[Fusionforge-commits] r14022 - in trunk: . src src/common/include

Roland Mas lolando at fusionforge.org
Mon Aug 1 15:16:12 CEST 2011


Author: lolando
Date: 2011-08-01 15:16:12 +0200 (Mon, 01 Aug 2011)
New Revision: 14022

Modified:
   trunk/
   trunk/src/common/include/Group.class.php
   trunk/src/common/include/RBAC.php
   trunk/src/common/include/RBACEngine.class.php
   trunk/src/common/include/Role.class.php
   trunk/src/common/include/rbac_texts.php
   trunk/src/fusionforge-install-3-db.php
Log:
Started pruning old code: the 'else' parts of 'if(USE_PFO_RBAC)'

Modified: trunk/src/common/include/Group.class.php
===================================================================
--- trunk/src/common/include/Group.class.php	2011-08-01 11:46:45 UTC (rev 14021)
+++ trunk/src/common/include/Group.class.php	2011-08-01 13:16:12 UTC (rev 14022)
@@ -347,31 +347,10 @@
 				return false;
 			}
 
-			if (USE_PFO_RBAC) {
-				$gjr = new GroupJoinRequest($this);
-				$gjr->create($user->getID(),
-					     'Fake GroupJoinRequest to store the creator of a project',
-					     false);
-			} else {
-			//
-			// Now, make the user an admin
-			//
-			$res=db_query_params('INSERT INTO user_group (user_id, group_id, admin_flags,
-				cvs_flags, artifact_flags, forum_flags, role_id)
-				VALUES ($1, $2, $3, $4, $5, $6, $7)',
-					      array($user->getID(),
-						    $id,
-						    'A',
-						    1,
-						    2,
-						    2,
-						    1));
-			if (!$res || db_affected_rows($res) < 1) {
-				$this->setError(sprintf(_('ERROR: Could not add admin to newly created group: %s'),db_error()));
-				db_rollback();
-				return false;
-			}
-			}
+			$gjr = new GroupJoinRequest($this);
+			$gjr->create($user->getID(),
+				     'Fake GroupJoinRequest to store the creator of a project',
+				     false);
 
 			$hook_params = array();
 			$hook_params['group'] = $this;
@@ -988,36 +967,16 @@
 	 * @return	boolean	enable_scm.
 	 */
 	function enableAnonSCM() {
-		if (USE_PFO_RBAC) {
-			$r = RoleAnonymous::getInstance();
-			return $r->hasPermission('scm', $this->getID(), 'read');
-		} else {
-			if ($this->isPublic() && $this->usesSCM()) {
-				return $this->data_array['enable_anonscm'];
-			} else {
-				return false;
-			}
-		}
+		$r = RoleAnonymous::getInstance();
+		return $r->hasPermission('scm', $this->getID(), 'read');
 	}
 
 	function SetUsesAnonSCM($booleanparam) {
 		db_begin();
 		$booleanparam = $booleanparam ? 1 : 0;
-		if (USE_PFO_RBAC) {
-			$r = RoleAnonymous::getInstance();
-			$r->setSetting('scm', $this->getID(), $booleanparam);
-			db_commit();
-		} else {
-			$res = db_query_params('UPDATE groups SET enable_anonscm=$1 WHERE group_id=$2',
-					array($booleanparam, $this->getID()));
-			if ($res) {
-				$this->data_array['enable_anonscm'] = $booleanparam;
-				db_commit();
-			} else {
-				db_rollback();
-				return false;
-			}
-		}
+		$r = RoleAnonymous::getInstance();
+		$r->setSetting('scm', $this->getID(), $booleanparam);
+		db_commit();
 	}
 
 	/**
@@ -1928,119 +1887,22 @@
 				return false;
 			}
 
-			if (USE_PFO_RBAC) {
-				$role->addUser(user_get_object($user_id)) ;
-				if (!$SYS->sysCheckCreateGroup($this->getID())){
-					$this->setError($SYS->getErrorMessage());
-					db_rollback();
-					return false;
-				}
-				if (!$SYS->sysCheckCreateUser($user_id)) {
-					$this->setError($SYS->getErrorMessage());
-					db_rollback();
-					return false;
-				}
-				if (!$SYS->sysGroupCheckUser($this->getID(),$user_id)) {
-					$this->setError($SYS->getErrorMessage());
-					db_rollback();
-					return false;
-				}
-			} else { // NOT USE_PFO_RBAC
-
-				//
-				//	if not already a member, add them
-				//
-				$res_member = db_query_params('SELECT user_id
-				FROM user_group
-				WHERE user_id=$1 AND group_id=$2',
-				array($user_id, $this->getID()));
-
-				if (db_numrows($res_member) < 1) {
-					//
-					//	Create this user's row in the user_group table
-					//
-					$res = db_query_params('INSERT INTO user_group
-						(user_id,group_id,admin_flags,forum_flags,project_flags,
-						doc_flags,cvs_flags,member_role,release_flags,artifact_flags)
-						VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10)',
-						array($user_id,
-							$this->getID(),
-							'',
-							0,
-							0,
-							0,
-							1,
-							100,
-							0,
-							0));
-
-					//verify the insert worked
-					if (!$res || db_affected_rows($res) < 1) {
-						$this->setError(sprintf(_('ERROR: Could Not Add User To Group: %s'),db_error()));
-						db_rollback();
-						return false;
-					}
-					//
-					//	check and create if group doesn't exists
-					//
-					//echo "<h2>Group::addUser SYS->sysCheckCreateGroup(".$this->getID().")</h2>";
-					if (!$SYS->sysCheckCreateGroup($this->getID())){
-						$this->setError($SYS->getErrorMessage());
-						db_rollback();
-						return false;
-					}
-					//
-					//	check and create if user doesn't exists
-					//
-					//echo "<h2>Group::addUser SYS->sysCheckCreateUser($user_id)</h2>";
-					if (!$SYS->sysCheckCreateUser($user_id)) {
-						$this->setError($SYS->getErrorMessage());
-						db_rollback();
-						return false;
-					}
-					//
-					//	Role setup
-					//
-					//echo "<h2>Group::addUser role->setUser($user_id)</h2>";
-					if (!$role->setUser($user_id)) {
-						$this->setError('addUser::role::setUser'.$role->getErrorMessage());
-						db_rollback();
-						return false;
-					}
-				} else {
-					//
-					//  user was already a member
-					//  make sure they are set up
-					//
-					$user= user_get_object($user_id,$res_newuser);
-					$user->fetchData($user->getID());
-					$role = new Role($this,$role_id);
-					if (!$role || !is_object($role)) {
-						$this->setError(_('Error Getting Role Object'));
-						db_rollback();
-						return false;
-					} elseif ($role->isError()) {
-						$this->setError('addUser::roleget::'.$role->getErrorMessage());
-						db_rollback();
-						return false;
-					}
-					//echo "<h2>Already Member Group::addUser role->setUser($user_id)</h2>";
-					if (!$role->setUser($user_id)) {
-						$this->setError('addUser::role::setUser'.$role->getErrorMessage());
-						db_rollback();
-						return false;
-					}
-					//
-					//	set up their system info
-					//
-					//echo "<h2>Already Member Group::addUser SYS->sysCheckCreateUser($user_id)</h2>";
-					if (!$SYS->sysCheckCreateUser($user_id)) {
-						$this->setError($SYS->getErrorMessage());
-						db_rollback();
-						return false;
-					}
-				}
-			} // USE_PFO_RBAC
+			$role->addUser(user_get_object($user_id)) ;
+			if (!$SYS->sysCheckCreateGroup($this->getID())){
+				$this->setError($SYS->getErrorMessage());
+				db_rollback();
+				return false;
+			}
+			if (!$SYS->sysCheckCreateUser($user_id)) {
+				$this->setError($SYS->getErrorMessage());
+				db_rollback();
+				return false;
+			}
+			if (!$SYS->sysGroupCheckUser($this->getID(),$user_id)) {
+				$this->setError($SYS->getErrorMessage());
+				db_rollback();
+				return false;
+			}
 		} else {
 			//
 			//	user doesn't exist
@@ -2083,39 +1945,27 @@
 
 		db_begin();
 
-		if (USE_PFO_RBAC) {
-			$user = user_get_object($user_id);
-			$roles = RBACEngine::getInstance()->getAvailableRolesForUser($user);
-			$found_role = NULL;
-			foreach ($roles as $role) {
-				if ($role->getHomeProject() && $role->getHomeProject()->getID() == $this->getID()) {
-					$found_role = $role;
-					break;
-				}
+		$user = user_get_object($user_id);
+		$roles = RBACEngine::getInstance()->getAvailableRolesForUser($user);
+		$found_role = NULL;
+		foreach ($roles as $role) {
+			if ($role->getHomeProject() && $role->getHomeProject()->getID() == $this->getID()) {
+				$found_role = $role;
+				break;
 			}
-			if ($found_role == NULL) {
-				$this->setError(sprintf(_('ERROR: User not removed: %s')));
-				db_rollback();
-				return false;
-			}
-			$found_role->removeUser($user);
-			if (!$SYS->sysGroupCheckUser($this->getID(), $user_id)) {
-				$this->setError($SYS->getErrorMessage());
-				db_rollback();
-				return false;
-			}
-
-		} else {
-			$res = db_query_params('DELETE FROM user_group WHERE group_id=$1 AND user_id=$2',
-						array($this->getID(),
-						      $user_id));
-			if (!$res || db_affected_rows($res) < 1) {
-				$this->setError(_('ERROR: User not removed:').' '.db_error());
-				db_rollback();
-				return false;
-			}
 		}
-
+		if ($found_role == NULL) {
+			$this->setError(sprintf(_('ERROR: User not removed: %s')));
+			db_rollback();
+			return false;
+		}
+		$found_role->removeUser($user);
+		if (!$SYS->sysGroupCheckUser($this->getID(), $user_id)) {
+			$this->setError($SYS->getErrorMessage());
+			db_rollback();
+			return false;
+		}
+		
 		//
 		//	reassign open artifacts to id=100
 		//
@@ -2203,50 +2053,34 @@
 			return false;
 		}
 
-		if (USE_PFO_RBAC) {
-			$newrole = RBACEngine::getInstance()->getRoleById ($role_id) ;
-			if (!$newrole || !is_object($newrole)) {
-				$this->setError(_('Could Not Get Role'));
-				return false;
-			} elseif ($newrole->isError()) {
-				$this->setError(sprintf(_('Role: %s'),$role->getErrorMessage()));
-				return false;
-			} elseif ($newrole->getHomeProject() == NULL
-				  || $newrole->getHomeProject()->getID() != $this->getID()) {
-				$this->setError(_('Wrong destination role'));
-				return false;
-			}
-			$user = user_get_object ($user_id) ;
-			$roles = RBACEngine::getInstance()->getAvailableRolesForUser ($user) ;
-			$found_role = NULL ;
-			foreach ($roles as $role) {
-				if ($role->getHomeProject() && $role->getHomeProject()->getID() == $this->getID()) {
-					$found_role = $role ;
-					break ;
-				}
-			}
-			if ($found_role == NULL) {
-				$this->setError(sprintf(_('ERROR: User not removed: %s')));
-				db_rollback();
-				return false;
-			}
-			$found_role->removeUser ($user) ;
-			$newrole->addUser ($user) ;
-		} else {
-		$role = new Role($this,$role_id);
-		if (!$role || !is_object($role)) {
+		$newrole = RBACEngine::getInstance()->getRoleById ($role_id) ;
+		if (!$newrole || !is_object($newrole)) {
 			$this->setError(_('Could Not Get Role'));
 			return false;
-		} elseif ($role->isError()) {
+		} elseif ($newrole->isError()) {
 			$this->setError(sprintf(_('Role: %s'),$role->getErrorMessage()));
 			return false;
-		}
-//echo "<h3>Group::updateUser role->setUser($user_id)</h3>";
-		if (!$role->setUser($user_id)) {
-			$this->setError(sprintf(_('Role: %s'),$role->getErrorMessage()));
+		} elseif ($newrole->getHomeProject() == NULL
+			  || $newrole->getHomeProject()->getID() != $this->getID()) {
+			$this->setError(_('Wrong destination role'));
 			return false;
 		}
+		$user = user_get_object ($user_id) ;
+		$roles = RBACEngine::getInstance()->getAvailableRolesForUser ($user) ;
+		$found_role = NULL ;
+		foreach ($roles as $role) {
+			if ($role->getHomeProject() && $role->getHomeProject()->getID() == $this->getID()) {
+				$found_role = $role ;
+				break ;
+			}
 		}
+		if ($found_role == NULL) {
+			$this->setError(sprintf(_('ERROR: User not removed: %s')));
+			db_rollback();
+			return false;
+		}
+		$found_role->removeUser ($user) ;
+		$newrole->addUser ($user) ;
 
 		$this->addHistory('Updated User',$user_id);
 		return true;
@@ -2283,7 +2117,6 @@
 			Activate member(s) of the project
 		*/
 
-		if (USE_PFO_RBAC) {
 		$members = $this->getUsers (true) ;
 
 		foreach ($members as $member) {
@@ -2298,16 +2131,6 @@
 			}
 
 		}
-		} else {
-			$res_member = db_query_params('SELECT user_id,role_id FROM user_group WHERE group_id=$1',
-						       array ($this->getID()));
-			while ($row_member = db_fetch_array($res_member)) {
-				$u = user_get_object($row_member['user_id']);
-				if (!$this->addUser($u->getUnixName(),$row_member['role_id'])) {
-					return false;
-				}
-			}
-		}
 
 		return true;
 	}
@@ -2361,29 +2184,14 @@
 		setup_gettext_from_sys_lang();
 
 		// Create default roles
-		if (USE_PFO_RBAC) {
-			$idadmin_group = NULL;
-			foreach (get_group_join_requests ($this) as $gjr) {
-				$idadmin_group = $gjr->getUserID();
-				break ;
-			}
-			if ($idadmin_group == NULL) {
-				$idadmin_group = $user->getID();
-			}
-		} else {
-			$admin_group = db_query_params('SELECT user_id FROM user_group WHERE group_id=$1 AND admin_flags=$2',
-							array($this->getID(),
-							       'A'));
-			if (db_numrows($admin_group) > 0) {
-				$idadmin_group = db_result($admin_group,0,'user_id');
-			} else {
-				$idadmin_group = $user->getID();
-				db_query_params('INSERT INTO user_group (user_id, group_id, admin_flags) VALUES ($1, $2, $3)',
-						 array($idadmin_group,
-							$this->getID(),
-							'A')) ;
-			}
+		$idadmin_group = NULL;
+		foreach (get_group_join_requests ($this) as $gjr) {
+			$idadmin_group = $gjr->getUserID();
+			break ;
 		}
+		if ($idadmin_group == NULL) {
+			$idadmin_group = $user->getID();
+		}
 
 		$template = $this->getTemplateProject();
 		$id_mappings = array();
@@ -2414,12 +2222,10 @@
 			$role_id = $role->create ('Admin', $adminperms, true) ;
 		}
 
-		if (USE_PFO_RBAC) {
-			$roles = $this->getRoles() ;
-			foreach ($roles as $r) {
-				if ($r->getSetting ('project_admin', $this->getID())) {
-					$r->addUser(user_get_object ($idadmin_group));
-				}
+		$roles = $this->getRoles() ;
+		foreach ($roles as $r) {
+			if ($r->getSetting ('project_admin', $this->getID())) {
+				$r->addUser(user_get_object ($idadmin_group));
 			}
 		}
 
@@ -2664,16 +2470,8 @@
 	 */
 	function sendRejectionEmail($response_id, $message="zxcv") {
 		$submitters = array () ;
-		if (USE_PFO_RBAC) {
-			foreach (get_group_join_requests ($this) as $gjr) {
-				$submitters[] = user_get_object($gjr->getUserID());
-			}
-		} else {
-			$res = db_query_params("SELECT u.user_id FROM users u, user_group ug WHERE ug.group_id=$1 AND u.user_id=ug.user_id",
-					       $this->getID());
-			while ($arr = db_fetch_array($res)) {
-				$submitter[] = user_get_object($arr['user_id']);
-			}
+		foreach (get_group_join_requests ($this) as $gjr) {
+			$submitters[] = user_get_object($gjr->getUserID());
 		}
 
 		if (count ($submitters) < 1) {
@@ -2723,16 +2521,8 @@
 	function sendNewProjectNotificationEmail() {
 		// Get the user who wants to register the project
 		$submitters = array();
-		if (USE_PFO_RBAC) {
-			foreach (get_group_join_requests ($this) as $gjr) {
-				$submitters[] = user_get_object($gjr->getUserID());
-			}
-		} else {
-			$res = db_query_params("SELECT u.user_id FROM users u, user_group ug WHERE ug.group_id=$1 AND u.user_id=ug.user_id",
-					       $this->getID());
-			while ($arr = db_fetch_array ($res)) {
-				$submitter[] = user_get_object($arr['user_id']);
-			}
+		foreach (get_group_join_requests ($this) as $gjr) {
+			$submitters[] = user_get_object($gjr->getUserID());
 		}
 		if (count ($submitters) < 1) {
 			$this->setError(_("Could not find user who has submitted the project."));
@@ -2828,24 +2618,16 @@
 	function getRolesId() {
 		$role_ids = array();
 
-		if (USE_PFO_RBAC) {
-			$res = db_query_params('SELECT role_id FROM pfo_role WHERE home_group_id=$1',
-						array($this->getID()));
-			while ($arr = db_fetch_array($res)) {
-				$role_ids[] = $arr['role_id'];
-			}
-			$res = db_query_params('SELECT role_id FROM role_project_refs WHERE group_id=$1',
-						array($this->getID()));
-			while ($arr = db_fetch_array($res)) {
-				$role_ids[] = $arr['role_id'];
-			}
-		} else {
-			$res = db_query_params('SELECT role_id FROM role WHERE group_id=$1',
-							    array($this->getID()));
-			while ($arr = db_fetch_array($res)) {
-				$role_ids[] = $arr['role_id'];
-			}
+		$res = db_query_params('SELECT role_id FROM pfo_role WHERE home_group_id=$1',
+				       array($this->getID()));
+		while ($arr = db_fetch_array($res)) {
+			$role_ids[] = $arr['role_id'];
 		}
+		$res = db_query_params('SELECT role_id FROM role_project_refs WHERE group_id=$1',
+				       array($this->getID()));
+		while ($arr = db_fetch_array($res)) {
+			$role_ids[] = $arr['role_id'];
+		}
 
 		return array_unique($role_ids);
 	}
@@ -2859,15 +2641,9 @@
 		$result = array();
 
 		$roles = $this->getRolesId();
-		if (USE_PFO_RBAC) {
-			$engine = RBACEngine::getInstance();
-			foreach ($roles as $role_id) {
-				$result[] = $engine->getRoleById ($role_id);
-			}
-		} else {
-			foreach ($roles as $role_id) {
-				$result[] = new Role ($this, $role_id);
-			}
+		$engine = RBACEngine::getInstance();
+		foreach ($roles as $role_id) {
+			$result[] = $engine->getRoleById ($role_id);
 		}
 
 		return $result;
@@ -2944,38 +2720,22 @@
 		if (!isset($this->membersArr)) {
 			$this->membersArr = array () ;
 
-			if (USE_PFO_RBAC) {
-				$ids = array () ;
-				foreach ($this->getRoles() as $role) {
-					if ($onlylocal
-					    && ($role->getHomeProject() == NULL || $role->getHomeProject()->getID() != $this->getID())) {
-						continue ;
-					}
-					foreach ($role->getUsers() as $user) {
-						$ids[] = $user->getID() ;
-					}
+			$ids = array () ;
+			foreach ($this->getRoles() as $role) {
+				if ($onlylocal
+				    && ($role->getHomeProject() == NULL || $role->getHomeProject()->getID() != $this->getID())) {
+					continue ;
 				}
-				$ids = array_unique ($ids) ;
-				foreach ($ids as $id) {
-					$u = user_get_object ($id) ;
-					if ($u->isActive()) {
-						$this->membersArr[] = $u ;
-					}
+				foreach ($role->getUsers() as $user) {
+					$ids[] = $user->getID() ;
 				}
-			} else {
-
-				$users_group_res = db_query_params ('SELECT u.user_id FROM users u, user_group ug WHERE ug.group_id=$1 AND ug.user_id=u.user_id AND u.status=$2',
-								    array ($this->getID(),
-									   'A'));
-				if (!$users_group_res) {
-					$this->setError(_('Error: Enable to get users from group'). ' ' . $this->getID() . ' ' .db_error());
-					return false;
+			}
+			$ids = array_unique ($ids) ;
+			foreach ($ids as $id) {
+				$u = user_get_object ($id) ;
+				if ($u->isActive()) {
+					$this->membersArr[] = $u ;
 				}
-
-				for ($i=0; $i<db_numrows($users_group_res); $i++) {
-					$this->membersArr[$i] = new GFUser(db_result($users_group_res,$i,'user_id'),false);
-				}
-
 			}
 		}
 		return $this->membersArr;

Modified: trunk/src/common/include/RBAC.php
===================================================================
--- trunk/src/common/include/RBAC.php	2011-08-01 11:46:45 UTC (rev 14021)
+++ trunk/src/common/include/RBAC.php	2011-08-01 13:16:12 UTC (rev 14022)
@@ -24,12 +24,7 @@
 
 require "PFO-RBAC.interface.php";
 
-// TODO : remove this which is security issue ?
-if (true || file_exists ('/tmp/fusionforge-use-pfo-rbac')) {
-	define ('USE_PFO_RBAC', true);
-} else {
-	define ('USE_PFO_RBAC', false);
-}
+define ('USE_PFO_RBAC', true);
 
 // Code shared between classes
 
@@ -58,191 +53,99 @@
 	// var $setting_array;
 
 	public function BaseRole() {
-		if (USE_PFO_RBAC) {
-			// TODO: document these tables
-			// $gfcommon.'include/rbac_texts.php' may provide some hints...
-			$this->role_values = array(
-				'forge_admin' => array(0, 1),
-				'approve_projects' => array(0, 1),
-				'approve_news' => array(0, 1),
-				'forge_stats' => array(0, 1, 2),
+		// TODO: document these tables
+		// $gfcommon.'include/rbac_texts.php' may provide some hints...
+		$this->role_values = array(
+			'forge_admin' => array(0, 1),
+			'approve_projects' => array(0, 1),
+			'approve_news' => array(0, 1),
+			'forge_stats' => array(0, 1, 2),
 
-				'project_read' => array(0, 1),
-				'project_admin' => array(0, 1),
+			'project_read' => array(0, 1),
+			'project_admin' => array(0, 1),
 
-				'tracker_admin' => array(0, 1),
-				'pm_admin' => array(0, 1),
-				'forum_admin' => array(0, 1),
+			'tracker_admin' => array(0, 1),
+			'pm_admin' => array(0, 1),
+			'forum_admin' => array(0, 1),
 
-				'tracker' => array(0, 1, 3, 5, 7),
-				'pm' => array(0, 1, 3, 5, 7),
-				'forum' => array(0, 1, 2, 3, 4),
+			'tracker' => array(0, 1, 3, 5, 7),
+			'pm' => array(0, 1, 3, 5, 7),
+			'forum' => array(0, 1, 2, 3, 4),
 
-				'new_tracker' => array(0, 1, 3, 5, 7),
-				'new_pm' => array(0, 1, 3, 5, 7),
-				'new_forum' => array(0, 1, 2, 3, 4),
+			'new_tracker' => array(0, 1, 3, 5, 7),
+			'new_pm' => array(0, 1, 3, 5, 7),
+			'new_forum' => array(0, 1, 2, 3, 4),
 
-				'scm' => array (0, 1, 2),
-				'docman' => array (0, 1, 2, 3, 4),
-				'frs' => array (0, 1, 2, 3),
+			'scm' => array (0, 1, 2),
+			'docman' => array (0, 1, 2, 3, 4),
+			'frs' => array (0, 1, 2, 3),
 
-				'webcal' => array(0, 1, 2),
-				);
+			'webcal' => array(0, 1, 2),
+			);
 
-			// Global permissions
-			$this->global_settings = array(
-				'forge_admin', // “God mode”: all actions allowed
-				'approve_projects', // Ability to approve pending projects
-				'approve_news', // Ability to approve news bits to the forge front page
-				'forge_stats'
-				);
+		// Global permissions
+		$this->global_settings = array(
+			'forge_admin', // “God mode”: all actions allowed
+			'approve_projects', // Ability to approve pending projects
+			'approve_news', // Ability to approve news bits to the forge front page
+			'forge_stats'
+			);
 
-			// TODO: document these	(Project-related permissions ?)
-			$this->defaults = array(
-				'Admin' => array(            'project_admin'=> 1,
-							     'project_read' => 1,
-							     'frs' => 2,
-							     'scm' => 2,
-							     'docman' => 3,
-							     'forum_admin' => 1,
-							     'new_forum' => 3,
-							     'tracker_admin' => 1,
-							     'new_tracker' => 7,
-							     'pm_admin' => 1,
-							     'new_pm' => 7,
-							     'webcal' => 2,
-					),
-				'Senior Developer' => array( 'project_read' => 1,
-							     'frs' => 2,
-							     'scm' => 2,
-							     'docman' => 3,
-							     'forum_admin' => 1,
-							     'new_forum' => 3,
-							     'tracker_admin' => 1,
-							     'new_tracker' => 7,
-							     'pm_admin' => 1,
-							     'new_pm' => 7,
-							     'webcal' => 2,
-					),
-				'Junior Developer' => array( 'project_read' => 1,
-							     'frs' => 2,
-							     'scm' => 2,
-							     'docman' => 2,
-							     'new_forum' => 3,
-							     'new_tracker' => 3,
-							     'new_pm' => 3,
-							     'webcal' => 2,
-					),
-				'Doc Writer' => array(       'project_read' => 1,
-							     'frs' => 2,
-						       	     'docman' => 4,
-						       	     'new_forum' => 3,
-						       	     'new_tracker' => 1,
-						       	     'new_pm' => 1,
-						       	     'webcal' => 2,
-					),
-				'Support Tech' => array(     'project_read' => 1,
-							     'frs' => 2,
-							     'docman' => 1,
-							     'new_forum' => 3,
-							     'tracker_admin' => 1,
-							     'new_tracker' => 3,
-							     'pm_admin' => 1,
-							     'new_pm' => 7,
-							     'webcal' => 2,
-					),
-				);
-		} else {
-			$this->role_values = array(
-				'projectadmin'	=> array ('0','A'),
-				'frs'		=> array ('0','1'),
-				'scm'		=> array ('-1','0','1'),
-				'docman'	=> array ('0','1'),
-				'forumadmin'	=> array ('0','2'),
-				'forum'		=> array ('-1','0','1','2'),
-				'newforum'	=> array ('-1','0','1','2'),
-				'trackeradmin'	=> array ('0','2'),
-				'tracker'	=> array ('-1','0','1','2','3'),
-				'newtracker'	=> array ('-1','0','1','2','3'),
-				'pmadmin'	=> array ('0','2'),
-				'pm'		=> array ('-1','0','1','2','3'),
-				'newpm'		=> array ('-1','0','1','2','3'),
-				'webcal'	=> array ('0','1','2'));
-
-			$this->defaults = array(
-				'Admin'		  => array( 'projectadmin'=>'A',
-							    'frs'=>'1',
-							    'scm'=>'1',
-							    'docman'=>'1',
-							    'forumadmin'=>'2',
-							    'forum'=>'2',
-							    'newforum'=>'2',
-							    'trackeradmin'=>'2',
-							    'tracker'=>'2',
-							    'newtracker'=>'2',
-							    'pmadmin'=>'2',
-							    'pm'=>'2',
-							    'newpm'=>'2',
-							    'webcal'=>'1' ),
-				'Senior Developer'=> array( 'projectadmin'=>'0',
-							    'frs'=>'1',
-							    'scm'=>'1',
-							    'docman'=>'1',
-							    'forumadmin'=>'2',
-							    'forum'=>'2',
-							    'newforum'=>'2',
-							    'trackeradmin'=>'2',
-							    'tracker'=>'2',
-							    'newtracker'=>'2',
-							    'pmadmin'=>'2',
-							    'pm'=>'2',
-							    'newpm'=>'2',
-							    'webcal'=>'2' ),
-				'Junior Developer'=> array( 'projectadmin'=>'0',
-							    'frs'=>'0',
-							    'scm'=>'1',
-							    'docman'=>'0',
-							    'forumadmin'=>'0',
-							    'forum'=>'1',
-							    'newforum'=>'1',
-							    'trackeradmin'=>'0',
-							    'tracker'=>'1',
-							    'newtracker'=>'1',
-							    'pmadmin'=>'0',
-							    'pm'=>'1',
-							    'newpm'=>'1',
-							    'webcal'=>'2' ),
-				'Doc Writer'	  => array( 'projectadmin'=>'0',
-							    'frs'=>'0',
-							    'scm'=>'0',
-							    'docman'=>'1',
-							    'forumadmin'=>'0',
-							    'forum'=>'1',
-							    'newforum'=>'1',
-							    'trackeradmin'=>'0',
-							    'tracker'=>'0',
-							    'newtracker'=>'0',
-							    'pmadmin'=>'0',
-							    'pm'=>'0' ,
-							    'newpm'=>'0' ,
-							    'webcal'=>'2'),
-				'Support Tech'	  => array( 'projectadmin'=>'0',
-							    'frs'=>'0',
-							    'scm'=>'0',
-							    'docman'=>'1',
-							    'forumadmin'=>'0',
-							    'forum'=>'1',
-							    'newforum'=>'1',
-							    'trackeradmin'=>'0',
-							    'tracker'=>'2',
-							    'newtracker'=>'2',
-							    'pmadmin'=>'0',
-							    'pm'=>'0' ,
-							    'newpm'=>'0' ,
-							    'webcal'=>'2')
-				);
-
-		}
+		// TODO: document these	(Project-related permissions ?)
+		$this->defaults = array(
+			'Admin' => array(            'project_admin'=> 1,
+						     'project_read' => 1,
+						     'frs' => 2,
+						     'scm' => 2,
+						     'docman' => 3,
+						     'forum_admin' => 1,
+						     'new_forum' => 3,
+						     'tracker_admin' => 1,
+						     'new_tracker' => 7,
+						     'pm_admin' => 1,
+						     'new_pm' => 7,
+						     'webcal' => 2,
+				),
+			'Senior Developer' => array( 'project_read' => 1,
+						     'frs' => 2,
+						     'scm' => 2,
+						     'docman' => 3,
+						     'forum_admin' => 1,
+						     'new_forum' => 3,
+						     'tracker_admin' => 1,
+						     'new_tracker' => 7,
+						     'pm_admin' => 1,
+						     'new_pm' => 7,
+						     'webcal' => 2,
+				),
+			'Junior Developer' => array( 'project_read' => 1,
+						     'frs' => 2,
+						     'scm' => 2,
+						     'docman' => 2,
+						     'new_forum' => 3,
+						     'new_tracker' => 3,
+						     'new_pm' => 3,
+						     'webcal' => 2,
+				),
+			'Doc Writer' => array(       'project_read' => 1,
+						     'frs' => 2,
+						     'docman' => 4,
+						     'new_forum' => 3,
+						     'new_tracker' => 1,
+						     'new_pm' => 1,
+						     'webcal' => 2,
+				),
+			'Support Tech' => array(     'project_read' => 1,
+						     'frs' => 2,
+						     'docman' => 1,
+						     'new_forum' => 3,
+						     'tracker_admin' => 1,
+						     'new_tracker' => 3,
+						     'pm_admin' => 1,
+						     'new_pm' => 7,
+						     'webcal' => 2,
+				),
+			);
 	}
 
 	public function getUsers() {
@@ -347,183 +250,29 @@
 		unset($this->setting_array);
 		unset($this->perms_array);
 
-		if (USE_PFO_RBAC) {
-			$res = db_query_params('SELECT * FROM pfo_role WHERE role_id=$1',
-						array ($role_id)) ;
-			if (!$res || db_numrows($res) < 1) {
-				$this->setError('BaseRole::fetchData()::'.db_error());
-				return false;
-			}
-			$this->data_array = db_fetch_array($res);
-			if ($this->data_array['is_public'] == 't') {
-				$this->data_array['is_public'] = true;
-			} else {
-				$this->data_array['is_public'] = false;
-			}
-			$res = db_query_params('SELECT section_name, ref_id, perm_val FROM pfo_role_setting WHERE role_id=$1',
-						array($role_id));
-			if (!$res) {
-				$this->setError('BaseRole::fetchData()::'.db_error());
-				return false;
-			}
-			// TODO: document perms_array
-			$this->perms_array=array();
-			while ($arr = db_fetch_array($res)) {
-				$this->perms_array[$arr['section_name']][$arr['ref_id']] = $arr['perm_val'];
-			}
+		$res = db_query_params('SELECT * FROM pfo_role WHERE role_id=$1',
+				       array ($role_id)) ;
+		if (!$res || db_numrows($res) < 1) {
+			$this->setError('BaseRole::fetchData()::'.db_error());
+			return false;
+		}
+		$this->data_array = db_fetch_array($res);
+		if ($this->data_array['is_public'] == 't') {
+			$this->data_array['is_public'] = true;
 		} else {
-			if ($this instanceof RoleAnonymous) {
-				$res = db_query_params ('SELECT group_id, enable_anonscm FROM groups WHERE is_public=1',
-							array ()) ;
-				while ($arr = db_fetch_array($res)) {
-					$this->perms_array['project_read'][$arr['group_id']] = 1 ;
-					$this->perms_array['frs'][$arr['group_id']] = 1 ;
-					$this->perms_array['scm'][$arr['group_id']] = $arr['enable_anonscm'] ;
-				}
-
-				$res = db_query_params ('SELECT t.group_artifact_id FROM artifact_group_list t, groups g WHERE t.is_public=1 AND t.allow_anon=1 AND g.is_public=1 AND t.group_id = g.group_id',
-							array ()) ;
-				while ($arr = db_fetch_array($res)) {
-					$this->perms_array['tracker'][$arr['group_artifact_id']] = 1 ;
-				}
-
-				$res = db_query_params ('SELECT p.group_project_id FROM project_group_list p, groups g WHERE p.is_public=1 AND g.is_public=1 AND p.group_id = g.group_id',
-							array ()) ;
-				while ($arr = db_fetch_array($res)) {
-					$this->perms_array['pm'][$arr['group_project_id']] = 1 ;
-				}
-
-				$res = db_query_params ('SELECT f.group_forum_id, f.allow_anonymous, f.moderation_level FROM forum_group_list f, groups g WHERE f.is_public=1 AND g.is_public=1 AND f.group_id = g.group_id',
-							array ()) ;
-				while ($arr = db_fetch_array($res)) {
-					if ($arr['allow_anonymous'] == 1) {
-						if ($arr['moderation_level'] == 0) {
-							$this->perms_array['forum'][$arr['group_forum_id']] = 3 ;
-						} else {
-							$this->perms_array['forum'][$arr['group_forum_id']] = 2 ;
-						}
-					} else {
-						$this->perms_array['forum'][$arr['group_forum_id']] = 1 ;
-					}
-				}
-			} elseif ($this instanceof RoleLoggedIn) {
-				$res = db_query_params ('SELECT group_id, enable_anonscm FROM groups WHERE is_public=1',
-							array ()) ;
-				while ($arr = db_fetch_array($res)) {
-					$this->perms_array['project_read'][$arr['group_id']] = 1 ;
-					$this->perms_array['frs'][$arr['group_id']] = 1 ;
-					$this->perms_array['scm'][$arr['group_id']] = $arr['enable_anonscm'] ;
-				}
-
-				$res = db_query_params ('SELECT t.group_artifact_id FROM artifact_group_list t, groups g WHERE t.is_public=1 AND g.is_public=1 AND t.group_id = g.group_id',
-							array ()) ;
-				while ($arr = db_fetch_array($res)) {
-					$this->perms_array['tracker'][$arr['group_artifact_id']] = 1 ;
-				}
-
-				$res = db_query_params ('SELECT p.group_project_id FROM project_group_list p, groups g WHERE p.is_public=1 AND g.is_public=1 AND p.group_id = g.group_id',
-							array ()) ;
-				while ($arr = db_fetch_array($res)) {
-					$this->perms_array['pm'][$arr['group_project_id']] = 1 ;
-				}
-
-				$res = db_query_params ('SELECT f.group_forum_id, f.moderation_level FROM forum_group_list f, groups g WHERE f.is_public=1 AND g.is_public=1 AND f.group_id = g.group_id',
-							array ()) ;
-				while ($arr = db_fetch_array($res)) {
-					if ($arr['moderation_level'] == 0) {
-						$this->perms_array['forum'][$arr['group_forum_id']] = 3 ;
-					} else {
-						$this->perms_array['forum'][$arr['group_forum_id']] = 2 ;
-					}
-				}
-			} else {
-			$res = db_query_params ('SELECT * FROM role WHERE role_id=$1',
-						array ($role_id)) ;
-			if (!$res || db_numrows($res) < 1) {
-				$this->setError('BaseRole::fetchData()::'.db_error());
-				return false;
-			}
-			$this->data_array = db_fetch_array($res);
-
-			// Load pre-PFO RBAC settings...
-			$res = db_query_params ('SELECT * FROM role_setting WHERE role_id=$1',
-						array ($role_id)) ;
-			if (!$res) {
-				$this->setError('BaseRole::fetchData()::'.db_error());
-				return false;
-			}
-			$this->setting_array=array();
-			while ($arr = db_fetch_array($res)) {
-				$this->setting_array[$arr['section_name']][$arr['ref_id']] = $arr['value'];
-			}
-
-			// ...and map section names and values to the new values
-
-			if ($this->data_array['group_id'] == forge_get_config ('stats_group')) {
-				$this->perms_array['forge_stats'][-1] = 2 ;
-			}
-
-			$this->perms_array=array();
-			$tohandle = array () ;
-			$gid = $this->data_array['group_id'] ;
-        		if ($gid == 1 && count ($this->setting_array) == 0) {
-				$tohandle[] = array ('forge_admin', -1) ;
-			}
-			foreach ($this->setting_array as $oldsection => $t) {
-				switch ($oldsection) {
-				case 'projectadmin':
-					$tohandle[] = array ('project_admin', $gid) ;
-					if ($this->data_array['group_id'] == 1 && $t[0] == 'A') {
-						$tohandle[] = array ('forge_admin', -1) ;
-					}
-					if ($this->data_array['group_id'] == forge_get_config ('news_group') && $t[0] == 'A') {
-						$tohandle[] = array ('approve_news', -1) ;
-					}
-					if ($this->data_array['group_id'] == forge_get_config ('stats_group') && $t[0] == 'A') {
-						$tohandle[] = array ('forge_stats', -1) ;
-					}
-					break ;
-				case 'trackeradmin':
-					$tohandle[] = array ('tracker_admin', $gid) ;
-					break ;
-				case 'pmadmin':
-					$tohandle[] = array ('pm_admin', $gid) ;
-					break ;
-				case 'forumadmin':
-					$tohandle[] = array ('forum_admin', $gid) ;
-					break ;
-
-				case 'newtracker':
-					$tohandle[] = array ('new_tracker', $gid) ;
-					break ;
-				case 'newpm':
-					$tohandle[] = array ('new_pm', $gid) ;
-					break ;
-				case 'newforum':
-					$tohandle[] = array ('new_forum', $gid) ;
-					break ;
-
-				default:
-					foreach ($t as $oldreference => $oldvalue) {
-						$tohandle[] = array ($oldsection, $oldreference) ;
-						break ;
-					}
-				}
-			}
-
-			foreach ($tohandle as $t) {
-				$nsec = $t[0] ;
-				$nref = $t[1] ;
-
-				$res = db_query_params ('SELECT pfo_rbac_permissions_from_old($1,$2,$3)',
-							array ($role_id, $nsec, $nref)) ;
-				if ($res) {
-					$arr = db_fetch_array($res) ;
-					$this->perms_array[$nsec][$nref] = $arr[0] ;
-				}
-			}
-			} // Explicit role (not Anonymous or LoggedIn)
+			$this->data_array['is_public'] = false;
 		}
+		$res = db_query_params('SELECT section_name, ref_id, perm_val FROM pfo_role_setting WHERE role_id=$1',
+				       array($role_id));
+		if (!$res) {
+			$this->setError('BaseRole::fetchData()::'.db_error());
+			return false;
+		}
+		// TODO: document perms_array
+		$this->perms_array=array();
+		while ($arr = db_fetch_array($res)) {
+			$this->perms_array[$arr['section_name']][$arr['ref_id']] = $arr['perm_val'];
+		}
 
 		return true;
 	}
@@ -547,16 +296,9 @@
 		$result = array () ;
 		$group_id = $project->getID() ;
 
-		if (USE_PFO_RBAC) {
-			$sections = array ('project_read', 'project_admin', 'frs', 'scm', 'docman', 'tracker_admin', 'new_tracker', 'forum_admin', 'new_forum', 'pm_admin', 'new_pm') ;
-			foreach ($sections as $section) {
-				$result[$section][$group_id] = $this->getVal ($section, $group_id) ;
-			}
-		} else {
-			$sections = array ('projectadmin', 'frs', 'scm', 'docman', 'trackeradmin', 'newtracker', 'forumadmin', 'newforum', 'pmadmin', 'newpm', 'webcal') ;
-			foreach ($sections as $section) {
-				$result[$section][0] = $this->getVal ($section, 0) ;
-			}
+		$sections = array ('project_read', 'project_admin', 'frs', 'scm', 'docman', 'tracker_admin', 'new_tracker', 'forum_admin', 'new_forum', 'pm_admin', 'new_pm') ;
+		foreach ($sections as $section) {
+			$result[$section][$group_id] = $this->getVal ($section, $group_id) ;
 		}
 
 		$atf = new ArtifactTypeFactory ($project) ;
@@ -581,19 +323,17 @@
 		$sections[] = 'pm' ;
 
 
-		if (USE_PFO_RBAC) {
-			// Add settings not yet listed so far (probably plugins)
-			// Currently handled:
-			// - global settings (ignored here)
-			// - project-wide settings (core and plugins)
-			// - settings for multiple-instance tools coming from the core (trackers/pm/forums)
-			// TODO:
-			// - settings for multiple-instance tools from plugins
-			foreach (array_keys ($this->perms_array) as $section) {
-				if (!in_array ($section, $sections)) {
-					if (!in_array ($section, $this->global_settings)) {
-						$result[$section][$group_id] = $this->getVal ($section, $group_id) ;
-					}
+		// Add settings not yet listed so far (probably plugins)
+		// Currently handled:
+		// - global settings (ignored here)
+		// - project-wide settings (core and plugins)
+		// - settings for multiple-instance tools coming from the core (trackers/pm/forums)
+		// TODO:
+		// - settings for multiple-instance tools from plugins
+		foreach (array_keys ($this->perms_array) as $section) {
+			if (!in_array ($section, $sections)) {
+				if (!in_array ($section, $this->global_settings)) {
+					$result[$section][$group_id] = $this->getVal ($section, $group_id) ;
 				}
 			}
 		}
@@ -761,15 +501,7 @@
 		if (!$ref_id) {
 			$ref_id=0;
 		}
-		if (USE_PFO_RBAC) {
-			return $this->getSetting($section, $ref_id) ;
-		} else {
-			if (array_key_exists($section, $this->setting_array)) {
-				return $this->setting_array[$section][$ref_id];
-			} else {
-				return 0 ;
-			}
-		}
+		return $this->getSetting($section, $ref_id) ;
 	}
 
 	/**
@@ -939,231 +671,40 @@
 	 */
 	function update($role_name,$data,$check_perms=true) {
 		global $SYS;
-		if (USE_PFO_RBAC) {
-			if ($check_perms) {
-				if ($this->getHomeProject() == NULL) {
-					if (!forge_check_global_perm ('forge_admin')) {
-						$this->setPermissionDeniedError();
-						return false;
-					}
-				} elseif (!forge_check_perm ('project_admin', $this->getHomeProject()->getID())) {
+		if ($check_perms) {
+			if ($this->getHomeProject() == NULL) {
+				if (!forge_check_global_perm ('forge_admin')) {
 					$this->setPermissionDeniedError();
 					return false;
 				}
-			}
-		} else {
-			$perm =& $this->Group->getPermission ();
-			if (!$perm || !is_object($perm) || $perm->isError() || !$perm->isAdmin()) {
+			} elseif (!forge_check_perm ('project_admin', $this->getHomeProject()->getID())) {
 				$this->setPermissionDeniedError();
 				return false;
 			}
-			//
-			//	Cannot update role_id=1
-			//
-			if ($this->getID() == 1) {
-				$this->setError('Cannot Update Default Role');
-				return false;
-			}
 		}
 
 		db_begin();
 
 
-		if (USE_PFO_RBAC) {
-			if ($role_name != $this->getName()) {
-				$this->setName($role_name) ;
+		if ($role_name != $this->getName()) {
+			$this->setName($role_name) ;
+		}
+		
+		foreach ($data as $sect => $refs) {
+			foreach ($refs as $refid => $value) {
+				$this->setSetting ($sect, $refid, $value) ;
 			}
-
-			foreach ($data as $sect => $refs) {
-				foreach ($refs as $refid => $value) {
-					$this->setSetting ($sect, $refid, $value) ;
-				}
-				if ($sect == 'scm') {
-					foreach ($this->getUsers() as $u) {
-						if (!$SYS->sysGroupCheckUser($refid,$u->getID())) {
-							$this->setError($SYS->getErrorMessage());
-							db_rollback();
-							return false;
-						}
+			if ($sect == 'scm') {
+				foreach ($this->getUsers() as $u) {
+					if (!$SYS->sysGroupCheckUser($refid,$u->getID())) {
+						$this->setError($SYS->getErrorMessage());
+						db_rollback();
+						return false;
 					}
 				}
 			}
-		} else {
-			if (! $this->setName($role_name)) {
-				db_rollback();
-				return false;
-			}
-
-		// Delete extra settings
-		db_query_params ('DELETE FROM role_setting WHERE role_id=$1 AND section_name <> ALL ($2)',
-				 array ($this->getID(),
-					db_string_array_to_any_clause (array_keys ($this->role_values)))) ;
-		db_query_params ('DELETE FROM role_setting WHERE role_id=$1 AND section_name = $2 AND ref_id <> ALL ($3)',
-				 array ($this->getID(),
-					'tracker',
-					db_int_array_to_any_clause (array_keys ($data['tracker'])))) ;
-		db_query_params ('DELETE FROM role_setting WHERE role_id=$1 AND section_name = $2 AND ref_id <> ALL ($3)',
-				 array ($this->getID(),
-					'forum',
-					db_int_array_to_any_clause (array_keys ($data['forum'])))) ;
-		db_query_params ('DELETE FROM role_setting WHERE role_id=$1 AND section_name = $2 AND ref_id <> ALL ($3)',
-				 array ($this->getID(),
-					'pm',
-					db_int_array_to_any_clause (array_keys ($data['pm'])))) ;
-
-
-
-
-
-
-
-
-
-
-////$data['section_name']['ref_id']=$val
-		$arr1 = array_keys($data);
-		for ($i=0; $i<count($arr1); $i++) {
-		//	array_values($Report->adjust_days)
-			$arr2 = array_keys($data[$arr1[$i]]);
-			for ($j=0; $j<count($arr2); $j++) {
-				$usection_name=$arr1[$i];
-				$uref_id=$arr2[$j];
-				$uvalue=$data[$usection_name][$uref_id];
-				if (!$uref_id) {
-					$uref_id=0;
-				}
-				if (!$uvalue) {
-					$uvalue=0;
-				}
-				//
-				//	See if this setting changed. If so, then update it
-				//
-//				if ($this->getVal($usection_name,$uref_id) != $uvalue) {
-					$res = db_query_params ('UPDATE role_setting SET value=$1 WHERE role_id=$2 AND section_name=$3 AND ref_id=$4',
-								array ($uvalue,
-								       $this->getID(),
-								       $usection_name,
-								       $uref_id)) ;
-					if (!$res || db_affected_rows($res) < 1) {
-						$res = db_query_params ('INSERT INTO role_setting (role_id, section_name, ref_id, value) VALUES ($1, $2, $3, $4)',
-									array ($this->getID(),
-									       $usection_name,
-									       $uref_id,
-									       $uvalue)) ;
-						if (!$res) {
-							$this->setError('update::rolesettinginsert::'.db_error());
-							db_rollback();
-							return false;
-						}
-					}
-					if ($usection_name == 'frs') {
-						$update_usergroup=true;
-					} elseif ($usection_name == 'scm') {
-						//$update_usergroup=true;
-
-						//iterate all users with this role
-						$res = db_query_params ('SELECT user_id	FROM user_group WHERE role_id=$1',
-									array ($this->getID())) ;
-						for ($z=0; $z<db_numrows($res); $z++) {
-
-							//TODO - Shell should be separate flag
-							//  If user acquired admin access to CVS,
-							//  one to be given normal shell on CVS machine,
-							//  else - restricted.
-							//
-							$cvs_flags=$data['scm'][0];
-							$res2 = db_query_params ('UPDATE user_group SET cvs_flags=$1 WHERE user_id=$2',
-										 array ($cvs_flags,
-											db_result($res,$z,'user_id')));
-							if (!$res2) {
-								$this->setError('update::scm::'.db_error());
-								db_rollback();
-								return false;
-							}
-							// I have doubt the following is usefull
-							// This is probably buggy if used
-							if ($cvs_flags>1) {
-								if (!$SYS->sysUserSetAttribute(db_result($res,$z,'user_id'),"debGforgeCvsShell","/bin/bash")) {
-									$this->setError($SYS->getErrorMessage());
-									db_rollback();
-									return false;
-								}
-							} else {
-								if (!$SYS->sysUserSetAttribute(db_result($res,$z,'user_id'),"debGforgeCvsShell","/bin/cvssh")) {
-									$this->setError($SYS->getErrorMessage());
-									db_rollback();
-									return false;
-								}
-							}
-
-							//
-							//  If user acquired at least commit access to CVS,
-							//  one to be promoted to CVS group, else, demoted.
-							//
-							if ($uvalue>0) {
-								if (!$SYS->sysGroupAddUser($this->Group->getID(),db_result($res,$z,'user_id'),1)) {
-									$this->setError($SYS->getErrorMessage());
-									db_rollback();
-									return false;
-								}
-							} else {
-								if (!$SYS->sysGroupRemoveUser($this->Group->getID(),db_result($res,$z,'user_id'),1)) {
-									$this->setError($SYS->getErrorMessage());
-									db_rollback();
-									return false;
-								}
-							}
-
-
-						}
-					} elseif ($usection_name == 'docman') {
-						$update_usergroup=true;
-					} elseif ($usection_name == 'forumadmin') {
-						$update_usergroup=true;
-					} elseif ($usection_name == 'trackeradmin') {
-						$update_usergroup=true;
-					} elseif ($usection_name == 'projectadmin') {
-						$update_usergroup=true;
-					} elseif ($usection_name == 'pmadmin') {
-						$update_usergroup=true;
-					}
-	//			}
-			}
 		}
-//		if ($update_usergroup) {
-			$keys = array ('forumadmin', 'pmadmin', 'trackeradmin', 'docman', 'scm', 'frs', 'projectadmin') ;
-			foreach ($keys as $k) {
-				if (!array_key_exists ($k, $data)) {
-					$data[$k] = array(0);
-				}
-			}
-			$res = db_query_params ('UPDATE user_group
-                               SET admin_flags=$1,
-   				   forum_flags=$2,
-   				   project_flags=$3,
-   				   doc_flags=$4,
-   				   cvs_flags=$5,
-   				   release_flags=$6,
-   				   artifact_flags=$7
-   				WHERE role_id=$8',
-   						array ($data['projectadmin'][0],
-						       $data['forumadmin'][0],
-						       $data['pmadmin'][0],
-						       $data['docman'][0],
-						       $data['scm'][0],
-						       $data['frs'][0],
-						       $data['trackeradmin'][0],
-						       $this->getID())) ;
-			if (!$res) {
-				$this->setError('::update::usergroup::'.db_error());
-				db_rollback();
-				return false;
-			}
 
-//		}
-
-		} // USE_PFO_RBAC
-
 		$hook_params = array ();
 		$hook_params['role'] =& $this;
 		$hook_params['role_id'] = $this->getID();
@@ -1251,24 +792,17 @@
 
 		// Add missing settings
 		// ...project-wide settings
-		if (USE_PFO_RBAC) {
-			$arr = array ('project_read', 'project_admin', 'frs', 'scm', 'docman', 'tracker_admin', 'new_tracker', 'forum_admin', 'new_forum', 'pm_admin', 'new_pm', 'webcal') ;
-			foreach ($projects as $p) {
-				foreach ($arr as $section) {
-					$this->normalizePermsForSection ($new_pa, $section, $p->getID()) ;
-				}
-			}
-			$this->normalizePermsForSection ($new_pa, 'forge_admin', -1) ;
-			$this->normalizePermsForSection ($new_pa, 'approve_projects', -1) ;
-			$this->normalizePermsForSection ($new_pa, 'approve_news', -1) ;
-			$this->normalizePermsForSection ($new_pa, 'forge_stats', -1) ;
-		} else {
-			$arr = array ('projectadmin', 'frs', 'scm', 'docman', 'forumadmin', 'trackeradmin', 'newtracker', 'pmadmin', 'newpm', 'webcal') ;
+		$arr = array ('project_read', 'project_admin', 'frs', 'scm', 'docman', 'tracker_admin', 'new_tracker', 'forum_admin', 'new_forum', 'pm_admin', 'new_pm', 'webcal') ;
+		foreach ($projects as $p) {
 			foreach ($arr as $section) {
-				$this->normalizeDataForSection ($new_sa, $section) ;
+				$this->normalizePermsForSection ($new_pa, $section, $p->getID()) ;
 			}
 		}
-
+		$this->normalizePermsForSection ($new_pa, 'forge_admin', -1) ;
+		$this->normalizePermsForSection ($new_pa, 'approve_projects', -1) ;
+		$this->normalizePermsForSection ($new_pa, 'approve_news', -1) ;
+		$this->normalizePermsForSection ($new_pa, 'forge_stats', -1) ;
+		
 		$hook_params = array ();
 		$hook_params['role'] =& $this;
 		$hook_params['new_sa'] =& $new_sa ;
@@ -1282,21 +816,12 @@
 			$atf = new ArtifactTypeFactory ($p) ;
 			$trackerids = $atf->getAllArtifactTypeIds () ;
 			foreach ($trackerids as $tid) {
-				if (USE_PFO_RBAC) {
-					if (array_key_exists ('tracker', $this->perms_array)
-					    && array_key_exists ($tid, $this->perms_array['tracker']) ) {
-						$new_pa['tracker'][$tid] = $this->perms_array['tracker'][$tid] ;
-					} elseif (array_key_exists ('new_tracker', $this->perms_array)
-					    && array_key_exists ($p->getID(), $this->perms_array['new_tracker']) ) {
-						$new_pa['tracker'][$tid] = $new_pa['new_tracker'][$p->getID()] ;
-					}
-				} else {
-					if (array_key_exists ('tracker', $this->setting_array)
-					    && array_key_exists ($tid, $this->setting_array['tracker']) ) {
-						$new_sa['tracker'][$tid] = $this->setting_array['tracker'][$tid] ;
-					} else {
-						$new_sa['tracker'][$tid] = $new_sa['newtracker'][0] ;
-					}
+				if (array_key_exists ('tracker', $this->perms_array)
+				    && array_key_exists ($tid, $this->perms_array['tracker']) ) {
+					$new_pa['tracker'][$tid] = $this->perms_array['tracker'][$tid] ;
+				} elseif (array_key_exists ('new_tracker', $this->perms_array)
+					  && array_key_exists ($p->getID(), $this->perms_array['new_tracker']) ) {
+					$new_pa['tracker'][$tid] = $new_pa['new_tracker'][$p->getID()] ;
 				}
 			}
 		}
@@ -1308,23 +833,13 @@
 			$ff = new ForumFactory ($p) ;
 			$fids = $ff->getAllForumIds () ;
 			foreach ($fids as $fid) {
-				if (USE_PFO_RBAC) {
-					if (array_key_exists ('forum', $this->perms_array)
-					    && array_key_exists ($fid, $this->perms_array['forum']) ) {
-						$new_pa['forum'][$fid] = $this->perms_array['forum'][$fid] ;
-					} elseif (array_key_exists ('new_forum', $this->perms_array)
-					    && array_key_exists ($p->getID(), $this->perms_array['new_forum']) ) {
-						$new_pa['forum'][$fid] = $new_pa['new_forum'][$p->getID()] ;
-					}
-				} else {
-					if (array_key_exists ('forum', $this->setting_array)
-					    && array_key_exists ($fid, $this->setting_array['forum']) ) {
-						$new_sa['forum'][$fid] = $this->setting_array['forum'][$fid] ;
-					} else {
-						$new_sa['forum'][$fid] = $new_sa['newforum'][0] ;
-					}
+				if (array_key_exists ('forum', $this->perms_array)
+				    && array_key_exists ($fid, $this->perms_array['forum']) ) {
+					$new_pa['forum'][$fid] = $this->perms_array['forum'][$fid] ;
+				} elseif (array_key_exists ('new_forum', $this->perms_array)
+					  && array_key_exists ($p->getID(), $this->perms_array['new_forum']) ) {
+					$new_pa['forum'][$fid] = $new_pa['new_forum'][$p->getID()] ;
 				}
-			}
 		}
 
 		// ...pm-related settings
@@ -1334,31 +849,18 @@
 			$pgf = new ProjectGroupFactory ($p) ;
 			$pgids = $pgf->getAllProjectGroupIds () ;
 			foreach ($pgids as $gid) {
-				if (USE_PFO_RBAC) {
-					if (array_key_exists ('pm', $this->perms_array)
-					    && array_key_exists ($gid, $this->perms_array['pm']) ) {
-						$new_pa['pm'][$gid] = $this->perms_array['pm'][$gid] ;
-					} elseif (array_key_exists ('new_pm', $this->perms_array)
-					    && array_key_exists ($p->getID(), $this->perms_array['new_pm']) ) {
-						$new_pa['pm'][$gid] = $new_pa['new_pm'][$p->getID()] ;
-					}
-				} else {
-					if (array_key_exists ('pm', $this->setting_array)
-					    && array_key_exists ($gid, $this->setting_array['pm']) ) {
-						$new_sa['pm'][$gid] = $this->setting_array['pm'][$gid] ;
-					} else {
-						$new_sa['pm'][$gid] = $new_sa['newpm'][0] ;
-					}
+				if (array_key_exists ('pm', $this->perms_array)
+				    && array_key_exists ($gid, $this->perms_array['pm']) ) {
+					$new_pa['pm'][$gid] = $this->perms_array['pm'][$gid] ;
+				} elseif (array_key_exists ('new_pm', $this->perms_array)
+					  && array_key_exists ($p->getID(), $this->perms_array['new_pm']) ) {
+					$new_pa['pm'][$gid] = $new_pa['new_pm'][$p->getID()] ;
 				}
 			}
 		}
 
 		// Save
-		if (USE_PFO_RBAC) {
-			$this->update ($this->getName(), $new_pa, false) ;
-		} else {
-			$this->update ($this->getName(), $new_sa) ;
-		}
+		$this->update ($this->getName(), $new_pa, false) ;
 		return true;
 	}
 }

Modified: trunk/src/common/include/RBACEngine.class.php
===================================================================
--- trunk/src/common/include/RBACEngine.class.php	2011-08-01 11:46:45 UTC (rev 14021)
+++ trunk/src/common/include/RBACEngine.class.php	2011-08-01 13:16:12 UTC (rev 14022)
@@ -59,17 +59,10 @@
 			$this->_cached_available_roles[] = RoleLoggedIn::getInstance() ;
 			$user = session_get_user() ;
 
-			if (USE_PFO_RBAC) {
-				$res = db_query_params ('SELECT role_id FROM pfo_user_role WHERE user_id=$1',
+			$res = db_query_params ('SELECT role_id FROM pfo_user_role WHERE user_id=$1',
 						array ($user->getID()));
-				while ($arr = db_fetch_array($res)) {
-					$this->_cached_available_roles[] = $this->getRoleById ($arr['role_id']) ;
-				}
-			} else {
-				$groups = $user->getGroups() ;
-				foreach ($groups as $g) {
-					$this->_cached_available_roles[] = $user->getRole($g) ;
-				}
+			while ($arr = db_fetch_array($res)) {
+				$this->_cached_available_roles[] = $this->getRoleById ($arr['role_id']) ;
 			}
 		}
 
@@ -121,12 +114,10 @@
 
 		$this->_cached_global_roles = array () ;
 
-		if (USE_PFO_RBAC) {
-			$res = db_query_params ('SELECT role_id FROM pfo_role WHERE home_group_id IS NULL',
-						array ());
-			while ($arr = db_fetch_array($res)) {
-				$this->_cached_global_roles[] = $this->getRoleById ($arr['role_id']) ;
-			}
+		$res = db_query_params ('SELECT role_id FROM pfo_role WHERE home_group_id IS NULL',
+					array ());
+		while ($arr = db_fetch_array($res)) {
+			$this->_cached_global_roles[] = $this->getRoleById ($arr['role_id']) ;
 		}
 
 		return $this->_cached_global_roles ;
@@ -139,12 +130,10 @@
 
 		$this->_cached_public_roles = array () ;
 
-		if (USE_PFO_RBAC) {
-			$res = db_query_params ('SELECT role_id FROM pfo_role WHERE is_public=$1',
-						array ('true'));
-			while ($arr = db_fetch_array($res)) {
-				$this->_cached_public_roles[] = $this->getRoleById ($arr['role_id']) ;
-			}
+		$res = db_query_params ('SELECT role_id FROM pfo_role WHERE is_public=$1',
+					array ('true'));
+		while ($arr = db_fetch_array($res)) {
+			$this->_cached_public_roles[] = $this->getRoleById ($arr['role_id']) ;
 		}
 
 		return $this->_cached_public_roles ;
@@ -162,18 +151,10 @@
 		$result[] = RoleAnonymous::getInstance() ;
 		$result[] = RoleLoggedIn::getInstance() ;
 
-		if (USE_PFO_RBAC) {
-			$res = db_query_params ('SELECT role_id FROM pfo_user_role WHERE user_id=$1',
-						array ($user->getID()));
-			while ($arr = db_fetch_array($res)) {
-				$result[] = $this->getRoleById ($arr['role_id']) ;
-			}
-		} else {
-			$res = db_query_params ('SELECT role_id FROM user_group WHERE user_id=$1',
-						array ($user->getID()));
-			while ($arr = db_fetch_array($res)) {
-				$result[] = $this->getRoleById ($arr['role_id']) ;
-			}
+		$res = db_query_params ('SELECT role_id FROM pfo_user_role WHERE user_id=$1',
+					array ($user->getID()));
+		while ($arr = db_fetch_array($res)) {
+			$result[] = $this->getRoleById ($arr['role_id']) ;
 		}
 
 		return $result ;
@@ -214,38 +195,27 @@
 		if (array_key_exists ($role_id, $this->_cached_roles)) {
 			return $this->_cached_roles[$role_id] ;
 		}
-		if (USE_PFO_RBAC) {
-			$res = db_query_params ('SELECT c.class_name, r.home_group_id FROM pfo_role r, pfo_role_class c WHERE r.role_class = c.class_id AND r.role_id = $1',
-						array ($role_id)) ;
-			if (!$res || !db_numrows($res)) {
-				return NULL ;
-			}
+		$res = db_query_params ('SELECT c.class_name, r.home_group_id FROM pfo_role r, pfo_role_class c WHERE r.role_class = c.class_id AND r.role_id = $1',
+					array ($role_id)) ;
+		if (!$res || !db_numrows($res)) {
+			return NULL ;
+		}
 
-			$class_id = db_result ($res, 0, 'class_name') ;
-			switch ($class_id) {
-			case 'PFO_RoleExplicit':
-				$group_id = db_result ($res, 0, 'home_group_id') ;
-				$group = group_get_object ($group_id) ;
-				$this->_cached_roles[$role_id] = new Role ($group, $role_id) ;
-				return $this->_cached_roles[$role_id] ;
-			case 'PFO_RoleAnonymous':
-				$this->_cached_roles[$role_id] = RoleAnonymous::getInstance() ;
-				return $this->_cached_roles[$role_id] ;
-			case 'PFO_RoleLoggedIn':
-				$this->_cached_roles[$role_id] = RoleLoggedIn::getInstance() ;
-				return $this->_cached_roles[$role_id] ;
-			default:
-				throw new Exception ("Not implemented") ;
-			}
-		} else {
-			$res = db_query_params ('SELECT group_id FROM role r WHERE role_id = $1',
-						array ($role_id)) ;
-			if (!$res || !db_numrows($res)) {
-				return NULL ;
-			}
-			$group_id = db_result ($res, 0, 'group_id') ;
+		$class_id = db_result ($res, 0, 'class_name') ;
+		switch ($class_id) {
+		case 'PFO_RoleExplicit':
+			$group_id = db_result ($res, 0, 'home_group_id') ;
 			$group = group_get_object ($group_id) ;
-			return new Role ($group, $role_id) ;
+			$this->_cached_roles[$role_id] = new Role ($group, $role_id) ;
+			return $this->_cached_roles[$role_id] ;
+		case 'PFO_RoleAnonymous':
+			$this->_cached_roles[$role_id] = RoleAnonymous::getInstance() ;
+			return $this->_cached_roles[$role_id] ;
+		case 'PFO_RoleLoggedIn':
+			$this->_cached_roles[$role_id] = RoleLoggedIn::getInstance() ;
+			return $this->_cached_roles[$role_id] ;
+		default:
+			throw new Exception ("Not implemented") ;
 		}
 	}
 

Modified: trunk/src/common/include/Role.class.php
===================================================================
--- trunk/src/common/include/Role.class.php	2011-08-01 11:46:45 UTC (rev 14021)
+++ trunk/src/common/include/Role.class.php	2011-08-01 13:16:12 UTC (rev 14022)
@@ -43,15 +43,8 @@
 	 */
 	function Role($Group, $role_id = false) {
 		$this->BaseRole();
-		if (USE_PFO_RBAC) {
-			if (!$Group || !is_object($Group) || $Group->isError()) {
-				$Group = NULL;
-			}
-		} else {
-			if (!$Group || !is_object($Group) || $Group->isError()) {
-				$this->setError('Role::'.$Group->getErrorMessage());
-				return false;
-			}
+		if (!$Group || !is_object($Group) || $Group->isError()) {
+			$Group = NULL;
 		}
 		$this->Group =& $Group;
 
@@ -89,51 +82,32 @@
 			return false;
 		}
 		if ($this->getName() != stripslashes($role_name)) {
-			if (USE_PFO_RBAC) {
-				db_begin();
-				if ($this->Group == NULL) {
-					$res = db_query_params('SELECT role_name FROM pfo_role WHERE home_group_id IS NULL AND role_name=$1',
-							       array(htmlspecialchars($role_name)));
-					if (db_numrows($res)) {
-						$this->setError('Cannot create a role with this name (already used)');
-						db_rollback();
-						return false;
-					}
-				} else {
-					$res = db_query_params('SELECT role_name FROM pfo_role WHERE home_group_id=$1 AND role_name=$2',
-							       array($this->Group->getID(), htmlspecialchars($role_name)));
-					if (db_numrows($res)) {
-						$this->setError('Cannot create a role with this name (already used)');
-						db_rollback();
-						return false;
-					}
-				}
-				$res = db_query_params('UPDATE pfo_role SET role_name=$1 WHERE role_id=$2',
-							array(htmlspecialchars($role_name),
-							       $this->getID()));
-				if (!$res || db_affected_rows($res) < 1) {
-					$this->setError('update::name::'.db_error());
+			db_begin();
+			if ($this->Group == NULL) {
+				$res = db_query_params('SELECT role_name FROM pfo_role WHERE home_group_id IS NULL AND role_name=$1',
+						       array(htmlspecialchars($role_name)));
+				if (db_numrows($res)) {
+					$this->setError('Cannot create a role with this name (already used)');
+					db_rollback();
 					return false;
 				}
-				db_commit();
 			} else {
-				// Check if role_name is not already used.
-				$res = db_query_params('SELECT role_name FROM role WHERE group_id=$1 AND role_name=$2',
+				$res = db_query_params('SELECT role_name FROM pfo_role WHERE home_group_id=$1 AND role_name=$2',
 						       array($this->Group->getID(), htmlspecialchars($role_name)));
 				if (db_numrows($res)) {
 					$this->setError('Cannot create a role with this name (already used)');
+					db_rollback();
 					return false;
 				}
-
-				$res = db_query_params('UPDATE role SET role_name=$1 WHERE group_id=$2 AND role_id=$3',
-							array(htmlspecialchars($role_name),
-							       $this->Group->getID(),
-							       $this->getID()));
-				if (!$res || db_affected_rows($res) < 1) {
-					$this->setError('update::name::'.db_error());
-					return false;
-				}
 			}
+			$res = db_query_params('UPDATE pfo_role SET role_name=$1 WHERE role_id=$2',
+					       array(htmlspecialchars($role_name),
+						     $this->getID()));
+			if (!$res || db_affected_rows($res) < 1) {
+				$this->setError('update::name::'.db_error());
+				return false;
+			}
+			db_commit();
 		}
 		return true;
 	}
@@ -177,132 +151,71 @@
 	 * @return	integer	The id on success or false on failure.
 	 */
 	function create($role_name, $data, $newproject=false) {
-		if (USE_PFO_RBAC) {
-			if ($this->Group == NULL) {
-				if (!forge_check_global_perm ('forge_admin')) {
-					$this->setPermissionDeniedError();
-					return false;
-				}
-			}
-			if ($newproject) {
-				if (!forge_check_global_perm ('approve_projects')) {
-					$this->setPermissionDeniedError();
-					return false;
-				}
-			} elseif (!forge_check_perm ('project_admin', $this->Group->getID())) {
+		if ($this->Group == NULL) {
+			if (!forge_check_global_perm ('forge_admin')) {
 				$this->setPermissionDeniedError();
 				return false;
 			}
-			if ($role_name == '') {
-				$this->setError('Cannot create a role with an empty name');
-				return false;
-			}
-
-			db_begin();
-			if ($this->Group == NULL) {
-				$res = db_query_params('SELECT role_name FROM pfo_role WHERE home_group_id IS NULL AND role_name=$1',
-						       array (htmlspecialchars($role_name)));
-				if (db_numrows($res)) {
-					$this->setError('Cannot create a role with this name (already used)');
-					db_rollback () ;
-					return false;
-				}
-			} else {
-				$res = db_query_params('SELECT role_name FROM pfo_role WHERE home_group_id=$1 AND role_name=$2',
-						       array ($this->Group->getID(), htmlspecialchars($role_name)));
-				if (db_numrows($res)) {
-					$this->setError('Cannot create a role with this name (already used)');
-					db_rollback () ;
-					return false;
-				}
-			}
-
-			if ($this->Group == NULL) {
-				$res = db_query_params ('INSERT INTO pfo_role (role_name) VALUES ($1)',
-				array (htmlspecialchars($role_name))) ;
-			} else {
-				$res = db_query_params ('INSERT INTO pfo_role (home_group_id, role_name) VALUES ($1, $2)',
-				array ($this->Group->getID(),
-				htmlspecialchars($role_name))) ;
-			}
-			if (!$res) {
-				$this->setError('create::'.db_error());
-				db_rollback();
-				return false;
-			}
-			$role_id=db_insertid($res,'pfo_role','role_id');
-			if (!$role_id) {
-				$this->setError('create::db_insertid::'.db_error());
-				db_rollback();
-				return false;
-			}
-			$this->data_array['role_id'] = $role_id ;
-			$this->data_array['role_name'] = $role_name ;
-
-			$this->update ($role_name, $data) ;
-
-			$this->normalizeData () ;
-
-		} else { // not USE_PFO_RBAC
-
-			$perm =& $this->Group->getPermission ();
-			if (!$perm || !is_object($perm) || $perm->isError() || !$perm->isAdmin()) {
+		}
+		if ($newproject) {
+			if (!forge_check_global_perm ('approve_projects')) {
 				$this->setPermissionDeniedError();
 				return false;
 			}
+		} elseif (!forge_check_perm ('project_admin', $this->Group->getID())) {
+			$this->setPermissionDeniedError();
+			return false;
+		}
+		if ($role_name == '') {
+			$this->setError('Cannot create a role with an empty name');
+			return false;
+		}
 
-			// Check if role_name is not already used.
-			$res = db_query_params('SELECT role_name FROM role WHERE group_id=$1 AND role_name=$2',
-			array ($this->Group->getID(), htmlspecialchars($role_name)));
+		db_begin();
+		if ($this->Group == NULL) {
+			$res = db_query_params('SELECT role_name FROM pfo_role WHERE home_group_id IS NULL AND role_name=$1',
+					       array (htmlspecialchars($role_name)));
 			if (db_numrows($res)) {
 				$this->setError('Cannot create a role with this name (already used)');
+				db_rollback () ;
 				return false;
 			}
-
-			db_begin();
-			$res = db_query_params ('INSERT INTO role (group_id, role_name) VALUES ($1, $2)',
-			array ($this->Group->getID(),
-			htmlspecialchars($role_name))) ;
-			if (!$res) {
-				$this->setError('create::'.db_error());
-				db_rollback();
+		} else {
+			$res = db_query_params('SELECT role_name FROM pfo_role WHERE home_group_id=$1 AND role_name=$2',
+					       array ($this->Group->getID(), htmlspecialchars($role_name)));
+			if (db_numrows($res)) {
+				$this->setError('Cannot create a role with this name (already used)');
+				db_rollback () ;
 				return false;
 			}
-			$role_id=db_insertid($res,'role','role_id');
-			if (!$role_id) {
-				$this->setError('create::db_insertid::'.db_error());
-				db_rollback();
-				return false;
-			}
+		}
 
-			$arr1 = array_keys($data);
-			for ($i=0; $i<count($arr1); $i++) {
-			//	array_values($Report->adjust_days)
-				$arr2 = array_keys($data[$arr1[$i]]);
-				for ($j=0; $j<count($arr2); $j++) {
-					$usection_name=$arr1[$i];
-					$uref_id=$arr2[$j];
-					$uvalue=$data[$arr1[$i]][$arr2[$j]];
-					if (!$uref_id) {
-						$uref_id=0;
-					}
-					if (!$uvalue) {
-						$uvalue=0;
-					}
-					$res = db_query_params ('INSERT INTO role_setting (role_id,section_name,ref_id,value) VALUES ($1,$2,$3,$4)',
-							array ($role_id,
-							       $usection_name,
-							       $uref_id,
-							       $uvalue)) ;
-					if (!$res) {
-						$this->setError('create::insertsetting::'.db_error());
-						db_rollback();
-						return false;
-					}
-				}
-			}
+		if ($this->Group == NULL) {
+			$res = db_query_params ('INSERT INTO pfo_role (role_name) VALUES ($1)',
+						array (htmlspecialchars($role_name))) ;
+		} else {
+			$res = db_query_params ('INSERT INTO pfo_role (home_group_id, role_name) VALUES ($1, $2)',
+						array ($this->Group->getID(),
+						       htmlspecialchars($role_name))) ;
 		}
+		if (!$res) {
+			$this->setError('create::'.db_error());
+			db_rollback();
+			return false;
+		}
+		$role_id=db_insertid($res,'pfo_role','role_id');
+		if (!$role_id) {
+			$this->setError('create::db_insertid::'.db_error());
+			db_rollback();
+			return false;
+		}
+		$this->data_array['role_id'] = $role_id ;
+		$this->data_array['role_name'] = $role_name ;
 
+		$this->update ($role_name, $data) ;
+
+		$this->normalizeData () ;
+
 		if (!$this->fetchData($role_id)) {
 			db_rollback();
 			return false;
@@ -373,97 +286,56 @@
 	 * @return	boolean	True on success or false on failure.
 	 */
 	function delete() {
-		if (USE_PFO_RBAC) {
-			if ($this->Group == NULL) {
-				if (!forge_check_global_perm ('forge_admin')) {
-					$this->setPermissionDeniedError();
-					return false;
-				}
-			} elseif (!forge_check_perm('project_admin', $this->Group->getID())) {
+		if ($this->Group == NULL) {
+			if (!forge_check_global_perm ('forge_admin')) {
 				$this->setPermissionDeniedError();
 				return false;
 			}
+		} elseif (!forge_check_perm('project_admin', $this->Group->getID())) {
+			$this->setPermissionDeniedError();
+			return false;
+		}
 
-			$res=db_query_params('SELECT user_id FROM pfo_user_role WHERE role_id=$1',
-					     array($this->getID()));
-			assert($res);
-			if (db_numrows($res) > 0) {
-				$this->setError(_('Cannot remove a non empty role.'));
-				return false;
-			}
+		$res=db_query_params('SELECT user_id FROM pfo_user_role WHERE role_id=$1',
+				     array($this->getID()));
+		assert($res);
+		if (db_numrows($res) > 0) {
+			$this->setError(_('Cannot remove a non empty role.'));
+			return false;
+		}
 
-			$res=db_query_params('DELETE FROM pfo_user_role WHERE role_id=$1',
-					     array($this->getID())) ;
-			if (!$res || db_affected_rows($res) < 1) {
-				$this->setError('delete::name::'.db_error());
-				db_rollback();
-				return false;
-			}
+		$res=db_query_params('DELETE FROM pfo_user_role WHERE role_id=$1',
+				     array($this->getID())) ;
+		if (!$res || db_affected_rows($res) < 1) {
+			$this->setError('delete::name::'.db_error());
+			db_rollback();
+			return false;
+		}
 
-			$res=db_query_params('DELETE FROM role_project_refs WHERE role_id=$1',
-					     array($this->getID()));
-			if (!$res || db_affected_rows($res) < 1) {
-				$this->setError('delete::name::'.db_error());
-				db_rollback();
-				return false;
-			}
+		$res=db_query_params('DELETE FROM role_project_refs WHERE role_id=$1',
+				     array($this->getID()));
+		if (!$res || db_affected_rows($res) < 1) {
+			$this->setError('delete::name::'.db_error());
+			db_rollback();
+			return false;
+		}
 
-			$res=db_query_params('DELETE FROM pfo_role_setting WHERE role_id=$1',
-					     array($this->getID()));
-			if (!$res || db_affected_rows($res) < 1) {
-				$this->setError('delete::name::'.db_error());
-				db_rollback();
-				return false;
-			}
+		$res=db_query_params('DELETE FROM pfo_role_setting WHERE role_id=$1',
+				     array($this->getID()));
+		if (!$res || db_affected_rows($res) < 1) {
+			$this->setError('delete::name::'.db_error());
+			db_rollback();
+			return false;
+		}
 
-			$res=db_query_params('DELETE FROM pfo_role WHERE role_id=$1',
-					     array($this->getID()));
-			if (!$res || db_affected_rows($res) < 1) {
-				$this->setError('delete::name::'.db_error());
-				db_rollback();
-				return false;
-			}
-
-		} else { // not USE_PFO_RBAC
-
-			if (!is_numeric($this->getID())) {
-				$this->setError('Role::delete() role_id is not an integer');
-				return false;
-			}
-
-			//	Cannot delete role_id=1
-			if ($this->getID() == 1) {
-				$this->setError(_('Cannot Delete Default Role.'));
-				return false;
-			}
-			$perm =& $this->Group->getPermission();
-			if (!$perm || !is_object($perm) || $perm->isError() || !$perm->isAdmin()) {
-				$this->setPermissionDeniedError();
-				return false;
-			}
-
-			$res=db_query_params('SELECT user_id FROM user_group WHERE role_id=$1',
-					     array($this->getID()));
-			assert($res);
-			if (db_numrows($res) > 0) {
-				$this->setError(_('Cannot remove a non empty role.'));
-				return false;
-			}
-
-			db_begin();
-
-			$res=db_query_params('DELETE FROM role WHERE group_id=$1 AND role_id=$2',
-			array($this->Group->getID(), $this->getID()));
-			if (!$res || db_affected_rows($res) < 1) {
-				$this->setError('delete::name::'.db_error());
-				db_rollback();
-				return false;
-			}
-
-			db_commit();
-
-			return true;
+		$res=db_query_params('DELETE FROM pfo_role WHERE role_id=$1',
+				     array($this->getID()));
+		if (!$res || db_affected_rows($res) < 1) {
+			$this->setError('delete::name::'.db_error());
+			db_rollback();
+			return false;
 		}
+
 	}
 
 	/**
@@ -475,179 +347,17 @@
 	function setUser($user_id) {
 		global $SYS;
 
-		if (USE_PFO_RBAC) {
-
-			if ($this->Group == NULL) {
-				if (!forge_check_global_perm ('forge_admin')) {
-					$this->setPermissionDeniedError();
-					return false;
-				}
-			} elseif (!forge_check_perm ('project_admin', $this->Group->getID())) {
+		if ($this->Group == NULL) {
+			if (!forge_check_global_perm ('forge_admin')) {
 				$this->setPermissionDeniedError();
 				return false;
 			}
-
-			return $this->addUser (user_get_object($user_id)) ;
-
-		} else { // not USE_PFO_RBAC
-
-			$perm =& $this->Group->getPermission ();
-			if (!$perm || !is_object($perm) || $perm->isError() || !$perm->isAdmin()) {
-				$this->setPermissionDeniedError();
-				return false;
-			}
-
-			db_begin();
-			//
-			//	See if role is actually changing
-			//
-			$res = db_query_params('SELECT role_id FROM user_group WHERE user_id=$1 AND group_id=$2',
-			array($user_id,
-			$this->Group->getID()));
-			$old_roleid=db_result($res,0,0);
-			if ($this->getID() == $old_roleid) {
-				db_commit();
-				return true;
-			}
-			//
-			//	Get the old role so we can compare new values to old
-			//
-			$oldrole= new Role($this->Group, $old_roleid);
-			if (!$oldrole || !is_object($oldrole) || $oldrole->isError()) {
-				$this->setError($oldrole->getErrorMessage());
-				db_rollback();
-				return false;
-			}
-
-			//
-			//	Iterate each setting to see if it's changing
-			//	If not, no sense updating it
-			//
-			$arr1 = array_keys($this->setting_array);
-			for ($i = 0; $i < count($arr1); $i++) {
-				//	array_values($Report->adjust_days)
-				$arr2 = array_keys($this->setting_array[$arr1[$i]]);
-				for ($j=0; $j<count($arr2); $j++) {
-					$usection_name=$arr1[$i];
-					$uref_id = $arr2[$j];
-					$uvalue = $this->setting_array[$usection_name][$uref_id];
-					if (!$uref_id) {
-						$uref_id=0;
-					}
-					if (!$uvalue) {
-						$uvalue=0;
-					}
-					//
-					//	See if this setting changed. If so, then update it
-					//
-					//			if (($this->getVal($usection_name,$uref_id) != $oldrole->getVal($usection_name,$uref_id)) || ($old_roleid == 1)) {
-					if ($usection_name == 'frs') {
-						$update_usergroup=true;
-					} elseif ($usection_name == 'scm') {
-						//TODO - Shell should be separate flag
-						//  If user acquired admin access to CVS,
-						//  one to be given normal shell on CVS machine,
-						//  else - restricted.
-						//
-						$cvs_flags=$this->getVal('scm',0);
-						$res2 = db_query_params ('UPDATE user_group SET cvs_flags=$1 WHERE user_id=$2 AND group_id=$3',
-						array ($cvs_flags,
-						$user_id,
-						$this->Group->getID())) ;
-						if (!$res2) {
-							$this->setError('update::scm::'.db_error());
-							db_rollback();
-							return false;
-						}
-						// I have doubt the following is usefull
-						// This is probably buggy if used
-						if ($cvs_flags>1) {
-							if (!$SYS->sysUserSetAttribute($user_id,"debGforgeCvsShell","/bin/bash")) {
-								$this->setError($SYS->getErrorMessage());
-								db_rollback();
-								return false;
-							}
-						} else {
-							if (!$SYS->sysUserSetAttribute($user_id,"debGforgeCvsShell","/bin/cvssh")) {
-								$this->setError($SYS->getErrorMessage());
-								db_rollback();
-								return false;
-							}
-						}
-
-						//
-						//  If user acquired at least commit access to CVS,
-						//  one to be promoted to CVS group, else, demoted.
-						//  When we add the user we also check he has a shell as a group member
-						//  When we remove we only check for SCM (cvs_only=1)
-						//
-						if ($uvalue>0) {
-							if (!$SYS->sysGroupAddUser($this->Group->getID(),$user_id,0)) {
-								$this->setError($SYS->getErrorMessage());
-								db_rollback();
-								return false;
-							}
-						} else {
-							if (!$SYS->sysGroupRemoveUser($this->Group->getID(),$user_id,1)) {
-								$this->setError($SYS->getErrorMessage());
-								db_rollback();
-								return false;
-							}
-						}
-
-					} elseif ($usection_name == 'docman') {
-						$update_usergroup=true;
-					} elseif ($usection_name == 'forumadmin') {
-						$update_usergroup=true;
-					} elseif ($usection_name == 'trackeradmin') {
-						$update_usergroup=true;
-					} elseif ($usection_name == 'projectadmin') {
-						$update_usergroup=true;
-					} elseif ($usection_name == 'pmadmin') {
-						$update_usergroup=true;
-					}
-					//			}
-				}
-			}
-			//	if ($update_usergroup) {
-			$res = db_query_params ('UPDATE user_group
-			       SET admin_flags=$1,
-				   forum_flags=$2,
-				   project_flags=$3,
-				   doc_flags=$4,
-				   cvs_flags=$5,
-				   release_flags=$6,
-				   artifact_flags=$7,
-				   role_id=$8
-			       WHERE user_id=$9 AND group_id=$10',
-						array($this->getVal('projectadmin', 0),
-						      $this->getVal('forumadmin', 0),
-						      $this->getVal('pmadmin', 0),
-						      $this->getVal('docman', 0),
-						      $this->getVal('scm', 0),
-						      $this->getVal('frs', 0),
-						      $this->getVal('trackeradmin', 0),
-						      $this->getID(),
-						      $user_id,
-						      $this->Group->getID()));
-			if (!$res) {
-				$this->setError('::update::usergroup::'.db_error());
-				db_rollback();
-				return false;
-			}
-
-			//	}
-
-			$hook_params = array();
-			$hook_params['role'] =& $this;
-			$hook_params['role_id'] = $this->getID();
-			$hook_params['user_id'] = $user_id;
-			plugin_hook("role_setuser", $hook_params);
-
-			db_commit();
-			return true;
+		} elseif (!forge_check_perm ('project_admin', $this->Group->getID())) {
+			$this->setPermissionDeniedError();
+			return false;
 		}
 
+		return $this->addUser (user_get_object($user_id)) ;
 	}
 
 }

Modified: trunk/src/common/include/rbac_texts.php
===================================================================
--- trunk/src/common/include/rbac_texts.php	2011-08-01 11:46:45 UTC (rev 14021)
+++ trunk/src/common/include/rbac_texts.php	2011-08-01 13:16:12 UTC (rev 14022)
@@ -40,221 +40,124 @@
 		$rbac_edit_section_names = array () ;
 	}
 
-	if (USE_PFO_RBAC) {
-		$rbac_permission_names = array_replace_recursive ($rbac_permission_names,
-								  array (
-									  'forge_admin0' => _('No administrative access'),
-									  'forge_admin1' => _('Forge administration'),
-									  'approve_projects0' => _('No access'),
-									  'approve_projects1' => _('Approve projects'),
-									  'approve_news0' => _('No access'),
-									  'approve_news1' => _('Approve news'),
-									  'forge_stats0' => _('No access'),
-									  'forge_stats1' => _('Read access'),
-									  'forge_stats2' => _('Admin forge stats'),
+	$rbac_permission_names = array_replace_recursive ($rbac_permission_names,
+							  array (
+								  'forge_admin0' => _('No administrative access'),
+								  'forge_admin1' => _('Forge administration'),
+								  'approve_projects0' => _('No access'),
+								  'approve_projects1' => _('Approve projects'),
+								  'approve_news0' => _('No access'),
+								  'approve_news1' => _('Approve news'),
+								  'forge_stats0' => _('No access'),
+								  'forge_stats1' => _('Read access'),
+								  'forge_stats2' => _('Admin forge stats'),
 
-									  'project_read0' => _('Hidden'),
-									  'project_read1' => _('Visible'),
-									  'project_admin0' => _('No administrative access'),
-									  'project_admin1' => _('Project administration'),
+								  'project_read0' => _('Hidden'),
+								  'project_read1' => _('Visible'),
+								  'project_admin0' => _('No administrative access'),
+								  'project_admin1' => _('Project administration'),
 
-									  'tracker_admin0' => _('No administrative access'),
-									  'tracker_admin1' => _('Trackers administration'),
-									  'pm_admin0' => _('No administrative access'),
-									  'pm_admin1' => _('Task managers administration'),
-									  'forum_admin0' => _('No administrative access'),
-									  'forum_admin1' => _('Forums administration'),
+								  'tracker_admin0' => _('No administrative access'),
+								  'tracker_admin1' => _('Trackers administration'),
+								  'pm_admin0' => _('No administrative access'),
+								  'pm_admin1' => _('Task managers administration'),
+								  'forum_admin0' => _('No administrative access'),
+								  'forum_admin1' => _('Forums administration'),
 
-									  'tracker0' => _('No access'),
-									  'tracker1' => _('Read only'),
-									  'tracker2' => _('Technician (no read access)'),
-									  'tracker3' => _('Technician'),
-									  'tracker4' => _('Manager (no read access)'),
-									  'tracker5' => _('Manager'),
-									  'tracker6' => _('Tech & manager (no read access)'),
-									  'tracker7' => _('Tech & manager'),
-									  'pm0' => _('No access'),
-									  'pm1' => _('Read only'),
-									  'pm2' => _('Technician (no read access)'),
-									  'pm3' => _('Technician'),
-									  'pm4' => _('Manager (no read access)'),
-									  'pm5' => _('Manager'),
-									  'pm6' => _('Tech & manager (no read access)'),
-									  'pm7' => _('Tech & manager'),
-									  'forum0' => _('No access'),
-									  'forum1' => _('Read only'),
-									  'forum2' => _('Moderated post'),
-									  'forum3' => _('Unmoderated post'),
-									  'forum4' => _('Moderation'),
+								  'tracker0' => _('No access'),
+								  'tracker1' => _('Read only'),
+								  'tracker2' => _('Technician (no read access)'),
+								  'tracker3' => _('Technician'),
+								  'tracker4' => _('Manager (no read access)'),
+								  'tracker5' => _('Manager'),
+								  'tracker6' => _('Tech & manager (no read access)'),
+								  'tracker7' => _('Tech & manager'),
+								  'pm0' => _('No access'),
+								  'pm1' => _('Read only'),
+								  'pm2' => _('Technician (no read access)'),
+								  'pm3' => _('Technician'),
+								  'pm4' => _('Manager (no read access)'),
+								  'pm5' => _('Manager'),
+								  'pm6' => _('Tech & manager (no read access)'),
+								  'pm7' => _('Tech & manager'),
+								  'forum0' => _('No access'),
+								  'forum1' => _('Read only'),
+								  'forum2' => _('Moderated post'),
+								  'forum3' => _('Unmoderated post'),
+								  'forum4' => _('Moderation'),
 
-									  'new_tracker0' => _('No access'),
-									  'new_tracker1' => _('Read only'),
-									  'new_tracker2' => _('Technician (no read access)'),
-									  'new_tracker3' => _('Technician'),
-									  'new_tracker4' => _('Manager (no read access)'),
-									  'new_tracker5' => _('Manager'),
-									  'new_tracker6' => _('Tech & manager (no read access)'),
-									  'new_tracker7' => _('Tech & manager'),
-									  'new_pm0' => _('No access'),
-									  'new_pm1' => _('Read only'),
-									  'new_pm2' => _('Technician (no read access)'),
-									  'new_pm3' => _('Technician'),
-									  'new_pm4' => _('Manager (no read access)'),
-									  'new_pm5' => _('Manager'),
-									  'new_pm6' => _('Tech & manager (no read access)'),
-									  'new_pm7' => _('Tech & manager'),
-									  'new_forum0' => _('No access'),
-									  'new_forum1' => _('Read only'),
-									  'new_forum2' => _('Moderated post'),
-									  'new_forum3' => _('Unmoderated post'),
-									  'new_forum4' => _('Moderation'),
+								  'new_tracker0' => _('No access'),
+								  'new_tracker1' => _('Read only'),
+								  'new_tracker2' => _('Technician (no read access)'),
+								  'new_tracker3' => _('Technician'),
+								  'new_tracker4' => _('Manager (no read access)'),
+								  'new_tracker5' => _('Manager'),
+								  'new_tracker6' => _('Tech & manager (no read access)'),
+								  'new_tracker7' => _('Tech & manager'),
+								  'new_pm0' => _('No access'),
+								  'new_pm1' => _('Read only'),
+								  'new_pm2' => _('Technician (no read access)'),
+								  'new_pm3' => _('Technician'),
+								  'new_pm4' => _('Manager (no read access)'),
+								  'new_pm5' => _('Manager'),
+								  'new_pm6' => _('Tech & manager (no read access)'),
+								  'new_pm7' => _('Tech & manager'),
+								  'new_forum0' => _('No access'),
+								  'new_forum1' => _('Read only'),
+								  'new_forum2' => _('Moderated post'),
+								  'new_forum3' => _('Unmoderated post'),
+								  'new_forum4' => _('Moderation'),
 
-									  'scm0' => _('No access'),
-									  'scm1' => _('Read only'),
-									  'scm2' => _('Commit access'),
-									  'docman0' => _('No access'),
-									  'docman1' => _('Read only'),
-									  'docman2' => _('Submit documents'),
-									  'docman3' => _('Approve documents'),
-									  'docman4' => _('Doc manager administration'),
-									  'frs0' => _('No access'),
-									  'frs1' => _('View public packages only'),
-									  'frs2' => _('View all packages'),
-									  'frs3' => _('Publish files'),
+								  'scm0' => _('No access'),
+								  'scm1' => _('Read only'),
+								  'scm2' => _('Commit access'),
+								  'docman0' => _('No access'),
+								  'docman1' => _('Read only'),
+								  'docman2' => _('Submit documents'),
+								  'docman3' => _('Approve documents'),
+								  'docman4' => _('Doc manager administration'),
+								  'frs0' => _('No access'),
+								  'frs1' => _('View public packages only'),
+								  'frs2' => _('View all packages'),
+								  'frs3' => _('Publish files'),
 
-									  'webcal0' => _('No access'),
-									  'webcal1' => _('Modify'),
-									  'webcal2' => _('See'),
-									  )
-			);
+								  'webcal0' => _('No access'),
+								  'webcal1' => _('Modify'),
+								  'webcal2' => _('See'),
+								  )
+		);
 
-		$rbac_edit_section_names = array_replace_recursive ($rbac_edit_section_names,
-								    array (
-									    'forge_admin' => _('Forge administration'),
-									    'approve_projects' => _('Approve projects'),
-									    'approve_news' => _('Approve news'),
-									    'forge_stats' => _('Forge statistics'),
+	$rbac_edit_section_names = array_replace_recursive ($rbac_edit_section_names,
+							    array (
+								    'forge_admin' => _('Forge administration'),
+								    'approve_projects' => _('Approve projects'),
+								    'approve_news' => _('Approve news'),
+								    'forge_stats' => _('Forge statistics'),
 
-									    'project_read' => _('Project visibility'),
-									    'project_admin' => _('Project administration'),
+								    'project_read' => _('Project visibility'),
+								    'project_admin' => _('Project administration'),
 
-									    'tracker_admin' => _('Trackers administration'),
-									    'pm_admin' => _('Task managers administration'),
-									    'forum_admin' => _('Forums administration'),
+								    'tracker_admin' => _('Trackers administration'),
+								    'pm_admin' => _('Task managers administration'),
+								    'forum_admin' => _('Forums administration'),
 
-									    'tracker' => _('Tracker'),
-									    'pm' => _('Tasks'),
-									    'forum' => _('Forum'),
+								    'tracker' => _('Tracker'),
+								    'pm' => _('Tasks'),
+								    'forum' => _('Forum'),
 
-									    'new_tracker' => _('Default for new trackers'),
-									    'new_pm' => _('Default for new task managers'),
-									    'new_forum' => _('Default for new forums'),
+								    'new_tracker' => _('Default for new trackers'),
+								    'new_pm' => _('Default for new task managers'),
+								    'new_forum' => _('Default for new forums'),
 
-									    'scm' => _('SCM'),
-									    'docman' => _('Documentation manager'),
-									    'frs' => _('Files'),
+								    'scm' => _('SCM'),
+								    'docman' => _('Documentation manager'),
+								    'frs' => _('Files'),
 
-									    'webcal' => _('Webcal'),
-									    )
-			) ;
-	} else { // Not USE_PFO_RBAC
-		$rbac_permission_names = array_replace_recursive ($rbac_permission_names,
-								  array (
-									  'frspackage0' => _('Private'),
-									  'frspackage1' => _('Public'),
-									  'frspackage' => _('File Release System'),
-									  'projectpublic0' => _('Private'),
-									  'projectpublic1' => _('Public'),
-									  'scmpublic0' => _('Private'),
-									  'scmpublic1' => _('Public (PServer)'),
-									  'forumpublic0' => _('Private'),
-									  'forumpublic1' => _('Public'),
-									  'forumanon0' => _('No Anonymous Posts'),
-									  'forumanon1' => _('Allow Anonymous Posts'),
-									  'pmpublic0' => _('Private'),
-									  'pmpublic1' => _('Public'),
-									  'trackerpublic0' => _('Private'),
-									  'trackerpublic1' => _('Public'),
-									  'trackeranon0' => _('No Anonymous Posts'),
-									  'trackeranon1' => _('Allow Anonymous Posts'),
-									  'frs0' => _('Read'),
-									  'frs1' => _('Write'),
-									  'scm-1' => _('No Access'),
-									  'scm0' => _('Read'),
-									  'scm1' => _('Write'),
-									  'forum-1' => _('No Access'),
-									  'forum0' => _('Read'),
-									  'forum1' => _('Post'),
-									  'forum2' => _('Admin'),
-									  'newforum-1' => _('No Access'),
-									  'newforum0' => _('Read'),
-									  'newforum1' => _('Post'),
-									  'newforum2' => _('Admin'),
-									  'tracker-1' => _('No Access'),
-									  'tracker0' => _('Read'),
-									  'tracker1' => _('Tech'),
-									  'tracker2' => _('Tech & Admin'),
-									  'tracker3' => _('Admin Only'),
-									  'newtracker-1' => _('No Access'),
-									  'newtracker0' => _('Read'),
-									  'newtracker1' => _('Tech'),
-									  'newtracker2' => _('Tech & Admin'),
-									  'newtracker3' => _('Admin Only'),
-									  'pm-1' => _('No Access'),
-									  'pm0' => _('Read'),
-									  'pm1' => _('Tech'),
-									  'pm2' => _('Tech & Admin'),
-									  'pm3' => _('Admin Only'),
-									  'newpm-1' => _('No Access'),
-									  'newpm0' => _('Read'),
-									  'newpm1' => _('Tech'),
-									  'newpm2' => _('Tech & Admin'),
-									  'newpm3' => _('Admin Only'),
-									  'docman0' => _('Read/Post'),
-									  'docman1' => _('Admin'),
-									  'projectadmin0' => _('None'),
-									  'projectadminA' => _('Admin'),
-									  'pmadmin0' => _('None'),
-									  'pmadmin2' => _('Admin'),
-									  'forumadmin0' => _('None'),
-									  'forumadmin2' => _('Admin'),
-									  'trackeradmin0' => _('None'),
-									  'trackeradmin2' => _('Admin'),
-									  'webcal2' => _('See'),
-									  'webcal1' => _('Modify'),
-									  'webcal0' => _('No access')
-									  )
-			);
-
-		$rbac_edit_section_names = array_replace_recursive ($rbac_edit_section_names,
-								    array (
-									    'forum' => _('Forum'),
-									    'newforum' => _('Default for new forums'),
-									    'forumpublic' => _('Forum'),
-									    'forumanon' => _('Anonymous Forum'),
-									    'forumadmin' => _('Forum Admin'),
-									    'pm' => _('Tasks'),
-									    'newpm' => _('Default for new tasks'),
-									    'pmpublic' => _('Tasks'),
-									    'pmadmin' => _('Tasks Admin'),
-									    'projectpublic' => _('Project'),
-									    'tracker' => _('Tracker'),
-									    'newtracker' => _('Default for new trackers'),
-									    'trackerpublic' => _('Tracker'),
-									    'trackeranon' => _('Anonymous Tracker'),
-									    'trackeradmin' => _('Tracker Admin'),
-									    'frs' => _('File Release System'),
-									    'frspackage' => _('Files'),
-									    'webcal' => _('Webcal'),
-									    'projectadmin' => _('Project Admin'),
-									    'scm' => _('SCM'),
-									    'scmpublic' => _('SCM'),
-									    'docman' => _('Documentation Manager'),
-									    )
-			) ;
-	}
+								    'webcal' => _('Webcal'),
+								    )
+		) ;
 	plugin_hook ("role_translate_strings") ;
-  }
+}
 
 setup_rbac_strings () ;
 

Modified: trunk/src/fusionforge-install-3-db.php
===================================================================
--- trunk/src/fusionforge-install-3-db.php	2011-08-01 11:46:45 UTC (rev 14021)
+++ trunk/src/fusionforge-install-3-db.php	2011-08-01 13:16:12 UTC (rev 14022)
@@ -297,11 +297,7 @@
 //$t = trim(fgets($STDIN));
 
 //	run("su - postgres -c \"psql $gforge_db -c \\\"INSERT INTO users (user_name, user_pw, unix_pw) VALUES ('$admin_user', '$pw_md5', '$pw_crypt')\\\"\"");
-		if (file_exists ('/tmp/fusionforge-use-pfo-rbac')) { // USE_PFO_RBAC
-			run("su - postgres -c \"psql $gforge_db -c \\\"INSERT INTO users (user_name, realname, firstname, lastname, email, user_pw, unix_pw, status, theme_id) VALUES ('$admin_user', 'Forge Admin', 'Forge', 'Admin', 'root at localhost.localdomain', '$pw_md5', '$pw_crypt', 'A', 1); INSERT INTO user_group (user_id, group_id, admin_flags) VALUES (currval('users_pk_seq'), 1, 'A'); INSERT INTO pfo_user_role (user_id, role_id) VALUES (currval('users_pk_seq'), 3)\\\"\"");
-		} else {
-			run("su - postgres -c \"psql $gforge_db -c \\\"INSERT INTO users (user_name, realname, firstname, lastname, email, user_pw, unix_pw, status, theme_id) VALUES ('$admin_user', 'Forge Admin', 'Forge', 'Admin', 'root at localhost.localdomain', '$pw_md5', '$pw_crypt', 'A', 1); INSERT INTO user_group (user_id, group_id, admin_flags) VALUES (currval('users_pk_seq'), 1, 'A')\\\"\"");
-		}
+		run("su - postgres -c \"psql $gforge_db -c \\\"INSERT INTO users (user_name, realname, firstname, lastname, email, user_pw, unix_pw, status, theme_id) VALUES ('$admin_user', 'Forge Admin', 'Forge', 'Admin', 'root at localhost.localdomain', '$pw_md5', '$pw_crypt', 'A', 1); INSERT INTO user_group (user_id, group_id, admin_flags) VALUES (currval('users_pk_seq'), 1, 'A'); INSERT INTO pfo_user_role (user_id, role_id) VALUES (currval('users_pk_seq'), 3)\\\"\"");
 
 //echo "BREAKPOINT 2\n";
 //$t = trim(fgets($STDIN));




More information about the Fusionforge-commits mailing list