[Fusionforge-commits] r9897 - trunk/gforge/common/include

Roland Mas lolando at libremir.placard.fr.eu.org
Fri May 21 18:49:39 CEST 2010


Author: lolando
Date: 2010-05-21 18:49:39 +0200 (Fri, 21 May 2010)
New Revision: 9897

Modified:
   trunk/gforge/common/include/Group.class.php
Log:
Fixed removal of users from a project

Modified: trunk/gforge/common/include/Group.class.php
===================================================================
--- trunk/gforge/common/include/Group.class.php	2010-05-21 16:34:18 UTC (rev 9896)
+++ trunk/gforge/common/include/Group.class.php	2010-05-21 16:49:39 UTC (rev 9897)
@@ -1801,28 +1801,41 @@
 	function removeUser($user_id) {
 		global $SYS;
 
-		if ($user_id==user_getid()) {
-			//users can remove themselves
-			//everyone else must be a project admin
-		} else {
-			$perm =& $this->getPermission ();
+		if ($user_id != user_getid()
+		    || !forge_check_perm ('project_admin', $this->getID())) {
+			$this->setPermissionDeniedError();
+			return false;
+		}
+	
+		db_begin();
 
-			if (!$perm || !is_object($perm) || !$perm->isAdmin()) {
-				$this->setPermissionDeniedError();
+		if (USE_PFO_RBAC) {
+			$user = user_get_object ($user_id) ;
+			$roles = RBACEngine::getInstance()->getAvailableRolesForUser ($user) ;
+			$found_role = NULL ;
+			foreach ($roles as $role) {
+				if ($role->getHomeProject() && $role->getHomeProject()->getID() == $this->getID()) {
+					$found_role = $role ;
+					break ;
+				}
+			}
+			if ($found_role == NULL) {
+				$this->setError(sprintf(_('ERROR: User not removed: %s')));
+				db_rollback();
 				return false;
 			}
+			$found_role->removeUser ($user) ;
+		} else {
+			$res = db_query_params ('DELETE FROM user_group WHERE group_id=$1 AND user_id=$2', 
+						array ($this->getID(),
+						       $user_id)) ;
+			if (!$res || db_affected_rows($res) < 1) {
+				$this->setError(sprintf(_('ERROR: User not removed: %s'),db_error()));
+				db_rollback();
+				return false;
+			}
 		}
-	
-		db_begin();
 
-		$res = db_query_params ('DELETE FROM user_group WHERE group_id=$1 AND user_id=$2', 
-					array ($this->getID(),
-					       $user_id)) ;
-		if (!$res || db_affected_rows($res) < 1) {
-			$this->setError(sprintf(_('ERROR: User not removed: %s'),db_error()));
-			db_rollback();
-			return false;
-		} else {
 			//
 			//	reassign open artifacts to id=100
 			//
@@ -1891,7 +1904,7 @@
 
 			//audit trail
 			$this->addHistory('Removed User',$user_id);
-		}
+		
 		db_commit();
 		return true;
 	}




More information about the Fusionforge-commits mailing list