3 * FusionForge permissions
5 * Copyright 1999-2001, VA Linux Systems, Inc.
6 * Copyright 2002-2004, GForge, LLC
7 * Copyright 2009, Roland Mas
8 * Copyright 2011, Franck Villaume - Capgemini
10 * This file is part of FusionForge. FusionForge is free software;
11 * you can redistribute it and/or modify it under the terms of the
12 * GNU General Public License as published by the Free Software
13 * Foundation; either version 2 of the Licence, or (at your option)
16 * FusionForge is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
21 * You should have received a copy of the GNU General Public License along
22 * with FusionForge; if not, write to the Free Software Foundation, Inc.,
23 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
26 require_once $gfcommon.'include/Error.class.php';
28 $PERMISSION_OBJ=array();
31 * permission_get_object() - Get permission objects
33 * permission_get_object is useful so you can pool Permission objects/save database queries
34 * You should always use this instead of instantiating the object directly
36 * @param object The Group in question
37 * @param object The User needing Permission
38 * @return a Permission or false on failure
41 function &permission_get_object(&$_Group, &$_User = NULL) {
42 //create a common set of Permission objects
43 //saves a little wear on the database
45 global $PERMISSION_OBJ;
47 if (is_object($_Group)) {
48 $group_id = $_Group->getID();
53 if (!isset($PERMISSION_OBJ[$group_id])) {
54 $PERMISSION_OBJ[$group_id]= new Permission($_Group);
56 return $PERMISSION_OBJ[$group_id];
59 class Permission extends Error {
61 * Associative array of data from db.
63 * @var array $data_array.
75 * ID of the Group object
82 * Whether the user is an admin/super user of this project.
84 * @var bool $is_admin.
89 * Whether the user is an admin/super user of the entire site.
91 * @var bool $is_site_admin.
96 * Constructor for this object.
98 * @param object Group Object required.
101 function Permission (&$_Group) {
102 if (!$_Group || !is_object($_Group)) {
103 $this->setError('No Valid Group Object');
106 if ($_Group->isError()) {
107 $this->setError('Permission: '.$_Group->getErrorMessage());
110 $this->Group =& $_Group;
111 $this->group_id = $this->Group->getID() ;
115 * isSuperUser - whether the current user has site admin privilege.
117 * @return boolean is_super_user.
119 function isSuperUser() {
120 return forge_check_global_perm ('forge_admin') ;
124 * isForumAdmin - whether the current user has form admin perms.
126 * @return boolean is_forum_admin.
128 function isForumAdmin() {
129 return forge_check_perm ('forum_admin', $this->group_id) ;
133 * isDocEditor - whether the current user has form doc editor perms.
135 * @return boolean is_doc_editor.
137 function isDocEditor() {
138 return forge_check_perm('docman', $this->group_id, 'approve');
142 * isDocAdmin - whether the current user has form doc admin perms.
144 * @return boolean is_doc_admin.
146 function isDocAdmin() {
147 return forge_check_perm('docman', $this->group_id, 'admin');
151 * isReleaseTechnician - whether the current user has FRS admin perms.
153 * @return boolean is_release_technician.
155 function isReleaseTechnician() {
156 return forge_check_perm ('frs', $this->group_id, 'write') ;
160 * isArtifactAdmin - whether the current user has artifact admin perms.
162 * @return boolean is_artifact_admin.
164 function isArtifactAdmin() {
165 return forge_check_perm ('tracker_admin', $this->group_id) ;
169 * isPMAdmin - whether the current user has Tasks admin perms.
171 * @return boolean is_projman_admin.
173 function isPMAdmin() {
174 return forge_check_perm ('pm_admin', $this->group_id) ;
178 * isAdmin - User is an admin of the project or admin of the entire site.
180 * @return boolean is_admin.
183 return forge_check_perm ('project_admin', $this->group_id) ;
187 * isCVSReader - checks the cvs_flags field in user_group table.
189 * @return boolean cvs_flags
191 function isCVSReader() {
192 return forge_check_perm ('scm', $this->group_id, 'read') ;
196 * isCVSWriter - checks if the user has CVS write access.
198 * @return boolean cvs_flags
200 function isCVSWriter() {
201 return forge_check_perm ('scm', $this->group_id, 'write') ;
205 * isMember - Simple test to see if the current user is a member of this project.
207 * @return boolean is_member.
209 function isMember() {
210 if ($this->isAdmin()) {
211 //admins are tested first so that super-users can return true
212 //and admins of a project should always have full privileges
216 $engine = RBACEngine::getInstance() ;
218 $roles = $engine->getAvailableRoles () ;
219 foreach ($roles as $role) {
220 $hp = $role->getHomeProject () ;
222 && $hp->getID() == $this->group_id) {
232 // c-file-style: "bsd"