* Copyright 2004, GForge, LLC
* Copyright 2009-2010, Roland Mas
* Copyright 2012, Franck Villaume - TrivialDev
+ * http://fusionforge.org
*
* This file is part of FusionForge. FusionForge is free software;
* you can redistribute it and/or modify it under the terms of the
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
-require "PFO-RBAC.interface.php" ;
+require "PFO-RBAC.interface.php";
-if (true || file_exists ('/tmp/fusionforge-use-pfo-rbac')) {
- define ('USE_PFO_RBAC', true) ;
-} else {
- define ('USE_PFO_RBAC', false) ;
-}
+define ('USE_PFO_RBAC', true);
// Code shared between classes
+/**
+ * TODO: RBAC::BaseRole Enter description here ...
+ *
+ */
abstract class BaseRole extends Error {
+ /**
+ * TODO: Enter description here ...
+ * @var unknown_type
+ */
var $role_values;
+ /**
+ * TODO: Enter description here ...
+ * @var unknown_type
+ */
var $defaults;
+ /**
+ * TODO: Enter description here ...
+ * @var unknown_type
+ */
var $global_settings;
- public function BaseRole() {
- if (USE_PFO_RBAC) {
- $this->role_values = array (
- 'forge_admin' => array (0,1),
- 'approve_projects' => array (0,1),
- 'approve_news' => array (0,1),
- 'forge_stats' => array (0,1,2),
-
- 'project_read' => array (0,1),
- 'project_admin' => array (0,1),
-
- 'tracker_admin' => array (0,1),
- 'pm_admin' => array (0,1),
- 'forum_admin' => array (0,1),
-
- 'tracker' => array (0,1,3,5,7),
- 'pm' => array (0,1,3,5,7),
- 'forum' => array (0,1,2,3,4),
-
- 'new_tracker' => array (0,1,3,5,7),
- 'new_pm' => array (0,1,3,5,7),
- 'new_forum' => array (0,1,2,3,4),
-
- 'scm' => array (0,1,2),
- 'docman' => array (0,1,2,3,4),
- 'frs' => array (0,1,2,3),
-
- 'webcal' => array (0,1,2),
- );
-
- $this->global_settings = array (
- 'forge_admin',
- 'approve_projects',
- 'approve_news',
- 'forge_stats'
- );
-
- $this->defaults = array(
- 'Admin' => array( 'project_admin'=> 1,
- 'project_read' => 1,
- 'frs' => 2,
- 'scm' => 2,
- 'docman' => 3,
- 'forum_admin' => 1,
- 'new_forum' => 3,
- 'tracker_admin' => 1,
- 'new_tracker' => 7,
- 'pm_admin' => 1,
- 'new_pm' => 7,
- 'webcal' => 2,
- ),
- 'Senior Developer' => array( 'project_read' => 1,
- 'frs' => 2,
- 'scm' => 2,
- 'docman' => 3,
- 'forum_admin' => 1,
- 'new_forum' => 3,
- 'tracker_admin' => 1,
- 'new_tracker' => 7,
- 'pm_admin' => 1,
- 'new_pm' => 7,
- 'webcal' => 2,
- ),
- 'Junior Developer' => array( 'project_read' => 1,
- 'frs' => 2,
- 'scm' => 2,
- 'docman' => 2,
- 'new_forum' => 3,
- 'new_tracker' => 3,
- 'new_pm' => 3,
- 'webcal' => 2,
- ),
- 'Doc Writer' => array( 'project_read' => 1,
- 'frs' => 2,
- 'docman' => 4,
- 'new_forum' => 3,
- 'new_tracker' => 1,
- 'new_pm' => 1,
- 'webcal' => 2,
- ),
- 'Support Tech' => array( 'project_read' => 1,
- 'frs' => 2,
- 'docman' => 1,
- 'new_forum' => 3,
- 'tracker_admin' => 1,
- 'new_tracker' => 3,
- 'pm_admin' => 1,
- 'new_pm' => 7,
- 'webcal' => 2,
- ),
- );
- } else {
- $this->role_values = array(
- 'projectadmin' => array ('0','A'),
- 'frs' => array ('0','1'),
- 'scm' => array ('-1','0','1'),
- 'docman' => array ('0','1'),
- 'forumadmin' => array ('0','2'),
- 'forum' => array ('-1','0','1','2'),
- 'newforum' => array ('-1','0','1','2'),
- 'trackeradmin' => array ('0','2'),
- 'tracker' => array ('-1','0','1','2','3'),
- 'newtracker' => array ('-1','0','1','2','3'),
- 'pmadmin' => array ('0','2'),
- 'pm' => array ('-1','0','1','2','3'),
- 'newpm' => array ('-1','0','1','2','3'),
- 'webcal' => array ('0','1','2'));
-
- $this->defaults = array(
- 'Admin' => array( 'projectadmin'=>'A',
- 'frs'=>'1',
- 'scm'=>'1',
- 'docman'=>'1',
- 'forumadmin'=>'2',
- 'forum'=>'2',
- 'newforum'=>'2',
- 'trackeradmin'=>'2',
- 'tracker'=>'2',
- 'newtracker'=>'2',
- 'pmadmin'=>'2',
- 'pm'=>'2',
- 'newpm'=>'2',
- 'webcal'=>'1' ),
- 'Senior Developer'=> array( 'projectadmin'=>'0',
- 'frs'=>'1',
- 'scm'=>'1',
- 'docman'=>'1',
- 'forumadmin'=>'2',
- 'forum'=>'2',
- 'newforum'=>'2',
- 'trackeradmin'=>'2',
- 'tracker'=>'2',
- 'newtracker'=>'2',
- 'pmadmin'=>'2',
- 'pm'=>'2',
- 'newpm'=>'2',
- 'webcal'=>'2' ),
- 'Junior Developer'=> array( 'projectadmin'=>'0',
- 'frs'=>'0',
- 'scm'=>'1',
- 'docman'=>'0',
- 'forumadmin'=>'0',
- 'forum'=>'1',
- 'newforum'=>'1',
- 'trackeradmin'=>'0',
- 'tracker'=>'1',
- 'newtracker'=>'1',
- 'pmadmin'=>'0',
- 'pm'=>'1',
- 'newpm'=>'1',
- 'webcal'=>'2' ),
- 'Doc Writer' => array( 'projectadmin'=>'0',
- 'frs'=>'0',
- 'scm'=>'0',
- 'docman'=>'1',
- 'forumadmin'=>'0',
- 'forum'=>'1',
- 'newforum'=>'1',
- 'trackeradmin'=>'0',
- 'tracker'=>'0',
- 'newtracker'=>'0',
- 'pmadmin'=>'0',
- 'pm'=>'0' ,
- 'newpm'=>'0' ,
- 'webcal'=>'2'),
- 'Support Tech' => array( 'projectadmin'=>'0',
- 'frs'=>'0',
- 'scm'=>'0',
- 'docman'=>'1',
- 'forumadmin'=>'0',
- 'forum'=>'1',
- 'newforum'=>'1',
- 'trackeradmin'=>'0',
- 'tracker'=>'2',
- 'newtracker'=>'2',
- 'pmadmin'=>'0',
- 'pm'=>'0' ,
- 'newpm'=>'0' ,
- 'webcal'=>'2')
- );
+ // var $perms_array;
+ // var $setting_array;
- }
+ public function BaseRole() {
+ // TODO: document these tables
+ // $gfcommon.'include/rbac_texts.php' may provide some hints...
+ $this->role_values = array(
+ 'forge_admin' => array(0, 1),
+ 'approve_projects' => array(0, 1),
+ 'approve_news' => array(0, 1),
+ 'forge_stats' => array(0, 1, 2),
+
+ 'project_read' => array(0, 1),
+ 'project_admin' => array(0, 1),
+
+ 'tracker_admin' => array(0, 1),
+ 'pm_admin' => array(0, 1),
+ 'forum_admin' => array(0, 1),
+
+ 'tracker' => array(0, 1, 3, 5, 7),
+ 'pm' => array(0, 1, 3, 5, 7),
+ 'forum' => array(0, 1, 2, 3, 4),
+
+ 'new_tracker' => array(0, 1, 3, 5, 7),
+ 'new_pm' => array(0, 1, 3, 5, 7),
+ 'new_forum' => array(0, 1, 2, 3, 4),
+
+ 'scm' => array (0, 1, 2),
+ 'docman' => array (0, 1, 2, 3, 4),
+ 'frs' => array (0, 1, 2, 3),
+
+// 'webcal' => array(0, 1, 2),
+ );
+
+ // Global permissions
+ $this->global_settings = array(
+ 'forge_admin', // “God mode”: all actions allowed
+ 'approve_projects', // Ability to approve pending projects
+ 'approve_news', // Ability to approve news bits to the forge front page
+ 'forge_stats'
+ );
+
+ // TODO: document these (Project-related permissions ?)
+ $this->defaults = array(
+ 'Admin' => array( 'project_admin'=> 1,
+ 'project_read' => 1,
+ 'frs' => 2,
+ 'scm' => 2,
+ 'docman' => 3,
+ 'forum_admin' => 1,
+ 'new_forum' => 3,
+ 'tracker_admin' => 1,
+ 'new_tracker' => 7,
+ 'pm_admin' => 1,
+ 'new_pm' => 7,
+ 'webcal' => 2,
+ ),
+ 'Senior Developer' => array( 'project_read' => 1,
+ 'frs' => 2,
+ 'scm' => 2,
+ 'docman' => 3,
+ 'forum_admin' => 1,
+ 'new_forum' => 3,
+ 'tracker_admin' => 1,
+ 'new_tracker' => 7,
+ 'pm_admin' => 1,
+ 'new_pm' => 7,
+ 'webcal' => 2,
+ ),
+ 'Junior Developer' => array( 'project_read' => 1,
+ 'frs' => 2,
+ 'scm' => 2,
+ 'docman' => 2,
+ 'new_forum' => 3,
+ 'new_tracker' => 3,
+ 'new_pm' => 3,
+ 'webcal' => 2,
+ ),
+ 'Doc Writer' => array( 'project_read' => 1,
+ 'frs' => 2,
+ 'docman' => 4,
+ 'new_forum' => 3,
+ 'new_tracker' => 1,
+ 'new_pm' => 1,
+ 'webcal' => 2,
+ ),
+ 'Support Tech' => array( 'project_read' => 1,
+ 'frs' => 2,
+ 'docman' => 1,
+ 'new_forum' => 3,
+ 'tracker_admin' => 1,
+ 'new_tracker' => 3,
+ 'pm_admin' => 1,
+ 'new_pm' => 7,
+ 'webcal' => 2,
+ ),
+ );
}
public function getUsers() {
public function hasUser($user) {
throw new Exception ("Not implemented") ;
}
- function hasGlobalPermission($section, $action = NULL) {
+ function hasGlobalPermission($section, $action = NULL) {
return $this->hasPermission ($section, -1, $action) ;
}
public function getSettings() {
}
/**
- * getLinkedProjects - List of projects referencing that role
+ * getLinkedProjects - List of projects referencing that role
*
- * Includes the home project (for roles that have one)
+ * Includes the home project (for roles that have one)
*
- * @return array Array of Group objects
+ * @return array Array of Group objects
*/
- public function getLinkedProjects () {
- $ids = array () ;
+ public function getLinkedProjects() {
+ $ids = array();
- $hp = $this->getHomeProject () ;
+ $hp = $this->getHomeProject();
if ($hp != NULL) {
- $ids[] = $hp->getID() ;
+ $ids[] = $hp->getID();
}
- $res = db_query_params ('SELECT group_id FROM role_project_refs WHERE role_id=$1',
- array ($this->getID())) ;
+ $res = db_query_params('SELECT group_id FROM role_project_refs WHERE role_id=$1',
+ array($this->getID()));
if ($res) {
while ($arr = db_fetch_array ($res)) {
- $ids[] = $arr['group_id'] ;
+ $ids[] = $arr['group_id'];
}
}
- return group_get_objects (array_unique ($ids)) ;
+ return group_get_objects(array_unique($ids));
}
function linkProject ($project) { // From the PFO spec
global $SYS;
- $hp = $this->getHomeProject () ;
+ $hp = $this->getHomeProject();
if ($hp != NULL && $hp->getID() == $project->getID()) {
- $this->setError ("Can't link to home project") ;
- return false ;
+ $this->setError(_("Can't link to home project"));
+ return false;
}
$res = db_query_params('SELECT group_id FROM role_project_refs WHERE role_id=$1 AND group_id=$2',
- array ($this->getID(),
- $project->getID()));
+ array($this->getID(),
+ $project->getID()));
if (db_numrows($res)) {
return true ;
}
$res = db_query_params('INSERT INTO role_project_refs (role_id, group_id) VALUES ($1, $2)',
- array ($this->getID(),
- $project->getID()));
+ array($this->getID(),
+ $project->getID()));
if (!$res || db_affected_rows($res) < 1) {
$this->setError('linkProject('.$project->getID().') '.db_error());
return false;
return true ;
}
- function unlinkProject ($project) { // From the PFO spec
+ function unlinkProject($project) { // From the PFO spec
global $SYS;
- $hp = $this->getHomeProject () ;
+ $hp = $this->getHomeProject();
if ($hp != NULL && $hp->getID() == $project->getID()) {
- $this->setError ("Can't unlink from home project") ;
- return false ;
+ $this->setError (_("Can't unlink from home project"));
+ return false;
}
$res = db_query_params('DELETE FROM role_project_refs WHERE role_id=$1 AND group_id=$2',
- array ($this->getID(),
- $project->getID()));
+ array($this->getID(),
+ $project->getID()));
if (!$res) {
$this->setError('unlinkProject('.$project->getID().') '.db_error());
return false;
}
- $this->removeObsoleteSettings () ;
+ $this->removeObsoleteSettings ();
foreach ($this->getUsers() as $u) {
if (!$SYS->sysCheckCreateUser($u->getID())) {
}
/**
- * fetchData - May need to refresh database fields.
+ * fetchData - May need to refresh database fields.
*
- * If an update occurred and you need to access the updated info.
+ * If an update occurred and you need to access the updated info.
*
- * @return boolean success;
+ * @return boolean success;
*/
function fetchData($role_id) {
unset($this->data_array);
unset($this->setting_array);
unset($this->perms_array);
- if (USE_PFO_RBAC) {
- $res = db_query_params ('SELECT * FROM pfo_role WHERE role_id=$1',
- array ($role_id)) ;
- if (!$res || db_numrows($res) < 1) {
- $this->setError('BaseRole::fetchData()::'.db_error());
- return false;
- }
- $this->data_array = db_fetch_array($res);
- if ($this->data_array['is_public'] == 't') {
- $this->data_array['is_public'] = true ;
- } else {
- $this->data_array['is_public'] = false ;
- }
- $res = db_query_params ('SELECT section_name, ref_id, perm_val FROM pfo_role_setting WHERE role_id=$1',
- array ($role_id)) ;
- if (!$res) {
- $this->setError('BaseRole::fetchData()::'.db_error());
- return false;
- }
- $this->perms_array=array();
- while ($arr = db_fetch_array($res)) {
- $this->perms_array[$arr['section_name']][$arr['ref_id']] = $arr['perm_val'];
- }
+ $res = db_query_params('SELECT * FROM pfo_role WHERE role_id=$1',
+ array ($role_id)) ;
+ if (!$res || db_numrows($res) < 1) {
+ $this->setError('BaseRole::fetchData()::'.db_error());
+ return false;
+ }
+ $this->data_array = db_fetch_array($res);
+ if ($this->data_array['is_public'] == 't') {
+ $this->data_array['is_public'] = true;
} else {
- if ($this instanceof RoleAnonymous) {
- $res = db_query_params ('SELECT group_id, enable_anonscm FROM groups WHERE is_public=1',
- array ()) ;
- while ($arr = db_fetch_array($res)) {
- $this->perms_array['project_read'][$arr['group_id']] = 1 ;
- $this->perms_array['frs'][$arr['group_id']] = 1 ;
- $this->perms_array['scm'][$arr['group_id']] = $arr['enable_anonscm'] ;
- }
-
- $res = db_query_params ('SELECT t.group_artifact_id FROM artifact_group_list t, groups g WHERE t.is_public=1 AND t.allow_anon=1 AND g.is_public=1 AND t.group_id = g.group_id',
- array ()) ;
- while ($arr = db_fetch_array($res)) {
- $this->perms_array['tracker'][$arr['group_artifact_id']] = 1 ;
- }
-
- $res = db_query_params ('SELECT p.group_project_id FROM project_group_list p, groups g WHERE p.is_public=1 AND g.is_public=1 AND p.group_id = g.group_id',
- array ()) ;
- while ($arr = db_fetch_array($res)) {
- $this->perms_array['pm'][$arr['group_project_id']] = 1 ;
- }
-
- $res = db_query_params ('SELECT f.group_forum_id, f.allow_anonymous, f.moderation_level FROM forum_group_list f, groups g WHERE f.is_public=1 AND g.is_public=1 AND f.group_id = g.group_id',
- array ()) ;
- while ($arr = db_fetch_array($res)) {
- if ($arr['allow_anonymous'] == 1) {
- if ($arr['moderation_level'] == 0) {
- $this->perms_array['forum'][$arr['group_forum_id']] = 3 ;
- } else {
- $this->perms_array['forum'][$arr['group_forum_id']] = 2 ;
- }
- } else {
- $this->perms_array['forum'][$arr['group_forum_id']] = 1 ;
- }
- }
- } elseif ($this instanceof RoleLoggedIn) {
- $res = db_query_params ('SELECT group_id, enable_anonscm FROM groups WHERE is_public=1',
- array ()) ;
- while ($arr = db_fetch_array($res)) {
- $this->perms_array['project_read'][$arr['group_id']] = 1 ;
- $this->perms_array['frs'][$arr['group_id']] = 1 ;
- $this->perms_array['scm'][$arr['group_id']] = $arr['enable_anonscm'] ;
- }
-
- $res = db_query_params ('SELECT t.group_artifact_id FROM artifact_group_list t, groups g WHERE t.is_public=1 AND g.is_public=1 AND t.group_id = g.group_id',
- array ()) ;
- while ($arr = db_fetch_array($res)) {
- $this->perms_array['tracker'][$arr['group_artifact_id']] = 1 ;
- }
-
- $res = db_query_params ('SELECT p.group_project_id FROM project_group_list p, groups g WHERE p.is_public=1 AND g.is_public=1 AND p.group_id = g.group_id',
- array ()) ;
- while ($arr = db_fetch_array($res)) {
- $this->perms_array['pm'][$arr['group_project_id']] = 1 ;
- }
-
- $res = db_query_params ('SELECT f.group_forum_id, f.moderation_level FROM forum_group_list f, groups g WHERE f.is_public=1 AND g.is_public=1 AND f.group_id = g.group_id',
- array ()) ;
- while ($arr = db_fetch_array($res)) {
- if ($arr['moderation_level'] == 0) {
- $this->perms_array['forum'][$arr['group_forum_id']] = 3 ;
- } else {
- $this->perms_array['forum'][$arr['group_forum_id']] = 2 ;
- }
- }
- } else {
- $res = db_query_params ('SELECT * FROM role WHERE role_id=$1',
- array ($role_id)) ;
- if (!$res || db_numrows($res) < 1) {
- $this->setError('BaseRole::fetchData()::'.db_error());
- return false;
- }
- $this->data_array = db_fetch_array($res);
-
- // Load pre-PFO RBAC settings...
- $res = db_query_params ('SELECT * FROM role_setting WHERE role_id=$1',
- array ($role_id)) ;
- if (!$res) {
- $this->setError('BaseRole::fetchData()::'.db_error());
- return false;
- }
- $this->setting_array=array();
- while ($arr = db_fetch_array($res)) {
- $this->setting_array[$arr['section_name']][$arr['ref_id']] = $arr['value'];
- }
-
- // ...and map section names and values to the new values
-
- if ($this->data_array['group_id'] == forge_get_config ('stats_group')) {
- $this->perms_array['forge_stats'][-1] = 2 ;
- }
-
- $this->perms_array=array();
- $tohandle = array () ;
- $gid = $this->data_array['group_id'] ;
- if ($gid == 1 && count ($this->setting_array) == 0) {
- $tohandle[] = array ('forge_admin', -1) ;
- }
- foreach ($this->setting_array as $oldsection => $t) {
- switch ($oldsection) {
- case 'projectadmin':
- $tohandle[] = array ('project_admin', $gid) ;
- if ($this->data_array['group_id'] == 1 && $t[0] == 'A') {
- $tohandle[] = array ('forge_admin', -1) ;
- }
- if ($this->data_array['group_id'] == forge_get_config ('news_group') && $t[0] == 'A') {
- $tohandle[] = array ('approve_news', -1) ;
- }
- if ($this->data_array['group_id'] == forge_get_config ('stats_group') && $t[0] == 'A') {
- $tohandle[] = array ('forge_stats', -1) ;
- }
- break ;
- case 'trackeradmin':
- $tohandle[] = array ('tracker_admin', $gid) ;
- break ;
- case 'pmadmin':
- $tohandle[] = array ('pm_admin', $gid) ;
- break ;
- case 'forumadmin':
- $tohandle[] = array ('forum_admin', $gid) ;
- break ;
-
- case 'newtracker':
- $tohandle[] = array ('new_tracker', $gid) ;
- break ;
- case 'newpm':
- $tohandle[] = array ('new_pm', $gid) ;
- break ;
- case 'newforum':
- $tohandle[] = array ('new_forum', $gid) ;
- break ;
-
- default:
- foreach ($t as $oldreference => $oldvalue) {
- $tohandle[] = array ($oldsection, $oldreference) ;
- break ;
- }
- }
- }
-
- foreach ($tohandle as $t) {
- $nsec = $t[0] ;
- $nref = $t[1] ;
-
- $res = db_query_params ('SELECT pfo_rbac_permissions_from_old($1,$2,$3)',
- array ($role_id, $nsec, $nref)) ;
- if ($res) {
- $arr = db_fetch_array($res) ;
- $this->perms_array[$nsec][$nref] = $arr[0] ;
- }
- }
- } // Explicit role (not Anonymous or LoggedIn)
+ $this->data_array['is_public'] = false;
+ }
+ $res = db_query_params('SELECT section_name, ref_id, perm_val FROM pfo_role_setting WHERE role_id=$1',
+ array($role_id));
+ if (!$res) {
+ $this->setError('BaseRole::fetchData()::'.db_error());
+ return false;
+ }
+ // TODO: document perms_array
+ $this->perms_array=array();
+ while ($arr = db_fetch_array($res)) {
+ $this->perms_array[$arr['section_name']][$arr['ref_id']] = $arr['perm_val'];
}
return true;
$result = array () ;
$group_id = $project->getID() ;
- if (USE_PFO_RBAC) {
- $sections = array ('project_read', 'project_admin', 'frs', 'scm', 'docman', 'tracker_admin', 'new_tracker', 'forum_admin', 'new_forum', 'pm_admin', 'new_pm') ;
- foreach ($sections as $section) {
- $result[$section][$group_id] = $this->getVal ($section, $group_id) ;
- }
- } else {
- $sections = array ('projectadmin', 'frs', 'scm', 'docman', 'trackeradmin', 'newtracker', 'forumadmin', 'newforum', 'pmadmin', 'newpm', 'webcal') ;
- foreach ($sections as $section) {
- $result[$section][0] = $this->getVal ($section, 0) ;
- }
+ $sections = array ('project_read', 'project_admin', 'frs', 'scm', 'docman', 'tracker_admin', 'new_tracker') ;
+ foreach ($sections as $section) {
+ $result[$section][$group_id] = $this->getVal ($section, $group_id) ;
}
$atf = new ArtifactTypeFactory ($project) ;
foreach ($tids as $tid) {
$result['tracker'][$tid] = $this->getVal ('tracker', $tid) ;
}
- $sections[] = 'tracker' ;
+ array_push ($sections,'tracker');
+ $sections_forum = array('forum_admin', 'new_forum');
+ foreach ($sections_forum as $section_forum) {
+ $result[$section_forum][$group_id] = $this->getVal ($section_forum, $group_id) ;
+ }
+ $sections = array_merge($sections, $sections_forum);
+
$ff = new ForumFactory ($project) ;
- $fids = $ff->getAllForumIds () ;
+ $fids = $ff->getAllForumIdsWithNews () ;
foreach ($fids as $fid) {
$result['forum'][$fid] = $this->getVal ('forum', $fid) ;
}
- $sections[] = 'forum' ;
+ array_push ($sections,'forum');
+ $sections_pm = array('pm_admin', 'new_pm');
+ foreach ($sections_pm as $section_pm) {
+ $result[$section_pm][$group_id] = $this->getVal ($section_pm, $group_id) ;
+ }
+ $sections = array_merge($sections, $sections_pm);
$pgf = new ProjectGroupFactory ($project) ;
$pgids = $pgf->getAllProjectGroupIds () ;
foreach ($pgids as $pgid) {
$result['pm'][$pgid] = $this->getVal ('pm', $pgid) ;
}
- $sections[] = 'pm' ;
-
-
- if (USE_PFO_RBAC) {
- // Add settings not yet listed so far (probably plugins)
- // Currently handled:
- // - global settings (ignored here)
- // - project-wide settings (core and plugins)
- // - settings for multiple-instance tools coming from the core (trackers/pm/forums)
- // TODO:
- // - settings for multiple-instance tools from plugins
- foreach (array_keys ($this->perms_array) as $section) {
- if (!in_array ($section, $sections)) {
- if (!in_array ($section, $this->global_settings)) {
- $result[$section][$group_id] = $this->getVal ($section, $group_id) ;
- }
+ array_push ($sections,'pm') ;
+
+
+ // Add settings not yet listed so far (probably plugins)
+ // Currently handled:
+ // - global settings (ignored here)
+ // - project-wide settings (core and plugins)
+ // - settings for multiple-instance tools coming from the core (trackers/pm/forums)
+ // TODO:
+ // - settings for multiple-instance tools from plugins
+ foreach (array_keys ($this->perms_array) as $section) {
+ if (!in_array ($section, $sections)) {
+ if (!in_array ($section, $this->global_settings)) {
+ $result[$section][$group_id] = $this->getVal ($section, $group_id) ;
}
}
}
return $result ;
}
+ /**
+ * TODO: Enter description here ...
+ * @return multitype:
+ */
function getGlobalSettings () {
$result = array () ;
$sections = array ('forge_admin', 'forge_stats', 'approve_projects', 'approve_news') ;
foreach ($sections as $section) {
- $result[$section][-1] = $this->getVal ($section, -1) ;
+ $result[$section][-1] = $this->getVal($section, -1) ;
}
// Add settings not yet listed so far (probably plugins)
foreach (array_keys ($this->perms_array) as $section) {
return $result ;
}
- function getSetting($section, $reference) {
- $r = $this->getSettingRaw($section, $reference);
- if ($r == NULL) {
- return 0;
- }
- return $r;
- }
-
- function getSettingRaw($section, $reference) {
- if (isset ($this->perms_array[$section][$reference])) {
- $value = $this->perms_array[$section][$reference] ;
- } else {
- $value = 0 ;
+ /**
+ * TODO: Enter description here ...
+ * @param unknown_type $section
+ * @param unknown_type $reference
+ * @return number|boolean
+ */
+ function getSetting($section, $reference) {
+ $value = $this->getSettingRaw($section, $reference);
+ if ($value == NULL) {
+ $value = 0;
}
+
$min = PHP_INT_MAX ;
$mask = 0 ;
-
+
switch ($section) {
case 'forge_admin':
return $value ;
break ;
-
+
case 'forge_read':
case 'approve_projects':
case 'approve_news':
}
return $value ;
break ;
-
+
case 'forge_stats':
if ($this->hasGlobalPermission('forge_admin')) {
return 2 ;
}
return $value ;
break ;
-
+
case 'project_admin':
if ($this->hasGlobalPermission('forge_admin')) {
return 1 ;
}
return $value ;
break ;
-
+
case 'project_read':
case 'tracker_admin':
case 'pm_admin':
}
return $value ;
break ;
-
+
case 'scm':
if ($this->hasPermission('project_admin', $reference)) {
return 2 ;
}
return $value ;
break ;
-
+
case 'docman':
if ($this->hasPermission('project_admin', $reference)) {
return 4 ;
}
return $value ;
break ;
-
+
case 'frs':
if ($this->hasPermission('project_admin', $reference)) {
return 3 ;
}
return $value ;
break ;
-
+
case 'forum':
if ($this->hasPermission('forum_admin', forum_get_groupid($reference))) {
return 4 ;
}
return $value ;
break ;
-
+
case 'tracker':
if ($this->hasPermission('tracker_admin', artifacttype_get_groupid($reference))) {
return 5 | $value ;
}
}
+ function getSettingRaw($section, $reference) {
+ if (isset ($this->perms_array[$section][$reference])) {
+ return $this->perms_array[$section][$reference] ;
+ }
+ }
+
/**
* getVal - get a value out of the array of settings for this role.
*
* @param integer The ref_id (ex: group_artifact_id, group_forum_id) for this item.
* @return integer The value of this item.
*/
- function getVal($section,$ref_id) {
+ function getVal($section, $ref_id) {
global $role_default_array;
if (!$ref_id) {
$ref_id=0;
}
- if (USE_PFO_RBAC) {
- return $this->getSetting ($section, $ref_id) ;
- } else {
- if (array_key_exists ($section, $this->setting_array)) {
- return $this->setting_array[$section][$ref_id];
- } else {
- return 0 ;
- }
- }
+ return $this->getSetting($section, $ref_id) ;
}
/**
function hasPermission($section, $reference, $action = NULL) {
$result = false ;
-
+
$value = $this->getSetting ($section, $reference) ;
$min = PHP_INT_MAX ;
$mask = 0 ;
-
+
switch ($section) {
case 'forge_admin':
case 'forge_read':
case 'forum_admin':
return ($value >= 1) ;
break ;
-
+
case 'forge_stats':
switch ($action) {
case 'read':
break ;
}
break ;
-
+
case 'scm':
switch ($action) {
case 'read':
break ;
}
break ;
-
+
case 'docman':
switch ($action) {
case 'read':
break ;
}
break ;
-
+
case 'frs':
switch ($action) {
case 'read_public':
break ;
}
break ;
-
+
case 'forum':
case 'new_forum':
switch ($action) {
break ;
}
break ;
-
+
case 'tracker':
case 'new_tracker':
switch ($action) {
*/
function update($role_name,$data,$check_perms=true) {
global $SYS;
- if (USE_PFO_RBAC) {
- if ($check_perms) {
- if ($this->getHomeProject() == NULL) {
- if (!forge_check_global_perm ('forge_admin')) {
- $this->setPermissionDeniedError();
- return false;
- }
- } elseif (!forge_check_perm ('project_admin', $this->getHomeProject()->getID())) {
+ if ($check_perms) {
+ if ($this->getHomeProject() == NULL) {
+ if (!forge_check_global_perm ('forge_admin')) {
$this->setPermissionDeniedError();
return false;
}
- }
- } else {
- $perm =& $this->Group->getPermission ();
- if (!$perm || !is_object($perm) || $perm->isError() || !$perm->isAdmin()) {
+ } elseif (!forge_check_perm ('project_admin', $this->getHomeProject()->getID())) {
$this->setPermissionDeniedError();
return false;
}
- //
- // Cannot update role_id=1
- //
- if ($this->getID() == 1) {
- $this->setError('Cannot Update Default Role');
- return false;
- }
}
db_begin();
- if (USE_PFO_RBAC) {
- if ($role_name != $this->getName()) {
- $this->setName($role_name) ;
- }
-
- foreach ($data as $sect => $refs) {
- foreach ($refs as $refid => $value) {
- $this->setSetting ($sect, $refid, $value) ;
- }
- }
- } else {
- if (! $this->setName($role_name)) {
- db_rollback();
- return false;
- }
-
- // Delete extra settings
- db_query_params ('DELETE FROM role_setting WHERE role_id=$1 AND section_name <> ALL ($2)',
- array ($this->getID(),
- db_string_array_to_any_clause (array_keys ($this->role_values)))) ;
- db_query_params ('DELETE FROM role_setting WHERE role_id=$1 AND section_name = $2 AND ref_id <> ALL ($3)',
- array ($this->getID(),
- 'tracker',
- db_int_array_to_any_clause (array_keys ($data['tracker'])))) ;
- db_query_params ('DELETE FROM role_setting WHERE role_id=$1 AND section_name = $2 AND ref_id <> ALL ($3)',
- array ($this->getID(),
- 'forum',
- db_int_array_to_any_clause (array_keys ($data['forum'])))) ;
- db_query_params ('DELETE FROM role_setting WHERE role_id=$1 AND section_name = $2 AND ref_id <> ALL ($3)',
- array ($this->getID(),
- 'pm',
- db_int_array_to_any_clause (array_keys ($data['pm'])))) ;
-
-////$data['section_name']['ref_id']=$val
- $arr1 = array_keys($data);
- for ($i=0; $i<count($arr1); $i++) {
- // array_values($Report->adjust_days)
- $arr2 = array_keys($data[$arr1[$i]]);
- for ($j=0; $j<count($arr2); $j++) {
- $usection_name=$arr1[$i];
- $uref_id=$arr2[$j];
- $uvalue=$data[$usection_name][$uref_id];
- if (!$uref_id) {
- $uref_id=0;
- }
- if (!$uvalue) {
- $uvalue=0;
- }
- //
- // See if this setting changed. If so, then update it
- //
-// if ($this->getVal($usection_name,$uref_id) != $uvalue) {
- $res = db_query_params ('UPDATE role_setting SET value=$1 WHERE role_id=$2 AND section_name=$3 AND ref_id=$4',
- array ($uvalue,
- $this->getID(),
- $usection_name,
- $uref_id)) ;
- if (!$res || db_affected_rows($res) < 1) {
- $res = db_query_params ('INSERT INTO role_setting (role_id, section_name, ref_id, value) VALUES ($1, $2, $3, $4)',
- array ($this->getID(),
- $usection_name,
- $uref_id,
- $uvalue)) ;
- if (!$res) {
- $this->setError('update::rolesettinginsert::'.db_error());
- db_rollback();
- return false;
- }
- }
- if ($usection_name == 'frs') {
- $update_usergroup=true;
- } elseif ($usection_name == 'scm') {
- //$update_usergroup=true;
-
- //iterate all users with this role
- $res = db_query_params ('SELECT user_id FROM user_group WHERE role_id=$1',
- array ($this->getID())) ;
- for ($z=0; $z<db_numrows($res); $z++) {
-
- //TODO - Shell should be separate flag
- // If user acquired admin access to CVS,
- // one to be given normal shell on CVS machine,
- // else - restricted.
- //
- $cvs_flags=$data['scm'][0];
- $res2 = db_query_params ('UPDATE user_group SET cvs_flags=$1 WHERE user_id=$2',
- array ($cvs_flags,
- db_result($res,$z,'user_id')));
- if (!$res2) {
- $this->setError('update::scm::'.db_error());
- db_rollback();
- return false;
- }
- // I have doubt the following is usefull
- // This is probably buggy if used
- if ($cvs_flags>1) {
- if (!$SYS->sysUserSetAttribute(db_result($res,$z,'user_id'),"debGforgeCvsShell","/bin/bash")) {
- $this->setError($SYS->getErrorMessage());
- db_rollback();
- return false;
- }
- } else {
- if (!$SYS->sysUserSetAttribute(db_result($res,$z,'user_id'),"debGforgeCvsShell","/bin/cvssh")) {
- $this->setError($SYS->getErrorMessage());
- db_rollback();
- return false;
- }
- }
-
- //
- // If user acquired at least commit access to CVS,
- // one to be promoted to CVS group, else, demoted.
- //
- if ($uvalue>0) {
- if (!$SYS->sysGroupAddUser($this->Group->getID(),db_result($res,$z,'user_id'),1)) {
- $this->setError($SYS->getErrorMessage());
- db_rollback();
- return false;
- }
- } else {
- if (!$SYS->sysGroupRemoveUser($this->Group->getID(),db_result($res,$z,'user_id'),1)) {
- $this->setError($SYS->getErrorMessage());
- db_rollback();
- return false;
- }
- }
-
-
- }
- } elseif ($usection_name == 'docman') {
- $update_usergroup=true;
- } elseif ($usection_name == 'forumadmin') {
- $update_usergroup=true;
- } elseif ($usection_name == 'trackeradmin') {
- $update_usergroup=true;
- } elseif ($usection_name == 'projectadmin') {
- $update_usergroup=true;
- } elseif ($usection_name == 'pmadmin') {
- $update_usergroup=true;
- }
- // }
- }
+ if ($role_name != $this->getName()) {
+ $this->setName($role_name) ;
}
-// if ($update_usergroup) {
- $keys = array ('forumadmin', 'pmadmin', 'trackeradmin', 'docman', 'scm', 'frs', 'projectadmin') ;
- foreach ($keys as $k) {
- if (!array_key_exists ($k, $data)) {
- $data[$k] = array(0);
- }
- }
- $res = db_query_params ('UPDATE user_group
- SET admin_flags=$1,
- forum_flags=$2,
- project_flags=$3,
- doc_flags=$4,
- cvs_flags=$5,
- release_flags=$6,
- artifact_flags=$7
- WHERE role_id=$8',
- array ($data['projectadmin'][0],
- $data['forumadmin'][0],
- $data['pmadmin'][0],
- $data['docman'][0],
- $data['scm'][0],
- $data['frs'][0],
- $data['trackeradmin'][0],
- $this->getID())) ;
- if (!$res) {
- $this->setError('::update::usergroup::'.db_error());
- db_rollback();
- return false;
+
+ foreach ($data as $sect => $refs) {
+ foreach ($refs as $refid => $value) {
+ $this->setSetting ($sect, $refid, $value) ;
}
-
-// }
-
- } // USE_PFO_RBAC
+ }
$hook_params = array ();
$hook_params['role'] =& $this;
$this->fetchData ($this->getID()) ;
- $projects = $this->getLinkedProjects() ;
+ $projects = $this->getLinkedProjects() ;
$new_sa = array () ;
$new_pa = array () ;
-
+
// Add missing settings
// ...project-wide settings
- if (USE_PFO_RBAC) {
- $arr = array ('project_read', 'project_admin', 'frs', 'scm', 'docman', 'tracker_admin', 'new_tracker', 'forum_admin', 'new_forum', 'pm_admin', 'new_pm', 'webcal') ;
- foreach ($projects as $p) {
- foreach ($arr as $section) {
- $this->normalizePermsForSection ($new_pa, $section, $p->getID()) ;
- }
- }
- $this->normalizePermsForSection ($new_pa, 'forge_admin', -1) ;
- $this->normalizePermsForSection ($new_pa, 'approve_projects', -1) ;
- $this->normalizePermsForSection ($new_pa, 'approve_news', -1) ;
- $this->normalizePermsForSection ($new_pa, 'forge_stats', -1) ;
- } else {
- $arr = array ('projectadmin', 'frs', 'scm', 'docman', 'forumadmin', 'trackeradmin', 'newtracker', 'pmadmin', 'newpm', 'webcal') ;
+ $arr = array ('project_read', 'project_admin', 'frs', 'scm', 'docman', 'tracker_admin', 'new_tracker', 'forum_admin', 'new_forum', 'pm_admin', 'new_pm', 'webcal') ;
+ foreach ($projects as $p) {
foreach ($arr as $section) {
- $this->normalizeDataForSection ($new_sa, $section) ;
+ $this->normalizePermsForSection ($new_pa, $section, $p->getID()) ;
}
}
-
+ $this->normalizePermsForSection ($new_pa, 'forge_admin', -1) ;
+ $this->normalizePermsForSection ($new_pa, 'approve_projects', -1) ;
+ $this->normalizePermsForSection ($new_pa, 'approve_news', -1) ;
+ $this->normalizePermsForSection ($new_pa, 'forge_stats', -1) ;
+
$hook_params = array ();
$hook_params['role'] =& $this;
- $hook_params['new_sa'] =& $new_sa ;
- $hook_params['new_pa'] =& $new_pa ;
+ $hook_params['new_sa'] =& $new_sa ;
+ $hook_params['new_pa'] =& $new_pa ;
plugin_hook ("role_normalize", $hook_params);
// ...tracker-related settings
$atf = new ArtifactTypeFactory ($p) ;
$trackerids = $atf->getAllArtifactTypeIds () ;
foreach ($trackerids as $tid) {
- if (USE_PFO_RBAC) {
- if (array_key_exists ('tracker', $this->perms_array)
- && array_key_exists ($tid, $this->perms_array['tracker']) ) {
- $new_pa['tracker'][$tid] = $this->perms_array['tracker'][$tid] ;
- } elseif (array_key_exists ('new_tracker', $this->perms_array)
- && array_key_exists ($p->getID(), $this->perms_array['new_tracker']) ) {
- $new_pa['tracker'][$tid] = $new_pa['new_tracker'][$p->getID()] ;
- }
- } else {
- if (array_key_exists ('tracker', $this->setting_array)
- && array_key_exists ($tid, $this->setting_array['tracker']) ) {
- $new_sa['tracker'][$tid] = $this->setting_array['tracker'][$tid] ;
- } else {
- $new_sa['tracker'][$tid] = $new_sa['newtracker'][0] ;
- }
+ if (array_key_exists ('tracker', $this->perms_array)
+ && array_key_exists ($tid, $this->perms_array['tracker']) ) {
+ $new_pa['tracker'][$tid] = $this->perms_array['tracker'][$tid] ;
+ } elseif (array_key_exists ('new_tracker', $this->perms_array)
+ && array_key_exists ($p->getID(), $this->perms_array['new_tracker']) ) {
+ $new_pa['tracker'][$tid] = $new_pa['new_tracker'][$p->getID()] ;
}
}
}
-
+
// ...forum-related settings
$new_sa['forum'] = array () ;
$new_pa['forum'] = array () ;
continue;
}
$ff = new ForumFactory ($p) ;
- $fids = $ff->getAllForumIds () ;
+ $fids = $ff->getAllForumIdsWithNews () ;
foreach ($fids as $fid) {
- if (USE_PFO_RBAC) {
- if (array_key_exists ('forum', $this->perms_array)
- && array_key_exists ($fid, $this->perms_array['forum']) ) {
- $new_pa['forum'][$fid] = $this->perms_array['forum'][$fid] ;
- } elseif (array_key_exists ('new_forum', $this->perms_array)
- && array_key_exists ($p->getID(), $this->perms_array['new_forum']) ) {
- $new_pa['forum'][$fid] = $new_pa['new_forum'][$p->getID()] ;
- }
- } else {
- if (array_key_exists ('forum', $this->setting_array)
- && array_key_exists ($fid, $this->setting_array['forum']) ) {
- $new_sa['forum'][$fid] = $this->setting_array['forum'][$fid] ;
- } else {
- $new_sa['forum'][$fid] = $new_sa['newforum'][0] ;
- }
+ if (array_key_exists ('forum', $this->perms_array)
+ && array_key_exists ($fid, $this->perms_array['forum']) ) {
+ $new_pa['forum'][$fid] = $this->perms_array['forum'][$fid] ;
+ } elseif (array_key_exists ('new_forum', $this->perms_array)
+ && array_key_exists ($p->getID(), $this->perms_array['new_forum']) ) {
+ $new_pa['forum'][$fid] = $new_pa['new_forum'][$p->getID()] ;
}
}
}
-
+
// ...pm-related settings
$new_sa['pm'] = array () ;
$new_pa['pm'] = array () ;
$pgf = new ProjectGroupFactory ($p) ;
$pgids = $pgf->getAllProjectGroupIds () ;
foreach ($pgids as $gid) {
- if (USE_PFO_RBAC) {
- if (array_key_exists ('pm', $this->perms_array)
- && array_key_exists ($gid, $this->perms_array['pm']) ) {
- $new_pa['pm'][$gid] = $this->perms_array['pm'][$gid] ;
- } elseif (array_key_exists ('new_pm', $this->perms_array)
- && array_key_exists ($p->getID(), $this->perms_array['new_pm']) ) {
- $new_pa['pm'][$gid] = $new_pa['new_pm'][$p->getID()] ;
- }
- } else {
- if (array_key_exists ('pm', $this->setting_array)
- && array_key_exists ($gid, $this->setting_array['pm']) ) {
- $new_sa['pm'][$gid] = $this->setting_array['pm'][$gid] ;
- } else {
- $new_sa['pm'][$gid] = $new_sa['newpm'][0] ;
- }
+ if (array_key_exists ('pm', $this->perms_array)
+ && array_key_exists ($gid, $this->perms_array['pm']) ) {
+ $new_pa['pm'][$gid] = $this->perms_array['pm'][$gid] ;
+ } elseif (array_key_exists ('new_pm', $this->perms_array)
+ && array_key_exists ($p->getID(), $this->perms_array['new_pm']) ) {
+ $new_pa['pm'][$gid] = $new_pa['new_pm'][$p->getID()] ;
}
}
}
-
+
// Save
- if (USE_PFO_RBAC) {
- $this->update ($this->getName(), $new_pa, false) ;
- } else {
- $this->update ($this->getName(), $new_sa) ;
- }
+ $this->update ($this->getName(), $new_pa, false) ;
return true;
}
}
// Actual classes
+/**
+ * TODO: RBAC::RoleExplicit Enter description here ...
+ *
+ */
abstract class RoleExplicit extends BaseRole implements PFO_RoleExplicit {
- public function addUsers ($users) {
+ public function addUsers($users) {
global $SYS;
$ids = array () ;
foreach ($users as $user) {
- $ids[] = $user->getID() ;
+ $ids[] = $user->getID();
}
- $already_there = array () ;
- $res = db_query_params ('SELECT user_id FROM pfo_user_role WHERE user_id=ANY($1) AND role_id=$2',
- array (db_int_array_to_any_clause($ids), $this->getID())) ;
+ $already_there = array();
+ $res = db_query_params('SELECT user_id FROM pfo_user_role WHERE user_id=ANY($1) AND role_id=$2',
+ array(db_int_array_to_any_clause($ids), $this->getID()));
if (!$res) {
return false;
}
return false;
}
}
- }
+ }
foreach ($this->getLinkedProjects() as $p) {
foreach ($ids as $uid) {
$c = __CLASS__ ;
self::$_instance = new $c ;
-
+
$res = db_query_params ('SELECT r.role_id FROM pfo_role r, pfo_role_class c WHERE r.role_class = c.class_id AND c.class_name = $1',
array ('PFO_RoleAnonymous')) ;
if (!$res || !db_numrows($res)) {
$c = __CLASS__ ;
self::$_instance = new $c ;
-
+
$res = db_query_params ('SELECT r.role_id FROM pfo_role r, pfo_role_class c WHERE r.role_class = c.class_id AND c.class_name = $1',
array ('PFO_RoleLoggedIn')) ;
if (!$res || !db_numrows($res)) {
}
}
+/**
+ * TODO: Enter description here ...
+ *
+ */
class RoleComparator {
var $criterion = 'composite' ;
var $reference_project = NULL ;
}
}
+ /**
+ * TODO: Enter description here ...
+ * @param Role $a
+ * @param Role $b
+ * @return number
+ */
function CompareNoRef ($a, $b) {
$ap = $a->getHomeProject() ;
$bp = $b->getHomeProject() ;
$tmp = $projcmp->Compare ($ap, $bp) ;
if ($tmp) { /* Different projects, sort accordingly */
return $tmp ;
- }
+ }
return strcoll ($a->getName(), $b->getName()) ;
}
}