[Fusionforge-commits] r9788 - trunk/gforge/common/include
Roland Mas
lolando at libremir.placard.fr.eu.org
Fri May 21 09:45:23 CEST 2010
Author: lolando
Date: 2010-05-21 09:45:22 +0200 (Fri, 21 May 2010)
New Revision: 9788
Modified:
trunk/gforge/common/include/RBAC.php
trunk/gforge/common/include/Role.class.php
Log:
Moved two methods from Role to BaseRole
Modified: trunk/gforge/common/include/RBAC.php
===================================================================
--- trunk/gforge/common/include/RBAC.php 2010-05-21 07:45:13 UTC (rev 9787)
+++ trunk/gforge/common/include/RBAC.php 2010-05-21 07:45:22 UTC (rev 9788)
@@ -25,6 +25,8 @@
require "PFO-RBAC.interface.php" ;
+define ('USE_PFO_RBAC', false) ;
+
// Code shared between classes
abstract class BaseRole extends Error implements PFO_Role {
@@ -34,9 +36,6 @@
public function hasUser($user) {
throw new Exception ("Not implemented") ;
}
- public function hasPermission($section, $reference, $action = NULL) {
- throw new Exception ("Not implemented") ;
- }
function hasGlobalPermission($section, $action = NULL) {
return $this->hasPermission ($section, -1, $action) ;
}
@@ -58,6 +57,303 @@
public function normalizeData () {
throw new Exception ("Not implemented") ;
}
+
+ /**
+ * fetchData - May need to refresh database fields.
+ *
+ * If an update occurred and you need to access the updated info.
+ *
+ * @return boolean success;
+ */
+ function fetchData($role_id) {
+ unset($this->data_array);
+ unset($this->setting_array);
+ unset($this->perms_array);
+
+ $res = db_query_params ('SELECT * FROM role WHERE role_id=$1',
+ array ($role_id)) ;
+ if (!$res || db_numrows($res) < 1) {
+ $this->setError('Role::fetchData()::'.db_error());
+ return false;
+ }
+ $this->data_array =& db_fetch_array($res);
+
+ $res = db_query_params ('SELECT * FROM role_setting WHERE role_id=$1',
+ array ($role_id)) ;
+ if (!$res) {
+ $this->setError('Role::fetchData()::'.db_error());
+ return false;
+ }
+ $this->setting_array=array();
+ while ($arr =& db_fetch_array($res)) {
+ $this->setting_array[$arr['section_name']][$arr['ref_id']] = $arr['value'];
+ }
+
+ if (USE_PFO_RBAC) {
+ $res = db_query_params ('SELECT section, reference, value FROM role_perms WHERE role_id=$1',
+ array ($role_id)) ;
+ if (!$res) {
+ $this->setError('Role::fetchData()::'.db_error());
+ return false;
+ }
+ $this->perms_array=array();
+ while ($arr =& db_fetch_array($res)) {
+ $this->perms_array[$arr['section']][$arr['reference']] = $arr['value'];
+ }
+ } else { // Map pre-PFO RBAC section names and values to the new values
+ $this->perms_array=array();
+ foreach ($this->setting_array as $oldsection => $t) {
+ switch ($oldsection) {
+ case 'projectadmin':
+ $newsection = 'project_admin' ;
+ break ;
+ case 'trackeradmin':
+ $newsection = 'tracker_admin' ;
+ break ;
+ case 'pmadmin':
+ $newsection = 'pm_admin' ;
+ break ;
+ case 'forumadmin':
+ $newsection = 'forum_admin' ;
+ break ;
+
+ default:
+ $newsection = $oldsection ;
+ }
+
+ foreach ($t as $oldreference => $oldvalue) {
+ $newvalue = 0 ;
+ $newreference = $oldreference ;
+ switch ($newsection) {
+ case 'project_admin':
+ $newreference = $this->Group->getID() ;
+ switch ($oldvalue) {
+ case '0': $newvalue = 0 ; break ;
+ case 'A': $newvalue = 1 ; break ;
+ }
+ break;
+
+ case 'tracker_admin':
+ case 'pm_admin':
+ case 'forum_admin':
+ $newreference = $this->Group->getID() ;
+ switch ($oldvalue) {
+ case '0': $newvalue = 0 ; break ;
+ case '2': $newvalue = 1 ; break ;
+ }
+ break;
+
+ case 'tracker':
+ case 'pm':
+ switch ($oldvalue) {
+ case '-1': $newvalue = 0 ; break ;
+ case '0': $newvalue = 1 ; break ;
+ case '1': $newvalue = 3 ; break ;
+ case '2': $newvalue = 7 ; break ;
+ case '3': $newvalue = 5 ; break ;
+ }
+ break ;
+
+ case 'docman':
+ $newreference = $this->Group->getID() ;
+ switch ($oldvalue) {
+ case '0': $newvalue = 1 ; break ;
+ case '1': $newvalue = 4 ; break ;
+ }
+ break ;
+
+ case 'frs':
+ $newreference = $this->Group->getID() ;
+ switch ($oldvalue) {
+ case '0': $newvalue = 1 ; break ;
+ case '1': $newvalue = 3 ; break ;
+ }
+ break ;
+
+ case 'scm':
+ $newreference = $this->Group->getID() ;
+ switch ($oldvalue) {
+ case '-1': $newvalue = 0 ; break ;
+ case '0': $newvalue = 1 ; break ;
+ case '1': $newvalue = 2 ; break ;
+ }
+ break ;
+
+ default:
+ $newvalue = $oldvalue ;
+ $newreference = $oldreference ;
+ }
+
+ $this->perms_array[$newsection][$newreference] = $newvalue ;
+ }
+ }
+ }
+
+ return true;
+ }
+
+ function hasPermission($section, $reference, $action = NULL) {
+ $result = false ;
+ if (isset ($this->perms_array[$section][$reference])) {
+ $value = $this->perms_array[$section][$reference] ;
+ } else {
+ $value = 0 ;
+ }
+ $min = PHP_INT_MAX ;
+ $mask = 0 ;
+
+ switch ($section) {
+ case 'forge_admin':
+ if ($value == 1) {
+ return true ;
+ }
+ break ;
+
+ case 'forge_read':
+ case 'approve_projects':
+ case 'approve_news':
+ if (($value == 1)
+ || $this->hasGlobalPermission('forge_admin')) {
+ return true ;
+ }
+ break ;
+
+ case 'project_admin':
+ if (($value == 1)
+ || $this->hasGlobalPermission('forge_admin')) {
+ return true ;
+ }
+ break ;
+
+ case 'project_read':
+ case 'tracker_admin':
+ case 'pm_admin':
+ case 'forum_admin':
+ if (($value == 1)
+ || $this->hasPermission ('project_admin', $reference)) {
+ return true ;
+ }
+ break ;
+
+ case 'scm':
+ switch ($action) {
+ case 'read':
+ $min = 1 ;
+ break ;
+ case 'write':
+ $min = 2 ;
+ break ;
+ }
+ if (($value >= $min)
+ || $this->hasPermission ('project_admin', $reference)) {
+ return true ;
+ }
+ break ;
+
+ case 'docman':
+ switch ($action) {
+ case 'read':
+ $min = 1 ;
+ break ;
+ case 'submit':
+ $min = 2 ;
+ break ;
+ case 'approve':
+ $min = 3 ;
+ break ;
+ case 'admin':
+ $min = 4 ;
+ break ;
+ }
+ if (($value >= $min)
+ || $this->hasPermission ('project_admin', $reference)) {
+ return true ;
+ }
+ break ;
+
+ case 'frs':
+ switch ($action) {
+ case 'read':
+ $min = 1 ;
+ break ;
+ case 'write':
+ $min = 2 ;
+ break ;
+ }
+ if (($value >= $min)
+ || $this->hasPermission ('project_admin', $reference)) {
+ return true ;
+ }
+ break ;
+
+ case 'forum':
+ switch ($action) {
+ case 'read':
+ $min = 1 ;
+ break ;
+ case 'post':
+ $min = 2 ;
+ break ;
+ case 'moderate':
+ $min = 3 ;
+ break ;
+ }
+ if (($value >= $min)
+ || $this->hasPermission ('project_admin', $reference)) {
+ return true ;
+ }
+ break ;
+
+ case 'tracker':
+ switch ($action) {
+ case 'read':
+ $mask = 1 ;
+ break ;
+ case 'tech':
+ $mask = 2 ;
+ break ;
+ case 'manager':
+ $mask = 4 ;
+ break ;
+ }
+ $o = artifactType_get_object ($reference) ;
+ if (!$o or $o->isError()) {
+ return false ;
+ }
+
+ if (($value & $mask)
+ || $this->hasPermission ('tracker_admin', $o->Group->getID())
+ || $this->hasPermission ('project_admin', $o->Group->getID())) {
+ return true ;
+ }
+ break ;
+
+ case 'pm':
+ switch ($action) {
+ case 'read':
+ $mask = 1 ;
+ break ;
+ case 'tech':
+ $mask = 2 ;
+ break ;
+ case 'manager':
+ $mask = 4 ;
+ break ;
+ }
+ $o = projectgroup_get_object ($reference) ;
+ if (!$o or $o->isError()) {
+ return false ;
+ }
+
+ if (($value & $mask)
+ || $this->hasPermission ('pm_admin', $o->Group->getID())
+ || $this->hasPermission ('project_admin', $o->Group->getID())) {
+ return true ;
+ }
+ break ;
+ }
+ }
+
}
// Actual classes
Modified: trunk/gforge/common/include/Role.class.php
===================================================================
--- trunk/gforge/common/include/Role.class.php 2010-05-21 07:45:13 UTC (rev 9787)
+++ trunk/gforge/common/include/Role.class.php 2010-05-21 07:45:22 UTC (rev 9788)
@@ -26,8 +26,6 @@
require_once $gfcommon.'include/rbac_texts.php' ;
require_once $gfcommon.'include/RBAC.php' ;
-define ('USE_PFO_RBAC', false) ;
-
class Role extends RoleExplicit implements PFO_RoleExplicit {
var $data_array;
@@ -418,302 +416,6 @@
return $this->create($name,$data);
}
- /**
- * fetchData - May need to refresh database fields.
- *
- * If an update occurred and you need to access the updated info.
- *
- * @return boolean success;
- */
- function fetchData($role_id) {
- unset($this->data_array);
- unset($this->setting_array);
- unset($this->perms_array);
-
- $res = db_query_params ('SELECT * FROM role WHERE role_id=$1',
- array ($role_id)) ;
- if (!$res || db_numrows($res) < 1) {
- $this->setError('Role::fetchData()::'.db_error());
- return false;
- }
- $this->data_array =& db_fetch_array($res);
-
- $res = db_query_params ('SELECT * FROM role_setting WHERE role_id=$1',
- array ($role_id)) ;
- if (!$res) {
- $this->setError('Role::fetchData()::'.db_error());
- return false;
- }
- $this->setting_array=array();
- while ($arr =& db_fetch_array($res)) {
- $this->setting_array[$arr['section_name']][$arr['ref_id']] = $arr['value'];
- }
-
- if (USE_PFO_RBAC) {
- $res = db_query_params ('SELECT section, reference, value FROM role_perms WHERE role_id=$1',
- array ($role_id)) ;
- if (!$res) {
- $this->setError('Role::fetchData()::'.db_error());
- return false;
- }
- $this->perms_array=array();
- while ($arr =& db_fetch_array($res)) {
- $this->perms_array[$arr['section']][$arr['reference']] = $arr['value'];
- }
- } else { // Map pre-PFO RBAC section names and values to the new values
- $this->perms_array=array();
- foreach ($this->setting_array as $oldsection => $t) {
- switch ($oldsection) {
- case 'projectadmin':
- $newsection = 'project_admin' ;
- break ;
- case 'trackeradmin':
- $newsection = 'tracker_admin' ;
- break ;
- case 'pmadmin':
- $newsection = 'pm_admin' ;
- break ;
- case 'forumadmin':
- $newsection = 'forum_admin' ;
- break ;
-
- default:
- $newsection = $oldsection ;
- }
-
- foreach ($t as $oldreference => $oldvalue) {
- $newvalue = 0 ;
- $newreference = $oldreference ;
- switch ($newsection) {
- case 'project_admin':
- $newreference = $this->Group->getID() ;
- switch ($oldvalue) {
- case '0': $newvalue = 0 ; break ;
- case 'A': $newvalue = 1 ; break ;
- }
- break;
-
- case 'tracker_admin':
- case 'pm_admin':
- case 'forum_admin':
- $newreference = $this->Group->getID() ;
- switch ($oldvalue) {
- case '0': $newvalue = 0 ; break ;
- case '2': $newvalue = 1 ; break ;
- }
- break;
-
- case 'tracker':
- case 'pm':
- switch ($oldvalue) {
- case '-1': $newvalue = 0 ; break ;
- case '0': $newvalue = 1 ; break ;
- case '1': $newvalue = 3 ; break ;
- case '2': $newvalue = 7 ; break ;
- case '3': $newvalue = 5 ; break ;
- }
- break ;
-
- case 'docman':
- $newreference = $this->Group->getID() ;
- switch ($oldvalue) {
- case '0': $newvalue = 1 ; break ;
- case '1': $newvalue = 4 ; break ;
- }
- break ;
-
- case 'frs':
- $newreference = $this->Group->getID() ;
- switch ($oldvalue) {
- case '0': $newvalue = 1 ; break ;
- case '1': $newvalue = 3 ; break ;
- }
- break ;
-
- case 'scm':
- $newreference = $this->Group->getID() ;
- switch ($oldvalue) {
- case '-1': $newvalue = 0 ; break ;
- case '0': $newvalue = 1 ; break ;
- case '1': $newvalue = 2 ; break ;
- }
- break ;
-
- default:
- $newvalue = $oldvalue ;
- $newreference = $oldreference ;
- }
-
- $this->perms_array[$newsection][$newreference] = $newvalue ;
- }
- }
- }
-
- return true;
- }
-
- function hasPermission($section, $reference, $action = NULL) {
- $result = false ;
- if (isset ($this->perms_array[$section][$reference])) {
- $value = $this->perms_array[$section][$reference] ;
- } else {
- $value = 0 ;
- }
- $min = PHP_INT_MAX ;
- $mask = 0 ;
-
- switch ($section) {
- case 'forge_admin':
- if ($value == 1) {
- return true ;
- }
- break ;
-
- case 'forge_read':
- case 'approve_projects':
- case 'approve_news':
- if (($value == 1)
- || $this->hasGlobalPermission('forge_admin')) {
- return true ;
- }
- break ;
-
- case 'project_admin':
- if (($value == 1)
- || $this->hasGlobalPermission('forge_admin')) {
- return true ;
- }
- break ;
-
- case 'project_read':
- case 'tracker_admin':
- case 'pm_admin':
- case 'forum_admin':
- if (($value == 1)
- || $this->hasPermission ('project_admin', $reference)) {
- return true ;
- }
- break ;
-
- case 'scm':
- switch ($action) {
- case 'read':
- $min = 1 ;
- break ;
- case 'write':
- $min = 2 ;
- break ;
- }
- if (($value >= $min)
- || $this->hasPermission ('project_admin', $reference)) {
- return true ;
- }
- break ;
-
- case 'docman':
- switch ($action) {
- case 'read':
- $min = 1 ;
- break ;
- case 'submit':
- $min = 2 ;
- break ;
- case 'approve':
- $min = 3 ;
- break ;
- case 'admin':
- $min = 4 ;
- break ;
- }
- if (($value >= $min)
- || $this->hasPermission ('project_admin', $reference)) {
- return true ;
- }
- break ;
-
- case 'frs':
- switch ($action) {
- case 'read':
- $min = 1 ;
- break ;
- case 'write':
- $min = 2 ;
- break ;
- }
- if (($value >= $min)
- || $this->hasPermission ('project_admin', $reference)) {
- return true ;
- }
- break ;
-
- case 'forum':
- switch ($action) {
- case 'read':
- $min = 1 ;
- break ;
- case 'post':
- $min = 2 ;
- break ;
- case 'moderate':
- $min = 3 ;
- break ;
- }
- if (($value >= $min)
- || $this->hasPermission ('project_admin', $reference)) {
- return true ;
- }
- break ;
-
- case 'tracker':
- switch ($action) {
- case 'read':
- $mask = 1 ;
- break ;
- case 'tech':
- $mask = 2 ;
- break ;
- case 'manager':
- $mask = 4 ;
- break ;
- }
- $o = artifactType_get_object ($reference) ;
- if (!$o or $o->isError()) {
- return false ;
- }
-
- if (($value & $mask)
- || $this->hasPermission ('tracker_admin', $o->Group->getID())
- || $this->hasPermission ('project_admin', $o->Group->getID())) {
- return true ;
- }
- break ;
-
- case 'pm':
- switch ($action) {
- case 'read':
- $mask = 1 ;
- break ;
- case 'tech':
- $mask = 2 ;
- break ;
- case 'manager':
- $mask = 4 ;
- break ;
- }
- $o = projectgroup_get_object ($reference) ;
- if (!$o or $o->isError()) {
- return false ;
- }
-
- if (($value & $mask)
- || $this->hasPermission ('pm_admin', $o->Group->getID())
- || $this->hasPermission ('project_admin', $o->Group->getID())) {
- return true ;
- }
- break ;
- }
- }
-
function normalizeDataForSection (&$new_sa, $section) {
if (array_key_exists ($section, $this->setting_array)) {
$new_sa[$section][0] = $this->setting_array[$section][0] ;
More information about the Fusionforge-commits
mailing list