[Fusionforge-commits] r10742 - in trunk/src: db deb-specific

Roland Mas lolando at libremir.placard.fr.eu.org
Mon Sep 27 21:45:41 CEST 2010


Author: lolando
Date: 2010-09-27 21:45:40 +0200 (Mon, 27 Sep 2010)
New Revision: 10742

Added:
   trunk/src/db/20100927-pfo-rbac.sql
Modified:
   trunk/src/deb-specific/db-upgrade.pl
Log:
pfo_rbac_permissions_from_old needs to handle global permissions, even if we remove them from pfo_role_settings afterwards

Added: trunk/src/db/20100927-pfo-rbac.sql
===================================================================
--- trunk/src/db/20100927-pfo-rbac.sql	                        (rev 0)
+++ trunk/src/db/20100927-pfo-rbac.sql	2010-09-27 19:45:40 UTC (rev 10742)
@@ -0,0 +1,294 @@
+CREATE OR REPLACE FUNCTION pfo_rbac_permissions_from_old (rid integer, nsec text, nref integer) RETURNS integer AS $$
+DECLARE
+	os role_setting%ROWTYPE ;
+	onsec text ;
+	onref integer ;
+	onval integer ;
+	r pfo_role%ROWTYPE ;
+	mastergroupid integer := 1 ;
+	newsgroupid integer := 0 ;
+	statsgroupid integer := 0 ;
+	opid integer := 0 ;
+	tmp integer := 0 ;
+BEGIN
+	SELECT group_id INTO newsgroupid FROM groups WHERE unix_group_name = 'newsadmin' ;
+	SELECT group_id INTO statsgroupid FROM groups WHERE unix_group_name = 'stats' ;
+
+	SELECT * INTO r FROM pfo_role WHERE old_role_id = rid ;
+
+	IF nsec = 'project_read' AND nref = r.home_group_id THEN
+	   RETURN 1 ;
+	END IF ;
+
+   	IF nsec = 'forge_admin' AND nref = -1 AND rid = 1 THEN
+	   SELECT count(*) INTO tmp FROM role_setting WHERE role_id = rid ;
+	   IF tmp = 0 THEN
+	      RETURN 1 ;
+	   END IF ;
+	END IF ;
+		   
+	FOR os IN SELECT * FROM role_setting WHERE role_id = rid ORDER BY role_id, section_name, ref_id
+	LOOP
+		SELECT group_id INTO opid FROM role WHERE role_id = os.role_id ;
+
+		IF os.section_name = 'projectadmin' THEN
+		   CONTINUE WHEN os.value != 'A' ;
+		   IF nsec = 'project_admin' AND nref = opid THEN
+		      RETURN 1 ;
+		   END IF ;
+		   IF nsec = 'forge_admin' AND nref = -1 AND opid = mastergroupid THEN
+		      RETURN 1 ;
+		   END IF ;
+		   IF nsec = 'approve_news' AND nref = -1 AND opid = newsgroupid THEN
+		      RETURN 1 ;
+		   END IF ;
+		   IF nsec = 'forge_stats' AND nref = -1 AND opid = statsgroupid THEN
+		      RETURN 2 ;
+		   END IF ;
+
+		ELSIF os.section_name IN ('trackeradmin', 'pmadmin', 'forumadmin') THEN
+		   CONTINUE WHEN os.value != '2' ;
+		   onsec = CASE WHEN os.section_name = 'trackeradmin' THEN 'tracker_admin'
+		   	       WHEN os.section_name = 'pmadmin' THEN 'pm_admin'
+		   	       WHEN os.section_name = 'forumadmin' THEN 'forum_admin' END ;
+		   IF nsec = onsec AND nref = opid THEN
+		      RETURN 1 ;
+		   END IF ;
+
+		ELSIF os.section_name IN ('tracker', 'newtracker') THEN
+		   CONTINUE WHEN os.value = '-1' ;
+		   onsec = CASE WHEN os.section_name = 'tracker' THEN os.section_name
+		   	       WHEN os.section_name = 'newtracker' THEN 'new_tracker' END ;
+		   onref = CASE WHEN os.section_name = 'tracker' THEN os.ref_id
+		   	       WHEN os.section_name = 'newtracker' THEN opid END ;
+		   onval = CASE WHEN os.value = '0' THEN 1
+		   	       WHEN os.value = '1' THEN 3
+		   	       WHEN os.value = '2' THEN 7
+		   	       WHEN os.value = '3' THEN 5 END ;
+		   IF nsec = onsec AND nref = onref THEN
+		      RETURN onval ;
+		   END IF ;
+
+		ELSIF os.section_name IN ('pm', 'newpm') THEN
+		   CONTINUE WHEN os.value = '-1' ;
+		   onsec = CASE WHEN os.section_name = 'pm' THEN os.section_name
+		   	       WHEN os.section_name = 'newpm' THEN 'new_pm' END ;
+		   onref = CASE WHEN os.section_name = 'pm' THEN os.ref_id
+		   	       WHEN os.section_name = 'newpm' THEN opid END ;
+		   onval = CASE WHEN os.value = '0' THEN 1
+		   	       WHEN os.value = '1' THEN 3
+		   	       WHEN os.value = '2' THEN 7
+		   	       WHEN os.value = '3' THEN 5 END ;
+		   IF nsec = onsec AND nref = onref THEN
+		      RETURN onval ;
+		   END IF ;
+
+		ELSIF os.section_name = 'forum' THEN
+		   CONTINUE WHEN os.value = '-1' ;
+		   onsec = os.section_name ;
+		   onref = os.ref_id ;
+		   SELECT moderation_level INTO tmp FROM forum_group_list WHERE group_forum_id = onref ;
+		   onval = CASE WHEN os.value = '0' THEN 1
+		   	       WHEN os.value = '1' AND tmp >= 2 THEN 2
+		   	       WHEN os.value = '1' AND tmp <= 1 THEN 3
+		   	       WHEN os.value = '2' THEN 4 END ;
+		   IF nsec = onsec AND nref = onref THEN
+		      RETURN onval ;
+		   END IF ;
+
+		ELSIF os.section_name = 'newforum' THEN
+		   CONTINUE WHEN os.value = '-1' ;
+		   onsec = 'new_forum' ;
+		   onref = opid ;
+		   onval = CASE WHEN os.value = '0' THEN 1
+		   	       WHEN os.value = '1' THEN 2
+		   	       WHEN os.value = '2' THEN 4 END ;
+		   IF nsec = onsec AND nref = onref THEN
+		      RETURN onval ;
+		   END IF ;
+
+		ELSIF os.section_name = 'docman' THEN
+		   onsec = os.section_name ;
+		   onref = opid ;
+		   onval = CASE WHEN os.value = '0' THEN 1
+		   	       WHEN os.value = '1' THEN 4 END ;
+		   IF nsec = onsec AND nref = onref THEN
+		      RETURN onval ;
+		   END IF ;
+
+		ELSIF os.section_name = 'frs' THEN
+		   onsec = os.section_name ;
+		   onref = opid ;
+		   onval = CASE WHEN os.value = '0' THEN 1
+		   	       WHEN os.value = '1' THEN 3 END ;
+		   IF nsec = onsec AND nref = onref THEN
+		      RETURN onval ;
+		   END IF ;
+
+		ELSIF os.section_name = 'scm' THEN
+		   CONTINUE WHEN os.value = '-1' ;
+		   onsec = os.section_name ;
+		   onref = opid ;
+		   onval = CASE WHEN os.value = '0' THEN 1
+		   	       WHEN os.value = '1' THEN 2 END ;
+		   IF nsec = onsec AND nref = onref THEN
+		      RETURN onval ;
+		   END IF ;
+
+		ELSIF os.section_name = 'webcal' THEN
+		   CONTINUE WHEN os.value = '0' ;
+		   onsec = os.section_name ;
+		   onref = opid ;
+		   onval = os.value ;
+		   IF nsec = onsec AND nref = onref THEN
+		      RETURN onval ;
+		   END IF ;
+
+		ELSIF os.section_name = 'plugin_mediawiki_edit' THEN
+		   CONTINUE WHEN os.value = '0' ;
+		   onsec = os.section_name ;
+		   onref = opid ;
+		   onval = os.value ;
+		   IF nsec = onsec AND nref = onref THEN
+		      RETURN onval ;
+		   END IF ;
+
+		ELSE
+		   RAISE EXCEPTION 'Unknown setting % for role %', os.section_name, os.role_id ;
+		   CONTINUE WHEN os.value = '0' ;
+		   onsec = os.section_name ;
+		   onref = os.ref_id ;
+		   onval = os.value::integer ;
+		   IF nsec = onsec AND nref = onref THEN
+		      RETURN onval ;
+		   END IF ;
+
+		END IF ;
+
+	END LOOP ;
+
+	RETURN 0 ;
+
+END ;
+$$ LANGUAGE plpgsql ;
+
+CREATE OR REPLACE FUNCTION migrate_role_observer_to_pfo_rbac () RETURNS void AS $$
+DECLARE
+	g groups%ROWTYPE ;
+	t artifact_group_list%ROWTYPE ;
+	f forum_group_list%ROWTYPE ;
+	p project_group_list%ROWTYPE ;
+	need_loggedin boolean := false ;
+BEGIN
+	FOR g IN SELECT * FROM groups WHERE is_public = 1
+	LOOP
+		INSERT INTO role_project_refs VALUES (1, g.group_id) ;
+		INSERT INTO role_project_refs VALUES (2, g.group_id) ;
+		PERFORM insert_pfo_role_setting (1, 'project_read', g.group_id, 1) ;
+		PERFORM insert_pfo_role_setting (1, 'new_tracker', g.group_id, 1) ;
+		PERFORM insert_pfo_role_setting (1, 'new_pm', g.group_id, 1) ;
+		PERFORM insert_pfo_role_setting (1, 'new_forum', g.group_id, 1) ;
+		PERFORM insert_pfo_role_setting (1, 'frs', g.group_id, 1) ;
+		PERFORM insert_pfo_role_setting (2, 'project_read', g.group_id, 1) ;
+		PERFORM insert_pfo_role_setting (2, 'new_tracker', g.group_id, 1) ;
+		PERFORM insert_pfo_role_setting (2, 'new_pm', g.group_id, 1) ;
+		PERFORM insert_pfo_role_setting (2, 'new_forum', g.group_id, 1) ;
+		PERFORM insert_pfo_role_setting (2, 'frs', g.group_id, 1) ;
+
+		IF g.enable_anonscm = 1 THEN
+		   PERFORM insert_pfo_role_setting (1, 'scm', g.group_id, 1) ;
+		   PERFORM insert_pfo_role_setting (2, 'scm', g.group_id, 1) ;
+		END IF ;
+
+		FOR t IN SELECT * FROM artifact_group_list WHERE group_id = g.group_id AND is_public = 1
+		LOOP
+			IF t.allow_anon = 1 THEN
+			   PERFORM insert_pfo_role_setting (1, 'tracker', t.group_artifact_id, 1) ;
+			END IF ;
+
+			PERFORM insert_pfo_role_setting (2, 'tracker', t.group_artifact_id, 1) ;
+		END LOOP ;
+		
+		FOR p IN SELECT * FROM project_group_list WHERE group_id = g.group_id AND is_public = 1
+		LOOP
+			PERFORM insert_pfo_role_setting (1, 'pm', p.group_project_id, 1) ;
+			PERFORM insert_pfo_role_setting (2, 'pm', p.group_project_id, 1) ;
+		END LOOP ;
+		
+		FOR f IN SELECT * FROM forum_group_list WHERE group_id = g.group_id AND is_public = 1
+		LOOP
+			IF f.allow_anonymous = 1 THEN
+			   IF f.moderation_level = 0 THEN
+			      PERFORM insert_pfo_role_setting (1, 'forum', f.group_forum_id, 3) ;
+			   ELSE
+			      PERFORM insert_pfo_role_setting (1, 'forum', f.group_forum_id, 2) ;
+			   END IF ;
+			ELSE
+			   PERFORM insert_pfo_role_setting (1, 'forum', f.group_forum_id, 1) ;
+			END IF ;
+
+			IF f.moderation_level = 0 THEN
+			   PERFORM insert_pfo_role_setting (2, 'forum', f.group_forum_id, 3) ;
+			ELSE
+			   PERFORM insert_pfo_role_setting (2, 'forum', f.group_forum_id, 2) ;
+			END IF ;
+		END LOOP ;
+		
+	END LOOP ;
+
+END ;
+$$ LANGUAGE plpgsql ;
+
+CREATE OR REPLACE FUNCTION pfo_rbac_full_migration () RETURNS void AS $$
+DECLARE
+	mastergroupid integer := 1 ;
+	newsgroupid integer := 0 ;
+	statsgroupid integer := 0 ;
+BEGIN
+	DELETE FROM pfo_user_role ;
+	DELETE FROM pfo_role_setting ;
+	DELETE FROM role_project_refs ;
+	DELETE FROM pfo_role ;
+	DELETE FROM pfo_role_class ;
+
+	INSERT INTO pfo_role_class (class_id, class_name) VALUES (1, 'PFO_RoleExplicit') ;
+	INSERT INTO pfo_role_class (class_id, class_name) VALUES (2, 'PFO_RoleAnonymous') ;
+	INSERT INTO pfo_role_class (class_id, class_name) VALUES (3, 'PFO_RoleLoggedIn') ;
+
+	PERFORM setval ('pfo_role_class_seq', 3) ;
+
+	INSERT INTO pfo_role (role_id, role_name, role_class, is_public) VALUES (1, 'Anonymous', 2, true) ;
+	INSERT INTO pfo_role (role_id, role_name, role_class, is_public) VALUES (2, 'LoggedIn', 3, true) ;
+	INSERT INTO pfo_role (role_id, role_name, role_class, is_public) VALUES (3, 'Forge administrators', 1, false) ;
+	INSERT INTO pfo_role (role_id, role_name, role_class, is_public) VALUES (4, 'News moderators', 1, false) ;
+	INSERT INTO pfo_role (role_id, role_name, role_class, is_public) VALUES (5, 'Stats administrators', 1, false) ;
+
+	PERFORM setval ('pfo_role_seq', 5) ;
+
+	INSERT INTO pfo_role (SELECT nextval ('pfo_role_seq'), role_name, 1, group_id, false, role_id FROM role) ;
+
+	INSERT INTO pfo_user_role (SELECT ug.user_id, r.role_id FROM user_group ug, pfo_role r WHERE ug.role_id = r.old_role_id AND r.old_role_id != 1) ;
+
+	PERFORM migrate_rbac_permissions_to_pfo_rbac () ;
+	PERFORM migrate_role_observer_to_pfo_rbac () ;
+
+	-- Set up members and permissions for Forge administrators
+	INSERT INTO pfo_user_role (SELECT user_id, 3 FROM user_group WHERE group_id = mastergroupid AND admin_flags = 'A') ;
+	PERFORM insert_pfo_role_setting (3, 'forge_admin', -1, 1) ;
+
+	-- Set up members and permissions for News moderators
+	SELECT group_id INTO newsgroupid FROM groups WHERE unix_group_name = 'newsadmin' ;
+	INSERT INTO pfo_user_role (SELECT user_id, 4 FROM user_group WHERE group_id = newsgroupid AND admin_flags = 'A') ;
+	PERFORM insert_pfo_role_setting (4, 'approve_news', -1, 1) ;
+
+	-- Set up members and permissions for Stats administrators
+	SELECT group_id INTO statsgroupid FROM groups WHERE unix_group_name = 'stats' ;
+	INSERT INTO pfo_user_role (SELECT user_id, 5 FROM user_group WHERE group_id = statsgroupid AND admin_flags = 'A') ;
+	PERFORM insert_pfo_role_setting (5, 'forge_stats', -1, 2) ;
+
+	DELETE FROM pfo_role_setting WHERE section_name IN ('forge_admin', 'approve_projects', 'approve_news', 'forge_stats') AND role_id IN (SELECT role_id FROM pfo_role WHERE role_class = 1 AND home_group_id IS NOT NULL) ;
+
+END ;
+$$ LANGUAGE plpgsql ;
+
+SELECT pfo_rbac_full_migration () ;

Modified: trunk/src/deb-specific/db-upgrade.pl
===================================================================
--- trunk/src/deb-specific/db-upgrade.pl	2010-09-27 16:50:33 UTC (rev 10741)
+++ trunk/src/deb-specific/db-upgrade.pl	2010-09-27 19:45:40 UTC (rev 10742)
@@ -2917,6 +2917,7 @@
     &update_with_sql("20100730-docman","5.0.1-8");
     &update_with_sql("20100924-theme","5.0.1-9");
     &update_with_sql("20100926-pfo-rbac","5.0.1-10");
+    &update_with_sql("20100927-pfo-rbac","5.0.1-11");
 
     ########################### INSERT HERE #################################
 




More information about the Fusionforge-commits mailing list