/**
* Check membership of the user to a specified ugroup
* $group_id is necessary for automatic project groups like project member, release admin, etc.
* $atid is necessary for trackers since the tracker admin role is different for each tracker.
* @return true if user is member of the ugroup, false otherwise.
*/
function ugroup_user_is_member($user_id, $ugroup_id, $group_id, $atid = 0)
{
$um =& UserManager::instance();
$user =& $um->getUserById($user_id);
// Special Cases
if ($ugroup_id == $GLOBALS['UGROUP_NONE']) {
// Empty group
return false;
} else {
if ($ugroup_id == $GLOBALS['UGROUP_ANONYMOUS']) {
// Anonymous user
return true;
} else {
if ($ugroup_id == $GLOBALS['UGROUP_REGISTERED']) {
// Registered user
return $user_id != 0;
} else {
if ($ugroup_id == $GLOBALS['UGROUP_PROJECT_MEMBERS']) {
// Project members
if ($user->isMember($group_id)) {
return true;
}
} else {
if ($ugroup_id == $GLOBALS['UGROUP_FILE_MANAGER_ADMIN']) {
// File manager admins
if ($user->isMember($group_id, 'R2')) {
return true;
}
} else {
if ($ugroup_id == $GLOBALS['UGROUP_DOCUMENT_ADMIN']) {
// Document admin
if ($user->isMember($group_id, 'D2')) {
return true;
}
} else {
if ($ugroup_id == $GLOBALS['UGROUP_DOCUMENT_TECH']) {
// Document tech
if ($user->isMember($group_id, 'D1')) {
return true;
}
} else {
if ($ugroup_id == $GLOBALS['UGROUP_WIKI_ADMIN']) {
// Wiki admins
if ($user->isMember($group_id, 'W2')) {
return true;
}
} else {
if ($ugroup_id == $GLOBALS['UGROUP_PROJECT_ADMIN']) {
// Project admins
if ($user->isMember($group_id, 'A')) {
return true;
}
} else {
if ($ugroup_id == $GLOBALS['UGROUP_TRACKER_ADMIN']) {
// Tracker admins
$pm = ProjectManager::instance();
$group = $pm->getProject($group_id);
$at = new ArtifactType($group, $atid);
return $at->userIsAdmin($user_id);
} else {
// Normal ugroup
$sql = "SELECT * from ugroup_user where ugroup_id='{$ugroup_id}' and user_id='{$user_id}'";
$res = db_query($sql);
if (db_numrows($res) > 0) {
return true;
}
}
}
}
}
}
}
}
}
}
}
return false;
}
/**
* Check membership of the user to a specified ugroup
* $group_id is necessary for automatic project groups like project member, release admin, etc.
* $atid is necessary for trackers since the tracker admin role is different for each tracker.
* @return true if user is member of the ugroup, false otherwise.
*/
function ugroup_user_is_member($user_id, $ugroup_id, $group_id, $atid = 0)
{
$um = ugroup_get_user_manager();
$user =& $um->getUserById($user_id);
// Special Cases
if ($ugroup_id == $GLOBALS['UGROUP_NONE']) {
// Empty group
return false;
} else {
if ($ugroup_id == $GLOBALS['UGROUP_ANONYMOUS']) {
// Anonymous user
return true;
} else {
if ($ugroup_id == $GLOBALS['UGROUP_AUTHENTICATED']) {
// Registered user
return $user_id != 0;
} else {
if ($ugroup_id == $GLOBALS['UGROUP_REGISTERED'] && !ForgeConfig::areRestrictedUsersAllowed()) {
// Registered user
return $user_id != 0;
} else {
if ($ugroup_id == $GLOBALS['UGROUP_REGISTERED'] && ForgeConfig::areRestrictedUsersAllowed()) {
$user = UserManager::instance()->getUserById($user_id);
$called_script_handles_restricted = false;
$event_manager = EventManager::instance();
$script = isset($_SERVER['SCRIPT_NAME']) ? $_SERVER['SCRIPT_NAME'] : '';
$event_manager->processEvent(Event::IS_SCRIPT_HANDLED_FOR_RESTRICTED, array('allow_restricted' => &$called_script_handles_restricted, 'user' => $user, 'uri' => $script));
// Non-restricted user or restricted member in service that doesn't yet handle restricted users independently
return !$user->isRestricted() || !$called_script_handles_restricted;
} else {
if ($ugroup_id == $GLOBALS['UGROUP_PROJECT_MEMBERS']) {
// Project members
if ($user->isMember($group_id)) {
return true;
}
} else {
if ($ugroup_id == $GLOBALS['UGROUP_FILE_MANAGER_ADMIN']) {
// File manager admins
if ($user->isMember($group_id, 'R2')) {
return true;
}
} else {
if ($ugroup_id == $GLOBALS['UGROUP_DOCUMENT_ADMIN']) {
// Document admin
if ($user->isMember($group_id, 'D2')) {
return true;
}
} else {
if ($ugroup_id == $GLOBALS['UGROUP_DOCUMENT_TECH']) {
// Document tech
if ($user->isMember($group_id, 'D1')) {
return true;
}
} else {
if ($ugroup_id == $GLOBALS['UGROUP_WIKI_ADMIN']) {
// Wiki admins
if ($user->isMember($group_id, 'W2')) {
return true;
}
} else {
if ($ugroup_id == $GLOBALS['UGROUP_PROJECT_ADMIN']) {
// Project admins
if ($user->isMember($group_id, 'A')) {
return true;
}
} else {
if ($ugroup_id == $GLOBALS['UGROUP_TRACKER_ADMIN']) {
// Tracker admins
$pm = ProjectManager::instance();
$group = $pm->getProject($group_id);
$at = new ArtifactType($group, $atid);
return $at->userIsAdmin($user_id);
} else {
// Normal ugroup
$sql = "SELECT * from ugroup_user where ugroup_id='" . db_ei($ugroup_id) . "' and user_id='" . db_ei($user_id) . "'";
$res = db_query($sql);
if (db_numrows($res) > 0) {
return true;
}
}
}
}
}
}
}
}
}
}
}
}
}
return false;
}
/**
* Check if the current user is allowed to change permissions, depending on the permission_type
*
* @param Integer $group_id Id of the project
* @param String $permission_type Type of the permission
* @param Boolean $object_id Object on which permission is applied
*
* @return Boolean
*/
function permission_user_allowed_to_change($group_id, $permission_type, $object_id = 0)
{
// Super-user and project admin has all rights...
$user = UserManager::instance()->getCurrentUser();
if (user_is_super_user() || $user->isMember($group_id, 'A')) {
return true;
}
if ($permission_type == 'NEWS_READ') {
//special case : if user has write (or admin) perms on News, he can submit news ==> he can submit private news ==> he can define news perms
return user_ismember($group_id, 'N1') || user_ismember($group_id, 'N2');
} else {
if ($permission_type == 'PACKAGE_READ') {
return user_ismember($group_id, 'R2');
} else {
if ($permission_type == 'RELEASE_READ') {
return user_ismember($group_id, 'R2');
} else {
if ($permission_type == 'DOCGROUP_READ') {
return user_ismember($group_id, 'D2');
} else {
if ($permission_type == 'DOCUMENT_READ') {
return user_ismember($group_id, 'D2');
} else {
if ($permission_type == 'WIKI_READ') {
return user_ismember($group_id, 'W2');
} else {
if ($permission_type == 'WIKIPAGE_READ') {
return user_ismember($group_id, 'W2');
} else {
if ($permission_type == 'WIKIATTACHMENT_READ') {
return user_ismember($group_id, 'W2');
} else {
if (strpos($permission_type, 'TRACKER') === 0) {
// Starts with 'TRACKER'
$pm = ProjectManager::instance();
$group = $pm->getProject($group_id);
//The object_id stored in the permission table when permission_type ='TRACKER_ARTIFACT_ACCESS'
//corresponds to the artifact_id
if ($permission_type == 'TRACKER_ARTIFACT_ACCESS') {
$sql = 'SELECT group_artifact_id from artifact WHERE artifact_id = ' . db_ei($object_id);
$res = db_query($sql);
if ($res && db_numrows($res) == 1) {
$row = db_fetch_array($res);
$object_id = $row['group_artifact_id'];
} else {
return false;
}
}
$at = new ArtifactType($group, (int) $object_id);
return $at->userIsAdmin();
} else {
$em =& EventManager::instance();
$allowed = false;
$em->processEvent('permission_user_allowed_to_change', array('group_id' => $group_id, 'permission_type' => $permission_type, 'object_id' => $object_id, 'allowed' => &$allowed));
return $allowed;
}
}
}
}
}
}
}
}
}
}
