[Fusionforge-commits] r10676 - in trunk/src/common/include: . system
Roland Mas
lolando at libremir.placard.fr.eu.org
Fri Sep 24 19:16:08 CEST 2010
Author: lolando
Date: 2010-09-24 19:16:08 +0200 (Fri, 24 Sep 2010)
New Revision: 10676
Modified:
trunk/src/common/include/Group.class.php
trunk/src/common/include/GroupJoinRequest.class.php
trunk/src/common/include/RBAC.php
trunk/src/common/include/Role.class.php
trunk/src/common/include/System.class.php
trunk/src/common/include/User.class.php
trunk/src/common/include/system/LDAP.class.php
trunk/src/common/include/system/pgsql.class.php
Log:
Less SQL, more code reuse, and simpler code paths for sync between FF perms and system perms
Modified: trunk/src/common/include/Group.class.php
===================================================================
--- trunk/src/common/include/Group.class.php 2010-09-24 15:44:17 UTC (rev 10675)
+++ trunk/src/common/include/Group.class.php 2010-09-24 17:16:08 UTC (rev 10676)
@@ -1915,7 +1915,7 @@
return false;
}
$found_role->removeUser ($user) ;
- if (!$SYS->sysGroupRemoveUser($this->getID(),$user_id)) {
+ if (!$SYS->sysGroupCheckUser($this->getID(),$user_id)) {
$this->setError($SYS->getErrorMessage());
db_rollback();
return false;
@@ -1985,7 +1985,6 @@
//
// Remove user from system
//
-//echo "<h2>Group::addUser SYS->sysGroupRemoveUser(".$this->getID().",$user_id)</h2>";
if (!$SYS->sysGroupRemoveUser($this->getID(),$user_id)) {
$this->setError($SYS->getErrorMessage());
db_rollback();
Modified: trunk/src/common/include/GroupJoinRequest.class.php
===================================================================
--- trunk/src/common/include/GroupJoinRequest.class.php 2010-09-24 15:44:17 UTC (rev 10675)
+++ trunk/src/common/include/GroupJoinRequest.class.php 2010-09-24 17:16:08 UTC (rev 10676)
@@ -107,11 +107,9 @@
// Check if user is already a member of the project
$user = user_get_object ($user_id) ;
- foreach ($user->getGroups() as $p) {
- if ($p->getID() == $this->Group->getID()) {
- $this->setError(_('You are already a member of this project.'));
- return false;
- }
+ if ($user->isMember($this->Group)) {
+ $this->setError(_('You are already a member of this project.'));
+ return false;
}
// Check if user has already submitted a request
Modified: trunk/src/common/include/RBAC.php
===================================================================
--- trunk/src/common/include/RBAC.php 2010-09-24 15:44:17 UTC (rev 10675)
+++ trunk/src/common/include/RBAC.php 2010-09-24 17:16:08 UTC (rev 10676)
@@ -926,6 +926,15 @@
foreach ($refs as $refid => $value) {
$this->setSetting ($sect, $refid, $value) ;
}
+ if ($sect == 'scm') {
+ foreach ($this->getUsers() as $u) {
+ if (!$SYS->sysGroupCheckUser($refid,$u)) {
+ $this->setError($SYS->getErrorMessage());
+ db_rollback();
+ return false;
+ }
+ }
+ }
}
} else {
if (! $this->setName($role_name)) {
@@ -1178,6 +1187,12 @@
$this->getID())) ;
}
}
+
+ foreach ($this->getLinkedProjects() as $p) {
+ foreach ($ids as $uid) {
+ $SYS->sysGroupCheckUser($p->getID(),$uid) ;
+ }
+ }
}
public function addUser ($user) {
@@ -1193,6 +1208,13 @@
$already_there = array () ;
$res = db_query_params ('DELETE FROM pfo_user_role WHERE user_id=ANY($1) AND role_id=$2',
array (db_int_array_to_any_clause($ids), $this->getID())) ;
+
+ foreach ($this->getLinkedProjects() as $p) {
+ foreach ($ids as $uid) {
+ $SYS->sysGroupCheckUser($p->getID(),$uid) ;
+ }
+ }
+
return true ;
}
Modified: trunk/src/common/include/Role.class.php
===================================================================
--- trunk/src/common/include/Role.class.php 2010-09-24 15:44:17 UTC (rev 10675)
+++ trunk/src/common/include/Role.class.php 2010-09-24 17:16:08 UTC (rev 10676)
@@ -694,14 +694,12 @@
// When we remove we only check for SCM (cvs_only=1)
//
if ($uvalue>0) {
-//echo "<h3>Role::setUser SYS->sysGroupAddUser(".$this->Group->getID().",$user_id,1)</h3>";
if (!$SYS->sysGroupAddUser($this->Group->getID(),$user_id,0)) {
$this->setError($SYS->getErrorMessage());
db_rollback();
return false;
}
} else {
-//echo "<h3>Role::setUser SYS->sysGroupRemoveUser(".$this->Group->getID().",$user_id,1)</h3>";
if (!$SYS->sysGroupRemoveUser($this->Group->getID(),$user_id,1)) {
$this->setError($SYS->getErrorMessage());
db_rollback();
Modified: trunk/src/common/include/System.class.php
===================================================================
--- trunk/src/common/include/System.class.php 2010-09-24 15:44:17 UTC (rev 10675)
+++ trunk/src/common/include/System.class.php 2010-09-24 17:16:08 UTC (rev 10676)
@@ -165,6 +165,18 @@
}
/**
+ * sysGroupCheckUser() - Sync forge permissions with system permissions for that user/group
+ *
+ * @param int The ID of the group two which the user will be added
+ * @param int The ID of the user to add
+ * @returns true on success/false on error
+ *
+ */
+ function sysGroupCheckUser($group_id,$user_id) {
+ return true;
+ }
+
+ /**
* sysGroupAddUser() - Add a user to a group
*
* @param int The ID of the group two which the user will be added
Modified: trunk/src/common/include/User.class.php
===================================================================
--- trunk/src/common/include/User.class.php 2010-09-24 15:44:17 UTC (rev 10675)
+++ trunk/src/common/include/User.class.php 2010-09-24 17:16:08 UTC (rev 10676)
@@ -3,7 +3,7 @@
* FusionForge user management
*
* Copyright 1999-2001, VA Linux Systems, Inc.
- * Copyright 2009, Roland Mas
+ * Copyright 2009-2010, Roland Mas
*
* This file is part of FusionForge.
*
@@ -1534,9 +1534,47 @@
return $role;
}
+ function getRoles () {
+ return RBACEngine::getInstance()->getAvailableRolesForUser($this) ;
+ }
+
/* Codendi Glue */
- function isMember($group_id,$type=0){
- return user_ismember($group_id,$type);
+ function isMember($g,$type=0){
+ if (is_int ($g)) {
+ $group = group_get_object ($g) ;
+ $group_id = $g ;
+ } else {
+ $group = $g ;
+ $group_id = $group->getID() ;
+ }
+
+ switch ($type) {
+ case 'P2':
+ //pm admin
+ return forge_check_perm_for_user($this,'pm_admin',$group_id) ;
+ break;
+ case 'F2':
+ //forum admin
+ return forge_check_perm_for_user($this,'forum_admin',$group_id) ;
+ break;
+ case 'A':
+ //admin for this group
+ return forge_check_perm_for_user($this,'project_admin',$group_id) ;
+ break;
+ case 'D1':
+ //document editor
+ return forge_check_perm_for_user($this,'docman',$group_id,'admin') ;
+ break;
+ case '0':
+ default:
+ foreach ($this->getGroups() as $p) {
+ if ($p->getID() == $group_id) {
+ return true ;
+ }
+ }
+ return false ;
+ break;
+ }
}
}
@@ -1569,51 +1607,7 @@
return false;
}
- $project =& group_get_object($group_id);
-
- if (!$project || !is_object($project)) {
- return false;
- }
-
- $perm =& $project->getPermission ();
- if (!$perm || !is_object($perm) || !$perm->isMember()) {
- return false;
- }
-
- $type=strtoupper($type);
-
- switch ($type) {
- case 'P2' : {
- //pm admin
- return $perm->isPMAdmin();
- break;
- }
- case 'F2' : {
- //forum admin
- return $perm->isForumAdmin();
- break;
- }
- case '0' : {
- //just in this group
- return $perm->isMember();
- break;
- }
- case 'A' : {
- //admin for this group
- return $perm->isAdmin();
- break;
- }
- case 'D1' : {
- //document editor
- return $perm->isDocEditor();
- break;
- }
- default : {
- //fubar request
- return false;
- }
- }
- return false;
+ return session_get_user()->isMember($group_id, $type) ;
}
/**
Modified: trunk/src/common/include/system/LDAP.class.php
===================================================================
--- trunk/src/common/include/system/LDAP.class.php 2010-09-24 15:44:17 UTC (rev 10675)
+++ trunk/src/common/include/system/LDAP.class.php 2010-09-24 17:16:08 UTC (rev 10676)
@@ -3,6 +3,7 @@
* FusionForge system users integration
*
* Copyright 2004, Christian Bayle
+ * Copyright 2010, Roland Mas
*
* This file is part of FusionForge.
*
@@ -586,6 +587,32 @@
return $ret_val;
}
+ function sysGroupCheckUser($group_id,$user_id) {
+ db_begin () ;
+ if (! $this->sysGroupRemoveUser($group_id,$user_id)) {
+ db_rollback () ;
+ return false;
+ }
+
+ $u = user_get_object($user_id) ;
+ $p = group_get_object($group_id) ;
+ if (forge_check_perm_for_user($u,'scm',$group_id,'write')) {
+ if ($u->isMember($p)) {
+ $this->sysGroupAddUser($group_id,$user_id,false) ;
+ } else {
+ $this->sysGroupRemoveUser($group_id,$user_id,false) ;
+ $this->sysGroupAddUser($group_id,$user_id,true) ;
+ }
+ } else {
+ if ($u->isMember($p)) {
+ $this->sysGroupAddUser($group_id,$user_id,false) ;
+ $this->sysGroupRemoveUser($group_id,$user_id,true) ;
+ } else {
+ $this->sysGroupRemoveUser($group_id,$user_id,false) ;
+ }
+ }
+ }
+
/**
* sysGroupAddUser() - Add a user to an LDAP group
*
Modified: trunk/src/common/include/system/pgsql.class.php
===================================================================
--- trunk/src/common/include/system/pgsql.class.php 2010-09-24 15:44:17 UTC (rev 10675)
+++ trunk/src/common/include/system/pgsql.class.php 2010-09-24 17:16:08 UTC (rev 10676)
@@ -3,6 +3,7 @@
* FusionForge system users integration
*
* Copyright 2004, Christian Bayle
+ * Copyright 2010, Roland Mas
*
* This file is part of FusionForge.
*
@@ -120,89 +121,47 @@
if (!$res) {
$this->setError('ERROR - Could Not Update User UID/GID: '.db_error());
return false;
- } else {
- $res1 = db_query_params ('DELETE FROM nss_usergroups WHERE user_id=$1',
- array ($user_id)) ;
- if (!$res1) {
- $this->setError('ERROR - Could Not Delete Group Member(s): '.db_error());
- return false;
- }
- // This is group used for user, not a real project
- $res2 = db_query_params ('DELETE FROM nss_groups WHERE name IN
+ }
+ $res1 = db_query_params ('DELETE FROM nss_usergroups WHERE user_id=$1',
+ array ($user_id)) ;
+ if (!$res1) {
+ $this->setError('ERROR - Could Not Delete Group Member(s): '.db_error());
+ return false;
+ }
+ // This is group used for user, not a real project
+ $res2 = db_query_params ('DELETE FROM nss_groups WHERE name IN
(SELECT user_name FROM users WHERE user_id=$1)',
- array ($user_id));
- if (!$res2) {
- $this->setError('ERROR - Could Not Delete Group GID: '.db_error());
- return false;
- }
- $res3 = db_query_params ('INSERT INTO nss_groups
+ array ($user_id));
+ if (!$res2) {
+ $this->setError('ERROR - Could Not Delete Group GID: '.db_error());
+ return false;
+ }
+ $res3 = db_query_params ('INSERT INTO nss_groups
(user_id, group_id,name, gid)
SELECT user_id, 0, user_name, unix_gid
FROM users WHERE user_id=$1',
- array ($user_id));
- if (!$res3) {
- $this->setError('ERROR - Could Not Update Group GID: '.db_error());
- return false;
+ array ($user_id));
+ if (!$res3) {
+ $this->setError('ERROR - Could Not Update Group GID: '.db_error());
+ return false;
+ }
+
+ $pids = array () ;
+ foreach ($user->getGroups() as $p) {
+ $pids[] = $p->getID() ;
+ }
+ foreach ($user->getRoles() as $r) {
+ foreach ($r->getLinkedProjects() as $p) {
+ if (forge_check_perm_for_user ($user, 'scm', $p->getID(), 'write')) {
+ $pids[] = $p->getID() ;
+ }
}
- $res4 = db_query_params ('INSERT INTO nss_usergroups (
- SELECT
- users.unix_uid AS uid,
- groups.group_id + $1 AS gid,
- users.user_id AS user_id,
- groups.group_id AS group_id,
- users.user_name AS user_name,
- groups.unix_group_name AS unix_group_name
- FROM users,groups,user_group
- WHERE
- users.user_id=user_group.user_id
- AND
- groups.group_id=user_group.group_id
- AND
- users.user_id=$2
- AND
- groups.status=$3
- AND
- users.unix_status=$4
- AND
- users.status=$5
- UNION
- SELECT
- users.unix_uid AS uid,
- groups.group_id + $6 AS gid,
- users.user_id AS user_id,
- groups.group_id AS group_id,
- users.user_name AS user_name,
- $7 || groups.unix_group_name AS unix_group_name
- FROM users,groups,user_group
- WHERE
- users.user_id=user_group.user_id
- AND
- groups.group_id=user_group.group_id
- AND
- users.user_id=$8
- AND
- groups.status=$9
- AND
- users.unix_status=$10
- AND
- users.status=$11
- AND
- user_group.cvs_flags > 0)
- ',
- array ($this->GID_ADD,
- $user_id,
- 'A', 'A', 'A',
- $this->SCM_UID_ADD,
- 'scm_',
- $user_id,
- 'A', 'A', 'A')) ;
- if (!$res4) {
- $this->setError('ERROR - Could Not Update Group Member(s): '.db_error());
- return false;
- }
}
- return true;
+ foreach (array_unique($pids) as $pid) {
+ $this->sysGroupAddUser($p->getID(), $user_id) ;
+ }
}
+ return true;
}
/**
@@ -310,101 +269,49 @@
$group = &group_get_object($group_id);
if (!$group) {
return false;
- } else {
- $res1 = db_query_params ('DELETE FROM nss_usergroups WHERE group_id=$1',
- array ($group_id));
- if (!$res1) {
- $this->setError('ERROR - Could Not Delete Group Member(s): '.db_error());
- return false;
- }
- $res3 = db_query_params ('DELETE FROM nss_groups WHERE group_id=$1',
- array ($group_id)) ;
- if (!$res3) {
- $this->setError('ERROR - Could Not Delete Group GID: '.db_error());
- return false;
- }
- $res4 = db_query_params ('INSERT INTO nss_groups
+ }
+
+ $res1 = db_query_params ('DELETE FROM nss_usergroups WHERE group_id=$1',
+ array ($group_id));
+ if (!$res1) {
+ $this->setError('ERROR - Could Not Delete Group Member(s): '.db_error());
+ return false;
+ }
+ $res3 = db_query_params ('DELETE FROM nss_groups WHERE group_id=$1',
+ array ($group_id)) ;
+ if (!$res3) {
+ $this->setError('ERROR - Could Not Delete Group GID: '.db_error());
+ return false;
+ }
+ $res4 = db_query_params ('INSERT INTO nss_groups
(user_id, group_id, name, gid)
SELECT 0, group_id, unix_group_name, group_id + $1
FROM groups
WHERE group_id=$2',
- array ($this->GID_ADD,
- $group_id)) ;
- if (!$res4) {
- $this->setError('ERROR - Could Not Insert Group GID: '.db_error());
- return false;
- }
- $res5 = db_query_params ('INSERT INTO nss_groups
+ array ($this->GID_ADD,
+ $group_id)) ;
+ if (!$res4) {
+ $this->setError('ERROR - Could Not Insert Group GID: '.db_error());
+ return false;
+ }
+ $res5 = db_query_params ('INSERT INTO nss_groups
(user_id, group_id, name, gid)
SELECT 0, group_id, $1 || unix_group_name, group_id + $2
FROM groups
WHERE group_id=$3',
- array ('scm_',
- $this->SCM_UID_ADD,
- $group_id)) ;
-
- if (!$res5) {
- $this->setError('ERROR - Could Not Insert SCM Group GID: '.db_error());
- return false;
- }
- $res6 = db_query_params ('INSERT INTO nss_usergroups (
- SELECT
- users.unix_uid AS uid,
- groups.group_id + $1 AS gid,
- users.user_id AS user_id,
- groups.group_id AS group_id,
- users.user_name AS user_name,
- groups.unix_group_name AS unix_group_name
- FROM users,groups,user_group
- WHERE
- users.user_id=user_group.user_id
- AND
- groups.group_id=user_group.group_id
- AND
- groups.group_id=$2
- AND
- groups.status=$3
- AND
- users.unix_status=$4
- AND
- users.status=$5
- UNION
- SELECT
- users.unix_uid AS uid,
- groups.group_id + $6 AS gid,
- users.user_id AS user_id,
- groups.group_id AS group_id,
- users.user_name AS user_name,
- $7 || groups.unix_group_name AS unix_group_name
- FROM users,groups,user_group
- WHERE
- groups.group_id=user_group.group_id
- AND
- users.user_id=user_group.user_id
- AND
- groups.group_id=$8
- AND
- groups.status=$9
- AND
- users.unix_status=$10
- AND
- users.status=$11
- AND
- user_group.cvs_flags > 0)',
- array ($this->GID_ADD,
- $group_id,
- 'A', 'A', 'A',
- $this->SCM_UID_ADD,
- 'scm_',
- $group_id,
- 'A', 'A', 'A',
-
-)) ;;
- if (!$res6) {
- $this->setError('ERROR - Could Not Update Group Member(s): '.db_error());
- return false;
- }
+ array ('scm_',
+ $this->SCM_UID_ADD,
+ $group_id)) ;
+
+ if (!$res5) {
+ $this->setError('ERROR - Could Not Insert SCM Group GID: '.db_error());
+ return false;
}
+
+ foreach ($group->getUsers() as $u) {
+ $this->sysGroupAddUser ($group_id, $u->getID()) ;
+ }
+
return true;
}
@@ -431,89 +338,88 @@
return true;
}
+ /**
+ * sysGroupAddUser() - Add a user to a group
+ *
+ * @param int The ID of the group two which the user will be added
+ * @param int The ID of the user to add
+ * @param bool ignored
+ * @returns true on success/false on error
+ *
+ */
+ function sysGroupAddUser($group_id,$user_id,$foo=NULL) {
+ return $this->sysGroupCheckUser($group_id,$user_id) ;
+ }
+
/**
- * sysGroupAddUser() - Add a user to a group
+ * sysGroupCheckUser() - Sync user's Unix permissions with their FF permissions within a group
*
- * @param int The ID of the group two which the user will be added
- * @param int The ID of the user to add
- * @param bool Only add this user to CVS
+ * @param int The ID of the group
+ * @param int The ID of the user
* @returns true on success/false on error
*
*/
- function sysGroupAddUser($group_id,$user_id,$cvs_only=0) {
- if (! $this->sysGroupRemoveUser($group_id,$user_id,$cvs_only))
+ function sysGroupCheckUser($group_id,$user_id) {
+ db_begin () ;
+ if (! $this->sysGroupRemoveUser($group_id,$user_id)) {
+ db_rollback () ;
return false;
- $res1 = db_query_params ('INSERT INTO nss_usergroups (
- SELECT
- users.unix_uid AS uid,
- groups.group_id + $1 AS gid,
- users.user_id AS user_id,
- groups.group_id AS group_id,
- users.user_name AS user_name,
- $2 || groups.unix_group_name AS unix_group_name
- FROM users,groups,user_group
- WHERE
- users.user_id=user_group.user_id
- AND
- groups.group_id=user_group.group_id
- AND
- users.user_id=$3
- AND
- groups.group_id=$4
- AND
- groups.status =$5
- AND
- users.unix_status=$6
- AND
- users.status=$7
- AND
- user_group.cvs_flags > 0)',
- array ($this->SCM_UID_ADD,
- 'scm_',
- $user_id,
- $group_id,
- 'A', 'A', 'A')) ;
- if (!$res1) {
- $this->setError('ERROR - Could Not Add SCM Member(s): '.db_error());
- return false;
}
-
- if ($cvs_only) {
- return true;
+
+ $u = user_get_object($user_id) ;
+ $p = group_get_object($group_id) ;
+ if (forge_check_perm_for_user($u,'scm',$group_id,'write')) {
+ $res = db_query_params ('INSERT INTO nss_usergroups (
+SELECT users.unix_uid AS uid,
+ groups.group_id + $1 AS gid,
+ users.user_id AS user_id,
+ groups.group_id AS group_id,
+ users.user_name AS user_name,
+ $2 || groups.unix_group_name AS unix_group_name
+FROM users,groups
+WHERE users.user_id=$3
+ AND users.status=$4
+ AND users.unix_status=$5
+ AND group.status=$6
+ AND groups.group_id=$7)',
+ array ($this->SCM_UID_ADD,
+ 'scm_',
+ $user_id,
+ 'A', 'A', 'A',
+ $group_id)) ;
+ if (!$res) {
+ db_rollback () ;
+ $this->setError('ERROR - Could Not Update Group Member(s): '.db_error());
+ return false;
+ }
}
-
- $res2 = db_query_params ('INSERT INTO nss_usergroups (
- SELECT
- users.unix_uid AS uid,
- groups.group_id + $1 AS gid,
- users.user_id AS user_id,
- groups.group_id AS group_id,
- users.user_name AS user_name,
- groups.unix_group_name AS unix_group_name
- FROM users,groups,user_group
- WHERE
- users.user_id=user_group.user_id
- AND
- groups.group_id=user_group.group_id
- AND
- users.user_id=$2
- AND
- groups.group_id=$3
- AND
- groups.status=$4
- AND
- users.unix_status=$5
- AND
- users.status=$6)',
- array ($this->GID_ADD,
- $user_id,
- $group_id,
- 'A', 'A', 'A'));
- if (!$res2) {
- $this->setError('ERROR - Could Not Add Shell Group Member(s): '.db_error());
- return false;
+
+ if ($u->isMember($p)) {
+ $res = db_query_params ('INSERT INTO nss_usergroups (
+SELECT users.unix_uid AS uid,
+ groups.group_id + $1 AS gid,
+ users.user_id AS user_id,
+ groups.group_id AS group_id,
+ users.user_name AS user_name,
+ groups.unix_group_name AS unix_group_name
+FROM users,groups
+WHERE users.user_id=$2
+ AND users.status=$3
+ AND users.unix_status=$4
+ AND group.status=$5
+ AND groups.group_id=$6)',
+ array ($this->GID_ADD,
+ $user_id,
+ 'A', 'A', 'A',
+ $group_id)) ;
+ if (!$res) {
+ $this->setError('ERROR - Could Not Update Group Member(s): '.db_error());
+ db_rollback () ;
+ return false;
+ }
}
-
+
+ db_commit () ;
return true;
}
@@ -522,22 +428,14 @@
*
* @param int The ID of the group from which to remove the user
* @param int The ID of the user to remove
- * @param bool Only remove user from CVS group
* @returns true on success/false on error
*
*/
- function sysGroupRemoveUser($group_id,$user_id,$cvs_only=0) {
- if ($cvs_only) {
- $res1 = db_query_params ('DELETE FROM nss_usergroups WHERE user_id=$1 AND group_id=$2 AND unix_group_name LIKE $3',
- array ($user_id,
- $group_id,
- 'scm_%')) ;
- } else {
- $res1 = db_query_params ('DELETE FROM nss_usergroups WHERE user_id=$1 AND group_id=$2',
- array ($user_id,
- $group_id)) ;
- }
- if (!$res1) {
+ function sysGroupRemoveUser($group_id,$user_id) {
+ $res = db_query_params ('DELETE FROM nss_usergroups WHERE user_id=$1 AND group_id=$2',
+ array ($user_id,
+ $group_id)) ;
+ if (!$res) {
$this->setError('ERROR - Could Not Delete Group Member(s): '.db_error());
return false;
}
More information about the Fusionforge-commits
mailing list