public function __construct(PFUser $owner, $id, $url, $hostname, $name) { $this->id = $id; $this->url = $url; $this->hostname = $hostname; $this->owner = $owner; $this->name = $name; $this->ssh_key = $owner->getAuthorizedKeysRaw() ? $owner->getAuthorizedKeysRaw() : ''; $this->owner_name = $owner->getName(); $this->owner_id = $owner->getId(); }
/** * Test if given url is restricted for user * * @param PFUser $user * @param Url $url * @param Array $request_uri * @param Array $script_name * * @return Boolean False if user not allowed to see the content */ protected function restrictedUserCanAccessUrl($user, $url, $request_uri, $script_name) { // This assume that we already checked that project is accessible to restricted prior to function call. // Hence, summary page is ALWAYS accessible if ($script_name === '/projects') { return true; } $group_id = isset($GLOBALS['group_id']) ? $GLOBALS['group_id'] : $url->getGroupIdFromUrl($request_uri); // Make sure the URI starts with a single slash $req_uri = '/' . trim($request_uri, "/"); $user_is_allowed = false; /* Examples of input params: Script: /projects, Uri=/projects/ljproj/ Script: /survey/index.php, Uri=/survey/?group_id=101 Script: /project/admin/index.php, Uri=/project/admin/?group_id=101 Script: /tracker/index.php, Uri=/tracker/index.php?group_id=101 Script: /tracker/index.php, Uri=/tracker/?func=detail&aid=14&atid=101&group_id=101 */ // Restricted users cannot access any page belonging to a project they are not a member of. // In addition, the following URLs are forbidden (value overriden in site-content file) $forbidden_url = array('/snippet', '/new/', '/people/', '/stats', '/top', '/project/register.php', '/export', '/info.php'); // Default values are very restrictive, but they can be overriden in the site-content file // Default support project is project 1. $allow_welcome_page = false; // Allow access to welcome page $allow_news_browsing = false; // Allow restricted users to read/comment news, including for their project $allow_user_browsing = false; // Allow restricted users to access other user's page (Developer Profile) $allow_access_to_project_forums = array(1); // Support project help forums are accessible through the 'Discussion Forums' link $allow_access_to_project_trackers = array(1); // Support project trackers are used for support requests $allow_access_to_project_docs = array(1); // Support project documents and wiki (Note that the User Guide is always accessible) $allow_access_to_project_mail = array(1); // Support project mailing lists (Developers Channels) $allow_access_to_project_frs = array(1); // Support project file releases $allow_access_to_project_refs = array(1); // Support project references $allow_access_to_project_news = array(1); // Support project news $allow_access_to_project_trackers_v5 = array(1); //Support project trackers v5 are used for support requests // List of fully public projects (same access for restricted and unrestricted users) // Customizable security settings for restricted users: include $GLOBALS['Language']->getContent('include/restricted_user_permissions', 'en_US'); // End of customization // For convenient reasons, admin can customize those variables as arrays // but for performances reasons we prefer to use hashes (avoid in_array) // so we transform array(101) => array(101=>0) $allow_access_to_project_forums = array_flip($allow_access_to_project_forums); $allow_access_to_project_trackers = array_flip($allow_access_to_project_trackers); $allow_access_to_project_docs = array_flip($allow_access_to_project_docs); $allow_access_to_project_mail = array_flip($allow_access_to_project_mail); $allow_access_to_project_frs = array_flip($allow_access_to_project_frs); $allow_access_to_project_refs = array_flip($allow_access_to_project_refs); $allow_access_to_project_news = array_flip($allow_access_to_project_news); $allow_access_to_project_trackers_v5 = array_flip($allow_access_to_project_trackers_v5); foreach ($forbidden_url as $str) { $pos = strpos($req_uri, $str); if ($pos === false) { // Not found } else { if ($pos == 0) { // beginning of string return false; } } } // Welcome page if (!$allow_welcome_page) { $sc_name = '/' . trim($script_name, "/"); if ($sc_name == '/index.php') { return false; } } //Forbid search unless it's on a tracker if (strpos($req_uri, '/search') === 0 && isset($_REQUEST['type_of_search']) && $_REQUEST['type_of_search'] == 'tracker') { return true; } elseif (strpos($req_uri, '/search') === 0) { return false; } // Forbid access to other user's page (Developer Profile) if (strpos($req_uri, '/users/') === 0 && !$allow_user_browsing) { if ($req_uri != '/users/' . $user->getName() && $req_uri != '/users/' . $user->getName() . '/avatar.png') { return false; } } // Forum and news. Each published news is a special forum of project 'news' if (strpos($req_uri, '/news/') === 0 && isset($allow_access_to_project_news[$group_id])) { $user_is_allowed = true; } if (strpos($req_uri, '/news/') === 0 && $allow_news_browsing) { $user_is_allowed = true; } if (strpos($req_uri, '/forum/') === 0 && isset($allow_access_to_project_forums[$group_id])) { $user_is_allowed = true; } // Codendi trackers if (strpos($req_uri, '/tracker/') === 0 && isset($allow_access_to_project_trackers[$group_id])) { $user_is_allowed = true; } // Trackers v5 if (strpos($req_uri, '/plugins/tracker/') === 0 && isset($allow_access_to_project_trackers_v5[$group_id])) { $user_is_allowed = true; } // Codendi documents and wiki if ((strpos($req_uri, '/docman/') === 0 || strpos($req_uri, '/plugins/docman/') === 0 || strpos($req_uri, '/wiki/') === 0) && isset($allow_access_to_project_docs[$group_id])) { $user_is_allowed = true; } // Codendi mailing lists page if (strpos($req_uri, '/mail/') === 0 && isset($allow_access_to_project_mail[$group_id])) { $user_is_allowed = true; } // Codendi file releases if (strpos($req_uri, '/file/') === 0 && isset($allow_access_to_project_frs[$group_id])) { $user_is_allowed = true; } // References if (strpos($req_uri, '/goto') === 0 && isset($allow_access_to_project_refs[$group_id])) { $user_is_allowed = true; } if (!$user_is_allowed) { $this->getEventManager()->processEvent(Event::IS_SCRIPT_HANDLED_FOR_RESTRICTED, array('allow_restricted' => &$user_is_allowed, 'user' => $user, 'uri' => $script_name)); } if ($group_id && !$user_is_allowed) { if (in_array($group_id, ForgeConfig::getSuperPublicProjectsFromRestrictedFile())) { return true; } return false; } return true; }
/** * Send mail to administrators with the apropriate subject and body * * @param Project $project * @param PFUser $user * @param String $urlData * @param String $hrefApproval * @param String $messageToAdmin */ function sendMail($project, $user, $urlData, $hrefApproval, $messageToAdmin) { $mail = new Mail(); //to $adminList = $this->extractReceiver($project, $urlData); $admins = array_unique($adminList['admins']); $to = implode(',', $admins); $mail->setTo($to); //from $from = $user->getEmail(); $hdrs = 'From: ' . $from . "\n"; $mail->setFrom($from); $mail->setSubject($GLOBALS['Language']->getText($this->getTextBase(), 'mail_subject_' . $this->getType(), array($project->getPublicName(), $user->getRealName()))); $link = $this->getRedirectLink($urlData, $GLOBALS['Language']); $body = $GLOBALS['Language']->getText($this->getTextBase(), 'mail_content_' . $this->getType(), array($user->getRealName(), $user->getName(), $link, $project->getPublicName(), $hrefApproval, $messageToAdmin, $user->getEmail())); if ($adminList['status'] == false) { $body .= "\n\n" . $GLOBALS['Language']->getText($this->getTextBase(), 'mail_content_unvalid_ugroup', array($project->getPublicName())); } $mail->setBody($body); if (!$mail->send()) { exit_error($GLOBALS['Language']->getText('global', 'error'), $GLOBALS['Language']->getText('global', 'mail_failed', array($GLOBALS['sys_email_admin']))); } $GLOBALS['Response']->addFeedback('info', $GLOBALS['Language']->getText('include_exit', 'request_sent'), CODENDI_PURIFIER_DISABLED); $GLOBALS['Response']->redirect('/my'); exit; }
public function username_is_in_lowercase() { return strtolower($this->user->getName()) === $this->user->getName(); }
/** * Return SVN path the user is not allowed to see * * @param PFUser $user * * @return string */ protected function getForbiddenPaths(PFUser $user) { $forbidden = svn_utils_get_forbidden_paths($user->getName(), $this->project->getSVNRootPath()); $where_forbidden = ""; foreach ($forbidden as $no_access => $v) { $where_forbidden .= " AND svn_dirs.dir not like '" . db_es(substr($no_access, 1)) . "%'"; } return $where_forbidden; }
/** * Get a link on user profile with name according to user prefs. * * @param PFUser $user User object * * @return String */ public function getLinkOnUser(PFUser $user) { $hp = Codendi_HTMLPurifier::instance(); if ($user && !$user->isNone()) { return '<a href="/users/' . urlencode($user->getName()) . '">' . $hp->purify($this->getDisplayNameFromUser($user), CODENDI_PURIFIER_CONVERT_HTML) . '</a>'; } else { $username = $user ? $user->getName() : ''; return $hp->purify($username, CODENDI_PURIFIER_CONVERT_HTML); } }
public function __construct(PFUser $user) { $message = "User " . $user->getName() . " is not admin of the agiledashboard"; parent::__construct($message); }
public function getUserUrl(PFUser $user) { return "/users/" . urlencode($user->getName()); }