/**
* Does user have view access
*
* @param void
* @return boolean
*/
function canView(User $user)
{
if ($user->isAdministrator() || $user->isMemberOfOwnerCompany()) {
return true;
}
// if
if ($user->isProjectUser($this->getProject())) {
return true;
}
// if
return false;
}
/**
* Empty implementation of static method. Update tag permissions are check by the taggable
* object, not tag itself
*
* @param User $user
* @return boolean
*/
function canDelete(User $user)
{
$project = $this->getProject();
if (!$project instanceof Project || !$user->isProjectUser($this->getProject())) {
return false;
}
// if
$object = $this->getObject();
if ($object instanceof ProjectDataObject) {
return $user->isAdministrator();
}
// if
return false;
}
/**
* Check if specific user can comment this message
*
* @access public
* @param void
* @return boolean
*/
function canAddComment(User $user)
{
if (!$user->isProjectUser($this->getProject())) {
return false;
// user is on project
}
// if
if (!$user->isMemberOfOwnerCompany()) {
if ($this->isPrivate()) {
return false;
}
// if
if ($this->getIsLocked()) {
return false;
}
// if
}
// if
if (!$this->canManage($user)) {
return false;
}
// if
return true;
}
/**
* Can the user view this page
*
* @param mixed $user
* @return
*/
function canView(User $user)
{
return $user->isProjectUser($this->getProject());
}
/**
* Check if user can reorder tasks in this list
*
* @param User $user
* @return boolean
*/
function canReorderTasks(User $user)
{
if (!$user->isProjectUser($this->getProject())) {
return false;
// user is on project
}
// if
if ($user->isAdministrator()) {
return true;
// user is administrator or root
}
// if
if ($this->isPrivate() && !$user->isMemberOfOwnerCompany()) {
return false;
// user that is not member of owner company can't add task lists
}
// if
return $this->canManage($user, $this->getProject());
}
/**
* Check if specific user can delete this time
*
* @access public
* @param User $user
* @return boolean
*/
function canDelete(User $user)
{
if (!$user->isProjectUser($this->getProject())) {
return false;
}
if ($user->isAdministrator()) {
return true;
}
return false;
}
/**
* Check if specific user can delete this comment
*
* @access public
* @param User $user
* @return boolean
*/
function canDelete(User $user)
{
if ($user->isAdministrator()) {
return true;
}
// if
if (!$user->isProjectUser($this->getProject())) {
return false;
}
// if
if (!$this->canManage(logged_user())) {
return false;
// user don't have access to this project or can't manage files
}
// if
if ($this->isPrivate() && !$user->isMemberOfOwnerCompany()) {
return false;
// reserved only for members of owner company
}
// if
return true;
}
/**
* Can the user edit this revision
*
* @param mixed User object
* @return (bool)
*/
function canEdit(User $user)
{
// Is the user a member of the owner company, or an admin?
return $user->isAdministrator() || $user->isMemberOfOwnerCompany() || $user->isProjectUser(active_project());
}
/**
* Check if specific user can delete this comment
*
* @access public
* @param User $user
* @return boolean
*/
function canDelete(User $user)
{
if (!$user->isProjectUser($this->getProject())) {
return false;
}
return $user->isAdministrator() || $this->canManage($user);
}
/**
* Check if specific user can comment on this object
*
* @param User $user
* @return boolean
* @throws InvalidInstanceError if $user is not instance of User or AnonymousUser
*/
function canComment($user)
{
if (!$user instanceof User && !$user instanceof AnonymousUser) {
throw new InvalidInstanceError('user', $user, 'User or AnonymousUser');
}
// if
// Access permissions
if ($user instanceof User) {
if ($user->isAdministrator()) {
return true;
}
// admins have all the permissions
$project = $this->getProject();
if (!$project instanceof Project) {
return false;
}
if (!$user->isProjectUser($project)) {
return false;
// not a project member
}
}
// if
if (!$this->isCommentable()) {
return false;
}
if ($this->columnExists('comments_enabled') && !$this->getCommentsEnabled()) {
return false;
}
if ($user instanceof AnonymousUser) {
if ($this->columnExists('anonymous_comments_enabled') && !$this->getAnonymousCommentsEnabled()) {
return false;
}
}
// if
return true;
}
/**
* Does user have permission to add
*
* @param void
* @return null
*/
function canAdd(User $user, Project $project)
{
trace(__FILE__, 'canAdd()');
if (!$user->isProjectUser($project)) {
return false;
}
if ($user->isAdministrator()) {
return true;
}
return $user->getProjectPermission($project, PermissionManager::CAN_MANAGE_FILES);
}
/**
* Check if specific user can delete this task
*
* @access public
* @param User $user
* @return boolean
*/
function canDelete(User $user)
{
if (!$user->isProjectUser($this->getProject())) {
return false;
}
// if
if ($user->isAdministrator()) {
return true;
}
// if
$task_list = $this->getTaskList();
return $task_list instanceof ProjectTaskList ? $task_list->canDelete($user) : false;
}
/**
* Check if specific user can delete this <!--category-->
*
* @param User $user
* @return boolean
*/
function canDelete(User $user)
{
if (!$user->isProjectUser($this->getProject())) {
return false;
// user is on project
}
// if
if ($user->isAdministrator()) {
return true;
// user is administrator or root
}
// if
return $user->getProjectPermission($this->getProject(), ProjectTicket::CAN_MANAGE_TICKETS);
}
/**
* Check if specific user can delete this messages
*
* @access public
* @param User $user
* @return boolean
*/
function canDelete(User $user)
{
if (!$user->isProjectUser($this->getProject())) {
return false;
}
// user is on project
if ($user->isAdministrator()) {
return true;
}
// user is administrator or root
return false;
// no no
}
/**
* Check if specific user can delete this comment
*
* @access public
* @param User $user
* @return boolean
*/
function canDelete(User $user)
{
if ($user->isAdministrator()) {
return true;
// give access to admin
}
if (!$user->isProjectUser($this->getProject())) {
return false;
}
// if
$file = $this->getFile();
if (!$file instanceof ProjectFile) {
return false;
}
// if
if ($file->countRevisions() == 1) {
return false;
// this is the only file revision! it can't be deleted!
}
// if
return false;
}
/**
* Returns true if $user can view this milestone
*
* @param User $user
* @return boolean
*/
function canView(User $user)
{
if (!$user->isProjectUser($this->getProject())) {
return false;
}
if ($user->isAdministrator()) {
return true;
}
if ($this->isPrivate() && !$user->isMemberOfOwnerCompany()) {
return false;
}
return true;
}
function getProjectFromPath($path, User $user = null)
{
$parents = explode("/", $path);
$length = count($parents);
// Clean up the array for empty places
while ($parents[0] == "" && $length > 0) {
array_shift($parents);
$length = count($parents);
}
while ($length > 0 && $parents[$length - 1] == "") {
array_pop($parents);
$length = count($parents);
}
if ($length == 0) {
// ERROR
return null;
} else {
if ($length == 1) {
// Level one workspace
$name = $parents[0];
// Loof for top level project
$proj = Projects::findOne(array('conditions' => array('p2 = ? and `name` = ?', 0, $name)));
if (!$proj) {
if (!$user instanceof User) {
// Not checking permissions and project is not top level, so the path is invalid
return null;
} else {
// User might not have permissions over workspace parent and other ancestors.
// This means current user might see workspace $proj in the root while it is really not top level.
$projs = Projects::findAll(array('conditions' => array('`name` = ?', $name)));
if (!$projs) {
//No project by that name
return null;
} else {
// Iterate through all projects with that name
foreach ($projs as $ws) {
// If $user has no permissions over $ws, it is not what we are looking for
if ($user->isProjectUser($ws)) {
$is_candidate_project = true;
// Iterate through all ancestors to check permissions
foreach ($ws->getParentIds(false) as $ancestor_id) {
$ancestor = Projects::findById($ancestor_id);
if ($user->isProjectUser($ancestor)) {
// If user has permission over an ancestor, path is wrong
$is_candidate_project = false;
break;
}
//if
}
//foreach $ancestor
if ($is_candidate_project) {
// No permissions over ancestors
return $ws;
}
// if
}
// if
}
// foreach $project
// No project by that name should appear in the root
return null;
}
}
}
if ($user && (!$user instanceof User || !$user->isProjectUser($proj))) {
return null;
} else {
return $proj;
}
} else {
$currentName = array_pop($parents);
$length = count($parents);
$new_path = implode("/", $parents);
$parent = Projects::getProjectFromPath($new_path, $user);
if ($parent instanceof Project) {
$conditions = 'p' . $length . ' = ? and p' . ($length + 2) . ' = ? and `name` = ?';
$proj = Projects::findOne(array('conditions' => array($conditions, $parent->getId(), 0, $currentName)));
if ($user) {
//we are checking permissions
if ($proj && $user->isProjectUser($proj)) {
// User has permissions over workspace, found!
return $proj;
} else {
// child does not exist, or it exists and user has no permissions
// still have to check if there exists a descendant (child of child^n) with that name
// If we have permissions over that descendant and have no permissions for WS between, we found a valid WS
$conditions = 'p' . $length . ' = ? and `name` = ?';
$projs = Projects::findAll(array('conditions' => array($conditions, $parent->getId(), $currentName)));
if ($projs) {
//Iterate through all projects with that name
foreach ($projs as $ws) {
if ($user->isProjectUser($ws)) {
$is_candidate_project = true;
// Iterate through all ancestors to check permissions
$parent_depth = $parent->getDepth();
$ws_depth = $ws->getDepth(false);
$parent_ids = $ws->getParentIds(false);
// Iterate through all descendants of $parent and ancestors of $ws
for ($i = $parent_depth; $i < $ws_depth; $i++) {
$ancestor_id = $parent_ids[$i];
$ancestor = Projects::findById($ancestor_id);
if ($user->isProjectUser($ancestor)) {
// If user has permission over an ancestor, path is wrong
$is_candidate_project = false;
break;
}
//if
}
//foreach $ancestor
if ($is_candidate_project) {
// No permissions over ancestors
return $ws;
}
// if
}
// else: not interested in this project
}
} else {
// There is no project by that name
return null;
}
}
} else {
//user is null
//not checking permissions
if (!$proj instanceof Project) {
// project not found, wrong path
return null;
} else {
return $proj;
}
}
if (!$proj && $user == null) {
return null;
}
} else {
return null;
}
}
}
}
