSuperUser() {
117 return forge_check_global_perm ('forge_admin');
121 * isForumAdmin - whether the current user has form admin perms.
123 * @return boolean is_forum_admin.
125 function isForumAdmin() {
126 return forge_check_perm ('forum_admin', $this->group_id);
130 * isDocEditor - whether the current user has form doc editor perms.
132 * @return boolean is_doc_editor.
134 function isDocEditor() {
135 return forge_check_perm('docman', $this->group_id, 'approve');
139 * isDocAdmin - whether the current user has form doc admin perms.
141 * @return boolean is_doc_admin.
143 function isDocAdmin() {
144 return forge_check_perm('docman', $this->group_id, 'admin');
148 * isReleaseTechnician - whether the current user has FRS admin perms.
150 * @return boolean is_release_technician.
152 function isReleaseTechnician() {
153 return forge_check_perm('frs', $this->group_id, 'admin');
157 * isFRSAdmin - whether the current user has FRS admin perms.
159 * @return boolean is_frs_admin.
161 function isFRSAdmin() {
162 return forge_check_perm('frs_admin', $this->group_id, 'admin');
166 * isArtifactAdmin - whether the current user has artifact admin perms.
168 * @return boolean is_artifact_admin.
170 function isArtifactAdmin() {
171 return forge_check_perm ('tracker_admin', $this->group_id);
175 * isPMAdmin - whether the current user has Tasks admin perms.
177 * @return boolean is_projman_admin.
179 function isPMAdmin() {
180 return forge_check_perm ('pm_admin', $this->group_id);
184 * isAdmin - User is an admin of the project or admin of the entire site.
186 * @return boolean is_admin.
189 return forge_check_perm ('project_admin', $this->group_id);
193 * isCVSReader - checks the cvs_flags field in user_group table.
195 * @return boolean cvs_flags
197 function isCVSReader() {
198 return forge_check_perm ('scm', $this->group_id, 'read');
202 * isCVSWriter - checks if the user has CVS write access.
204 * @return boolean cvs_flags
206 function isCVSWriter() {
207 return forge_check_perm ('scm', $this->group_id, 'write');
211 * isMember - Simple test to see if the current user is a member of this project.
213 * @return bool is_member.
215 function isMember() {
216 if ($this->isAdmin()) {
217 //admins are tested first so that super-users can return true
218 //and admins of a project should always have full privileges
222 $engine = RBACEngine::getInstance();
224 $roles = $engine->getAvailableRoles();
225 foreach ($roles as $role) {
226 $hp = $role->getHomeProject();
228 && $hp->getID() == $this->group_id) {
238 // c-file-style: "bsd"