[Fusionforge-commits] r11135 - trunk/src/www/tracker/admin

Roland Mas lolando at libremir.placard.fr.eu.org
Fri Oct 22 14:19:55 CEST 2010


Author: lolando
Date: 2010-10-22 14:19:55 +0200 (Fri, 22 Oct 2010)
New Revision: 11135

Modified:
   trunk/src/www/tracker/admin/form-extrafieldcopy.php
Log:
Use RBAC API rather than accessing the user_group table

Modified: trunk/src/www/tracker/admin/form-extrafieldcopy.php
===================================================================
--- trunk/src/www/tracker/admin/form-extrafieldcopy.php	2010-10-22 12:13:18 UTC (rev 11134)
+++ trunk/src/www/tracker/admin/form-extrafieldcopy.php	2010-10-22 12:19:55 UTC (rev 11135)
@@ -30,24 +30,24 @@
 
 // Get a list of all extra fields in trackers and groups that you have perms to admin
 
+$project_ids = array () ;
+foreach (session_getuser()->getGroups() as $p) {
+	if (forge_check_perm ('tracker_admin', $p->getID())) {
+		$project_ids[] = $p->getID() ;
+	}
+}
+
 $res = db_query_params ('SELECT g.unix_group_name, agl.name AS tracker_name, aefl.field_name, aefl.extra_field_id
 			FROM groups g, 
 			artifact_group_list agl, 
-			artifact_extra_field_list aefl,
-			user_group ug,
-			artifact_perm ap
-			WHERE 
-			(ug.admin_flags=$1 OR ug.artifact_flags=2 OR ap.perm_level>=2)
-			AND ug.user_id=$2
-			AND ug.group_id=g.group_id
+			artifact_extra_field_list aefl
+			WHERE g.group_id=ANY($1)
 			AND g.group_id=agl.group_id 
 			AND agl.group_artifact_id=ap.group_artifact_id
-			AND ap.user_id=$2
 			AND aefl.group_artifact_id=agl.group_artifact_id
-			AND aefl.extra_field_id != $3
+			AND aefl.extra_field_id != $2
 			AND aefl.field_type IN (1,2,3,5,7)',
-			array ('A',
-			       user_getid(),
+			array (db_int_array_to_any_clause ($project_ids),
 			       $id));
 		if (db_numrows($res) < 1) {
 			exit_error(_('Cannot find a destination tracker where you have administration rights.'),'tracker');




More information about the Fusionforge-commits mailing list