db_rollback();
return false;
}
+ if (!$SYS->sysGroupCheckUser($this->getID(),$user_id)) {
+ $this->setError($SYS->getErrorMessage());
+ db_rollback();
+ return false;
+ }
} else { // NOT USE_PFO_RBAC
//
}
$this->normalizeAllRoles();
+ $this->activateUsers();
// Switch back to user preference
session_set_internal($saved_session->getID());
$b = '<p class="warning">'._('Missing configuration for access in scmgit.ini : use_ssh and use_dav disabled').'</p>';
}
} else {
- $b = '<h2>';
- $b .= _('Developer GIT Access via SSH');
- $b .= '</h2>';
- $b .= '<p>';
- $b .= _('Only project developers can access the GIT tree via this method. SSH must be installed on your client machine. Substitute <i>developername</i> with the proper value. Enter your site password when prompted.');
- $b .= '</p>';
- $b .= '<p><tt>git clone git+ssh://<i>'._('developername').'</i>@' . $project->getSCMBox() . '/'. forge_get_config('scm_root', 'scmgit') .'/'. $project->getUnixName() .'/'. $project->getUnixName() .'.git</tt></p>' ;
+ if (forge_get_config('use_ssh', 'scmgit')) {
+ $b = '<h2>';
+ $b .= _('Developer GIT Access via SSH');
+ $b .= '</h2>';
+ $b .= '<p>';
+ $b .= _('Only project developers can access the GIT tree via this method. SSH must be installed on your client machine. Substitute <i>developername</i> with the proper value. Enter your site password when prompted.');
+ $b .= '</p>';
+ $b .= '<p><tt>git clone git+ssh://<i>'._('developername').'</i>@' . $project->getSCMBox() . '/'. forge_get_config('scm_root', 'scmgit') .'/'. $project->getUnixName() .'/'. $project->getUnixName() .'.git</tt></p>' ;
+ } elseif (forge_get_config('use_dav', 'scmgit')) {
+ $protocol = forge_get_config('use_ssl', 'scmgit')? 'https' : 'http';
+ $b = '<h2>';
+ $b .= _('Developer GIT Access via HTTP');
+ $b .= '</h2>';
+ $b .= '<p>';
+ $b .= _('Only project developers can access the GIT tree via this method. Enter your site password when prompted.');
+ $b .= '</p>';
+ $b .= '<p><tt>git clone '.$protocol.'://<i>'._('developername').'</i>@' . $project->getSCMBox() . '/'. forge_get_config('scm_root', 'scmgit') .'/'. $project->getUnixName() .'/'. $project->getUnixName() .'.git</tt></p>' ;
+ }
}
if (session_loggedin()) {
use_dav = yes
use_ssh = no
+use_ssl = "$core/use_ssl"
'members',
'is_template')) ;
-if ($sortorder == 'is_template') {
+$sqlsortorder = $sortorder;
+
+if ($sortorder == 'is_public') {
+ $sortorder = 'group_name' ;
+} elseif ($sortorder == 'is_template') {
$sortorder = 'is_template DESC' ;
}
if ($group_name_search != '') {
echo "<p>"._('Projects that begin with'). " <strong>".$group_name_search."</strong></p>\n";
if (USE_PFO_RBAC) {
- $res = db_query_params ('SELECT group_name,register_time,unix_group_name,groups.group_id,groups.is_public,groups.is_template,status,license_name,COUNT(DISTINCT(pfo_user_role.user_id)) AS members FROM groups LEFT OUTER JOIN pfo_role ON pfo_role.home_group_id=groups.group_id LEFT OUTER JOIN pfo_user_role ON pfo_user_role.role_id=pfo_role.role_id, licenses WHERE license_id=license AND lower(group_name) LIKE $1 GROUP BY group_name,register_time,unix_group_name,groups.group_id,groups.is_public,groups.is_template,status,license_name ORDER BY '.$sortorder,
+ $res = db_query_params ('SELECT group_name,register_time,unix_group_name,groups.group_id,groups.is_template,status,license_name,COUNT(DISTINCT(pfo_user_role.user_id)) AS members FROM groups LEFT OUTER JOIN pfo_role ON pfo_role.home_group_id=groups.group_id LEFT OUTER JOIN pfo_user_role ON pfo_user_role.role_id=pfo_role.role_id, licenses WHERE license_id=license AND lower(group_name) LIKE $1 GROUP BY group_name,register_time,unix_group_name,groups.group_id,groups.is_template,status,license_name ORDER BY '.$sqlsortorder,
array (strtolower ("$group_name_search%"))) ;
} else {
$res = db_query_params ('SELECT group_name,register_time,unix_group_name,groups.group_id,groups.is_public,groups.is_template,status,license_name,COUNT(user_group.group_id) AS members
}
} else {
if (USE_PFO_RBAC) {
- $qpa = db_construct_qpa (false, 'SELECT group_name,register_time,unix_group_name,groups.group_id,groups.is_public,groups.is_template,status,license_name,COUNT(DISTINCT(pfo_user_role.user_id)) AS members FROM groups LEFT OUTER JOIN pfo_role ON pfo_role.home_group_id=groups.group_id LEFT OUTER JOIN pfo_user_role ON pfo_user_role.role_id=pfo_role.role_id, licenses WHERE license_id=license') ;
+ $qpa = db_construct_qpa (false, 'SELECT group_name,register_time,unix_group_name,groups.group_id,groups.is_template,status,license_name,COUNT(DISTINCT(pfo_user_role.user_id)) AS members FROM groups LEFT OUTER JOIN pfo_role ON pfo_role.home_group_id=groups.group_id LEFT OUTER JOIN pfo_user_role ON pfo_user_role.role_id=pfo_role.role_id, licenses WHERE license_id=license') ;
if ($status) {
$qpa = db_construct_qpa ($qpa, ' AND status=$1', array ($status)) ;
}
- $qpa = db_construct_qpa ($qpa, ' GROUP BY group_name,register_time,unix_group_name,groups.group_id,groups.is_public,groups.is_template,status,license_name ORDER BY '.$sortorder) ;
+ $qpa = db_construct_qpa ($qpa, ' GROUP BY group_name,register_time,unix_group_name,groups.group_id,groups.is_template,status,license_name ORDER BY '.$sqlsortorder) ;
$res = db_query_qpa ($qpa) ;
} else {
$qpa = db_construct_qpa (false, 'SELECT group_name,register_time,unix_group_name,groups.group_id,groups.is_public,groups.is_template,status,license_name,COUNT(user_group.group_id) AS members
echo $HTML->listTableTop($headers, $headerLinks);
+if (USE_PFO_RBAC) {
+ $public_rows = array();
+ $private_rows = array();
+ $ra = RoleAnonymous::getInstance() ;
+ while ($grp = db_fetch_array($res)) {
+ if ($ra->hasPermission('project_read', $row['group_id'])) {
+ $grp['is_public'] = 1;
+ $public_rows[] = $grp;
+ } else {
+ $grp['is_public'] = 0;
+ $private_rows[] = $grp;
+ }
+ }
+ $rows = $private_rows;
+ array_merge($rows, $public_rows);
+} else {
+ $rows = array();
+ while ($grp = db_fetch_array($res)) {
+ $rows[] = $grp;
+ }
+}
+
$i = 0;
-while ($grp = db_fetch_array($res)) {
+foreach ($rows as $grp) {
if ($grp['status']=='A'){
$status="active";
$qpa = db_construct_qpa ($qpa, ' AND status=$1', array ($status)) ;
$crit_desc .= " status=$status";
}
- if ($is_public != -1) {
- $qpa = db_construct_qpa ($qpa, ' AND is_public=$1', array ($is_public)) ;
- $crit_desc .= " is_public=$is_public";
- }
if ($crit_desc) {
$crit_desc = "(".trim($crit_desc).")";
}
$result = db_query_qpa ($qpa) ;
- print '<p><strong>'.sprintf(ngettext('Group search with criteria <em>%s</em>: %d match', 'Group search with criteria <em>%s</em>: %d matches', db_numrows($result)), $crit_desc, db_numrows($result)).'</strong></p>';
-
if (db_numrows($result) < 1) {
echo db_error();
} else {
+ $rows = array();
+ $ra = RoleAnonymous::getInstance() ;
+ while ($row = db_fetch_array($result)) {
+
+ if ($is_public == 1) {
+ if ($ra->hasPermission('project_read', $row['group_id'])) {
+ $rows[] = $row;
+ }
+ } elseif ($is_public == 0) {
+ if (!$ra->hasPermission('project_read', $row['group_id'])) {
+ $rows[] = $row;
+ }
+ } else {
+ $rows[] = $row;
+ }
+ }
+
+ print '<p><strong>'.sprintf(ngettext('Group search with criteria <em>%s</em>: %d match', 'Group search with criteria <em>%s</em>: %d matches', count($rows)), $crit_desc, count($rows)).'</strong></p>';
+
$title=array();
$title[]=_('ID');
$title[]=_('Unix name');
echo $GLOBALS['HTML']->listTableTop($title);
$i = 0;
- while ($row = db_fetch_array($result)) {
-
+ foreach ($rows as $row) {
$extra_status = "";
- if (!$row['is_public']) {
+ if (!$ra->hasPermission('project_read', $row['group_id'])) {
$extra_status = "/PRV";
}
$url = rtrim($url, '/');
if ($group_id) {
- $res = db_query_params ('SELECT group_name FROM groups WHERE group_id=$1 and is_public=1',
+ forge_require_perm('project_read', $group_id);
+
+ $res = db_query_params ('SELECT group_name FROM groups WHERE group_id=$1',
array($group_id),
1);
$row = db_fetch_array($res);
// ## item outputs
while ($arr = db_fetch_array($res)) {
- print " <item>\n";
switch ($arr['section']) {
case 'commit': {
+ if (!forge_check_perm('tracker',$arr['ref_id'],'read')) {
+ continue (2);
+ }
+ print " <item>\n";
print " <title>".htmlspecialchars('Commit for Tracker Item [#'.$arr['subref_id'].'] '.$arr['description'])."</title>\n";
print " <link>$url/tracker/?func=detail&atid=".$arr['ref_id'].'&aid='.$arr['subref_id'].'&group_id='.$arr['group_id']."</link>\n";
print " <comments>$url/tracker/?func=detail&atid=".$arr['ref_id'].'&aid='.$arr['subref_id'].'&group_id='.$arr['group_id']."</comments>\n";
break;
}
case 'trackeropen': {
+ if (!forge_check_perm('tracker',$arr['ref_id'],'read')) {
+ continue (2);
+ }
+ print " <item>\n";
print " <title>".htmlspecialchars('Tracker Item [#'.$arr['subref_id'].' '.$arr['description'].'] Opened')."</title>\n";
print " <link>$url/tracker/?func=detail&atid=".$arr['ref_id'].'&aid='.$arr['subref_id'].'&group_id='.$arr['group_id']."</link>\n";
print " <comments>$url/tracker/?func=detail&atid=".$arr['ref_id'].'&aid='.$arr['subref_id'].'&group_id='.$arr['group_id']."</comments>\n";
break;
}
case 'trackerclose': {
+ if (!forge_check_perm('tracker',$arr['ref_id'],'read')) {
+ continue (2);
+ }
+ print " <item>\n";
print " <title>".htmlspecialchars('Tracker Item [#'.$arr['subref_id'].' '.$arr['description'].'] Closed')."</title>\n";
print " <link>$url/tracker/?func=detail&atid=".$arr['ref_id'].'&aid='.$arr['subref_id'].'&group_id='.$arr['group_id']."</link>\n";
print " <comments>$url/tracker/?func=detail&atid=".$arr['ref_id'].'&aid='.$arr['subref_id'].'&group_id='.$arr['group_id']."</comments>\n";
break;
}
case 'frsrelease': {
+ if (!forge_check_perm('frs',$arr['group_id'],'read_public')) {
+ continue (2);
+ }
+ print " <item>\n";
print " <title>".htmlspecialchars('FRS Release [#'.$arr['description'].']')."</title>\n";
print " <link>$url/frs/?release_id=".$arr['subref_id'].'&group_id='.$arr['group_id']."</link>\n";
print " <comments>$url/frs/?release_id=".$arr['subref_id'].'&group_id='.$arr['group_id']."</comments>\n";
break;
}
case 'forumpost': {
+ if (!forge_check_perm('forum',$arr['ref_id'],'read')) {
+ continue (2);
+ }
+ print " <item>\n";
print " <title>".htmlspecialchars('Forum Post [#'.$arr['subref_id'].'] '.$arr['description'])."</title>\n";
print " <link>$url/forum/message.php?forum_id=".$arr['ref_id'].'&msg_id='.$arr['subref_id'].'&group_id='.$arr['group_id']."</link>\n";
print " <comments>$url/forum/message.php?forum_id=".$arr['ref_id'].'&msg_id='.$arr['subref_id'].'&group_id='.$arr['group_id']."</comments>\n";
break;
}
case 'news': {
+ if (!forge_check_perm('forum',$arr['subref_id'],'read')) {
+ continue (2);
+ }
+ print " <item>\n";
print " <title>".htmlspecialchars('News Post [#'.$arr['subref_id'].'] '.$arr['description'])."</title>\n";
print " <link>$url/forum/forum.php?forum_id=".$arr['subref_id']."</link>\n";
print " <comments>$url/forum/forum.php?forum_id=".$arr['subref_id']."</comments>\n";
WHERE f.posted_by=u.user_id
AND g.group_id = fg.group_id
AND f.group_forum_id = fg.group_forum_id
- AND g.is_public=1
AND g.status=$1
- AND g.use_forum=1
- AND fg.is_public=1 ',
+ AND g.use_forum=1 ',
array ('A')) ;
$cnt = 0;
if ($n_forums > 0) {
array ($number_items)) ;
$res_msg = db_query_qpa($qpa);
- if (!$res_msg || db_numrows($res_msg) < 1) {
+ if (!$res_msg) {
error_log(_("Forum RSS: Forum not found: ").' '.db_error(),0);
}
- if ($debug) error_log("Forum RSS: Error",0);
-
while ($row_msg = db_fetch_array($res_msg)) {
+ if (!forge_check_perm('forum',$row_msg['group_forum_id'],'read')) {
+ continue;
+ }
//get thread name for posting
$res_thread = db_query_params('SELECT subject FROM forum WHERE is_followup_to=0 AND thread_id = $1',
array ($row_msg['thread_id']));
if ($limit > 100) $limit = 100;
if ($group_id) {
- $res = db_query_params ('SELECT group_name FROM groups WHERE group_id=$1 AND is_public=1',
+ forge_require_perm('project_read', $group_id);
+
+ $res = db_query_params ('SELECT group_name FROM groups WHERE group_id=$1',
array ($group_id)) ;
$row = db_fetch_array($res);
$title = ": ".$row['group_name']." - ";
AND frs_release.package_id=frs_package.package_id
AND frs_package.group_id=groups.group_id
AND frs_release.status_id=1
- AND groups.is_public=1
AND (frs_package.group_id=$1 OR 1!=$2)
AND frs_file.release_id=frs_release.release_id
ORDER BY frs_file.release_time DESC',
if ($limit > 100) $limit = 100;
if ($group_id) {
- $res = db_query_params ('SELECT group_name FROM groups WHERE group_id=$1 AND is_public=1',
+ forge_require_perm('project_read', $group_id);
+
+ $res = db_query_params ('SELECT group_name FROM groups WHERE group_id=$1',
array($group_id),
1);
$row = db_fetch_array($res);
FROM news_bytes, groups g,users u
WHERE news_bytes.group_id=g.group_id
AND u.user_id=news_bytes.submitted_by
-AND g.is_public=1
AND g.status=$1
AND news_bytes.is_approved <> 4
AND (g.group_id=$2 OR 1 != $3)
$limit = getIntFromRequest('limit', 10);
-$res = db_query_params ('SELECT group_id,group_name,unix_group_name,homepage,short_description,register_time FROM groups WHERE is_public=1 AND status=$1 ORDER BY group_id',
+$res = db_query_params ('SELECT group_id,group_name,unix_group_name,homepage,short_description,register_time FROM groups WHERE status=$1 ORDER BY group_id',
array ('A'),
$limit);
{
while($i<pg_num_rows($res))
{
- $sql1="SELECT group_id,project_name FROM project_group_list WHERE group_project_id='".pg_fetch_result($res,$i,'group_project_id')."'";// AND is_public";
+ $sql1="SELECT group_id,project_name FROM project_group_list WHERE group_project_id='".pg_fetch_result($res,$i,'group_project_id')."'";
$res1=pg_query($sql1);
if(pg_num_rows($res1)==1)
{
WHERE
news_bytes.group_id=groups.group_id
AND groups.status=$1
- AND groups.is_public = 1
ORDER BY
post_date
DESC',
$outputtotal = 0;
$seen = array() ;
while ($row = db_fetch_array($res)) {
+ if (!forge_check_perm('project_read', $row['group_id'])) {
+ continue;
+ }
+
if (!isset ($seen[$row['group_id']])) {
print " <item>\n";
print " <title>".htmlspecialchars($row['group_name'])."</title>\n";
FROM news_bytes, groups g,users u
WHERE news_bytes.group_id=g.group_id
AND u.user_id=news_bytes.submitted_by
- AND g.is_public=1
AND g.status=$1
AND g.group_id=$2
ORDER BY post_date desc',
FROM news_bytes, groups g,users u
WHERE news_bytes.group_id=g.group_id
AND u.user_id=news_bytes.submitted_by
- AND g.is_public=1
AND g.status=$1
AND is_approved=1
ORDER BY post_date desc',
$res = getres ($group_id, $limit) ;
while ($row = db_fetch_array($res)) {
+ if (!forge_check_perm('forum',$row['forum_id'],'read')) {
+ continue;
+ }
print " <rdf:li rdf:resource=\"".util_make_url ('/forum/forum.php?forum_id='.$row['forum_id'])."\" />\n";
}
$res = getres ($group_id, $limit) ;
while ($row = db_fetch_array($res)) {
+ if (!forge_check_perm('forum',$row['forum_id'],'read')) {
+ continue;
+ }
print "\n <item rdf:about=\"".util_make_url ('/forum/forum.php?forum_id='.$row['forum_id'])."\">\n";
print " <title>".htmlspecialchars($row['summary'])."</title>\n";
// if news group, link is main page
$res = db_query_params ('SELECT group_id,group_name,unix_group_name,homepage,short_description
FROM groups
- WHERE is_public=1
- AND status=$1
+ WHERE status=$1
ORDER BY group_id DESC',
array('A'),
$limit);
frs_dlstats_grouptotal_vw.downloads
FROM frs_dlstats_grouptotal_vw,groups
WHERE
- frs_dlstats_grouptotal_vw.group_id=groups.group_id AND groups.is_public=1 and groups.status=$1
+ frs_dlstats_grouptotal_vw.group_id=groups.group_id AND groups.status=$1
ORDER BY downloads DESC
',
array ('A'));
users.user_name,
users.user_id,
frs_release.release_id,
+ frs_package.package_id,
frs_release.name AS release_version,
frs_release.release_date,
frs_release.released_by,
AND frs_release.released_by = users.user_id
AND frs_package.group_id = frs_dlstats_grouptotal_vw.group_id
AND frs_release.status_id=1
- AND frs_package.is_public=1
- AND groups.is_public=1 )
+ AND frs_package.is_public=1 )
ORDER BY frs_release.release_date DESC',
array($start_time),
21,
if (!$res_new || db_numrows($res_new) < 1) {
echo '<p class="error">' . _('No new releases found') . db_error().'</p>';
} else {
+ $rows = array();
- if ( db_numrows($res_new) > 20 ) {
- $rows = 20;
- } else {
- $rows = db_numrows($res_new);
+ $i = 0;
+ while (($i < 20) && ($row_new = db_fetch_array($res_new))) {
+ if (forge_check_perm('frs', $row_new['group_id'], 'read_public')) {
+ $i++;
+ $rows[] = $row_new;
+ }
}
print '
<table width="100%" cellpadding="0" cellspacing="0" border="0">';
$seen = array();
- for ($i=0; $i<$rows; $i++) {
- $row_new = db_fetch_array($res_new);
+ $i = 0;
+ foreach ($rows as $row_new) {
// avoid dupulicates of different file types
if (!isset($seen[$row_new['group_id']])) {
print '
*/
function &groups_to_soap($grps) {
$return = array();
+ $ra = RoleAnonymous::getInstance() ;
for ($i=0; $i<count($grps); $i++) {
if ($grps[$i]->isError()) {
//skip it if it had an error
} else {
+ $gid = $grps[$i]->data_array['group_id'];
+ if ($ra->hasPermission('project_read', $gid)) {
+ $is_public = 1;
+ } else {
+ $is_public = 0;
+ }
//build an array of just the fields we want
$return[] = array('group_id'=>$grps[$i]->data_array['group_id'],
'group_name'=>$grps[$i]->data_array['group_name'],
'homepage'=>$grps[$i]->data_array['homepage'],
- 'is_public'=>$grps[$i]->data_array['is_public'],
+ 'is_public'=>$is_public,
'status'=>$grps[$i]->data_array['status'],
'unix_group_name'=>$grps[$i]->data_array['unix_group_name'],
'short_description'=>$grps[$i]->data_array['short_description'],