3 * FusionForge permissions
5 * Copyright 1999-2001, VA Linux Systems, Inc.
6 * Copyright 2002-2004, GForge, LLC
7 * Copyright 2009, Roland Mas
8 * Copyright 2011, Franck Villaume - Capgemini
10 * This file is part of FusionForge. FusionForge is free software;
11 * you can redistribute it and/or modify it under the terms of the
12 * GNU General Public License as published by the Free Software
13 * Foundation; either version 2 of the Licence, or (at your option)
16 * FusionForge is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
21 * You should have received a copy of the GNU General Public License along
22 * with FusionForge; if not, write to the Free Software Foundation, Inc.,
23 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
26 require_once $gfcommon.'include/Error.class.php';
28 $PERMISSION_OBJ=array();
31 * permission_get_object() - Get permission objects
33 * permission_get_object is useful so you can pool Permission objects/save database queries
34 * You should always use this instead of instantiating the object directly
36 * @param $_Group object The Group in question
37 * @return object a Permission or false on failure
40 function &permission_get_object(&$_Group, &$_User = NULL) {
41 //create a common set of Permission objects
42 //saves a little wear on the database
44 global $PERMISSION_OBJ;
46 if (is_object($_Group)) {
47 $group_id = $_Group->getID();
52 if (!isset($PERMISSION_OBJ[$group_id])) {
53 $PERMISSION_OBJ[$group_id]= new Permission($_Group);
55 return $PERMISSION_OBJ[$group_id];
58 class Permission extends Error {
60 * Associative array of data from db.
62 * @var array $data_array.
74 * ID of the Group object
81 * Whether the user is an admin/super user of this project.
83 * @var bool $is_admin.
88 * Whether the user is an admin/super user of the entire site.
90 * @var bool $is_site_admin.
95 * Constructor for this object.
97 * @param object Group Object required.
100 function __construct (&$_Group) {
101 if (!$_Group || !is_object($_Group)) {
102 $this->setError(_('No Valid Group Object'));
105 if ($_Group->isError()) {
106 $this->setError('Permission: '.$_Group->getErrorMessage());
109 $this->Group =& $_Group;
110 $this->group_id = $this->Group->getID();
114 * isSuperUser - whether the current user has site admin privilege.
116 * @return boolean is_super_user.
118 function isSuperUser() {
119 return forge_check_global_perm ('forge_admin') ;
123 * isForumAdmin - whether the current user has form admin perms.
125 * @return boolean is_forum_admin.
127 function isForumAdmin() {
128 return forge_check_perm ('forum_admin', $this->group_id) ;
132 * isDocEditor - whether the current user has form doc editor perms.
134 * @return boolean is_doc_editor.
136 function isDocEditor() {
137 return forge_check_perm('docman', $this->group_id, 'approve');
141 * isDocAdmin - whether the current user has form doc admin perms.
143 * @return boolean is_doc_admin.
145 function isDocAdmin() {
146 return forge_check_perm('docman', $this->group_id, 'admin');
150 * isReleaseTechnician - whether the current user has FRS admin perms.
152 * @return boolean is_release_technician.
154 function isReleaseTechnician() {
155 return forge_check_perm ('frs', $this->group_id, 'write') ;
159 * isArtifactAdmin - whether the current user has artifact admin perms.
161 * @return boolean is_artifact_admin.
163 function isArtifactAdmin() {
164 return forge_check_perm ('tracker_admin', $this->group_id) ;
168 * isPMAdmin - whether the current user has Tasks admin perms.
170 * @return boolean is_projman_admin.
172 function isPMAdmin() {
173 return forge_check_perm ('pm_admin', $this->group_id) ;
177 * isAdmin - User is an admin of the project or admin of the entire site.
179 * @return boolean is_admin.
182 return forge_check_perm ('project_admin', $this->group_id) ;
186 * isCVSReader - checks the cvs_flags field in user_group table.
188 * @return boolean cvs_flags
190 function isCVSReader() {
191 return forge_check_perm ('scm', $this->group_id, 'read') ;
195 * isCVSWriter - checks if the user has CVS write access.
197 * @return boolean cvs_flags
199 function isCVSWriter() {
200 return forge_check_perm ('scm', $this->group_id, 'write') ;
204 * isMember - Simple test to see if the current user is a member of this project.
206 * @return boolean is_member.
208 function isMember() {
209 if ($this->isAdmin()) {
210 //admins are tested first so that super-users can return true
211 //and admins of a project should always have full privileges
215 $engine = RBACEngine::getInstance() ;
217 $roles = $engine->getAvailableRoles () ;
218 foreach ($roles as $role) {
219 $hp = $role->getHomeProject () ;
221 && $hp->getID() == $this->group_id) {
231 // c-file-style: "bsd"