From BlenderWiki
| project admin | frs | scm | docman | forum admin | forum | tracker admin | tracker | pm admin | pm | |
|---|---|---|---|---|---|---|---|---|---|---|
| Admin | A | 1 | 1 | 1 | 2 | 2 | 2 | 2 | 2 | 2 |
| Senior Developer | 0 | 1 | 1 | 1 | 2 | 2 | 2 | 2 | 2 | 2 |
| Junior Developer | 0 | 0 | 1 | 0 | 0 | 1 | 0 | 1 | 0 | 1 |
| Doc Writer | 0 | 0 | 0 | 1 | 0 | 1 | 0 | 0 | 0 | 0 |
| Support Tech | 0 | 0 | 0 | 1 | 0 | 1 | 0 | 2 | 0 | 0 |
'projectadmin'=>array('0','A'), 'frs'=>array('0','1'), 'scm'=>array('-1','0','1'), 'docman'=>array('0','1'), 'forumadmin'=>array('0','2'), 'forum'=>array('-1','0','1','2'), 'trackeradmin'=>array('0','2'), 'tracker'=>array('-1','0','1','2','3'), 'pmadmin'=>array('0','2'), 'pm'=>array('-1','0','1','2','3'));
From:
[fusionforge] / branches / Branch_4_5 / gforge / common / include / Role.class ViewVC logotype View of /branches/Branch_4_5/gforge/common/include/Role.class Parent Directory Parent Directory | Revision Log Revision Log Revision 4590 - (download) (as text) (annotate) Sun Aug 28 14:51:51 2005 UTC (5 years, 3 months ago) File size: 21699 byte(s) This commit was manufactured by cvs2svn to create branch 'Branch_4_5'. <?php /** * Role Class * * Copyright 2004 (c) GForge LLC * * @version $Id$ * @author Tim Perdue tim@gforge.org * @date 2004-03-16 * * This file is part of GForge. * * GForge is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * GForge is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with GForge; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ class Role extends Error { var $data_array; var $setting_array; var $role_vals; var $Group; var $role_values=array( 'projectadmin'=>array('0','A'), 'frs'=>array('0','1'), 'scm'=>array('-1','0','1'), 'docman'=>array('0','1'), 'forumadmin'=>array('0','2'), 'forum'=>array('-1','0','1','2'), 'trackeradmin'=>array('0','2'), 'tracker'=>array('-1','0','1','2','3'), 'pmadmin'=>array('0','2'), 'pm'=>array('-1','0','1','2','3')); var $defaults=array( 'Admin'=>array( 'projectadmin'=>'A', 'frs'=>'1', 'scm'=>'1', 'docman'=>'1', 'forumadmin'=>'2', 'forum'=>'2', 'trackeradmin'=>'2', 'tracker'=>'2', 'pmadmin'=>'2', 'pm'=>'2' ), 'Senior Developer'=>array( 'projectadmin'=>'0', 'frs'=>'1', 'scm'=>'1', 'docman'=>'1', 'forumadmin'=>'2', 'forum'=>'2', 'trackeradmin'=>'2', 'tracker'=>'2', 'pmadmin'=>'2', 'pm'=>'2' ), 'Junior Developer'=>array( 'projectadmin'=>'0', 'frs'=>'0', 'scm'=>'1', 'docman'=>'0', 'forumadmin'=>'0', 'forum'=>'1', 'trackeradmin'=>'0', 'tracker'=>'1', 'pmadmin'=>'0', 'pm'=>'1' ), 'Doc Writer'=>array( 'projectadmin'=>'0', 'frs'=>'0', 'scm'=>'0', 'docman'=>'1', 'forumadmin'=>'0', 'forum'=>'1', 'trackeradmin'=>'0', 'tracker'=>'0', 'pmadmin'=>'0', 'pm'=>'0' ), 'Support Tech'=>array( 'projectadmin'=>'0', 'frs'=>'0', 'scm'=>'0', 'docman'=>'1', 'forumadmin'=>'0', 'forum'=>'1', 'trackeradmin'=>'0', 'tracker'=>'2', 'pmadmin'=>'0', 'pm'=>'0' ) ); /** * Role($group,$id) - CONSTRUCTOR. * * @param object The Group object. * @param int The role_id. */ function Role ($Group,$role_id=false) { $this->Error(); if (!$Group || !is_object($Group) || $Group->isError()) { $this->setError('Role::'.$Group->getErrorMessage()); return false; } $this->Group =& $Group; if (!$role_id) { //setting up an empty object //probably going to call create() return true; } return $this->fetchData($role_id); } /** * getID - get the ID of this role. * * @return integer The ID Number. */ function getID() { return $this->data_array['role_id']; } /** * getName - get the name of this role. * * @return string The name of this role. */ function getName() { return $this->data_array['role_name']; } /** * create - create a new role in the database. * * @param string The name of the role. * @param array A multi-dimensional array of data in this format: $data['section_name']['ref_id']=$val * @return integer The id on success or false on failure. */ function create($role_name,$data) { $perm =& $this->Group->getPermission( session_get_user() ); if (!$perm || !is_object($perm) || $perm->isError() || !$perm->isAdmin()) { $this->setPermissionDeniedError(); return false; } db_begin(); $sql="INSERT INTO role (group_id,role_name) VALUES ('".$this->Group->getID()."','".htmlspecialchars($role_name)."')"; //echo "\n<br>$sql"; $res=db_query($sql); if (!$res) { $this->setError('create::'.db_error()); db_rollback(); return false; } $role_id=db_insertid($res,'role','role_id'); if (!$role_id) { $this->setError('create::db_insertid::'.db_error()); db_rollback(); return false; } $arr1 = array_keys($data); for ($i=0; $i<count($arr1); $i++) { // array_values($Report->adjust_days) $arr2 = array_keys($data[$arr1[$i]]); for ($j=0; $j<count($arr2); $j++) { $usection_name=$arr1[$i]; $uref_id=$arr2[$j]; $uvalue=$data[$arr1[$i]][$arr2[$j]]; if (!$uref_id) { $uref_id=0; } if (!$uvalue) { $uvalue=0; } $sql="INSERT INTO role_setting (role_id,section_name,ref_id,value) values ('$role_id','$usection_name', '$uref_id','$uvalue')"; //echo "\n<br>$sql"; $res=db_query($sql); if (!$res) { $this->setError('create::insertsetting::'.db_error()); db_rollback(); return false; } } } db_commit(); return $role_id; } function createDefault($name) { //echo '<html><body><pre>'; //echo $name; //print_r($this->defaults); $arr =& $this->defaults[$name]; $keys = array_keys($arr); $data = array(); //print_r($keys); //print_r($arr); //db_rollback(); //exit; for ($i=0; $i<count($keys); $i++) { if ($keys[$i] == 'forum') { $res=db_query("SELECT group_forum_id FROM forum_group_list WHERE group_id='".$this->Group->getID()."'"); if (!$res) { $this->setError('Error: Forum'.db_error()); return false; } for ($j=0; $j<db_numrows($res); $j++) { $data[$keys[$i]][db_result($res,$j,'group_forum_id')]= $arr[$keys[$i]]; } } elseif ($keys[$i] == 'pm') { $res=db_query("SELECT group_project_id FROM project_group_list WHERE group_id='".$this->Group->getID()."'"); if (!$res) { $this->setError('Error: TaskMgr'.db_error()); return false; } for ($j=0; $j<db_numrows($res); $j++) { $data[$keys[$i]][db_result($res,$j,'group_project_id')]= $arr[$keys[$i]]; } } elseif ($keys[$i] == 'tracker') { $res=db_query("SELECT group_artifact_id FROM artifact_group_list WHERE group_id='".$this->Group->getID()."'"); if (!$res) { $this->setError('Error: Tracker'.db_error()); return false; } for ($j=0; $j<db_numrows($res); $j++) { $data[$keys[$i]][db_result($res,$j,'group_artifact_id')]= $arr[$keys[$i]]; } } else { $data[$keys[$i]][0]= $arr[$keys[$i]]; } } //print_r($data); //db_rollback(); //exit; return $this->create($name,$data); } /** * fetchData - May need to refresh database fields. * * If an update occurred and you need to access the updated info. * * @return boolean success; */ function fetchData($role_id) { unset($this->data_array); unset($this->setting_array); $res=db_query("SELECT * FROM role WHERE role_id='$role_id'"); if (!$res || db_numrows($res) < 1) { $this->setError('Role::fetchData()::'.db_error()); return false; } $this->data_array =& db_fetch_array($res); $res=db_query("SELECT * FROM role_setting WHERE role_id='$role_id'"); if (!$res) { $this->setError('Role::fetchData()::'.db_error()); return false; } $this->setting_array=array(); while ($arr =& db_fetch_array($res)) { $this->setting_array[$arr['section_name']][$arr['ref_id']] = $arr['value']; } return true; } /** * &getRoleVals - get all the values and language text strings for this section. * * @return array Assoc array of values for this section. */ function &getRoleVals($section) { global $Language,$role_vals; // // Optimization - save array so it is only built once per page view // if (!isset($role_vals[$section])) { for ($i=0; $i<count($this->role_values[$section]); $i++) { // // Build an associative array of these key values + localized description // $role_vals[$section][$this->role_values[$section][$i]]=$Language->getText('rbac_vals',"$section".$this->role_values[$section][$i]); } } return $role_vals[$section]; } /** * getVal - get a value out of the array of settings for this role. * * @param string The name of the role. * @param integer The ref_id (ex: group_artifact_id, group_forum_id) for this item. * @return integer The value of this item. */ function getVal($section,$ref_id) { global $role_default_array; if (!$ref_id) { $ref_id=0; } return $this->setting_array[$section][$ref_id]; } /** * update - update a new in the database. * * @param string The name of the role. * @param array A multi-dimensional array of data in this format: $data['section_name']['ref_id']=$val * @return boolean True on success or false on failure. */ function update($role_name,$data) { global $SYS; // // Cannot update role_id=1 // if ($this->getID() == 1) { $this->setError('Cannot Update Default Role'); return false; } $perm =& $this->Group->getPermission( session_get_user() ); if (!$perm || !is_object($perm) || $perm->isError() || !$perm->isAdmin()) { $this->setPermissionDeniedError(); return false; } db_begin(); if ($this->getName() != stripslashes($role_name)) { $sql="UPDATE role SET role_name='".htmlspecialchars($role_name)."' WHERE group_id='".$this->Group->getID()."' AND role_id='".$this->getID()."'"; //echo "\n<br>$sql"; $res=db_query($sql); if (!$res || db_affected_rows($res) < 1) { $this->setError('update::name::'.db_error()); db_rollback(); return false; } } ////$data['section_name']['ref_id']=$val $arr1 = array_keys($data); for ($i=0; $i<count($arr1); $i++) { // array_values($Report->adjust_days) $arr2 = array_keys($data[$arr1[$i]]); for ($j=0; $j<count($arr2); $j++) { $usection_name=$arr1[$i]; $uref_id=$arr2[$j]; $uvalue=$data[$usection_name][$uref_id]; if (!$uref_id) { $uref_id=0; } if (!$uvalue) { $uvalue=0; } // // See if this setting changed. If so, then update it // // if ($this->getVal($usection_name,$uref_id) != $uvalue) { $sql="UPDATE role_setting SET value='$uvalue' WHERE role_id='".$this->getID()."' AND section_name='$usection_name' AND ref_id='$uref_id'"; //echo "\n<br>$sql"; $res=db_query($sql); if (!$res || db_affected_rows($res) < 1) { $sql="INSERT INTO role_setting (role_id,section_name,ref_id,value) values ('".$this->getID()."','$usection_name', '$uref_id','$uvalue')"; //echo "\n<br>$sql"; $res=db_query($sql); if (!$res) { $this->setError('update::rolesettinginsert::'.db_error()); db_rollback(); return false; } } if ($usection_name == 'frs') { $update_usergroup=true; } elseif ($usection_name == 'scm') { //$update_usergroup=true; //iterate all users with this role $res=db_query("SELECT user_id FROM user_group WHERE role_id='".$this->getID()."'"); for ($z=0; $z<db_numrows($res); $z++) { //TODO - Shell should be separate flag // If user acquired admin access to CVS, // one to be given normal shell on CVS machine, // else - restricted. // $cvs_flags=$data['scm'][0]; $sql="UPDATE user_group SET cvs_flags=".$cvs_flags." WHERE user_id=".db_result($res,$z,'user_id')." AND role_id=".$this->getID(); //echo '<h1>'.$data['scm'][0].'::'.$sql.'</h1>'; $res2=db_query($sql); if (!$res2) { $this->setError('update::scm::'.db_error()); db_rollback(); return false; } // I have doubt the following is usefull // This is probably buggy if used if ($cvs_flags>1) { if (!$SYS->sysUserSetAttribute($user_id,"debGforgeCvsShell","/bin/bash")) { $this->setError($SYS->getErrorMessage()); db_rollback(); return false; } } else { if (!$SYS->sysUserSetAttribute($user_id,"debGforgeCvsShell","/bin/cvssh")) { $this->setError($SYS->getErrorMessage()); db_rollback(); return false; } } // // If user acquired at least commit access to CVS, // one to be promoted to CVS group, else, demoted. // if ($uvalue>0) { if (!$SYS->sysGroupAddUser($this->Group->getID(),db_result($res,$z,'user_id'),1)) { $this->setError($SYS->getErrorMessage()); db_rollback(); return false; } } else { if (!$SYS->sysGroupRemoveUser($this->Group->getID(),db_result($res,$z,'user_id'),1)) { $this->setError($SYS->getErrorMessage()); db_rollback(); return false; } } } // // If we decide to use a "RBAC Group" to define template roles // The next 3 items will have to be modified to remap IDs for each project // // // Forum // } elseif ($usection_name == 'forum') { $sql="UPDATE forum_perm SET perm_level='$uvalue' WHERE group_forum_id='$uref_id' AND user_id IN (SELECT ug.user_id FROM user_group ug, forum_group_list fgl, forum_perm fp WHERE ug.role_id='".$this->getID()."' AND ug.group_id=fgl.group_id AND fgl.group_forum_id='$uref_id' AND ug.user_id=fp.user_id AND fp.group_forum_id=fgl.group_forum_id)"; //echo "\n<br>$sql"; $res=db_query($sql); if (!$res) { $this->setError('update::forum::'.db_error()); db_rollback(); return false; } } elseif ($usection_name == 'pm') { $sql="UPDATE project_perm SET perm_level='$uvalue' WHERE group_project_id='$uref_id' AND user_id IN (SELECT ug.user_id FROM user_group ug, project_group_list pgl, project_perm pp WHERE ug.role_id='".$this->getID()."' AND ug.group_id=pgl.group_id AND pgl.group_project_id='$uref_id' AND ug.user_id=pp.user_id AND pp.group_project_id=pgl.group_project_id)"; //echo "\n<br>$sql"; $res=db_query($sql); if (!$res) { $this->setError('update::pm::'.db_error()); db_rollback(); return false; } } elseif ($usection_name == 'tracker') { $sql="UPDATE artifact_perm SET perm_level='$uvalue' WHERE group_artifact_id='$uref_id' AND user_id IN (SELECT ug.user_id FROM user_group ug, artifact_group_list agl, artifact_perm ap WHERE ug.role_id='".$this->getID()."' AND ug.group_id=agl.group_id AND agl.group_artifact_id='$uref_id' AND ug.user_id=ap.user_id AND agl.group_artifact_id=ap.group_artifact_id)"; //echo "\n<br>$sql"; $res=db_query($sql); if (!$res) { $this->setError('update::tracker::'.db_error()); db_rollback(); return false; } } elseif ($usection_name == 'docman') { $update_usergroup=true; } elseif ($usection_name == 'forumadmin') { $update_usergroup=true; } elseif ($usection_name == 'trackeradmin') { $update_usergroup=true; } elseif ($usection_name == 'projectadmin') { $update_usergroup=true; } elseif ($usection_name == 'pmadmin') { $update_usergroup=true; } // } } } // if ($update_usergroup) { $sql="UPDATE user_group SET admin_flags='".$data['projectadmin'][0]."', forum_flags='".$data['forumadmin'][0]."', project_flags='".$data['pmadmin'][0]."', doc_flags='".$data['docman'][0]."', cvs_flags='".$data['scm'][0]."', release_flags='".$data['frs'][0]."', artifact_flags='".$data['trackeradmin'][0]."' WHERE role_id='".$this->getID()."'"; //echo "\n<br>$sql"; $res=db_query($sql); if (!$res) { $this->setError('update::usergroup::'.db_error()); db_rollback(); return false; } // } db_commit(); $this->fetchData($this->getID()); return true; } function setUser($user_id) { global $SYS; $perm =& $this->Group->getPermission( session_get_user() ); if (!$perm || !is_object($perm) || $perm->isError() || !$perm->isAdmin()) { $this->setPermissionDeniedError(); return false; } db_begin(); // // See if role is actually changing // $res=db_query("SELECT role_id FROM user_group WHERE user_id='$user_id' AND group_id='".$this->Group->getID()."'"); $old_roleid=db_result($res,0,0); if ($this->getID() == $old_roleid) { db_commit(); return true; } // // Get the old role so we can compare new values to old // $oldrole= new Role($this->Group,$old_roleid); if (!$oldrole || !is_object($oldrole) || $oldrole->isError()) { $this->setError($oldrole->getErrorMessage()); db_rollback(); return false; } // // Iterate each setting to see if it's changing // If not, no sense updating it // $arr1 = array_keys($this->setting_array); for ($i=0; $i<count($arr1); $i++) { // array_values($Report->adjust_days) $arr2 = array_keys($this->setting_array[$arr1[$i]]); for ($j=0; $j<count($arr2); $j++) { $usection_name=$arr1[$i]; $uref_id=$arr2[$j]; $uvalue=$this->setting_array[$usection_name][$uref_id]; if (!$uref_id) { $uref_id=0; } if (!$uvalue) { $uvalue=0; } // // See if this setting changed. If so, then update it // // if (($this->getVal($usection_name,$uref_id) != $oldrole->getVal($usection_name,$uref_id)) || ($old_roleid == 1)) { if ($usection_name == 'frs') { $update_usergroup=true; } elseif ($usection_name == 'scm') { //TODO - Shell should be separate flag // If user acquired admin access to CVS, // one to be given normal shell on CVS machine, // else - restricted. // $cvs_flags=$this->getVal('scm',0); $sql="UPDATE user_group SET cvs_flags=".$cvs_flags." WHERE user_id=".$user_id." AND group_id='".$this->Group->getID()."'"; //echo '<h1>'.$cvs_flags.'::'.$sql.'</h1>'; $res2=db_query($sql); if (!$res2) { $this->setError('update::scm::'.db_error()); db_rollback(); return false; } // I have doubt the following is usefull // This is probably buggy if used if ($cvs_flags>1) { if (!$SYS->sysUserSetAttribute($user_id,"debGforgeCvsShell","/bin/bash")) { $this->setError($SYS->getErrorMessage()); db_rollback(); return false; } } else { if (!$SYS->sysUserSetAttribute($user_id,"debGforgeCvsShell","/bin/cvssh")) { $this->setError($SYS->getErrorMessage()); db_rollback(); return false; } } // // If user acquired at least commit access to CVS, // one to be promoted to CVS group, else, demoted. // When we add the user we also check he has a shell as a group member // When we remove we only check for SCM (cvs_only=1) // if ($uvalue>0) { //echo "<h3>Role::setUser SYS->sysGroupAddUser(".$this->Group->getID().",$user_id,1)</h3>"; if (!$SYS->sysGroupAddUser($this->Group->getID(),$user_id,0)) { $this->setError($SYS->getErrorMessage()); db_rollback(); return false; } } else { //echo "<h3>Role::setUser SYS->sysGroupRemoveUser(".$this->Group->getID().",$user_id,1)</h3>"; if (!$SYS->sysGroupRemoveUser($this->Group->getID(),$user_id,1)) { $this->setError($SYS->getErrorMessage()); db_rollback(); return false; } } // // If we decide to use a "RBAC Group" to define template roles // The next 3 items will have to be modified to remap IDs for each project // // // Forum // } elseif ($usection_name == 'forum') { $sql="UPDATE forum_perm SET perm_level='$uvalue' WHERE group_forum_id='$uref_id' AND user_id='$user_id'"; //echo "\n<br>$sql"; $res=db_query($sql); if (!$res) { $this->setError('update::forum::'.db_error()); db_rollback(); return false; } } elseif ($usection_name == 'pm') { $sql="UPDATE project_perm SET perm_level='$uvalue' WHERE group_project_id='$uref_id' AND user_id='$user_id'"; //echo "\n<br>$sql"; $res=db_query($sql); if (!$res) { $this->setError('update::pm::'.db_error()); db_rollback(); return false; } } elseif ($usection_name == 'tracker') { $sql="UPDATE artifact_perm SET perm_level='$uvalue' WHERE group_artifact_id='$uref_id' AND user_id='$user_id'"; //echo "\n<br>$sql"; $res=db_query($sql); if (!$res) { $this->setError('update::tracker::'.db_error()); db_rollback(); return false; } } elseif ($usection_name == 'docman') { $update_usergroup=true; } elseif ($usection_name == 'forumadmin') { $update_usergroup=true; } elseif ($usection_name == 'trackeradmin') { $update_usergroup=true; } elseif ($usection_name == 'projectadmin') { $update_usergroup=true; } elseif ($usection_name == 'pmadmin') { $update_usergroup=true; } // } } } // if ($update_usergroup) { $sql="UPDATE user_group SET admin_flags='".$this->getVal('projectadmin',0)."', forum_flags='".$this->getVal('forumadmin',0)."', project_flags='".$this->getVal('pmadmin',0)."', doc_flags='".$this->getVal('docman',0)."', cvs_flags='".$this->getVal('scm',0)."', release_flags='".$this->getVal('frs',0)."', artifact_flags='".$this->getVal('trackeradmin',0)."', role_id='".$this->getID()."' WHERE user_id='".$user_id."' AND group_id='".$this->Group->getID()."'"; //echo "\n<br>$sql"; $res=db_query($sql); if (!$res) { $this->setError('update::usergroup::'.db_error()); db_rollback(); return false; } // } db_commit(); return true; } } ?> root@fusionforge.org ViewVC Help Powered by ViewVC 1.0.0
