[Fusionforge-commits] r10616 - trunk/src/common/include

Roland Mas lolando at libremir.placard.fr.eu.org
Wed Sep 22 10:48:15 CEST 2010


Author: lolando
Date: 2010-09-22 10:48:15 +0200 (Wed, 22 Sep 2010)
New Revision: 10616

Modified:
   trunk/src/common/include/RBAC.php
   trunk/src/common/include/Role.class.php
Log:
PFO-RBAC for role deletion

Modified: trunk/src/common/include/RBAC.php
===================================================================
--- trunk/src/common/include/RBAC.php	2010-09-22 08:43:31 UTC (rev 10615)
+++ trunk/src/common/include/RBAC.php	2010-09-22 08:48:15 UTC (rev 10616)
@@ -240,6 +240,9 @@
 	public function normalizeData () {
 		throw new Exception ("Not implemented") ;
 	}
+	public function delete () {
+		throw new Exception ("Not implemented") ;
+	}
 
 	/**
 	 *   getLinkedProjects - List of projects referencing that role

Modified: trunk/src/common/include/Role.class.php
===================================================================
--- trunk/src/common/include/Role.class.php	2010-09-22 08:43:31 UTC (rev 10615)
+++ trunk/src/common/include/Role.class.php	2010-09-22 08:48:15 UTC (rev 10616)
@@ -495,44 +495,94 @@
 	 *	@return	boolean	True on success or false on failure.
 	 */
 	function delete() {
+		if (USE_PFO_RBAC) {
+			if ($this->Group == NULL
+			    && !forge_check_global_perm ('forge_admin')) {
+				$this->setPermissionDeniedError();
+				return false;
+			} elseif (!forge_check_perm ('project_admin', $this->Group->getID())) {
+				$this->setPermissionDeniedError();
+				return false;
+			}
+			
+			$res=db_query_params('SELECT user_id FROM pfo_user_role WHERE role_id=$1',
+					     array($this->getID()));
+			assert($res);
+			if (db_numrows($res) > 0) {
+				$this->setError('Cannot remove a non empty role.');
+				return false;
+			}
 
-		if (!is_numeric($this->getID())) {
-			$this->setError('Role::delete() role_id is not an integer');
-			return false;
+			$res=db_query_params('DELETE FROM pfo_user_role WHERE role_id=$1',
+					     array($this->getID())) ;
+			if (!$res || db_affected_rows($res) < 1) {
+				$this->setError('delete::name::'.db_error());
+				db_rollback();
+				return false;
+			}
+			
+			$res=db_query_params('DELETE FROM role_project_refs WHERE role_id=$1',
+					     array($this->getID())) ;
+			if (!$res || db_affected_rows($res) < 1) {
+				$this->setError('delete::name::'.db_error());
+				db_rollback();
+				return false;
+			}
+			
+			$res=db_query_params('DELETE FROM pfo_role_setting WHERE role_id=$1',
+					     array($this->getID())) ;
+			if (!$res || db_affected_rows($res) < 1) {
+				$this->setError('delete::name::'.db_error());
+				db_rollback();
+				return false;
+			}
+			
+			$res=db_query_params('DELETE FROM pfo_role WHERE role_id=$1',
+					     array($this->getID())) ;
+			if (!$res || db_affected_rows($res) < 1) {
+				$this->setError('delete::name::'.db_error());
+				db_rollback();
+				return false;
+			}
+		} else {
+			if (!is_numeric($this->getID())) {
+				$this->setError('Role::delete() role_id is not an integer');
+				return false;
+			}
+			
+			//	Cannot delete role_id=1
+			if ($this->getID() == 1) {
+				$this->setError('Cannot Delete Default Role.');
+				return false;
+			}
+			$perm =& $this->Group->getPermission();
+			if (!$perm || !is_object($perm) || $perm->isError() || !$perm->isAdmin()) {
+				$this->setPermissionDeniedError();
+				return false;
+			}
+			
+			$res=db_query_params('SELECT user_id FROM user_group WHERE role_id=$1',
+					     array($this->getID()));
+			assert($res);
+			if (db_numrows($res) > 0) {
+				$this->setError('Cannot remove a non empty role.');
+				return false;
+			}
+		
+			db_begin();
+			
+			$res=db_query_params('DELETE FROM role WHERE group_id=$1 AND role_id=$2',
+					     array($this->Group->getID(), $this->getID())) ;
+			if (!$res || db_affected_rows($res) < 1) {
+				$this->setError('delete::name::'.db_error());
+				db_rollback();
+				return false;
+			}
+			
+			db_commit();
+			
+			return true;
 		}
-
-		//	Cannot delete role_id=1
-		if ($this->getID() == 1) {
-			$this->setError('Cannot Delete Default Role.');
-			return false;
-		}
-		$perm =& $this->Group->getPermission();
-		if (!$perm || !is_object($perm) || $perm->isError() || !$perm->isAdmin()) {
-			$this->setPermissionDeniedError();
-			return false;
-		}
-
-		$res=db_query_params('SELECT user_id FROM user_group WHERE role_id=$1',
-			array($this->getID()));
-		assert($res);
-		if (db_numrows($res) > 0) {
-			$this->setError('Cannot remove a non empty role.');
-			return false;
-		}
-
-		db_begin();
-
-		$res=db_query_params('DELETE FROM role WHERE group_id=$1 AND role_id=$2',
-			array($this->Group->getID(), $this->getID())) ;
-		if (!$res || db_affected_rows($res) < 1) {
-			$this->setError('delete::name::'.db_error());
-			db_rollback();
-			return false;
-		}
-
-		db_commit();
-
-		return true;
 	}
 
 	function setUser($user_id) {




More information about the Fusionforge-commits mailing list