1 CREATE OR REPLACE FUNCTION pfo_rbac_permissions_from_old (rid integer, nsec text, nref integer) RETURNS integer AS $$
3 os role_setting%ROWTYPE ;
8 mastergroupid integer := 1 ;
9 newsgroupid integer := 0 ;
10 statsgroupid integer := 0 ;
14 SELECT group_id INTO newsgroupid FROM groups WHERE unix_group_name = 'newsadmin' ;
15 SELECT group_id INTO statsgroupid FROM groups WHERE unix_group_name = 'stats' ;
17 SELECT * INTO r FROM pfo_role WHERE old_role_id = rid ;
19 IF nsec = 'project_read' AND nref = r.home_group_id THEN
23 IF nsec = 'forge_admin' AND nref = -1 AND rid = 1 THEN
24 SELECT count(*) INTO tmp FROM role_setting WHERE role_id = rid ;
30 FOR os IN SELECT * FROM role_setting WHERE role_id = rid ORDER BY role_id, section_name, ref_id
32 SELECT group_id INTO opid FROM role WHERE role_id = os.role_id ;
34 IF os.section_name = 'projectadmin' THEN
35 CONTINUE WHEN os.value != 'A' ;
36 IF nsec = 'project_admin' AND nref = opid THEN
40 IF nsec = 'forge_admin' AND nref = -1 AND opid = mastergroupid THEN
43 IF nsec = 'approve_news' AND nref = -1 AND opid = newsgroupid THEN
46 IF nsec = 'forge_stats' AND nref = -1 AND opid = statsgroupid THEN
50 ELSIF os.section_name IN ('trackeradmin', 'pmadmin', 'forumadmin') THEN
51 CONTINUE WHEN os.value != '2' ;
52 onsec = CASE WHEN os.section_name = 'trackeradmin' THEN 'tracker_admin'
53 WHEN os.section_name = 'pmadmin' THEN 'pm_admin'
54 WHEN os.section_name = 'forumadmin' THEN 'forum_admin' END ;
55 IF nsec = onsec AND nref = opid THEN
59 ELSIF os.section_name IN ('tracker', 'newtracker') THEN
60 CONTINUE WHEN os.value = '-1' ;
61 onsec = CASE WHEN os.section_name = 'tracker' THEN os.section_name
62 WHEN os.section_name = 'newtracker' THEN 'new_tracker' END ;
63 onref = CASE WHEN os.section_name = 'tracker' THEN os.ref_id
64 WHEN os.section_name = 'newtracker' THEN opid END ;
65 onval = CASE WHEN os.value = '0' THEN 1
66 WHEN os.value = '1' THEN 3
67 WHEN os.value = '2' THEN 7
68 WHEN os.value = '3' THEN 5 END ;
69 IF nsec = onsec AND nref = onref THEN
73 ELSIF os.section_name IN ('pm', 'newpm') THEN
74 CONTINUE WHEN os.value = '-1' ;
75 onsec = CASE WHEN os.section_name = 'pm' THEN os.section_name
76 WHEN os.section_name = 'newpm' THEN 'new_pm' END ;
77 onref = CASE WHEN os.section_name = 'pm' THEN os.ref_id
78 WHEN os.section_name = 'newpm' THEN opid END ;
79 onval = CASE WHEN os.value = '0' THEN 1
80 WHEN os.value = '1' THEN 3
81 WHEN os.value = '2' THEN 7
82 WHEN os.value = '3' THEN 5 END ;
83 IF nsec = onsec AND nref = onref THEN
87 ELSIF os.section_name = 'forum' THEN
88 CONTINUE WHEN os.value = '-1' ;
89 onsec = os.section_name ;
91 SELECT moderation_level INTO tmp FROM forum_group_list WHERE group_forum_id = onref ;
92 onval = CASE WHEN os.value = '0' THEN 1
93 WHEN os.value = '1' AND tmp >= 2 THEN 2
94 WHEN os.value = '1' AND tmp <= 1 THEN 3
95 WHEN os.value = '2' THEN 4 END ;
96 IF nsec = onsec AND nref = onref THEN
100 ELSIF os.section_name = 'newforum' THEN
101 CONTINUE WHEN os.value = '-1' ;
102 onsec = 'new_forum' ;
104 onval = CASE WHEN os.value = '0' THEN 1
105 WHEN os.value = '1' THEN 2
106 WHEN os.value = '2' THEN 4 END ;
107 IF nsec = onsec AND nref = onref THEN
111 ELSIF os.section_name = 'docman' THEN
112 onsec = os.section_name ;
114 onval = CASE WHEN os.value = '0' THEN 1
115 WHEN os.value = '1' THEN 4 END ;
116 IF nsec = onsec AND nref = onref THEN
120 ELSIF os.section_name = 'frs' THEN
121 onsec = os.section_name ;
123 onval = CASE WHEN os.value = '0' THEN 1
124 WHEN os.value = '1' THEN 3 END ;
125 IF nsec = onsec AND nref = onref THEN
129 ELSIF os.section_name = 'scm' THEN
130 CONTINUE WHEN os.value = '-1' ;
131 onsec = os.section_name ;
133 onval = CASE WHEN os.value = '0' THEN 1
134 WHEN os.value = '1' THEN 2 END ;
135 IF nsec = onsec AND nref = onref THEN
139 ELSIF os.section_name = 'webcal' THEN
140 CONTINUE WHEN os.value = '0' ;
141 onsec = os.section_name ;
144 IF nsec = onsec AND nref = onref THEN
148 ELSIF os.section_name = 'plugin_mediawiki_edit' THEN
149 CONTINUE WHEN os.value = '0' ;
150 onsec = os.section_name ;
153 IF nsec = onsec AND nref = onref THEN
158 RAISE EXCEPTION 'Unknown setting % for role %', os.section_name, os.role_id ;
159 CONTINUE WHEN os.value = '0' ;
160 onsec = os.section_name ;
162 onval = os.value::integer ;
163 IF nsec = onsec AND nref = onref THEN
174 $$ LANGUAGE plpgsql ;
176 CREATE OR REPLACE FUNCTION migrate_role_observer_to_pfo_rbac () RETURNS void AS $$
179 t artifact_group_list%ROWTYPE ;
180 f forum_group_list%ROWTYPE ;
181 p project_group_list%ROWTYPE ;
182 need_loggedin boolean := false ;
184 FOR g IN SELECT * FROM groups WHERE is_public = 1
186 INSERT INTO role_project_refs VALUES (1, g.group_id) ;
187 INSERT INTO role_project_refs VALUES (2, g.group_id) ;
188 PERFORM insert_pfo_role_setting (1, 'project_read', g.group_id, 1) ;
189 PERFORM insert_pfo_role_setting (1, 'new_tracker', g.group_id, 1) ;
190 PERFORM insert_pfo_role_setting (1, 'new_pm', g.group_id, 1) ;
191 PERFORM insert_pfo_role_setting (1, 'new_forum', g.group_id, 1) ;
192 PERFORM insert_pfo_role_setting (1, 'frs', g.group_id, 1) ;
193 PERFORM insert_pfo_role_setting (2, 'project_read', g.group_id, 1) ;
194 PERFORM insert_pfo_role_setting (2, 'new_tracker', g.group_id, 1) ;
195 PERFORM insert_pfo_role_setting (2, 'new_pm', g.group_id, 1) ;
196 PERFORM insert_pfo_role_setting (2, 'new_forum', g.group_id, 1) ;
197 PERFORM insert_pfo_role_setting (2, 'frs', g.group_id, 1) ;
199 IF g.enable_anonscm = 1 THEN
200 PERFORM insert_pfo_role_setting (1, 'scm', g.group_id, 1) ;
201 PERFORM insert_pfo_role_setting (2, 'scm', g.group_id, 1) ;
204 FOR t IN SELECT * FROM artifact_group_list WHERE group_id = g.group_id AND is_public = 1
206 IF t.allow_anon = 1 THEN
207 PERFORM insert_pfo_role_setting (1, 'tracker', t.group_artifact_id, 1) ;
210 PERFORM insert_pfo_role_setting (2, 'tracker', t.group_artifact_id, 1) ;
213 FOR p IN SELECT * FROM project_group_list WHERE group_id = g.group_id AND is_public = 1
215 PERFORM insert_pfo_role_setting (1, 'pm', p.group_project_id, 1) ;
216 PERFORM insert_pfo_role_setting (2, 'pm', p.group_project_id, 1) ;
219 FOR f IN SELECT * FROM forum_group_list WHERE group_id = g.group_id AND is_public = 1
221 IF f.allow_anonymous = 1 THEN
222 IF f.moderation_level = 0 THEN
223 PERFORM insert_pfo_role_setting (1, 'forum', f.group_forum_id, 3) ;
225 PERFORM insert_pfo_role_setting (1, 'forum', f.group_forum_id, 2) ;
228 PERFORM insert_pfo_role_setting (1, 'forum', f.group_forum_id, 1) ;
231 IF f.moderation_level = 0 THEN
232 PERFORM insert_pfo_role_setting (2, 'forum', f.group_forum_id, 3) ;
234 PERFORM insert_pfo_role_setting (2, 'forum', f.group_forum_id, 2) ;
241 $$ LANGUAGE plpgsql ;