[Fusionforge-commits] r10650 - trunk/src/common/include

Roland Mas lolando at libremir.placard.fr.eu.org
Thu Sep 23 14:49:26 CEST 2010


Author: lolando
Date: 2010-09-23 14:49:26 +0200 (Thu, 23 Sep 2010)
New Revision: 10650

Modified:
   trunk/src/common/include/RBAC.php
   trunk/src/common/include/Role.class.php
Log:
Don't forget to remove permissions on a project from a role when unlinking the role from the project

Modified: trunk/src/common/include/RBAC.php
===================================================================
--- trunk/src/common/include/RBAC.php	2010-09-23 10:20:17 UTC (rev 10649)
+++ trunk/src/common/include/RBAC.php	2010-09-23 12:49:26 UTC (rev 10650)
@@ -310,6 +310,8 @@
 			return false;
 		}
 
+		$this->removeObsoleteSettings () ;
+
 		return true ;
 	}
 
@@ -1127,7 +1129,30 @@
 		}
 	}
 
+	function removeObsoleteSettings () {
+		db_begin () ;
 
+		// Remove obsolete project-wide settings
+		$sections = array ('project_read', 'project_admin', 'frs', 'scm', 'docman', 'tracker_admin', 'new_tracker', 'forum_admin', 'new_forum', 'pm_admin', 'new_pm', 'webcal') ;
+		db_query_params ('DELETE FROM pfo_role_setting where role_id=$1 AND section_name=ANY($2) and ref_id NOT IN (SELECT home_group_id FROM pfo_role WHERE role_id=$1 UNION SELECT group_id from role_project_refs WHERE role_id=$1)',
+				 array ($this->getID(),
+					db_string_array_to_any_clause($sections))) ;
+
+
+		// Remove obsolete settings for multiple-instance tools
+		db_query_params ('DELETE FROM pfo_role_setting where role_id=$1 AND section_name=$2 and ref_id NOT IN (SELECT group_artifact_id FROM artifact_group_list WHERE group_id IN (SELECT home_group_id FROM pfo_role WHERE role_id=$1 UNION SELECT group_id from role_project_refs WHERE role_id=$1))',
+				 array ($this->getID(),
+					'tracker')) ;
+		db_query_params ('DELETE FROM pfo_role_setting where role_id=$1 AND section_name=$2 and ref_id NOT IN (SELECT group_project_id FROM project_group_list WHERE group_id IN (SELECT home_group_id FROM pfo_role WHERE role_id=$1 UNION SELECT group_id from role_project_refs WHERE role_id=$1))',
+				 array ($this->getID(),
+					'pm')) ;
+		db_query_params ('DELETE FROM pfo_role_setting where role_id=$1 AND section_name=$2 and ref_id NOT IN (SELECT group_forum_id FROM forum_group_list WHERE group_id IN (SELECT home_group_id FROM pfo_role WHERE role_id=$1 UNION SELECT group_id from role_project_refs WHERE role_id=$1))',
+				 array ($this->getID(),
+					'forum')) ;
+
+		db_commit () ;
+		return true ;
+	}
 }
 
 // Actual classes

Modified: trunk/src/common/include/Role.class.php
===================================================================
--- trunk/src/common/include/Role.class.php	2010-09-23 10:20:17 UTC (rev 10649)
+++ trunk/src/common/include/Role.class.php	2010-09-23 12:49:26 UTC (rev 10650)
@@ -370,6 +370,8 @@
 	}
 
 	function normalizeData () { // From the PFO spec
+		$this->removeObsoleteSettings () ;
+
 		$this->fetchData ($this->getID()) ;
 
 		$projects = $this->getLinkedProjects() ;		




More information about the Fusionforge-commits mailing list