public function __construct(PFUser $owner, $id, $url, $hostname, $name)
{
$this->id = $id;
$this->url = $url;
$this->hostname = $hostname;
$this->owner = $owner;
$this->name = $name;
$this->ssh_key = $owner->getAuthorizedKeysRaw() ? $owner->getAuthorizedKeysRaw() : '';
$this->owner_name = $owner->getName();
$this->owner_id = $owner->getId();
}
/**
* Test if given url is restricted for user
*
* @param PFUser $user
* @param Url $url
* @param Array $request_uri
* @param Array $script_name
*
* @return Boolean False if user not allowed to see the content
*/
protected function restrictedUserCanAccessUrl($user, $url, $request_uri, $script_name)
{
// This assume that we already checked that project is accessible to restricted prior to function call.
// Hence, summary page is ALWAYS accessible
if ($script_name === '/projects') {
return true;
}
$group_id = isset($GLOBALS['group_id']) ? $GLOBALS['group_id'] : $url->getGroupIdFromUrl($request_uri);
// Make sure the URI starts with a single slash
$req_uri = '/' . trim($request_uri, "/");
$user_is_allowed = false;
/* Examples of input params:
Script: /projects, Uri=/projects/ljproj/
Script: /survey/index.php, Uri=/survey/?group_id=101
Script: /project/admin/index.php, Uri=/project/admin/?group_id=101
Script: /tracker/index.php, Uri=/tracker/index.php?group_id=101
Script: /tracker/index.php, Uri=/tracker/?func=detail&aid=14&atid=101&group_id=101
*/
// Restricted users cannot access any page belonging to a project they are not a member of.
// In addition, the following URLs are forbidden (value overriden in site-content file)
$forbidden_url = array('/snippet', '/new/', '/people/', '/stats', '/top', '/project/register.php', '/export', '/info.php');
// Default values are very restrictive, but they can be overriden in the site-content file
// Default support project is project 1.
$allow_welcome_page = false;
// Allow access to welcome page
$allow_news_browsing = false;
// Allow restricted users to read/comment news, including for their project
$allow_user_browsing = false;
// Allow restricted users to access other user's page (Developer Profile)
$allow_access_to_project_forums = array(1);
// Support project help forums are accessible through the 'Discussion Forums' link
$allow_access_to_project_trackers = array(1);
// Support project trackers are used for support requests
$allow_access_to_project_docs = array(1);
// Support project documents and wiki (Note that the User Guide is always accessible)
$allow_access_to_project_mail = array(1);
// Support project mailing lists (Developers Channels)
$allow_access_to_project_frs = array(1);
// Support project file releases
$allow_access_to_project_refs = array(1);
// Support project references
$allow_access_to_project_news = array(1);
// Support project news
$allow_access_to_project_trackers_v5 = array(1);
//Support project trackers v5 are used for support requests
// List of fully public projects (same access for restricted and unrestricted users)
// Customizable security settings for restricted users:
include $GLOBALS['Language']->getContent('include/restricted_user_permissions', 'en_US');
// End of customization
// For convenient reasons, admin can customize those variables as arrays
// but for performances reasons we prefer to use hashes (avoid in_array)
// so we transform array(101) => array(101=>0)
$allow_access_to_project_forums = array_flip($allow_access_to_project_forums);
$allow_access_to_project_trackers = array_flip($allow_access_to_project_trackers);
$allow_access_to_project_docs = array_flip($allow_access_to_project_docs);
$allow_access_to_project_mail = array_flip($allow_access_to_project_mail);
$allow_access_to_project_frs = array_flip($allow_access_to_project_frs);
$allow_access_to_project_refs = array_flip($allow_access_to_project_refs);
$allow_access_to_project_news = array_flip($allow_access_to_project_news);
$allow_access_to_project_trackers_v5 = array_flip($allow_access_to_project_trackers_v5);
foreach ($forbidden_url as $str) {
$pos = strpos($req_uri, $str);
if ($pos === false) {
// Not found
} else {
if ($pos == 0) {
// beginning of string
return false;
}
}
}
// Welcome page
if (!$allow_welcome_page) {
$sc_name = '/' . trim($script_name, "/");
if ($sc_name == '/index.php') {
return false;
}
}
//Forbid search unless it's on a tracker
if (strpos($req_uri, '/search') === 0 && isset($_REQUEST['type_of_search']) && $_REQUEST['type_of_search'] == 'tracker') {
return true;
} elseif (strpos($req_uri, '/search') === 0) {
return false;
}
// Forbid access to other user's page (Developer Profile)
if (strpos($req_uri, '/users/') === 0 && !$allow_user_browsing) {
if ($req_uri != '/users/' . $user->getName() && $req_uri != '/users/' . $user->getName() . '/avatar.png') {
return false;
}
}
// Forum and news. Each published news is a special forum of project 'news'
if (strpos($req_uri, '/news/') === 0 && isset($allow_access_to_project_news[$group_id])) {
$user_is_allowed = true;
}
if (strpos($req_uri, '/news/') === 0 && $allow_news_browsing) {
$user_is_allowed = true;
}
if (strpos($req_uri, '/forum/') === 0 && isset($allow_access_to_project_forums[$group_id])) {
$user_is_allowed = true;
}
// Codendi trackers
if (strpos($req_uri, '/tracker/') === 0 && isset($allow_access_to_project_trackers[$group_id])) {
$user_is_allowed = true;
}
// Trackers v5
if (strpos($req_uri, '/plugins/tracker/') === 0 && isset($allow_access_to_project_trackers_v5[$group_id])) {
$user_is_allowed = true;
}
// Codendi documents and wiki
if ((strpos($req_uri, '/docman/') === 0 || strpos($req_uri, '/plugins/docman/') === 0 || strpos($req_uri, '/wiki/') === 0) && isset($allow_access_to_project_docs[$group_id])) {
$user_is_allowed = true;
}
// Codendi mailing lists page
if (strpos($req_uri, '/mail/') === 0 && isset($allow_access_to_project_mail[$group_id])) {
$user_is_allowed = true;
}
// Codendi file releases
if (strpos($req_uri, '/file/') === 0 && isset($allow_access_to_project_frs[$group_id])) {
$user_is_allowed = true;
}
// References
if (strpos($req_uri, '/goto') === 0 && isset($allow_access_to_project_refs[$group_id])) {
$user_is_allowed = true;
}
if (!$user_is_allowed) {
$this->getEventManager()->processEvent(Event::IS_SCRIPT_HANDLED_FOR_RESTRICTED, array('allow_restricted' => &$user_is_allowed, 'user' => $user, 'uri' => $script_name));
}
if ($group_id && !$user_is_allowed) {
if (in_array($group_id, ForgeConfig::getSuperPublicProjectsFromRestrictedFile())) {
return true;
}
return false;
}
return true;
}
/**
* Send mail to administrators with the apropriate subject and body
*
* @param Project $project
* @param PFUser $user
* @param String $urlData
* @param String $hrefApproval
* @param String $messageToAdmin
*/
function sendMail($project, $user, $urlData, $hrefApproval, $messageToAdmin)
{
$mail = new Mail();
//to
$adminList = $this->extractReceiver($project, $urlData);
$admins = array_unique($adminList['admins']);
$to = implode(',', $admins);
$mail->setTo($to);
//from
$from = $user->getEmail();
$hdrs = 'From: ' . $from . "\n";
$mail->setFrom($from);
$mail->setSubject($GLOBALS['Language']->getText($this->getTextBase(), 'mail_subject_' . $this->getType(), array($project->getPublicName(), $user->getRealName())));
$link = $this->getRedirectLink($urlData, $GLOBALS['Language']);
$body = $GLOBALS['Language']->getText($this->getTextBase(), 'mail_content_' . $this->getType(), array($user->getRealName(), $user->getName(), $link, $project->getPublicName(), $hrefApproval, $messageToAdmin, $user->getEmail()));
if ($adminList['status'] == false) {
$body .= "\n\n" . $GLOBALS['Language']->getText($this->getTextBase(), 'mail_content_unvalid_ugroup', array($project->getPublicName()));
}
$mail->setBody($body);
if (!$mail->send()) {
exit_error($GLOBALS['Language']->getText('global', 'error'), $GLOBALS['Language']->getText('global', 'mail_failed', array($GLOBALS['sys_email_admin'])));
}
$GLOBALS['Response']->addFeedback('info', $GLOBALS['Language']->getText('include_exit', 'request_sent'), CODENDI_PURIFIER_DISABLED);
$GLOBALS['Response']->redirect('/my');
exit;
}
public function username_is_in_lowercase()
{
return strtolower($this->user->getName()) === $this->user->getName();
}
/**
* Return SVN path the user is not allowed to see
*
* @param PFUser $user
*
* @return string
*/
protected function getForbiddenPaths(PFUser $user)
{
$forbidden = svn_utils_get_forbidden_paths($user->getName(), $this->project->getSVNRootPath());
$where_forbidden = "";
foreach ($forbidden as $no_access => $v) {
$where_forbidden .= " AND svn_dirs.dir not like '" . db_es(substr($no_access, 1)) . "%'";
}
return $where_forbidden;
}
/**
* Get a link on user profile with name according to user prefs.
*
* @param PFUser $user User object
*
* @return String
*/
public function getLinkOnUser(PFUser $user)
{
$hp = Codendi_HTMLPurifier::instance();
if ($user && !$user->isNone()) {
return '<a href="/users/' . urlencode($user->getName()) . '">' . $hp->purify($this->getDisplayNameFromUser($user), CODENDI_PURIFIER_CONVERT_HTML) . '</a>';
} else {
$username = $user ? $user->getName() : '';
return $hp->purify($username, CODENDI_PURIFIER_CONVERT_HTML);
}
}
public function __construct(PFUser $user)
{
$message = "User " . $user->getName() . " is not admin of the agiledashboard";
parent::__construct($message);
}
public function getUserUrl(PFUser $user)
{
return "/users/" . urlencode($user->getName());
}
