1 CREATE OR REPLACE FUNCTION pfo_rbac_permissions_from_old (rid integer, nsec text, nref integer) RETURNS integer AS $$
3 os role_setting%ROWTYPE ;
8 mastergroupid integer := 1 ;
9 newsgroupid integer := 0 ;
10 statsgroupid integer := 0 ;
14 SELECT group_id INTO newsgroupid FROM groups WHERE unix_group_name = 'newsadmin' ;
15 SELECT group_id INTO statsgroupid FROM groups WHERE unix_group_name = 'stats' ;
17 SELECT * INTO r FROM pfo_role WHERE old_role_id = rid ;
19 IF nsec = 'project_read' AND nref = r.home_group_id THEN
23 FOR os IN SELECT * FROM role_setting WHERE role_id = rid ORDER BY role_id, section_name, ref_id
25 SELECT group_id INTO opid FROM role WHERE role_id = os.role_id ;
27 IF os.section_name = 'projectadmin' THEN
28 CONTINUE WHEN os.value != 'A' ;
29 IF nsec = 'project_admin' AND nref = opid THEN
33 IF nsec = 'forge_admin' AND nref = -1 AND opid = mastergroupid THEN
36 IF nsec = 'approve_news' AND nref = -1 AND opid = newsgroupid THEN
39 IF nsec = 'forge_stats' AND nref = -1 AND opid = statsgroupid THEN
43 ELSIF os.section_name IN ('trackeradmin', 'pmadmin', 'forumadmin') THEN
44 CONTINUE WHEN os.value != '2' ;
45 onsec = CASE WHEN os.section_name = 'trackeradmin' THEN 'tracker_admin'
46 WHEN os.section_name = 'pmadmin' THEN 'pm_admin'
47 WHEN os.section_name = 'forumadmin' THEN 'forum_admin' END ;
48 IF nsec = onsec AND nref = opid THEN
52 ELSIF os.section_name IN ('tracker', 'newtracker') THEN
53 CONTINUE WHEN os.value = '-1' ;
54 onsec = CASE WHEN os.section_name = 'tracker' THEN os.section_name
55 WHEN os.section_name = 'newtracker' THEN 'new_tracker' END ;
56 onref = CASE WHEN os.section_name = 'tracker' THEN os.ref_id
57 WHEN os.section_name = 'newtracker' THEN opid END ;
58 onval = CASE WHEN os.value = '0' THEN 1
59 WHEN os.value = '1' THEN 3
60 WHEN os.value = '2' THEN 7
61 WHEN os.value = '3' THEN 5 END ;
62 IF nsec = onsec AND nref = onref THEN
66 ELSIF os.section_name IN ('pm', 'newpm') THEN
67 CONTINUE WHEN os.value = '-1' ;
68 onsec = CASE WHEN os.section_name = 'pm' THEN os.section_name
69 WHEN os.section_name = 'newpm' THEN 'new_pm' END ;
70 onref = CASE WHEN os.section_name = 'pm' THEN os.ref_id
71 WHEN os.section_name = 'newpm' THEN opid END ;
72 onval = CASE WHEN os.value = '0' THEN 1
73 WHEN os.value = '1' THEN 3
74 WHEN os.value = '2' THEN 7
75 WHEN os.value = '3' THEN 5 END ;
76 IF nsec = onsec AND nref = onref THEN
80 ELSIF os.section_name = 'forum' THEN
81 CONTINUE WHEN os.value = '-1' ;
82 onsec = os.section_name ;
84 SELECT moderation_level INTO tmp FROM forum_group_list WHERE group_forum_id = onref ;
85 onval = CASE WHEN os.value = '0' THEN 1
86 WHEN os.value = '1' AND tmp >= 2 THEN 2
87 WHEN os.value = '1' AND tmp <= 1 THEN 3
88 WHEN os.value = '2' THEN 4 END ;
89 IF nsec = onsec AND nref = onref THEN
93 ELSIF os.section_name = 'newforum' THEN
94 CONTINUE WHEN os.value = '-1' ;
97 onval = CASE WHEN os.value = '0' THEN 1
98 WHEN os.value = '1' THEN 2
99 WHEN os.value = '2' THEN 4 END ;
100 IF nsec = onsec AND nref = onref THEN
104 ELSIF os.section_name = 'docman' THEN
105 onsec = os.section_name ;
107 onval = CASE WHEN os.value = '0' THEN 1
108 WHEN os.value = '1' THEN 4 END ;
109 IF nsec = onsec AND nref = onref THEN
113 ELSIF os.section_name = 'frs' THEN
114 onsec = os.section_name ;
116 onval = CASE WHEN os.value = '0' THEN 1
117 WHEN os.value = '1' THEN 3 END ;
118 IF nsec = onsec AND nref = onref THEN
122 ELSIF os.section_name = 'scm' THEN
123 CONTINUE WHEN os.value = '-1' ;
124 onsec = os.section_name ;
126 onval = CASE WHEN os.value = '0' THEN 1
127 WHEN os.value = '1' THEN 2 END ;
128 IF nsec = onsec AND nref = onref THEN
132 ELSIF os.section_name = 'webcal' THEN
133 CONTINUE WHEN os.value = '0' ;
134 onsec = os.section_name ;
137 IF nsec = onsec AND nref = onref THEN
141 ELSIF os.section_name = 'plugin_mediawiki_edit' THEN
142 CONTINUE WHEN os.value = '0' ;
143 onsec = os.section_name ;
146 IF nsec = onsec AND nref = onref THEN
151 RAISE EXCEPTION 'Unknown setting % for role %', os.section_name, os.role_id ;
152 CONTINUE WHEN os.value = '0' ;
153 onsec = os.section_name ;
155 onval = os.value::integer ;
156 IF nsec = onsec AND nref = onref THEN
167 $$ LANGUAGE plpgsql ;
169 CREATE OR REPLACE FUNCTION migrate_role_observer_to_pfo_rbac () RETURNS void AS $$
172 t artifact_group_list%ROWTYPE ;
173 f forum_group_list%ROWTYPE ;
174 p project_group_list%ROWTYPE ;
175 need_loggedin boolean := false ;
177 FOR g IN SELECT * FROM groups WHERE is_public = 1
179 INSERT INTO role_project_refs VALUES (1, g.group_id) ;
180 INSERT INTO role_project_refs VALUES (2, g.group_id) ;
181 PERFORM insert_pfo_role_setting (1, 'project_read', g.group_id, 1) ;
182 PERFORM insert_pfo_role_setting (1, 'new_tracker', g.group_id, 1) ;
183 PERFORM insert_pfo_role_setting (1, 'new_pm', g.group_id, 1) ;
184 PERFORM insert_pfo_role_setting (1, 'new_forum', g.group_id, 1) ;
185 PERFORM insert_pfo_role_setting (1, 'frs', g.group_id, 1) ;
186 PERFORM insert_pfo_role_setting (2, 'project_read', g.group_id, 1) ;
187 PERFORM insert_pfo_role_setting (2, 'new_tracker', g.group_id, 1) ;
188 PERFORM insert_pfo_role_setting (2, 'new_pm', g.group_id, 1) ;
189 PERFORM insert_pfo_role_setting (2, 'new_forum', g.group_id, 1) ;
190 PERFORM insert_pfo_role_setting (2, 'frs', g.group_id, 1) ;
192 IF g.enable_anonscm = 1 THEN
193 PERFORM insert_pfo_role_setting (1, 'scm', g.group_id, 1) ;
194 PERFORM insert_pfo_role_setting (2, 'scm', g.group_id, 1) ;
197 FOR t IN SELECT * FROM artifact_group_list WHERE group_id = g.group_id AND is_public = 1
199 IF t.allow_anon = 1 THEN
200 PERFORM insert_pfo_role_setting (1, 'tracker', t.group_artifact_id, 1) ;
203 PERFORM insert_pfo_role_setting (2, 'tracker', t.group_artifact_id, 1) ;
206 FOR p IN SELECT * FROM project_group_list WHERE group_id = g.group_id AND is_public = 1
208 PERFORM insert_pfo_role_setting (1, 'pm', p.group_project_id, 1) ;
209 PERFORM insert_pfo_role_setting (2, 'pm', p.group_project_id, 1) ;
212 FOR f IN SELECT * FROM forum_group_list WHERE group_id = g.group_id AND is_public = 1
214 IF f.allow_anonymous = 1 THEN
215 IF f.moderation_level = 0 THEN
216 PERFORM insert_pfo_role_setting (1, 'forum', f.group_forum_id, 3) ;
218 PERFORM insert_pfo_role_setting (1, 'forum', f.group_forum_id, 2) ;
221 PERFORM insert_pfo_role_setting (1, 'forum', f.group_forum_id, 1) ;
224 IF f.moderation_level = 0 THEN
225 PERFORM insert_pfo_role_setting (2, 'forum', f.group_forum_id, 3) ;
227 PERFORM insert_pfo_role_setting (2, 'forum', f.group_forum_id, 2) ;
234 $$ LANGUAGE plpgsql ;