3 * FusionForge role-based access control
5 * Copyright 2004, GForge, LLC
6 * Copyright 2009-2010, Roland Mas
8 * This file is part of FusionForge.
10 * FusionForge is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License as published
12 * by the Free Software Foundation; either version 2 of the License,
13 * or (at your option) any later version.
15 * FusionForge is distributed in the hope that it will be useful, but
16 * WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
18 * General Public License for more details.
20 * You should have received a copy of the GNU General Public License
21 * along with FusionForge; if not, write to the Free Software
22 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
26 require "PFO-RBAC.interface.php" ;
28 if (file_exists ('/tmp/fusionforge-use-pfo-rbac')) {
29 define ('USE_PFO_RBAC', true) ;
31 define ('USE_PFO_RBAC', false) ;
34 // Code shared between classes
36 abstract class BaseRole extends Error {
41 public function BaseRole() {
43 $this->role_values = array (
44 'forge_admin' => array (0,1),
45 'approve_projects' => array (0,1),
46 'approve_news' => array (0,1),
47 'forge_stats' => array (0,1,2),
49 'project_read' => array (0,1),
50 'project_admin' => array (0,1),
52 'tracker_admin' => array (0,1),
53 'pm_admin' => array (0,1),
54 'forum_admin' => array (0,1),
56 'tracker' => array (0,1,3,5,7),
57 'pm' => array (0,1,3,5,7),
58 'forum' => array (0,1,2,3,4),
60 'new_tracker' => array (0,1,3,5,7),
61 'new_pm' => array (0,1,3,5,7),
62 'new_forum' => array (0,1,2,3,4),
64 'scm' => array (0,1,2),
65 'docman' => array (0,1,2,3,4),
66 'frs' => array (0,1,2,3),
68 'webcal' => array (0,1,2),
71 $this->global_settings = array (
78 $this->defaults = array(
79 'Admin' => array( 'project_admin'=> 1,
92 'Senior Developer' => array( 'project_read' => 1,
104 'Junior Developer' => array( 'project_read' => 1,
113 'Doc Writer' => array( 'project_read' => 1,
121 'Support Tech' => array( 'project_read' => 1,
125 'tracker_admin' => 1,
133 $this->role_values = array(
134 'projectadmin' => array ('0','A'),
135 'frs' => array ('0','1'),
136 'scm' => array ('-1','0','1'),
137 'docman' => array ('0','1'),
138 'forumadmin' => array ('0','2'),
139 'forum' => array ('-1','0','1','2'),
140 'newforum' => array ('-1','0','1','2'),
141 'trackeradmin' => array ('0','2'),
142 'tracker' => array ('-1','0','1','2','3'),
143 'newtracker' => array ('-1','0','1','2','3'),
144 'pmadmin' => array ('0','2'),
145 'pm' => array ('-1','0','1','2','3'),
146 'newpm' => array ('-1','0','1','2','3'),
147 'webcal' => array ('0','1','2'));
149 $this->defaults = array(
150 'Admin' => array( 'projectadmin'=>'A',
164 'Senior Developer'=> array( 'projectadmin'=>'0',
178 'Junior Developer'=> array( 'projectadmin'=>'0',
192 'Doc Writer' => array( 'projectadmin'=>'0',
206 'Support Tech' => array( 'projectadmin'=>'0',
225 public function getUsers() {
228 public function hasUser($user) {
229 throw new Exception ("Not implemented") ;
231 function hasGlobalPermission($section, $action = NULL) {
232 return $this->hasPermission ($section, -1, $action) ;
234 public function getSettings() {
235 throw new Exception ("Not implemented") ;
237 public function setSettings($data) {
238 throw new Exception ("Not implemented") ;
240 public function linkProject ($project) {
241 throw new Exception ("Not implemented") ;
243 public function unlinkProject ($project) {
244 throw new Exception ("Not implemented") ;
246 public function normalizeData () {
247 throw new Exception ("Not implemented") ;
251 * getLinkedProjects - List of projects referencing that role
253 * Includes the home project (for roles that have one)
255 * @return array Array of Group objects
257 public function getLinkedProjects () {
260 $hp = $this->getHomeProject () ;
262 $ids[] = $hp->getID() ;
265 $res = db_query_params ('SELECT group_id FROM role_project_refs WHERE role_id=$1',
266 array ($this->getID())) ;
268 while ($arr = db_fetch_array ($res)) {
269 $ids[] = $arr['group_id'] ;
273 return group_get_objects (array_unique ($ids)) ;
277 * fetchData - May need to refresh database fields.
279 * If an update occurred and you need to access the updated info.
281 * @return boolean success;
283 function fetchData($role_id) {
284 unset($this->data_array);
285 unset($this->setting_array);
286 unset($this->perms_array);
289 $res = db_query_params ('SELECT * FROM pfo_role WHERE role_id=$1',
291 if (!$res || db_numrows($res) < 1) {
292 $this->setError('BaseRole::fetchData()::'.db_error());
295 $this->data_array =& db_fetch_array($res);
297 $res = db_query_params ('SELECT section_name, ref_id, perm_val FROM pfo_role_setting WHERE role_id=$1',
300 $this->setError('BaseRole::fetchData()::'.db_error());
303 $this->perms_array=array();
304 while ($arr =& db_fetch_array($res)) {
305 $this->perms_array[$arr['section_name']][$arr['ref_id']] = $arr['perm_val'];
308 if ($this instanceof RoleAnonymous) {
309 $res = db_query_params ('SELECT group_id, enable_anonscm FROM groups WHERE is_public=1',
311 while ($arr = db_fetch_array($res)) {
312 $this->perms_array['project_read'][$arr['group_id']] = 1 ;
313 $this->perms_array['frs'][$arr['group_id']] = 1 ;
314 $this->perms_array['scm'][$arr['group_id']] = $arr['enable_anonscm'] ;
317 $res = db_query_params ('SELECT t.group_artifact_id FROM artifact_group_list t, groups g WHERE t.is_public=1 AND t.allow_anon=1 AND g.is_public=1 AND t.group_id = g.group_id',
319 while ($arr = db_fetch_array($res)) {
320 $this->perms_array['tracker'][$arr['group_artifact_id']] = 1 ;
323 $res = db_query_params ('SELECT p.group_project_id FROM project_group_list p, groups g WHERE p.is_public=1 AND g.is_public=1 AND p.group_id = g.group_id',
325 while ($arr = db_fetch_array($res)) {
326 $this->perms_array['pm'][$arr['group_project_id']] = 1 ;
329 $res = db_query_params ('SELECT f.group_forum_id, f.allow_anonymous, f.moderation_level FROM forum_group_list f, groups g WHERE f.is_public=1 AND g.is_public=1 AND f.group_id = g.group_id',
331 while ($arr = db_fetch_array($res)) {
332 if ($arr['allow_anonymous'] == 1) {
333 if ($arr['moderation_level'] == 0) {
334 $this->perms_array['forum'][$arr['group_forum_id']] = 3 ;
336 $this->perms_array['forum'][$arr['group_forum_id']] = 2 ;
339 $this->perms_array['forum'][$arr['group_forum_id']] = 1 ;
342 } elseif ($this instanceof RoleLoggedIn) {
343 $res = db_query_params ('SELECT group_id, enable_anonscm FROM groups WHERE is_public=1',
345 while ($arr = db_fetch_array($res)) {
346 $this->perms_array['project_read'][$arr['group_id']] = 1 ;
347 $this->perms_array['frs'][$arr['group_id']] = 1 ;
348 $this->perms_array['scm'][$arr['group_id']] = $arr['enable_anonscm'] ;
351 $res = db_query_params ('SELECT t.group_artifact_id FROM artifact_group_list t, groups g WHERE t.is_public=1 AND g.is_public=1 AND t.group_id = g.group_id',
353 while ($arr = db_fetch_array($res)) {
354 $this->perms_array['tracker'][$arr['group_artifact_id']] = 1 ;
357 $res = db_query_params ('SELECT p.group_project_id FROM project_group_list p, groups g WHERE p.is_public=1 AND g.is_public=1 AND p.group_id = g.group_id',
359 while ($arr = db_fetch_array($res)) {
360 $this->perms_array['pm'][$arr['group_project_id']] = 1 ;
363 $res = db_query_params ('SELECT f.group_forum_id, f.moderation_level FROM forum_group_list f, groups g WHERE f.is_public=1 AND g.is_public=1 AND f.group_id = g.group_id',
365 while ($arr = db_fetch_array($res)) {
366 if ($arr['moderation_level'] == 0) {
367 $this->perms_array['forum'][$arr['group_forum_id']] = 3 ;
369 $this->perms_array['forum'][$arr['group_forum_id']] = 2 ;
373 $res = db_query_params ('SELECT * FROM role WHERE role_id=$1',
375 if (!$res || db_numrows($res) < 1) {
376 $this->setError('BaseRole::fetchData()::'.db_error());
379 $this->data_array = db_fetch_array($res);
381 // Load pre-PFO RBAC settings...
382 $res = db_query_params ('SELECT * FROM role_setting WHERE role_id=$1',
385 $this->setError('BaseRole::fetchData()::'.db_error());
388 $this->setting_array=array();
389 while ($arr = db_fetch_array($res)) {
390 $this->setting_array[$arr['section_name']][$arr['ref_id']] = $arr['value'];
393 // ...and map section names and values to the new values
395 if ($this->data_array['group_id'] == forge_get_config ('stats_group')) {
396 $this->perms_array['forge_stats'][-1] = 2 ;
399 $this->perms_array=array();
400 $tohandle = array () ;
401 $gid = $this->data_array['group_id'] ;
402 if ($gid == 1 && count ($this->setting_array) == 0) {
403 $tohandle[] = array ('forge_admin', -1) ;
405 foreach ($this->setting_array as $oldsection => $t) {
406 switch ($oldsection) {
408 $tohandle[] = array ('project_admin', $gid) ;
409 if ($this->data_array['group_id'] == 1 && $t[0] == 'A') {
410 $tohandle[] = array ('forge_admin', -1) ;
412 if ($this->data_array['group_id'] == forge_get_config ('news_group') && $t[0] == 'A') {
413 $tohandle[] = array ('approve_news', -1) ;
415 if ($this->data_array['group_id'] == forge_get_config ('stats_group') && $t[0] == 'A') {
416 $tohandle[] = array ('forge_stats', -1) ;
420 $tohandle[] = array ('tracker_admin', $gid) ;
423 $tohandle[] = array ('pm_admin', $gid) ;
426 $tohandle[] = array ('forum_admin', $gid) ;
430 $tohandle[] = array ('new_tracker', $gid) ;
433 $tohandle[] = array ('new_pm', $gid) ;
436 $tohandle[] = array ('new_forum', $gid) ;
440 foreach ($t as $oldreference => $oldvalue) {
441 $tohandle[] = array ($oldsection, $oldreference) ;
447 foreach ($tohandle as $t) {
451 $res = db_query_params ('SELECT pfo_rbac_permissions_from_old($1,$2,$3)',
452 array ($role_id, $nsec, $nref)) ;
454 $arr = db_fetch_array($res) ;
455 $this->perms_array[$nsec][$nref] = $arr[0] ;
458 } // Explicit role (not Anonymous or LoggedIn)
464 function setSetting ($section, $reference, $value) {
465 $role_id = $this->getID () ;
467 $res = db_query_params ('DELETE FROM pfo_role_setting WHERE role_id=$1 AND section_name=$2 AND ref_id=$3',
472 $res = db_query_params ('INSERT INTO pfo_role_setting (role_id, section_name, ref_id, perm_val) VALUES ($1, $2, $3, $4)',
479 function getSettingsForProject ($project) {
481 $group_id = $project->getID() ;
484 $sections = array_keys ($this->role_values) ;
485 foreach ($sections as $section) {
486 if (!in_array ($section, $this->global_settings)) {
487 $result[$section][$group_id] = $this->getVal ($section, $group_id) ;
491 $sections = array ('projectadmin', 'frs', 'scm', 'docman', 'trackeradmin', 'newtracker', 'forumadmin', 'newforum', 'pmadmin', 'newpm', 'webcal') ;
492 foreach ($sections as $section) {
493 $result[$section][0] = $this->getVal ($section, 0) ;
497 $atf = new ArtifactTypeFactory ($project) ;
498 $tids = $atf->getAllArtifactTypeIds () ;
499 foreach ($tids as $tid) {
500 $result['tracker'][$tid] = $this->getVal ('tracker', $tid) ;
503 $ff = new ForumFactory ($project) ;
504 $fids = $ff->getAllForumIds () ;
505 foreach ($fids as $fid) {
506 $result['forum'][$fid] = $this->getVal ('forum', $fid) ;
509 $pgf = new ProjectGroupFactory ($project) ;
510 $pgids = $pgf->getAllProjectGroupIds () ;
511 foreach ($pgids as $pgid) {
512 $result['tracker'][$pgid] = $this->getVal ('pm', $pgid) ;
518 function getSetting($section, $reference) {
519 if (isset ($this->perms_array[$section][$reference])) {
520 $value = $this->perms_array[$section][$reference] ;
533 case 'approve_projects':
535 if ($this->hasGlobalPermission('forge_admin')) {
542 if ($this->hasGlobalPermission('forge_admin')) {
548 case 'project_admin':
549 if ($this->hasGlobalPermission('forge_admin')) {
556 case 'tracker_admin':
559 if ($this->hasPermission('project_admin', $reference)) {
566 if ($this->hasPermission('project_admin', $reference)) {
573 if ($this->hasPermission('project_admin', $reference)) {
580 if ($this->hasPermission('project_admin', $reference)) {
587 if ($this->hasPermission('forum_admin', forum_get_groupid($reference))) {
593 if ($this->hasPermission('forum_admin', $reference)) {
600 if ($this->hasPermission('tracker_admin', artifacttype_get_groupid($reference))) {
606 if ($this->hasPermission('tracker_admin', $reference)) {
613 if ($this->hasPermission('pm_admin', projectgroup_get_groupid($reference))) {
619 if ($this->hasPermission('pm_admin', $reference)) {
628 * getVal - get a value out of the array of settings for this role.
630 * @param string The name of the role.
631 * @param integer The ref_id (ex: group_artifact_id, group_forum_id) for this item.
632 * @return integer The value of this item.
634 function getVal($section,$ref_id) {
635 global $role_default_array;
640 return $this->getSetting ($section, $ref_id) ;
642 if (array_key_exists ($section, $this->setting_array)) {
643 return $this->setting_array[$section][$ref_id];
650 function setVal($section, $ref_id, $value) {
651 $this->setting_array[$section][$ref_id] = $value;
652 return $this->update( $this->getName(), $this->setting_array);
656 * &getRoleVals - get all the values and language text strings for this section.
658 * @return array Assoc array of values for this section.
660 function &getRoleVals($section) {
661 global $role_vals, $rbac_permission_names;
662 setup_rbac_strings () ;
665 // Optimization - save array so it is only built once per page view
667 if (!isset($role_vals[$section])) {
669 for ($i=0; $i<count($this->role_values[$section]); $i++) {
671 // Build an associative array of these key values + localized description
673 $role_vals[$section][$this->role_values[$section][$i]]=$rbac_permission_names["$section".$this->role_values[$section][$i]];
676 return $role_vals[$section];
679 function hasPermission($section, $reference, $action = NULL) {
682 $value = $this->getSetting ($section, $reference) ;
689 case 'approve_projects':
691 case 'project_admin':
693 case 'tracker_admin':
696 return ($value >= 1) ;
702 return ($value >= 1) ;
705 return ($value >= 2) ;
713 return ($value >= 1) ;
716 return ($value >= 2) ;
724 return ($value >= 1) ;
727 return ($value >= 2) ;
730 return ($value >= 3) ;
733 return ($value >= 4) ;
741 return ($value >= 1) ;
744 return ($value >= 2) ;
747 return ($value >= 3) ;
756 return ($value >= 1) ;
759 return ($value >= 2) ;
761 case 'unmoderated_post':
762 return ($value >= 3) ;
765 return ($value >= 4) ;
774 return (($value & 1) != 0) ;
777 return (($value & 2) != 0) ;
780 return (($value & 4) != 0) ;
789 return (($value & 1) != 0) ;
792 return (($value & 2) != 0) ;
795 return (($value & 4) != 0) ;
803 * update - update a new in the database.
805 * @param string The name of the role.
806 * @param array A multi-dimensional array of data in this format: $data['section_name']['ref_id']=$val
807 * @return boolean True on success or false on failure.
809 function update($role_name,$data) {
812 // Cannot update role_id=1
814 if ($this->getID() == 1 && !USE_PFO_RBAC) {
815 $this->setError('Cannot Update Default Role');
819 $perm =& $this->Group->getPermission ();
820 if (!$perm || !is_object($perm) || $perm->isError() || !$perm->isAdmin()) {
821 $this->setPermissionDeniedError();
830 if ($role_name != $this->getName()) {
831 $this->setName($role_name) ;
834 foreach ($data as $sect => $refs) {
835 foreach ($refs as $refid => $value) {
836 $this->setSetting ($sect, $refid, $value) ;
840 if (! $this->setName($role_name)) {
845 // Delete extra settings
846 db_query_params ('DELETE FROM role_setting WHERE role_id=$1 AND section_name <> ALL ($2)',
847 array ($this->getID(),
848 db_string_array_to_any_clause (array_keys ($this->role_values)))) ;
849 db_query_params ('DELETE FROM role_setting WHERE role_id=$1 AND section_name = $2 AND ref_id <> ALL ($3)',
850 array ($this->getID(),
852 db_int_array_to_any_clause (array_keys ($data['tracker'])))) ;
853 db_query_params ('DELETE FROM role_setting WHERE role_id=$1 AND section_name = $2 AND ref_id <> ALL ($3)',
854 array ($this->getID(),
856 db_int_array_to_any_clause (array_keys ($data['forum'])))) ;
857 db_query_params ('DELETE FROM role_setting WHERE role_id=$1 AND section_name = $2 AND ref_id <> ALL ($3)',
858 array ($this->getID(),
860 db_int_array_to_any_clause (array_keys ($data['pm'])))) ;
871 ////$data['section_name']['ref_id']=$val
872 $arr1 = array_keys($data);
873 for ($i=0; $i<count($arr1); $i++) {
874 // array_values($Report->adjust_days)
875 $arr2 = array_keys($data[$arr1[$i]]);
876 for ($j=0; $j<count($arr2); $j++) {
877 $usection_name=$arr1[$i];
879 $uvalue=$data[$usection_name][$uref_id];
887 // See if this setting changed. If so, then update it
889 // if ($this->getVal($usection_name,$uref_id) != $uvalue) {
890 $res = db_query_params ('UPDATE role_setting SET value=$1 WHERE role_id=$2 AND section_name=$3 AND ref_id=$4',
895 if (!$res || db_affected_rows($res) < 1) {
896 $res = db_query_params ('INSERT INTO role_setting (role_id, section_name, ref_id, value) VALUES ($1, $2, $3, $4)',
897 array ($this->getID(),
902 $this->setError('update::rolesettinginsert::'.db_error());
907 if ($usection_name == 'frs') {
908 $update_usergroup=true;
909 } elseif ($usection_name == 'scm') {
910 //$update_usergroup=true;
912 //iterate all users with this role
913 $res = db_query_params ('SELECT user_id FROM user_group WHERE role_id=$1',
914 array ($this->getID())) ;
915 for ($z=0; $z<db_numrows($res); $z++) {
917 //TODO - Shell should be separate flag
918 // If user acquired admin access to CVS,
919 // one to be given normal shell on CVS machine,
920 // else - restricted.
922 $cvs_flags=$data['scm'][0];
923 $res2 = db_query_params ('UPDATE user_group SET cvs_flags=$1 WHERE user_id=$2',
925 db_result($res,$z,'user_id')));
927 $this->setError('update::scm::'.db_error());
931 // I have doubt the following is usefull
932 // This is probably buggy if used
934 if (!$SYS->sysUserSetAttribute(db_result($res,$z,'user_id'),"debGforgeCvsShell","/bin/bash")) {
935 $this->setError($SYS->getErrorMessage());
940 if (!$SYS->sysUserSetAttribute(db_result($res,$z,'user_id'),"debGforgeCvsShell","/bin/cvssh")) {
941 $this->setError($SYS->getErrorMessage());
948 // If user acquired at least commit access to CVS,
949 // one to be promoted to CVS group, else, demoted.
952 if (!$SYS->sysGroupAddUser($this->Group->getID(),db_result($res,$z,'user_id'),1)) {
953 $this->setError($SYS->getErrorMessage());
958 if (!$SYS->sysGroupRemoveUser($this->Group->getID(),db_result($res,$z,'user_id'),1)) {
959 $this->setError($SYS->getErrorMessage());
967 } elseif ($usection_name == 'docman') {
968 $update_usergroup=true;
969 } elseif ($usection_name == 'forumadmin') {
970 $update_usergroup=true;
971 } elseif ($usection_name == 'trackeradmin') {
972 $update_usergroup=true;
973 } elseif ($usection_name == 'projectadmin') {
974 $update_usergroup=true;
975 } elseif ($usection_name == 'pmadmin') {
976 $update_usergroup=true;
981 // if ($update_usergroup) {
982 $keys = array ('forumadmin', 'pmadmin', 'trackeradmin', 'docman', 'scm', 'frs', 'projectadmin') ;
983 foreach ($keys as $k) {
984 if (!array_key_exists ($k, $data)) {
985 $data[$k] = array(0);
988 $res = db_query_params ('UPDATE user_group
997 array ($data['projectadmin'][0],
998 $data['forumadmin'][0],
1003 $data['trackeradmin'][0],
1006 $this->setError('::update::usergroup::'.db_error());
1015 $hook_params = array ();
1016 $hook_params['role'] =& $this;
1017 $hook_params['role_id'] = $this->getID();
1018 $hook_params['data'] = $data;
1019 plugin_hook ("role_update", $hook_params);
1023 $this->fetchData($this->getID());
1031 abstract class RoleExplicit extends BaseRole implements PFO_RoleExplicit {
1032 public function addUsers ($users) {
1034 foreach ($users as $user) {
1035 $ids[] = $user->getID() ;
1038 $already_there = array () ;
1039 $res = db_query_params ('SELECT user_id FROM pfo_user_role WHERE user_id=ANY($1) AND role_id=$2',
1040 array (db_int_array_to_any_clause($ids), $this->getID())) ;
1041 while ($arr =& db_fetch_array($res)) {
1042 $already_there[] = $arr['user_id'] ;
1045 foreach ($ids as $id) {
1046 if (!in_array ($id, $already_there)) {
1047 db_query_params ('INSERT INTO pfo_user_role (user_id, role_id) VALUES ($1, $2)',
1054 public function addUser ($user) {
1055 return $this->addUsers (array ($user)) ;
1058 public function removeUsers($users) {
1060 foreach ($users as $user) {
1061 $ids[] = $user->getID() ;
1064 $already_there = array () ;
1065 $res = db_query_params ('DELETE FROM pfo_user_role WHERE user_id=ANY($1) AND role_id=$2',
1066 array (db_int_array_to_any_clause($ids), $this->getID())) ;
1069 public function removeUser ($user) {
1070 return $this->removeUsers (array ($user)) ;
1073 public function getUsers() {
1074 $result = array () ;
1075 $res = db_query_params ('SELECT user_id FROM pfo_user_role WHERE role_id=$1',
1076 array ($this->getID())) ;
1077 while ($arr = db_fetch_array($res)) {
1078 $result[] = user_get_object ($arr['user_id']) ;
1084 public function hasUser($user) {
1085 $res = db_query_params ('SELECT user_id FROM pfo_user_role WHERE user_id=$1 AND role_id=$2',
1086 array (db_int_array_to_any_clause($user->getID()), $this->getID())) ;
1087 if ($res && $db_numrows($res)) {
1094 function getID() { // From the PFO spec
1095 return $this->data_array['role_id'];
1098 function getName() { // From the PFO spec
1099 return $this->data_array['role_name'];
1103 class RoleAnonymous extends BaseRole implements PFO_RoleAnonymous {
1104 // This role is implemented as a singleton
1105 private static $_instance ;
1107 public static function getInstance() {
1108 if (isset(self::$_instance)) {
1109 return self::$_instance ;
1113 self::$_instance = new $c ;
1115 $res = db_query_params ('SELECT r.role_id FROM pfo_role r, pfo_role_class c WHERE r.role_class = c.class_id AND c.class_name = $1',
1116 array ('PFO_RoleAnonymous')) ;
1117 if (!$res || !db_numrows($res)) {
1118 throw new Exception ("No PFO_RoleAnonymous role in the database") ;
1120 self::$_instance->_role_id = db_result ($res, 0, 'role_id') ;
1121 self::$_instance->fetchData (self::$_instance->_role_id) ;
1123 return self::$_instance ;
1126 public function getID () {
1127 return $this->_role_id ;
1129 public function isPublic () {
1132 public function setPublic ($flag) {
1133 throw new Exception ("Can't setPublic() on RoleAnonymous") ;
1135 public function getHomeProject () {
1138 public function getName () {
1139 return _('Anonymous/not logged in') ;
1141 public function setName ($name) {
1142 throw new Exception ("Can't setName() on RoleAnonymous") ;
1146 class RoleLoggedIn extends BaseRole implements PFO_RoleLoggedIn {
1147 // This role is implemented as a singleton
1148 private static $_instance ;
1150 public static function getInstance() {
1151 if (isset(self::$_instance)) {
1152 return self::$_instance ;
1156 self::$_instance = new $c ;
1158 $res = db_query_params ('SELECT r.role_id FROM pfo_role r, pfo_role_class c WHERE r.role_class = c.class_id AND c.class_name = $1',
1159 array ('PFO_RoleLoggedIn')) ;
1160 if (!$res || !db_numrows($res)) {
1161 throw new Exception ("No PFO_RoleLoggedIn role in the database") ;
1163 self::$_instance->_role_id = db_result ($res, 0, 'role_id') ;
1164 self::$_instance->fetchData (self::$_instance->_role_id) ;
1166 return self::$_instance ;
1169 public function getID () {
1170 return $this->_role_id ;
1172 public function isPublic () {
1175 public function setPublic ($flag) {
1176 throw new Exception ("Can't setPublic() on RoleLoggedIn") ;
1178 public function getHomeProject () {
1181 public function getName () {
1182 return _('Any user logged in') ;
1184 public function setName ($name) {
1185 throw new Exception ("Can't setName() on RoleLoggedIn") ;
1189 abstract class RoleUnion extends BaseRole implements PFO_RoleUnion {
1190 public function addRole ($role) {
1191 throw new Exception ("Not implemented") ;
1193 public function removeRole ($role) {
1194 throw new Exception ("Not implemented") ;
1200 // c-file-style: "bsd"